last executing test programs:

5.722191906s ago: executing program 1 (id=1152):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x7})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$fuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000002907000027bd7000004000000500e4ff2f7a0800018078a429fdcf54b324cce529a6dd911249f2023311196fe1f8ee4da502ffa9129a3589f48209933f6c230b1b20fe29b496eb72a15fcd521460a4c345f079fd7963776a17f2ec6f1864fe49922d0330"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000004)
socket$kcm(0x10, 0x2, 0x0)
r4 = fsopen(&(0x7f0000001680)='nilfs2\x00', 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x2, 0xa, 0x2)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r5}, 0x18)
socket$isdn(0x22, 0x2, 0x26)
socket$inet_udplite(0x2, 0x2, 0x88)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x6000000, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, 0x0}, 0x108)
r7 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r8=>0x0, &(0x7f0000000100)=<r9=>0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r10, &(0x7f0000000180)=ANY=[@ANYRES64=r6], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r10, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x28, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)={0x20002002}, r4, 0x1, 0x0, 0x1})
io_uring_enter(r7, 0x2d3c, 0x0, 0x0, 0x0, 0x0)

5.570909019s ago: executing program 1 (id=1155):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='sys_exit\x00', r0}, 0x18)
utime(&(0x7f0000000040)='./file0\x00', 0x0)

5.520580264s ago: executing program 1 (id=1157):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x40, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="a40000000001030000000000141a000002000089240001801400018008000100ac1414bb08000200ffffffff0c00028005000100000000005c0002802c00018014000300fe88000000000000000000000000010114000400fe8000000000000000000000000000aa2c000180140003000000000000000008ce9a805a8adfc0001400040000000000000000000000ffff64010102080007c00000000108000c40000000019f9b9ef42eb6d7a1f2dac69e9ab32ebb4867b3f46101470d80e090bc385f19465c60ce6b665801e4aeff9664e571f8681be8a33dd5ed5881050dca1b99c0357b09da92fb038b986f0c54c805095d66bfa9741d4452ccaccec6972fef11ce0a7bfb04fcb058fff759c4a76d7df7be4f5118acf190214d4657484beb348bfab1f156689682e93abb5cf994472b0333a8bdb1a1a833b43d03be4b85cd9658361f2ae152fc482a15531cc4e938b58d1352761a61a01ae979f6ea27c28e8379a695cf5df83b74d00109257054e3688d36790c7866571e4341bae41553bd630a04bdf5667ec98d311e341641fe7939247c95a5c3bf8d42a03be6ee50bf41e46c4a53dcdb5db3c79361542bd360e6699f2de261480565d3e536e82681e44fe899a7e3db5c10d247b66b133d655ac2a73cbc4ced3dae1c3224eb497cafbeed7fde6fdcec67673dd4f4445836f0a88261be2d3cc4631d0aca02baf3e16336a85f80e74f1831001ce4e5"], 0xa4}, 0x1, 0x0, 0x0, 0x48800}, 0x8004)
chdir(&(0x7f0000000100)='./file0\x00')
openat$procfs(0xffffffffffffff9c, &(0x7f0000000780)='/proc/keys\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x10f042, 0x100)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x1b)
write(r2, &(0x7f0000000500)="94371c0d94f54bba46b4356beb9a74a81c71456e5e925cd59e8a472375f08c6e42b5d922069a7d195a070de507c104c42a68e69bc25228258de8a188b133ead021063f6a4be78d9a309e011a28a5a314bbca1738d3e789dab8a4f5427388d9e302452c177f0e46e74ad1afd027756e22fbcdd4dd422246eb584cf36df196dbc8c232c230534712ab0f06de69c3ac6c5140e8fc8f091eae05e0e52a5c964772736d024c31771ca545fafdf3dedc4488f1bb80e09d848104d88dd46530cb067aae5e8ee522f071e764378cea0119c65187601f08a786a49aba32aa72b1ec4a56eb5961823fee80e87f272526840c331a3fdda0b873423bfa76ac47df5a720c63ea2602b6", 0xffffffffffffff01)
sendfile(r2, r1, 0x0, 0x3ffff)

3.286857236s ago: executing program 0 (id=1168):
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}}}, 0xd)
fcntl$getown(0xffffffffffffffff, 0x9)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = add_key$keyring(&(0x7f0000000500), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0x3c0a, r1)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x80, 0x0, 0x1, 0x401, 0x11, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @empty}}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x1a}}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x4, 0xf}]}, 0x80}}, 0x4000001)
openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000122000/0x1000)=nil, 0x1000, &(0x7f0000000000))
socket$nl_crypto(0x10, 0x3, 0x15)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40804}, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000040)=0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sndseq(0xffffff9c, &(0x7f00000001c0), 0x3dff14d69da6e022)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x1e, 0x4, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r6, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4)

2.403189351s ago: executing program 2 (id=1174):
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0)="1d", 0xfffff, 0xfffffffffffffffe)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18)
socket(0x15, 0x3, 0x11f)
io_uring_setup(0x1ddd, &(0x7f00000000c0)={0x0, 0x45d7, 0x2, 0x0, 0x0, 0x0, r1})
r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc2c45512, &(0x7f00000003c0)={{0x9, 0x1, 0x4, 0x6, 'syz0\x00', 0x63}, 0x0, [0xfffffd57, 0x2, 0x5, 0x687, 0x74859519, 0x6, 0x2, 0x4, 0x2, 0x2, 0x7ffc, 0x6, 0x4a13, 0xa, 0x6, 0x8, 0xfffffff8, 0xfffffff8, 0x10, 0x8, 0x7ff, 0x9, 0x10, 0x9, 0x10000, 0xac7, 0x10000, 0x3, 0x81, 0x2, 0x3, 0x5, 0x15, 0x1, 0x10000, 0x2, 0x8, 0x4, 0x8, 0x7, 0xfffffff7, 0x401, 0x1, 0x1, 0x5, 0x1, 0x1, 0xffffff95, 0x1, 0x5354fdb3, 0x6, 0x9, 0xcd, 0xf, 0x4, 0xfff, 0x1, 0x6, 0x800, 0x3, 0x80000000, 0x8, 0x7, 0x7, 0x4, 0x5, 0xc, 0x81, 0x1ff, 0x3, 0x7, 0x101, 0x6, 0x20000, 0x2, 0xfffffffa, 0x66, 0x3, 0x4, 0x800, 0x4, 0x3ff, 0x0, 0x8, 0x2, 0x4, 0x9, 0x0, 0x2, 0x3ff, 0x81, 0x6, 0x8, 0x8d3a, 0x0, 0x9, 0xf38f, 0xd926, 0x2, 0x1, 0x2, 0x3, 0x9, 0x3, 0x3, 0x4, 0x6, 0x10000, 0x8, 0x32284b62, 0x5, 0x8490, 0xdd00, 0xb, 0xfffff801, 0x7bd4, 0x7, 0xffffffff, 0x6, 0x1, 0x10000, 0x2, 0x1, 0x549ac63b, 0x5, 0x4, 0x8001, 0x2]})

2.340161572s ago: executing program 2 (id=1175):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x7})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$fuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000002907000027bd7000004000000500e4ff2f7a0800018078a429fdcf54b324cce529a6dd911249f2023311196fe1f8ee4da502ffa9129a3589f48209933f6c230b1b20fe29b496eb72a15fcd521460a4c345f079fd7963776a17f2ec6f1864fe49922d0330"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000004)
socket$kcm(0x10, 0x2, 0x0)
r4 = fsopen(&(0x7f0000001680)='nilfs2\x00', 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x2, 0xa, 0x2)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r5}, 0x18)
socket$isdn(0x22, 0x2, 0x26)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x6000000, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, 0x0}, 0x108)
r6 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[@ANYRES64], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x28, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)={0x20002002}, r4, 0x1, 0x0, 0x1})
io_uring_enter(r6, 0x2d3c, 0x0, 0x0, 0x0, 0x0)

2.241651739s ago: executing program 0 (id=1176):
r0 = io_uring_setup(0x669, &(0x7f00000002c0))
setresuid(0xffffffffffffffff, 0xffffffffffffffff, 0xee01)
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x2000000, r1)

2.218137093s ago: executing program 0 (id=1177):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_open_procfs(0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000100)={r4, 0x0, 0x3, 0x0, 0x10, 0x7}, 0x14)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000100)=<r5=>0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_gettime(r5, &(0x7f0000000240))
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r7, 0x80, 0x9058f1eb70562f67, 0x1}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x7)

2.209696206s ago: executing program 2 (id=1178):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x501300, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
close(r1)
sendmsg$unix(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32], 0x18}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200))
recvmsg$unix(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x100)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@newlinkprop={0x170, 0x6c, 0x300, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x400, 0x2000}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x1}, @IFLA_VFINFO_LIST={0x148, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x200, 0x8}}]}, {0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x4000000, @broadcast}}]}, {0x8c, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x4, 0xea, 0x8}}, @IFLA_VF_TRUST={0xc, 0x9, {0x1000, 0x5}}, @IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x5, 0x5ca, 0xb, 0x8100}}, {0x14, 0x1, {0xfffffffd, 0xde8, 0x5, 0x8100}}]}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x9, 0x8000}}, @IFLA_VF_TRUST={0xc, 0x9, {0x1600000, 0x2af3}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x1, 0x5}}, @IFLA_VF_VLAN={0x10, 0x2, {0x9, 0x2be, 0x4}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x8000, 0x1}}]}, {0x54, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x3c, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}}, @IFLA_VF_VLAN={0x10, 0x2, {0xa34, 0x9e0, 0x3}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x1}}, @IFLA_VF_TRUST={0xc, 0x9, {0x7d, 0x2}}]}, {0x14, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0x399c, 0x5}}]}, {0x4}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0xe, 0x1}}]}]}]}, 0x170}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2000000076000d0b00400000000000000300000000000000080001000200"], 0x20}}, 0x0)
r3 = gettid()
ptrace$PTRACE_SETSIGMASK(0x420b, r3, 0x8, &(0x7f00000000c0)={[0x7, 0x25]})
r4 = dup(r0)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0xdc0b, 0x10100, 0x0, 0x20e, 0x0, r4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000380)={0x4, 0x0, [{0xf000, 0x1000, &(0x7f00000007c0)=""/4096}, {0x4, 0x1, &(0x7f0000000100)=""/1}, {0xd000, 0x8, &(0x7f0000000140)=""/8}, {0x0, 0x0, 0x0}]})
io_uring_enter(r5, 0x2deb, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r8=>0xffffffffffffffff})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
splice(r8, 0x0, r9, 0x0, 0x4ffe6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

1.865338714s ago: executing program 0 (id=1179):
syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x2000000, 0x10100, 0x0, 0x215}, 0x0, &(0x7f0000000240))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)

1.837670305s ago: executing program 0 (id=1181):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000380)='\x00', 0x89901)
fchdir(r0)
close(r0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x8000, &(0x7f0000000200)={0x7, 0x0, 0x40000}, 0x20)
mkdir(0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0xfffffffffffffca6, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x40, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000001, 0xe95, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff1e, 0x809, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x1}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x24008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
socket(0x1e, 0x5, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
io_uring_enter(r4, 0x47f6, 0x71e, 0x0, 0x0, 0x0)

1.758407096s ago: executing program 3 (id=1183):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f0000000040)={0xffffffffffffffff, 0x2, "ecb3e0", 0xff, 0x80})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$usbfs(0x0, 0x85c, 0x1f59c0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0x3)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x2)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

1.660502211s ago: executing program 3 (id=1184):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0)
pipe2(&(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000300), r1)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="1709000000000000000001000000050007000200000008000a0000000000060002000100000008001700", @ANYRES32=r4, @ANYBLOB="2c1636420f0849391b4a318e00"], 0x3c}}, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x2, 0x0, 0x0)
sendmsg$inet(r5, &(0x7f0000000340)={&(0x7f0000000400)={0x2, 0x4001, @rand_addr=0x64010102}, 0x10, 0x0}, 0x400c0)
sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000c80)="9930f8f79cf9c4ca571ddc430e4bb2416474789226b401900452a8c1b04fe141f9f17f730296540034add272117195450ac1e3169dc19db331e876874504c9b45fee55e0a47a3bc54afb215f262c216bccd101d32272e50ff31642c681bfbfa5db93e37db767565c87c28864e209ba06ef235e0e0363db9d11c0303b84bc88fba504cb471f1d3d82aa63306e6163c7f96e15c569ea3abadbe076ac4a798110df90544fb2d67f09ca56a6d8236265fbd4a9d3245eaffd1fe31276daf5fd2f16992b0b1572189fbab3152d93b65276091f7b805e5227609b779f5caad76e7282b9ee7755dddbb3fc2c15d5b4c281c2d1530cc1e79c8ba0b24a5b317d37b2a5b47c6d2a21b1d1ad95fdebb0b5bd55efc22fd6230df1e13254ca6a22365c9b5c04feba25c9ae54b720f921c4824b0bc4cf21cc30218ba81d03778bf5ea4bd5bda58b2a54d8005b38e2966de4e2273be36dbf9910351437ba452b86c85db6f06fa0418acbd2e3561be61ac641f9c33dc32524cba6ff99db6484f7edf85712c07e610c0ad068a0ca18144edaff0ab1643679e98c48d578e5797ba1209e251c9be13668efd5f08926772ea1f9f4135c1895a1a2367a6d8c5a44b8966e16713e8512805629ddccf8", 0x1c4}], 0x1}, 0x4c080)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x3e, &(0x7f0000000100)=r6, 0x4)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000000)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r7=>0x0, 0x1})
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r6, 0x3b89, &(0x7f0000000180)={0x28, 0x3, r7, r8, 0x0, 0x0, 0x0, 0x74, &(0x7f0000000100)="6a5d039cb662a9800ff4a11302711000fbc62392cb87b198ff45dc13fcb6d5927f7d75c8927412a4cd68c7cc63c94b916b4a9f392c599f481c7b87836fc1a1ad93bb03a76cbf0cf107b62acdc994ba5464b409e041f5ae4cff90ced2815c03497fbb59f64e255c4182b247cd18c5a0f597002216"})
mmap(&(0x7f00000b6000/0x1000)=nil, 0x1000, 0x1000000, 0x1010, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r9 = syz_clone(0x314db89d296967bb, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r10)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$TUNSETOFFLOAD(r10, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r10, 0x40047451, &(0x7f0000001200))
ptrace(0x10, r9)
ptrace$poke(0x5, r9, &(0x7f0000000080), 0x0)

1.561555154s ago: executing program 1 (id=1185):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="090000044fe5892da01bf28ea7a9d62382cde0721a26a3ab5696b8769306e59b81237e06337a48153bab3d9bed7e9582b1b3bd51f6fd34975a671308bcf9c1741c3b3040d03b277655061ebf85b9bc01116724f4138883d044454af181b475e1f67ef090b2e0aa84a7116a040cb3ace963aa93b3934da302ff6d00bc28d9f97863e4e815855a4d44eb776300c4393ef326fea159b866c131a70b209c70dc69d0c1a18da519803d35de32988cdd2fc6be983d7a590f6cc5449990c493f1e1dbd7b939e9c5b155efbb17a42ff871ffe60d826e415c91d71cbc73686e1cce6da1c79067ff3a8cb107f4ded3e7", @ANYRESOCT=r0, @ANYBLOB="59cf000000000000000008000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0xff2e)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>r3, {0x2}}, './file0\x00'})
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x48000)
ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000140)=r5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_emit_ethernet(0x0, 0x0, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, 0x0, 0x0)
r8 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r8, 0x0)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r9, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x802)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)

1.423097115s ago: executing program 3 (id=1186):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x7})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$fuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000002907000027bd7000004000000500e4ff2f7a0800018078a429fdcf54b324cce529a6dd911249f2023311196fe1f8ee4da502ffa9129a3589f48209933f6c230b1b20fe29b496eb72a15fcd521460a4c345f079fd7963776a17f2ec6f1864fe49922d0330"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000004)
socket$kcm(0x10, 0x2, 0x0)
r4 = fsopen(&(0x7f0000001680)='nilfs2\x00', 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x2, 0xa, 0x2)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r5}, 0x18)
socket$isdn(0x22, 0x2, 0x26)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x6000000, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, 0x0}, 0x108)
r6 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=<r7=>0x0, &(0x7f0000000100)=<r8=>0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[@ANYRES64], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x28, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)={0x20002002}, r4, 0x1, 0x0, 0x1})
io_uring_enter(r6, 0x2d3c, 0x0, 0x0, 0x0, 0x0)

1.320660758s ago: executing program 2 (id=1187):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a18010000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000002cd40009800800014000000006c80002800c00018008000140000000032400018008000140000000070800014000000008080001400000000908000140000000080c000180080001400000000a240001800800014000000006"], 0x140}}, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x4000020)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0xa, 0x922000000003, 0x11)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1, 0xfffffffd}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r4, 0x20, &(0x7f0000000100)={0x0, 0x0, <r5=>0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x61900, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='inet_sk_error_report\x00', r6}, 0x18)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r8, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x3, 0x7ffffffc}, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000003c0)=[@in6={0xa, 0x4e24, 0xfffffff2, @mcast1, 0x81}, @in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e23, 0x9, @loopback, 0x3}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}, @in6={0xa, 0x4e22, 0x3, @mcast1, 0x8}, @in6={0xa, 0x4e24, 0x3, @dev={0xfe, 0x80, '\x00', 0x10}, 0x7ae}, @in6={0xa, 0x4e23, 0x7, @mcast2}], 0xac)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000108000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0040000000000000080004004400000008001b0000000000"], 0x30}}, 0x0)

1.281286853s ago: executing program 3 (id=1188):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_open_procfs(0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000100)={r4, 0x0, 0x3, 0x0, 0x10, 0x7}, 0x14)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000100)=<r5=>0x0)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_gettime(r5, &(0x7f0000000240))
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r7, 0x80, 0x9058f1eb70562f67, 0x1}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x7)

381.543291ms ago: executing program 1 (id=1189):
syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x2000000, 0x10100, 0x0, 0x215}, 0x0, &(0x7f0000000240))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)

371.326438ms ago: executing program 2 (id=1190):
syz_open_dev$video(&(0x7f0000000440), 0x4, 0x80c00)
r0 = syz_io_uring_setup(0x1e1e, 0x0, &(0x7f0000002000)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000002140)=""/4088, 0xff8}], 0x4, 0x4, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000002500)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000340)="7fb732516ee9d6"})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000140)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r5}}, 0x20)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x4c, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0)
io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0)

359.10343ms ago: executing program 1 (id=1191):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x4001, 0x3, 0x474, 0x0, 0x4c00, 0x148, 0x2e4, 0x148, 0x3e0, 0x240, 0x240, 0x3e0, 0x240, 0x3, 0x0, {[{{@ip={@rand_addr, @remote, 0x0, 0x0, 'vxcan1\x00', 'lo\x00', {}, {}, 0x1}, 0x0, 0x2c4, 0x2e4, 0x0, {}, [@common=@icmp={{0x24}, {0x0, "91db"}}, @common=@unspec=@bpf1={{0x230}, @fd}]}, @unspec=@NOTRACK={0x20}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'batadv_slave_1\x00', 'vlan1\x00'}, 0x0, 0x9c, 0xfc, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x4d0)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x20000041, &(0x7f0000000200)={0xa, 0x4e23, 0x80000001, @loopback, 0xe}, 0xffffffffffffff78)
openat$sw_sync_info(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
openat$audio1(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x10, &(0x7f0000000480)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x4, 0x9c, &(0x7f0000000140)=""/156, 0x41000, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
timer_settime(r3, 0x0, &(0x7f0000000040)={{}, {0x77359400}}, &(0x7f00000000c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x8800, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000001340)={0x0, 0x0, 0x2, 0xffffffffffffffff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
socket$inet(0x2, 0x2, 0xfffffffd)
timer_settime(0x0, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x80000, 0x400005)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x1, 0x4)
fchdir(r6)

243.993397ms ago: executing program 2 (id=1192):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$sock(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@in6={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0x18}, 0x60}, 0x80, 0x0}}], 0x2, 0x48094)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x50313134, 0x0, 0xa, [{}, {0x10}, {}, {}, {0x6}]}})
socket(0x2c, 0x803, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={0x7c, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x7c}}, 0x4014)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000400), 0x1, 0x1)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000280)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0], &(0x7f0000000200), 0x7})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000540)={0x0, 0x1, &(0x7f0000000440)=[0x0], &(0x7f0000000580)=[0xf], &(0x7f00000002c0)=[r4], &(0x7f00000005c0), 0x0, 0x2})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5640, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r7, 0x0, 0x0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
add_key(0x0, 0x0, &(0x7f0000000580)="fb9c", 0x2, 0x0)

149.111132ms ago: executing program 3 (id=1193):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00003900000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

35.657192ms ago: executing program 0 (id=1194):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x40, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="a40000000001030000000000141a000002000089240001801400018008000100ac1414bb08000200ffffffff0c00028005000100000000005c0002802c00018014000300fe88000000000000000000000000010114000400fe8000000000000000000000000000aa2c000180140003000000000000000008ce9a805a8adfc0001400040000000000000000000000ffff64010102080007c00000000108000c40000000019f9b9ef42eb6d7a1f2dac69e9ab32ebb4867b3f46101470d80e090bc385f19465c60ce6b665801e4aeff9664e571f8681be8a33dd5ed5881050dca1b99c0357b09da92fb038b986f0c54c805095d66bfa9741d4452ccaccec6972fef11ce0a7bfb04fcb058fff759c4a76d7df7be4f5118acf190214d4657484beb348bfab1f156689682e93abb5cf994472b0333a8bdb1a1a833b43d03be4b85cd9658361f2ae152fc482a15531cc4e938b58d1352761a61a01ae979f6ea27c28e8379a695cf5df83b74d00109257054e3688d36790c7866571e4341bae41553bd630a04bdf5667ec98d311e341641fe7939247c95a5c3bf8d42a03be6ee50bf41e46c4a53dcdb5db3c79361542bd360e6699f2de261480565d3e536e82681e44fe899a7e3db5c10d247b66b133d655ac2a73cbc4ced3dae1c3224eb497cafbeed7fde6fdcec67673dd4f4445836f0a88261be2d3cc4631d0aca02baf3e16336a85f80e74f1831001ce4e5"], 0xa4}, 0x1, 0x0, 0x0, 0x48800}, 0x8004)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x10f042, 0x100)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x1b)
write(r2, &(0x7f0000000500)="94371c0d94f54bba46b4356beb9a74a81c71456e5e925cd59e8a472375f08c6e42b5d922069a7d195a070de507c104c42a68e69bc25228258de8a188b133ead021063f6a4be78d9a309e011a28a5a314bbca1738d3e789dab8a4f5427388d9e302452c177f0e46e74ad1afd027756e22fbcdd4dd422246eb584cf36df196dbc8c232c230534712ab0f06de69c3ac6c5140e8fc8f091eae05e0e52a5c964772736d024c31771ca545fafdf3dedc4488f1bb80e09d848104d88dd46530cb067aae5e8ee522f071e764378cea0119c65187601f08a786a49aba32aa72b1ec4a56eb5961823fee80e87f272526840c331a3fdda0b873423bfa76ac47df5a720c63ea2602b6", 0xffffffffffffff01)
sendfile(r2, r1, 0x0, 0x3ffff)

0s ago: executing program 3 (id=1195):
socket(0x10, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
openat$rtc(0xffffff9c, 0x0, 0x8103, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @raw_data="142bf3c2bc823027a879a9ec9b1f76959080f9c1bee9a9fd8fcef19f943ac0a1e26ecb1f30e4e2ca1157ffc8c00473b8b1786bca0977e5d5ae69f4acff493dc9a679f5070a10f477dd5b91236443ccfd8f1ca96fe930be3a50c10c84dca3931ac5bba4d04f3b2b8c9bc848cf24ef9d43be7fddec1b1dfa4f8710698d64662e3809857dc1ff57bc56070ef5172db7d2df67fe59cb348e0ad9ad8e1fcecc012d12e239b4a58343185c020ee83663512ccd8a5258760c86715b035dde6f27f9daf9ef3592f5b950c3c0"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$uinput(0xffffff9c, 0x0, 0x802, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0x2, 0x4)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x300000f, 0x4010, 0xffffffffffffffff, 0x0)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0)
syz_usb_disconnect(r1)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x10010, 0xffffffffffffffff, 0xbaecf000)
request_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex;De', 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
ioctl$VHOST_GET_FEATURES(0xffffffffffffffff, 0x8008af00, &(0x7f0000000000))
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c"], 0x4c}}, 0x2)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)

kernel console output (not intermixed with test programs):

][   T60] usb 6-1: USB disconnect, device number 4
[   88.483530][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   89.143290][ T6950] netlink: 'syz.0.243': attribute type 1 has an invalid length.
[   89.159962][ T5972] Bluetooth: hci1: unexpected event for opcode 0x041b
[   89.262910][ T6950] 8021q: adding VLAN 0 to HW filter on device bond1
[   89.745071][ T6969] e1000e 0000:00:02.0 eth1: NIC Link is Down
[   89.771727][ T6979] sp0: Synchronizing with TNC
[   90.041058][ T6984] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   90.148593][ T6990] __nla_validate_parse: 6 callbacks suppressed
[   90.148604][ T6990] netlink: 28 bytes leftover after parsing attributes in process `syz.2.253'.
[   90.154559][ T6990] netlink: 28 bytes leftover after parsing attributes in process `syz.2.253'.
[   90.966033][ T7000] netlink: 4 bytes leftover after parsing attributes in process `syz.2.256'.
[   91.267892][ T7005] random: crng reseeded on system resumption
[   91.507222][ T5972] Bluetooth: hci2: unexpected event for opcode 0x041b
[   92.045779][ T7012] netlink: 16 bytes leftover after parsing attributes in process `syz.2.260'.
[   92.121036][ T7014] syzkaller0: entered promiscuous mode
[   92.124444][ T7014] syzkaller0: entered allmulticast mode
[   92.487550][ T7020] sp0: Synchronizing with TNC
[   93.550664][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.740204][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.745852][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.748177][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.750496][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.753005][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.755301][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.757574][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.759921][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.762297][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.765820][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.768135][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.770524][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.773233][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.775537][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.777813][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.780141][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.782420][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.786098][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.788393][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.790698][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.793053][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.795442][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.799450][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.801813][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.804195][ T7023] netlink: 28 bytes leftover after parsing attributes in process `syz.3.264'.
[   93.806787][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.810288][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.812585][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.815055][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.817340][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.817870][ T7023] netlink: 28 bytes leftover after parsing attributes in process `syz.3.264'.
[   93.819670][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.825816][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.828119][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.830450][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.832914][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.835253][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.838171][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.840541][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.846378][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.850899][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.854478][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.856844][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.859214][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.861716][ T5999] hid-generic 0000:0000:0008.0004: unknown main item tag 0x0
[   93.881682][ T5999] hid-generic 0000:0000:0008.0004: hidraw1: <UNKNOWN> HID vc.87 Device [syz0] on syz1
[   93.941088][ T7026] fido_id[7026]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   94.010487][ T7033] netlink: 4 bytes leftover after parsing attributes in process `syz.3.266'.
[   94.076556][ T7033] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[   94.117711][ T7033] binder: Unknown parameter '"a²Ñ¨
[   94.117711][ T7033] '
[   94.916900][ T7052] fuse: Bad value for 'fd'
[   94.922334][ T7052] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   94.925939][ T7052] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   94.928691][ T7052] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   94.932258][ T7052] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   94.939663][ T7052] geneve2: entered promiscuous mode
[   94.943844][ T7052] geneve2: entered allmulticast mode
[   94.998576][ T7059] sp0: Synchronizing with TNC
[   95.101599][ T7061] netlink: 28 bytes leftover after parsing attributes in process `syz.0.274'.
[   95.112964][ T7061] netlink: 28 bytes leftover after parsing attributes in process `syz.0.274'.
[   95.294800][ T7063] /dev/sr0: Can't open blockdev
[   95.534021][ T7070] Device name cannot be null; rc = [-22]
[   95.555033][ T7070] overlayfs: conflicting lowerdir path
[   95.661290][ T7069] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[   95.663414][ T7069] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   95.718420][ T7069] vhci_hcd vhci_hcd.0: Device attached
[   95.885922][ T7077] tls_set_device_offload: netdev not found
[   95.992894][  T840] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[   96.053145][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   96.212807][   T24] usb 6-1: Using ep0 maxpacket: 32
[   96.215922][   T24] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   96.221534][   T24] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   96.225618][   T24] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   96.228766][   T24] usb 6-1: Product: syz
[   96.230510][   T24] usb 6-1: Manufacturer: syz
[   96.232358][   T24] usb 6-1: SerialNumber: syz
[   96.235786][   T24] usb 6-1: config 0 descriptor??
[   96.238665][ T7069] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   96.323177][ T5964] Bluetooth: hci0: command 0x0c1a tx timeout
[   96.342906][   T29] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[   96.444371][ T1021] usb 6-1: USB disconnect, device number 5
[   96.447178][ T7072] vhci_hcd: connection reset by peer
[   96.449108][ T1142] vhci_hcd: stop threads
[   96.450535][ T1142] vhci_hcd: release socket
[   96.452142][ T1142] vhci_hcd: disconnect device
[   96.453024][   T60] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   96.495007][   T29] usb 8-1: config 0 has no interfaces?
[   96.496787][   T29] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   96.499855][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.511486][   T29] usb 8-1: config 0 descriptor??
[   96.604993][   T60] usb 5-1: config 0 has no interfaces?
[   96.607289][   T60] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   96.610955][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.618018][   T60] usb 5-1: config 0 descriptor??
[   96.806722][   T24] usb 8-1: USB disconnect, device number 5
[   96.898067][   T60] usb 5-1: USB disconnect, device number 4
[   97.497039][ T7103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'.
[   97.500998][ T7103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'.
[   98.028920][ T7116] netlink: 4 bytes leftover after parsing attributes in process `syz.0.291'.
[   98.055799][ T7116] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[   98.068514][ T7116] binder: Unknown parameter '"a²Ñ¨
[   98.068514][ T7116] '
[   98.249335][ T7121] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[   98.292445][ T7126] lo speed is unknown, defaulting to 1000
[   98.402789][ T5972] Bluetooth: hci0: command 0x0c1a tx timeout
[   98.672860][   T29] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[   98.771903][ T7152] netlink: 5 bytes leftover after parsing attributes in process `syz.1.301'.
[   98.772702][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.780745][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.784319][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.790287][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.792658][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.795594][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.798440][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.806826][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.813061][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.815377][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.817657][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.820845][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.823813][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.826098][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.828372][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.831342][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.834825][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.837137][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.839439][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.841804][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.844388][   T29] usb 8-1: config 0 has no interfaces?
[   98.844918][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.846534][   T29] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   98.848797][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.848811][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.848823][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.848834][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.852225][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.865217][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.865794][   T29] usb 8-1: config 0 descriptor??
[   98.870214][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.872578][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.875518][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.877816][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.880121][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.883049][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.887033][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.889794][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.892144][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.894843][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.897211][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.899532][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.901809][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.904398][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.906682][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.909037][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.911327][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.913966][ T5999] hid-generic 0000:0000:0008.0005: unknown main item tag 0x0
[   98.917976][ T5999] hid-generic 0000:0000:0008.0005: hidraw1: <UNKNOWN> HID vc.87 Device [syz0] on syz1
[   98.951008][ T7159] binder: 7158:7159 ioctl c0046209 0 returned -22
[   98.969434][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.302'.
[   98.971611][ T7161] fido_id[7161]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[   98.990946][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.302'.
[   99.144450][  T839] usb 8-1: USB disconnect, device number 6
[   99.761908][ T7169] lo: entered allmulticast mode
[   99.766349][ T7169] tunl0: entered allmulticast mode
[   99.769472][ T7169] gre0: entered allmulticast mode
[   99.776143][ T7169] gretap0: entered allmulticast mode
[   99.779464][ T7169] erspan0: entered allmulticast mode
[   99.786527][ T7169] ip_vti0: entered allmulticast mode
[   99.789467][ T7169] ip6_vti0: entered allmulticast mode
[   99.792907][ T7169] sit0: entered allmulticast mode
[   99.796560][ T7169] ip6tnl0: entered allmulticast mode
[   99.797644][ T7172] block device autoloading is deprecated and will be removed.
[   99.799472][ T7169] ip6gre0: entered allmulticast mode
[   99.805352][ T7169] syz_tun: entered allmulticast mode
[   99.808646][ T7169] ip6gretap0: entered allmulticast mode
[   99.812575][ T7169] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.815707][ T7169] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.819166][ T7169] bridge0: entered allmulticast mode
[   99.822376][ T7169] vcan0: entered allmulticast mode
[   99.825616][ T7169] bond0: entered allmulticast mode
[   99.827253][ T7169] bond_slave_0: entered allmulticast mode
[   99.829024][ T7169] bond_slave_1: entered allmulticast mode
[   99.832203][ T7169] team0: entered allmulticast mode
[   99.834247][ T7169] team_slave_0: entered allmulticast mode
[   99.836143][ T7169] team_slave_1: entered allmulticast mode
[   99.838203][ T7169] dummy0: entered allmulticast mode
[   99.847450][ T7169] nlmon0: entered allmulticast mode
[   99.850292][ T7169] caif0: entered allmulticast mode
[   99.852300][ T7169] batadv0: entered allmulticast mode
[   99.857372][ T7169] vxcan0: entered allmulticast mode
[   99.859495][ T7169] vxcan1: entered allmulticast mode
[   99.861958][ T7169] veth0: entered allmulticast mode
[   99.866187][ T7169] veth1: entered allmulticast mode
[   99.873728][ T7169] wg0: entered allmulticast mode
[   99.876737][ T7169] wg1: entered allmulticast mode
[   99.879630][ T7169] wg2: entered allmulticast mode
[   99.882622][ T7169] veth0_to_bridge: entered allmulticast mode
[   99.888388][ T7169] veth1_to_bridge: entered allmulticast mode
[   99.894746][ T7169] veth0_to_bond: entered allmulticast mode
[   99.898605][ T7169] veth1_to_bond: entered allmulticast mode
[   99.902608][ T7169] veth0_to_team: entered allmulticast mode
[   99.908085][ T7169] veth1_to_team: entered allmulticast mode
[   99.915576][ T7169] veth0_to_batadv: entered allmulticast mode
[   99.918783][ T7169] batadv_slave_0: entered allmulticast mode
[   99.921376][ T7169] veth1_to_batadv: entered allmulticast mode
[   99.924818][ T7169] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.927882][ T7169] batadv_slave_1: entered allmulticast mode
[   99.932455][ T7169] xfrm0: entered allmulticast mode
[   99.937644][ T7169] veth0_to_hsr: entered allmulticast mode
[   99.940789][ T7169] hsr_slave_0: entered allmulticast mode
[   99.945193][ T7169] veth1_to_hsr: entered allmulticast mode
[   99.950755][ T7169] hsr_slave_1: entered allmulticast mode
[   99.954121][ T7169] hsr0: entered allmulticast mode
[   99.958352][ T7169] veth1_virt_wifi: entered allmulticast mode
[   99.962376][ T7169] veth0_virt_wifi: entered allmulticast mode
[   99.966024][ T7169] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[   99.969149][ T7169] veth1_vlan: entered allmulticast mode
[   99.974007][ T7169] veth0_vlan: entered allmulticast mode
[   99.982251][ T7169] vlan0: entered allmulticast mode
[   99.984484][ T7169] vlan1: entered allmulticast mode
[   99.986637][ T7169] macvlan0: entered allmulticast mode
[   99.990061][ T7169] macvlan1: entered allmulticast mode
[   99.993654][ T7169] ipvlan0: entered allmulticast mode
[   99.995473][ T7169] ipvlan1: entered allmulticast mode
[   99.997940][ T7169] veth1_macvtap: entered allmulticast mode
[  100.002060][ T7169] veth0_macvtap: entered allmulticast mode
[  100.008401][ T7169] macvtap0: entered allmulticast mode
[  100.012299][ T7169] macsec0: entered allmulticast mode
[  100.016615][ T7169] geneve0: entered allmulticast mode
[  100.022060][ T7169] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  100.025110][ T7169] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  100.027900][ T7169] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  100.030643][ T7169] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  100.035009][ T7169] geneve1: entered allmulticast mode
[  100.038806][ T7169] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  100.044768][ T7169] netdevsim netdevsim2 netdevsim1: entered allmulticast mode
[  100.048475][ T7169] netdevsim netdevsim2 netdevsim2: entered allmulticast mode
[  100.054192][ T7169] netdevsim netdevsim2 netdevsim3: entered allmulticast mode
[  100.064711][ T7169] mac80211_hwsim hwsim5 wlan0: entered allmulticast mode
[  100.071267][ T7169] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  100.075383][ T7169] bridge1: entered allmulticast mode
[  100.078472][ T7169] bridge2: entered allmulticast mode
[  100.082008][ T7169] bridge3: entered allmulticast mode
[  100.085261][ T7169] bridge4: entered allmulticast mode
[  100.088478][ T7169] bridge5: entered allmulticast mode
[  100.092181][ T7169] veth2: entered allmulticast mode
[  100.094225][ T7169] veth3: left promiscuous mode
[  100.095712][ T7169] veth3: entered allmulticast mode
[  100.097800][ T7169] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  100.100623][ T7169] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  100.103766][ T7169] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  100.106461][ T7169] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  100.110395][ T7169] geneve2: left promiscuous mode
[  100.266382][ T7189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.313'.
[  100.269839][ T7189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.313'.
[  100.812816][ T1021] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  100.985010][ T1021] usb 5-1: config 0 has no interfaces?
[  100.986835][ T1021] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  100.992986][ T1021] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.000362][ T1021] usb 5-1: config 0 descriptor??
[  101.133173][  T840] vhci_hcd: vhci_device speed not set
[  102.343624][   T10] usb 5-1: USB disconnect, device number 5
[  102.401025][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.322'.
[  102.410040][ T7220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.322'.
[  102.712785][   T60] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  102.934299][ T7237] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  103.010970][ T7219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.015455][ T7219] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  103.029788][ T7244] netlink: 48 bytes leftover after parsing attributes in process `syz.2.331'.
[  103.032807][  T840] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  103.194050][  T840] usb 6-1: config 0 has no interfaces?
[  103.195793][  T840] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  103.198569][  T840] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.202352][  T840] usb 6-1: config 0 descriptor??
[  103.529592][  T840] usb 6-1: USB disconnect, device number 6
[  103.801645][ T7256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.335'.
[  103.933844][ T7261] i2c i2c-1: Invalid block write size 34
[  104.061999][ T7267] netlink: 20 bytes leftover after parsing attributes in process `syz.3.339'.
[  104.069190][ T7267] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  104.072037][ T7267] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  104.074882][ T7267] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  104.077569][ T7267] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  104.082820][ T7267] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  104.086646][ T7267] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  104.090166][ T7267] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  104.093568][ T7267] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  104.104774][ T7269] netlink: 12 bytes leftover after parsing attributes in process `syz.1.340'.
[  104.192935][ T6031] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  104.266765][ T7276] netlink: 72 bytes leftover after parsing attributes in process `syz.2.342'.
[  104.344066][ T6031] usb 5-1: config 0 has no interfaces?
[  104.345815][ T6031] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  104.348742][ T6031] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.354246][ T6031] usb 5-1: config 0 descriptor??
[  104.372804][  T839] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  104.532809][ T6089] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  104.535381][  T839] usb 8-1: Using ep0 maxpacket: 8
[  104.539464][  T839] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  104.542469][  T839] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  104.546097][  T839] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  104.549287][  T839] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  104.553739][  T839] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  104.556667][  T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.634257][  T840] usb 5-1: USB disconnect, device number 6
[  104.775598][ T7267] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  104.778069][ T7267] veth1_to_bond: entered allmulticast mode
[  104.781385][ T7267] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  104.788079][ T7266] veth1_to_bond: left allmulticast mode
[  104.791265][  T839] usb 8-1: usb_control_msg returned -71
[  104.793500][  T839] usbtmc 8-1:16.0: can't read capabilities
[  104.795886][ T7272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.801131][ T7272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.804525][  T839] usb 8-1: USB disconnect, device number 8
[  104.888912][ T7283] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  104.891026][ T7283] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  104.893979][ T7283] vhci_hcd vhci_hcd.0: Device attached
[  105.162955][   T29] usb 42-1: SetAddress Request (6) to port 0
[  105.165226][   T29] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd
[  105.193953][ T7291] Device name cannot be null; rc = [-22]
[  105.198370][ T7291] overlayfs: conflicting lowerdir path
[  105.205094][ T7291] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  105.207238][ T7291] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  105.210311][ T7291] vhci_hcd vhci_hcd.0: Device attached
[  105.415807][ T7300] capability: warning: `syz.1.347' uses deprecated v2 capabilities in a way that may be insecure
[  105.429335][ T7295] sp0: Synchronizing with TNC
[  105.442896][   T10] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  105.452919][  T840] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  105.475066][ T7285] vhci_hcd: connection reset by peer
[  105.477271][   T71] vhci_hcd: stop threads
[  105.478944][   T71] vhci_hcd: release socket
[  105.480518][   T71] vhci_hcd: disconnect device
[  105.602853][  T840] usb 5-1: Using ep0 maxpacket: 32
[  105.607445][  T840] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  105.612159][  T840] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  105.616113][  T840] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  105.625381][  T840] usb 5-1: Product: syz
[  105.626790][  T840] usb 5-1: Manufacturer: syz
[  105.628324][  T840] usb 5-1: SerialNumber: syz
[  105.636056][  T840] usb 5-1: config 0 descriptor??
[  105.638170][ T7291] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  105.852647][ T6031] usb 5-1: USB disconnect, device number 7
[  105.855264][ T7292] vhci_hcd: connection reset by peer
[  105.858428][ T1140] vhci_hcd: stop threads
[  105.859828][ T1140] vhci_hcd: release socket
[  105.868254][ T1140] vhci_hcd: disconnect device
[  106.683026][ T7326] (unnamed net_device) (uninitialized): option arp_validate: invalid value (524288)
[  106.723506][ T7328] netlink: 24 bytes leftover after parsing attributes in process `syz.1.354'.
[  106.909871][ T7334] sp0: Synchronizing with TNC
[  107.013093][ T7337] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  107.553937][ T7351] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  107.596454][ T7367] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  107.672410][ T5972] Bluetooth: hci2: unexpected event for opcode 0x041b
[  107.699608][ T7365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.364'.
[  107.899718][ T7375] sp0: Synchronizing with TNC
[  108.443662][ T7385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.369'.
[  108.520781][ T7385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.369'.
[  108.850089][ T7394] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  108.852179][ T7394] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  108.855896][ T7394] vhci_hcd vhci_hcd.0: Device attached
[  108.972788][ T6089] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  109.167859][ T6089] usb 6-1: unable to get BOS descriptor or descriptor too short
[  109.181316][ T6089] usb 6-1: unable to read config index 0 descriptor/start: -71
[  109.183992][ T6089] usb 6-1: can't read configurations, error -71
[  109.443866][ T7395] vhci_hcd: connection closed
[  109.444062][   T13] vhci_hcd: stop threads
[  109.450525][   T13] vhci_hcd: release socket
[  109.452044][   T13] vhci_hcd: disconnect device
[  109.846784][ T7410] sp0: Synchronizing with TNC
[  110.242825][   T29] usb 42-1: device descriptor read/8, error -110
[  110.415706][   T40] kauditd_printk_skb: 255 callbacks suppressed
[  110.415721][   T40] audit: type=1800 audit(1753599162.998:306): pid=7426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.382" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  110.430592][   T40] audit: type=1800 audit(1753599163.008:307): pid=7426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.382" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  110.552922][   T10] vhci_hcd: vhci_device speed not set
[  111.243772][   T29] usb usb42-port1: attempt power cycle
[  111.246368][ T7442] block device autoloading is deprecated and will be removed.
[  111.387781][ T7450] syzkaller1: entered promiscuous mode
[  111.389580][ T7450] syzkaller1: entered allmulticast mode
[  111.395997][ T7450] ufs: You didn't specify the type of your ufs filesystem
[  111.395997][ T7450] 
[  111.395997][ T7450] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  111.395997][ T7450] 
[  111.395997][ T7450] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  111.407808][ T7450] ufs: ufs_fill_super(): bad magic number
[  111.652920][   T59] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  111.833872][   T29] usb usb42-port1: unable to enumerate USB device
[  111.883322][   T40] audit: type=1800 audit(1753599164.458:308): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.393" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  111.892474][   T40] audit: type=1800 audit(1753599164.458:309): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.393" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  112.018947][   T40] audit: type=1326 audit(1753599164.598:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.3.396" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[  112.029499][   T40] audit: type=1326 audit(1753599164.598:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.3.396" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[  112.038906][   T40] audit: type=1326 audit(1753599164.598:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.3.396" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f34579 code=0x7ffc0000
[  112.046620][   T40] audit: type=1326 audit(1753599164.598:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.3.396" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[  112.060375][   T40] audit: type=1326 audit(1753599164.598:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.3.396" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f34579 code=0x7ffc0000
[  112.067206][   T40] audit: type=1326 audit(1753599164.598:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.3.396" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7ffc0000
[  113.923106][ T7527] wireguard0: entered promiscuous mode
[  113.924891][ T7527] wireguard0: entered allmulticast mode
[  114.055537][ T7534] netfs: Couldn't get user pages (rc=-14)
[  114.336963][ T6028] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  114.453283][ T7546] sp0: Synchronizing with TNC
[  114.486057][ T6028] usb 8-1: device descriptor read/64, error -71
[  114.525228][ T7549] lo speed is unknown, defaulting to 1000
[  114.764166][ T6028] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  114.902872][ T6028] usb 8-1: device descriptor read/64, error -71
[  115.023066][ T6028] usb usb8-port1: attempt power cycle
[  115.200751][ T7556] 9pnet_virtio: no channels available for device syz
[  115.422873][ T6028] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  115.442818][   T60] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  115.443314][ T6028] usb 8-1: device descriptor read/8, error -71
[  115.505659][ T7560] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  115.507553][ T7560] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  115.510230][ T7560] vhci_hcd vhci_hcd.0: Device attached
[  115.602904][   T60] usb 7-1: Using ep0 maxpacket: 8
[  115.606808][   T60] usb 7-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  115.610064][   T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  115.613984][   T60] usb 7-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  115.619539][   T60] usb 7-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  115.623080][   T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  115.626619][   T60] usb 7-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  115.631567][   T60] usb 7-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  115.635872][   T60] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  115.639369][   T60] usb 7-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  115.646310][   T60] usb 7-1: string descriptor 0 read error: -22
[  115.648284][   T60] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  115.651213][   T60] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.658981][   T60] adutux 7-1:168.0: interrupt endpoints not found
[  115.702875][ T6028] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  115.733727][ T6028] usb 8-1: device descriptor read/8, error -71
[  115.802839][   T29] usb 40-1: SetAddress Request (6) to port 0
[  115.804919][   T29] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd
[  115.853070][ T6028] usb usb8-port1: unable to enumerate USB device
[  116.119852][ T7564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.421'.
[  116.206094][ T7561] vhci_hcd: connection reset by peer
[  116.210022][   T61] vhci_hcd: stop threads
[  116.211979][   T61] vhci_hcd: release socket
[  116.214452][   T61] vhci_hcd: disconnect device
[  117.354743][ T7575] input: syz0 as /devices/virtual/input/input11
[  117.820827][ T7577] sp0: Synchronizing with TNC
[  118.243862][ T6089] usb 7-1: USB disconnect, device number 4
[  118.287553][ T5972] Bluetooth: hci1: unexpected event for opcode 0x041b
[  119.162278][ T7596] fuse: Bad value for 'fd'
[  119.182789][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  119.325948][ T7596] [U] 
[  119.326886][ T7596] [U] 
[  119.327778][ T7596] [U] 
[  119.328665][ T7596] [U] 
[  119.329561][ T7596] [U] 
[  119.330469][ T7596] [U] 
[  119.331380][ T7596] [U] 
[  119.332272][ T7596] [U] 
[  119.332862][   T10] usb 6-1: Using ep0 maxpacket: 16
[  119.333825][ T7596] [U] 
[  119.335745][ T7596] [U] 
[  119.336678][ T7596] [U] 
[  119.337717][ T7596] [U] 
[  119.338684][ T7596] [U] 
[  119.339270][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.339645][ T7596] [U] 
[  119.343889][ T7596] [U] 
[  119.344779][ T7596] [U] 
[  119.345800][ T7596] [U] 
[  119.346212][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.346728][ T7596] [U] 
[  119.346747][ T7596] [U] 
[  119.346765][ T7596] [U] 
[  119.346785][ T7596] [U] 
[  119.349934][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  119.350756][ T7596] [U] 
[  119.350776][ T7596] [U] 
[  119.350795][ T7596] [U] 
[  119.351792][   T10] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  119.352614][ T7596] [U] 
[  119.352634][ T7596] [U] 
[  119.352653][ T7596] [U] 
[  119.354207][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.357526][ T7596] [U] 
[  119.357697][ T7596] [U] 
[  119.367222][   T10] usb 6-1: config 0 descriptor??
[  119.368423][ T7596] [U] 
[  119.372804][ T7596] [U] 
[  119.373742][ T7596] [U] 
[  119.374828][ T7596] [U] 
[  119.375744][ T7596] [U] 
[  119.376643][ T7596] [U] 
[  119.377532][ T7596] [U] 
[  119.378430][ T7596] [U] 
[  119.379380][ T7596] [U] 
[  119.380299][ T7596] [U] 
[  119.381239][ T7596] [U] 
[  119.382192][ T7596] [U] 
[  119.383138][ T7596] [U] 
[  119.384071][ T7596] [U] 
[  119.384992][ T7596] [U] 
[  119.386020][ T7596] [U] 
[  119.386911][ T7596] [U] 
[  119.387825][ T7596] [U] 
[  119.388723][ T7596] [U] 
[  119.389610][ T7596] [U] 
[  119.390523][ T7596] [U] 
[  119.391449][ T7596] [U] 
[  119.392347][ T7596] [U] 
[  119.393400][ T7596] [U] 
[  119.394316][ T7596] [U] 
[  119.395282][ T7596] [U] 
[  119.396206][ T7596] [U] 
[  119.397147][ T7596] [U] 
[  119.398040][ T7596] [U] 
[  119.398950][ T7596] [U] 
[  119.399864][ T7596] [U] 
[  119.401267][ T7596] [U] 
[  119.402183][ T7596] [U] 
[  119.403131][ T7596] [U] 
[  119.404029][ T7596] [U] 
[  119.405457][ T7596] [U] 
[  119.406366][ T7596] [U] 
[  119.407346][ T7596] [U] 
[  119.408246][ T7596] [U] 
[  119.409190][ T7596] [U] 
[  119.410080][ T7596] [U] 
[  119.410964][ T7596] [U] 
[  119.411884][ T7596] [U] 
[  119.412878][ T7596] [U] 
[  119.413795][ T7596] [U] 
[  119.414681][ T7596] [U] 
[  119.415582][ T7596] [U] 
[  119.416487][ T7596] [U] 
[  119.417375][ T7596] [U] 
[  119.418265][ T7596] [U] 
[  119.419185][ T7596] [U] 
[  119.420078][ T7596] [U] 
[  119.420977][ T7596] [U] 
[  119.421869][ T7596] [U] 
[  119.422790][ T7596] [U] 
[  119.423809][ T7596] [U] 
[  119.424690][ T7596] [U] 
[  119.425580][ T7596] [U] 
[  119.426475][ T7596] [U] 
[  119.427368][ T7596] [U] 
[  119.428243][ T7596] [U] 
[  119.429104][ T7596] [U] 
[  119.429976][ T7596] [U] 
[  119.430863][ T7596] [U] 
[  119.431764][ T7596] [U] 
[  119.432635][ T7596] [U] 
[  119.433525][ T7596] [U] 
[  119.434471][ T7596] [U] 
[  119.435375][ T7596] [U] 
[  119.436273][ T7596] [U] 
[  119.437169][ T7596] [U] 
[  119.438052][ T7596] [U] 
[  119.438932][ T7596] [U] 
[  119.439846][ T7596] [U] 
[  119.440753][ T7596] [U] 
[  119.441635][ T7596] [U] 
[  119.442487][ T7596] [U] 
[  119.443369][ T7596] [U] 
[  119.444268][ T7596] [U] 
[  119.445358][ T7596] [U] 
[  119.446308][ T7596] [U] 
[  119.447215][ T7596] [U] 
[  119.448111][ T7596] [U] 
[  119.449758][ T7596] [U] 
[  119.450673][ T7596] [U] 
[  119.451606][ T7596] [U] 
[  119.452490][ T7596] [U] 
[  119.453484][ T7596] [U] 
[  119.454378][ T7596] [U] 
[  119.455285][ T7596] [U] 
[  119.456172][ T7596] [U] 
[  119.457075][ T7596] [U] 
[  119.457985][ T7596] [U] 
[  119.458882][ T7596] [U] 
[  119.459806][ T7596] [U] 
[  119.460697][ T7596] [U] 
[  119.461839][ T7596] [U] 
[  119.462971][ T7596] [U] 
[  119.465949][ T7596] [U] 
[  119.767602][ T5972] Bluetooth: hci1: hardware error 0x80
[  120.423339][ T7611] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  120.425473][ T7611] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  120.429346][ T7611] vhci_hcd vhci_hcd.0: Device attached
[  120.702970][ T6089] usb 44-1: SetAddress Request (2) to port 0
[  120.704974][ T6089] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[  120.884068][   T29] usb 40-1: device descriptor read/8, error -110
[  121.061728][ T7612] vhci_hcd: connection reset by peer
[  121.067971][   T46] vhci_hcd: stop threads
[  121.069488][   T46] vhci_hcd: release socket
[  121.072677][   T46] vhci_hcd: disconnect device
[  121.273679][   T29] usb usb40-port1: attempt power cycle
[  121.720107][ T7619] netlink: 'syz.2.436': attribute type 6 has an invalid length.
[  121.839364][ T7629] netlink: 28 bytes leftover after parsing attributes in process `syz.2.438'.
[  121.840584][   T29] usb usb40-port1: unable to enumerate USB device
[  121.843170][ T7629] netlink: 28 bytes leftover after parsing attributes in process `syz.2.438'.
[  121.853092][ T5972] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  122.121611][   T10] usbhid 6-1:0.0: can't add hid device: -71
[  122.131485][   T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  122.175255][   T10] usb 6-1: USB disconnect, device number 10
[  122.794242][ T7641] netlink: 168 bytes leftover after parsing attributes in process `syz.0.441'.
[  123.461366][ T7637] orangefs_mount: mount request failed with -4
[  123.697143][ T7652] netlink: 'syz.3.452': attribute type 6 has an invalid length.
[  123.718438][ T7658] fuse: Bad value for 'fd'
[  123.810412][ T7667] netlink: 28 bytes leftover after parsing attributes in process `syz.2.448'.
[  123.815528][ T7667] netlink: 28 bytes leftover after parsing attributes in process `syz.2.448'.
[  123.992437][ T7669] [U] 
[  123.993362][ T7669] [U] 
[  123.994243][ T7669] [U] 
[  123.995136][ T7669] [U] 
[  123.996600][ T7669] [U] 
[  123.997492][ T7669] [U] 
[  123.998350][ T7669] [U] 
[  123.999228][ T7669] [U] 
[  124.000979][ T7669] [U] 
[  124.001859][ T7669] [U] 
[  124.002711][ T7669] [U] 
[  124.003567][ T7669] [U] 
[  124.004825][ T7669] [U] 
[  124.005691][ T7669] [U] 
[  124.006536][ T7669] [U] 
[  124.007406][ T7669] [U] 
[  124.008638][ T7669] [U] 
[  124.009539][ T7669] [U] 
[  124.010395][ T7669] [U] 
[  124.011261][ T7669] [U] 
[  124.020300][ T7669] [U] 
[  124.021185][ T7669] [U] 
[  124.022024][ T7669] [U] 
[  124.022886][ T7669] [U] 
[  124.028122][ T7669] [U] 
[  124.029008][ T7669] [U] 
[  124.029889][ T7669] [U] 
[  124.030732][ T7669] [U] 
[  124.037129][ T7669] [U] 
[  124.038011][ T7669] [U] 
[  124.038895][ T7669] [U] 
[  124.039769][ T7669] [U] 
[  124.051152][ T7669] [U] 
[  124.052087][ T7669] [U] 
[  124.052977][ T7669] [U] 
[  124.053860][ T7669] [U] 
[  124.058249][ T7669] [U] 
[  124.059167][ T7669] [U] 
[  124.060063][ T7669] [U] 
[  124.060946][ T7669] [U] 
[  124.066396][ T7669] [U] 
[  124.067275][ T7669] [U] 
[  124.068135][ T7669] [U] 
[  124.068982][ T7669] [U] 
[  124.074292][ T7669] [U] 
[  124.075206][ T7669] [U] 
[  124.076066][ T7669] [U] 
[  124.076906][ T7669] [U] 
[  124.081209][ T7669] [U] 
[  124.082086][ T7669] [U] 
[  124.082977][ T7669] [U] 
[  124.083856][ T7669] [U] 
[  124.089493][ T7669] [U] 
[  124.090387][ T7669] [U] 
[  124.091247][ T7669] [U] 
[  124.092109][ T7669] [U] 
[  124.097651][ T7669] [U] 
[  124.098459][ T7669] [U] 
[  124.099301][ T7669] [U] 
[  124.100132][ T7669] [U] 
[  124.104468][ T7669] [U] 
[  124.105376][ T7669] [U] 
[  124.106275][ T7669] [U] 
[  124.107148][ T7669] [U] 
[  124.114761][ T7669] [U] 
[  124.115698][ T7669] [U] 
[  124.116581][ T7669] [U] 
[  124.117461][ T7669] [U] 
[  124.122557][ T7669] [U] 
[  124.123452][ T7669] [U] 
[  124.124307][ T7669] [U] 
[  124.125151][ T7669] [U] 
[  124.127755][ T7669] [U] 
[  124.128663][ T7669] [U] 
[  124.129544][ T7669] [U] 
[  124.130420][ T7669] [U] 
[  124.131469][ T7669] [U] 
[  124.132358][ T7669] [U] 
[  124.133222][ T7669] [U] 
[  124.134088][ T7669] [U] 
[  124.136270][ T7669] [U] 
[  124.137150][ T7669] [U] 
[  124.138023][ T7669] [U] 
[  124.138873][ T7669] [U] 
[  124.140037][ T7669] [U] 
[  124.140906][ T7669] [U] 
[  124.141789][ T7669] [U] 
[  124.142637][ T7669] [U] 
[  124.144017][ T7669] [U] 
[  124.144915][ T7669] [U] 
[  124.145777][ T7669] [U] 
[  124.146632][ T7669] [U] 
[  124.147590][ T7669] [U] 
[  124.148459][ T7669] [U] 
[  124.149336][ T7669] [U] 
[  124.150187][ T7669] [U] 
[  124.151135][ T7669] [U] 
[  124.151998][ T7669] [U] 
[  124.152881][ T7669] [U] 
[  124.153730][ T7669] [U] 
[  124.155159][ T7669] [U] 
[  124.156040][ T7669] [U] 
[  124.156903][ T7669] [U] 
[  124.157752][ T7669] [U] 
[  124.158705][ T7669] [U] 
[  124.159573][ T7669] [U] 
[  124.160447][ T7669] [U] 
[  124.161296][ T7669] [U] 
[  124.162224][ T7669] [U] 
[  124.163121][ T7669] [U] 
[  124.163977][ T7669] [U] 
[  124.164831][ T7669] [U] 
[  124.165869][ T7669] [U] 
[  124.166740][ T7669] [U] 
[  124.167617][ T7669] [U] 
[  124.168468][ T7669] [U] 
[  124.172554][ T7669] [U] 
[  124.173438][ T7669] [U] 
[  124.174295][ T7669] [U] 
[  124.175155][ T7669] [U] 
[  124.177178][ T7669] [U] 
[  124.178074][ T7669] [U] 
[  124.178929][ T7669] [U] 
[  124.179809][ T7669] [U] 
[  124.181063][ T7669] [U] 
[  124.181935][ T7669] [U] 
[  124.182796][ T7669] [U] 
[  124.184002][ T7669] [U] 
[  125.341121][ T7689] netlink: 168 bytes leftover after parsing attributes in process `syz.0.455'.
[  125.416442][ T7692] sp0: Synchronizing with TNC
[  125.498882][ T7696] netlink: 168 bytes leftover after parsing attributes in process `syz.2.458'.
[  125.692928][ T7682] orangefs_mount: mount request failed with -4
[  125.897368][ T7701] netlink: 28 bytes leftover after parsing attributes in process `syz.3.460'.
[  125.941338][ T7701] netlink: 28 bytes leftover after parsing attributes in process `syz.3.460'.
[  126.086965][ T6089] usb 44-1: device descriptor read/8, error -110
[  126.473812][ T6089] usb usb44-port1: attempt power cycle
[  127.046255][ T6089] usb usb44-port1: unable to enumerate USB device
[  127.296328][ T7725] sp0: Synchronizing with TNC
[  127.546599][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.548942][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.551244][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.555862][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.558163][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.560360][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.562655][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.565028][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.567322][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.569538][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.571727][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.574130][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.576354][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.578544][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.580801][  T840] hid-generic 0002:0004:0009.0006: unknown main item tag 0x0
[  127.588388][  T840] hid-generic 0002:0004:0009.0006: hidraw1: <UNKNOWN> HID v0.04 Device [syz0] on syz0
[  127.767693][ T7736] netlink: 168 bytes leftover after parsing attributes in process `syz.1.470'.
[  128.719960][ T7741] netlink: 168 bytes leftover after parsing attributes in process `syz.1.479'.
[  129.921496][ T7769] sp0: Synchronizing with TNC
[  129.962330][ T5972] Bluetooth: hci2: unexpected event for opcode 0x1405
[  130.009944][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.012998][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.020878][   T40] kauditd_printk_skb: 53 callbacks suppressed
[  130.020887][   T40] audit: type=1326 audit(1753599182.598:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.030714][   T40] audit: type=1326 audit(1753599182.608:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.040387][   T40] audit: type=1326 audit(1753599182.608:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.047891][   T40] audit: type=1326 audit(1753599182.608:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.055521][   T40] audit: type=1326 audit(1753599182.608:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.063242][   T40] audit: type=1326 audit(1753599182.618:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.070570][   T40] audit: type=1326 audit(1753599182.618:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.077598][   T40] audit: type=1326 audit(1753599182.618:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7777 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.084166][   T40] audit: type=1326 audit(1753599182.628:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.090447][   T40] audit: type=1326 audit(1753599182.638:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7772 comm="syz.1.481" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f94579 code=0x7ffc0000
[  130.118094][ T7780] netlink: 168 bytes leftover after parsing attributes in process `syz.3.483'.
[  130.199093][ T7777] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.928870][ T7791] batman_adv: batadv0: Removing interface: team0
[  130.935628][ T7791] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.947952][ T7791] bridge_slave_1: left promiscuous mode
[  130.949782][ T7791] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.956905][ T7791] bond0: (slave bond_slave_0): Releasing backup interface
[  130.960484][ T7791] bond0: (slave bond_slave_1): Releasing backup interface
[  130.966975][ T7791] team0: Port device team_slave_0 removed
[  130.969767][ T7791] team0: Port device team_slave_1 removed
[  130.971649][ T7791] batman_adv: batadv0: Removing interface: batadv_slave_0
[  130.975634][ T7791] batman_adv: batadv0: Removing interface: batadv_slave_1
[  131.217484][ T7800] bridge_slave_0: left allmulticast mode
[  131.219352][ T7800] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.226010][ T7800] bridge_slave_1: left allmulticast mode
[  131.227788][ T7800] bridge_slave_1: left promiscuous mode
[  131.232905][   T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  131.233000][ T7800] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.249133][   T59] syz_tun: tun_net_xmit 110
[  131.249483][ T7800] bond0: (slave bond_slave_0): Releasing backup interface
[  131.256433][ T7800] bond0: (slave bond_slave_1): Releasing backup interface
[  131.266915][ T7800] team0: Port device team_slave_0 removed
[  131.272088][ T7800] team0: Port device team_slave_1 removed
[  131.274479][ T7800] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  131.276836][ T7800] batman_adv: batadv0: Removing interface: batadv_slave_0
[  131.279723][ T7800] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  131.282326][ T7800] batman_adv: batadv0: Removing interface: batadv_slave_1
[  131.304458][ T7803] sp0: Synchronizing with TNC
[  131.384330][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.389155][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.393359][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  131.399305][   T10] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  131.402629][   T10] usb 7-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  131.405514][   T10] usb 7-1: Product: syz
[  131.408261][   T10] usb 7-1: config 0 descriptor??
[  131.497452][ T7812] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.501833][ T7812] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.509787][ T7812] bond0 (unregistering): Released all slaves
[  131.555349][ T7821] nft_compat: unsupported protocol 0
[  131.559718][ T7821] netlink: 188 bytes leftover after parsing attributes in process `syz.3.495'.
[  131.615314][  T840] syz_tun: tun_net_xmit 110
[  131.630722][ T7823] netlink: 24 bytes leftover after parsing attributes in process `syz.0.496'.
[  131.913917][ T7835] sp0: Synchronizing with TNC
[  131.925639][   T10] usbhid 7-1:0.0: can't add hid device: -71
[  131.932181][   T10] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  131.937333][   T10] usb 7-1: USB disconnect, device number 5
[  132.254089][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  132.256903][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  134.130953][ T7872] sp0: Synchronizing with TNC
[  134.651461][ T7874] random: crng reseeded on system resumption
[  136.003439][ T7901] netlink: 168 bytes leftover after parsing attributes in process `syz.1.516'.
[  136.809190][ T7910] process 'syz.1.521' launched './file0' with NULL argv: empty string added
[  136.984878][ T7916] sp0: Synchronizing with TNC
[  136.984911][ T7917] netlink: 168 bytes leftover after parsing attributes in process `syz.0.524'.
[  138.672699][ T7935] input: syz1 as /devices/virtual/input/input12
[  139.688077][ T7954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.532'.
[  139.692634][ T7954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.532'.
[  139.698303][ T7954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.532'.
[  139.875183][ T7961] sp0: Synchronizing with TNC
[  140.095899][ T7963] netlink: 168 bytes leftover after parsing attributes in process `syz.1.535'.
[  140.665701][ T7974] netlink: 'syz.0.537': attribute type 13 has an invalid length.
[  140.670111][   T40] kauditd_printk_skb: 23 callbacks suppressed
[  140.670199][   T40] audit: type=1800 audit(1753599193.218:402): pid=7969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.539" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  140.754454][   T40] audit: type=1800 audit(1753599193.278:403): pid=7969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.539" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  140.782443][ T7974] gretap0: refused to change device tx_queue_len
[  140.784612][ T7974] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  140.800065][ T7977] lo speed is unknown, defaulting to 1000
[  140.818433][ T7975] lo speed is unknown, defaulting to 1000
[  140.826456][   T60] lo speed is unknown, defaulting to 1000
[  140.828514][   T60] syz2: Port: 1 Link DOWN
[  140.853506][ T7969] netfs: Couldn't get user pages (rc=-14)
[  141.183546][ T7984] input: syz1 as /devices/virtual/input/input13
[  141.592904][   T60] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  141.678932][ T7996] 9pnet_virtio: no channels available for device syz
[  141.774067][   T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.777493][   T60] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  141.780524][   T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.787733][   T60] usb 8-1: config 0 descriptor??
[  142.000196][   T60] usbhid 8-1:0.0: can't add hid device: -71
[  142.002182][   T60] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  142.006638][   T60] usb 8-1: USB disconnect, device number 13
[  142.359330][ T8003] FAULT_INJECTION: forcing a failure.
[  142.359330][ T8003] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  142.365173][ T8003] CPU: 3 UID: 0 PID: 8003 Comm: syz.0.546 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  142.365197][ T8003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.365208][ T8003] Call Trace:
[  142.365214][ T8003]  <TASK>
[  142.365221][ T8003]  dump_stack_lvl+0x16c/0x1f0
[  142.365264][ T8003]  should_fail_ex+0x512/0x640
[  142.365297][ T8003]  _copy_to_user+0x32/0xd0
[  142.365320][ T8003]  simple_read_from_buffer+0xcb/0x170
[  142.365349][ T8003]  proc_fail_nth_read+0x197/0x270
[  142.365376][ T8003]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  142.365403][ T8003]  ? rw_verify_area+0xcf/0x680
[  142.365429][ T8003]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  142.365454][ T8003]  vfs_read+0x1e4/0xc60
[  142.365471][ T8003]  ? fdget_pos+0x2a2/0x370
[  142.365492][ T8003]  ? __pfx_vfs_read+0x10/0x10
[  142.365507][ T8003]  ? find_held_lock+0x2b/0x80
[  142.365533][ T8003]  ? __fget_files+0x20e/0x3c0
[  142.365568][ T8003]  ksys_read+0x12a/0x250
[  142.365585][ T8003]  ? __pfx_ksys_read+0x10/0x10
[  142.365604][ T8003]  ? rcu_is_watching+0x12/0xc0
[  142.365627][ T8003]  __do_fast_syscall_32+0x7c/0x3a0
[  142.365649][ T8003]  do_fast_syscall_32+0x32/0x80
[  142.365668][ T8003]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  142.365691][ T8003] RIP: 0023:0xf7f24579
[  142.365706][ T8003] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  142.365723][ T8003] RSP: 002b:00000000f5046590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  142.365741][ T8003] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5046620
[  142.365752][ T8003] RDX: 000000000000000f RSI: 00000000f73b4ff4 RDI: 0000000000000000
[  142.365763][ T8003] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  142.365773][ T8003] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  142.365784][ T8003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  142.365807][ T8003]  </TASK>
[  142.492840][   T59] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  142.642882][   T59] usb 8-1: Using ep0 maxpacket: 32
[  142.646861][   T59] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  142.650753][   T59] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  142.653693][   T59] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.657489][   T59] usb 8-1: config 0 descriptor??
[  142.668565][   T59] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  142.677074][   T59] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  142.733195][ T8007] sp0: Synchronizing with TNC
[  143.135292][ T7989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.139109][ T7989] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.147003][   T59] usb 8-1: USB disconnect, device number 14
[  143.150676][   T59] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  143.514356][ T8023] syz.1.551: attempt to access beyond end of device
[  143.514356][ T8023] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  143.518131][ T8023] gfs2: error -5 reading superblock
[  143.707472][ T8029] binder: BINDER_SET_CONTEXT_MGR already set
[  143.710378][ T8029] binder: 8027:8029 ioctl 4018620d 800000c0 returned -16
[  143.718457][ T8028] binder: BINDER_SET_CONTEXT_MGR already set
[  143.720961][ T8028] binder: 8027:8028 ioctl 4018620d 80000100 returned -16
[  143.724622][ T8028] binder: 8027:8028 ioctl c0306201 800003c0 returned -22
[  143.819663][ T8026] 9pnet_fd: Insufficient options for proto=fd
[  144.057719][ T8039] netlink: 168 bytes leftover after parsing attributes in process `syz.0.555'.
[  144.117844][ T8040] sp0: Synchronizing with TNC
[  145.321616][ T8046] syzkaller0: entered promiscuous mode
[  145.323454][ T8046] syzkaller0: entered allmulticast mode
[  145.363392][ T8050] random: crng reseeded on system resumption
[  145.455261][ T8053] netlink: 'syz.1.562': attribute type 21 has an invalid length.
[  145.457762][ T8053] netlink: 'syz.1.562': attribute type 6 has an invalid length.
[  145.460183][ T8053] netlink: 64 bytes leftover after parsing attributes in process `syz.1.562'.
[  145.521646][ T8056] 9pnet_virtio: no channels available for device syz
[  145.527125][   T40] audit: type=1800 audit(1753599198.108:404): pid=8057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.564" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  145.534410][   T40] audit: type=1800 audit(1753599198.118:405): pid=8057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.564" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  145.573897][ T8057] netfs: Couldn't get user pages (rc=-14)
[  146.512909][ T1021] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  146.664973][ T1021] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.668624][ T1021] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  146.671683][ T1021] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.675936][ T1021] usb 8-1: config 0 descriptor??
[  146.831144][ T8077] sp0: Synchronizing with TNC
[  146.986658][ T1021] usbhid 8-1:0.0: can't add hid device: -71
[  147.495051][ T1021] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  147.671743][ T1021] usb 8-1: USB disconnect, device number 15
[  148.002869][ T1021] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  148.162803][ T1021] usb 8-1: Using ep0 maxpacket: 32
[  148.166022][ T1021] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.170402][ T1021] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  148.173740][ T1021] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.178215][ T1021] usb 8-1: config 0 descriptor??
[  148.182608][ T1021] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  148.187170][ T1021] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  148.605988][ T8086] netlink: 168 bytes leftover after parsing attributes in process `syz.2.571'.
[  148.644595][ T1021] usb 8-1: USB disconnect, device number 16
[  148.648730][ T1021] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  149.413223][   T40] audit: type=1800 audit(1753599201.988:406): pid=8091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.573" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  149.427232][   T40] audit: type=1800 audit(1753599202.008:407): pid=8091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.573" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  149.477252][ T8091] netfs: Couldn't get user pages (rc=-14)
[  150.748731][ T8109] sp0: Synchronizing with TNC
[  152.500210][ T8142] sp0: Synchronizing with TNC
[  154.507207][ T8159] ubi31: attaching mtd0
[  154.560824][ T8159] ubi31: scanning is finished
[  154.916208][ T8159] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  154.932100][ T8159] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  154.955439][ T8159] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  154.979598][ T8159] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  154.999359][ T8159] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  155.006228][   T40] audit: type=1800 audit(1753599207.588:408): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.589" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  155.048374][   T40] audit: type=1800 audit(1753599207.628:409): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.589" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  155.096995][ T8163] netfs: Couldn't get user pages (rc=-14)
[  155.100906][ T8166] netlink: 'syz.3.590': attribute type 13 has an invalid length.
[  155.122257][ T8159] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  155.178234][ T8166] gretap0: refused to change device tx_queue_len
[  155.180733][ T8166] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  155.182875][ T8159] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3793268927
[  155.198088][ T8159] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  155.199563][ T8165] lo speed is unknown, defaulting to 1000
[  155.204754][ T8161] ubi31: background thread "ubi_bgt31d" started, PID 8161
[  156.307450][ T8188] netlink: 12 bytes leftover after parsing attributes in process `syz.3.599'.
[  156.378350][ T8190] sp0: Synchronizing with TNC
[  156.900745][ T8193] 9pnet_virtio: no channels available for device syz
[  157.280043][ T8196] tipc: Started in network mode
[  157.282084][ T8196] tipc: Node identity 82838a4b7938, cluster identity 4711
[  157.285442][ T8196] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  157.289943][ T8196] syzkaller0: entered promiscuous mode
[  157.292146][ T8196] syzkaller0: entered allmulticast mode
[  157.305777][ T8196] tipc: Resetting bearer <eth:syzkaller0>
[  157.311470][ T8195] tipc: Resetting bearer <eth:syzkaller0>
[  157.324665][ T8195] tipc: Disabling bearer <eth:syzkaller0>
[  157.561097][ T8207] PKCS8: Unsupported PKCS#8 version
[  158.630172][ T8220] tmpfs: Bad value for 'mpol'
[  158.635940][ T8220] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  158.940828][ T8224] vivid-002: disconnect
[  158.943345][ T8224] vivid-002: reconnect
[  159.012422][ T8224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  159.341929][ T8226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  159.342954][ T8228] 9pnet_virtio: no channels available for device syz
[  159.895950][ T8241] netlink: 'syz.2.614': attribute type 1 has an invalid length.
[  159.916580][ T8241] 8021q: adding VLAN 0 to HW filter on device bond1
[  159.942169][ T8241] bond1: (slave ip6erspan0): making interface the new active one
[  159.945676][ T8241] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  160.092639][ T8247] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  160.095388][ T8247] syzkaller0: entered promiscuous mode
[  160.097194][ T8247] syzkaller0: entered allmulticast mode
[  160.102199][ T8247] tipc: Resetting bearer <eth:syzkaller0>
[  160.106878][ T8246] tipc: Resetting bearer <eth:syzkaller0>
[  160.114301][ T8246] tipc: Disabling bearer <eth:syzkaller0>
[  160.158164][ T8245] batadv_slave_0: left allmulticast mode
[  160.411319][ T8252] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  160.413677][ T8252] IPv6: NLM_F_CREATE should be set when creating new route
[  160.421264][ T8252] "syz.1.617" (8252) uses obsolete ecb(arc4) skcipher
[  161.116789][ T8256] tmpfs: Bad value for 'mpol'
[  161.120400][ T8256] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  161.700036][ T8278] netlink: 168 bytes leftover after parsing attributes in process `syz.3.626'.
[  162.381036][ T8293] lo speed is unknown, defaulting to 1000
[  162.404319][  T840] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  162.575518][  T840] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  162.579156][  T840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  162.583428][  T840] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  162.586736][  T840] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  162.594311][  T840] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  162.597218][  T840] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  162.599755][  T840] usb 6-1: Manufacturer: syz
[  162.621358][  T840] usb 6-1: config 0 descriptor??
[  163.180626][ T8307] netlink: 8 bytes leftover after parsing attributes in process `syz.0.636'.
[  163.612218][ T8323] netlink: 28 bytes leftover after parsing attributes in process `syz.0.639'.
[  163.616647][ T8323] netlink: 28 bytes leftover after parsing attributes in process `syz.0.639'.
[  164.344029][ T8331] netlink: 'syz.2.643': attribute type 10 has an invalid length.
[  164.347289][ T8331] netlink: 40 bytes leftover after parsing attributes in process `syz.2.643'.
[  164.352677][ T8331] dummy0: entered promiscuous mode
[  164.365019][ T8331] bridge0: port 1(dummy0) entered blocking state
[  164.368810][ T8331] bridge0: port 1(dummy0) entered disabled state
[  164.399975][ T8331] netlink: 12 bytes leftover after parsing attributes in process `syz.2.643'.
[  164.519189][   T40] audit: type=1800 audit(1753599217.098:410): pid=8335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.645" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  164.528391][   T40] audit: type=1800 audit(1753599217.108:411): pid=8335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.645" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  164.575378][ T8335] netfs: Couldn't get user pages (rc=-14)
[  165.259443][ T8347] 9pnet_virtio: no channels available for device syz
[  165.635560][ T8352] netlink: 20 bytes leftover after parsing attributes in process `syz.0.649'.
[  165.707845][  T840] usbhid 6-1:0.0: can't add hid device: -71
[  165.709722][  T840] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  165.717854][  T840] usb 6-1: USB disconnect, device number 11
[  165.939002][ T8368] netlink: 28 bytes leftover after parsing attributes in process `syz.3.651'.
[  165.944234][ T8368] netlink: 28 bytes leftover after parsing attributes in process `syz.3.651'.
[  165.991078][ T8370] 9pnet_virtio: no channels available for device syz
[  165.997772][ T5964] Bluetooth: hci2: unexpected event for opcode 0x000b
[  166.035386][ T8372] netlink: 'syz.1.653': attribute type 1 has an invalid length.
[  166.049410][ T8372] 8021q: adding VLAN 0 to HW filter on device bond1
[  166.089706][ T8372] erspan0: entered allmulticast mode
[  166.096676][ T8372] bond1: (slave erspan0): making interface the new active one
[  166.100057][ T8372] bond1: (slave erspan0): Enslaving as an active interface with an up link
[  166.106555][ T8372] PKCS7: Unknown OID: [4] 2.19.50.2018883.1651(bad)
[  166.108751][ T8372] PKCS7: Only support pkcs7_signedData type
[  166.185049][ T8376] netlink: 168 bytes leftover after parsing attributes in process `syz.3.654'.
[  168.148193][ T1021] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  168.462905][ T1142] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  169.013372][ T8427] siw: device registration error -23
[  169.048586][ T6031] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  169.125245][ T8431] sp0: Synchronizing with TNC
[  169.530323][ T1142] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  169.552700][ T1142] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  170.067340][   T40] audit: type=1326 audit(1753599222.648:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.076890][   T40] audit: type=1326 audit(1753599222.648:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.091842][   T40] audit: type=1326 audit(1753599222.648:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.102842][   T40] audit: type=1326 audit(1753599222.648:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.109335][   T40] audit: type=1326 audit(1753599222.658:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.125578][   T40] audit: type=1326 audit(1753599222.658:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.131816][   T40] audit: type=1326 audit(1753599222.658:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.138183][   T40] audit: type=1326 audit(1753599222.668:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.152658][ T5964] Bluetooth: hci2: unexpected event for opcode 0x200a
[  170.161298][   T40] audit: type=1326 audit(1753599222.668:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.173178][   T40] audit: type=1326 audit(1753599222.668:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8437 comm="syz.2.673" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  170.243139][ T5999] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  170.442957][ T1021] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  170.605881][ T1021] usb 6-1: config 0 has no interfaces?
[  170.609375][ T1021] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  170.612260][ T1021] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.614843][ T1021] usb 6-1: Product: syz
[  170.616160][ T1021] usb 6-1: Manufacturer: syz
[  170.617608][ T1021] usb 6-1: SerialNumber: syz
[  170.622672][ T1021] usb 6-1: config 0 descriptor??
[  170.744114][ T8459] /dev/sr0: Can't open blockdev
[  171.675762][ T8480] block device autoloading is deprecated and will be removed.
[  171.682176][ T8482] netlink: 168 bytes leftover after parsing attributes in process `syz.2.690'.
[  171.962791][   T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  172.122805][   T24] usb 7-1: Using ep0 maxpacket: 8
[  172.125922][   T24] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  172.128666][   T24] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  172.131874][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  172.135113][   T24] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  172.138285][   T24] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  172.142699][   T24] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  172.145720][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.355445][   T24] usb 7-1: usb_control_msg returned -32
[  172.357444][   T24] usbtmc 7-1:16.0: can't read capabilities
[  172.543154][ T5999] usb 6-1: USB disconnect, device number 12
[  172.704099][ T8488] /dev/sr0: Can't open blockdev
[  172.824272][ T8495] netlink: 'syz.1.694': attribute type 30 has an invalid length.
[  172.892119][ T8498] netlink: 'syz.1.695': attribute type 4 has an invalid length.
[  173.015310][ T8502] netlink: 20 bytes leftover after parsing attributes in process `syz.1.697'.
[  173.363068][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  174.309474][ T8513] netfs: Couldn't get user pages (rc=-14)
[  174.773902][ T8521] sp0: Synchronizing with TNC
[  174.989865][ T8525] sp0: Synchronizing with TNC
[  175.489554][ T8527] 9pnet_virtio: no channels available for device 
[  175.617110][ T8530] delete_channel: no stack
[  176.803638][ T8549] sp0: Synchronizing with TNC
[  176.848523][ T8550] netlink: 168 bytes leftover after parsing attributes in process `syz.0.712'.
[  177.010149][ T8557] netlink: 830 bytes leftover after parsing attributes in process `syz.3.714'.
[  177.045381][ T8559] netlink: 244 bytes leftover after parsing attributes in process `syz.3.715'.
[  177.146905][ T8562] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.716'.
[  177.150534][ T8561] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.716'.
[  177.235322][ T8567] 9pnet_virtio: no channels available for device syz
[  177.773191][ T8493] usbtmc 7-1:16.0: usb_control_msg returned -110
[  177.786639][  T838] usb 7-1: USB disconnect, device number 6
[  178.176147][ T8583] sp0: Synchronizing with TNC
[  178.186531][ T8585] netlink: 244 bytes leftover after parsing attributes in process `syz.3.724'.
[  178.811254][ T8604] xt_CT: You must specify a L4 protocol and not use inversions on it
[  178.819842][ T8604] 9pnet_fd: Insufficient options for proto=fd
[  179.349020][ T8616] lo speed is unknown, defaulting to 1000
[  179.667307][ T8622] netlink: 244 bytes leftover after parsing attributes in process `syz.1.733'.
[  179.866133][ T8624] sp0: Synchronizing with TNC
[  180.146575][ T8630] FAULT_INJECTION: forcing a failure.
[  180.146575][ T8630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.152056][ T8630] CPU: 3 UID: 0 PID: 8630 Comm: syz.1.736 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  180.152080][ T8630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.152091][ T8630] Call Trace:
[  180.152098][ T8630]  <TASK>
[  180.152105][ T8630]  dump_stack_lvl+0x16c/0x1f0
[  180.152145][ T8630]  should_fail_ex+0x512/0x640
[  180.152172][ T8630]  _copy_to_user+0x32/0xd0
[  180.152195][ T8630]  vcs_read+0x789/0xbe0
[  180.152231][ T8630]  ? __pfx_vcs_read+0x10/0x10
[  180.152257][ T8630]  ? bpf_lsm_file_permission+0x9/0x10
[  180.152279][ T8630]  ? security_file_permission+0x71/0x210
[  180.152306][ T8630]  ? iov_iter_advance+0x1e3/0x6c0
[  180.152324][ T8630]  ? rw_verify_area+0xcf/0x680
[  180.152351][ T8630]  ? __pfx_vcs_read+0x10/0x10
[  180.152375][ T8630]  vfs_readv+0x5c1/0x8b0
[  180.152406][ T8630]  ? __pfx_vfs_readv+0x10/0x10
[  180.152432][ T8630]  ? find_held_lock+0x2b/0x80
[  180.152470][ T8630]  ? __fget_files+0x20e/0x3c0
[  180.152498][ T8630]  ? __fget_files+0x1b0/0x3c0
[  180.152529][ T8630]  ? do_readv+0x132/0x340
[  180.152553][ T8630]  do_readv+0x132/0x340
[  180.152578][ T8630]  ? __pfx_do_readv+0x10/0x10
[  180.152605][ T8630]  ? rcu_is_watching+0x12/0xc0
[  180.152628][ T8630]  __do_fast_syscall_32+0x7c/0x3a0
[  180.152648][ T8630]  do_fast_syscall_32+0x32/0x80
[  180.152675][ T8630]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.152696][ T8630] RIP: 0023:0xf7f94579
[  180.152727][ T8630] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  180.152745][ T8630] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000091
[  180.152762][ T8630] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  180.152773][ T8630] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  180.152785][ T8630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.152794][ T8630] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  180.152806][ T8630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.152843][ T8630]  </TASK>
[  180.788366][ T8651] netlink: 212 bytes leftover after parsing attributes in process `syz.2.742'.
[  180.892848][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  181.003178][   T29] usb 6-1: new low-speed USB device number 13 using dummy_hcd
[  181.210938][   T29] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  181.213322][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  181.216711][   T29] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  181.220345][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  181.245283][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  181.267127][   T29] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  181.272937][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  181.277452][   T29] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  181.284667][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  181.292580][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  181.336837][   T29] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  181.339270][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  181.342560][   T29] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  181.349931][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  181.353433][   T29] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  181.454373][   T29] usb 6-1: string descriptor 0 read error: -22
[  181.454639][   T29] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  181.454735][   T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.476681][   T29] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  182.278963][   T40] kauditd_printk_skb: 49 callbacks suppressed
[  182.278974][   T40] audit: type=1800 audit(1753599234.858:471): pid=8671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.750" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  182.280492][ T8673] 9pnet_virtio: no channels available for device syz
[  182.468359][ T8676] netlink: 212 bytes leftover after parsing attributes in process `syz.3.752'.
[  182.815796][ T8687] netlink: 'syz.3.755': attribute type 2 has an invalid length.
[  183.213909][ T8696] binder: 8695:8696 ioctl c0306201 80000540 returned -22
[  183.379094][ T8703] netlink: 16 bytes leftover after parsing attributes in process `syz.2.760'.
[  183.618696][ T8706] netlink: 168 bytes leftover after parsing attributes in process `syz.0.761'.
[  183.764856][ T8710] sp0: Synchronizing with TNC
[  183.855903][ T5999] usb 6-1: USB disconnect, device number 13
[  185.105055][ T8735] netlink: 168 bytes leftover after parsing attributes in process `syz.1.770'.
[  185.461605][ T8745] netlink: 28 bytes leftover after parsing attributes in process `syz.3.773'.
[  185.465165][ T8745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.773'.
[  185.889967][ T8753] netlink: 212 bytes leftover after parsing attributes in process `syz.3.776'.
[  186.616624][ T8766] netlink: 168 bytes leftover after parsing attributes in process `syz.2.779'.
[  187.793611][ T8771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  187.865791][ T8784] netlink: 212 bytes leftover after parsing attributes in process `syz.2.785'.
[  187.922597][ T8788] sp0: Synchronizing with TNC
[  188.071796][ T8796] sp0: Synchronizing with TNC
[  188.421474][   T40] audit: type=1800 audit(1753599240.998:472): pid=8806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.794" name="bus" dev="overlay" ino=1117 res=0 errno=0
[  188.639895][ T8799] netlink: 168 bytes leftover after parsing attributes in process `syz.0.791'.
[  188.683079][ T8816] netlink: 212 bytes leftover after parsing attributes in process `syz.0.796'.
[  188.825626][ T8824] binder: 8820:8824 ioctl c0306201 80000540 returned -22
[  189.408191][ T8832] sp0: Synchronizing with TNC
[  190.655101][ T8845] netlink: 168 bytes leftover after parsing attributes in process `syz.3.807'.
[  190.709030][ T8849] netlink: 204 bytes leftover after parsing attributes in process `syz.1.808'.
[  190.731489][ T8855] FAULT_INJECTION: forcing a failure.
[  190.731489][ T8855] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  190.736976][ T8855] CPU: 1 UID: 0 PID: 8855 Comm: syz.3.811 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  190.736991][ T8855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  190.736999][ T8855] Call Trace:
[  190.737002][ T8855]  <TASK>
[  190.737007][ T8855]  dump_stack_lvl+0x16c/0x1f0
[  190.737023][ T8855]  should_fail_ex+0x512/0x640
[  190.737037][ T8855]  _copy_to_user+0x32/0xd0
[  190.737051][ T8855]  simple_read_from_buffer+0xcb/0x170
[  190.737068][ T8855]  proc_fail_nth_read+0x197/0x270
[  190.737084][ T8855]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  190.737100][ T8855]  ? rw_verify_area+0xcf/0x680
[  190.737117][ T8855]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  190.737132][ T8855]  vfs_read+0x1e4/0xc60
[  190.737142][ T8855]  ? fdget_pos+0x2a2/0x370
[  190.737153][ T8855]  ? __pfx_vfs_read+0x10/0x10
[  190.737162][ T8855]  ? find_held_lock+0x2b/0x80
[  190.737177][ T8855]  ? __fget_files+0x20e/0x3c0
[  190.737198][ T8855]  ksys_read+0x12a/0x250
[  190.737207][ T8855]  ? __pfx_ksys_read+0x10/0x10
[  190.737218][ T8855]  ? rcu_is_watching+0x12/0xc0
[  190.737232][ T8855]  __do_fast_syscall_32+0x7c/0x3a0
[  190.737245][ T8855]  do_fast_syscall_32+0x32/0x80
[  190.737256][ T8855]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  190.737270][ T8855] RIP: 0023:0xf7f34579
[  190.737279][ T8855] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  190.737290][ T8855] RSP: 002b:00000000f5056590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  190.737300][ T8855] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5056620
[  190.737307][ T8855] RDX: 000000000000000f RSI: 00000000f73c4ff4 RDI: 0000000000000000
[  190.737313][ T8855] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  190.737319][ T8855] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  190.737325][ T8855] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  190.737339][ T8855]  </TASK>
[  190.814129][ T8859] sp0: Synchronizing with TNC
[  190.859841][ T8857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.812'.
[  191.468475][ T8886] netlink: 168 bytes leftover after parsing attributes in process `syz.0.820'.
[  191.511255][ T8889] netlink: 204 bytes leftover after parsing attributes in process `syz.0.821'.
[  192.417533][ T8901] sp0: Synchronizing with TNC
[  192.636644][ T8915] binder: 8908:8915 ioctl c0306201 80000540 returned -22
[  192.708047][ T8917] fuse: Bad value for 'user_id'
[  192.708972][ T8911] debugfs: Directory 'ptm0' with parent 'caif_serial' already present!
[  192.709706][ T8917] fuse: Bad value for 'user_id'
[  192.718803][   T40] audit: type=1326 audit(1753599245.298:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8916 comm="syz.0.832" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f24579 code=0x0
[  193.683076][ T1021] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  193.692098][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  193.694220][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  193.765617][ T8938] sp0: Synchronizing with TNC
[  193.844922][ T1021] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  193.848406][ T1021] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  193.852598][ T1021] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  193.855598][ T1021] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.927970][ T8944] input: syz0 as /devices/virtual/input/input15
[  194.073934][ T1021] usb 7-1: usb_control_msg returned -32
[  194.075701][ T1021] usbtmc 7-1:16.0: can't read capabilities
[  194.124822][ T8953] netlink: 20 bytes leftover after parsing attributes in process `syz.3.842'.
[  194.560278][ T8968] sp0: Synchronizing with TNC
[  195.513536][ T8970] "syz.1.849" (8970) uses obsolete ecb(arc4) skcipher
[  195.614865][ T8986] 9pnet: Could not find request transport: fd0xffffffffffffffff0x000000000000000b
[  195.810000][ T8984] bridge8: entered promiscuous mode
[  196.214958][ T8995] tmpfs: Bad value for 'mpol'
[  196.242954][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  197.205695][ T6028] usb 7-1: USB disconnect, device number 7
[  197.356683][ T9042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.862'.
[  197.359394][ T9042] netlink: 24 bytes leftover after parsing attributes in process `syz.2.862'.
[  197.398962][ T9042] mkiss: ax0: crc mode is auto.
[  197.841367][ T9045] sp0: Synchronizing with TNC
[  198.412123][ T9048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.864'.
[  198.587145][ T5964] Bluetooth: hci2: unexpected event for opcode 0x041b
[  198.804489][ T9061] binder: 9056:9061 ioctl c0306201 80000540 returned -22
[  199.065272][ T9073] lo: left allmulticast mode
[  199.066956][ T9073] tunl0: left allmulticast mode
[  199.068867][ T9073] gre0: left allmulticast mode
[  199.070604][ T9073] gretap0: left allmulticast mode
[  199.072354][ T9073] erspan0: left allmulticast mode
[  199.075737][ T9073] ip_vti0: left allmulticast mode
[  199.077478][ T9073] ip6_vti0: left allmulticast mode
[  199.079330][ T9073] sit0: left allmulticast mode
[  199.080993][ T9073] ip6tnl0: left allmulticast mode
[  199.084226][ T9073] ip6gre0: left allmulticast mode
[  199.085974][ T9073] syz_tun: left allmulticast mode
[  199.087734][ T9073] ip6gretap0: left allmulticast mode
[  199.089676][ T9073] bridge0: left allmulticast mode
[  199.091376][ T9073] vcan0: left allmulticast mode
[  199.093345][ T9073] bond0: left allmulticast mode
[  199.095066][ T9073] team0: left allmulticast mode
[  199.101593][ T9073] nlmon0: left allmulticast mode
[  199.103671][ T9073] caif0: left allmulticast mode
[  199.105373][ T9073] batadv0: left allmulticast mode
[  199.107162][ T9073] vxcan0: left allmulticast mode
[  199.109185][ T9073] vxcan1: left allmulticast mode
[  199.111124][ T9073] veth0: left allmulticast mode
[  199.113078][ T9073] veth1: left allmulticast mode
[  199.114808][ T9073] wg0: left allmulticast mode
[  199.116441][ T9073] wg1: left allmulticast mode
[  199.118112][ T9073] wg2: left allmulticast mode
[  199.120466][ T9073] veth0_to_bridge: left allmulticast mode
[  199.122572][ T9073] bridge_slave_0: left allmulticast mode
[  199.125044][ T9073] veth1_to_bridge: left allmulticast mode
[  199.127033][ T9073] bridge_slave_1: left allmulticast mode
[  199.129257][ T9073] veth0_to_bond: left allmulticast mode
[  199.131790][ T9073] bond_slave_0: left allmulticast mode
[  199.134183][ T9073] veth1_to_bond: left allmulticast mode
[  199.136053][ T9073] bond_slave_1: left allmulticast mode
[  199.137906][ T9073] veth0_to_team: left allmulticast mode
[  199.139851][ T9073] team_slave_0: left allmulticast mode
[  199.141696][ T9073] veth1_to_team: left allmulticast mode
[  199.143894][ T9073] team_slave_1: left allmulticast mode
[  199.145711][ T9073] veth0_to_batadv: left allmulticast mode
[  199.148521][ T9073] veth1_to_batadv: left allmulticast mode
[  199.150461][ T9073] batadv_slave_1: left allmulticast mode
[  199.152508][ T9073] xfrm0: left allmulticast mode
[  199.154674][ T9073] veth0_to_hsr: left allmulticast mode
[  199.156580][ T9073] veth1_to_hsr: left allmulticast mode
[  199.158573][ T9073] hsr0: left allmulticast mode
[  199.160144][ T9073] hsr_slave_0: left allmulticast mode
[  199.161907][ T9073] hsr_slave_1: left allmulticast mode
[  199.164210][ T9073] veth1_virt_wifi: left allmulticast mode
[  199.166114][ T9073] veth0_virt_wifi: left allmulticast mode
[  199.168085][ T9073] net veth1_virt_wifi virt_wifi0: left allmulticast mode
[  199.170600][ T9073] veth1_vlan: left allmulticast mode
[  199.172522][ T9073] vlan0: left allmulticast mode
[  199.174368][ T9073] vlan1: left allmulticast mode
[  199.176079][ T9073] macvlan0: left allmulticast mode
[  199.177850][ T9073] macvlan1: left allmulticast mode
[  199.180206][ T9073] ipvlan0: left allmulticast mode
[  199.182386][ T9073] ipvlan1: left allmulticast mode
[  199.184982][ T9073] veth0_vlan: left allmulticast mode
[  199.187500][ T9073] veth1_macvtap: left allmulticast mode
[  199.190045][ T9073] veth0_macvtap: left allmulticast mode
[  199.192867][ T9073] macvtap0: left allmulticast mode
[  199.195289][ T9073] macsec0: left allmulticast mode
[  199.197649][ T9073] geneve0: left allmulticast mode
[  199.199731][ T9073] geneve1: left allmulticast mode
[  199.201797][ T9073] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  199.205261][ T9073] netdevsim netdevsim2 netdevsim1: left allmulticast mode
[  199.207600][ T9073] netdevsim netdevsim2 netdevsim2: left allmulticast mode
[  199.209892][ T9073] netdevsim netdevsim2 netdevsim3: left allmulticast mode
[  199.212216][ T9073] mac80211_hwsim hwsim5 wlan0: left allmulticast mode
[  199.215041][ T9073] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  199.217154][ T9073] bridge1: left allmulticast mode
[  199.218885][ T9073] bridge2: left allmulticast mode
[  199.220538][ T9073] bridge3: left allmulticast mode
[  199.222186][ T9073] bridge4: left allmulticast mode
[  199.224359][ T9073] bridge5: left allmulticast mode
[  199.226025][ T9073] veth2: left allmulticast mode
[  199.227640][ T9073] veth3: left allmulticast mode
[  199.229258][ T9073] geneve2: left allmulticast mode
[  199.237359][ T9073] bridge8: left promiscuous mode
[  199.471177][ T9087] sp0: Synchronizing with TNC
[  200.380070][ T9100] netlink: 168 bytes leftover after parsing attributes in process `syz.0.883'.
[  200.890524][ T9104] pim6reg: entered allmulticast mode
[  200.899897][ T9103] pim6reg: left allmulticast mode
[  201.190952][ T9117] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'.
[  201.233299][ T9121] overlayfs: unescaped trailing colons in lowerdir mount option.
[  201.322838][ T1021] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  201.472774][ T1021] usb 7-1: Using ep0 maxpacket: 8
[  201.475932][ T1021] usb 7-1: config 0 interface 0 has no altsetting 0
[  201.478011][ T1021] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  201.480862][ T1021] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.485080][ T1021] usb 7-1: config 0 descriptor??
[  201.905198][ T1021] mcp2221 0003:04D8:00DD.0007: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  201.934447][ T9131] netem: incorrect ge model size
[  201.936253][ T9131] netem: change failed
[  202.109944][ T1021] usb 7-1: USB disconnect, device number 8
[  202.967545][ T9163] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.904'.
[  203.284044][ T9172] sp0: Synchronizing with TNC
[  204.184478][ T9185] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  204.189707][ T9185] dummy0: left allmulticast mode
[  204.191345][ T9185] dummy0: left promiscuous mode
[  204.194010][ T9185] bridge0: port 1(dummy0) entered disabled state
[  204.197913][ T9185] bond1: (slave ip6erspan0): Releasing active interface
[  204.199719][ T9189] Bluetooth: MGMT ver 1.23
[  204.205707][ T9185] netlink: 'syz.2.913': attribute type 10 has an invalid length.
[  204.209005][ T9185] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  204.215302][ T9185] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  204.245011][ T9185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  204.307482][ T9195] overlayfs: failed to resolve './file0': -2
[  204.832631][ T9204] netlink: 16 bytes leftover after parsing attributes in process `syz.2.918'.
[  204.844347][   T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  204.847086][   T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  204.884762][ T1021] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  205.121559][ T9214] tmpfs: Unknown parameter 'quot”–l
[  205.121559][ T9214] Ra³ÆÈ9“´g­»tpHû}b¹.ç:4
úÎY¦¶™
[  205.121559][ T9214] o–{Íeú¢«é¨£9}Ùܼâ&þ­ôl:•'
[  205.132555][ T9214] kernel read not supported for file /eth0 (pid: 9214 comm: syz.2.920)
[  205.136818][   T40] audit: type=1800 audit(1753599257.718:474): pid=9214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.920" name="eth0" dev="mqueue" ino=12937 res=0 errno=0
[  205.352964][ T1021] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  205.618888][ T9221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.922'.
[  205.683175][ T1021] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  205.720802][ T9227] netlink: 20 bytes leftover after parsing attributes in process `syz.0.924'.
[  205.764194][ T9228] sp0: Synchronizing with TNC
[  206.720161][ T9253] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  206.810332][   T40] audit: type=1800 audit(1753599259.388:475): pid=9263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.939" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  206.874683][ T9257] netlink: 'syz.2.936': attribute type 1 has an invalid length.
[  206.893167][ T9257] netlink: 4 bytes leftover after parsing attributes in process `syz.2.936'.
[  206.905022][ T9257] 8021q: adding VLAN 0 to HW filter on device bond3
[  206.908470][ T9257] bond2: (slave bond3): making interface the new active one
[  206.911160][ T9257] bond2: (slave bond3): Enslaving as an active interface with an up link
[  207.419112][ T9272] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  207.929637][ T9296] sp0: Synchronizing with TNC
[  208.813208][   T40] audit: type=1800 audit(1753599261.398:476): pid=9307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.950" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  208.823297][   T40] audit: type=1800 audit(1753599261.398:477): pid=9307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.950" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  208.871915][ T9307] netfs: Couldn't get user pages (rc=-14)
[  209.014172][ T9313] xt_CT: You must specify a L4 protocol and not use inversions on it
[  209.162236][ T9319] openvswitch: netlink: Key type 10512 is out of range max 32
[  209.202855][    C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  209.574910][ T9332] sp0: Synchronizing with TNC
[  210.128035][ T9334] netlink: 8 bytes leftover after parsing attributes in process `syz.2.959'.
[  210.343803][ T9327] bond1: (slave erspan0): Releasing active interface
[  210.372620][ T9327] bridge_slave_0: left allmulticast mode
[  210.374625][ T9327] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.379509][ T9327] bridge_slave_1: left allmulticast mode
[  210.381390][ T9327] bridge_slave_1: left promiscuous mode
[  210.384202][ T9327] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.390468][ T9327] bond0: (slave bond_slave_0): Releasing backup interface
[  210.398038][ T9327] bond0: (slave bond_slave_1): Releasing backup interface
[  210.411613][ T9327] team0: Port device team_slave_0 removed
[  210.419760][ T9327] team0: Port device team_slave_1 removed
[  210.422017][ T9327] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  210.424884][ T9327] batman_adv: batadv0: Removing interface: batadv_slave_0
[  210.428009][ T9327] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  210.430371][ T9327] batman_adv: batadv0: Removing interface: batadv_slave_1
[  210.512110][ T9341] delete_channel: no stack
[  210.618593][ T9349] 9pnet_virtio: no channels available for device syz
[  211.360627][ T9370] sp0: Synchronizing with TNC
[  211.646592][ T9373] delete_channel: no stack
[  211.973342][   T59] usb 6-1: new low-speed USB device number 14 using dummy_hcd
[  212.102804][   T59] usb 6-1: device descriptor read/64, error -71
[  212.190247][ T9390] macvtap0: entered allmulticast mode
[  212.192065][ T9390] veth0_macvtap: entered allmulticast mode
[  212.197039][ T9390] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  212.210460][ T9393] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[  212.213238][ T9393] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[  212.268829][ T9395] delete_channel: no stack
[  212.342857][   T59] usb 6-1: new low-speed USB device number 15 using dummy_hcd
[  212.435086][ T9401] sp0: Synchronizing with TNC
[  212.472785][   T59] usb 6-1: device descriptor read/64, error -71
[  212.584311][   T59] usb usb6-port1: attempt power cycle
[  212.922840][   T59] usb 6-1: new low-speed USB device number 16 using dummy_hcd
[  212.944458][   T59] usb 6-1: device descriptor read/8, error -71
[  213.182910][   T59] usb 6-1: new low-speed USB device number 17 using dummy_hcd
[  213.204881][   T59] usb 6-1: device descriptor read/8, error -71
[  213.313088][   T59] usb usb6-port1: unable to enumerate USB device
[  213.588431][ T9419] FAULT_INJECTION: forcing a failure.
[  213.588431][ T9419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  213.593918][ T9419] CPU: 3 UID: 0 PID: 9419 Comm: syz.3.994 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  213.593934][ T9419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  213.593941][ T9419] Call Trace:
[  213.593945][ T9419]  <TASK>
[  213.593949][ T9419]  dump_stack_lvl+0x16c/0x1f0
[  213.593964][ T9419]  should_fail_ex+0x512/0x640
[  213.593978][ T9419]  _copy_from_user+0x2e/0xd0
[  213.593991][ T9419]  get_user_ifreq+0x116/0x1c0
[  213.594005][ T9419]  sock_do_ioctl+0x16b/0x280
[  213.594018][ T9419]  ? do_vfs_ioctl+0x523/0x1a60
[  213.594033][ T9419]  ? __pfx_sock_do_ioctl+0x10/0x10
[  213.594045][ T9419]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  213.594067][ T9419]  compat_sock_ioctl+0x301/0x730
[  213.594083][ T9419]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  213.594098][ T9419]  ? hook_file_ioctl_common+0x145/0x410
[  213.594116][ T9419]  ? __fget_files+0x20e/0x3c0
[  213.594158][ T9419]  ? __fput_deferred+0x480/0x480
[  213.594184][ T9419]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  213.594204][ T9419]  __ia32_compat_sys_ioctl+0x23f/0x370
[  213.594229][ T9419]  __do_fast_syscall_32+0x7c/0x3a0
[  213.594258][ T9419]  do_fast_syscall_32+0x32/0x80
[  213.594269][ T9419]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  213.594287][ T9419] RIP: 0023:0xf7f34579
[  213.594300][ T9419] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  213.594315][ T9419] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  213.594326][ T9419] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008914
[  213.594337][ T9419] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000
[  213.594346][ T9419] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  213.594355][ T9419] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  213.594363][ T9419] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  213.594382][ T9419]  </TASK>
[  213.887313][ T9426] delete_channel: no stack
[  214.043855][ T9422] syzkaller1: entered promiscuous mode
[  214.045625][ T9422] syzkaller1: entered allmulticast mode
[  214.049020][ T9422] program syz.3.995 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  214.105410][ T1110] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
[  214.108529][ T1110] ata1.00: irq_stat 0x40000000
[  214.110627][ T1110] ata1.00: failed command: ZAC MANAGEMENT OUT
[  214.113259][ T1110] ata1.00: cmd 9f/02:00:00:00:00/00:00:00:00:00/40 tag 11
[  214.113259][ T1110]          res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error)
[  214.120065][ T1110] ata1.00: status: { DRDY ERR }
[  214.127724][ T1110] ata1.00: error: { ABRT }
[  214.129445][ T1110] ata1.00: device reported invalid CHS sector 0
[  214.297589][ T9433] bond0: entered promiscuous mode
[  214.299946][ T9433] bond_slave_0: entered promiscuous mode
[  214.302315][ T9433] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  214.305589][ T9433] hsr1: Slave B (bond_slave_0) is not up; please bring it up to get a fully working HSR network
[  214.308919][ T9433] hsr1: entered promiscuous mode
[  214.614398][ T6028] libceph: connect (1)[c::]:6789 error -101
[  214.617010][ T6028] libceph: mon0 (1)[c::]:6789 connect error
[  214.644134][ T9436] ceph: No mds server is up or the cluster is laggy
[  214.829757][ T9444] sp0: Synchronizing with TNC
[  215.044737][ T9448] Cannot find set identified by id 0 to match
[  215.162423][   T40] audit: type=1800 audit(1753599267.738:478): pid=9452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1005" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  215.170175][   T40] audit: type=1800 audit(1753599267.748:479): pid=9452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1005" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  215.202336][ T9452] netfs: Couldn't get user pages (rc=-14)
[  215.429874][ T9454] delete_channel: no stack
[  217.175024][ T9486] sp0: Synchronizing with TNC
[  217.508805][ T9487] delete_channel: no stack
[  217.867467][ T9496] netlink: 'syz.0.1017': attribute type 10 has an invalid length.
[  217.870735][ T9496] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1017'.
[  217.874720][ T9496] dummy0: entered promiscuous mode
[  217.879936][ T9496] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  217.894862][ T9496] random: crng reseeded on system resumption
[  218.176828][ T9504] capability: warning: `syz.3.1022' uses 32-bit capabilities (legacy support in use)
[  218.180755][ T9504] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1022'.
[  218.706866][ T9517] sp0: Synchronizing with TNC
[  218.817628][ T9523] lo speed is unknown, defaulting to 1000
[  219.096066][ T9535] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  219.549452][ T9543] tipc: Started in network mode
[  219.551085][ T9543] tipc: Node identity 080211000001, cluster identity 4711
[  219.553820][ T9543] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  219.557494][ T9543] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  220.120494][ T9557] sp0: Synchronizing with TNC
[  220.477080][ T9559] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  220.564536][   T60] tipc: Node number set to 134418688
[  220.793965][ T9573] netlink: 'syz.3.1047': attribute type 1 has an invalid length.
[  220.796776][ T9573] netlink: 'syz.3.1047': attribute type 3 has an invalid length.
[  220.799642][ T9573] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1047'.
[  220.895282][ T9575] lo speed is unknown, defaulting to 1000
[  221.952907][ T9596] netlink: 'syz.3.1056': attribute type 1 has an invalid length.
[  221.955234][ T9596] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1056'.
[  222.136338][ T9601] sp0: Synchronizing with TNC
[  222.588066][ T9617] input: syz0 as /devices/virtual/input/input16
[  222.599292][ T9617] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1062'.
[  223.056955][ T9631] hpfs: hpfs_map_sector(): read error
[  224.243680][ T9655] wg2: entered promiscuous mode
[  224.245199][ T9655] wg2: entered allmulticast mode
[  224.453551][ T9659] Cannot find add_set index 1 as target
[  224.752406][ T5972] Bluetooth: hci2: unexpected event for opcode 0x041b
[  225.083458][   T40] audit: type=1800 audit(1753599277.668:480): pid=9673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1082" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  225.104283][ T9673] netfs: Couldn't get user pages (rc=-14)
[  226.652142][ T9709] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  226.962862][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  228.157588][ T9744] lo speed is unknown, defaulting to 1000
[  228.331516][ T9748] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  228.335217][ T9748] syzkaller0: entered promiscuous mode
[  228.337239][ T9748] syzkaller0: entered allmulticast mode
[  228.351117][ T9748] tipc: Resetting bearer <eth:syzkaller0>
[  228.358712][ T9747] tipc: Resetting bearer <eth:syzkaller0>
[  228.368096][ T9747] tipc: Disabling bearer <eth:syzkaller0>
[  228.503504][ T9749] delete_channel: no stack
[  228.686158][ T9755] delete_channel: no stack
[  229.679608][   T40] audit: type=1800 audit(1753599282.258:481): pid=9775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1117" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  229.768110][ T9775] netfs: Couldn't get user pages (rc=-14)
[  230.016755][ T9783] sp0: Synchronizing with TNC
[  230.088154][ T9785] delete_channel: no stack
[  230.352595][ T9797] mmap: syz.0.1125 (9797) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  230.420445][ T9797] dummy0: left promiscuous mode
[  230.460180][ T9797] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  230.466832][ T9797] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  230.506818][ T9797] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.510040][ T9797] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.514150][ T9797] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.517137][ T9797] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  230.545012][ T9797] hsr1: left promiscuous mode
[  231.283289][ T1141] wlan1: Trigger new scan to find an IBSS to join
[  231.782297][ T9820] sp0: Synchronizing with TNC
[  231.967079][ T9821] wg2: entered allmulticast mode
[  232.852661][ T9826] delete_channel: no stack
[  233.596614][ T9853] sp0: Synchronizing with TNC
[  234.233270][ T9869] FAULT_INJECTION: forcing a failure.
[  234.233270][ T9869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  234.238831][ T9869] CPU: 3 UID: 0 PID: 9869 Comm: syz.1.1146 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  234.238847][ T9869] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.238854][ T9869] Call Trace:
[  234.238858][ T9869]  <TASK>
[  234.238863][ T9869]  dump_stack_lvl+0x16c/0x1f0
[  234.238878][ T9869]  should_fail_ex+0x512/0x640
[  234.238891][ T9869]  _copy_from_iter+0x29f/0x16f0
[  234.238905][ T9869]  ? __alloc_skb+0x200/0x380
[  234.238916][ T9869]  ? __pfx__copy_from_iter+0x10/0x10
[  234.238929][ T9869]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  234.238947][ T9869]  netlink_sendmsg+0x829/0xdd0
[  234.238963][ T9869]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.238977][ T9869]  ? __import_iovec+0x1dd/0x650
[  234.238992][ T9869]  ____sys_sendmsg+0xa95/0xc70
[  234.239009][ T9869]  ? __pfx_____sys_sendmsg+0x10/0x10
[  234.239023][ T9869]  ? get_compat_msghdr+0x11a/0x170
[  234.239041][ T9869]  ___sys_sendmsg+0x134/0x1d0
[  234.239053][ T9869]  ? __pfx____sys_sendmsg+0x10/0x10
[  234.239071][ T9869]  ? find_held_lock+0x2b/0x80
[  234.239091][ T9869]  __sys_sendmsg+0x16d/0x220
[  234.239103][ T9869]  ? __pfx___sys_sendmsg+0x10/0x10
[  234.239120][ T9869]  ? rcu_is_watching+0x12/0xc0
[  234.239133][ T9869]  __do_fast_syscall_32+0x7c/0x3a0
[  234.239147][ T9869]  do_fast_syscall_32+0x32/0x80
[  234.239158][ T9869]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  234.239172][ T9869] RIP: 0023:0xf7f94579
[  234.239180][ T9869] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  234.239191][ T9869] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  234.239201][ T9869] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  234.239208][ T9869] RDX: 000000002004c810 RSI: 0000000000000000 RDI: 0000000000000000
[  234.239218][ T9869] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  234.239224][ T9869] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  234.239230][ T9869] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  234.239243][ T9869]  </TASK>
[  234.244936][   T46] wlan1: Trigger new scan to find an IBSS to join
[  234.277657][ T9871] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  234.324893][ T9871] syzkaller0: entered promiscuous mode
[  234.326682][ T9871] syzkaller0: entered allmulticast mode
[  234.341504][ T9871] syzkaller0: mtu less than device minimum
[  234.346717][ T9870] tipc: Resetting bearer <eth:syzkaller0>
[  234.358541][ T9870] tipc: Disabling bearer <eth:syzkaller0>
[  234.501558][ T5972] Bluetooth: hci2: unexpected event for opcode 0x041b
[  235.088414][ T9878] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  235.090432][ T9878] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  235.137032][ T9878] vhci_hcd vhci_hcd.0: Device attached
[  235.233556][ T9888] delete_channel: no stack
[  235.315530][   T40] audit: type=1326 audit(1753599287.898:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.332886][   T40] audit: type=1326 audit(1753599287.898:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.339206][   T40] audit: type=1326 audit(1753599287.898:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.351037][   T40] audit: type=1326 audit(1753599287.898:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.362564][   T40] audit: type=1326 audit(1753599287.898:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.372397][   T40] audit: type=1326 audit(1753599287.898:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.380449][   T40] audit: type=1326 audit(1753599287.898:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.388768][   T40] audit: type=1326 audit(1753599287.898:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.396120][   T40] audit: type=1326 audit(1753599287.898:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.402525][   T40] audit: type=1326 audit(1753599287.898:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9890 comm="syz.2.1153" exe="/syz-executor" sig=0 arch=40000003 syscall=228 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  235.424596][ T9880] vhci_hcd: connection closed
[  235.425091][   T13] vhci_hcd: stop threads
[  235.427871][   T13] vhci_hcd: release socket
[  235.433980][ T6028] usb 44-1: SetAddress Request (6) to port 0
[  235.435831][ T6028] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd
[  235.438118][   T13] vhci_hcd: disconnect device
[  235.449579][ T9900] netfs: Couldn't get user pages (rc=-14)
[  235.452932][ T6028] usb 44-1: enqueue for inactive port 0
[  235.864181][ T6028] usb usb44-port1: attempt power cycle
[  236.043814][ T9909] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  236.046736][ T9909] CPU: 1 UID: 0 PID: 9909 Comm: syz.3.1160 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  236.046752][ T9909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  236.046759][ T9909] Call Trace:
[  236.046764][ T9909]  <TASK>
[  236.046768][ T9909]  dump_stack_lvl+0x16c/0x1f0
[  236.046785][ T9909]  sysfs_warn_dup+0x7f/0xa0
[  236.046803][ T9909]  sysfs_do_create_link_sd+0x124/0x140
[  236.046822][ T9909]  sysfs_create_link+0x61/0xc0
[  236.046840][ T9909]  device_add+0x62c/0x1a70
[  236.046857][ T9909]  ? __pfx_device_add+0x10/0x10
[  236.046871][ T9909]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  236.046890][ T9909]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  236.046906][ T9909]  wiphy_register+0x1c9c/0x2850
[  236.046920][ T9909]  ? netdev_run_todo+0x864/0x1320
[  236.046933][ T9909]  ? __dev_printk+0x210/0x270
[  236.046946][ T9909]  ? __pfx_wiphy_register+0x10/0x10
[  236.046969][ T9909]  ieee80211_register_hw+0x24ac/0x4140
[  236.046989][ T9909]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  236.047005][ T9909]  ? find_held_lock+0x2b/0x80
[  236.047017][ T9909]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  236.047034][ T9909]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  236.047050][ T9909]  ? __hrtimer_setup+0x176/0x280
[  236.047069][ T9909]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  236.047089][ T9909]  ? trace_kmalloc+0x2b/0xd0
[  236.047101][ T9909]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  236.047114][ T9909]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  236.047125][ T9909]  ? hwsim_new_radio_nl+0xa0e/0x12c0
[  236.047137][ T9909]  ? __asan_memcpy+0x3c/0x60
[  236.047156][ T9909]  hwsim_new_radio_nl+0xb51/0x12c0
[  236.047169][ T9909]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  236.047185][ T9909]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  236.047202][ T9909]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  236.047222][ T9909]  genl_family_rcv_msg_doit+0x209/0x2f0
[  236.047238][ T9909]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  236.047254][ T9909]  ? trace_cap_capable+0x18d/0x200
[  236.047272][ T9909]  ? bpf_lsm_capable+0x9/0x10
[  236.047287][ T9909]  ? security_capable+0x7e/0x260
[  236.047301][ T9909]  ? ns_capable+0xd7/0x110
[  236.047314][ T9909]  genl_rcv_msg+0x55c/0x800
[  236.047330][ T9909]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.047346][ T9909]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  236.047359][ T9909]  ? __lock_acquire+0x622/0x1c90
[  236.047376][ T9909]  netlink_rcv_skb+0x158/0x420
[  236.047389][ T9909]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.047405][ T9909]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  236.047425][ T9909]  ? netlink_deliver_tap+0x1ae/0xd30
[  236.047437][ T9909]  ? is_vmalloc_addr+0x86/0xa0
[  236.047456][ T9909]  genl_rcv+0x28/0x40
[  236.047470][ T9909]  netlink_unicast+0x58a/0x850
[  236.047487][ T9909]  ? __pfx_netlink_unicast+0x10/0x10
[  236.047505][ T9909]  netlink_sendmsg+0x8d1/0xdd0
[  236.047522][ T9909]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.047539][ T9909]  ? __import_iovec+0x1dd/0x650
[  236.047556][ T9909]  ____sys_sendmsg+0xa95/0xc70
[  236.047575][ T9909]  ? __pfx_____sys_sendmsg+0x10/0x10
[  236.047589][ T9909]  ? get_compat_msghdr+0x11a/0x170
[  236.047604][ T9909]  ? __pfx_futex_wake_mark+0x10/0x10
[  236.047623][ T9909]  ___sys_sendmsg+0x134/0x1d0
[  236.047635][ T9909]  ? __pfx____sys_sendmsg+0x10/0x10
[  236.047654][ T9909]  ? find_held_lock+0x2b/0x80
[  236.047675][ T9909]  __sys_sendmsg+0x16d/0x220
[  236.047687][ T9909]  ? __pfx___sys_sendmsg+0x10/0x10
[  236.047698][ T9909]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  236.047719][ T9909]  ? rcu_is_watching+0x12/0xc0
[  236.047733][ T9909]  __do_fast_syscall_32+0x7c/0x3a0
[  236.047746][ T9909]  do_fast_syscall_32+0x32/0x80
[  236.047758][ T9909]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.047771][ T9909] RIP: 0023:0xf7f34579
[  236.047780][ T9909] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  236.047791][ T9909] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  236.047801][ T9909] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  236.047808][ T9909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  236.047814][ T9909] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.047820][ T9909] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  236.047826][ T9909] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.047840][ T9909]  </TASK>
[  236.306345][ T9914] ipvlan2: entered promiscuous mode
[  236.505816][ T6028] usb usb44-port1: unable to enumerate USB device
[  236.559743][ T9918] sp0: Synchronizing with TNC
[  237.204970][   T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.206622][ T9922] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  237.217556][ T9922] tipc: Resetting bearer <eth:syzkaller0>
[  237.295200][ T9919] delete_channel: no stack
[  237.313421][ T9926] FAULT_INJECTION: forcing a failure.
[  237.313421][ T9926] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  237.319002][ T9926] CPU: 1 UID: 0 PID: 9926 Comm: syz.2.1166 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  237.319027][ T9926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  237.319038][ T9926] Call Trace:
[  237.319044][ T9926]  <TASK>
[  237.319052][ T9926]  dump_stack_lvl+0x16c/0x1f0
[  237.319074][ T9926]  should_fail_ex+0x512/0x640
[  237.319097][ T9926]  should_fail_alloc_page+0xe7/0x130
[  237.319119][ T9926]  prepare_alloc_pages+0x3c2/0x610
[  237.319148][ T9926]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  237.319182][ T9926]  ? __lock_acquire+0x622/0x1c90
[  237.319209][ T9926]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  237.319240][ T9926]  ? ctx_flush_and_put+0x161/0x410
[  237.319268][ T9926]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  237.319296][ T9926]  ? policy_nodemask+0xea/0x4e0
[  237.319320][ T9926]  alloc_pages_mpol+0x1fb/0x550
[  237.319341][ T9926]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  237.319370][ T9926]  alloc_pages_noprof+0x131/0x390
[  237.319391][ T9926]  pte_alloc_one+0x1c/0x3a0
[  237.319408][ T9926]  __do_fault+0x320/0x490
[  237.319426][ T9926]  ? __pfx_filemap_map_pages+0x10/0x10
[  237.319445][ T9926]  __handle_mm_fault+0x374c/0x5490
[  237.319476][ T9926]  ? __pfx___handle_mm_fault+0x10/0x10
[  237.319500][ T9926]  ? lock_vma_under_rcu+0x47d/0x970
[  237.319525][ T9926]  ? lock_vma_under_rcu+0x47d/0x970
[  237.319571][ T9926]  handle_mm_fault+0x589/0xd10
[  237.319598][ T9926]  ? __pkru_allows_pkey+0x51/0xb0
[  237.319624][ T9926]  do_user_addr_fault+0x60c/0x1370
[  237.319651][ T9926]  ? rcu_is_watching+0x12/0xc0
[  237.319674][ T9926]  exc_page_fault+0x5c/0xb0
[  237.319691][ T9926]  asm_exc_page_fault+0x26/0x30
[  237.319707][ T9926] RIP: 0023:0xf71d87e6
[  237.319720][ T9926] Code: 03 76 37 f7 c6 03 00 00 00 74 16 a4 49 f7 c6 03 00 00 00 74 0c a4 49 f7 c6 03 00 00 00 74 02 a4 49 50 89 c8 c1 e9 02 83 e0 03 <f3> a5 89 c1 f3 a4 58 89 c7 89 d6 8b 44 24 04 c3 d1 e9 73 01 a4 d1
[  237.319738][ T9926] RSP: 002b:00000000f5065548 EFLAGS: 00010246
[  237.319752][ T9926] RAX: 0000000000000000 RBX: 00000000f73f4ff4 RCX: 0000000000000012
[  237.319761][ T9926] RDX: 0000000000000000 RSI: 0000000080000180 RDI: 0000000080ffb020
[  237.319767][ T9926] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  237.319774][ T9926] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  237.319780][ T9926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.319794][ T9926]  </TASK>
[  237.319943][ T9926] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  237.602868][ T5964] Bluetooth: hci2: command 0x0c1a tx timeout
[  237.658489][ T9932] trusted_key: encrypted_key: insufficient parameters specified
[  237.746426][ T9933] syzkaller0: entered promiscuous mode
[  237.748214][ T9933] syzkaller0: entered allmulticast mode
[  238.010339][ T9939] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1170'.
[  238.611251][ T9950] delete_channel: no stack
[  238.842432][ T9959] sp0: Synchronizing with TNC
[  239.224163][ T9973] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1183'.
[  239.521954][ T9984] delete_channel: no stack
[  239.600653][ T9988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1187'.
[  239.607121][ T9988] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1187'.
[  239.611436][ T9988] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1187'.
[  239.715425][ T9992] sp0: Synchronizing with TNC
[  240.850439][   T40] kauditd_printk_skb: 70 callbacks suppressed
[  240.850450][   T40] audit: type=1800 audit(1753599293.428:562): pid=10008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1194" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  240.862093][   T40] audit: type=1800 audit(1753599293.438:563): pid=10008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1194" name="bus" dev="9p" ino=35913966 res=0 errno=0
[  241.098794][T10008] netfs: Couldn't get user pages (rc=-14)
[  241.681547][T10015] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI
[  241.685353][T10015] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[  241.688731][T10015] CPU: 3 UID: 0 PID: 10015 Comm: syz.0.1194 Not tainted 6.16.0-rc7-syzkaller-00127-g302f88ff3584 #0 PREEMPT(full) 
[  241.692854][T10015] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  241.696608][T10015] RIP: 0010:iter_file_splice_write+0xa4e/0x1150
[  241.698642][T10015] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 1a 05 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 ee 04 00 00 49 8b 54 24 08 4c 89 ee 4c 89 f7 83
[  241.705083][T10015] RSP: 0018:ffffc900064a7900 EFLAGS: 00010202
[  241.707036][T10015] RAX: 000000000004eed1 RBX: dffffc0000000000 RCX: ffffc9000e8b1000
[  241.709577][T10015] RDX: 0000000000000001 RSI: ffffffff824256b6 RDI: 0000000000000008
[  241.712135][T10015] RBP: 0000000000000037 R08: 0000000000000006 R09: 0000000000000000
[  241.714684][T10015] R10: 7fffffffffffefff R11: 0000000000000000 R12: 0000000000000000
[  241.717204][T10015] R13: ffff88806d173118 R14: ffff8880136e3c00 R15: 7fffffffffffefff
[  241.719831][T10015] FS:  0000000000000000(0000) GS:ffff88809782d000(0063) knlGS:00000000f5025b40
[  241.722812][T10015] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  241.725245][T10015] CR2: 000000002fffbff8 CR3: 000000006097c000 CR4: 0000000000352ef0
[  241.727785][T10015] Call Trace:
[  241.728860][T10015]  <TASK>
[  241.729801][T10015]  ? copy_splice_read+0x89c/0xba0
[  241.731397][T10015]  ? __pfx_iter_file_splice_write+0x10/0x10
[  241.733363][T10015]  ? __pfx_copy_splice_read+0x10/0x10
[  241.735107][T10015]  ? __pfx_iter_file_splice_write+0x10/0x10
[  241.736991][T10015]  direct_splice_actor+0x18f/0x6c0
[  241.738606][T10015]  splice_direct_to_actor+0x342/0xa30
[  241.740277][T10015]  ? __pfx_direct_splice_actor+0x10/0x10
[  241.742040][T10015]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  241.743905][T10015]  do_splice_direct+0x174/0x240
[  241.745430][T10015]  ? __pfx_do_splice_direct+0x10/0x10
[  241.747110][T10015]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  241.748998][T10015]  ? rw_verify_area+0xcf/0x680
[  241.750529][T10015]  do_sendfile+0xb06/0xe50
[  241.751951][T10015]  ? __pfx_do_sendfile+0x10/0x10
[  241.753612][T10015]  ? rcu_is_watching+0x12/0xc0
[  241.755119][T10015]  ? kfree+0x24f/0x4d0
[  241.756404][T10015]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  241.758184][T10015]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  241.760114][T10015]  ? rcu_is_watching+0x12/0xc0
[  241.761605][T10015]  __do_fast_syscall_32+0x7c/0x3a0
[  241.763251][T10015]  do_fast_syscall_32+0x32/0x80
[  241.764912][T10015]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.766878][T10015] RIP: 0023:0xf7f24579
[  241.768183][T10015] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  241.774086][T10015] RSP: 002b:00000000f502555c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  241.776640][T10015] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000004
[  241.779099][T10015] RDX: 0000000000000000 RSI: 000000000003ffff RDI: 0000000000000000
[  241.781533][T10015] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  241.783964][T10015] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  241.786443][T10015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.788885][T10015]  </TASK>
[  241.789865][T10015] Modules linked in:
[  241.791487][T10015] ---[ end trace 0000000000000000 ]---
[  241.795675][T10015] RIP: 0010:iter_file_splice_write+0xa4e/0x1150
[  241.797652][T10015] Code: 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 1a 05 00 00 4d 8b 65 10 49 c7 45 10 00 00 00 00 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 ee 04 00 00 49 8b 54 24 08 4c 89 ee 4c 89 f7 83
[  241.804053][T10015] RSP: 0018:ffffc900064a7900 EFLAGS: 00010202
[  241.806019][T10015] RAX: 000000000004eed1 RBX: dffffc0000000000 RCX: ffffc9000e8b1000
[  241.808602][T10015] RDX: 0000000000000001 RSI: ffffffff824256b6 RDI: 0000000000000008
[  241.810992][T10015] RBP: 0000000000000037 R08: 0000000000000006 R09: 0000000000000000
[  241.813780][T10015] R10: 7fffffffffffefff R11: 0000000000000000 R12: 0000000000000000
[  241.816304][T10015] R13: ffff88806d173118 R14: ffff8880136e3c00 R15: 7fffffffffffefff
[  241.818773][T10015] FS:  0000000000000000(0000) GS:ffff88809782d000(0063) knlGS:00000000f5025b40
[  241.821525][T10015] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  241.823996][T10015] CR2: 00007fb2e894ead0 CR3: 000000006097c000 CR4: 0000000000352ef0
[  241.826519][T10015] Kernel panic - not syncing: Fatal exception
[  241.829054][T10015] Kernel Offset: disabled
[  241.830432][T10015] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:54:54  Registers:
info registers vcpu 0

CPU#0
RAX=00000000000000f6 RBX=0000000000000001 RCX=000000000000083f RDX=0000000000000000
RSI=00000000000000f6 RDI=000000000000003f RBP=ffff88801d6ca0f0 RSP=ffffc90000007bb0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000005c9d
R12=1ffff92000000f7b R13=1ffff11003ad9401 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81694f98 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809752d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000300f4ff8 CR3=000000006097c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000839ec874 RBX=0000000000000000 RCX=0000000000000001 RDX=0000000000000093
RSI=ffffffff815fb799 RDI=ffffffff8e3c7260 RBP=000000000000b93c RSP=ffffc9000046fd78
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=ffff88802b23b260
R12=000000382de5a507 R13=dffffc0000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff815fb79c RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809762d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000302fcff8 CR3=000000005ff72000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000002ecd9c RBX=0000000000000002 RCX=ffffffff8b82bc69 RDX=ffffed1005686646
RSI=ffffffff8c155e60 RDI=ffffffff819197c1 RBP=ffffed1003bd4910 RSP=ffffc9000047fdf8
R8 =0000000000000000 R9 =ffffed1005686645 R10=ffff88802b43322b R11=0000000000000001
R12=0000000000000002 R13=ffff88801dea4880 R14=ffffffff90a95d50 R15=0000000000000000
RIP=ffffffff8b82a7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809772d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055b6b714f000 CR3=000000006097c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7424ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8556d185 RDI=ffffffff9b09f540 RBP=ffffffff9b09f500 RSP=ffffc900064a7270
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043
R12=0000000000000000 R13=0000000000000038 R14=ffffffff9b09f500 R15=ffffffff8556d120
RIP=ffffffff8556d1af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809782d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fffbff8 CR3=000000006097c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000