last executing test programs:

1m36.56582256s ago: executing program 2 (id=1059):
munlockall()

1m36.293160777s ago: executing program 2 (id=1062):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0)={<r2=>0x0, 0x0, 0x38d, 0x1000, 0x7, 0x5}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r2, 0x40, 0x80}, &(0x7f0000000180)=0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x50, r4, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe494}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xe3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xcbed}]}, 0x50}, 0x1, 0x0, 0x0, 0x82}, 0x4084)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
lseek(0xffffffffffffffff, 0x1, 0x1)
mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)

1m35.352454598s ago: executing program 2 (id=1070):
r0 = socket$key(0xf, 0x3, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r2 = openat$cgroup_devices(r1, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f0000000140)=ANY=[@ANYBLOB='b *:4\tw'], 0xa)
r3 = openat$cgroup_devices(r1, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f0000000280)={'b', ' *:* ', 'rm\x00'}, 0x9)
sendmsg$key(r0, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
timer_create(0x1, &(0x7f0000000080)={0x0, 0x1a, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000600)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r5 = memfd_create(&(0x7f00000000c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xee\f\x00\x00\x00\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfcQ\xe4)u\xb3\xa1s\xc3\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xab\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18\x00\x00\x00\x00\x00\x00\x00', 0x0)
ioctl$FS_IOC_RESVSP(r5, 0x402c5828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff00c}, {0x28, 0x0, 0x2}, {0x6, 0x0, 0x0, 0x2}]}, 0x8)
sendmmsg(r7, &(0x7f0000001c00), 0x400000000000159, 0x40840)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_FLUSH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x8804)
fstatfs(0xffffffffffffffff, &(0x7f00000003c0)=""/146)
syz_clone3(&(0x7f0000000000)={0x285002400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x46)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)

1m35.303357031s ago: executing program 2 (id=1072):
r0 = fsopen(&(0x7f0000000080)='pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x8e)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0xa00, 0x0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0})
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="5c00000014006b03c84e21008bf32c19021800f80200000044000200ac14140e05251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd77f6f60c1504bb9189d9193e9bd1c1b7800000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x8000)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
r6 = pidfd_getfd(r5, r5, 0x0)
r7 = open_tree(r6, &(0x7f0000000640)='\x00', 0x89901)
syz_emit_ethernet(0x1216, &(0x7f0000000580)={@link_local, @random='\x00\x00\t\x00', @void, {@ipv6={0x86dd, @generic={0x5, 0x6, "9f3e42", 0x11e0, 0x11, 0xff, @dev={0xfe, 0x80, '\x00', 0x1f}, @local, {[@fragment={0x2f, 0x0, 0x3, 0x0, 0x0, 0x17, 0x64}, @routing={0x3c, 0x2, 0x1, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}, @dstopts={0x33, 0x22, '\x00', [@pad1, @generic={0x10, 0xe6, "cc6438cb0b4a459e2fd983eae6a8dd433cd3a339cf10a07fe9eccbb16bb82da621f6536bb32127f2532a13de7d010e66aad00d953c7492d98a110bcdefe009d43d6cacd861c627645a6f919d2b442b7eefec3858b94a0cfbd6bdf337d64a9653af156373b710943102b62d2a9cbab4bd6c86c71fbd3fd269bee371b020c6c81d7985dd5039a58f3fe7d3ab510f8c3bbfe4df48df76ece4bdc5e5afe25da89224810e7966e7dac0235b89c26aa59538eb568fddd4de1c98fac56bb787c931c8e80dfc0e8d61d10e48a08d42407e9eeef22a36817dc2210517396c375ab357bcfea00cce47a125"}, @calipso={0x7, 0x28, {0x3, 0x8, 0x5, 0x5, [0x0, 0x8001, 0x43e8, 0x5]}}]}, @fragment={0xa0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x68}, @routing={0x16, 0x12, 0x0, 0x6, 0x0, [@private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x25}}, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @broadcast}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01']}], "f9dfd7b9844a4815878dc9dd11c066bfd0077732f979b9deaa03c1d3d31bd6abc9f52b371989138dfde2e8a69a975f7047f7009f4c9c0ac2303c120bf0685ad6c1b64d0b6a8dda732e22933d9d0deb59edf36779dc350c6d1f7f7fd9a7843a5f841ce98f16798f030984142c682da98a8d8155f81e9bc14187c142df6d00cc32e577cbc6149761e19b57862c527dbf6689ca215acd54f254c935804740fab706fe7890cc7f64eca1742a627dc5a2b109b7ede563a76c60742475c5663988570d521a0068caa00b4cf87dca3151a07530af5cab869cb85b407f1a64b5234a2cdab2fd980bb67727624028a6248616cc0eab1fc34b0342db386daa9b087a468b125eed505d97581e2a13384c7aed10c8988735536a920f5b54e2776ed3b14f2d129832ce9e9654e94a7bd548ec51c3070f04823f3733ef4706c4d42c7ff949acc3e3ff0894d14f5237edcdf6c7c85cef22f67ff6207428714b244fe95c5a1693c8aa2798f6b9c409b7bf2e0cba988b63833ffa09cd4cdc5e3ee6672da651ea3b23f0755c151b792584ab2d567bcbc38fa906c39364c1da02196864894e145f7acef3ea9b30a26ee1349548d46e3a6b303883c09a96e4b8d024fc28821f7b66af805059138a0c560963000319624c0cd1ba20e8876c2a6df8028d39e41b250030bbcc94076de43ad83c09feea1a2ed705a52379388a43e9d8a452a700ffcd378f7602891bc0e8ac89fffcb8d27fb94390d773ff8075000177c1e68d8feabe74f995958572bfff59638918fdb4ed9a54371f605e4a16ec75aa2c48c11821e5bd3558c2b0069926a0ac86ea9fa85114b73ce6f119a30d89e8840e8259545cbf534ee801ce387a6bbd3df9d9ed2cfb1dc1d563d02159917072a3b3bb8002e0d66f372c786a31225760695c20ce0dc73eb15a831af115a9b2263c55c0be3846e3269a516054cefdf29b4d313cfca1265bffb867c15a647865afdb01b414217cf274cab4556d50b10f73bcdaa91055eb4d25f03d02a5513125ce97912442e38762183eb632ebaf9b048c4e945a13653699e467ba85eeeed5c1d68fa17289452b14e5dd041db445b7ef308a4cceb524c5a17f404764e7ecc22c4821ae75c11e0c071150e2f173674a160b4e6f3fb0bee08b34a5a9f1410c0f775a9ae3a47cb3d838c72fe91df869018e13d8eb54efe59e37b1cce07785fb09db02d8193086a823989fc99ad342763a65a7139846ced4426c88ecd61e5538cb89c612207048c0de4a4ad46d959ebff0e65abc1e88036d54a3de7e3cafb8a165129f672e314c4d0710eb743e822385e7f8045e2a22b78501a3d24890d05675432663e672802559fc3cefc8638f5a511d3d6e679a2fc0cfb90856f80aaf5e3a9c8d6eb1a241d6b7a6d58848e1b25ebb6dab4a5343be7abdaf4bf2c2457ac550707606a5b7f8e3627a9513b35aa4201e9143a30b24e946f87f97451e61c4b84a2a70bf54867551d5a02b51ff90a07772f91935ab21b18e236b18d9cb70cb78df92b80f0edba924cce3e1bcef723df9aef04a4f97a4e18f97e1af3e6c52635583adea66b72b9355efb3d5c728ce6a9245e3b66402d4d10305626628773d9953b7773bdc69f925d6b993b7661d815b90143824ed502a1e24355b33826934cbdfb5ac65908605e0a0255211d93640ecb551c805be2552cdd99e62be4cd1665726300ed07c12e08477134555f1ba495f09d0e000635cc05fad2076bd12529884e8ebc190e022221b32a0a52840827174e18192fdf7cbd1714e9ef6572f0c63d2c8086d94e7a01301f6c1a0d5e643229a48c3420bc437e1b49a0abe7a4e7b75b5099984411fa4bf390bc3ebf462fa73ce14695a9d2d99fd97ca3c22c61c8e0236f2a997c7b0c6d06395168683568ffd5c7b14e41e06a368ef0e5a65c8487675602cce70c6d9f1092d27bbacc68d428906a90d72dd75b386e0b81a9032160e8cb55655722cd8127796f00f0d73b70b68b0019ece838a4ca8aae4b644c75c0f0fc2679f8b92bfd0f5a7d1fd6d22626c872d35e143bf3e7cdaf4c63f5d03ddbaadc6e8bf2dcaded856d976fd360188e7a5a8ce6096b6e31459af58b97fcd41c7d89e97d45aa71284cd08208c6bc09280e83744d8d11b4cffaa2688864483a67c3129164694316425fc1ebe55afe1cc6e8f8657af0072f212c3ca86f864731d771479108ce9a6f236b8060d9647ad42b20acf0627d6f3a8bad47f09c4cb41ed6caad109b1f6c94fcfdbd34f7012ab0ffd4161f26054e21af3854a21446178469c09c3adeb8aeac3be9b4c5189f0787ca21b967ebd1213d2fedb5026a752f2e5ef074251d37e3231fc28d7b55846e232a6af0427506ea7d8f9c406ba5b27e73f28d7e1909456dd9165f5cc76c89701b7ce4c087157eadb2963b2853eb3acab8eb4cfdcb0e3cca977690f2fe37914242bac24400bcb7591ccb3aa59dfd8635e79c680f960459c721fdd3a2f68eb71e6ebc22369b3d0f847f83da2f23d7bbfed2ac64bc8ecf03e62a151df4a4bda981dbae769e77bde4b5257b7f3d6bc2014fcb332c5b5b7667f7d85d3963adecb4d562e67d61d4af08c4d02b3956627835459ffdb36f2bac7b7b615cbd50620afed0bc35ee08b539cafee942040297245c841b772cf09695ff53c822ef47b0cc21a48bb68365286f0f74e22a57235560f033ff3f157242f02fe31b89137e613119cb5ec58be1cabac71abcc2f94f214d71f637034dda2adbf171e6ea85d5a1c40df7e763d8552f674b25d80fa540427db91df772c2e78d7e11ec3cc3391da40eb7a3aee18bb78ea23c0415dfe49c84a74ac2b33b8627b957df84da444499a68ed4c1b69e17682982ec826bec8871fe6adb3cdf5fa858a093e63b718ede474efab9e215ab1f381a92fb07cdf7c46a689a8de76d767ad51a6a8a9292bad9069d3f2229de359da94154d1d6392df83eef45e998e1e07066ef1a4979fd1cfbbb6f29344e6d9e7127bcb8ce204b5bff15e8d64329488f488f6d1e7ce1313913fff7f212694b046f927b969d2e84e45f97b74703538bfcfe247de6f96e984daac80cc9dbd45f1fec05d4c05f5a7ec8c1141abdf528921972ac7cea275c07ba703e36326822e60b195cf0302a13212f3f37e9f7eb8251b8000333d815f761c1b46a58d17540d8292c2ad36e9f4f0c2a884b78293dd5f2af65a0d4b6956f23e85d5ff219156ded2e3bc89cb0325d047694a04f690d48b4340c30716ef0b5a8bb394fde77dae6b9c4103f6e1f3198c1bcb7222279b572dd6298ea46475d927e6efab29209ecd0a22fba7b91d1c3a76ddd5066f4237519b6364523ad9b2bf3d40cc0febda654484504170b93eeaec8fdd74c1f931b2816eac25b0ff6c09ef8455950a3d382682ed7bf1dc03d51d3a25cb0667fb20931ddac775fbb08e38e657bbe480d747c1c6639f95ed2c376bbc999c1a41d30321f7bc2028f07b2503bc0a72c19332f098eb16e802227d647d900ae1bcd175282c683aa130bbfe2ff83f2461076fff41b9c6748e52d3872335cf811b8f519db5905747fed9b7f2af351bac82fa8f98c81e48cab8e81206b9bc152321d278ead740f4c712af856a49e2229479a5c36644d60f4bc9c893b97cc94c8b54e0b7bbd9785d2698cabadad700b7e6c0aca5b30ea2d6454592a179c825b7362530b7f69eccca00c385773d371569dfba26706f5c8e52ba7ddae6ea69a2d87e05c7ecf5998e33397fd5cb79f8a1a2047dc1e8b0a5d0d3db20a0a6592e1c86cf009b3b94e6179c5954294282ab7f4765d35b703aee43310033a10a11feab9b79373ed37436e04fe46aa604ded0cf0b8e6858d033674807d0a433a4bb07080771ca64202097232d730b70f9f4643291a39b20bc50974fc118809b58746802e08e6a5a82e36f76f186447199b1f6ba1e545cc80f1e3a72d54846be3703f7a5dd0739943b3a771ba86961e3b0e1a82f7c90cb24b6dc105a6f5578a77f886deb1535876c2363e4fdfc2acbc9fbd03adb3f69a79a8644d32d85dfb85a78f1c3ccf1798e44632846eb02003ba09fece21f17f5bcfb2fd887f4aa9ce47f0f42405ce6b148042b6700311a95fb40e1fdd975fc643299c5d37348f9cf7b82ccad6d112ebdcff0e4104cfcfdaa04ae450bce08446cbeacc55b33b322bf55fce25f9ee6f5243adacbb2713fde946585dce3c3bee9db45462aaeda7a64a025db6042c8bc5fe8022a5102e5e9b6b4f6543210c5f78c5d06d5a159461910a965e774ce129e575ca9031cdce4b429888e7c4ce6ad4f5a9b73ea32c9a436da911b319dd01cb353bb6f9d9c123f322ff67136395c07b3b04fc9ccc72bd36232906b8361145e383a5d4d9c99de097994118534a6af80ac10763cf76b651cab718b7c9f511f060a5d5bf8f9383cd52a7584b9704d2726df7973731ddc2c468eb5bae84ea659a9f74238c835e606197cbbbc4c69ea582563f15f560c6b6f3d0f7ce35e8efa5dc626015144ea549e4cd06e919a365ca3ad24f7ef6975a3f2b22342433ca5270d30853f6a9c76a36328fdb4e544cc391a7508c5b04bab492840c3fa5c6f4b6f46869c3ceea3323bc43c0db3e475f15558e46bc1dca9ebdbf7d2b9c4d7559dae612d4bc68df942698770e37264d2a869204d59042ab81a3d0a1f16b55c2a988e4a9249c891da465f68aaf41b45381f106ea02841bc1340d1035a4702d42a15f241640f257ab4e9ec5e4e00d63d016478c646f0dbd67e0aed302dcb9115acdda90eb1603b7ad1bedbdbdb0e31b6fc155048d9245fb924071873aeab73bb42f07345cd03e6b208ae585448eff8169d992f4e8925880d5d7e12f76189d13464cbf258443a9979cc7a6f506d393948ad5a5f3539068fa9ebcb2f28ccd2b027ec122720709e9d8633cd9de9ddb4237ee3db920a2c487bfc66cb4f2b58d2999864530f7a775bb90eb576124a595b59f59d514949bb83006f876905ae0c36dd2f66429ec26a122891cd8efb27f3d063c9869aa87c6a72b7853abf9e9c3b92a3c860b5070806437e3f0483ccaf49feab1ae1077c51087b250ed705f43ae30e9441209862d92bff1044e66542b7ec11fbf9295d25b839f16c2c4f564233775ea93b2475338a659e4d85d99ae7d2e556532091f9c4565e0bfcae6504887f12b6a04de89ae66dfb2de0ce57c01a58a5dea1e5f27c4c7af97d53b07fcfd92bb77a7f649afead8e86c383d5a9f75d1b70f59a57690b7a730554b1d57038df8cfbdfc5b6e7fe7a653f966288a224070453415669973a3a4effea1210a410f9e478936f0ccd8a353b016e8044314cd268a7138fe5024fac34dd68bb101b20e64f59d53eb88497af106fbcd44559dc07527f7bc87765c3e64ce6620192067080ae4a36139f6fada7d902a9dc53fcdd22c69aef77e79599cf7d11ccf4caea4eab0d73435a1a66514d03ee4569c84012c9314797f20a3275f04644ecdcba2fc25c1570b1e85096d7be5303007e666eb9ddb316eac37ce38e9581e469c9059f17a407e89bb37eb82043569f269cd7f5c56d32742efcd86df80886953de9f40f29c3759fa7b2ccfae5beb1891ef808996c2d282c8db781c812c5f47e629a02e097288ae6010a4735121a2cd440cf82944b14bb9b2d95c1cb3746538a9f50868fbb97b5afc6fd99590b7f0751e69d1bbefc6442d370a90da5fcd8be61897cdec3434333f17948f4b1f5a7f06f77e1888a8b705389931deb12e4cce816ff65c0108905d4242fa2b48a8ce356ea83e8355fa45a5e636eb5f77b01b7d4217ea5431f4b087b993488dc3ba414"}}}}}, 0x0)
ioctl$TUNGETVNETBE(r6, 0x800454df, &(0x7f00000000c0))
r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = getpid()
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x3c, 0x301, 0x70bd26, 0x25dfdbfd, {0xc}, [@typed={0x8, 0x3, 0x0, 0x0, @pid=r10}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x8000)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r11, 0x29, 0x35, &(0x7f0000000000)=0xffff8000, 0x4)
connect$unix(r7, &(0x7f0000000100)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
ioctl$VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000040)={0x7, 0xa, 0x2, "32cfd5010000aa022c1e00f4bf400000b00400d8000800", 0x31435750})
ioctl$HCIINQUIRY(r7, 0x800448f0, &(0x7f00000002c0)={0x1, 0x401, "4b883b", 0x40, 0xf7})
write$P9_RWSTAT(r3, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7)
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r6, 0x4068aea3, &(0x7f00000001c0))

1m34.570589115s ago: executing program 2 (id=1074):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000001c0)={<r2=>0x0, 0x9}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000002c0)={r2, 0xd6, "54d439989b2af057499a17c5eee8bce13409385142f4f7fadf81fcb7204e19f9a8a0a5e49025c1965cd8646433bf13d6d229ceddf3c618932ef8b72bc013f444f4d0505b3e27888a7323cfd71dc9d4b7ecfc7b9093617217335ea2b66481d360d3153235e404dca2cbd0f39216639239ee3768adeca7f78ac5537d00082d32d41e3dc984e099832879418b1324e6e3554487350a8f53ea8872598d27d5e864d6492bd7aad99cea457eb9e7cd462f831aa7adba749576c4a63025d04a7068c3f3c64bf278d8a59e9ad16ef0f7cc653aa950dac08924a3"}, &(0x7f00000003c0)=0xde)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b05, &(0x7f00000004c0)={'wlan1\x00'})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702000002ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a80)=@bpf_lsm={0x1d, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="186a00000a000000000000000d00000018450000f8ffffff00000000000000008d930001ffffffff18110000", @ANYRES32=r4, @ANYBLOB="00000072de9ba202b7080000f808ffff7bac1c2949000000bfa200000000000007020000f8ffffffb70300ffffffff0097040000000000008500000080000000161b9f8bc9d8292e09e9108138a3098fbb96c0c638f27c69482aaa66d367eb4745e20d2de8efe965ca1a8e"], &(0x7f0000000400)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000580)=""/183, 0x40f00, 0x2a, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000800)={0x4, 0x8, 0x9, 0x686a0000}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000980)=[r4, r4, r4, 0xffffffffffffffff, r4, 0xffffffffffffffff], &(0x7f0000000a00)=[{0x1, 0x1, 0x8, 0x5}, {0x5, 0x2, 0x3, 0xc660fdb4c43e5f1d}, {0x2, 0x2, 0xf, 0xb}, {0x4, 0x5, 0x4}, {0x5, 0x1, 0xa, 0xa}, {0x5, 0x1, 0x8, 0x8}], 0x10, 0x3}, 0x94)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r11, 0x4140aecd, &(0x7f0000000140)={{0xe566c797b7515b9, 0xffff1000, 0xf000, 0x9, 0x7f, 0x80, 0x81, 0xff, 0x0, 0x84, 0x0, 0x7}, {0xd000, 0x2000, 0x10, 0x3, 0x3, 0x7, 0x6, 0x49, 0x1, 0x4, 0xfa, 0x5}, {0xf000, 0x8000000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x13, 0x5, 0x4, 0x94, 0x80}, {0x10000, 0xeeef0000, 0xc, 0x7, 0x1, 0x40, 0x2, 0x0, 0xfd, 0x29, 0x9, 0x9}, {0xeeee8000, 0xdddd0000, 0xe, 0x9, 0x5, 0x2, 0x3, 0xf1, 0x2, 0x6e, 0x2, 0x8}, {0x4000, 0xdddd1000, 0xe, 0x2, 0xad, 0x2, 0x5, 0x5, 0x1, 0xe, 0x6, 0x3}, {0x6000, 0x10000, 0x0, 0x0, 0xcd, 0x80, 0x5, 0x26, 0x8, 0x6, 0xff, 0x6}, {0x1, 0xf000, 0xd, 0xe, 0x2, 0x3d, 0x3, 0x0, 0x7f, 0x1, 0x5, 0x8}, {0x58000, 0x5}, {0x80a0000, 0x9}, 0xa0000003, 0x0, 0x6000, 0x21, 0x5, 0xa800, 0x8000900, 0x5d4056b6f49d4944, [0x6, 0x2, 0x3, 0x3]})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x4, 0x2, 0xa9f}}]}, 0x38}, 0x1, 0x0, 0x0, 0x90}, 0x44080)
r12 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r12, 0x401c5820, &(0x7f0000000080)={0x8})
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4)
r13 = socket$netlink(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0)
sendmsg$NFT_BATCH(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="1400000010000100000000000000000005000000000000001600010000000000000000000000000a"], 0x28}}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10)
r14 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r14, @ANYBLOB="0000000000000000b708000000000000a50a000000000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m34.39227106s ago: executing program 2 (id=1079):
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000300), 0x1c1e01, 0x0)
write$6lowpan_control(r0, &(0x7f00000001c0)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sndseq(0xffffff9c, &(0x7f0000000180), 0x40)
readv(r1, &(0x7f00000013c0)=[{&(0x7f0000000280)=""/186, 0xba}], 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0x4}, 'port0\x00', 0x786520dbf34c80ff, 0x20a03, 0x122, 0x0, 0x0, 0xc, 0x400, 0x0, 0x0, 0x87})
openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x123482, 0x0)
lstat64(0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lblcr\x00', 0x1, 0x4, 0x8}, 0x2c)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xfff3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xffffffffffffff39, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0xffffffff}]}}]}, 0x38}}, 0x4048000)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="2000000004001000040122000b00000051000000", @ANYRES32, @ANYBLOB="08000000000000001a000000220000000000ba60ff7f0000", @ANYRES32=r6, @ANYRES32, @ANYBLOB="0000000000000000feff7fff00"/28], 0x50)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
r9 = gettid()
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0)
read(r10, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r10, 0x4040534e, &(0x7f0000000180)={0x335, @tick=0xe, 0x42, {}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r10, 0xc08c5334, &(0x7f0000000300)={0x8009, 0x100000d, 0x1, 'queue0\x00', 0x48})
tkill(r9, 0x7)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r7}, 0x38)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'caif0\x00'})

1m19.385494727s ago: executing program 32 (id=1079):
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000300), 0x1c1e01, 0x0)
write$6lowpan_control(r0, &(0x7f00000001c0)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sndseq(0xffffff9c, &(0x7f0000000180), 0x40)
readv(r1, &(0x7f00000013c0)=[{&(0x7f0000000280)=""/186, 0xba}], 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0x4}, 'port0\x00', 0x786520dbf34c80ff, 0x20a03, 0x122, 0x0, 0x0, 0xc, 0x400, 0x0, 0x0, 0x87})
openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x123482, 0x0)
lstat64(0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lblcr\x00', 0x1, 0x4, 0x8}, 0x2c)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xfff3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xffffffffffffff39, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0xffffffff}]}}]}, 0x38}}, 0x4048000)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="2000000004001000040122000b00000051000000", @ANYRES32, @ANYBLOB="08000000000000001a000000220000000000ba60ff7f0000", @ANYRES32=r6, @ANYRES32, @ANYBLOB="0000000000000000feff7fff00"/28], 0x50)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
r9 = gettid()
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0)
read(r10, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r10, 0x4040534e, &(0x7f0000000180)={0x335, @tick=0xe, 0x42, {}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r10, 0xc08c5334, &(0x7f0000000300)={0x8009, 0x100000d, 0x1, 'queue0\x00', 0x48})
tkill(r9, 0x7)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r7}, 0x38)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'caif0\x00'})

7.910906998s ago: executing program 1 (id=1523):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f007, 0x20009})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0)={<r2=>0x0, 0x0, 0x38d, 0x1000, 0x7, 0x5}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r2, 0x40, 0x80}, &(0x7f0000000180)=0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{0x0}], 0x1)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x50, r4, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe494}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xe3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xcbed}]}, 0x50}, 0x1, 0x0, 0x0, 0x82}, 0x4084)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
lseek(0xffffffffffffffff, 0x1, 0x1)
mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)

7.791327014s ago: executing program 1 (id=1524):
syz_emit_ethernet(0x1e, &(0x7f0000000040)={@local, @remote, @void, {@can={0xc, {{0x1, 0x1, 0x1, 0x1}, 0x3, 0x3, 0x0, 0x0, "53311cf4368c37ce"}}}}, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000035ffaa20cd0caf104e380102030109021b00010000100009045902019b042a00090582"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, 0xffffffffffffffff)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000200)={'filter\x00', 0x0, 0x0, 0x0, [0x3ff, 0x4, 0x3, 0x3ac, 0x1048, 0x7]}, &(0x7f0000000280)=0x50)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x106, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000004000000001000008500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000009e850000000000000000000000000000000000000000000000015415302271e"], 0x50)

3.988033937s ago: executing program 1 (id=1548):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r2}, 0x18)
sendmsg$can_j1939(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x1d, r2, 0x3, {0x0, 0x1ee}}, 0x18, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="840200001000010025bd7000fddbdf2500000000", @ANYRES32=r5, @ANYBLOB="002000004300010030001280110001006272696467655f736c617665000000001800058005000a000000000004001800050001"], 0x284}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route(r3, 0x0, 0x4000)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r7, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r7, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000180)={@local, @multicast, @void, {@canfd={0xd, {{0x0, 0x1, 0x1, 0x1}, 0x35, 0x1, 0x0, 0x0, "6a739900b0f27d5e41f362693273602632b5eeb7cff37bc942bcaca88f2ab1b005305f5cd65bc9b1ae2c8d7105470fcd62cf09d6a5c6c595ba1301069435d260"}}}}, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000320, 0x0, "fc79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85, 0x7}, 0x3c)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x1f, 0x7ffdd000, 0x8000}], 0x320000)
getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000040), &(0x7f0000000100)=0x8)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @local, 0x1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x40)

3.840864076s ago: executing program 1 (id=1549):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x3d0a, 0x1, 0x1, 0x2})
socket(0x10, 0x803, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @private=0xa010101}, 0x2, 0x2, 0x3, 0x3}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0xa0b0}, 0x3})
openat$userio(0xffffff9c, &(0x7f0000001540), 0x400, 0x0)
r3 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x386f5, 0x10100, 0x3}, 0x0, &(0x7f0000000000))
io_uring_enter(r3, 0x48e9, 0x0, 0x2, 0x0, 0x0)
flock(0xffffffffffffffff, 0x2)
r4 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
flock(r4, 0x1)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r5 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f00000019c0)='//\xf2/\x06\b/\\/o/\xea\x95\x9a/\x00bb\x8a\x80\x91\xdf\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc50\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\x05\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1oO\xe4\x99\xd6\xed\x83\xb0\x18q\xb9\xda\xf1kk\xb0N\xe69D\x12\x1f\x96\x85y\xe1\xf6\x83\x81\xc1\xcb\x169\xa5A%\xcb\n\xaby\x9f\x97\xde\xcf\x14\x0f\xffl\xb0e\xa2m\xb3\x8fsI\xc8v<\x8a\\7\xbaA\xef\x92\x98K\xfd\xaa\xdb', 0x0)

3.223176164s ago: executing program 1 (id=1554):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1802000000000000000000000000000087901800"/32], &(0x7f0000000040)='syzkaller\x00', 0x5}, 0x90)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x408cd, 0xf00)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x2a401)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0xfffffff8, 0x8000)
ioctl$HIDIOCAPPLICATION(r2, 0x4802, 0x1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000c40), r3)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000080)={0x44, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x7}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7f}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040004)
r5 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
close(r5)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x0)
setsockopt$sock_int(r6, 0x1, 0x28, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc020000000000000000000000000000140004"], 0x84}}, 0x0)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r8, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$inet_int(r1, 0x0, 0x6, &(0x7f0000000140)=0x4, 0x4)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_trace', 0x2, 0x0)
r10 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r10, 0xc0cc5605, &(0x7f00000001c0)={0x1, @pix={0x410001, 0x2, 0x31424752, 0x7, 0x6, 0x8ea, 0x6, 0x7, 0x1, 0x3, 0x0, 0x4}})
write$FUSE_NOTIFY_RESEND(r9, &(0x7f0000000100)={0x2d}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
chdir(&(0x7f0000001000)='./file0\x00')
open(&(0x7f00000030c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x240, 0x108)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000000)=0x3f7, 0x4)

3.222886296s ago: executing program 4 (id=1555):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000002c0)={0xa, @sliced={0x8001, [0x6, 0x6, 0x6, 0x8, 0x8, 0x1ff, 0x3, 0x0, 0x79a, 0x6, 0x150a, 0x7fff, 0x7, 0x8, 0x6, 0x2, 0xfffb, 0x7, 0xfffd, 0x7, 0x80, 0x8000, 0x2, 0x4294, 0x4, 0x5, 0xeb95, 0x1, 0x8, 0x4, 0x5, 0x7, 0x0, 0x7f, 0xa62c, 0x7, 0xffff, 0x8, 0x40, 0x9, 0x6, 0x6, 0xf, 0x8, 0x193, 0x9, 0x7, 0xfcc4], 0x6}})

3.168774164s ago: executing program 4 (id=1556):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000002c0)={0xa, @sliced={0x8001, [0x6, 0x6, 0x6, 0x8, 0x8, 0x1ff, 0x3, 0x0, 0x79a, 0x6, 0x150a, 0x7fff, 0x7, 0x8, 0x6, 0x2, 0xfffb, 0x7, 0xfffd, 0x7, 0x80, 0x8000, 0x2, 0x4294, 0x4, 0x5, 0xeb95, 0x1, 0x8, 0x4, 0x5, 0x7, 0x0, 0x7f, 0xa62c, 0x7, 0xffff, 0x8, 0x40, 0x9, 0x6, 0x6, 0xf, 0x8, 0x193, 0x9, 0x7, 0xfcc4], 0x6}}) (fail_nth: 1)

3.168125924s ago: executing program 1 (id=1557):
syz_emit_ethernet(0x1e, &(0x7f0000000040)={@local, @remote, @void, {@can={0xc, {{0x1, 0x1, 0x1, 0x1}, 0x3, 0x3, 0x0, 0x0, "53311cf4368c37ce"}}}}, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000035ffaa20cd0caf104e380102030109021b00010000100009045902019b042a00090582"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, 0xffffffffffffffff)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x106, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0600000004000000001000008500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000009e850000000000000000000000000000000000000000000000015415302271e"], 0x50)

3.060549983s ago: executing program 4 (id=1558):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x441, 0x0)
write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xff2e) (async)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xe64, 0x5, 0x9, "0062ba7d82000000000000000000f7ffffff00"}) (async)
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000001100)=0x12) (async)
r3 = socket$inet_sctp(0x2, 0x5, 0x84) (async)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, &(0x7f0000000500)=[{0x2, 0x2, {0x2, 0x0, 0x4}, {0x2, 0x1, 0x3}, 0x2, 0x2}, {0x2, 0x0, {0x1, 0x1, 0x4}, {0x0, 0xf0, 0x2}, 0xfe, 0x2}, {0x0, 0x0, {}, {0x0, 0xf0, 0x2}, 0x1, 0xff}], 0x60)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b705000000000000850000007500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close_range(r3, r4, 0x0)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_PROMISC(r7, 0x6b, 0x2, &(0x7f00000002c0), &(0x7f0000000300)=0x4) (async)
setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$FS_IOC_GETFSUUID(r2, 0x80111500, &(0x7f00000001c0)) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000001000ffff27bd7000fbdbdf2500000000", @ANYRESOCT=r3, @ANYBLOB="1503000000000000240012000000001400029008000000000000000600020001000071ac952300d1961a8e", @ANYRES32=r4], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0xc008083) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
write$tun(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="000086dd4705090097000198"], 0xfdef) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008004}, 0x20048040)

3.060222216s ago: executing program 4 (id=1559):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$vivid(&(0x7f0000002680), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000026c0)={0x0, 0xe, 0x3, "bc171f3e85b85e7455e404ed131852cde0ba718ccbd9a8b9f8214953ec7a17ca", 0x52424752})
ioctl$VIDIOC_QUERY_EXT_CTRL(r5, 0xc0e85667, &(0x7f0000000300)={0x40000000, 0x1, "3789d1ed29fa245b7da299a4917d47379181696c64ba6cdeb283edd6d58e4be6", 0x3, 0x200000, 0x1, 0x2, 0x1, 0x7, 0x1, 0xa, [0xc15, 0x5, 0x5, 0x7fffffff]})
r6 = socket$kcm(0x2, 0x3, 0x2)
recvmsg$kcm(r6, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x18000)
r7 = socket$kcm(0x10, 0x2, 0x4)
close(r6)
sendmsg$kcm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003c48f", 0x43}], 0x1}, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000004c0)=0xff)
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000200)=0xfffffffe)
r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
socket$kcm(0x29, 0x5, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.901082956s ago: executing program 3 (id=1562):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/59, 0x714000, 0x1000, 0x10, 0x2}, 0x20)

2.670558343s ago: executing program 3 (id=1564):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$ttyS3(0xffffff9c, &(0x7f00000001c0), 0x8000, 0x0)
ioctl$TIOCL_SCROLLCONSOLE(r2, 0x541c, &(0x7f0000000200)={0xd, 0x4})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x2c, r1, 0x5, 0x70bd25, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}]}, 0x2c}}, 0x40006)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000180)=0xd)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast2, 0x8a4}}, {{0xa, 0x4e18, 0x100, @remote}}}, 0x108)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
ioctl$TIOCOUTQ(r3, 0x5411, &(0x7f00000000c0))

2.581404709s ago: executing program 3 (id=1565):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1802000000000000000000000000000087901800"/32], &(0x7f0000000040)='syzkaller\x00', 0x5}, 0x90)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x408cd, 0xf00)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x2a401)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0xfffffff8, 0x8000)
ioctl$HIDIOCAPPLICATION(r2, 0x4802, 0x1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000c40), r3)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000080)={0x44, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x7}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7f}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040004)
r5 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
close(r5)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x0)
setsockopt$sock_int(r6, 0x1, 0x28, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc020000000000000000000000000000140004"], 0x84}}, 0x0)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r8, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$inet_int(r1, 0x0, 0x6, &(0x7f0000000140)=0x4, 0x4)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_trace', 0x2, 0x0)
r10 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r10, 0xc0cc5605, &(0x7f00000001c0)={0x1, @pix={0x410001, 0x2, 0x31424752, 0x7, 0x6, 0x8ea, 0x6, 0x7, 0x1, 0x3, 0x0, 0x4}})
write$FUSE_NOTIFY_RESEND(r9, &(0x7f0000000100)={0x2d}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
chdir(&(0x7f0000001000)='./file0\x00')
open(&(0x7f00000030c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x240, 0x108)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000000)=0x3f7, 0x4)

2.471428817s ago: executing program 3 (id=1566):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = io_uring_setup(0x4d42, &(0x7f0000000240)={0x0, 0xca6a, 0x40, 0x0, 0x3})
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r1, 0xb, &(0x7f0000000480)=[@ioring_restriction_sqe_op={0x1, 0x14}], 0x1)
r2 = inotify_init1(0x80000)
inotify_add_watch(r2, &(0x7f0000000080)='.\x00', 0x2000775)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x4)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r4, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003380)=""/4096, 0x37}}], 0x1, 0x60010020, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f00000002c0)={0xa, @sliced={0x8001, [0x6, 0x6, 0x6, 0x8, 0x8, 0x1ff, 0x3, 0x0, 0x79a, 0x6, 0x150a, 0x7fff, 0x7, 0x8, 0x6, 0x2, 0xfffb, 0x7, 0xfffd, 0x7, 0x80, 0x8000, 0x2, 0x4294, 0x4, 0x5, 0xeb95, 0x1, 0x8, 0x4, 0x5, 0x7, 0x0, 0x7f, 0xa62c, 0x7, 0xffff, 0x8, 0x40, 0x9, 0x6, 0x6, 0xf, 0x8, 0x193, 0x9, 0x7, 0xfcc4], 0x6}})

2.384230842s ago: executing program 3 (id=1568):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x4, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a0101000000000000000002000000091f010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
clock_adjtime(0x0, &(0x7f0000000380)={0x3ff, 0xfff0bdc1, 0x4100, 0xb, 0x0, 0xf423f, 0x800000000000003, 0x800000000006, 0x0, 0x100, 0x3, 0x0, 0x7, 0x0, 0x9f, 0x2, 0x0, 0x0, 0x300000000000, 0x9, 0x8001, 0x7, 0xfffffffffffffffd, 0x3, 0x0, 0xe})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r6, &(0x7f0000001240)=""/102400, 0x200000, 0x200000)
openat$mixer(0xffffffffffffff9c, &(0x7f0000001640), 0x121040, 0x0)

1.54028356s ago: executing program 4 (id=1571):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0xb4, 0x6, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0x10, 0x1, 'CONNSECMARK\x00'}, @NFTA_TARGET_INFO={0x1d, 0x3, "a87224abc678282fd28c008216e0499b79e4fc7fc73bb8bb43"}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x29}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x88f7}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}]}], {0x14}}, 0xdc}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f00000000c0)=0x800, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3e, 0x770, 0x0, 0xbabd}, 0x1c)
openat$tun(0xffffff9c, &(0x7f0000000100), 0x238440, 0x0)
r4 = epoll_create1(0x0)
r5 = epoll_create1(0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000400)={0xa})

1.431674266s ago: executing program 4 (id=1572):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x1a1941, 0x0)
r1 = openat$adsp1(0xffffff9c, &(0x7f0000000080), 0x80, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r2)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81e8943c, &(0x7f0000000240))
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x2})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xc0100, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x1)
socket(0xa, 0x4, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000010c0)=0xfb)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f0000000180)={0x80, 0x1, 'client0\x00', 0x1, "896c81dd59ff28d2", "e5dbc741536b0e2fbb12e9338ec8dcb3e07c903fc30e8a11d477e3fb04eb2f74", 0x3, 0x4})
ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040))

1.241634585s ago: executing program 0 (id=1573):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = openat$ttyS3(0xffffff9c, &(0x7f00000001c0), 0x8000, 0x0)
ioctl$TIOCL_SCROLLCONSOLE(r2, 0x541c, &(0x7f0000000200)={0xd, 0x4})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x2c, r1, 0x5, 0x70bd25, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}]}, 0x2c}}, 0x40006)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000180)=0xd)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast2, 0x8a4}}, {{0xa, 0x4e18, 0x100, @remote}}}, 0x108)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
ioctl$TIOCOUTQ(r3, 0x5411, &(0x7f00000000c0))

1.241177414s ago: executing program 0 (id=1574):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1802000000000000000000000000000087901800"/32], &(0x7f0000000040)='syzkaller\x00', 0x5}, 0x90)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x408cd, 0xf00)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x2a401)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0xfffffff8, 0x8000)
ioctl$HIDIOCAPPLICATION(r2, 0x4802, 0x1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000c40), r3)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000080)={0x44, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x7}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7f}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040004)
r5 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
close(r5)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x0)
setsockopt$sock_int(r6, 0x1, 0x28, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc020000000000000000000000000000140004"], 0x84}}, 0x0)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r8, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
setsockopt$inet_int(r1, 0x0, 0x6, &(0x7f0000000140)=0x4, 0x4)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_trace', 0x2, 0x0)
r10 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r10, 0xc0cc5605, &(0x7f00000001c0)={0x1, @pix={0x410001, 0x2, 0x31424752, 0x7, 0x6, 0x8ea, 0x6, 0x7, 0x1, 0x3, 0x0, 0x4}})
write$FUSE_NOTIFY_RESEND(r9, &(0x7f0000000100)={0x2d}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
chdir(&(0x7f0000001000)='./file0\x00')
open(&(0x7f00000030c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x240, 0x108)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000000)=0x3f7, 0x4)

1.141440659s ago: executing program 0 (id=1575):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/59, 0x714000, 0x1000, 0x10, 0x2}, 0x20)

960.831988ms ago: executing program 0 (id=1576):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x3d0a, 0x1, 0x1, 0x2})
socket(0x10, 0x803, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @private=0xa010101}, 0x2, 0x2, 0x3, 0x3}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0xa0b0}, 0x3})
openat$userio(0xffffff9c, &(0x7f0000001540), 0x400, 0x0)
r3 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x386f5, 0x10100, 0x3}, 0x0, &(0x7f0000000000))
io_uring_enter(r3, 0x48e9, 0x0, 0x2, 0x0, 0x0)
flock(0xffffffffffffffff, 0x2)
r4 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
flock(r4, 0x1)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000240)={'wlan1\x00', 0x0})
r5 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f00000019c0)='//\xf2/\x06\b/\\/o/\xea\x95\x9a/\x00bb\x8a\x80\x91\xdf\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc50\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\x05\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1oO\xe4\x99\xd6\xed\x83\xb0\x18q\xb9\xda\xf1kk\xb0N\xe69D\x12\x1f\x96\x85y\xe1\xf6\x83\x81\xc1\xcb\x169\xa5A%\xcb\n\xaby\x9f\x97\xde\xcf\x14\x0f\xffl\xb0e\xa2m\xb3\x8fsI\xc8v<\x8a\\7\xbaA\xef\x92\x98K\xfd\xaa\xdb', 0x0)

960.283981ms ago: executing program 3 (id=1577):
socket$nl_route(0x10, 0x3, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x6c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x38, 0x2, [@TCA_MATCHALL_ACT={0x34, 0x2, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48810}, 0x4004810)
socket$nl_netfilter(0x10, 0x3, 0xc)
setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f0000000200)=@v2={0x2000000, [{0x8000, 0x7}, {0x40000, 0xfffffffa}]}, 0x14, 0x3)
socket$inet6(0x10, 0x3, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x108c0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f00000001c0)='/sys/power/pm_trace', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
pipe(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}}, 0x4000000)
read$FUSE(r1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, 0x0)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75)
r5 = dup2(r4, r4)
read$FUSE(r5, &(0x7f00000063c0)={0x2020}, 0x2020)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x30000000}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x50, 0x6000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0xb0a3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0x2, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x3, 0x8, 0x0, 0xffff, 0xfffffff3}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

80.215445ms ago: executing program 0 (id=1578):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f007, 0x20009})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0)={<r2=>0x0, 0x0, 0x38d, 0x1000, 0x7, 0x5}, &(0x7f0000000100)=0x14)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r2, 0x40, 0x80}, &(0x7f0000000180)=0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x50, r4, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe494}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xe3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xcbed}]}, 0x50}, 0x1, 0x0, 0x0, 0x82}, 0x4084)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
lseek(0xffffffffffffffff, 0x1, 0x1)
mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=1579):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$vivid(&(0x7f0000002680), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000026c0)={0x0, 0xe, 0x3, "bc171f3e85b85e7455e404ed131852cde0ba718ccbd9a8b9f8214953ec7a17ca", 0x52424752})
ioctl$VIDIOC_QUERY_EXT_CTRL(r5, 0xc0e85667, &(0x7f0000000300)={0x40000000, 0x1, "3789d1ed29fa245b7da299a4917d47379181696c64ba6cdeb283edd6d58e4be6", 0x3, 0x200000, 0x1, 0x2, 0x1, 0x7, 0x1, 0xa, [0xc15, 0x5, 0x5, 0x7fffffff]})
r6 = socket$kcm(0x2, 0x3, 0x2)
recvmsg$kcm(r6, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x18000)
r7 = socket$kcm(0x10, 0x2, 0x4)
close(r6)
sendmsg$kcm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003c48f93b82a0300", 0x48}], 0x1}, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000004c0)=0xff)
ioctl$SNDRV_PCM_IOCTL_LINK(0xffffffffffffffff, 0x40044160, &(0x7f0000000200)=0xfffffffe)
r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
socket$kcm(0x29, 0x5, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

6][ T9880] Node 0 DMA free:2088kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:476kB local_pcp:128kB free_cma:0kB
[  237.846196][ T9880] lowmem_reserve[]: 0 294 294 294 294
[  237.849811][ T9880] Node 0 DMA32 free:12564kB boost:0kB min:13448kB low:16808kB high:20168kB reserved_highatomic:0KB free_highatomic:0KB active_anon:2068kB inactive_anon:0kB active_file:1356kB inactive_file:4kB unevictable:3536kB writepending:392kB zspages:0kB present:1032196kB managed:301120kB mlocked:0kB bounce:0kB free_pcp:15528kB local_pcp:5508kB free_cma:0kB
[  237.860500][ T9880] lowmem_reserve[]: 0 0 0 0 0
[  237.862174][ T9880] Node 1 DMA32 free:132644kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23492kB inactive_anon:612kB active_file:29536kB inactive_file:156936kB unevictable:9512kB writepending:12200kB zspages:1748kB present:1048432kB managed:948220kB mlocked:6144kB bounce:0kB free_pcp:54840kB local_pcp:11004kB free_cma:0kB
[  237.863774][ T9877] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.876570][ T9880] lowmem_reserve[]: 0 0 0 0 0
[  237.878268][ T9880] Node 0 DMA: 46*4kB (U) 12*8kB (U) 11*16kB (UM) 5*32kB (UM) 1*64kB (U) 1*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2088kB
[  237.883743][ T9880] Node 0 DMA32: 1*4kB (E) 2*8kB (E) 22*16kB (UE) 75*32kB (UME) 38*64kB (UE) 12*128kB (UME) 9*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 0*2048kB 0*4096kB = 12628kB
[  237.889018][ T9880] Node 1 DMA32: 1163*4kB (UM) 615*8kB (UME) 528*16kB (UME) 277*32kB (UME) 194*64kB (UME) 52*128kB (UME) 60*256kB (UME) 49*512kB (UM) 35*1024kB (UM) 3*2048kB (UM) 1*4096kB (M) = 132484kB
[  237.895253][ T9880] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  237.898644][ T9880] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  237.901824][ T9880] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  237.908038][ T9880] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  237.911088][ T9880] 49910 total pagecache pages
[  237.912667][ T9880] 712 pages in swap cache
[  237.914084][ T9880] Free swap  = 118908kB
[  237.915490][ T9880] Total swap = 124996kB
[  237.917428][ T9880] 524155 pages RAM
[  237.919143][ T9880] 0 pages HighMem/MovableOnly
[  237.920842][ T9880] 207980 pages reserved
[  237.922233][ T9880] 0 pages cma reserved
[  237.977990][ T9877] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.088633][ T7090] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  238.102050][ T7089] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  238.104789][ T7089] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  238.114721][ T7089] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  238.133258][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  238.392530][ T9895] netlink: 'syz.1.980': attribute type 2 has an invalid length.
[  238.661956][ T9897] netlink: 12 bytes leftover after parsing attributes in process `syz.2.981'.
[  238.867882][ T9902] IPVS: Scheduler module ip_vs_sip not found
[  238.919340][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  238.919367][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  239.171831][ T9894] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  239.174042][ T9894] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  239.176110][ T9894] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  239.561873][ T9917] IPVS: Scheduler module ip_vs_sip not found
[  239.904177][ T9927] program syz.0.988 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  240.444314][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout
[  241.116012][ T9944] netlink: 'syz.1.992': attribute type 2 has an invalid length.
[  241.239855][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  241.239878][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  241.820268][ T9949] netlink: 12 bytes leftover after parsing attributes in process `syz.2.995'.
[  241.873742][ T9941] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  241.875750][ T9941] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  241.877786][ T9941] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  241.947575][ T9953] IPVS: Scheduler module ip_vs_sip not found
[  242.119338][ T6025] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  242.269277][ T6025] usb 5-1: Using ep0 maxpacket: 32
[  242.272670][ T6025] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  242.275502][ T6025] usb 5-1: config 0 has no interface number 0
[  242.277512][ T6025] usb 5-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  242.280650][ T6025] usb 5-1: config 0 interface 89 has no altsetting 0
[  242.284447][ T6025] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  242.287394][ T6025] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.290394][ T6025] usb 5-1: Product: syz
[  242.292232][ T6025] usb 5-1: Manufacturer: syz
[  242.294036][ T6025] usb 5-1: SerialNumber: syz
[  242.297107][ T6025] usb 5-1: config 0 descriptor??
[  242.308034][ T6025] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  242.311619][ T6025] em28xx 5-1:0.89: Video interface 89 found:
[  242.744190][ T9963] [U] �
[  243.159329][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  243.774682][ T9967] IPVS: Scheduler module ip_vs_sip not found
[  243.805936][ T6025] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[  243.879408][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  243.882393][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  244.921808][ T9976] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  244.923944][ T9976] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  244.926816][ T9976] vhci_hcd vhci_hcd.0: Device attached
[  244.984019][ T6025] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  244.986549][ T6025] em28xx 5-1:0.89: board has no eeprom
[  245.069315][ T6025] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[  245.071749][ T6025] em28xx 5-1:0.89: analog set to bulk mode.
[  245.074010][ T8770] em28xx 5-1:0.89: Registering V4L2 extension
[  245.110874][ T8770] em28xx 5-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  245.114671][ T8770] em28xx 5-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  245.118286][ T8770] em28xx 5-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  245.121840][ T8770] em28xx 5-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  245.125388][ T8770] em28xx 5-1:0.89: Config register raw data: 0xfffffffb
[  245.128504][ T8770] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[  245.132340][ T8770] em28xx 5-1:0.89: No AC97 audio processor
[  245.143031][ T8770] usb 5-1: Decoder not found
[  245.144510][ T8770] em28xx 5-1:0.89: failed to create media graph
[  245.150445][ T8770] em28xx 5-1:0.89: V4L2 device video103 deregistered
[  245.157168][ T8770] em28xx 5-1:0.89: Registering snapshot button...
[  245.167632][ T8770] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.89/input/input27
[  245.181631][ T8770] em28xx 5-1:0.89: Remote control support is not available for this card.
[  245.449306][   T61] usb 40-1: SetAddress Request (23) to port 0
[  245.451293][   T61] usb 40-1: new SuperSpeed USB device number 23 using vhci_hcd
[  245.523721][ T9977] vhci_hcd: connection reset by peer
[  245.529928][ T7102] vhci_hcd: stop threads
[  245.531510][ T7102] vhci_hcd: release socket
[  245.533037][ T7102] vhci_hcd: disconnect device
[  245.611289][   T29] usb 5-1: USB disconnect, device number 7
[  245.613674][   T29] em28xx 5-1:0.89: Disconnecting em28xx
[  245.615380][   T29] em28xx 5-1:0.89: Closing input extension
[  245.617129][   T29] em28xx 5-1:0.89: Deregistering snapshot button
[  245.630661][   T29] em28xx 5-1:0.89: Freeing device
[  245.740631][ T9997] netlink: 'syz.0.1005': attribute type 2 has an invalid length.
[  246.021033][ T9999] IPVS: Scheduler module ip_vs_sip not found
[  246.723462][ T9996] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  246.741248][ T9996] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  246.753642][ T9996] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  246.946775][T10007] IPVS: Scheduler module ip_vs_sip not found
[  247.316868][T10024] [U] �
[  247.709785][ T6025] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  247.879963][ T6025] usb 6-1: Using ep0 maxpacket: 32
[  247.887745][ T6025] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  247.893079][ T6025] usb 6-1: config 0 has no interface number 0
[  247.895295][ T6025] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  247.898628][ T6025] usb 6-1: config 0 interface 89 has no altsetting 0
[  247.943645][ T6025] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  247.950124][ T6025] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.954359][ T6025] usb 6-1: Product: syz
[  247.956191][ T6025] usb 6-1: Manufacturer: syz
[  247.958214][ T6025] usb 6-1: SerialNumber: syz
[  247.971388][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  248.013222][ T6025] usb 6-1: config 0 descriptor??
[  248.074153][ T6025] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  248.088731][ T6025] em28xx 6-1:0.89: Video interface 89 found:
[  248.619328][T10039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1016'.
[  248.665585][ T6025] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  248.771769][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  248.771949][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  248.893904][T10046] netlink: 'syz.0.1018': attribute type 2 has an invalid length.
[  249.188051][T10047] [U] �
[  249.719711][T10054] IPVS: Scheduler module ip_vs_sip not found
[  249.777554][T10044] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  250.023561][T10044] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  250.025893][T10044] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  250.352685][ T6025] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  250.355442][ T6025] em28xx 6-1:0.89: board has no eeprom
[  250.409297][ T6025] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  250.411878][ T6025] em28xx 6-1:0.89: analog set to bulk mode.
[  250.416373][ T8770] em28xx 6-1:0.89: Registering V4L2 extension
[  250.447380][ T8770] em28xx 6-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  250.450308][ T8770] em28xx 6-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  250.453505][ T8770] em28xx 6-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  250.456440][ T8770] em28xx 6-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  250.459263][ T8770] em28xx 6-1:0.89: Config register raw data: 0xfffffffb
[  250.461808][ T8770] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  250.464108][ T8770] em28xx 6-1:0.89: No AC97 audio processor
[  250.478898][ T8770] usb 6-1: Decoder not found
[  250.481548][ T8770] em28xx 6-1:0.89: failed to create media graph
[  250.488963][ T8770] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  250.495753][ T8770] em28xx 6-1:0.89: Registering snapshot button...
[  250.506869][ T8770] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.89/input/input28
[  250.520670][   T61] usb 40-1: device descriptor read/8, error -110
[  250.522347][ T8770] em28xx 6-1:0.89: Remote control support is not available for this card.
[  250.527657][ T6028] usb 6-1: USB disconnect, device number 20
[  250.530984][ T6028] em28xx 6-1:0.89: Disconnecting em28xx
[  250.537786][ T6028] em28xx 6-1:0.89: Closing input extension
[  250.553976][ T6028] em28xx 6-1:0.89: Deregistering snapshot button
[  250.570866][ T6028] em28xx 6-1:0.89: Freeing device
[  250.625473][T10068] can0: slcan on ptm0.
[  250.710508][T10067] can0 (unregistered): slcan off ptm0.
[  250.910457][   T61] usb usb40-port1: attempt power cycle
[  250.926699][T10080] FAULT_INJECTION: forcing a failure.
[  250.926699][T10080] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  250.932373][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout
[  250.952023][T10080] CPU: 2 UID: 0 PID: 10080 Comm: syz.0.1026 Not tainted syzkaller #0 PREEMPT(full) 
[  250.952047][T10080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  250.952057][T10080] Call Trace:
[  250.952063][T10080]  <TASK>
[  250.952069][T10080]  dump_stack_lvl+0x16c/0x1f0
[  250.952094][T10080]  should_fail_ex+0x512/0x640
[  250.952121][T10080]  _copy_from_user+0x2e/0xd0
[  250.952138][T10080]  kstrtouint_from_user+0xd6/0x1d0
[  250.952157][T10080]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  250.952175][T10080]  ? __lock_acquire+0xb8a/0x1c90
[  250.952207][T10080]  proc_fail_nth_write+0x83/0x220
[  250.952226][T10080]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  250.952249][T10080]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  250.952264][T10080]  vfs_write+0x2a0/0x11d0
[  250.952287][T10080]  ? __pfx_vfs_write+0x10/0x10
[  250.952302][T10080]  ? find_held_lock+0x2b/0x80
[  250.952325][T10080]  ? __fget_files+0x20e/0x3c0
[  250.952347][T10080]  ksys_write+0x12a/0x250
[  250.952363][T10080]  ? __pfx_ksys_write+0x10/0x10
[  250.952379][T10080]  ? fput+0x9b/0xd0
[  250.952398][T10080]  ? rcu_is_watching+0x12/0xc0
[  250.952418][T10080]  __do_fast_syscall_32+0x7c/0x300
[  250.952441][T10080]  do_fast_syscall_32+0x32/0x80
[  250.952461][T10080]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  250.952484][T10080] RIP: 0023:0xf706d579
[  250.952498][T10080] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  250.952512][T10080] RSP: 002b:00000000f545d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  250.952528][T10080] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f545d620
[  250.952538][T10080] RDX: 0000000000000001 RSI: 00000000f7406ff4 RDI: 0000000000000000
[  250.952547][T10080] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  250.952555][T10080] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  250.952564][T10080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  250.952586][T10080]  </TASK>
[  251.150082][T10086] [U] �
[  251.472295][   T61] usb usb40-port1: unable to enumerate USB device
[  252.040005][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  252.040028][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  252.042654][T10100] netlink: 'syz.2.1027': attribute type 2 has an invalid length.
[  252.309368][T10098] IPVS: Scheduler module ip_vs_sip not found
[  252.880200][T10095] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  252.883230][T10095] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  252.885945][T10095] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  252.989920][T10111] IPVS: Scheduler module ip_vs_sip not found
[  253.209494][T10120] FAULT_INJECTION: forcing a failure.
[  253.209494][T10120] name failslab, interval 1, probability 0, space 0, times 0
[  253.215539][T10120] CPU: 0 UID: 0 PID: 10120 Comm: syz.2.1033 Not tainted syzkaller #0 PREEMPT(full) 
[  253.215563][T10120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  253.215574][T10120] Call Trace:
[  253.215580][T10120]  <TASK>
[  253.215587][T10120]  dump_stack_lvl+0x16c/0x1f0
[  253.215612][T10120]  should_fail_ex+0x512/0x640
[  253.215638][T10120]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  253.215659][T10120]  should_failslab+0xc2/0x120
[  253.215683][T10120]  kmem_cache_alloc_noprof+0x75/0x6e0
[  253.215701][T10120]  ? security_file_alloc+0x34/0x2b0
[  253.215725][T10120]  ? security_file_alloc+0x34/0x2b0
[  253.215742][T10120]  security_file_alloc+0x34/0x2b0
[  253.215760][T10120]  init_file+0x93/0x4c0
[  253.215784][T10120]  alloc_empty_file+0x73/0x1e0
[  253.215809][T10120]  alloc_file_pseudo+0x13a/0x230
[  253.215835][T10120]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  253.215861][T10120]  ? _raw_spin_unlock+0x28/0x50
[  253.215879][T10120]  ? alloc_fd+0x471/0x7d0
[  253.215898][T10120]  __anon_inode_getfile+0xe8/0x280
[  253.215923][T10120]  anon_inode_getfd+0x52/0xb0
[  253.215947][T10120]  __ia32_sys_fsopen+0x18f/0x240
[  253.215971][T10120]  __do_fast_syscall_32+0x7c/0x300
[  253.215996][T10120]  do_fast_syscall_32+0x32/0x80
[  253.216019][T10120]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.216041][T10120] RIP: 0023:0xf7fb3579
[  253.216054][T10120] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  253.216070][T10120] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 00000000000001ae
[  253.216087][T10120] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 0000000000000000
[  253.216098][T10120] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  253.216107][T10120] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  253.216116][T10120] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  253.216126][T10120] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  253.216149][T10120]  </TASK>
[  253.223973][T10119] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1032'.
[  253.290409][T10119] block nbd0: not configured, cannot reconfigure
[  253.297744][T10123] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1035'.
[  253.301779][T10123] could not open pipe file descriptor
[  253.304457][T10119] netlink: 'syz.1.1032': attribute type 3 has an invalid length.
[  253.381734][T10129] FAULT_INJECTION: forcing a failure.
[  253.381734][T10129] name failslab, interval 1, probability 0, space 0, times 0
[  253.381763][T10129] CPU: 2 UID: 0 PID: 10129 Comm: syz.2.1037 Not tainted syzkaller #0 PREEMPT(full) 
[  253.381783][T10129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  253.381793][T10129] Call Trace:
[  253.381798][T10129]  <TASK>
[  253.381804][T10129]  dump_stack_lvl+0x16c/0x1f0
[  253.381829][T10129]  should_fail_ex+0x512/0x640
[  253.381854][T10129]  ? __kmalloc_cache_noprof+0x5f/0x780
[  253.381874][T10129]  should_failslab+0xc2/0x120
[  253.381898][T10129]  __kmalloc_cache_noprof+0x72/0x780
[  253.381915][T10129]  ? con_insert_unipair+0x1c0/0x270
[  253.381942][T10129]  ? con_insert_unipair+0x1c0/0x270
[  253.381961][T10129]  con_insert_unipair+0x1c0/0x270
[  253.381984][T10129]  con_set_unimap+0x3f0/0x650
[  253.382017][T10129]  vt_compat_ioctl+0x2e3/0x4e0
[  253.382043][T10129]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  253.382069][T10129]  ? hook_file_ioctl_common+0x145/0x410
[  253.382094][T10129]  ? __fget_files+0x20e/0x3c0
[  253.382112][T10129]  ? __pfx_vt_compat_ioctl+0x10/0x10
[  253.382138][T10129]  tty_compat_ioctl+0x2f1/0x4d0
[  253.382157][T10129]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  253.382270][T10129]  __ia32_compat_sys_ioctl+0x242/0x370
[  253.382307][T10129]  __do_fast_syscall_32+0x7c/0x300
[  253.382332][T10129]  do_fast_syscall_32+0x32/0x80
[  253.382353][T10129]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  253.382372][T10129] RIP: 0023:0xf7fb3579
[  253.382386][T10129] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  253.382401][T10129] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  253.382416][T10129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b67
[  253.382425][T10129] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000
[  253.382435][T10129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  253.382451][T10129] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  253.382461][T10129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  253.382523][T10129]  </TASK>
[  253.626257][T10147] [U] �
[  254.120738][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  254.426637][T10156] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1046'.
[  254.441574][T10156] could not open pipe file descriptor
[  254.925836][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  254.928794][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  254.977129][T10157] IPVS: Scheduler module ip_vs_sip not found
[  255.076921][T10169] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.171546][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  255.306966][T10169] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.381421][T10169] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.442530][T10169] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.615664][ T7088] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.628320][ T7088] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.640663][ T7088] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.652507][ T7088] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  256.111906][T10196] FAULT_INJECTION: forcing a failure.
[  256.111906][T10196] name failslab, interval 1, probability 0, space 0, times 0
[  256.117305][T10196] CPU: 2 UID: 0 PID: 10196 Comm: syz.1.1058 Not tainted syzkaller #0 PREEMPT(full) 
[  256.117321][T10196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  256.117327][T10196] Call Trace:
[  256.117331][T10196]  <TASK>
[  256.117335][T10196]  dump_stack_lvl+0x16c/0x1f0
[  256.117352][T10196]  should_fail_ex+0x512/0x640
[  256.117371][T10196]  should_failslab+0xc2/0x120
[  256.117387][T10196]  __kmalloc_noprof+0xdd/0x880
[  256.117397][T10196]  ? trace_kmalloc+0x2b/0xd0
[  256.117409][T10196]  ? bio_kmalloc+0x41/0x70
[  256.117423][T10196]  ? bio_kmalloc+0x41/0x70
[  256.117433][T10196]  bio_kmalloc+0x41/0x70
[  256.117445][T10196]  blk_rq_map_user_iov+0x43c/0x13c0
[  256.117460][T10196]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  256.117472][T10196]  ? __pfx___might_resched+0x10/0x10
[  256.117484][T10196]  ? rcu_is_watching+0x12/0xc0
[  256.117495][T10196]  ? trace_contention_end+0xdd/0x130
[  256.117510][T10196]  ? find_held_lock+0x2b/0x80
[  256.117520][T10196]  ? sg_common_write.constprop.0+0xbf9/0x1c90
[  256.117546][T10196]  ? import_ubuf+0x1b6/0x220
[  256.117564][T10196]  blk_rq_map_user_io+0x1ff/0x230
[  256.117575][T10196]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  256.117585][T10196]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  256.117606][T10196]  sg_common_write.constprop.0+0xd43/0x1c90
[  256.117623][T10196]  ? __pfx_sg_common_write.constprop.0+0x10/0x10
[  256.117641][T10196]  sg_write+0x813/0xe10
[  256.117653][T10196]  ? __pfx_sg_write+0x10/0x10
[  256.117667][T10196]  ? __pfx_aa_file_perm+0x10/0x10
[  256.117691][T10196]  ? bpf_lsm_file_permission+0x9/0x10
[  256.117704][T10196]  ? security_file_permission+0x71/0x210
[  256.117716][T10196]  ? rw_verify_area+0xcf/0x6c0
[  256.117727][T10196]  ? __pfx_sg_write+0x10/0x10
[  256.117737][T10196]  vfs_write+0x2a0/0x11d0
[  256.117751][T10196]  ? __pfx_vfs_write+0x10/0x10
[  256.117760][T10196]  ? find_held_lock+0x2b/0x80
[  256.117771][T10196]  ? __fget_files+0x204/0x3c0
[  256.117784][T10196]  ? __fget_files+0x20e/0x3c0
[  256.117793][T10196]  ? handle_mm_fault+0x210/0xd10
[  256.117812][T10196]  ksys_write+0x12a/0x250
[  256.117823][T10196]  ? __pfx_ksys_write+0x10/0x10
[  256.117835][T10196]  ? rcu_is_watching+0x12/0xc0
[  256.117847][T10196]  __do_fast_syscall_32+0x7c/0x300
[  256.117862][T10196]  do_fast_syscall_32+0x32/0x80
[  256.117875][T10196]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  256.117887][T10196] RIP: 0023:0xf703d579
[  256.117896][T10196] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  256.117906][T10196] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  256.117916][T10196] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000140
[  256.117923][T10196] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  256.117928][T10196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  256.117934][T10196] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  256.117940][T10196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  256.117953][T10196]  </TASK>
[  256.248624][T10196] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.371851][T10196] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.437071][T10200] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  256.439844][T10200] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  256.443661][T10200] vhci_hcd vhci_hcd.0: Device attached
[  256.493689][T10196] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.588944][T10196] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.598322][T10211] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1061'.
[  256.617960][T10211] could not open pipe file descriptor
[  256.633504][T10212] IPVS: Scheduler module ip_vs_sip not found
[  256.759493][ T6008] usb 44-1: SetAddress Request (38) to port 0
[  256.761900][ T6008] usb 44-1: new SuperSpeed USB device number 38 using vhci_hcd
[  256.810295][T10201] vhci_hcd: connection reset by peer
[  256.817423][ T7089] vhci_hcd: stop threads
[  256.818918][ T7089] vhci_hcd: release socket
[  256.821610][T10219] 9pnet_virtio: no channels available for device syz
[  256.825396][ T7089] vhci_hcd: disconnect device
[  256.828057][T10219] 9pnet_virtio: no channels available for device syz
[  256.831575][T10219] 9pnet_virtio: no channels available for device syz
[  256.864509][ T7088] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  256.867210][ T7088] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  256.874427][ T7088] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  256.882851][ T7088] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.225019][T10230] syz.1.1067 (10230): drop_caches: 2
[  257.444662][T10241] netlink: 'syz.0.1069': attribute type 2 has an invalid length.
[  257.580311][T10247] netlink: 'syz.2.1072': attribute type 2 has an invalid length.
[  258.206230][T10237] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  258.208397][T10237] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  258.210580][T10237] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  258.241408][T10250] bond0: entered promiscuous mode
[  258.243085][T10250] bond_slave_0: entered promiscuous mode
[  258.245058][T10250] bond_slave_1: entered promiscuous mode
[  258.247797][T10250] batadv0: entered promiscuous mode
[  258.250757][T10250] 8021q: adding VLAN 0 to HW filter on device hsr1
[  258.297657][T10254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1074'.
[  258.564051][T10267] lo speed is unknown, defaulting to 1000
[  258.566108][T10267] lo speed is unknown, defaulting to 1000
[  258.573931][T10267] lo speed is unknown, defaulting to 1000
[  258.582292][T10267] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  258.588565][T10267] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  258.593081][T10268] netlink: 'syz.3.1081': attribute type 2 has an invalid length.
[  258.624560][T10267] lo speed is unknown, defaulting to 1000
[  258.627575][T10267] lo speed is unknown, defaulting to 1000
[  258.646496][T10267] lo speed is unknown, defaulting to 1000
[  258.659383][T10267] lo speed is unknown, defaulting to 1000
[  259.251356][T10275] FAULT_INJECTION: forcing a failure.
[  259.251356][T10275] name failslab, interval 1, probability 0, space 0, times 0
[  259.256529][T10275] CPU: 1 UID: 0 PID: 10275 Comm: syz.1.1083 Not tainted syzkaller #0 PREEMPT(full) 
[  259.256550][T10275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  259.256561][T10275] Call Trace:
[  259.256567][T10275]  <TASK>
[  259.256574][T10275]  dump_stack_lvl+0x16c/0x1f0
[  259.256598][T10275]  should_fail_ex+0x512/0x640
[  259.256621][T10275]  ? __kmalloc_noprof+0xca/0x880
[  259.256638][T10275]  should_failslab+0xc2/0x120
[  259.256659][T10275]  __kmalloc_noprof+0xdd/0x880
[  259.256673][T10275]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  259.256700][T10275]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  259.256719][T10275]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  259.256740][T10275]  ? kfree_skbmem+0x1a4/0x1f0
[  259.256762][T10275]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  259.256784][T10275]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  259.256811][T10275]  ? bpf_lsm_capable+0x9/0x10
[  259.256831][T10275]  ? security_capable+0x7e/0x260
[  259.256853][T10275]  ? ns_capable+0xd7/0x110
[  259.256873][T10275]  genl_rcv_msg+0x55c/0x800
[  259.256895][T10275]  ? __pfx_genl_rcv_msg+0x10/0x10
[  259.256914][T10275]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  259.256932][T10275]  ? __pfx_nl80211_join_mesh+0x10/0x10
[  259.256954][T10275]  ? __pfx_nl80211_post_doit+0x10/0x10
[  259.256985][T10275]  netlink_rcv_skb+0x158/0x420
[  259.257001][T10275]  ? __pfx_genl_rcv_msg+0x10/0x10
[  259.257022][T10275]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  259.257048][T10275]  ? netlink_deliver_tap+0x1ae/0xd30
[  259.257068][T10275]  genl_rcv+0x28/0x40
[  259.257085][T10275]  netlink_unicast+0x5aa/0x870
[  259.257105][T10275]  ? __pfx_netlink_unicast+0x10/0x10
[  259.257121][T10275]  ? __pfx___might_resched+0x10/0x10
[  259.257146][T10275]  netlink_sendmsg+0x8c8/0xdd0
[  259.257167][T10275]  ? __pfx_netlink_sendmsg+0x10/0x10
[  259.257187][T10275]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  259.257215][T10275]  ____sys_sendmsg+0xa98/0xc70
[  259.257237][T10275]  ? __pfx_____sys_sendmsg+0x10/0x10
[  259.257255][T10275]  ? get_compat_msghdr+0x11a/0x170
[  259.257281][T10275]  ___sys_sendmsg+0x134/0x1d0
[  259.257298][T10275]  ? __pfx____sys_sendmsg+0x10/0x10
[  259.257326][T10275]  ? find_held_lock+0x2b/0x80
[  259.257357][T10275]  __sys_sendmsg+0x16d/0x220
[  259.257374][T10275]  ? __pfx___sys_sendmsg+0x10/0x10
[  259.257400][T10275]  ? rcu_is_watching+0x12/0xc0
[  259.257420][T10275]  __do_fast_syscall_32+0x7c/0x300
[  259.257448][T10275]  do_fast_syscall_32+0x32/0x80
[  259.257468][T10275]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  259.257486][T10275] RIP: 0023:0xf703d579
[  259.257500][T10275] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  259.257514][T10275] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  259.257529][T10275] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000a80
[  259.257539][T10275] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[  259.257548][T10275] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  259.257556][T10275] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  259.257565][T10275] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  259.257587][T10275]  </TASK>
[  259.412627][T10266] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  259.416226][T10266] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  259.418949][T10266] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  259.497080][T10283] net_ratelimit: 30 callbacks suppressed
[  259.497091][T10283] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  259.549701][T10287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1087'.
[  259.649402][T10292] input: syz1 as /devices/virtual/input/input29
[  259.989826][T10297] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  259.992007][T10297] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  260.004687][T10297] vhci_hcd vhci_hcd.0: Device attached
[  260.484779][T10309] netlink: 'syz.1.1092': attribute type 11 has an invalid length.
[  260.490345][T10309] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1092'.
[  260.557743][T10298] vhci_hcd: connection closed
[  260.558010][ T7088] vhci_hcd: stop threads
[  260.561057][ T7088] vhci_hcd: release socket
[  260.562559][ T7088] vhci_hcd: disconnect device
[  260.599358][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  261.298672][T10316] netlink: 'syz.3.1094': attribute type 2 has an invalid length.
[  261.479366][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  261.482337][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  261.809528][ T6008] usb 44-1: device descriptor read/8, error -110
[  262.061597][T10314] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  262.063936][T10314] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  262.066222][T10314] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  262.203146][ T6008] usb usb44-port1: attempt power cycle
[  262.296954][ T7088] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  262.779912][ T6008] usb usb44-port1: unable to enumerate USB device
[  263.320804][ T5954] Bluetooth: hci1: command 0x0c1a tx timeout
[  263.381513][ T6025] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  263.539325][ T6025] usb 6-1: Using ep0 maxpacket: 32
[  263.542352][ T6025] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  263.544864][ T6025] usb 6-1: config 0 has no interface number 0
[  263.546795][ T6025] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  263.550235][ T6025] usb 6-1: config 0 interface 89 has no altsetting 0
[  263.554108][ T6025] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  263.556922][ T6025] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.559722][ T6025] usb 6-1: Product: syz
[  263.561047][ T6025] usb 6-1: Manufacturer: syz
[  263.562558][ T6025] usb 6-1: SerialNumber: syz
[  263.565509][ T6025] usb 6-1: config 0 descriptor??
[  263.568916][ T6025] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  263.572252][ T6025] em28xx 6-1:0.89: Video interface 89 found:
[  263.652611][T10353] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1105'.
[  264.035038][T10310] uprobe: syz.0.1093:10310 failed to unregister, leaking uprobe
[  264.119399][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  264.119408][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  264.176000][ T6025] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  264.260445][T10358] netlink: 'syz.0.1107': attribute type 2 has an invalid length.
[  265.034934][T10357] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  265.037504][T10357] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  265.040271][T10357] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  265.313057][ T6025] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  265.319252][ T6025] em28xx 6-1:0.89: board has no eeprom
[  265.389370][ T6025] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  265.391699][ T6025] em28xx 6-1:0.89: analog set to bulk mode.
[  265.397211][   T34] em28xx 6-1:0.89: Registering V4L2 extension
[  265.402038][   T40] audit: type=1804 audit(2000000191.859:179): pid=10372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1110" name="/newroot/299/file0" dev="tmpfs" ino=1623 res=1 errno=0
[  265.444743][   T34] em28xx 6-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  265.460540][   T34] em28xx 6-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  265.464194][   T34] em28xx 6-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  265.467399][   T34] em28xx 6-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  265.467558][T10371] /dev/sr0: Can't open blockdev
[  265.471531][   T34] em28xx 6-1:0.89: Config register raw data: 0xfffffffb
[  265.474164][   T34] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  265.476359][   T34] em28xx 6-1:0.89: No AC97 audio processor
[  265.485107][   T34] usb 6-1: Decoder not found
[  265.487224][   T34] em28xx 6-1:0.89: failed to create media graph
[  265.489382][   T34] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  265.493322][   T34] em28xx 6-1:0.89: Registering snapshot button...
[  265.495759][   T34] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.89/input/input30
[  265.509264][   T34] em28xx 6-1:0.89: Remote control support is not available for this card.
[  266.109146][ T1454] usb 6-1: USB disconnect, device number 21
[  266.119719][ T1454] em28xx 6-1:0.89: Disconnecting em28xx
[  266.121546][ T1454] em28xx 6-1:0.89: Closing input extension
[  266.123427][ T1454] em28xx 6-1:0.89: Deregistering snapshot button
[  266.135916][ T1454] em28xx 6-1:0.89: Freeing device
[  266.289299][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  266.364529][T10387] [U] �
[  266.600206][T10390] [U] �
[  267.080036][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  267.082666][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  267.452537][T10396] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1117'.
[  267.594831][T10400] netlink: 'syz.3.1118': attribute type 2 has an invalid length.
[  267.833038][T10402] [U] �
[  268.459771][T10398] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  268.462548][T10398] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  268.469263][T10398] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  268.849255][   T60] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  269.379354][   T40] audit: type=1804 audit(2000000195.829:180): pid=10418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1121" name="/newroot/291/file0" dev="tmpfs" ino=1572 res=1 errno=0
[  269.423060][   T40] audit: type=1804 audit(2000000195.879:181): pid=10420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1122" name="/newroot/302/file0" dev="tmpfs" ino=1639 res=1 errno=0
[  269.442154][T10414] /dev/sr0: Can't open blockdev
[  269.639285][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  269.671460][T10417] /dev/sr0: Can't open blockdev
[  270.305850][   T40] audit: type=1326 audit(2000000196.759:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10423 comm="syz.3.1125" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x0
[  270.519848][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  270.520100][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  270.788327][T10437] [U] �
[  271.111782][T10439] syzkaller1: entered promiscuous mode
[  271.113551][T10439] syzkaller1: entered allmulticast mode
[  272.380934][T10432] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  272.383833][T10432] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  272.387600][T10432] vhci_hcd vhci_hcd.0: Device attached
[  272.632773][T10454] IPVS: Scheduler module ip_vs_sip not found
[  273.001761][T10449] vhci_hcd: connection closed
[  273.003891][ T7088] vhci_hcd: stop threads
[  273.007948][ T7088] vhci_hcd: release socket
[  273.019542][ T7088] vhci_hcd: disconnect device
[  273.049329][ T6008] usb 38-1: enqueue for inactive port 0
[  273.535861][   T40] audit: type=1804 audit(2000000199.989:183): pid=10466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1132" name="/newroot/295/file0" dev="tmpfs" ino=1593 res=1 errno=0
[  273.551304][ T5949] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  273.555525][ T5949] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  273.560173][ T5949] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  273.565061][ T5949] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  273.568540][ T5949] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  273.590334][T10460] /dev/sr0: Can't open blockdev
[  273.618656][T10469] lo speed is unknown, defaulting to 1000
[  273.680320][ T6008] usb usb38-port1: attempt power cycle
[  273.721721][T10469] chnl_net:caif_netlink_parms(): no params data found
[  273.801504][ T7102] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.817028][T10469] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.820183][T10469] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.822861][T10469] bridge_slave_0: entered allmulticast mode
[  273.825680][T10469] bridge_slave_0: entered promiscuous mode
[  273.829657][T10469] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.832451][T10469] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.834767][T10469] bridge_slave_1: entered allmulticast mode
[  273.837303][T10469] bridge_slave_1: entered promiscuous mode
[  273.856448][T10469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  273.861332][T10469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  273.881770][T10469] team0: Port device team_slave_0 added
[  273.886501][T10469] team0: Port device team_slave_1 added
[  273.910824][T10469] batman_adv: batadv0: Adding interface: batadv_slave_0
[  273.913787][T10469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  273.924968][T10469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  273.954877][ T7102] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.963233][T10469] batman_adv: batadv0: Adding interface: batadv_slave_1
[  273.965521][T10469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  273.975934][T10469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  274.020649][T10469] hsr_slave_0: entered promiscuous mode
[  274.023035][T10469] hsr_slave_1: entered promiscuous mode
[  274.025149][T10469] debugfs: 'hsr0' already exists in 'hsr'
[  274.027140][T10469] Cannot create hsr debugfs directory
[  274.160014][T10469] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  274.164830][T10469] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  274.235774][T10484] [U] �
[  274.264147][T10469] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  274.273950][T10469] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  274.308429][T10469] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.311707][T10469] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.315498][T10469] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.318513][T10469] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.387780][T10469] 8021q: adding VLAN 0 to HW filter on device bond0
[  274.410214][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.414415][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.443363][ T7102] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.455669][T10469] 8021q: adding VLAN 0 to HW filter on device team0
[  274.466253][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.469453][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.489531][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.492638][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.529091][ T7102] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.649321][ T6008] usb usb38-port1: unable to enumerate USB device
[  274.830356][ T7102] erspan0: left allmulticast mode
[  274.833269][ T7102] erspan0: left promiscuous mode
[  274.836928][ T7102] bridge0: port 4(erspan0) entered disabled state
[  274.846414][ T7102] team0: left allmulticast mode
[  274.848530][ T7102] team_slave_0: left allmulticast mode
[  274.860098][ T7102] team_slave_1: left allmulticast mode
[  274.862554][ T7102] team0: left promiscuous mode
[  274.864778][ T7102] team_slave_0: left promiscuous mode
[  274.867262][ T7102] team_slave_1: left promiscuous mode
[  274.871462][ T7102] bridge0: port 3(team0) entered disabled state
[  274.903665][ T7102] bridge_slave_1: left allmulticast mode
[  274.906250][ T7102] bridge_slave_1: left promiscuous mode
[  274.908902][ T7102] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.923491][ T7102] bridge_slave_0: left allmulticast mode
[  274.925926][ T7102] bridge_slave_0: left promiscuous mode
[  274.928607][ T7102] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.137358][ T7102] bond1 (unregistering): (slave gre1): Releasing backup interface
[  275.142085][ T7102] gre1 (unregistering): left promiscuous mode
[  275.355604][ T7102] bond1 (unregistering): Released all slaves
[  275.373841][T10502] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  275.388162][T10504] syzkaller1: entered promiscuous mode
[  275.390770][T10504] syzkaller1: entered allmulticast mode
[  275.401271][T10469] 8021q: adding VLAN 0 to HW filter on device batadv0
[  275.473527][ T7102] tipc: Left network mode
[  275.525828][T10510] IPVS: Scheduler module ip_vs_sip not found
[  275.639890][ T5954] Bluetooth: hci4: command tx timeout
[  275.798821][T10469] veth0_vlan: entered promiscuous mode
[  275.823096][T10469] veth1_vlan: entered promiscuous mode
[  275.850846][ T7102] hsr_slave_0: left promiscuous mode
[  275.854677][ T7102] hsr_slave_1: left promiscuous mode
[  275.856973][ T7102] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.862499][ T7102] batadv0: mtu less than device minimum
[  275.864937][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.869386][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.873265][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.877103][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.880859][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.884583][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.888313][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.892188][ T7102] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  275.925445][ T7102] batman_adv: batadv0: Removing interface: batadv_slave_0
[  275.932588][ T7102] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.958805][ T7102] batman_adv: batadv0: Removing interface: batadv_slave_1
[  275.968079][ T7102] batman_adv: batadv0: Interface deactivated: dummy0
[  275.970644][ T7102] batman_adv: batadv0: Removing interface: dummy0
[  275.982708][ T7102] veth1_macvtap: left promiscuous mode
[  275.985828][ T7102] veth0_macvtap: left promiscuous mode
[  275.987897][ T7102] veth1_vlan: left promiscuous mode
[  275.992408][ T7102] veth0_vlan: left promiscuous mode
[  276.363359][T10532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1144'.
[  276.433268][ T7102] team0 (unregistering): Port device team_slave_1 removed
[  276.456212][ T7102] team0 (unregistering): Port device team_slave_0 removed
[  276.746667][T10538] [U] �
[  276.746919][T10469] veth0_macvtap: entered promiscuous mode
[  276.762674][T10469] veth1_macvtap: entered promiscuous mode
[  276.778696][T10469] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.806254][T10469] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.828191][ T7089] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.833937][ T7089] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.861387][ T7089] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.866460][ T7089] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.955189][ T7088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  276.958552][ T7088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.005194][T10543] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  277.008068][T10543] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  277.012062][T10543] vhci_hcd vhci_hcd.0: Device attached
[  277.175525][T10543] syz.1.1146 (10543): drop_caches: 2
[  277.204107][ T7093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.218845][T10543] syz.1.1146 (10543): drop_caches: 2
[  277.230231][ T7093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.429261][ T6805] usb 40-1: SetAddress Request (27) to port 0
[  277.441416][ T6805] usb 40-1: new SuperSpeed USB device number 27 using vhci_hcd
[  277.729816][ T5954] Bluetooth: hci4: command tx timeout
[  277.738620][ T7102] IPVS: stop unused estimator thread 0...
[  277.961151][T10547] vhci_hcd: connection reset by peer
[  277.963249][ T7090] vhci_hcd: stop threads
[  277.965074][ T7090] vhci_hcd: release socket
[  277.971130][ T7090] vhci_hcd: disconnect device
[  278.071108][T10565] [U] �
[  278.633758][T10579] Illegal XDP return value 597795968 on prog  (id 191) dev N/A, expect packet loss!
[  279.491845][T10587] IPVS: Scheduler module ip_vs_sip not found
[  279.636489][T10594] IPVS: Scheduler module ip_vs_sip not found
[  279.799468][ T5954] Bluetooth: hci4: command tx timeout
[  279.825280][T10600] IPVS: Scheduler module ip_vs_sip not found
[  280.189255][   T40] audit: type=1804 audit(2000000206.639:184): pid=10621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1159" name="/newroot/262/file0" dev="tmpfs" ino=1404 res=1 errno=0
[  280.230506][T10618] /dev/sr0: Can't open blockdev
[  280.243816][   T40] audit: type=1804 audit(2000000206.699:185): pid=10622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1160" name="/newroot/303/file0" dev="tmpfs" ino=1636 res=1 errno=0
[  280.412209][T10620] /dev/sr0: Can't open blockdev
[  280.989358][ T2298] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  281.169368][ T2298] usb 5-1: Using ep0 maxpacket: 32
[  281.172645][ T2298] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  281.175368][ T2298] usb 5-1: config 0 has no interface number 0
[  281.177469][ T2298] usb 5-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  281.190136][ T2298] usb 5-1: config 0 interface 89 has no altsetting 0
[  281.200633][ T2298] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  281.203539][ T2298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.206105][ T2298] usb 5-1: Product: syz
[  281.207473][ T2298] usb 5-1: Manufacturer: syz
[  281.208957][ T2298] usb 5-1: SerialNumber: syz
[  281.220933][ T2298] usb 5-1: config 0 descriptor??
[  281.228779][ T2298] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  281.234097][ T2298] em28xx 5-1:0.89: Video interface 89 found:
[  281.529741][T10643] IPVS: Scheduler module ip_vs_sip not found
[  281.849090][T10649] IPVS: Scheduler module ip_vs_sip not found
[  281.889299][ T5954] Bluetooth: hci4: command tx timeout
[  282.317639][ T2298] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[  282.419082][T10660] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1172'.
[  282.519406][ T6805] usb 40-1: device descriptor read/8, error -110
[  282.790526][T10673] input: syz0 as /devices/virtual/input/input31
[  282.915440][T10678] IPVS: Scheduler module ip_vs_sip not found
[  282.930357][ T6805] usb usb40-port1: attempt power cycle
[  283.173610][T10683] IPVS: Scheduler module ip_vs_sip not found
[  283.362125][T10689] IPVS: Scheduler module ip_vs_sip not found
[  283.472503][ T2298] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  283.475920][ T2298] em28xx 5-1:0.89: board has no eeprom
[  283.522890][ T6805] usb usb40-port1: unable to enumerate USB device
[  283.529239][ T2298] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[  283.531667][ T2298] em28xx 5-1:0.89: analog set to bulk mode.
[  283.535261][   T29] em28xx 5-1:0.89: Registering V4L2 extension
[  283.558617][   T29] em28xx 5-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  283.562257][   T29] em28xx 5-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  283.565359][   T29] em28xx 5-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  283.568336][   T29] em28xx 5-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  283.571322][   T29] em28xx 5-1:0.89: Config register raw data: 0xfffffffb
[  283.573781][   T29] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[  283.576051][   T29] em28xx 5-1:0.89: No AC97 audio processor
[  283.585209][   T29] usb 5-1: Decoder not found
[  283.587915][   T29] em28xx 5-1:0.89: failed to create media graph
[  283.590576][   T29] em28xx 5-1:0.89: V4L2 device video103 deregistered
[  283.593681][   T29] em28xx 5-1:0.89: Registering snapshot button...
[  283.599381][   T29] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.89/input/input32
[  283.605628][   T29] em28xx 5-1:0.89: Remote control support is not available for this card.
[  283.765698][   T29] usb 5-1: USB disconnect, device number 8
[  283.770368][   T29] em28xx 5-1:0.89: Disconnecting em28xx
[  283.776260][   T29] em28xx 5-1:0.89: Closing input extension
[  283.782023][   T29] em28xx 5-1:0.89: Deregistering snapshot button
[  283.788850][T10703] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1183'.
[  283.813663][   T29] em28xx 5-1:0.89: Freeing device
[  284.034743][T10713] bridge2: entered allmulticast mode
[  284.046440][T10713] ������: renamed from hsr0 (while UP)
[  284.349977][ T1454] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  284.526818][ T1454] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  284.556831][ T1454] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  284.567283][ T1454] usb 9-1: config 0 interface 0 has no altsetting 0
[  284.575666][ T1454] usb 9-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  284.619331][ T1454] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.625165][ T1454] usb 9-1: config 0 descriptor??
[  284.628277][T10719] IPVS: Scheduler module ip_vs_sip not found
[  284.630927][T10716] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  284.827093][T10725] IPVS: Scheduler module ip_vs_sip not found
[  285.739307][ T2298] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  285.889248][ T2298] usb 5-1: Using ep0 maxpacket: 32
[  285.893519][ T2298] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  285.899255][ T2298] usb 5-1: config 0 has no interface number 0
[  285.901262][ T2298] usb 5-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  285.904287][ T2298] usb 5-1: config 0 interface 89 has no altsetting 0
[  285.920649][ T2298] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  285.924017][ T2298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.929244][ T2298] usb 5-1: Product: syz
[  285.930677][ T2298] usb 5-1: Manufacturer: syz
[  285.932192][ T2298] usb 5-1: SerialNumber: syz
[  285.938676][ T2298] usb 5-1: config 0 descriptor??
[  285.942130][ T2298] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  285.945252][ T2298] em28xx 5-1:0.89: Video interface 89 found:
[  286.114875][T10755] IPVS: Scheduler module ip_vs_sip not found
[  286.525654][T10763] [U] �
[  286.550118][ T2298] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[  287.320702][ T1454] usbhid 9-1:0.0: can't add hid device: -71
[  287.322731][ T1454] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  287.329569][ T1454] usb 9-1: USB disconnect, device number 2
[  287.790357][ T2298] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  287.793936][ T2298] em28xx 5-1:0.89: board has no eeprom
[  287.999811][ T2298] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[  288.008634][ T2298] em28xx 5-1:0.89: analog set to bulk mode.
[  288.017026][   T61] em28xx 5-1:0.89: Registering V4L2 extension
[  288.025206][   T40] audit: type=1804 audit(2000000214.479:186): pid=10769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1197" name="/newroot/314/file0" dev="tmpfs" ino=1696 res=1 errno=0
[  288.054686][   T61] em28xx 5-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  288.061925][   T61] em28xx 5-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  288.069609][   T61] em28xx 5-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  288.078283][   T61] em28xx 5-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  288.080861][T10758] /dev/sr0: Can't open blockdev
[  288.090717][   T61] em28xx 5-1:0.89: Config register raw data: 0xfffffffb
[  288.098260][   T61] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[  288.104762][   T61] em28xx 5-1:0.89: No AC97 audio processor
[  288.121059][   T61] usb 5-1: Decoder not found
[  288.125374][   T61] em28xx 5-1:0.89: failed to create media graph
[  288.131401][   T61] em28xx 5-1:0.89: V4L2 device video103 deregistered
[  288.145272][   T61] em28xx 5-1:0.89: Registering snapshot button...
[  288.165236][   T61] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.89/input/input33
[  288.173124][   T61] em28xx 5-1:0.89: Remote control support is not available for this card.
[  288.289341][ T6028] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  288.441065][ T6028] usb 9-1: Using ep0 maxpacket: 32
[  288.453095][ T6028] usb 9-1: config 0 has an invalid interface number: 89 but max is 0
[  288.456957][ T6028] usb 9-1: config 0 has no interface number 0
[  288.460547][ T6028] usb 9-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  288.464917][ T6028] usb 9-1: config 0 interface 89 has no altsetting 0
[  288.479040][ T6028] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  288.485666][ T6028] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.493131][   T61] usb 5-1: USB disconnect, device number 9
[  288.495602][ T6028] usb 9-1: Product: syz
[  288.496519][   T61] em28xx 5-1:0.89: Disconnecting em28xx
[  288.497539][ T6028] usb 9-1: Manufacturer: syz
[  288.502247][ T6028] usb 9-1: SerialNumber: syz
[  288.509625][   T61] em28xx 5-1:0.89: Closing input extension
[  288.511487][   T61] em28xx 5-1:0.89: Deregistering snapshot button
[  288.526472][   T61] em28xx 5-1:0.89: Freeing device
[  288.528225][ T6028] usb 9-1: config 0 descriptor??
[  288.562565][T10780] IPVS: Scheduler module ip_vs_sip not found
[  288.567565][ T6028] em28xx 9-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  288.574146][ T6028] em28xx 9-1:0.89: Video interface 89 found:
[  288.850025][   T40] audit: type=1804 audit(2000000215.309:187): pid=10788 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1203" name="/newroot/315/file0" dev="tmpfs" ino=1706 res=1 errno=0
[  288.901116][T10787] /dev/sr0: Can't open blockdev
[  289.272113][ T6028] em28xx 9-1:0.89: unknown em28xx chip ID (0)
[  289.518456][T10797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1207'.
[  290.259307][ T6805] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  290.409353][ T6805] usb 6-1: Using ep0 maxpacket: 32
[  290.412525][ T6805] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  290.415205][ T6805] usb 6-1: config 0 has no interface number 0
[  290.417282][ T6805] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  290.421537][ T6805] usb 6-1: config 0 interface 89 has no altsetting 0
[  290.425420][ T6028] em28xx 9-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  290.428441][ T6028] em28xx 9-1:0.89: board has no eeprom
[  290.432452][ T6805] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  290.435438][ T6805] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.437994][ T6805] usb 6-1: Product: syz
[  290.439474][ T6805] usb 6-1: Manufacturer: syz
[  290.440995][ T6805] usb 6-1: SerialNumber: syz
[  290.443794][ T6805] usb 6-1: config 0 descriptor??
[  290.447691][ T6805] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  290.450912][ T6805] em28xx 6-1:0.89: Video interface 89 found:
[  290.489379][ T6028] em28xx 9-1:0.89: Identified as Terratec Grabby (card=67)
[  290.491752][ T6028] em28xx 9-1:0.89: analog set to bulk mode.
[  290.494019][   T60] em28xx 9-1:0.89: Registering V4L2 extension
[  290.571601][   T60] em28xx 9-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  290.584237][T10821] IPVS: Scheduler module ip_vs_sip not found
[  291.102533][ T6805] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  291.352766][   T60] em28xx 9-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  291.359393][   T60] em28xx 9-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  291.363662][   T60] em28xx 9-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  291.369628][   T60] em28xx 9-1:0.89: Config register raw data: 0xfffffffb
[  291.373269][   T60] em28xx 9-1:0.89: AC97 chip type couldn't be determined
[  291.376154][   T60] em28xx 9-1:0.89: No AC97 audio processor
[  291.391445][   T60] usb 9-1: Decoder not found
[  291.393458][   T60] em28xx 9-1:0.89: failed to create media graph
[  291.396166][   T60] em28xx 9-1:0.89: V4L2 device video103 deregistered
[  291.405781][   T60] em28xx 9-1:0.89: Registering snapshot button...
[  291.419959][   T60] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.89/input/input34
[  291.434127][   T60] em28xx 9-1:0.89: Remote control support is not available for this card.
[  291.443592][   T61] usb 9-1: USB disconnect, device number 3
[  291.453777][   T61] em28xx 9-1:0.89: Disconnecting em28xx
[  291.455621][   T61] em28xx 9-1:0.89: Closing input extension
[  291.457578][   T61] em28xx 9-1:0.89: Deregistering snapshot button
[  291.587864][   T61] em28xx 9-1:0.89: Freeing device
[  291.655130][T10845] IPVS: Scheduler module ip_vs_sip not found
[  291.898882][T10855] [U] �
[  292.631859][T10859] syzkaller0: entered promiscuous mode
[  292.634650][T10859] syzkaller0: entered allmulticast mode
[  292.782245][ T6805] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  292.784959][ T6805] em28xx 6-1:0.89: board has no eeprom
[  292.839238][ T6805] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  292.841661][ T6805] em28xx 6-1:0.89: analog set to bulk mode.
[  292.848883][   T60] em28xx 6-1:0.89: Registering V4L2 extension
[  293.341952][T10864] IPVS: Scheduler module ip_vs_sip not found
[  293.664877][ T7090] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  294.076381][ T6805] usb 6-1: USB disconnect, device number 23
[  294.090745][ T6805] em28xx 6-1:0.89: Disconnecting em28xx
[  294.093377][   T60] em28xx 6-1:0.89: Config register raw data: 0xffffffed
[  294.096527][   T60] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  294.107420][   T60] em28xx 6-1:0.89: No AC97 audio processor
[  294.122152][   T60] usb 6-1: Decoder not found
[  294.124234][   T60] em28xx 6-1:0.89: failed to create media graph
[  294.126994][   T60] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  294.141266][   T60] em28xx 6-1:0.89: Registering snapshot button...
[  294.146621][   T60] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.89/input/input35
[  294.155289][   T60] em28xx 6-1:0.89: Remote control support is not available for this card.
[  294.159063][ T6805] em28xx 6-1:0.89: Closing input extension
[  294.163314][ T6805] em28xx 6-1:0.89: Deregistering snapshot button
[  294.191129][T10875] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  294.195732][T10875] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  294.197569][ T6805] em28xx 6-1:0.89: Freeing device
[  294.211375][T10870] IPVS: Scheduler module ip_vs_sip not found
[  294.303608][T10882] netlink: 'syz.1.1232': attribute type 10 has an invalid length.
[  294.311773][T10882] bridge0: port 4(syz_tun) entered disabled state
[  294.319409][T10882] syz_tun: left allmulticast mode
[  294.322458][T10882] syz_tun: left promiscuous mode
[  294.329247][T10882] bridge0: port 4(syz_tun) entered disabled state
[  294.337704][T10882] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  294.361512][T10882] 8021q: adding VLAN 0 to HW filter on device bond2
[  294.371960][T10882] bond_slave_0: entered promiscuous mode
[  294.373996][T10882] bond_slave_1: entered promiscuous mode
[  294.375845][T10882] syz_tun: entered promiscuous mode
[  294.379380][T10882] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  294.382185][T10882] bond2: (slave macvlan2): unknown ethtool speed (30000) for port 1 (set it to 0)
[  294.385271][T10882] bond2: (slave macvlan2): speed changed to 0 on port 1
[  294.391388][T10882] bond2: (slave macvlan2): Enslaving as a backup interface with an up link
[  294.397929][T10882] netlink: 'syz.1.1232': attribute type 2 has an invalid length.
[  294.505515][T10892] netlink: 'syz.1.1235': attribute type 2 has an invalid length.
[  294.580137][   T40] audit: type=1804 audit(2000000221.039:188): pid=10896 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1227" name="/newroot/324/file0" dev="tmpfs" ino=1754 res=1 errno=0
[  294.609996][T10894] /dev/sr0: Can't open blockdev
[  295.274829][T10890] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  295.277463][T10890] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  295.280265][T10890] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  295.282614][T10890] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  295.287245][T10890] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  295.484976][T10903] IPVS: Scheduler module ip_vs_sip not found
[  295.539299][ T6805] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  295.720230][T10913] [U] �
[  296.179966][T10915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1240'.
[  296.519497][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  296.649361][ T6805] usb 9-1: Using ep0 maxpacket: 32
[  296.662861][ T6805] usb 9-1: config 0 has an invalid interface number: 89 but max is 0
[  296.666056][ T6805] usb 9-1: config 0 has no interface number 0
[  296.679362][ T6805] usb 9-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  296.683383][ T6805] usb 9-1: config 0 interface 89 has no altsetting 0
[  296.688408][ T6805] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  296.700295][ T6805] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.704346][ T6805] usb 9-1: Product: syz
[  296.705914][ T6805] usb 9-1: Manufacturer: syz
[  296.707856][ T6805] usb 9-1: SerialNumber: syz
[  296.948877][T10922] net_ratelimit: 31 callbacks suppressed
[  296.948896][T10922] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  297.289754][ T6805] usb 9-1: config 0 descriptor??
[  297.309364][ T6805] em28xx 9-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  297.312247][ T6805] em28xx 9-1:0.89: Video interface 89 found:
[  297.319377][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  297.319564][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  297.409536][T10927] bridge1: entered allmulticast mode
[  297.433567][T10927] ������: renamed from hsr0 (while UP)
[  297.914814][ T6805] em28xx 9-1:0.89: unknown em28xx chip ID (0)
[  298.759431][   T40] audit: type=1804 audit(2000000225.209:189): pid=10948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1247" name="/newroot/289/file0" dev="tmpfs" ino=1548 res=1 errno=0
[  298.840574][T10947] /dev/sr0: Can't open blockdev
[  298.866361][T10951] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1249'.
[  299.061422][ T6805] em28xx 9-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  299.064009][ T6805] em28xx 9-1:0.89: board has no eeprom
[  299.119879][ T6805] em28xx 9-1:0.89: Identified as Terratec Grabby (card=67)
[  299.123178][ T6805] em28xx 9-1:0.89: analog set to bulk mode.
[  299.126986][   T60] em28xx 9-1:0.89: Registering V4L2 extension
[  299.155362][   T60] em28xx 9-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  299.162260][   T60] em28xx 9-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  299.168391][   T60] em28xx 9-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  299.179798][   T60] em28xx 9-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  299.187461][   T60] em28xx 9-1:0.89: Config register raw data: 0xfffffffb
[  299.204757][   T60] em28xx 9-1:0.89: AC97 chip type couldn't be determined
[  299.207860][   T60] em28xx 9-1:0.89: No AC97 audio processor
[  299.219033][   T60] usb 9-1: Decoder not found
[  299.223318][   T60] em28xx 9-1:0.89: failed to create media graph
[  299.228157][   T60] em28xx 9-1:0.89: V4L2 device video103 deregistered
[  299.235232][   T60] em28xx 9-1:0.89: Registering snapshot button...
[  299.245291][   T60] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.89/input/input36
[  299.260889][   T60] em28xx 9-1:0.89: Remote control support is not available for this card.
[  299.399303][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  299.820401][T10969] [U] �
[  300.397967][ T2298] usb 9-1: USB disconnect, device number 4
[  300.412632][ T2298] em28xx 9-1:0.89: Disconnecting em28xx
[  300.414965][ T2298] em28xx 9-1:0.89: Closing input extension
[  300.417861][ T2298] em28xx 9-1:0.89: Deregistering snapshot button
[  300.576608][ T2298] em28xx 9-1:0.89: Freeing device
[  300.700813][T10976] netlink: 'syz.4.1254': attribute type 2 has an invalid length.
[  301.119120][T10985] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1258'.
[  301.166027][T10987] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  301.168136][T10987] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  301.171780][T10987] vhci_hcd vhci_hcd.0: Device attached
[  301.462805][T10975] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  301.465448][T10975] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  301.468196][T10975] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  301.536447][ T2298] usb 44-1: SetAddress Request (42) to port 0
[  301.539103][ T2298] usb 44-1: new SuperSpeed USB device number 42 using vhci_hcd
[  301.644694][T10988] vhci_hcd: connection reset by peer
[  301.646639][ T7102] vhci_hcd: stop threads
[  301.648055][ T7102] vhci_hcd: release socket
[  301.648108][ T7102] vhci_hcd: disconnect device
[  301.926555][   T40] audit: type=1804 audit(2000000228.379:190): pid=11009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1261" name="/newroot/338/file0" dev="tmpfs" ino=1828 res=1 errno=0
[  301.959972][T11007] /dev/sr0: Can't open blockdev
[  302.324453][T11016] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1265'.
[  302.360586][T11019] [U] �
[  302.759362][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  303.479375][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  303.479391][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  303.893942][T11034] [U] �
[  304.144017][T11029] IPVS: Scheduler module ip_vs_sip not found
[  305.097627][T11039] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1270'.
[  305.444033][T11059] netlink: 'syz.0.1276': attribute type 2 has an invalid length.
[  306.217324][T11056] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  306.221277][T11056] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  306.224066][T11056] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  306.371939][T11072] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1282'.
[  306.401902][T11073] overlayfs: overlapping lowerdir path
[  306.438188][T11073] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  306.449792][T11073] overlayfs: overlapping lowerdir path
[  306.529145][T11083] syzkaller1: entered promiscuous mode
[  306.531764][T11083] syzkaller1: entered allmulticast mode
[  306.599307][ T2298] usb 44-1: device descriptor read/8, error -110
[  307.170911][ T2298] usb usb44-port1: attempt power cycle
[  307.173957][T11089] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  307.176585][T11089] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  307.184362][T11089] vhci_hcd vhci_hcd.0: Device attached
[  307.426354][T11090] vhci_hcd: connection closed
[  307.427284][ T7089] vhci_hcd: stop threads
[  307.431225][ T7089] vhci_hcd: release socket
[  307.433013][ T7089] vhci_hcd: disconnect device
[  307.459304][   T61] usb 38-1: enqueue for inactive port 0
[  307.489353][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  307.556799][T11100] netlink: 'syz.1.1289': attribute type 2 has an invalid length.
[  307.750566][ T2298] usb usb44-port1: unable to enumerate USB device
[  307.969894][   T61] usb usb38-port1: attempt power cycle
[  308.112710][T11104] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1291'.
[  308.279702][ T5949] Bluetooth: hci4: command 0x0c1a tx timeout
[  308.279759][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  308.331152][T11099] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  308.333970][T11099] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  308.336624][T11099] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  308.542938][   T61] usb usb38-port1: unable to enumerate USB device
[  309.639476][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  310.203712][T11147] netlink: 'syz.1.1302': attribute type 2 has an invalid length.
[  310.317144][T11148] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  310.319899][T11148] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  310.324151][T11148] vhci_hcd vhci_hcd.0: Device attached
[  310.359606][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  310.361724][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  310.599290][   T61] usb 46-1: SetAddress Request (2) to port 0
[  310.609310][   T61] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[  310.817339][T11144] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  310.829858][T11144] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  310.832327][T11144] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  310.911378][T11149] vhci_hcd: connection reset by peer
[  310.919707][ T7089] vhci_hcd: stop threads
[  310.921086][ T7089] vhci_hcd: release socket
[  310.922652][ T7089] vhci_hcd: disconnect device
[  311.841823][T11186] syzkaller1: entered promiscuous mode
[  311.843552][T11186] syzkaller1: entered allmulticast mode
[  312.199408][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  312.265246][T11193] netlink: 'syz.0.1316': attribute type 2 has an invalid length.
[  312.839350][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  312.849304][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  313.040411][T11191] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  313.042560][T11191] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  313.044661][T11191] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  313.138501][T11215] IPVS: Scheduler module ip_vs_sip not found
[  313.205185][T11222] Sensor A: =================  START STATUS  =================
[  313.211758][T11222] Sensor A: Test Pattern: 75% Colorbar
[  313.226413][T11222] Sensor A: Show Information: All
[  313.229918][T11222] Sensor A: Vertical Flip: false
[  313.232384][T11222] Sensor A: Horizontal Flip: false
[  313.234882][T11222] Sensor A: Brightness: 128
[  313.236942][T11222] Sensor A: Contrast: 128
[  313.238905][T11222] Sensor A: Hue: 0
[  313.241927][T11222] Sensor A: Saturation: 128
[  313.244200][T11222] Sensor A: ==================  END STATUS  ==================
[  313.495102][T11233] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  313.497174][T11233] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  313.500729][T11233] vhci_hcd vhci_hcd.0: Device attached
[  313.675488][T11240] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  313.677586][T11240] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  313.809792][T11240] vhci_hcd vhci_hcd.0: Device attached
[  313.985549][   T29] usb 38-1: SetAddress Request (38) to port 0
[  313.987544][   T29] usb 38-1: new SuperSpeed USB device number 38 using vhci_hcd
[  314.012639][   T40] audit: type=1804 audit(2000000240.469:191): pid=11245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1323" name="/newroot/310/file0" dev="tmpfs" ino=1655 res=1 errno=0
[  314.060831][T11243] /dev/sr0: Can't open blockdev
[  314.149776][ T2298] usb 44-1: SetAddress Request (46) to port 0
[  314.152299][ T2298] usb 44-1: new SuperSpeed USB device number 46 using vhci_hcd
[  314.259316][T11234] vhci_hcd: connection reset by peer
[  314.261576][ T7104] vhci_hcd: stop threads
[  314.263185][ T7104] vhci_hcd: release socket
[  314.264894][ T7104] vhci_hcd: disconnect device
[  314.279377][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  314.299044][T11241] vhci_hcd: connection reset by peer
[  314.302962][ T7093] vhci_hcd: stop threads
[  314.304886][ T7093] vhci_hcd: release socket
[  314.307283][ T7093] vhci_hcd: disconnect device
[  314.497503][T11251] syzkaller1: entered promiscuous mode
[  314.499117][T11251] syzkaller1: entered allmulticast mode
[  315.081865][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  315.089359][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  315.639321][   T61] usb 46-1: device descriptor read/8, error -110
[  316.031260][   T40] audit: type=1326 audit(2000000242.489:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703d579 code=0x7ffc0000
[  316.039441][   T40] audit: type=1326 audit(2000000242.489:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.049457][   T40] audit: type=1326 audit(2000000242.489:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.059713][   T40] audit: type=1326 audit(2000000242.489:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.069373][   T40] audit: type=1326 audit(2000000242.489:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.082220][   T40] audit: type=1326 audit(2000000242.489:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.091937][   T40] audit: type=1326 audit(2000000242.499:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.098924][   T40] audit: type=1326 audit(2000000242.499:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.107648][   T40] audit: type=1326 audit(2000000242.499:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11285 comm="syz.3.1338" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf703d598 code=0x7ffc0000
[  316.130342][   T61] usb usb46-port1: attempt power cycle
[  316.603406][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  316.716932][   T61] usb usb46-port1: unable to enumerate USB device
[  316.758852][T11303] syzkaller1: entered promiscuous mode
[  316.761277][T11303] syzkaller1: entered allmulticast mode
[  317.358488][T11322] binder: 11321:11322 ioctl c0306201 80000680 returned -14
[  317.430736][T11326] IPVS: Scheduler module ip_vs_sip not found
[  317.730730][T11340] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  317.733419][T11340] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  317.736958][T11340] vhci_hcd vhci_hcd.0: Device attached
[  317.787796][   T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  317.969347][   T10] usb 5-1: Using ep0 maxpacket: 32
[  317.973886][   T10] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  317.977380][   T10] usb 5-1: config 0 has no interface number 0
[  317.980720][   T10] usb 5-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  317.985174][   T10] usb 5-1: config 0 interface 89 has no altsetting 0
[  317.994347][   T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  318.000659][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.007807][   T10] usb 5-1: Product: syz
[  318.011634][   T10] usb 5-1: Manufacturer: syz
[  318.015290][   T10] usb 5-1: SerialNumber: syz
[  318.019535][   T61] usb 40-1: SetAddress Request (31) to port 0
[  318.021958][   T61] usb 40-1: new SuperSpeed USB device number 31 using vhci_hcd
[  318.022993][   T10] usb 5-1: config 0 descriptor??
[  318.033566][   T10] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  318.040186][   T10] em28xx 5-1:0.89: Video interface 89 found:
[  318.066111][   T34] kernel read not supported for file /sequencer (pid: 34 comm: kworker/3:0)
[  318.143173][T11354] fuse: Unknown parameter 'SK����'
[  318.165841][T11354] : entered promiscuous mode
[  318.171431][T11354] Invalid source name
[  318.172968][T11354] UBIFS error (pid: 11354): cannot open "usrquota", error -22
[  318.365177][T11341] vhci_hcd: connection reset by peer
[  318.369636][ T7104] vhci_hcd: stop threads
[  318.371290][ T7104] vhci_hcd: release socket
[  318.373020][ T7104] vhci_hcd: disconnect device
[  318.495369][T11358] IPVS: Scheduler module ip_vs_sip not found
[  318.618680][T11365] netlink: 'syz.3.1362': attribute type 2 has an invalid length.
[  318.634587][   T10] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[  318.756987][T11367] Cannot find add_set index 2 as target
[  319.089347][   T29] usb 38-1: device descriptor read/8, error -110
[  319.193080][T11372] netlink: 'syz.1.1363': attribute type 2 has an invalid length.
[  319.249355][ T2298] usb 44-1: device descriptor read/8, error -110
[  319.395226][T11364] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  319.397525][T11364] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  319.406896][T11364] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  319.453055][T11375] syzkaller1: entered promiscuous mode
[  319.455066][T11375] syzkaller1: entered allmulticast mode
[  319.501798][   T29] usb usb38-port1: attempt power cycle
[  319.539120][T11379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1365'.
[  319.659814][ T2298] usb usb44-port1: attempt power cycle
[  319.802310][   T10] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  319.804960][   T10] em28xx 5-1:0.89: board has no eeprom
[  319.859247][   T10] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[  319.862431][   T10] em28xx 5-1:0.89: analog set to bulk mode.
[  319.865010][ T6007] em28xx 5-1:0.89: Registering V4L2 extension
[  319.888210][ T6007] em28xx 5-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  319.891152][ T6007] em28xx 5-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  319.894003][ T6007] em28xx 5-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  319.896992][ T6007] em28xx 5-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  319.900080][ T6007] em28xx 5-1:0.89: Config register raw data: 0xfffffffb
[  319.902686][ T6007] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[  319.904989][ T6007] em28xx 5-1:0.89: No AC97 audio processor
[  319.915144][ T6007] usb 5-1: Decoder not found
[  319.916670][ T6007] em28xx 5-1:0.89: failed to create media graph
[  319.918783][ T6007] em28xx 5-1:0.89: V4L2 device video103 deregistered
[  319.922156][ T6007] em28xx 5-1:0.89: Registering snapshot button...
[  319.924770][ T6007] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.89/input/input37
[  319.936203][ T6007] em28xx 5-1:0.89: Remote control support is not available for this card.
[  320.069858][   T29] usb usb38-port1: unable to enumerate USB device
[  320.200246][ T8770] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  320.240415][ T2298] usb usb44-port1: unable to enumerate USB device
[  320.351794][ T8770] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.356349][ T8770] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  320.360245][ T8770] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.365717][ T8770] usb 8-1: config 0 descriptor??
[  320.501747][T11391] IPVS: Scheduler module ip_vs_sip not found
[  320.539416][ T6007] usb 5-1: USB disconnect, device number 10
[  320.541899][ T6007] em28xx 5-1:0.89: Disconnecting em28xx
[  320.543669][ T6007] em28xx 5-1:0.89: Closing input extension
[  320.545533][ T6007] em28xx 5-1:0.89: Deregistering snapshot button
[  320.558045][ T6007] em28xx 5-1:0.89: Freeing device
[  320.571890][T11384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  320.577090][T11384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  320.590776][ T8770] usbhid 8-1:0.0: can't add hid device: -71
[  320.592818][ T8770] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  320.596836][ T8770] usb 8-1: USB disconnect, device number 9
[  320.679369][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  320.980506][T11406] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  320.983273][T11406] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  320.998290][T11406] vhci_hcd vhci_hcd.0: Device attached
[  321.058789][   T40] kauditd_printk_skb: 715 callbacks suppressed
[  321.058808][   T40] audit: type=1804 audit(2000000247.509:916): pid=11411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1372" name="/newroot/47/file0" dev="tmpfs" ino=264 res=1 errno=0
[  321.130276][T11407] /dev/sr0: Can't open blockdev
[  321.189737][T11413] netlink: 'syz.3.1374': attribute type 5 has an invalid length.
[  321.265848][T11415] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1375'.
[  321.316144][T11417] syzkaller1: entered promiscuous mode
[  321.318063][T11417] syzkaller1: entered allmulticast mode
[  321.399287][ T5954] Bluetooth: hci3: command 0x0c1a tx timeout
[  321.479517][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  321.583818][T11408] vhci_hcd: connection closed
[  321.584450][ T7102] vhci_hcd: stop threads
[  321.589347][ T7102] vhci_hcd: release socket
[  321.591259][ T7102] vhci_hcd: disconnect device
[  321.594535][T11420] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  321.596631][T11420] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  321.599473][T11420] vhci_hcd vhci_hcd.0: Device attached
[  321.640146][T11422] vhci_hcd: connection closed
[  321.640429][ T7104] vhci_hcd: stop threads
[  321.644069][ T7104] vhci_hcd: release socket
[  321.646008][ T7104] vhci_hcd: disconnect device
[  321.738671][T11425] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1378'.
[  322.039346][   T60] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  322.189363][   T60] usb 9-1: Using ep0 maxpacket: 32
[  322.215394][   T60] usb 9-1: config 0 has an invalid interface number: 89 but max is 0
[  322.218821][   T60] usb 9-1: config 0 has no interface number 0
[  322.222748][   T60] usb 9-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  322.227038][   T60] usb 9-1: config 0 interface 89 has no altsetting 0
[  322.233315][   T60] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  322.237275][   T60] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.241422][   T60] usb 9-1: Product: syz
[  322.246777][   T60] usb 9-1: Manufacturer: syz
[  322.248965][   T60] usb 9-1: SerialNumber: syz
[  322.251066][T11429] binder: 11428:11429 ioctl c0306201 80000680 returned -14
[  322.257464][   T60] usb 9-1: config 0 descriptor??
[  322.264412][   T60] em28xx 9-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  322.269500][   T60] em28xx 9-1:0.89: Video interface 89 found:
[  322.373675][T11437] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1384'.
[  322.744496][   T40] audit: type=1804 audit(2000000249.199:917): pid=11448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1386" name="/newroot/323/file0" dev="tmpfs" ino=1721 res=1 errno=0
[  322.780061][T11447] /dev/sr0: Can't open blockdev
[  322.867924][   T60] em28xx 9-1:0.89: unknown em28xx chip ID (0)
[  323.080260][   T61] usb 40-1: device descriptor read/8, error -110
[  323.483411][   T61] usb usb40-port1: attempt power cycle
[  323.524670][T11458] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  323.526817][T11458] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  323.530469][T11458] vhci_hcd vhci_hcd.0: Device attached
[  323.579547][T11460] vhci_hcd: connection closed
[  323.580961][ T7093] vhci_hcd: stop threads
[  323.584081][ T7093] vhci_hcd: release socket
[  323.589225][ T7093] vhci_hcd: disconnect device
[  323.612923][T11465] syzkaller1: entered promiscuous mode
[  323.615154][T11465] syzkaller1: entered allmulticast mode
[  324.042127][   T60] em28xx 9-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  324.046357][   T60] em28xx 9-1:0.89: board has no eeprom
[  324.050351][   T61] usb usb40-port1: unable to enumerate USB device
[  324.109471][   T60] em28xx 9-1:0.89: Identified as Terratec Grabby (card=67)
[  324.112882][   T60] em28xx 9-1:0.89: analog set to bulk mode.
[  324.115522][ T6805] em28xx 9-1:0.89: Registering V4L2 extension
[  324.143615][ T6805] em28xx 9-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  324.150536][ T6805] em28xx 9-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  324.155951][ T6805] em28xx 9-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  324.158931][ T6805] em28xx 9-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  324.162039][ T6805] em28xx 9-1:0.89: Config register raw data: 0xfffffffb
[  324.164739][ T6805] em28xx 9-1:0.89: AC97 chip type couldn't be determined
[  324.167432][ T6805] em28xx 9-1:0.89: No AC97 audio processor
[  324.176155][ T6805] usb 9-1: Decoder not found
[  324.177662][ T6805] em28xx 9-1:0.89: failed to create media graph
[  324.179857][ T6805] em28xx 9-1:0.89: V4L2 device video103 deregistered
[  324.182786][ T6805] em28xx 9-1:0.89: Registering snapshot button...
[  324.185702][ T6805] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.89/input/input38
[  324.203222][ T6805] em28xx 9-1:0.89: Remote control support is not available for this card.
[  324.267833][T11472] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1393'.
[  324.319132][T11474] FAULT_INJECTION: forcing a failure.
[  324.319132][T11474] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  324.324928][T11474] CPU: 1 UID: 0 PID: 11474 Comm: syz.0.1394 Not tainted syzkaller #0 PREEMPT(full) 
[  324.324952][T11474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  324.324964][T11474] Call Trace:
[  324.324973][T11474]  <TASK>
[  324.324981][T11474]  dump_stack_lvl+0x16c/0x1f0
[  324.325010][T11474]  should_fail_ex+0x512/0x640
[  324.325042][T11474]  _copy_from_user+0x2e/0xd0
[  324.325061][T11474]  get_compat_msghdr+0xa7/0x170
[  324.325080][T11474]  ? __pfx_get_compat_msghdr+0x10/0x10
[  324.325108][T11474]  ___sys_sendmsg+0x1ae/0x1d0
[  324.325130][T11474]  ? __pfx____sys_sendmsg+0x10/0x10
[  324.325163][T11474]  ? find_held_lock+0x2b/0x80
[  324.325202][T11474]  __sys_sendmsg+0x16d/0x220
[  324.325221][T11474]  ? __pfx___sys_sendmsg+0x10/0x10
[  324.325253][T11474]  ? rcu_is_watching+0x12/0xc0
[  324.325277][T11474]  __do_fast_syscall_32+0x7c/0x300
[  324.325305][T11474]  do_fast_syscall_32+0x32/0x80
[  324.325327][T11474]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  324.325350][T11474] RIP: 0023:0xf706d579
[  324.325382][T11474] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  324.325398][T11474] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  324.325417][T11474] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
[  324.325428][T11474] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  324.325439][T11474] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  324.325448][T11474] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  324.325458][T11474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  324.325485][T11474]  </TASK>
[  324.761173][ T7102] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  324.816987][   T61] usb 9-1: USB disconnect, device number 5
[  324.820414][   T61] em28xx 9-1:0.89: Disconnecting em28xx
[  324.822741][   T61] em28xx 9-1:0.89: Closing input extension
[  324.825184][   T61] em28xx 9-1:0.89: Deregistering snapshot button
[  324.884704][T11487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1398'.
[  324.898092][T11487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1398'.
[  326.576197][   T61] em28xx 9-1:0.89: Freeing device
[  327.010121][T11511] [U] �
[  327.846018][T11521] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1409'.
[  328.785682][T11534] syzkaller1: entered promiscuous mode
[  328.871504][T11534] syzkaller1: entered allmulticast mode
[  329.732328][T11551] [U] �
[  329.832249][T11557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1421'.
[  329.840655][T11557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1421'.
[  330.686501][T11570] IPVS: Scheduler module ip_vs_sip not found
[  331.712257][T11587] random: crng reseeded on system resumption
[  331.719575][T11587] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  331.784182][T11592] syzkaller1: entered promiscuous mode
[  331.785998][T11592] syzkaller1: entered allmulticast mode
[  331.928614][T11596] IPVS: Scheduler module ip_vs_sip not found
[  332.532005][T11605] [U] �
[  333.632275][T11616] pim6reg: entered allmulticast mode
[  334.114130][T11626] IPVS: Scheduler module ip_vs_sip not found
[  334.493557][T11641] syzkaller1: entered promiscuous mode
[  334.499419][T11641] syzkaller1: entered allmulticast mode
[  335.091222][T11655] [U] �
[  335.240770][T11657] syzkaller0: entered promiscuous mode
[  335.242667][T11657] syzkaller0: entered allmulticast mode
[  335.444785][T11661] IPVS: Scheduler module ip_vs_sip not found
[  335.715207][T11674] netlink: 'syz.3.1457': attribute type 2 has an invalid length.
[  336.442546][T11669] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  336.445146][T11669] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  336.447537][T11669] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  336.699410][T11693] syzkaller1: entered promiscuous mode
[  336.701228][T11693] syzkaller1: entered allmulticast mode
[  337.140167][T11696] IPVS: Scheduler module ip_vs_sip not found
[  337.194088][T11700] workqueue: name exceeds WQ_NAME_LEN. Truncating to: πF���Vl�uc'f`�ކ�;��1�
[  337.499511][   T29] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  337.659477][T11707] [U] �
[  337.679255][   T29] usb 9-1: Using ep0 maxpacket: 32
[  337.684206][   T29] usb 9-1: config 0 has an invalid interface number: 89 but max is 0
[  337.687457][   T29] usb 9-1: config 0 has no interface number 0
[  337.690280][   T29] usb 9-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  337.695382][   T29] usb 9-1: config 0 interface 89 has no altsetting 0
[  337.705158][   T29] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  337.708316][   T29] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.712054][   T29] usb 9-1: Product: syz
[  337.713535][   T29] usb 9-1: Manufacturer: syz
[  337.715169][   T29] usb 9-1: SerialNumber: syz
[  337.728660][   T29] usb 9-1: config 0 descriptor??
[  337.753170][   T29] em28xx 9-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  337.756370][   T29] em28xx 9-1:0.89: Video interface 89 found:
[  337.761786][ T5954] Bluetooth: hci2: command 0x0c1a tx timeout
[  337.787211][T11709] IPVS: Scheduler module ip_vs_sip not found
[  337.797606][T11711] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1469'.
[  338.360655][   T29] em28xx 9-1:0.89: unknown em28xx chip ID (0)
[  338.530341][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  338.530352][ T5954] Bluetooth: hci4: command 0x0c1a tx timeout
[  338.780233][T11738] syzkaller1: entered promiscuous mode
[  338.782085][T11738] syzkaller1: entered allmulticast mode
[  338.949224][ T6008] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  339.099272][ T6008] usb 5-1: Using ep0 maxpacket: 16
[  339.102557][ T6008] usb 5-1: config 11 has an invalid interface number: 48 but max is 3
[  339.105153][ T6008] usb 5-1: config 11 contains an unexpected descriptor of type 0x1, skipping
[  339.107885][ T6008] usb 5-1: config 11 has an invalid interface number: 90 but max is 3
[  339.110510][ T6008] usb 5-1: config 11 has an invalid interface number: 129 but max is 3
[  339.113063][ T6008] usb 5-1: config 11 has an invalid interface number: 217 but max is 3
[  339.115654][ T6008] usb 5-1: config 11 contains an unexpected descriptor of type 0x2, skipping
[  339.118415][ T6008] usb 5-1: config 11 has no interface number 0
[  339.120400][ T6008] usb 5-1: config 11 has no interface number 1
[  339.122390][ T6008] usb 5-1: config 11 has no interface number 2
[  339.124398][ T6008] usb 5-1: config 11 has no interface number 3
[  339.126416][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has an invalid descriptor for endpoint zero, skipping
[  339.129813][ T6008] usb 5-1: config 11 interface 48 altsetting 6 bulk endpoint 0xB has invalid maxpacket 1024
[  339.132996][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has an invalid descriptor for endpoint zero, skipping
[  339.136357][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has an endpoint descriptor with address 0x66, changing to 0x6
[  339.140004][ T6008] usb 5-1: config 11 interface 48 altsetting 6 endpoint 0x6 has an invalid bInterval 115, changing to 10
[  339.143504][ T6008] usb 5-1: config 11 interface 48 altsetting 6 endpoint 0x6 has invalid maxpacket 34156, setting to 1024
[  339.146921][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has a duplicate endpoint with address 0xB, skipping
[  339.150275][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has a duplicate endpoint with address 0xB, skipping
[  339.153531][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has an invalid descriptor for endpoint zero, skipping
[  339.156794][ T6008] usb 5-1: config 11 interface 48 altsetting 6 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  339.160141][ T6008] usb 5-1: config 11 interface 48 altsetting 6 endpoint 0xC has invalid maxpacket 512, setting to 64
[  339.163471][ T6008] usb 5-1: config 11 interface 48 altsetting 6 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  339.166794][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has a duplicate endpoint with address 0xB, skipping
[  339.170099][ T6008] usb 5-1: config 11 interface 48 altsetting 6 has 13 endpoint descriptors, different from the interface descriptor's value: 12
[  339.174154][ T6008] usb 5-1: config 11 interface 90 altsetting 2 endpoint 0x7 has an invalid bInterval 254, changing to 7
[  339.177615][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  339.181074][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has an endpoint descriptor with address 0x34, changing to 0x4
[  339.184674][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0x4, skipping
[  339.187914][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[  339.191248][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[  339.194533][ T6008] usb 5-1: config 11 interface 90 altsetting 2 endpoint 0x9 has invalid wMaxPacketSize 0
[  339.197474][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0xC, skipping
[  339.200742][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0x5, skipping
[  339.204047][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[  339.207327][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  339.210679][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0x7, skipping
[  339.213983][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[  339.217349][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  339.220702][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[  339.223997][ T6008] usb 5-1: config 11 interface 90 altsetting 2 has 16 endpoint descriptors, different from the interface descriptor's value: 15
[  339.228107][ T6008] usb 5-1: config 11 interface 129 altsetting 4 has a duplicate endpoint with address 0x6, skipping
[  339.231453][ T6008] usb 5-1: config 11 interface 129 altsetting 4 has a duplicate endpoint with address 0xC, skipping
[  339.234782][ T6008] usb 5-1: config 11 interface 129 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[  339.238053][ T6008] usb 5-1: config 11 interface 129 altsetting 4 has a duplicate endpoint with address 0x7, skipping
[  339.241949][ T6008] usb 5-1: config 11 interface 217 altsetting 204 has a duplicate endpoint with address 0x4, skipping
[  339.245281][ T6008] usb 5-1: config 11 interface 217 altsetting 204 has a duplicate endpoint with address 0x4, skipping
[  339.248608][ T6008] usb 5-1: config 11 interface 217 altsetting 204 endpoint 0x8 has invalid maxpacket 1640, setting to 64
[  339.252074][ T6008] usb 5-1: config 11 interface 217 altsetting 204 has an endpoint descriptor with address 0xA8, changing to 0x88
[  339.255713][ T6008] usb 5-1: config 11 interface 217 altsetting 204 has a duplicate endpoint with address 0x88, skipping
[  339.259086][ T6008] usb 5-1: config 11 interface 217 altsetting 204 has a duplicate endpoint with address 0x8, skipping
[  339.262520][ T6008] usb 5-1: config 11 interface 217 altsetting 204 has an invalid descriptor for endpoint zero, skipping
[  339.265918][ T6008] usb 5-1: config 11 interface 48 has no altsetting 0
[  339.268094][ T6008] usb 5-1: config 11 interface 90 has no altsetting 0
[  339.270273][ T6008] usb 5-1: config 11 interface 129 has no altsetting 0
[  339.272476][ T6008] usb 5-1: config 11 interface 217 has no altsetting 0
[  339.276651][ T6008] usb 5-1: New USB device found, idVendor=0a46, idProduct=0268, bcdDevice=d1.1a
[  339.279469][ T6008] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.281973][ T6008] usb 5-1: Product: ㋁ྦ㘟ꢕ갣澺Ϙ
[  339.283756][ T6008] usb 5-1: Manufacturer: ࠔ
[  339.285250][ T6008] usb 5-1: SerialNumber: 鼛Ұ뚩ꌣ苦Ⅲ꩹鱯좋嫘ꪥﭛ孫쁂⾠䷼碩믿僬﫳挘闸Ꞵᡴ蔣଩졑ᅛ೻ꆡࡧ儈릃䢘杠픊礝廕ꨦ䀨觴펄㤨쉱ᛵ쎗Ðꉸ柾䝔旴⸚ꚑ⊔黷垼ซ友뱸梣⣜銉躗怍놛粞樁ⲥ筧஄ퟖ옹㠮௼둻
[  339.295417][T11730] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  339.297695][T11730] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  339.461887][   T29] em28xx 9-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  339.464509][   T29] em28xx 9-1:0.89: board has no eeprom
[  339.529355][   T29] em28xx 9-1:0.89: Identified as Terratec Grabby (card=67)
[  339.531718][   T29] em28xx 9-1:0.89: analog set to bulk mode.
[  339.534561][   T61] em28xx 9-1:0.89: Registering V4L2 extension
[  339.559384][   T61] em28xx 9-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  339.562369][   T61] em28xx 9-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  339.564314][T11743] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1478'.
[  339.565282][   T61] em28xx 9-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  339.570828][   T61] em28xx 9-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  339.573701][   T61] em28xx 9-1:0.89: Config register raw data: 0xfffffffb
[  339.576154][   T61] em28xx 9-1:0.89: AC97 chip type couldn't be determined
[  339.578436][   T61] em28xx 9-1:0.89: No AC97 audio processor
[  339.583853][ T6008] dm9601 5-1:11.48: probe with driver dm9601 failed with error -22
[  339.594438][   T61] usb 9-1: Decoder not found
[  339.596257][   T61] em28xx 9-1:0.89: failed to create media graph
[  339.598558][   T61] em28xx 9-1:0.89: V4L2 device video103 deregistered
[  339.602266][ T6008] dm9601 5-1:11.90: probe with driver dm9601 failed with error -22
[  339.605320][   T61] em28xx 9-1:0.89: Registering snapshot button...
[  339.613602][   T61] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.89/input/input40
[  339.619364][   T61] em28xx 9-1:0.89: Remote control support is not available for this card.
[  339.622481][ T6008] dm9601 5-1:11.129: probe with driver dm9601 failed with error -22
[  339.632409][ T6008] dm9601 5-1:11.217: probe with driver dm9601 failed with error -22
[  339.644778][ T6008] usb 5-1: USB disconnect, device number 11
[  339.688468][T11750] IPVS: Scheduler module ip_vs_sip not found
[  339.814286][T11759] FAULT_INJECTION: forcing a failure.
[  339.814286][T11759] name failslab, interval 1, probability 0, space 0, times 0
[  339.818392][T11759] CPU: 3 UID: 0 PID: 11759 Comm: syz.3.1483 Not tainted syzkaller #0 PREEMPT(full) 
[  339.818407][T11759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  339.818414][T11759] Call Trace:
[  339.818418][T11759]  <TASK>
[  339.818423][T11759]  dump_stack_lvl+0x16c/0x1f0
[  339.818440][T11759]  should_fail_ex+0x512/0x640
[  339.818456][T11759]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  339.818469][T11759]  should_failslab+0xc2/0x120
[  339.818483][T11759]  kmem_cache_alloc_noprof+0x75/0x6e0
[  339.818494][T11759]  ? __pmd_alloc+0xbf/0x8b0
[  339.818511][T11759]  ? __pmd_alloc+0xbf/0x8b0
[  339.818523][T11759]  __pmd_alloc+0xbf/0x8b0
[  339.818538][T11759]  __handle_mm_fault+0xada/0x2aa0
[  339.818556][T11759]  ? mt_find+0x3e2/0xa20
[  339.818570][T11759]  ? __pfx___handle_mm_fault+0x10/0x10
[  339.818585][T11759]  ? __pfx_mt_find+0x10/0x10
[  339.818605][T11759]  ? find_vma+0xbf/0x140
[  339.818617][T11759]  ? __pfx_find_vma+0x10/0x10
[  339.818630][T11759]  handle_mm_fault+0x589/0xd10
[  339.818647][T11759]  ? __pkru_allows_pkey+0x21/0xb0
[  339.818665][T11759]  do_user_addr_fault+0x7a6/0x1370
[  339.818676][T11759]  ? rcu_is_watching+0x12/0xc0
[  339.818689][T11759]  exc_page_fault+0x64/0xc0
[  339.818702][T11759]  asm_exc_page_fault+0x26/0x30
[  339.818712][T11759] RIP: 0010:__get_user_nocheck_4+0x6/0x20
[  339.818729][T11759] Code: 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb 0f ae e8 <8b> 10 31 c0 0f 01 ca e9 3e 34 04 00 66 66 2e 0f 1f 84 00 00 00 00
[  339.818739][T11759] RSP: 0018:ffffc9000339fcd0 EFLAGS: 00050293
[  339.818748][T11759] RAX: 0000000080000240 RBX: ffff888023178000 RCX: ffffffff817e71d9
[  339.818755][T11759] RDX: ffff8880239cc900 RSI: ffffffff817e71e7 RDI: 0000000000000006
[  339.818761][T11759] RBP: 1ffff92000673f9d R08: 0000000000000006 R09: 0000000080000240
[  339.818767][T11759] R10: 00007ffffffff000 R11: 0000000000000001 R12: 0000000080000240
[  339.818773][T11759] R13: 00007ffffffff000 R14: dffffc0000000000 R15: 0000000000004205
[  339.818783][T11759]  ? compat_ptrace_request+0x229/0x5c0
[  339.818797][T11759]  ? compat_ptrace_request+0x237/0x5c0
[  339.818811][T11759]  compat_ptrace_request+0x23f/0x5c0
[  339.818825][T11759]  ? __pfx_compat_ptrace_request+0x10/0x10
[  339.818838][T11759]  ? find_held_lock+0x2b/0x80
[  339.818850][T11759]  ? rcu_is_watching+0x12/0xc0
[  339.818861][T11759]  ? lockdep_hardirqs_on+0x7c/0x110
[  339.818879][T11759]  compat_arch_ptrace+0x297/0x3a0
[  339.818889][T11759]  ? __pfx_compat_arch_ptrace+0x10/0x10
[  339.818898][T11759]  ? mark_held_locks+0x49/0x80
[  339.818915][T11759]  __ia32_compat_sys_ptrace+0x23a/0x2b0
[  339.818930][T11759]  __do_fast_syscall_32+0x7c/0x300
[  339.818944][T11759]  do_fast_syscall_32+0x32/0x80
[  339.818958][T11759]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  339.818970][T11759] RIP: 0023:0xf703d579
[  339.818978][T11759] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  339.818988][T11759] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 000000000000001a
[  339.818997][T11759] RAX: ffffffffffffffda RBX: 0000000000004205 RCX: 000000000000059b
[  339.819003][T11759] RDX: 0000000046e62b7f RSI: 0000000080000240 RDI: 0000000000000000
[  339.819009][T11759] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  339.819014][T11759] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  339.819020][T11759] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  339.819033][T11759]  </TASK>
[  340.555023][T11771] [U] �
[  340.814856][   T61] usb 9-1: USB disconnect, device number 6
[  340.828693][   T61] em28xx 9-1:0.89: Disconnecting em28xx
[  340.838329][   T61] em28xx 9-1:0.89: Closing input extension
[  340.840304][   T61] em28xx 9-1:0.89: Deregistering snapshot button
[  340.882192][   T61] em28xx 9-1:0.89: Freeing device
[  340.940531][T11774] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1487'.
[  341.003024][T11780] IPVS: Scheduler module ip_vs_sip not found
[  341.050753][ T6805] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  341.110343][T11784] syzkaller1: entered promiscuous mode
[  341.112071][T11784] syzkaller1: entered allmulticast mode
[  341.469362][ T5956] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  341.639249][ T5956] usb 9-1: Using ep0 maxpacket: 32
[  341.642383][ T5956] usb 9-1: config 0 has an invalid interface number: 89 but max is 0
[  341.645006][ T5956] usb 9-1: config 0 has no interface number 0
[  341.647005][ T5956] usb 9-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  341.650053][ T5956] usb 9-1: config 0 interface 89 has no altsetting 0
[  341.653900][ T5956] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  341.656643][ T5956] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.659208][ T5956] usb 9-1: Product: syz
[  341.660516][ T5956] usb 9-1: Manufacturer: syz
[  341.662047][ T5956] usb 9-1: SerialNumber: syz
[  341.670037][ T5956] usb 9-1: config 0 descriptor??
[  341.673544][ T5956] em28xx 9-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  341.676401][ T5956] em28xx 9-1:0.89: Video interface 89 found:
[  342.168825][T11804] IPVS: Scheduler module ip_vs_sip not found
[  342.185420][T11802] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1498'.
[  342.275439][ T5956] em28xx 9-1:0.89: unknown em28xx chip ID (0)
[  342.797102][T11828] [U] �
[  343.025088][T11830] syzkaller1: entered promiscuous mode
[  343.027142][T11830] syzkaller1: entered allmulticast mode
[  343.393829][ T5956] em28xx 9-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  343.396524][ T5956] em28xx 9-1:0.89: board has no eeprom
[  343.449244][ T5956] em28xx 9-1:0.89: Identified as Terratec Grabby (card=67)
[  343.451950][ T5956] em28xx 9-1:0.89: analog set to bulk mode.
[  343.454214][   T34] em28xx 9-1:0.89: Registering V4L2 extension
[  343.472257][   T34] em28xx 9-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  343.475136][   T34] em28xx 9-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  343.477805][   T34] em28xx 9-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  343.480867][   T34] em28xx 9-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  343.489308][   T34] em28xx 9-1:0.89: Config register raw data: 0xfffffffb
[  343.494394][   T34] em28xx 9-1:0.89: AC97 chip type couldn't be determined
[  343.497186][   T34] em28xx 9-1:0.89: No AC97 audio processor
[  343.507904][   T34] usb 9-1: Decoder not found
[  343.509699][   T34] em28xx 9-1:0.89: failed to create media graph
[  343.511724][   T34] em28xx 9-1:0.89: V4L2 device video103 deregistered
[  343.514683][   T34] em28xx 9-1:0.89: Registering snapshot button...
[  343.521850][   T34] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.89/input/input41
[  343.529585][   T34] em28xx 9-1:0.89: Remote control support is not available for this card.
[  343.646154][T11835] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1508'.
[  343.687669][T11837] Bluetooth: MGMT ver 1.23
[  344.053750][T11841] IPVS: Scheduler module ip_vs_sip not found
[  344.091833][T11849] loop2: detected capacity change from 0 to 7
[  344.094833][ T5953] Dev loop2: unable to read RDB block 7
[  344.096618][ T5953]  loop2: AHDI p1 p2 p3
[  344.097967][ T5953] loop2: partition table partially beyond EOD, truncated
[  344.103359][ T5953] loop2: p1 start 1601398130 is beyond EOD, truncated
[  344.105559][ T5953] loop2: p2 start 1702059890 is beyond EOD, truncated
[  344.111815][T11849] Dev loop2: unable to read RDB block 7
[  344.115542][T11849]  loop2: AHDI p1 p2 p3
[  344.116853][T11849] loop2: partition table partially beyond EOD, truncated
[  344.120059][T11849] loop2: p1 start 1601398130 is beyond EOD, truncated
[  344.122676][T11849] loop2: p2 start 1702059890 is beyond EOD, truncated
[  344.132032][T11849] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.249538][   T61] usb 9-1: USB disconnect, device number 7
[  344.251972][   T61] em28xx 9-1:0.89: Disconnecting em28xx
[  344.253830][   T61] em28xx 9-1:0.89: Closing input extension
[  344.255674][   T61] em28xx 9-1:0.89: Deregistering snapshot button
[  344.275324][   T61] em28xx 9-1:0.89: Freeing device
[  344.432885][T11860] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1517'.
[  344.476397][T11863] 9pnet_fd: Insufficient options for proto=fd
[  344.486872][T11865] syzkaller1: entered promiscuous mode
[  344.489918][T11865] syzkaller1: entered allmulticast mode
[  344.755821][T11871] netlink: 'syz.1.1520': attribute type 12 has an invalid length.
[  344.940103][T11880] IPVS: Scheduler module ip_vs_sip not found
[  345.044800][T11883] [U] �
[  345.229257][   T34] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  345.389328][   T34] usb 6-1: Using ep0 maxpacket: 32
[  345.393614][   T34] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  345.397143][   T34] usb 6-1: config 0 has no interface number 0
[  345.399888][   T34] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  345.404169][   T34] usb 6-1: config 0 interface 89 has no altsetting 0
[  345.409440][   T34] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  345.413252][   T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.416822][   T34] usb 6-1: Product: syz
[  345.418701][   T34] usb 6-1: Manufacturer: syz
[  345.420778][   T34] usb 6-1: SerialNumber: syz
[  345.426354][   T34] usb 6-1: config 0 descriptor??
[  345.431478][   T34] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  345.435407][   T34] em28xx 6-1:0.89: Video interface 89 found:
[  345.935224][T11891] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1526'.
[  346.032969][   T34] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  346.314868][T11905] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method
[  346.383428][T11909] IPVS: Scheduler module ip_vs_sip not found
[  346.501072][T11916] syzkaller1: entered promiscuous mode
[  346.502905][T11916] syzkaller1: entered allmulticast mode
[  347.017453][T11923] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1536'.
[  347.152774][   T34] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  347.155385][   T34] em28xx 6-1:0.89: board has no eeprom
[  347.209351][   T34] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  347.212255][   T34] em28xx 6-1:0.89: analog set to bulk mode.
[  347.214606][ T6025] em28xx 6-1:0.89: Registering V4L2 extension
[  347.241025][ T6025] em28xx 6-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  347.244578][ T6025] em28xx 6-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  347.247879][T11928] TCP: TCP_TX_DELAY enabled
[  347.248015][ T6025] em28xx 6-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  347.253676][ T6025] em28xx 6-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  347.257310][ T6025] em28xx 6-1:0.89: Config register raw data: 0xfffffffb
[  347.261306][ T6025] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  347.264166][ T6025] em28xx 6-1:0.89: No AC97 audio processor
[  347.277910][ T6025] usb 6-1: Decoder not found
[  347.282396][ T6025] em28xx 6-1:0.89: failed to create media graph
[  347.286108][ T6025] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  347.290072][ T6025] em28xx 6-1:0.89: Registering snapshot button...
[  347.294112][ T6025] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.89/input/input42
[  347.298749][ T6025] em28xx 6-1:0.89: Remote control support is not available for this card.
[  347.548529][T11939] IPVS: Scheduler module ip_vs_sip not found
[  347.707815][T11944] [U] �
[  347.855379][T11950] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1543'.
[  347.858589][T11950] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1543'.
[  348.033976][T11951] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  348.632072][T11955] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1545'.
[  348.741249][   T29] usb 6-1: USB disconnect, device number 24
[  348.744647][   T29] em28xx 6-1:0.89: Disconnecting em28xx
[  348.747016][   T29] em28xx 6-1:0.89: Closing input extension
[  348.759371][   T29] em28xx 6-1:0.89: Deregistering snapshot button
[  348.781187][   T29] em28xx 6-1:0.89: Freeing device
[  348.841157][T11962] fuse: Bad value for 'fd'
[  348.841443][T11961] vxcan0: tx address claim with dlc 0
[  348.845985][T11961] netlink: 564 bytes leftover after parsing attributes in process `syz.1.1548'.
[  348.863198][T11962] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  348.866620][T11961] bridge0: port 2(bridge_slave_1) entered listening state
[  348.872963][T11961] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.879827][T11961] syz_tun: entered allmulticast mode
[  348.912790][T11960] syz_tun: left allmulticast mode
[  349.342136][T11974] ceph: No mds server is up or the cluster is laggy
[  349.425074][T11979] syzkaller1: entered promiscuous mode
[  349.427376][T11979] syzkaller1: entered allmulticast mode
[  349.583695][T11983] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1554'.
[  349.605149][T11987] FAULT_INJECTION: forcing a failure.
[  349.605149][T11987] name failslab, interval 1, probability 0, space 0, times 0
[  349.609536][T11987] CPU: 0 UID: 0 PID: 11987 Comm: syz.4.1556 Not tainted syzkaller #0 PREEMPT(full) 
[  349.609551][T11987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  349.609557][T11987] Call Trace:
[  349.609561][T11987]  <TASK>
[  349.609565][T11987]  dump_stack_lvl+0x16c/0x1f0
[  349.609582][T11987]  should_fail_ex+0x512/0x640
[  349.609599][T11987]  ? fs_reclaim_acquire+0xae/0x150
[  349.609620][T11987]  should_failslab+0xc2/0x120
[  349.609634][T11987]  __kmalloc_noprof+0xdd/0x880
[  349.609644][T11987]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  349.609659][T11987]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  349.609671][T11987]  tomoyo_realpath_from_path+0xc2/0x6e0
[  349.609684][T11987]  ? tomoyo_profile+0x47/0x60
[  349.609699][T11987]  tomoyo_path_number_perm+0x245/0x580
[  349.609708][T11987]  ? tomoyo_path_number_perm+0x237/0x580
[  349.609719][T11987]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  349.609742][T11987]  ? find_held_lock+0x2b/0x80
[  349.609752][T11987]  ? hook_file_ioctl_common+0x145/0x410
[  349.609766][T11987]  ? __fget_files+0x20e/0x3c0
[  349.609779][T11987]  security_file_ioctl_compat+0x9b/0x240
[  349.609791][T11987]  __ia32_compat_sys_ioctl+0xc3/0x370
[  349.609809][T11987]  __do_fast_syscall_32+0x7c/0x300
[  349.609824][T11987]  do_fast_syscall_32+0x32/0x80
[  349.609837][T11987]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  349.609850][T11987] RIP: 0023:0xf7f84579
[  349.609858][T11987] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  349.609868][T11987] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  349.609878][T11987] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0d05604
[  349.609885][T11987] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  349.609891][T11987] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  349.609897][T11987] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  349.609902][T11987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  349.609916][T11987]  </TASK>
[  349.609920][T11987] ERROR: Out of memory at tomoyo_realpath_from_path.
[  349.811540][T11998] IPVS: Scheduler module ip_vs_sip not found
[  349.898621][T12003] syzkaller1: entered promiscuous mode
[  349.901279][T12003] syzkaller1: entered allmulticast mode
[  349.939313][   T29] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  350.055584][T12007] [U] �
[  350.149379][   T29] usb 6-1: Using ep0 maxpacket: 32
[  350.156629][   T29] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  350.159652][   T29] usb 6-1: config 0 has no interface number 0
[  350.161866][   T29] usb 6-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  350.165378][   T29] usb 6-1: config 0 interface 89 has no altsetting 0
[  350.172544][   T29] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  350.175737][   T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.179338][   T29] usb 6-1: Product: syz
[  350.181555][   T29] usb 6-1: Manufacturer: syz
[  350.183823][   T29] usb 6-1: SerialNumber: syz
[  350.199731][   T29] usb 6-1: config 0 descriptor??
[  350.223586][   T29] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  350.226967][   T29] em28xx 6-1:0.89: Video interface 89 found:
[  350.237530][T12014] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1565'.
[  350.494346][T12021] IPVS: Scheduler module ip_vs_sip not found
[  350.738772][T12030] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  350.894778][   T29] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  350.908873][T12024] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  350.911019][T12024] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  350.914077][T12024] vhci_hcd vhci_hcd.0: Device attached
[  350.919322][T12024] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1568'.
[  351.179298][   T10] usb 44-1: SetAddress Request (50) to port 0
[  351.181401][   T10] usb 44-1: new SuperSpeed USB device number 50 using vhci_hcd
[  351.244462][T12031] vhci_hcd: connection reset by peer
[  351.248439][ T7093] vhci_hcd: stop threads
[  351.248804][T12035] syzkaller1: entered promiscuous mode
[  351.251258][ T7093] vhci_hcd: release socket
[  351.251864][T12035] syzkaller1: entered allmulticast mode
[  351.253662][ T7093] vhci_hcd: disconnect device
[  351.595635][T12044] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1574'.
[  352.438171][   T29] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  352.724993][T12055] IPVS: Scheduler module ip_vs_sip not found
[  353.083269][T12062] [U] �
[  353.174919][   T29] em28xx 6-1:0.89: board has no eeprom
[  353.251009][   T29] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  353.267971][   T29] em28xx 6-1:0.89: analog set to bulk mode.
[  353.302342][ T2298] em28xx 6-1:0.89: Registering V4L2 extension
[  353.384371][ T2298] em28xx 6-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  353.401642][ T5954] Bluetooth: hci1: command 0x1003 tx timeout
[  353.401976][ T5949] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  353.404428][ T2298] em28xx 6-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  353.418619][ T2298] em28xx 6-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  353.440510][   T29] usb 6-1: USB disconnect, device number 25
[  353.446052][ T2298] em28xx 6-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  353.460972][   T29] em28xx 6-1:0.89: Disconnecting em28xx
[  353.468124][ T2298] em28xx 6-1:0.89: Config register raw data: 0xffffffed
[  353.491146][ T2298] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  353.504597][ T2298] em28xx 6-1:0.89: No AC97 audio processor
[  353.529552][ T2298] usb 6-1: Decoder not found
[  353.540365][ T2298] em28xx 6-1:0.89: failed to create media graph
[  353.556932][ T2298] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  353.580679][ T2298] em28xx 6-1:0.89: Registering snapshot button...
[  353.581055][T12064] ==================================================================
[  353.585710][T12064] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[  353.588705][T12064] Read of size 8 at addr ffff88804998c740 by task v4l_id/12064
[  353.592713][T12064] 
[  353.593994][T12064] CPU: 0 UID: 0 PID: 12064 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  353.594009][T12064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  353.594016][T12064] Call Trace:
[  353.594020][T12064]  <TASK>
[  353.594025][T12064]  dump_stack_lvl+0x116/0x1f0
[  353.594042][T12064]  print_report+0xcd/0x630
[  353.594056][T12064]  ? __virt_addr_valid+0x81/0x610
[  353.594070][T12064]  ? __phys_addr+0xe8/0x180
[  353.594083][T12064]  ? v4l2_fh_init+0x27d/0x2c0
[  353.594096][T12064]  kasan_report+0xe0/0x110
[  353.594110][T12064]  ? v4l2_fh_init+0x27d/0x2c0
[  353.594124][T12064]  v4l2_fh_init+0x27d/0x2c0
[  353.594136][T12064]  v4l2_fh_open+0x64/0xa0
[  353.594149][T12064]  em28xx_v4l2_open+0x24e/0x7e0
[  353.594165][T12064]  v4l2_open+0x1d2/0x5e0
[  353.594176][T12064]  ? __pfx_v4l2_open+0x10/0x10
[  353.594187][T12064]  chrdev_open+0x234/0x6a0
[  353.594200][T12064]  ? __pfx_chrdev_open+0x10/0x10
[  353.594213][T12064]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  353.594226][T12064]  do_dentry_open+0x982/0x1530
[  353.594238][T12064]  ? __pfx_chrdev_open+0x10/0x10
[  353.594251][T12064]  vfs_open+0x82/0x3f0
[  353.594266][T12064]  path_openat+0x1de4/0x2cb0
[  353.594280][T12064]  ? __pfx_path_openat+0x10/0x10
[  353.594291][T12064]  ? __lock_acquire+0xb8a/0x1c90
[  353.594311][T12064]  do_filp_open+0x20b/0x470
[  353.594322][T12064]  ? __pfx_do_filp_open+0x10/0x10
[  353.594337][T12064]  ? alloc_fd+0x471/0x7d0
[  353.594349][T12064]  do_sys_openat2+0x11b/0x1d0
[  353.594363][T12064]  ? __pfx_do_sys_openat2+0x10/0x10
[  353.594377][T12064]  ? find_held_lock+0x2b/0x80
[  353.594387][T12064]  ? handle_mm_fault+0x2ab/0xd10
[  353.594405][T12064]  __x64_sys_openat+0x174/0x210
[  353.594423][T12064]  ? __pfx___x64_sys_openat+0x10/0x10
[  353.594441][T12064]  ? do_user_addr_fault+0x843/0x1370
[  353.594452][T12064]  do_syscall_64+0xcd/0xfa0
[  353.594465][T12064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.594477][T12064] RIP: 0033:0x7ff01eaa7407
[  353.594486][T12064] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  353.594496][T12064] RSP: 002b:00007ffee2302390 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  353.594505][T12064] RAX: ffffffffffffffda RBX: 00007ff01f163880 RCX: 00007ff01eaa7407
[  353.594512][T12064] RDX: 0000000000000000 RSI: 00007ffee2302f1c RDI: ffffffffffffff9c
[  353.594518][T12064] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  353.594524][T12064] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  353.594530][T12064] R13: 00007ffee23025e0 R14: 00007ff01f268000 R15: 000055c7afa194d8
[  353.594540][T12064]  </TASK>
[  353.594543][T12064] 
[  353.641337][ T2298] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.89/input/input44
[  353.642110][T12064] Allocated by task 2298:
[  353.642119][T12064]  kasan_save_stack+0x33/0x60
[  353.642134][T12064]  kasan_save_track+0x14/0x30
[  353.645782][ T2298] em28xx 6-1:0.89: Remote control support is not available for this card.
[  353.646670][T12064]  __kasan_kmalloc+0xaa/0xb0
[  353.646684][T12064]  em28xx_v4l2_init+0x114/0x4080
[  353.646698][T12064]  em28xx_init_extension+0x13a/0x200
[  353.651272][   T29] em28xx 6-1:0.89: Closing input extension
[  353.651464][T12064]  request_module_async+0x61/0x70
[  353.653315][   T29] em28xx 6-1:0.89: Deregistering snapshot button
[  353.654677][T12064]  process_one_work+0x9cf/0x1b70
[  353.654698][T12064]  worker_thread+0x6c8/0xf10
[  353.654706][T12064]  kthread+0x3c5/0x780
[  353.702409][T12064]  ret_from_fork+0x675/0x7d0
[  353.703879][T12064]  ret_from_fork_asm+0x1a/0x30
[  353.705386][T12064] 
[  353.706131][T12064] Freed by task 2298:
[  353.707373][T12064]  kasan_save_stack+0x33/0x60
[  353.708857][T12064]  kasan_save_track+0x14/0x30
[  353.710511][T12064]  __kasan_save_free_info+0x3b/0x60
[  353.712137][T12064]  __kasan_slab_free+0x5f/0x80
[  353.713640][T12064]  kfree+0x2b8/0x6d0
[  353.714867][T12064]  em28xx_v4l2_init+0x22b5/0x4080
[  353.716421][T12064]  em28xx_init_extension+0x13a/0x200
[  353.718024][T12064]  request_module_async+0x61/0x70
[  353.718060][T12066] syzkaller1: entered promiscuous mode
[  353.719560][T12064]  process_one_work+0x9cf/0x1b70
[  353.719580][T12064]  worker_thread+0x6c8/0xf10
[  353.719588][T12064]  kthread+0x3c5/0x780
[  353.719601][T12064]  ret_from_fork+0x675/0x7d0
[  353.721411][T12066] syzkaller1: entered allmulticast mode
[  353.722804][T12064]  ret_from_fork_asm+0x1a/0x30
[  353.722822][T12064] 
[  353.722825][T12064] The buggy address belongs to the object at ffff88804998c000
[  353.722825][T12064]  which belongs to the cache kmalloc-8k of size 8192
[  353.722834][T12064] The buggy address is located 1856 bytes inside of
[  353.722834][T12064]  freed 8192-byte region [ffff88804998c000, ffff88804998e000)
[  353.722844][T12064] 
[  353.740274][T12064] The buggy address belongs to the physical page:
[  353.742275][T12064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49988
[  353.745066][T12064] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  353.747636][T12064] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  353.750096][T12064] page_type: f5(slab)
[  353.751386][T12064] raw: 04fff00000000040 ffff88801b443180 0000000000000000 dead000000000001
[  353.754050][T12064] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  353.756670][T12064] head: 04fff00000000040 ffff88801b443180 0000000000000000 dead000000000001
[  353.759323][T12064] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  353.762067][T12064] head: 04fff00000000003 ffffea0001266201 00000000ffffffff 00000000ffffffff
[  353.764701][T12064] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  353.767360][T12064] page dumped because: kasan: bad access detected
[  353.769339][T12064] page_owner tracks the page as allocated
[  353.771101][T12064] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11519, tgid 11518 (syz.1.1408), ts 327768154560, free_ts 325688353281
[  353.777705][T12064]  post_alloc_hook+0x1af/0x220
[  353.779268][T12064]  get_page_from_freelist+0x10a3/0x3a30
[  353.781050][T12064]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  353.782917][T12064]  alloc_pages_mpol+0x1fb/0x550
[  353.784485][T12064]  new_slab+0x24a/0x360
[  353.785810][T12064]  ___slab_alloc+0xd79/0x1a50
[  353.787263][T12064]  __slab_alloc.constprop.0+0x63/0x110
[  353.788988][T12064]  __kmalloc_noprof+0x501/0x880
[  353.790522][T12064]  n_hdlc_alloc_buf+0x5b/0xd0
[  353.792038][T12064]  n_hdlc_tty_open+0x257/0x540
[  353.793570][T12064]  tty_ldisc_open+0x9f/0x120
[  353.795067][T12064]  tty_set_ldisc+0x32b/0x780
[  353.796534][T12064]  tty_ioctl+0xc2d/0x1680
[  353.797887][T12064]  tty_compat_ioctl+0x24a/0x4d0
[  353.799382][T12064]  __ia32_compat_sys_ioctl+0x242/0x370
[  353.801063][T12064]  __do_fast_syscall_32+0x7c/0x300
[  353.802663][T12064] page last free pid 11491 tgid 11491 stack trace:
[  353.804660][T12064]  __free_frozen_pages+0x7df/0x1160
[  353.806294][T12064]  __put_partials+0x130/0x170
[  353.807758][T12064]  qlist_free_all+0x4d/0x120
[  353.809198][T12064]  kasan_quarantine_reduce+0x195/0x1e0
[  353.810906][T12064]  __kasan_slab_alloc+0x69/0x90
[  353.812398][T12064]  kmem_cache_alloc_noprof+0x250/0x6e0
[  353.814076][T12064]  vm_area_dup+0x27/0x8d0
[  353.815361][T12064]  __split_vma+0x18e/0x1070
[  353.816636][T12064]  vma_modify+0x16dc/0x2030
[  353.818130][T12064]  vma_modify_flags+0x212/0x2d0
[  353.819644][T12064]  mprotect_fixup+0x1df/0xb40
[  353.821125][T12064]  do_mprotect_pkey+0x9bc/0xd40
[  353.822632][T12064]  __ia32_sys_mprotect+0x75/0xb0
[  353.824163][T12064]  __do_fast_syscall_32+0x7c/0x300
[  353.825753][T12064]  do_fast_syscall_32+0x32/0x80
[  353.827247][T12064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  353.829252][T12064] 
[  353.830031][T12064] Memory state around the buggy address:
[  353.831832][T12064]  ffff88804998c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.834355][T12064]  ffff88804998c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.836798][T12064] >ffff88804998c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.839293][T12064]                                            ^
[  353.841374][T12064]  ffff88804998c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.844458][T12064]  ffff88804998c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  353.847116][T12064] ==================================================================
[  353.852640][T12064] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  353.854937][T12064] CPU: 0 UID: 0 PID: 12064 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  353.857729][T12064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  353.861027][T12064] Call Trace:
[  353.862108][T12064]  <TASK>
[  353.863050][T12064]  dump_stack_lvl+0x3d/0x1f0
[  353.864510][T12064]  vpanic+0x640/0x6f0
[  353.865785][T12064]  panic+0xca/0xd0
[  353.866976][T12064]  ? __pfx_panic+0x10/0x10
[  353.868418][T12064]  ? v4l2_fh_init+0x27d/0x2c0
[  353.869887][T12064]  ? preempt_schedule_common+0x44/0xc0
[  353.871584][T12064]  ? preempt_schedule_thunk+0x16/0x30
[  353.873262][T12064]  ? check_panic_on_warn+0x1f/0xb0
[  353.874883][T12064]  check_panic_on_warn+0xab/0xb0
[  353.876445][T12064]  end_report+0x107/0x170
[  353.877819][T12064]  kasan_report+0xee/0x110
[  353.879169][T12064]  ? v4l2_fh_init+0x27d/0x2c0
[  353.880625][T12064]  v4l2_fh_init+0x27d/0x2c0
[  353.882040][T12064]  v4l2_fh_open+0x64/0xa0
[  353.883369][T12064]  em28xx_v4l2_open+0x24e/0x7e0
[  353.884867][T12064]  v4l2_open+0x1d2/0x5e0
[  353.886213][T12064]  ? __pfx_v4l2_open+0x10/0x10
[  353.887720][T12064]  chrdev_open+0x234/0x6a0
[  353.889128][T12064]  ? __pfx_chrdev_open+0x10/0x10
[  353.890691][T12064]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  353.892601][T12064]  do_dentry_open+0x982/0x1530
[  353.894077][T12064]  ? __pfx_chrdev_open+0x10/0x10
[  353.895597][T12064]  vfs_open+0x82/0x3f0
[  353.896866][T12064]  path_openat+0x1de4/0x2cb0
[  353.898288][T12064]  ? __pfx_path_openat+0x10/0x10
[  353.899809][T12064]  ? __lock_acquire+0xb8a/0x1c90
[  353.901355][T12064]  do_filp_open+0x20b/0x470
[  353.902758][T12064]  ? __pfx_do_filp_open+0x10/0x10
[  353.904294][T12064]  ? alloc_fd+0x471/0x7d0
[  353.905670][T12064]  do_sys_openat2+0x11b/0x1d0
[  353.907101][T12064]  ? __pfx_do_sys_openat2+0x10/0x10
[  353.908692][T12064]  ? find_held_lock+0x2b/0x80
[  353.910133][T12064]  ? handle_mm_fault+0x2ab/0xd10
[  353.911701][T12064]  __x64_sys_openat+0x174/0x210
[  353.913225][T12064]  ? __pfx___x64_sys_openat+0x10/0x10
[  353.914923][T12064]  ? do_user_addr_fault+0x843/0x1370
[  353.916506][T12064]  do_syscall_64+0xcd/0xfa0
[  353.917911][T12064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.919747][T12064] RIP: 0033:0x7ff01eaa7407
[  353.921154][T12064] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  353.926908][T12064] RSP: 002b:00007ffee2302390 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  353.929453][T12064] RAX: ffffffffffffffda RBX: 00007ff01f163880 RCX: 00007ff01eaa7407
[  353.931806][T12064] RDX: 0000000000000000 RSI: 00007ffee2302f1c RDI: ffffffffffffff9c
[  353.934245][T12064] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  353.936679][T12064] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  353.939113][T12064] R13: 00007ffee23025e0 R14: 00007ff01f268000 R15: 000055c7afa194d8
[  353.941586][T12064]  </TASK>
[  353.943315][T12064] Kernel Offset: disabled
[  353.944688][T12064] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:30:41  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8526ae75 RDI=ffffffff9adc5e20 RBP=ffffffff9adc5de0 RSP=ffffc90003cef2f8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000038 R14=ffffffff9adc5de0 R15=ffffffff8526ae10
RIP=ffffffff8526ae9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff01f163880 ffffffff 00c00000
GS =0000 ffff88809780d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f741adec CR3=000000004ae5d000 CR4=00352ef0
DR0=000000006000003f DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000009000000 Opmask01=0000000000000000 Opmask02=00000000ffff7fdf Opmask03=00000000feffff7f
Opmask04=00000000fffffffe Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f44834a370 000055f421228040
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f44834a370
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f448324d30
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f44831d630
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1de9df1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000000000ff 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737162 7373268264730a07
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 737365636f727020 756c6c2520716573 006e6f6974697472 6170006b636f6c62
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656469762f78756e 696c346f65646976 2f39382e303a312d 362f312d362f3662
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003330316f656469 762f78756e696c34 6f656469762f3938 2e303a312d362f31
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2d362f366273752f 312e6463685f796d 6d75642f6d726f66 74616c702f736563
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000071 0000000000000031 326c6c696b66722f 0849eef5c10619f4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 326c6c696b66722f 0849eef5c10619f4 2d9c46b94d8b86f1 257812b5319c1b90
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f448312910 00000000000001d1 2f6f696676000031
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f448061910 00000000000001d1 256f126631000031
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffff88802b23a4d8 RCX=0000000000000000 RDX=0000000000000000
RSI=ffffffff8bf07840 RDI=ffffffff8bf07880 RBP=0000000000000000 RSP=ffffc900035eef18
R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff908251d7 R11=0000000000000000
R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8b60b7a0 RFL=00000096 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809790d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c34f7e5 CR3=0000000013639000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000002000008fd RBX=ffff888074574900 RCX=0000000000000830 RDX=0000000000000002
RSI=00000000000000fd RDI=0000000000000002 RBP=0000000000000010 RSP=ffffc90006f8f588
R8 =0000000000000000 R9 =fffffbfff2104a3a R10=ffffffff908251d7 R11=0000000000000001
R12=1ffff92000df1eb2 R13=0000000000000004 R14=0000000000000001 R15=ffffc90006f8f5b0
RIP=ffffffff816a2ae8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097a0d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73a5600 CR3=0000000013639000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000006daf5b RBX=0000000000000003 RCX=ffffffff8b5dc2a9 RDX=0000000000000000
RSI=ffffffff8da29704 RDI=ffffffff8bf078c0 RBP=ffffed10037e7000 RSP=ffffc9000048fde8
R8 =0000000000000001 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001
R12=0000000000000003 R13=ffff88801bf38000 R14=ffffffff908251d0 R15=0000000000000000
RIP=ffffffff8b5dad5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097b0d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008000f000 CR3=00000000288b2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000