last executing test programs:

3m38.179687267s ago: executing program 0 (id=851):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000008000000e27f000001000000000000002ae6ba0d3e9a5647d6df09e6edc87d8a85ba8035d210e825556c1f2d131a4f8fd3754d65ea56035dfacc97a851bdc5fc8eff", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES16, @ANYBLOB="207b505d50848f95b900003b8c53600000"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
mount$fuse(0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_i', @ANYRESDEC=0x0, @ANYBLOB, @ANYBLOB=',\x00'])
read$FUSE(0xffffffffffffffff, &(0x7f0000004200)={0x2020}, 0x2020)
syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x130, 0x0, 0x0, {0x0, 0x0, 0x0, '\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000}}}})
write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000100))
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r5 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r5}, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r6, 0x400448de, &(0x7f00000000c0)={0x0, 0x0, "a46a91"})
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
epoll_create(0xfffffffb)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r7, 0x404c534a, &(0x7f0000000380)={0x6, 0x0, 0xfffffffc})

3m35.416727993s ago: executing program 0 (id=860):
r0 = fcntl$getown(0xffffffffffffffff, 0x9)
sched_setaffinity(r0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
epoll_create1(0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f0000cab000))
getresuid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580))
timer_create(0x6, &(0x7f0000000200)={0x0, 0x20, 0x4}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x8}, 0x90)
ioctl$RTC_PIE_ON(r1, 0x7005)
syz_io_uring_setup(0x5e2, 0x0, 0x0, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
fstat(r3, &(0x7f0000000240))
socket$inet6(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d89, 0x8}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000240)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x8aa, 0x0, 0x0, 0x0, 0x0)

3m34.554326916s ago: executing program 0 (id=865):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000040)='tracefs\x00', 0x3, 0x0)
r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000600)='\xeasa\x9a\x8b\x9c\xc7\x1b.\x85\x92\xb2\xbc2=Y\xd3\x17Y\xac-\x14\x1a\xc3\xcd\x1c\xee\xdc\xc1\xb8\x15\x99\xb4\x9aAUrl\x82\x8c8=_\tA\xf6d\xf7w\xc4 \x89\xbf\xa6\xc7|`\x18^\xac\x01N\xf7\x02M\xacM\x93\x80\xc9\x9eO\xc6)\xd70\x9d\xd0\x89\xd7\xbb <\x8a\x1e\t\xf8\xab\x9f\x98rwf\x88\xdc\xa5\xcc\xc7\xce\xe5\x10:sc\xe2Xc|t\x91d,>\xb6\xc9\vn7\x99p\x1f\xbe\xc5&@\xbc\xc2\x17\xa4d\xd5\a\xc0\x1f\xf9\x18\x9c\x14\x9e,\xfd\xff\xff\xff\xff\xff\xff\xff\xdbH\xa7k\xd6\x19p\xf5Z\xc8nx\\1\xcb\xd3@\x8e\xb8x\xb52\xceC\xec\x1f\x98', 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000080)="932870e9927cf2edb67a03a4cdf1e5f0c993ed2b86a8e282b838920aba9f8afe92c93ba9b0372ab97b4282cbde7ef70c5594e711b201a686b92e1bbd69a7372d5b56b803d9368e6307c8b1721e103cacc68a3b708d58ca971f62f9d455fb424bcf14767424fceaebe638bb90f85b4314a7e37097aa4fd6f02998fd9f002e4e650bff16fa66cbf2266ea5653fe174d475bb0745be4ab6d12b4d8bebbe2c3ca1dbece8226b5eececd382cddc23231e2ba7a4bc812f6f2a9237250d86d5a8da99", 0xbf}, {0x0}, {&(0x7f0000000500)="71826a18b67bb4244d676047f1262972fdff78f93083fcbc91feda1ea53bca38f629317e09819ce023436847a023421071a89c6c6b2915e0de671dd79d0c6201702e5d9353343fd35f252a801131d48a6514d8954eccc46e7c13ad224c4402b8dba3b28efb026ee71654d2a3a3342947ca3fefc68611cd2cb44267943e7eb42cdadc2e7424ea3d2afef419c797c455cc520b6724035378f5253d000000000000000000000000000000724fa4e7f7e53342a2289a41f8337db11721a3909a9a031fa08a6819c793f5deacc5", 0xcb}, {&(0x7f0000000300)="6babaf1a1febc3ff6e1e383344ee8f9897d6e2fc2384256d011c69cf6e91c47eff75c30cd84e31b7d69b8e81184994c15a0400699a14ff049f701e3e27fba4e8f83b8621c66dce236a183518f078cbc4ff35eb57b4f07cd2", 0x58}], 0x4)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = open(0x0, 0x4c00, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x101)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff16)
mkdirat(r3, &(0x7f0000000040)='./bus\x00', 0x103)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
chdir(&(0x7f0000000180)='./bus\x00')
r4 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r5 = open(&(0x7f00000003c0)='./bus\x00', 0x101002, 0x181)
write$binfmt_elf64(r4, &(0x7f00000002c0)=ANY=[], 0x76)
dup3(r5, r4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)

3m32.606611046s ago: executing program 0 (id=874):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, 0x0, &(0x7f00000002c0)=<r2=>0x0, 0x0)
syz_io_uring_submit(r2, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f0000000480)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f00000003c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}], 0x2, 0x0) (fail_nth: 19)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x17, &(0x7f0000000200)=@sack_info={r5}, 0xc)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000440)=@secondary)
add_key$keyring(&(0x7f0000000280), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000400))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa, &(0x7f0000000580)=[0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa4, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xbc, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10)

3m32.216505399s ago: executing program 0 (id=881):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000004a00010000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="23fedb4f"], 0x1c}}, 0x0)
socket$netlink(0x10, 0x3, 0x1)
prlimit64(0x0, 0x2, &(0x7f0000000140)={0x8, 0xffffffff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0))
sched_setaffinity(r1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000140)={0x14, 0x1, 0x0, "1c13ebdaf2f20d55806b26b1d750185fd75a606da058e85b2197edb1439b1cc2"})
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
openat$cuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x42, 0x0)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0x0)
r4 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "a9806c169ff8bda2435d1a6c706f65805b64191257490d55dff6e26af71b0677ee17ff096b28c3508bf948b7642d2a1ffc9d0d527a477ce161bc1f7fcf3f627d", 0x23}, 0x48, r3)
r5 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, r3)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r5)
keyctl$search(0xa, r3, &(0x7f0000000280)='id_resolver\x00', &(0x7f00000002c0)={'syz', 0x3}, r5)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
add_key(&(0x7f0000000380)='dns_resolver\x00', &(0x7f00000003c0)={'syz', 0x1}, 0x0, 0x0, r5)
r6 = add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$KEYCTL_MOVE(0x1e, 0x0, r6, r3, 0x1)
add_key$fscrypt_v1(&(0x7f0000000500), &(0x7f0000000540)={'fscrypt:', @desc2}, &(0x7f0000000580)={0x0, "45e8392321184ac547aa545bbac53d017d1262f7a54e6feea63dd60db5c067a2b4e57c0996c5f0d8a7263cf8924f5d624f8a660c0c170d1671e94f64af8bcc8f", 0x16}, 0x48, 0xfffffffffffffffd)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000680), 0x0, 0x0, 0x0)
r7 = request_key(&(0x7f0000000780)='blacklist\x00', &(0x7f00000007c0)={'syz', 0x3}, &(0x7f0000000800)=')\x00', 0xfffffffffffffffd)
keyctl$invalidate(0x15, r7)

3m31.92493903s ago: executing program 0 (id=883):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x600, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000000c0)={[{0x2, 0x0, 0x40, 0x6, 0x7, 0x80, 0x8, 0x2, 0x7, 0xf, 0x1, 0x1, 0x3}, {0x1, 0x0, 0x0, 0xd, 0x8, 0x7f, 0x0, 0x2, 0xd4, 0x8, 0x9, 0x7, 0x8}, {0x6, 0x5, 0x2e, 0x9, 0x7, 0x2, 0x59, 0x2, 0x7, 0x0, 0x7, 0x4, 0xfffffffffffffff7}], 0x9})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0xfe, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0xfc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x35, 0x336, 0x0, 0x0, 0x0, 0x0, 0x69, 0x3, 0x4, 0x80000000000000, 0x80000000000, 0x31b, 0xd, 0x0, 0x0, 0x8004], 0x1, 0x3c4210})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)

3m31.880547399s ago: executing program 32 (id=883):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x600, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000000c0)={[{0x2, 0x0, 0x40, 0x6, 0x7, 0x80, 0x8, 0x2, 0x7, 0xf, 0x1, 0x1, 0x3}, {0x1, 0x0, 0x0, 0xd, 0x8, 0x7f, 0x0, 0x2, 0xd4, 0x8, 0x9, 0x7, 0x8}, {0x6, 0x5, 0x2e, 0x9, 0x7, 0x2, 0x59, 0x2, 0x7, 0x0, 0x7, 0x4, 0xfffffffffffffff7}], 0x9})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0xfe, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0xfc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x35, 0x336, 0x0, 0x0, 0x0, 0x0, 0x69, 0x3, 0x4, 0x80000000000000, 0x80000000000, 0x31b, 0xd, 0x0, 0x0, 0x8004], 0x1, 0x3c4210})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)

1m44.715340891s ago: executing program 2 (id=1419):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c01000019000100000000000000000020010000000000000000000000000000ac1414aa0000ffffffff000000000000000000000072b4000a00000800000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a0000000000000000000000804000000000000000000000000000000000000000000084000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff0000000000000000000000000000000000030000000000000000000000000000fe8000000000000000000000000000bb000000003300000000000000fe8000"/240], 0x13c}}, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a0000000210001000000000000000000fe8000000000000000000000000000aafc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000050001100ac1400000000000000000000000000ff020000000000000000000000000001e0000002000000000000000000000000fc020000000000000000000000000000000000000000000000000a009874579c67e16b6c0eb7045dff18a331b58766"], 0xa0}}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') (async)
mremap(&(0x7f000000d000/0x2000)=nil, 0xfffffffffffffe74, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil) (async)
r2 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r2, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="02", 0x33fe0}, {0x0}], 0x2}, 0x0)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
madvise(&(0x7f0000899000/0x1000)=nil, 0x1000, 0x9) (async)
syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f00000000c0), &(0x7f0000000280))
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
socketpair(0x22, 0x5, 0x0, &(0x7f0000000040)) (async)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000140)={"9fcaa0504b38d5004b9277c079417ff857dc9b7ac770169aed764b4d2ada8bde", 0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000200)={"fe0d1acce4a37ef94acd000200", r3}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
kcmp(r4, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x4010, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sched_setaffinity(r4, 0x52, &(0x7f0000000280)=0x5) (async)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r7, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) (async)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)

1m44.680408829s ago: executing program 2 (id=1420):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
sendmsg$alg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x4004800)
sendto(r1, &(0x7f00000004c0)="c03893df98d614430fea51a47aa3886f7fbca409b60ac85ab2c3d08443400f4b21", 0x21, 0x20000004, 0x0, 0x0)
recvmsg$can_raw(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000003c0)=""/210, 0xd2}], 0x1}, 0x40010020)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r3, &(0x7f0000001600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=""/239, 0xef}, 0x7fffffff}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r4 = syz_open_dev$vcsn(&(0x7f0000000000), 0x100, 0x2a0301)
getpeername$packet(r4, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELCHAIN={0x14, 0x5, 0xa, 0x9, 0x0, 0x0, {0x2}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}}, 0x0)

1m44.565294192s ago: executing program 2 (id=1421):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async, rerun: 64)
syz_emit_ethernet(0xa6, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6012000800703afffe8000000000000000000000000000bbff02000000000000000000000000000186009078080002000000000000000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af18020001ffffffffff60000000f80000000000000050736a51de9d73323cafa138e7bf42827c4697c6dcc48b3a802a49950d45d2e837a9da941c9d1b9bf63b31838b62687744dbff03"], 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 32)
r0 = getpid() (rerun: 32)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x85b7e000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async, rerun: 64)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (rerun: 64)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xa0000) (async, rerun: 64)
keyctl$link(0x1d, 0x0, 0x0) (async, rerun: 64)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r5, &(0x7f0000000180)="010000000000", 0x6, 0x0, &(0x7f0000000340)={0x2, 0x0, @rand_addr=0x64010101}, 0x10) (async, rerun: 64)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (rerun: 64)
ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8936, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0xfffdffff}) (async)
recvfrom$inet(r5, 0x0, 0x0, 0x220, 0x0, 0x0) (async)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r7}, 0x10) (async, rerun: 64)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000000)={@local}) (rerun: 64)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000200)={@host}) (async)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, &(0x7f0000000000)={@local}) (async)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, &(0x7f00000001c0)={@hyper})
close_range(r2, 0xffffffffffffffff, 0x0)

1m44.385419046s ago: executing program 2 (id=1422):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000f00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000f00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bind$unix(r1, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) (async)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000005800)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) (async)
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000540)=0x10000)
chdir(&(0x7f0000000140)='./bus\x00') (async)
chdir(&(0x7f0000000140)='./bus\x00')
creat(&(0x7f0000000040)='./file0\x00', 0x0) (async)
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r3) (async)
close(r3)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f000000c3c0)={0x2020, 0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
chmod(&(0x7f0000000140)='./file0\x00', 0xc0) (async)
chmod(&(0x7f0000000140)='./file0\x00', 0xc0)
write$FUSE_INIT(r3, &(0x7f0000000500)={0x50, 0x0, r5, {0x7, 0x1f, 0xffffffff, 0x2301508, 0x0, 0x401, 0x100, 0x8}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000061c0)="c0f61a5fb77193bea0c6599de09cf570067192ff7d5bf191681878eb121895cd4c4052feb0a5196b61ab6e28d35aec54bb2aee6802a27f50c4e8f36a2b1bb12d93dbcd320ed338fd1a8ed43a2dcb2bf11c773ae982800321c7dcd67fa8930472eee2990090cc2a92f3373d898573a2cd1712c18ea624e82422c96f0d8895bfc4541911ff3662cd28fd55d795d1a5f31c92defbed88d48db688f899fe88997b057ce3e898eaf9eb2e76a59c1d2c10610768b3296595221c2b063ca2aa664fa0a5456c4e2bcddc7f856e2e29ce1b8852997a4d24f918408bfa9969074de495dd4cc9591e48287d78a2b3e0de09b48eb5b6bf78c6afd134b09770c164000d1f300c92877afe8be5d381c38da3b5fb9bd540c2f43c7dd2ec8dcff2af3517ba839c827866d10608964445bdead091df1264f5591e91d2f31b2015dff1b3b7ff0a5dc8b15748278849ddf4389ca7112ec1ca45957e2809b3d763e336f7051ac4e832ec61d1b95b9266565293806933dd8e3b65eaa1b4fe7946056703426674379ccec7abff1c459b91248f3a1d9e8103ae395aa86dd4235a5c16d9bd12dcb1ea9565a7c3d58d247a51db6d9077ecf47152d0733d79a5c449480c40b1cf8e115df4de3404b73ad06ac4c0d03f3b51d1b89b05ded082a5db1f5fbd8d351015b93862b2cc0995fb318609237e404e8d78d8982af761c27ad1fbc8f4693194c5e6b99edcb7a6e9dd261a386d8ed4420a7c12cbdcc86ab19f4e7a6c0c9b80fa3f0549ae57b38a93f669a87584b81e56211b34263db87c2d244e422878aa93e2c24260c71d06f75da33079b48b7072859669c128ba03d1487336a4a04167f2a3fa928d002c8b3cafdedf7a479604aa8f94e6b7ba58395df3d136b783f7be6b0b6b7b4b735c88a53da064a493b16713726b39ce23f08af19a671fe81be1e9772d87ca9cb5dccc35759fe3f7935a3167924d0a7d1586821ffebe0fa57e72a24967f7958875c4bf56d779369074db0077ee58138400c2f646c645e0f453e9e39aaf48da67775f59f8e282db3dec88bbe20ca6e65e2c7e44ab0583840513bfab76d94d1512549ea6db4a5a64cbe6f76b0ecdb2f1f71aa6446bcf4f7249366474cb77ed70ccb2702134b9dc6c2bfaf27ac9a9c85b8d9c48d100ae8c0eaa34701d2125a405b1117307119b754ccbbbcb2c8b71eb76d1157ddc7fbe0c75652a4cfc31d785a489f2344d8b4c47ff1b772104f49658f62d6241ef7f782db0cc071788b3dfa74e69533cd0a02ffadacdfbc8b5a83b9d4b8db068b5a7370f947fc4a99158c6296a442beba2e23ac1ef68c50f19851f3fb68b67fb714a5e7e53bb5a7690286cac12f2b002e854d8595075fbd00622b29bd423c3dbaf600ad6f37c96dcde43de6290b053c76df5620ce17118e2230039304c88a0d207c7cd05dd3854c545cdbebe907cc4d3411a382afed5e080502363cebe68e2c8dc1f800ea4add827a83a9cdf0fe6d54eabfca5a0ba370a06a4af1c49a60cd19141a4d994fbcce888278ade6300bd40685267fcdf1317cdb3b06cae9e7d9edb08d5c98b6d7115c025fcc05058a515adcc23c65ce526aed3b8203f3c54986f65ba9ffe2a9bc26b2813a1fe339ba2a58515cb8375e2d62550bf35dfd4fbdb75a70bb9fdc47d3d0346a65b986b7efd12aab760124b6888480b341b16ef2fea93fe2fbdeb55706690aa2c02bd80b1ccb7b8f23720283df89b515e2020bc5364cc4aea5fdc250f10d46db93c128e2de7477f4c80ec016f7a872efdef50ae1730b3a1deb8085d82f4fd53015a518803cd02646c087d67b0fd7092852dd81ac93ca60346f23fd847cf7c4883cab81af956342da21fb399b69e1988d89f9693b0630fa8cc95714285940d20eda153f8f7b01e6b2b892327b5d1e754a36a3430c5c22c3b841357eb80e526d7792a8ab9c4b1d23d82e31f23ef38580c2b33ca72424fbfbbf237f315cf2e5d134783982cad204be087ef58da96c6bc5da2dc4bc78f293eed56157a10848c0a956de15b83daacede9ae1c54731149f9ce7231cd84e14f128f87361e1fc0cdb2940766f39c93b9ddc74bba0a32548cddb1ae20981576de2ef8a772b04ed90900b2da11ffc70bbdb7091b8b8ed600dc0c9d236277afd9bb97b035f3b8fc95ef3f30c056b67a195c5c9f44c0f2ca4debba0d6d8779903e8e34fdd6b766fbba6b57e722ad9a852dbbeca8eb9acb9929bdcb4d4fa57d54ef1c1a0fdc032a898d3334f5671c7df82361b7d616c1f87e23f7adf043edda83458051f073f2562904ed25ad9a7129f3c14286007c9e4c81ea56c6a7289d8e58782d949a19a2642dc89d107fb465d0a98128250e66eedd93cf063963b7f7a0e1d3b9f1dd212cc9edd662af45852dbbaec84c69a640be115a239b5abd46d990fa007988f6be78a8c1e426091ecb33822529f7fddfb34d9304466ea06bb546a34735021e98674ae4a5f5c0b4f153ad5434b81c6343c42ae79224fe5abfe8b9e6fba38164c3c318500c130323b2f9bbcdf6aceb664e10483e2084defa744cd745e565ac5a8b5c30166330dd95e70f2a072a5cf5462635f7e0a4f455bcb607426aede9fa06d708c7c0daaafe2b84896134ab3b379c6690c9049903156232e5b7ca9529d602968f1e1f7a73214aaf4a9575dd5147e5bef8f05907267580abdb728cf32f6845cdf3bc779451669e4972e0b787afac5a36bacc3c1bcce125e91e4bf9810d91d1f1a3d8316328dd2626040af09892f1241c6645537ebfbeb752afba5e8171f487edba97aa92404973d4e8d09254abd2b70bdadd9b98fa3c33355295a5c474e9b2f017a6636233a382e8ef4e73506880e2a588bf257b6bb11e57cd9e75e45ef609ba583f3a6b1f2f94c7a0443dc0a8906a13e0188b61550cd296e4c63faf45bf7aed852f68ffed377302da3f73d89e4274a64667636bf00e8e4408a8407e098aeeed98e545b9aef40896c8070a76aaa0042162979ec0b7b69b4ee701100d66d3e7d25a48c59989424522889b32e4f18676475782e86d652d2eb836c326b46b8544bb755eeb14727e5ca25875f7b9ae1c113068be55a1521cb4edefef34a7a4cabc3639e456c94f01d78c059c441ce2c468e7b39b56555ad5cd6a14df8e3518e4e1970fbd6f586ce46c51c4d9ad20c3f7f5048c071994e807f19b7176290a82406dd0ad3f0b64350bbce79b223f27ed99f819def43a33696c0739e09030460a5a5d04d251adfbde1af7a485894d3d30c79d49796a9a5e077aeddba1303f3e3a3187298c88da70885e2a9dc966eb69a6439e2d3b1934ae6e8ea328497d87a9dbbddbdbf12b0c582ca4ffe1f25cdcf89a6ccdb31880776ab808b4f050ae02adf70f64c73ab2a3b1c4da69950ab4f7bcf9cc22f81b99694a7783b792facd8197904c12d3776de5184afa143ee23eee82aab2ac79b25503e0692f3463e5c363e0b4b5f31af82898009f7da13d4f249a70de40314c003e7e59dfb233bc44d0316df3e45af806d216ca76a58417ff8abcdf7cfea2da8868c496cdec8f47c451ccdc8908c5e8c1039b6bfa8751637c29fdd9b7dc76279dea5ad7455af4db3394a34cb9be8b9bf1105862108f920c44d029c3372e77c44a25d06cba956da65ee40abe32b8b557e123fddaa87b4ed5ab3485eb11f13c61072720d4adbb937c336f2b60525933b6d49e7c6751f0769377bdcef02abe63639b17a6780a4afccc8067403aeea42726f253ec97994dcf55358e6faa3e622344dfc613f8be96714d5c49633d7b74b9a72883985782ea8691d26da620d905f3583adbd9d527d93f1ce623bcf70d98a0455ff80fb1d472c6fc6bf0390e81b8d755b196e94fb73bcc883f5f310043c5138c95c5d7079c24d5bc5876b422f46a2bb17aee407bf7a55dbbdb253e2865c1b91839737c37142a8fe8bdbc0a7bf89a392da717a5ed87af754052b1d0a1a37313b00cf3b4aad91ce7fa7777b1851121a63e374865b238ddf9a7ebd20641a719c68682b97e3c5126e732800c04cdb627bd415efbb7e5e19917bf4bd53f072b7ec2eaa0128b56e069a32e9f729718fa4a7212ab0fd1e5d3582a5723a704d84a88c235b44812849301ee8155cea471028beea1918cb1f4118728718674cca9dcc58bafcdb9379c57e9333ab348b30a801aa2f5c05c3107e52613cf0f591781ddb5e1e4844633057a26bb3179c31b5664db4bb8c6d762c7b9886317ab6e9e301de67f12085547ad2a20d1d63d361c2bcd66be2e25fe104f8b53b7cf89d90d456f063da31f60078b760ce340f9c9a8e8da113b6c6e3c53e666488d75ab209dbe31ecb531553f17446a29edc465ed22aee2d4c013ee8a4d935c0cd92bcba9e5a56a6c19ac114d12db58bcf5f931a7b282404af34fee464f4c28e16dab834de98dd57b107e45fa66b26c32fd94e848aef6e4a2a65fd4fbead1b1d445d6c343bf50d785e664220371e27566646e284c6a3b07c14c0c5b84b5cd1a01a84d655f8dd72ab8e3d0c48e67596f605cd4a50b5fde9b182792d7ee8ee457eb6666aadea80563b4d176933cc482f75cb98a8dde4a414041187cfb2abe3e5077f23c98bafd0afb8b023e0cb26efc1488dd98a51a19dc93412b5fd91c4e06439b6d2d20a174989f860de6b1be55923a11e5893d30fae74a625f777ef9362e64b529c964b5c0b5817a579a647ded28582c45f965e52e1f76084267c73f8fce8037b22c2496ee6674f56056d9c691eab831c831a27fccd90f961e949a51c90a80b677d11e70d01744f9632cc26b7e6476b8c92a688ec8e1280ea8b795eae7ee61e2735045b9ea516af752b35388a6c3ed98cfbc4e74c8d0717dc31eac87b6a9c06f0d4f412e8e1155ce48cec6d9c106f3013329596a2d43ffe7f942cb7b7449f38620a8a9e5138b5d5d03c8a563446e4dfb1905d841f7a350d6c67d85652297db21b3dd3291b795c90276ccc50eaf513f3ff9480b3d2c0096e92c93cbbea680833cfa630d72c4f5a21ef0f81910b8a5ef77d62175d3abf5b3417cce43e3c53bb84ee1f5e354b2d79c2b46e3bdb2ffb15420e7a28c800c2591cd331d71c645a6b1bc43f06703164c05f61b4abc0fecbaee510def6340c2bbcc32248655e9161c3e6f01520bb0c53be04c3a3ef4a2dc401663f6719ac758aa297f65d1681652e4ad042d754b054df9cede3ffef7ad2f52184ea6d93d6867cc262b0a413da11c02d0c7c49a663319333d8b29d56cbf630e66b6683ff7f3b1ce5c481d37151626eae761adb77642f802bf0f663f3c322ee17cf01a09f058dbf82d04bdd7c48f34f54392d1dd489891ce28373ae980f74897fe3f90db2a9ccdbe56160fd2517adbc953e88c5fa8981456b87ab9f122321816e0df119f6f6c505f0dcab1c8e6a7f4109055dd80001dd90ea984b80f0b0766bd9772d96ed42d95f219b4a8420d7cf04f28475d7f5d8a8a07b0930c40d0dfc2592f8f54e90a80e0a98d3055f4660b1530565c7f2d91d7d96142da19d644aa7c512e24f83e8305970f9d3fc3b9382ad141f63f2d5b265b7cda258119ca4f553fab11f2fd925a7a24c4021045073d867bb089ca7bcb702bcedbc28781e408cf8bd43498f8661a320d28c95c1fc42635c9e4c4de8787afc70bf5c8bf75e0a2937a9ca2b08c15453f24211168c7fb2a24218fc3f04160c2daaa46ef7fb710606a53228e134f20511169034cec55e77037a108060b8fd10ab9ae228d9ee4d5ab1380cfcb8611e6c9d5dc143db2bc856d967b0b9d0187ba8483f7adbd1092562b2b16420baa5ab6c1f7c02ae56f013e752d9f41df4b4f0b008bc25ff58f816e50bdce308e219068bc898a21f1dd26d7fe7760459629f3615bcf7582c87d296f041fb005a72c7ef4013ccd8ca3bea85db90ae6349f101adb9235dd343be423816b37db2661dde2b9db33800da7599e8a9194fcf06755e2659670c62aba1d5a01172a416a0296bade0b32e69b0ee60dd6cd1eecca4335eb0416df6ded75049a14660276df47bb4f224e087235742e90ddf6f57827a0cf26d71b9338f2ff5166bea85a7639de6ac97ec829a7d071fac1f4b27c6c23e952adb5536b45a68e75c1c1a6d44508be6f4b87c5bb880a6baad5faecd1fd6730783d8729c2d89b23a3f2f9b79b78f7fcb70a7812607b25b17ae857e65f205ad5dd87a34e52c6e9611f588236bdc59d816f277aa8cd4a19750461d3e82c8621181b803900d1df439babcf4909168d4125a7c962ceac2f834d79460f17f92f415a85ad7e12da4b76105bceb4641fc87da7797fee092828f6e9e42631fd5c87046ebe5c4044663a31a1b39a6f6a53ee2b7fbc3eede57619535b1011c10d2d5a97c781c44bb6e493287528bc5281496f1aee3c746e09aeef0b2d38bdd33e37446c1f7516767ecbe298b78ef8e03336a08a1a9e62805140573b034459a445240aff04593539aa97056957f3dec9c43e50a1bce1b9c8e860940e03ae39e8f76fb80ae746f7fa4ed0b050c9e08a788e666e9f18bc8e83c64ee3ea04eb9f1c1dd92b3be73d18cc53bca76ba4688b48c13982ae6d25fdd9b5b85612d5b706c9b9d7c6cca91141313356f0d7b859da0de669fb52a829014a0fdde51df658303ce085222a42ad624ee6c659ec94e0d0713b2d3c3becb53c6f76d30530e6129943e20361a7c9f7847f79cb871d866b5277eecc8c1626fe2719c9cf872c0fc78a98e6ca998555721e9abd5bf9e2d1848016e0bd3202c44575c688837136e71e85765d677e0f2b081707a4e7e22bef50b9280a1a5ea549022ef2a9fed989f156198975302608dffd03f8f1186a12585d4670ce868f0c96be37416b9132144f65c9abe8b00894d7a7e6d0a8554e09139ec2a0eb6d4f00c637684602c106257f5abe816e068e0f6f3e94a916ff41e23b6baa4876931209a6b0bce1f6fa8d1965665d3dc42e5c6b011bdb5144fa5fe4879779ac9dffe0843cf49806ecbb615b818e54c6dfe4d12ccae5b12b0ce87909c1e852e8d7587d1ee24c2575af61eb0b667c37b6d15b88121974598ac23cbc66503f95cf01a7a1e217f0712c4cc4e5fc22e83e3aa375eda531a73828eba91223d7de1194af730bbf2c1ed5ec47ecdf465b1794971010ff8c8771c488a1d3f98292b5d2ea9625e52589aaf7212fcdddcc0f1681b785911fcc64a6427358e4307a3d8bc583dd635ba5c41eeae96e0b6bc5236a1f539d291e568d5a0aee25ffbaa73d0cb84bf558cbf6d04b16ef7e97617b42d07100d82fda6f75dcade611e459bdb4773bf2b70e90a8add2bfe6ea6d3a4427940fef6c81931762dbea6678fc63e50c4430227b15cf184dbae4c3b2d8096292c17f701c560ac7cb33efe7d79d0c2a3c0c06e22d4e84e9e959697879f0d27df460046fc20394655cfa19793256cd9074f1c5f8ef530af537164e0e43184f921d56094fa7c7744af35821a5833c9b9d56fcf525a39fc795cf33f14705d0c7087c081bf11ad29e4d6c8f6cbbb3a0d873262b89cfc54d4cec42c3e13a5ba604df942bf8b4eef7cdae1c0e2970edb7ea6437618e6f8312a745ca8bbf0c42df103f42c824ab4e77e8b118e2b9a84568ed3d4aa3800011d02be29c032192719635a1c6c28315b27368f6ffe852bbd661c351cbfbf97b1b36d52371a4ce57e5eb6e4b13cd01b022de1770a5b1cab0fe548092a16e04de76fb8d29d69a1c55f8aa11b34bd6f018d283a9a7c0338b8c1900e21c0054616ade6b56d0fe3379f1a8dec38b85fa8e74e9bb5df4287d037f77bad30de89ea87b03d40c3a1618db1073c07032f6d22f8a264cbf0c1113689308a2fcd7299603a64f884cb03f8c5f0e61e4981d2baac3d50975cb917b815efe2f7eda88f1cef1f34997f0819a92051c1d9eac3ef05de25a2b4d5f65619b4ea377180c541f2afbfa5c8fdae59f8e3a7635d2b30c4c759c32e570b8d9ec03b4aab65503e81e545dd41f593615cfedcf009424ae4854de3a9111115cb254608bc2666b18c85698ac193a9799f1a1f6098288b42dd2684db37e0d3b023ac9b417263b1566acd6d951df147e83db8e909b39bb6a1aa3fcc1c1a20795521b84e0884254b2524ebf0321e5709e7a79f2d62309247b7b24ec71553a9ab9daccacac1a8bd6019b7703c0ed468379640ac6e764ededb2fefaa2f88e15fc97ec6f16007f540cd7a57c7726f4aa9ff6640cc7f5d71a6c12048f98a9071ffd594f17e42e7336ab6d0fd429328df1238e5eb4ebe4f9d8ef01fbcfe8f53eb3f6defd4c7cb40b3772ea2f2130b655d2ad3643977cafa991bbc6aa2aaa2879a3c2d1dace3ec034beb3d06f0a09429b3fd1ac06870dde4ab97b7d5d7ff1394577a6bea7a3a53ca883a16c98d574ddad00de5dfe9f75369be7686a4badf44f4d9b110846b6ffca67f63973186433f6bc3691b580cdc689c159064c55a974fb849f56fd2f9cbe4738e0a1a8a764467dc1d3723278ee1ea573fad98a5318104218d359d89579614592fa6ae7cc4720e6ed71706fdc4c707b03ff77454daf4505700f249aea0abc909763416d44a069a6d605118ac0c20a325577fe1d8af053673fc72e489d24405281f01b4e2e05e4fa14e68a53294e4b5d201c146ff994cfb7a776ad80828732ee647092c20fe46d917142880318136557c47ff7e31d26f35f407c1e6d4254aae442b233b89dd4c0adcfc92b0f821a5a9dce95a24bed9bb5cd17a5b59d3e82086cdd7a3755064e4de22d8f0f973f4235aa58c6214dab89325638d94d3dc25f3ac4d912ff74be6ad8ef49aa2becede5453a409cc8ed8065dacf28a1a7498f6dd07a3478af093574fdd2d0a4f98d12fe898e47cd0550f1fc42810ed2e4cfe5cc4faa67d965f252aab1bd5c536bf2c936706bc71aae98b93494d364faac72a9a60188a23f15ddf1238896e4848da876789b57ca53cd5b1041612a49de9a64a545a39375aa2a516c4af4744daf65a9c28ffb635ba56b96731b763934afa0651fd6fb65e9f71eb0e6fd54bcfd2bf0118b486e97db512290bdb1dcfca76ed974722e13e5acd0569d5f944de70adf728379094981ffaec43848367ec8cdcc227b266649ced47a03b22016ce42be3a33135229670244cc7b3325ee448c95236d0de4bbf641e1cbb0516edb3f8829e60f91d43f0fe45595d8a99e699252930c7b05ba2ba679f8f46c38f789a7750ffa4eaed19c4c1a33aff60c8926ae42497662a130b83b3211e9399e2565d9f082ec30e26e5b02ea91cf43b0a046f9fe596e5bb2a9c800d761008dc7fced2a510af6b02d3f702fc3e1a98c6a87661f0d353b81bc4435c0d4376cfc74c057bf23febb101252c4eb168d4e347e697c8d0c48a687fb2224d58e5dc68c38de930164aba51e7cb19051fe64603c6b602c02c5cc22c6da1c47d906fa1cbf67312658b201b8f89a377d61695daaeee18eb2fb8caf38280fa8b95cca721afdf33d2c3092af57204bca72c46aeae9e9fc46f0ce76b96bbbb59a8517cb72d68f8b189280b6ce1e2686204913bac1d9aecd77623b7f05475352e57f245197894d767e5f17611bbf1bfe2015c9750e9b3f5ad4ad57be1ac4988c30d90829946b05fc5bd709dbd2590da2e3666294f83336e52758bc12c9d02af342a91fdcfc9144021a783643a9845a4898ee03417329ee0e2dd7bd53f3b23f3f9a10ea643b91b3c2df8438efb22fc894bbcdc408a13dbded7002d9cef6e38bf6dfa16f52f0f24087281a3ae95fb4995131938f9ca80c5f466c7367665e5717c823b318f43e7a3e2e8fe9c2e74959ca3d53b79fa45ac778d0a99351a1919b1c9ddfda10d61487fc5a2b8227493b14e2ea9fa41db870deb1700eb46665424fbc3f21c5d7ad61089ad0f99aadcca2a97d46fd091cf21d95674c3cf48f2724a89299b5342ebf8b18770e61c449455f77cacc5b2e0123005cc296acfc28e42e3d3b426469e39def114d6071a3f015f94dd8eab597dc4cf6109f2aeba0639ffe3f66f15ddaa74460a884a5c067e1e6f8d961ff32518e7571d53ae36badcaca50258a15743e67fb35e062e697d44ccd4e416010dbe62a1d13319d3ce88dc7826514d0f84cf7ffd5f1dbdbe3534af35bba26c5f951e18b012234a3e1cd22199358ba66421a326af09d36d45c3497c4725c0e8557395376fa9dcbe4c595aef7f822cb160e72138cd610563c382769b64f5da2ae6f62cbf09d24490565d7b88f6fefc30f050e74327b7efc168f040f18110a61cc6ecf73c43c0e9e73fafcfc6079ee68839a8ed710160fdcfd987394a790e01c42c916169e8c6a7af905c15d51f87e88877386b8f8743efe4fffc2dc8fd73b4e8905b428d4cd87d90e93513f19a981b5037370cd634f23859cb7bd6b5632bd25c6873b7195691e0f76fb07fce6e72d4b2b467e57a325febf4bb842820fe6896b23aa2a3eb37697753a3693ee936692e6cd91eae410bf89192df913f2689adc73b7b35eaf8bf80928c0023b105cbd2be51a08a371be88926636bd590466c218b203fe311d73dd1a8b440133f1ebb8249b4e1f6723b7b18b508dc34acd9da927ea60d2dc361c2d14cd43ad3b0137ac32e8988d11d11de19065d02e8012a2ee24891541989d11da87de4383036b757769222af022e86803b64ccd03e4bfe3a9d3b8a5d6522d7b6ade88aca72bc436382cfcba22a426ecb21366d42588e9a68c0d61722617a4706852ef6e5eb42842d127f88dabcb8cd635d621a9082efe0cbb52fffb017c8cbf80e48ad1d8ac4c927bda50be7bbb6a302081951dd7c05142465ef8188774807ba482c155f7b56b663d24c4ad88140ddba388e4d6abda83048db46ad18328c63006d02844189a769167d94265148e06f3eca08dcd81691df655968de44c5931e62f5dcc4aa16b24ceb6e7a2c8783d9918a9be7c72dcd57fbf39f985ac29069241cbe3298d7651124f03bef8e2adcadb0c0e08efb096f72e5df2d3f8e2ea6f9cd2401533469e5099a6faa98acc2f73028eae115b3a771bc7ddd186ee7a634398e206ce9b1262b1dbb80575eac718eade048bc01ac1d410e21393dada6c1ced94c411fc19ccacdd175996501d66819b491fef65697f736ecc3a4c32f3675d1f90c8e4d44a1ba6048e77fa24d6998ad88da3cf5de223446d53dd72981c19d5915af69b9a7b9bdf35114ac1cee66b9f3f6df4b9a2d2c017d44443a28badca61b1e8db627d967827ebf32c8642b7de41508c15538b6cdf0284f1a94e8d9fcaa086236f11fb1689d57d500423a0c1d362a4fd57e5efa8858c237a0b58210b4df2b6f10fb01ff8b305cb69e65120c716970e1752cae51022a068b9ac2b7775ac415c56d31536c9f1eca654ec89d7ed00855b2d2564a74bf1a0a3b75cbeadad89fd4ce7e0a83a565c6d69077f026dd40ee186fb496d575c5f5d2f4f84e0efd6bca34f070b185903c7fcd6478f467b73687dee0b765477cc474cbe7f067d1f655efe1fac24a6cda9ed82dee343a36f5ce3894587937f31a14dff66e8384bb3c9adebb753f782570a894e09a38c096f523fbdfb7e0c09026fa023c8dc9e5822410d8343afd647a91130744017166a9b195996ee871eb284279fa725f7af7f853eb85bce100cfade5d458c4e166c839e4c1a86", 0x2000, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x78, 0x0, 0x0, {0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, r6}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f0000005840))
r8 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180), 0x20802, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r8, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{&(0x7f0000000480)="5fc8431a00b86ac25dd94f264d6e4519e666c31e8e6b5db3f7799263844cd6eb42408793ff07418d3b2a18c850f10743fd862ebab6c4b9941c2e493c2130fd6e61ddcdda8b463be36b71129ac6a922c76508e7a011b72b2e30635b3992a2cf9b59aae7a831a37b5e08d11b98d6144f4aa5466eac7003c03cf42c5665a5d7b452d5b0e6ffdb3b488ac849b8376277b25e4a6307174d04b213a657750ebd8ab3b19209fd4c170e10d2c7", 0xa9, 0x1}]}, 0x1, 0x2}, 0x1)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000080)={0x1401, r2}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000080)={0x1401, r2}, 0x0)
writev(r8, &(0x7f0000000040)=[{&(0x7f0000000000)="cfe9ef6d6ee1d433ba73a5ddf753c74ac91bc34a934afacb0751028db60a", 0x1e}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0xd, 0x1f, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffb}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2bbb}}, @alu={0x4, 0x1, 0x3, 0x5, 0x9, 0xffffffffffffffe0, 0xfffffffffffffff0}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x4}, @exit, @map_val={0x18, 0x1, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m44.224389578s ago: executing program 2 (id=1423):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f1400c0ffffff00b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

1m43.524901163s ago: executing program 2 (id=1426):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@getchain={0x4c, 0x66, 0x100, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x3, 0xfff3}, {0x7, 0xffe1}, {0xc, 0x4}}, [{0x8, 0xb, 0x3}, {0x8, 0xb, 0x200}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x80000000, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81f], [0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x5, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf25, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x1, 0x0, 0xe6c8, 0x0, 0x0, 0x3, 0x800, 0xa, 0x0, 0x9, 0x7, 0x0, 0x0, 0x0, 0xffffffff, 0xa000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x800000, 0x0, 0xfffffffd]}, 0x45c) (async)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) (async)
readv(r0, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
ioctl$UI_DEV_DESTROY(r0, 0x5502) (async)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x20840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) (async)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0xfffffffffffffffe) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f00002cd000/0x2000)=nil, 0x2000, 0x0, 0x110, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0) (async)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) (async)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_misc(r5, &(0x7f0000000080), 0xfffffe13) (async)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000100)="cb56b6cc04f01f56bb6e284f5fab5c66", 0x10)

1m43.449831723s ago: executing program 33 (id=1426):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@getchain={0x4c, 0x66, 0x100, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x3, 0xfff3}, {0x7, 0xffe1}, {0xc, 0x4}}, [{0x8, 0xb, 0x3}, {0x8, 0xb, 0x200}, {0x8, 0xb, 0x81}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x80000000, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5], [0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81f], [0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x5, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf25, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x1, 0x0, 0xe6c8, 0x0, 0x0, 0x3, 0x800, 0xa, 0x0, 0x9, 0x7, 0x0, 0x0, 0x0, 0xffffffff, 0xa000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x800000, 0x0, 0xfffffffd]}, 0x45c) (async)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) (async)
readv(r0, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
ioctl$UI_DEV_DESTROY(r0, 0x5502) (async)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x20840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) (async)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0xfffffffffffffffe) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f00002cd000/0x2000)=nil, 0x2000, 0x0, 0x110, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0) (async)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) (async)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_misc(r5, &(0x7f0000000080), 0xfffffe13) (async)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000100)="cb56b6cc04f01f56bb6e284f5fab5c66", 0x10)

4.688211072s ago: executing program 3 (id=1993):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000540)={@val={0x6}, @void, @eth={@link_local, @random="d26b98d19dd8", @val, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x1, 0x2, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @dev, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "20e856", 0x0, "fb148f"}}}}}}}, 0x3e) (fail_nth: 5)

4.483185734s ago: executing program 3 (id=1994):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x76, 0x8, 0x5})
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x100300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_VLAN(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x24, r3, 0x1, 0x70bd25, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0)
syz_usbip_server_init(0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x20020680)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40440, 0x0)
mkdir(&(0x7f0000000480)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r6 = inotify_init1(0x0)
inotify_add_watch(r6, 0x0, 0x8)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@generic={&(0x7f0000000380)='./file0\x00', r5}, 0x14)
openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)

3.680810882s ago: executing program 1 (id=1999):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000540)={@val={0x6, 0x2c00}, @void, @eth={@link_local, @random="d26b98d19dd8", @val, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x1, 0x2, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @dev, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "20e856", 0x0, "fb148f"}}}}}}}, 0x3e)

3.616300606s ago: executing program 1 (id=2000):
io_setup(0x8, &(0x7f0000000600)=<r0=>0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c00000011000500000000000000000005000000", @ANYRES32=r5, @ANYBLOB="00000000000000000c001a800800058004000680"], 0x2c}}, 0x0)
r6 = eventfd(0x46e6)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
dup3(r8, r7, 0x0)
setsockopt$sock_int(r7, 0x1, 0x12, &(0x7f0000000080)=0x401, 0x4)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r9=>0xffffffffffffffff}, './file0\x00'})
r10 = socket$nl_rdma(0x10, 0x3, 0x14)
r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r12 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000500)='syz0\x00', 0x200002, 0x0)
r13 = eventfd(0x1)
r14 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000640)='io.pressure\x00', 0x2, 0x0)
r15 = openat$vcs(0xffffff9c, &(0x7f0000000100), 0x4800, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f0000000140)=0x80000004, 0x4)
r16 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r17 = dup(r16)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r17, 0x0)
r18 = eventfd2(0x9, 0x800)
io_submit(r0, 0x9, &(0x7f0000000800)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x2, r1, &(0x7f0000000000)="10bf45cbdf2a69c8a4d0bda41f1d9490dfb27949465ab2b0e0f74e773232b598427341cc8b27c89dca3ca33cc50e78c7f7cb8f532c5808453c4b7ae9d26206441f5c164ceb060f728816b21624354c48ffa79d2b9618741cacfc6f8b7e31e4a32b580f654fda", 0x66, 0xfffffffffffffffb, 0x0, 0x4, r2}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x67, 0xffffffffffffffff, &(0x7f0000000100)="de0d00", 0x3, 0x37d, 0x0, 0x3}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x8, r3, &(0x7f0000000200)="b17c4cd1107915754a0c143b16ff49cfe94497a5f6388fbdcc7840d400254983de597a1f8ed80dad412adbaffb4cde34c54471141dcf223f2adecaceaf73c57b3e925205c112e7c525a5c7f470629ba46f1902866cafcaf209d5416482094395287c986101", 0x65, 0x5, 0x0, 0x2, r6}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2, 0x0, r7, &(0x7f00000002c0)="ede50df95372c2ab36978fd0378674c6f35a4bed059ebc03f316e0b51a25e037d0f4291b8a7a4fa7977c241c792846690af204c0bd8f4dd63ca8ccf755219e6ca8e1d1e8c3683684d580086b12b44b8403b6ce72766dbc197110217c10ffdc9ed2b081308f1c9b9df23162c7a9d50295bd06cf639c8e8fc52c628763059ca73c2fb463d7a6b76407e8f9d864e9ad360dd3", 0x91, 0x4, 0x0, 0x1, r9}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x2, 0xe8, r10, &(0x7f0000000400)="e32f2a8a7f16e1edde2b7717fc56e836a9fa6fef3c6e569d0d43f739d9595fba9512a6fd2ddf3698eee3f7d70d0b47bcc31098ce7f9ce7a0d14af2117ea94a18b7a5af82a10dc3eb8fe9b72b4a702053f9cb5ce199d3e67481c052089a50cb0b70643826165a06ddad404d1c965ea7490d74cc75b9cf5e2085685aef132b6bd68bf00e0d3c0faec7a2dc8a99b6274c66047c7160c485bb0a910947ad16aae04a6c4b81f21956f6af41fdcdfad3", 0xad, 0x8, 0x0, 0x2, r11}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x4, r12, &(0x7f0000000540)="8d1ecd9ba818f8d21f701275a8c4606f37b09aa851b54e60e15f28ada053efc6a67968e4ccf29ddb2ddb50583330139f8c705f126e394fc6b9e35835d7e6862b0ccef264dc2844f9ccddd8ed3a6fe2a51f019c5ae97234c28e54b3", 0x5b, 0x80000000, 0x0, 0x2, r13}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x8, 0x5, r14, &(0x7f0000000680)="e2d1f348f0d1485097bd11a8c423ce4ddb8725eb0422e1bf4d", 0x19, 0x8c, 0x0, 0x2, r15}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x7, 0x3, 0xffffffffffffffff, &(0x7f0000000700)="4d61101b21d0a2da03ae7e0d23dd79b908c4394dce4381a3482987843100a299ebfa4b4a12be350f232d3963e4266feacee3ae0d7a997daa5a1723ae8ac7c402", 0x40, 0x0, 0x0, 0x2}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x5, 0x800, r17, &(0x7f0000000780)="06fd", 0x2, 0x100000001, 0x0, 0x3, r18}])
r19 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r19, &(0x7f00000000c0)="01", 0x24}])

3.615938912s ago: executing program 5 (id=2001):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, r0, 0xfffff000)
r1 = userfaultfd(0x80001)
ioctl$sock_bt_hci(r0, 0x400448c9, &(0x7f0000000040)="a4e4")
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000140)=""/201, 0xc9}], 0x6)
close(r1)
mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil)

3.525513088s ago: executing program 5 (id=2002):
r0 = io_uring_setup(0x2e34, &(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r1, {0x4}}, './file0\x00'})
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x29, 0x8, 0x200, 0x1, 0x1, 0x23, 0x7, 0x0, 0x0, 0x1, 0x1}}, 0x50)
recvmmsg(r2, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x400}], 0x1, 0x40000002, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.187376232s ago: executing program 3 (id=2003):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
mount$overlay(0x0, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f0000000080))
dup2(0xffffffffffffffff, 0xffffffffffffffff)
setxattr$security_ima(0x0, 0x0, 0x0, 0x2, 0x0)
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, 0x0)

3.116972707s ago: executing program 1 (id=2004):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
connect$bt_l2cap(r0, 0x0, 0x0)

3.116675339s ago: executing program 1 (id=2005):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x8000)
splice(r0, 0x0, r3, 0x0, 0x7, 0x0)
close(r2)
ioctl$int_in(r3, 0x541b, 0x0)
writev(r1, &(0x7f0000000280)=[{&(0x7f0000000180)='Y', 0x1}], 0x1)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
write(r6, &(0x7f0000000300)='(,}', 0x3)
write$uinput_user_dev(r6, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x1, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x8f, 0x6, 0x6, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x9, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0xffffffff, 0x8000, 0x1300, 0x7fffffff, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x25e, 0xfffffffc, 0x3, 0x3, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea0, 0xa, 0x4, 0x4, 0x8000, 0x9, 0x400, 0x1, 0x6, 0x1, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7d, 0x9, 0x5, 0x3, 0x4, 0x1, 0x7, 0x6, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0x2, 0x5, 0x2, 0x2, 0x101, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x2, 0x400000, 0xfffffffc, 0x0, 0x2, 0x5, 0x0, 0x6, 0x0, 0x120000, 0x1, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x0, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000340)=[0x45c, 0x45f], 0x0, 0x0, 0x2, 0x1}}, 0x40)
creat(&(0x7f0000000280)='./file0\x00', 0xc2)

3.056756762s ago: executing program 4 (id=2006):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x19, 0x20000000, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10)
syz_emit_ethernet(0xfdef, 0x0, 0x0)
r3 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r4, &(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, &(0x7f0000000140)='grpquota')
syz_extract_tcp_res(&(0x7f0000000200)={<r5=>0x41424344}, 0x101, 0xe7)
syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, r5, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0)
lseek(r3, 0x400, 0x0)

2.767777014s ago: executing program 4 (id=2007):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000040)='tracefs\x00', 0x3, 0x0)
r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000600)='\xeasa\x9a\x8b\x9c\xc7\x1b.\x85\x92\xb2\xbc2=Y\xd3\x17Y\xac-\x14\x1a\xc3\xcd\x1c\xee\xdc\xc1\xb8\x15\x99\xb4\x9aAUrl\x82\x8c8=_\tA\xf6d\xf7w\xc4 \x89\xbf\xa6\xc7|`\x18^\xac\x01N\xf7\x02M\xacM\x93\x80\xc9\x9eO\xc6)\xd70\x9d\xd0\x89\xd7\xbb <\x8a\x1e\t\xf8\xab\x9f\x98rwf\x88\xdc\xa5\xcc\xc7\xce\xe5\x10:sc\xe2Xc|t\x91d,>\xb6\xc9\vn7\x99p\x1f\xbe\xc5&@\xbc\xc2\x17\xa4d\xd5\a\xc0\x1f\xf9\x18\x9c\x14\x9e,\xfd\xff\xff\xff\xff\xff\xff\xff\xdbH\xa7k\xd6\x19p\xf5Z\xc8nx\\1\xcb\xd3@\x8e\xb8x\xb52\xceC\xec\x1f\x98', 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000080)="932870e9927cf2edb67a03a4cdf1e5f0c993ed2b86a8e282b838920aba9f8afe92c93ba9b0372ab97b4282cbde7ef70c5594e711b201a686b92e1bbd69a7372d5b56b803d9368e6307c8b1721e103cacc68a3b708d58ca971f62f9d455fb424bcf14767424fceaebe638bb90f85b4314a7e37097aa4fd6f02998fd9f002e4e650bff16fa66cbf2266ea5653fe174d475bb0745be4ab6d12b4d8bebbe2c3ca1dbece8226b5eececd382cddc23231e2ba7a4bc812f6f2a9237250d86d5a8da997e1ac45496f54d8ae8b8f0ad8a0445098c31d8da408a9b2441228b", 0xda}, {0x0}, {&(0x7f0000000500)="71826a18b67bb4244d676047f1262972fdff78f93083fcbc91feda1ea53bca38f629317e09819ce023436847a023421071a89c6c6b2915e0de671dd79d0c6201702e5d9353343fd35f252a801131d48a6514d8954eccc46e7c13ad224c4402b8dba3b28efb026ee71654d2a3a3342947ca3fefc68611cd2cb44267943e7eb42cdadc2e7424ea3d2afef419c797c455cc520b6724035378f5253d000000000000000000000000000000724fa4e7f7e53342a2289a41f8337db11721a3909a9a031fa08a6819c793f5deacc5", 0xcb}, {&(0x7f0000000300)="6babaf1a1febc3ff6e1e383344ee8f9897d6e2fc2384256d011c69cf6e91c47eff75c30cd84e31b7d69b8e81184994c15a0400699a14ff049f701e3e27fba4e8f83b8621c66dce236a183518f078cbc4ff35eb57b4f07cd2", 0x58}], 0x4)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = open(0x0, 0x4c00, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x101)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff16)
mkdirat(r3, &(0x7f0000000040)='./bus\x00', 0x103)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
chdir(&(0x7f0000000180)='./bus\x00')
r4 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r5 = open(&(0x7f00000003c0)='./bus\x00', 0x101002, 0x181)
write$binfmt_elf64(r4, &(0x7f00000002c0)=ANY=[], 0x76)
dup3(r5, r4, 0x0) (fail_nth: 1)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)

2.696634874s ago: executing program 1 (id=2008):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000040)='tracefs\x00', 0x3, 0x0)
r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000600)='\xeasa\x9a\x8b\x9c\xc7\x1b.\x85\x92\xb2\xbc2=Y\xd3\x17Y\xac-\x14\x1a\xc3\xcd\x1c\xee\xdc\xc1\xb8\x15\x99\xb4\x9aAUrl\x82\x8c8=_\tA\xf6d\xf7w\xc4 \x89\xbf\xa6\xc7|`\x18^\xac\x01N\xf7\x02M\xacM\x93\x80\xc9\x9eO\xc6)\xd70\x9d\xd0\x89\xd7\xbb <\x8a\x1e\t\xf8\xab\x9f\x98rwf\x88\xdc\xa5\xcc\xc7\xce\xe5\x10:sc\xe2Xc|t\x91d,>\xb6\xc9\vn7\x99p\x1f\xbe\xc5&@\xbc\xc2\x17\xa4d\xd5\a\xc0\x1f\xf9\x18\x9c\x14\x9e,\xfd\xff\xff\xff\xff\xff\xff\xff\xdbH\xa7k\xd6\x19p\xf5Z\xc8nx\\1\xcb\xd3@\x8e\xb8x\xb52\xceC\xec\x1f\x98', 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
writev(r1, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = open(0x0, 0x4c00, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x101)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff16)
mkdirat(r3, &(0x7f0000000040)='./bus\x00', 0x103)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
chdir(&(0x7f0000000180)='./bus\x00')
r4 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r5 = open(&(0x7f00000003c0)='./bus\x00', 0x101002, 0x181)
write$binfmt_elf64(r4, &(0x7f00000002c0)=ANY=[], 0x76)
dup3(r5, r4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)

2.696223141s ago: executing program 5 (id=2009):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000040)='tracefs\x00', 0x1003, 0x0)
r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000600)='\xeasa\x9a\x8b\x9c\xc7\x1b.\x85\x92\xb2\xbc2=Y\xd3\x17Y\xac-\x14\x1a\xc3\xcd\x1c\xee\xdc\xc1\xb8\x15\x99\xb4\x9aAUrl\x82\x8c8=_\tA\xf6d\xf7w\xc4 \x89\xbf\xa6\xc7|`\x18^\xac\x01N\xf7\x02M\xacM\x93\x80\xc9\x9eO\xc6)\xd70\x9d\xd0\x89\xd7\xbb <\x8a\x1e\t\xf8\xab\x9f\x98rwf\x88\xdc\xa5\xcc\xc7\xce\xe5\x10:sc\xe2Xc|t\x91d,>\xb6\xc9\vn7\x99p\x1f\xbe\xc5&@\xbc\xc2\x17\xa4d\xd5\a\xc0\x1f\xf9\x18\x9c\x14\x9e,\xfd\xff\xff\xff\xff\xff\xff\xff\xdbH\xa7k\xd6\x19p\xf5Z\xc8nx\\1\xcb\xd3@\x8e\xb8x\xb52\xceC\xec\x1f\x98', 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000080)="932870e9927cf2edb67a03a4cdf1e5f0c993ed2b86a8e282b838920aba9f8afe92c93ba9b0372ab97b4282cbde7ef70c5594e711b201a686b92e1bbd69a7372d5b56b803d9368e6307c8b1721e103cacc68a3b708d58ca971f62f9d455fb424bcf14767424fceaebe638bb90f85b4314a7e37097aa4fd6f02998fd9f002e4e650bff16fa66cbf2266ea5653fe174d475bb0745be4ab6d12b4d8bebbe2c3ca1dbece8226b5eececd382cddc23231e2ba7a4bc812f6f2a9237250d86d5a8da997e1ac45496f54d8ae8b8f0ad8a0445098c31d8da408a9b2441228b", 0xda}, {0x0}, {&(0x7f0000000500)="71826a18b67bb4244d676047f1262972fdff78f93083fcbc91feda1ea53bca38f629317e09819ce023436847a023421071a89c6c6b2915e0de671dd79d0c6201702e5d9353343fd35f252a801131d48a6514d8954eccc46e7c13ad224c4402b8dba3b28efb026ee71654d2a3a3342947ca3fefc68611cd2cb44267943e7eb42cdadc2e7424ea3d2afef419c797c455cc520b6724035378f5253d000000000000000000000000000000724fa4e7f7e53342a2289a41f8337db11721a3909a9a031fa08a6819c793f5deacc5", 0xcb}, {&(0x7f0000000300)="6babaf1a1febc3ff6e1e383344ee8f9897d6e2fc2384256d011c69cf6e91c47eff75c30cd84e31b7d69b8e81184994c15a0400699a14ff049f701e3e27fba4e8f83b8621c66dce236a183518f078cbc4ff35eb57b4f07cd2", 0x58}], 0x4)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = open(0x0, 0x4c00, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x101)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff16)
mkdirat(r3, &(0x7f0000000040)='./bus\x00', 0x103)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
chdir(&(0x7f0000000180)='./bus\x00')
r4 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r5 = open(&(0x7f0000000440)='./bus\x00', 0x101002, 0x181)
write$binfmt_elf64(r4, &(0x7f00000002c0)=ANY=[], 0x76)
dup3(r5, r4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)

1.898631688s ago: executing program 3 (id=2010):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a300000000074010000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001708000640ffffff00080003400000003808000a40000000020c000b"], 0x2f4}}, 0x0)
openat$nvme_fabrics(0xffffff9c, &(0x7f0000000140), 0x2042, 0x0) (async)
r1 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000140), 0x2042, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r2, 0x28, 0x0, 0x0, 0x0) (async)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r2, 0x28, 0x0, 0x0, 0x0)
mount(&(0x7f0000000080)=@sg0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='esdfs\x00', 0x2000493, 0x0)
symlink(&(0x7f00000000c0)='\x00', &(0x7f0000000100)='./file0\x00')
setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000180)={0x3b, @broadcast, 0x4e23, 0x4, 'fo\x00', 0x3f, 0x83, 0x59}, 0x2c)

1.898327075s ago: executing program 3 (id=2011):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x76, 0x8, 0x5})
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x100300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_VLAN(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x24, r3, 0x1, 0x70bd25, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0)
syz_usbip_server_init(0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x20020680)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40440, 0x0)
mkdir(&(0x7f0000000480)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
r6 = inotify_init1(0x0)
inotify_add_watch(r6, 0x0, 0x8)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@generic={&(0x7f0000000380)='./file0\x00', r5}, 0x14)
openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)

1.847857109s ago: executing program 4 (id=2012):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, 0x0, &(0x7f00000002c0)=<r2=>0x0, 0x0)
syz_io_uring_submit(r2, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0xc, &(0x7f0000000480)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f00000003c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}, 0x5dc}], 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x17, &(0x7f0000000200)=@sack_info={r5}, 0xc)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000440)=@secondary)
add_key$keyring(&(0x7f0000000280), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000400))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa, &(0x7f0000000580)=[0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa4, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0xbc, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10)

1.847603728s ago: executing program 5 (id=2013):
r0 = fcntl$getown(0xffffffffffffffff, 0x9)
sched_setaffinity(r0, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
epoll_create1(0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
getresuid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580))
timer_create(0x6, &(0x7f0000000200)={0x0, 0x20, 0x4}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x8}, 0x90)
ioctl$RTC_PIE_ON(r1, 0x7005)
syz_io_uring_setup(0x5e2, 0x0, 0x0, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
fstat(r3, &(0x7f0000000240))
socket$inet6(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x100000000000000}, 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0)
r5 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x6d89, 0x8}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000240)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_io_uring_submit(r6, r7, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x8aa, 0x0, 0x0, 0x0, 0x0)

1.117950351s ago: executing program 4 (id=2014):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000002c0)=ANY=[@ANYBLOB="0a000000090000000800000002000000000000000fbc3309dd18b11570f5bc66f069d1d5edbfed67b8a0b6a8b7c2d2c8ab859c7c8d97451e72a3c11d548c5e62eecebc44b50cd405af7cadc1f4fd1dadcd07dda24a2469ec", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x6, &(0x7f0000000100)=ANY=[@ANYBLOB="180200000000000000f7ca03a0587b5d7a130000", @ANYRES32=r0, @ANYBLOB="000000000000000085000000c00000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f00000001c0)={0xffff, 0x50, '\x00', 0x1, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f014, 0x11})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)="9e36d448b388dd965f7a331286dd", 0x0, 0xfffffffc, 0xe8030000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8}, 0x4c)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000500)={0x0, @pix={0xfffffff7, 0x8, 0x4e322242, 0x0, 0x401, 0x8000, 0x6, 0x2, 0x1, 0x3, 0x1, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e000088040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f00000000", 0x2e}], 0x1}, 0x7000000)
sendmsg$kcm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba800000", 0x2c}], 0x1, 0x0, 0x0, 0xc9e}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1120000004000056252128d9e8190022000100", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRESHEX=r4, @ANYRES16=r3], 0x50)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x1, 0x0, 'queue1\x00', 0x2})
write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xfffffffe, {}, {}, @result={0xfffffff9, 0x3}}], 0x1c)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, &(0x7f00000002c0)={0x80, 0x6, 0xfffffffe, 0x0, 0x0, 0x1})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r6 = openat$dir(0xffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x20)
symlinkat(&(0x7f0000000380)='./file1\x00', r6, &(0x7f0000000400)='./file1\x00')

788.90841ms ago: executing program 3 (id=2015):
eventfd(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
r2 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f0000000200)={'\x00', 0x0, 0x5, 0x3, 0x0, 0x1, "f759ca14860e00", "00008000", "00060019", "f09749b3", ["ff954991066edcf5d7cc00", "c2248c084fcfc02000000008", '\x00', "001003000000000000000010"]})
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000008000/0x11000)=nil, 0x11000, 0x100000c)
ioctl$USBDEVFS_SETINTERFACE(r3, 0x80085504, &(0x7f0000000140)={0x0, 0x6})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_clone3(0x0, 0x0)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340), &(0x7f0000000280))
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e00000020000280060002003000000014000600"], 0x5c}}, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
lsm_get_self_attr(0x9025a27164544f94, 0xffffffffffffffff, 0x0, 0x1)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
write$binfmt_script(r5, &(0x7f0000000200), 0xfffffd9d)

359.928721ms ago: executing program 1 (id=2016):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x1}], 0x1)
r3 = accept4$unix(r1, 0x0, 0x0, 0x0)
recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/55, 0x37}], 0x1}, 0x4c2003e0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, "85407a77"}, @main=@item_4={0x3, 0x0, 0xb, "000400"}, @main=@item_4={0x3, 0x0, 0x0, "00000080"}]}}, 0x0}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCGREPORTINFO(r4, 0xc00c4809, &(0x7f0000000040)={0x3, 0x100, 0x7})

180.042832ms ago: executing program 5 (id=2017):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x68e42, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c0000000000000000000000180100002020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
socket$kcm(0x2, 0xa, 0x2) (async)
r1 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$FIONCLEX(r1, 0x5450)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) (async)
r2 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) (async)
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) (async)
sendmsg$802154_dgram(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000cc0)={0x24, @short={0x2, 0x2, 0xfffe}}, 0x14, &(0x7f0000001d00)={&(0x7f0000000d00)="994320b6165f2cac9011384bf9a5f405690ea3562dddc40a8686fcd68b7e8f792df1491fb469c32112e6f179500bcb1f82c1d62852224121206dd9a836b31196b8e4b3375e1b993917ca6fe3471ccee6927a1c0b948c9f51270df6e0080ae76284432bf10a85c3412b0c5ece6eb980dce50f48bcae9eeb708b4343851a484da80408dcc6a90315b54f1e722c38dda02c521dc0bdc88625e05e6c04e84f8fa2bdd11d29212f131155a106a3453087dde626b490ad25772fa211f19db2b6b6364f7eb4c22266ad5ca1f5935028578833cdaa87220bb4bf5c78fb849d2399ec4e61a406025942beda2fc49c9c0e5c63463ae8bc25cdbb39c3e5c8a306c61199e24dd38947a8ed0c908958ad92a67171e902614579fdbccc4332cdbe377b533f372dd28741e620be48aa891311f69cce93b6dbf56d1be4e4433dc1af5627a9ace505", 0x140}, 0x1, 0x0, 0x0, 0x20040004}, 0x80)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x1, 0xfa00, {0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000080)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r4, 0x1}}, 0x18) (async)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="16000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x75e}], 0x3)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_misc(r6, &(0x7f0000000040), 0xe09) (async)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async)
ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r6) (async)
ioctl$sock_SIOCDELDLCI(r6, 0x8981, &(0x7f0000000000)={'ip6erspan0\x00', 0x9}) (async)
r7 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x3000003, 0x40010, r7, 0x0)

80.52765ms ago: executing program 5 (id=2018):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
mount$overlay(0x0, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f0000000080))
dup2(0xffffffffffffffff, 0xffffffffffffffff)
setxattr$security_ima(0x0, 0x0, 0x0, 0x2, 0x0)
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, 0x0)

720.331µs ago: executing program 4 (id=2019):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
readv(r1, &(0x7f0000001380)=[{&(0x7f00000000c0)=""/4096, 0x1000}, {0x0}], 0x2)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x5a, &(0x7f0000000000)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x68, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}]}}}, @IFLA_MASTER={0x8}]}, 0x68}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3000}, [@alu={0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2f22}, @jmp={0x5, 0x0, 0x2, 0x0, 0x7, 0xfffffffffffffffe, 0xffffffffffffffff}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

0s ago: executing program 4 (id=2020):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000040)='tracefs\x00', 0x3, 0x0)
r0 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000600)='\xeasa\x9a\x8b\x9c\xc7\x1b.\x85\x92\xb2\xbc2=Y\xd3\x17Y\xac-\x14\x1a\xc3\xcd\x1c\xee\xdc\xc1\xb8\x15\x99\xb4\x9aAUrl\x82\x8c8=_\tA\xf6d\xf7w\xc4 \x89\xbf\xa6\xc7|`\x18^\xac\x01N\xf7\x02M\xacM\x93\x80\xc9\x9eO\xc6)\xd70\x9d\xd0\x89\xd7\xbb <\x8a\x1e\t\xf8\xab\x9f\x98rwf\x88\xdc\xa5\xcc\xc7\xce\xe5\x10:sc\xe2Xc|t\x91d,>\xb6\xc9\vn7\x99p\x1f\xbe\xc5&@\xbc\xc2\x17\xa4d\xd5\a\xc0\x1f\xf9\x18\x9c\x14\x9e,\xfd\xff\xff\xff\xff\xff\xff\xff\xdbH\xa7k\xd6\x19p\xf5Z\xc8nx\\1\xcb\xd3@\x8e\xb8x\xb52\xceC\xec\x1f\x98', 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000080)="932870e9927cf2edb67a03a4cdf1e5f0c993ed2b86a8e282b838920aba9f8afe92c93ba9b0372ab97b4282cbde7ef70c5594e711b201a686b92e1bbd69a7372d5b56b803d9368e6307c8b1721e103cacc68a3b708d58ca971f62f9d455fb424bcf14767424fceaebe638bb90f85b4314a7e37097aa4fd6f02998fd9f002e4e650bff16fa66cbf2266ea5653fe174d475bb0745be4ab6d12b4d8bebbe2c3ca1dbece8226b5eececd382cddc23231e2ba7a4bc812f6f2a9237250d86d5a8da997e1ac45496f54d8ae8b8f0ad8a0445098c31d8da408a9b2441228b", 0xda}, {0x0}, {&(0x7f0000000500)="71826a18b67bb4244d676047f1262972fdff78f93083fcbc91feda1ea53bca38f629317e09819ce023436847a023421071a89c6c6b2915e0de671dd79d0c6201702e5d9353343fd35f252a801131d48a6514d8954eccc46e7c13ad224c4402b8dba3b28efb026ee71654d2a3a3342947ca3fefc68611cd2cb44267943e7eb42cdadc2e7424ea3d2afef419c797c455cc520b6724035378f5253d000000000000000000000000000000724fa4e7f7e53342a2289a41f8337db11721a3909a9a031fa08a6819c793f5deacc5", 0xcb}, {&(0x7f0000000300)="6babaf1a1febc3ff6e1e383344ee8f9897d6e2fc2384256d011c69cf6e91c47eff75c30cd84e31b7d69b8e81184994c15a0400699a14ff049f701e3e27fba4e8f83b8621c66dce236a183518f078cbc4ff35eb57b4f07cd2", 0x58}], 0x4)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = open(0x0, 0x4c00, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x101)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff16)
mkdirat(r3, &(0x7f0000000040)='./bus\x00', 0x103)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
chdir(&(0x7f0000000180)='./bus\x00')
r4 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r5 = open(&(0x7f00000003c0)='./bus\x00', 0x101002, 0x181)
write$binfmt_elf64(r4, &(0x7f00000002c0)=ANY=[], 0x76)
dup3(r5, r4, 0x0) (fail_nth: 2)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)

kernel console output (not intermixed with test programs):

no=36701702 res=0 errno=0
[  299.526173][ T5945] Bluetooth: hci0: command 0x040f tx timeout
[  299.527854][T10720] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[  299.625019][T10741] netlink: 'syz.1.1324': attribute type 4 has an invalid length.
[  299.627290][T10741] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1324'.
[  299.894402][T10745] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1326'.
[  300.486900][T10781] FAULT_INJECTION: forcing a failure.
[  300.486900][T10781] name failslab, interval 1, probability 0, space 0, times 0
[  300.490174][T10781] CPU: 3 UID: 0 PID: 10781 Comm: syz.3.1332 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  300.492928][T10781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  300.495770][T10781] Call Trace:
[  300.496763][T10781]  <TASK>
[  300.497550][T10781]  dump_stack_lvl+0x16c/0x1f0
[  300.498885][T10781]  should_fail_ex+0x497/0x5b0
[  300.500165][T10781]  ? fs_reclaim_acquire+0xae/0x150
[  300.501508][T10781]  should_failslab+0xc2/0x120
[  300.502752][T10781]  __kmalloc_node_noprof+0xd1/0x520
[  300.504112][T10781]  ? load_msg+0x43/0x470
[  300.505246][T10781]  load_msg+0x43/0x470
[  300.506298][T10781]  do_msgsnd+0x1a8/0x1750
[  300.507440][T10781]  ? find_held_lock+0x2d/0x110
[  300.508694][T10781]  ? __pfx_do_msgsnd+0x10/0x10
[  300.509985][T10781]  ? trace_lock_acquire+0x14e/0x1f0
[  300.511358][T10781]  ? lock_acquire+0x2f/0xb0
[  300.512546][T10781]  ? __might_fault+0xe3/0x190
[  300.513783][T10781]  ? __ia32_compat_sys_msgsnd+0xe6/0x130
[  300.515236][T10781]  __ia32_compat_sys_msgsnd+0xe6/0x130
[  300.516674][T10781]  __do_fast_syscall_32+0x73/0x120
[  300.518027][T10781]  do_fast_syscall_32+0x32/0x80
[  300.519407][T10781]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.521059][T10781] RIP: 0023:0xf740e579
[  300.522139][T10781] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  300.527089][T10781] RSP: 002b:00000000f50f657c EFLAGS: 00000292 ORIG_RAX: 0000000000000190
[  300.529217][T10781] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000180
[  300.531257][T10781] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  300.533307][T10781] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  300.535347][T10781] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  300.537410][T10781] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  300.539459][T10781]  </TASK>
[  300.610754][T10794] syz_tun: left promiscuous mode
[  300.776178][ T5935] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  300.916110][ T5935] usb 9-1: device descriptor read/64, error -71
[  300.973577][T10816] befs: Unknown parameter 'b�Fs	���'
[  301.166337][ T5935] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  301.267585][T10852] FAULT_INJECTION: forcing a failure.
[  301.267585][T10852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  301.271074][T10852] CPU: 3 UID: 0 PID: 10852 Comm: syz.3.1345 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  301.273855][T10852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  301.276600][T10852] Call Trace:
[  301.277480][T10852]  <TASK>
[  301.278257][T10852]  dump_stack_lvl+0x16c/0x1f0
[  301.279440][T10852]  should_fail_ex+0x497/0x5b0
[  301.280634][T10852]  _copy_from_user+0x2e/0xd0
[  301.281751][T10852]  load_msg+0x1a1/0x470
[  301.282780][T10852]  do_msgsnd+0x1a8/0x1750
[  301.283864][T10852]  ? find_held_lock+0x2d/0x110
[  301.285065][T10852]  ? __pfx_do_msgsnd+0x10/0x10
[  301.286315][T10852]  ? trace_lock_acquire+0x14e/0x1f0
[  301.287668][T10852]  ? lock_acquire+0x2f/0xb0
[  301.288853][T10852]  ? __might_fault+0xe3/0x190
[  301.290093][T10852]  ? __ia32_compat_sys_msgsnd+0xe6/0x130
[  301.291558][T10852]  __ia32_compat_sys_msgsnd+0xe6/0x130
[  301.292977][T10852]  __do_fast_syscall_32+0x73/0x120
[  301.294317][T10852]  do_fast_syscall_32+0x32/0x80
[  301.295588][T10852]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  301.297234][T10852] RIP: 0023:0xf740e579
[  301.298448][T10852] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  301.303416][T10852] RSP: 002b:00000000f50f657c EFLAGS: 00000292 ORIG_RAX: 0000000000000190
[  301.305547][T10852] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000180
[  301.306194][ T5935] usb 9-1: device descriptor read/64, error -71
[  301.307558][T10852] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  301.311421][T10852] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  301.313433][T10852] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  301.315475][T10852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  301.317498][T10852]  </TASK>
[  301.416318][ T5935] usb usb9-port1: attempt power cycle
[  301.703606][T10866] netlink: 'syz.3.1347': attribute type 4 has an invalid length.
[  301.705936][T10866] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1347'.
[  301.756327][ T5935] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  301.786565][ T5935] usb 9-1: device descriptor read/8, error -71
[  302.036117][ T5935] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  302.057229][ T5935] usb 9-1: device descriptor read/8, error -71
[  302.176298][ T5935] usb usb9-port1: unable to enumerate USB device
[  302.326271][ T5976] vhci_hcd: vhci_device speed not set
[  302.557059][   T35] vhci_hcd: vhci_device speed not set
[  303.656560][T10900] block nbd3: shutting down sockets
[  304.056189][ T6005] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  304.217570][ T6005] usb 7-1: Using ep0 maxpacket: 8
[  304.224089][ T6005] usb 7-1: config 0 has no interfaces?
[  304.228207][ T6005] usb 7-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f
[  304.231124][ T6005] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.233340][ T6005] usb 7-1: Product: syz
[  304.234488][ T6005] usb 7-1: Manufacturer: syz
[  304.235704][ T6005] usb 7-1: SerialNumber: syz
[  304.239010][ T6005] usb 7-1: config 0 descriptor??
[  304.331560][T10921] netlink: 'syz.4.1361': attribute type 4 has an invalid length.
[  304.333603][T10921] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1361'.
[  304.453928][ T5997] usb 7-1: USB disconnect, device number 17
[  304.705886][T10927] netlink: 187320 bytes leftover after parsing attributes in process `syz.3.1363'.
[  304.709766][T10927] netlink: zone id is out of range
[  304.711241][T10927] netlink: zone id is out of range
[  304.713061][T10927] netlink: zone id is out of range
[  304.714884][T10927] netlink: zone id is out of range
[  304.716855][T10927] netlink: zone id is out of range
[  304.718624][T10927] netlink: zone id is out of range
[  304.720656][T10927] netlink: zone id is out of range
[  304.722956][T10927] netlink: 'syz.3.1363': attribute type 2 has an invalid length.
[  304.986162][ T6005] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  305.004301][   T39] audit: type=1326 audit(1733640459.737:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.2.1365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000
[  305.011196][   T39] audit: type=1326 audit(1733640459.737:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.2.1365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000
[  305.017031][   T39] audit: type=1326 audit(1733640459.747:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.2.1365" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f92579 code=0x7ffc0000
[  305.022568][   T39] audit: type=1326 audit(1733640459.747:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.2.1365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000
[  305.028585][   T39] audit: type=1326 audit(1733640459.747:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.2.1365" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92579 code=0x7ffc0000
[  305.141335][T10939] MPI: mpi too large (187648 bits)
[  305.315309][ T6005] usb 8-1: device descriptor read/64, error -71
[  306.146718][ T6005] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  306.149726][T10951] netlink: 'syz.1.1370': attribute type 4 has an invalid length.
[  306.208150][T10954] netlink: 'syz.1.1370': attribute type 4 has an invalid length.
[  306.267186][T10955] FAULT_INJECTION: forcing a failure.
[  306.267186][T10955] name failslab, interval 1, probability 0, space 0, times 0
[  306.280953][T10955] CPU: 1 UID: 0 PID: 10955 Comm: syz.2.1371 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  306.283828][T10955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  306.286642][T10955] Call Trace:
[  306.287520][T10955]  <TASK>
[  306.288299][T10955]  dump_stack_lvl+0x16c/0x1f0
[  306.289531][T10955]  should_fail_ex+0x497/0x5b0
[  306.290751][T10955]  ? fs_reclaim_acquire+0xae/0x150
[  306.292119][T10955]  should_failslab+0xc2/0x120
[  306.293344][T10955]  __kmalloc_noprof+0xce/0x4f0
[  306.294622][T10955]  ? io_alloc_async_data+0x9d/0x150
[  306.295965][T10955]  io_alloc_async_data+0x9d/0x150
[  306.297302][T10955]  io_msg_alloc_async+0x82/0x390
[  306.298582][T10955]  io_recvmsg_prep+0x5aa/0xf00
[  306.299840][T10955]  ? __pfx_io_recvmsg_prep+0x10/0x10
[  306.301693][T10955]  ? __io_alloc_req_refill+0x30c/0x5b0
[  306.303090][T10955]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  306.304619][T10955]  io_submit_sqes+0x850/0x25f0
[  306.305873][T10955]  __do_sys_io_uring_enter+0xd43/0x1620
[  306.307313][T10955]  ? __fget_files+0x206/0x3a0
[  306.308553][T10955]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  306.310138][T10955]  ? fput+0x67/0x440
[  306.311166][T10955]  ? ksys_write+0x1ba/0x250
[  306.312419][T10955]  ? __pfx_ksys_write+0x10/0x10
[  306.313742][T10955]  __do_fast_syscall_32+0x73/0x120
[  306.315156][T10955]  do_fast_syscall_32+0x32/0x80
[  306.316443][T10955]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  306.318115][T10955] RIP: 0023:0xf7f92579
[  306.319197][T10955] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  306.324194][T10955] RSP: 002b:00000000f50f557c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  306.326407][T10955] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000000008aa
[  306.328490][T10955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  306.330640][T10955] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  306.332732][T10955] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  306.334852][T10955] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  306.336937][T10955]  </TASK>
[  306.619746][ T6005] usb 8-1: device descriptor read/64, error -71
[  306.776681][ T6005] usb usb8-port1: attempt power cycle
[  307.116141][ T6005] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  307.137697][ T6005] usb 8-1: device descriptor read/8, error -71
[  307.376206][ T6005] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  307.397761][ T6005] usb 8-1: device descriptor read/8, error -71
[  307.443855][T10974] ubi0: attaching mtd0
[  307.446390][T10974] ubi0: scanning is finished
[  307.447657][T10974] ubi0: empty MTD device detected
[  307.506295][ T6005] usb usb8-port1: unable to enumerate USB device
[  307.549542][T10974] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  307.554355][T10974] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  307.557026][T10974] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  307.558861][T10974] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  307.560922][T10974] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  307.562741][T10974] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  307.564823][T10974] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2928940935
[  307.568201][T10974] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  307.571058][T10975] ubi0: background thread "ubi_bgt0d" started, PID 10975
[  308.326357][T10957] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[  308.328612][ T5945] Bluetooth: hci0: command 0x040f tx timeout
[  309.025075][T11002] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  309.026810][T11002] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  309.028962][T11002] vhci_hcd vhci_hcd.0: Device attached
[  309.226526][ T6005] vhci_hcd: vhci_device speed not set
[  309.532219][T11017] raw_sendmsg: syz.2.1385 forgot to set AF_INET. Fix it!
[  309.633274][ T6005] usb 39-1: new full-speed USB device number 14 using vhci_hcd
[  309.836130][ T8719] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  309.986162][ T8719] usb 7-1: Using ep0 maxpacket: 16
[  309.989057][ T8719] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  309.992556][ T8719] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  309.995581][ T8719] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.999826][ T8719] usb 7-1: config 0 descriptor??
[  310.218168][ T8719] usb 7-1: USB disconnect, device number 18
[  310.222225][T11003] vhci_hcd: connection reset by peer
[  310.224273][   T68] vhci_hcd: stop threads
[  310.225840][   T68] vhci_hcd: release socket
[  310.228099][   T68] vhci_hcd: disconnect device
[  310.454950][T11043] netlink: 'syz.1.1392': attribute type 4 has an invalid length.
[  310.509840][T11044] netlink: 'syz.1.1392': attribute type 4 has an invalid length.
[  311.264390][T11057] overlay: Unknown parameter 'fscontext'
[  311.564412][T11059] syz.3.1397: attempt to access beyond end of device
[  311.564412][T11059] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  311.568233][T11059] hpfs: hpfs_map_sector(): read error
[  311.758765][T11065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1398'.
[  311.864193][T11075] FAULT_INJECTION: forcing a failure.
[  311.864193][T11075] name failslab, interval 1, probability 0, space 0, times 0
[  311.892524][T11075] CPU: 3 UID: 0 PID: 11075 Comm: syz.3.1402 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  311.896204][T11075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  311.899715][T11075] Call Trace:
[  311.900844][T11075]  <TASK>
[  311.901789][T11075]  dump_stack_lvl+0x16c/0x1f0
[  311.903326][T11075]  should_fail_ex+0x497/0x5b0
[  311.904931][T11075]  ? fs_reclaim_acquire+0xae/0x150
[  311.906685][T11075]  should_failslab+0xc2/0x120
[  311.908303][T11075]  __kmalloc_noprof+0xce/0x4f0
[  311.909954][T11075]  ? io_complete_rw+0xc2/0x260
[  311.911601][T11075]  ? io_alloc_async_data+0x9d/0x150
[  311.913359][T11075]  ? kiocb_done+0x1ba/0xc10
[  311.914911][T11075]  io_alloc_async_data+0x9d/0x150
[  311.916617][T11075]  io_prep_rw+0x30d/0xb70
[  311.918111][T11075]  io_prep_rwv+0xa8/0x360
[  311.919579][T11075]  ? __pfx_io_prep_rwv+0x10/0x10
[  311.921272][T11075]  ? io_issue_sqe+0x1d3/0x1360
[  311.922845][T11075]  io_submit_sqes+0x850/0x25f0
[  311.924444][T11075]  __do_sys_io_uring_enter+0xd43/0x1620
[  311.926330][T11075]  ? __fget_files+0x206/0x3a0
[  311.927948][T11075]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  311.929996][T11075]  ? fput+0x67/0x440
[  311.931326][T11075]  ? ksys_write+0x1ba/0x250
[  311.932884][T11075]  ? __pfx_ksys_write+0x10/0x10
[  311.934555][T11075]  __do_fast_syscall_32+0x73/0x120
[  311.936303][T11075]  do_fast_syscall_32+0x32/0x80
[  311.937977][T11075]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  311.940115][T11075] RIP: 0023:0xf740e579
[  311.941477][T11075] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  311.947629][T11075] RSP: 002b:00000000f50f657c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  311.950402][T11075] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000047ba
[  311.953026][T11075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  311.955712][T11075] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  311.958325][T11075] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  311.960836][T11075] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  311.963468][T11075]  </TASK>
[  312.466532][T11096] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  312.468990][T11096] overlayfs: missing 'lowerdir'
[  312.582069][   T39] audit: type=1800 audit(1733640467.317:76): pid=11107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1406" name="/" dev="fuse" ino=1 res=0 errno=0
[  312.736107][T11112] netlink: 'syz.3.1410': attribute type 4 has an invalid length.
[  312.805226][T11113] netlink: 'syz.3.1410': attribute type 4 has an invalid length.
[  313.108906][T11125] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  313.322606][T11117] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  313.324653][T11117] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  313.328331][T11117] vhci_hcd vhci_hcd.0: Device attached
[  313.346171][   T35] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  313.506195][   T35] usb 7-1: Using ep0 maxpacket: 32
[  313.513662][   T35] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  313.517970][   T35] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  313.522730][ T5935] libceph: connect (1)[c::]:6789 error -101
[  313.523700][   T35] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  313.526439][ T5935] libceph: mon0 (1)[c::]:6789 connect error
[  313.528501][   T35] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  313.532827][ T5935] libceph: connect (1)[c::]:6789 error -101
[  313.534538][   T35] usb 7-1: config 0 interface 0 has no altsetting 0
[  313.536466][ T5935] libceph: mon0 (1)[c::]:6789 connect error
[  313.540087][   T35] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  313.543140][   T35] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  313.545338][   T35] usb 7-1: Product: syz
[  313.546872][   T35] usb 7-1: Manufacturer: syz
[  313.548441][   T35] usb 7-1: SerialNumber: syz
[  313.553951][   T35] usb 7-1: config 0 descriptor??
[  313.557694][   T35] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  313.561512][   T35] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  313.705794][T11139] syz.4.1416: attempt to access beyond end of device
[  313.705794][T11139] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0
[  313.721085][T11135] ceph: No mds server is up or the cluster is laggy
[  313.796760][   T35] usb 7-1: USB disconnect, device number 19
[  313.799559][   T35] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  313.804080][ T5935] libceph: connect (1)[c::]:6789 error -101
[  313.805553][ T5935] libceph: mon0 (1)[c::]:6789 connect error
[  314.224203][T11132] vhci_hcd: connection closed
[  314.224410][   T68] vhci_hcd: stop threads
[  314.227659][   T68] vhci_hcd: release socket
[  314.229938][   T68] vhci_hcd: disconnect device
[  314.387952][T11185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1419'.
[  314.506300][   T35] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  314.657787][   T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.661962][   T35] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.665777][   T35] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  314.670453][   T35] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  314.673709][   T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.678315][   T35] usb 6-1: config 0 descriptor??
[  314.717225][ T6005] vhci_hcd: vhci_device speed not set
[  315.286204][   T35] usbhid 6-1:0.0: can't add hid device: -71
[  315.286371][ T5945] Bluetooth: hci0: command 0x040f tx timeout
[  315.287873][   T35] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  315.293689][   T35] usb 6-1: USB disconnect, device number 19
[  315.297594][T11112] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[  315.302374][T11146] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  315.304154][T11146] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  315.378442][T11146] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  315.382340][T11146] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  315.628340][T11221] netlink: 'syz.4.1425': attribute type 4 has an invalid length.
[  315.630364][T11221] netlink: 17 bytes leftover after parsing attributes in process `syz.4.1425'.
[  315.785633][ T5948] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  315.791028][ T5948] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  315.798511][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  315.810208][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  315.824234][ T5948] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  315.826356][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  315.841562][ T5945] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  315.844857][ T5945] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  315.858308][ T5945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  315.867428][T11234] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1428'.
[  315.869687][ T5945] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  315.874824][ T5945] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  315.887866][ T5945] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  315.899482][T11236] FAULT_INJECTION: forcing a failure.
[  315.899482][T11236] name failslab, interval 1, probability 0, space 0, times 0
[  315.903141][T11236] CPU: 3 UID: 0 PID: 11236 Comm: syz.3.1429 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  315.905921][T11236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  315.908626][T11236] Call Trace:
[  315.909496][T11236]  <TASK>
[  315.910270][T11236]  dump_stack_lvl+0x16c/0x1f0
[  315.911516][T11236]  should_fail_ex+0x497/0x5b0
[  315.912768][T11236]  ? fs_reclaim_acquire+0xae/0x150
[  315.914122][T11236]  should_failslab+0xc2/0x120
[  315.915339][T11236]  __kmalloc_noprof+0xce/0x4f0
[  315.915723][T11230] ������ speed is unknown, defaulting to 1000
[  315.916594][T11236]  ? io_complete_rw+0xc2/0x260
[  315.916626][T11236]  ? io_alloc_async_data+0x9d/0x150
[  315.916640][T11236]  ? kiocb_done+0x1ba/0xc10
[  315.916654][T11236]  io_alloc_async_data+0x9d/0x150
[  315.923588][T11236]  io_prep_rw+0x30d/0xb70
[  315.924739][T11236]  io_prep_rwv+0xa8/0x360
[  315.925904][T11236]  ? __pfx_io_prep_rwv+0x10/0x10
[  315.927200][T11236]  ? io_issue_sqe+0x1d3/0x1360
[  315.928431][T11236]  io_submit_sqes+0x850/0x25f0
[  315.929685][T11236]  __do_sys_io_uring_enter+0xd43/0x1620
[  315.931146][T11236]  ? __fget_files+0x206/0x3a0
[  315.932388][T11236]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  315.933896][T11236]  ? fput+0x67/0x440
[  315.934916][T11236]  ? ksys_write+0x1ba/0x250
[  315.936126][T11236]  ? __pfx_ksys_write+0x10/0x10
[  315.937709][T11236]  __do_fast_syscall_32+0x73/0x120
[  315.939047][T11236]  do_fast_syscall_32+0x32/0x80
[  315.940335][T11236]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  315.942014][T11236] RIP: 0023:0xf740e579
[  315.943096][T11236] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  315.948084][T11236] RSP: 002b:00000000f50f657c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  315.950274][T11236] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000047ba
[  315.952355][T11236] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  315.954419][T11236] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  315.956466][T11236] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  315.958525][T11236] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  315.960582][T11236]  </TASK>
[  315.977710][T11230] ������ speed is unknown, defaulting to 1000
[  316.032415][T11230] chnl_net:caif_netlink_parms(): no params data found
[  316.266632][T11230] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.268575][T11230] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.270584][T11230] bridge_slave_0: entered allmulticast mode
[  316.273320][T11230] bridge_slave_0: entered promiscuous mode
[  316.278044][T11230] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.281459][T11230] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.283970][T11230] bridge_slave_1: entered allmulticast mode
[  316.288674][T11230] bridge_slave_1: entered promiscuous mode
[  316.344211][T11230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  316.351208][T11230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  316.414713][T11230] team0: Port device team_slave_0 added
[  316.425942][T11230] team0: Port device team_slave_1 added
[  316.478355][T11230] batman_adv: batadv0: Adding interface: batadv_slave_0
[  316.480982][T11230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  316.491284][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  316.491530][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  316.499013][T11230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  316.505724][T11230] batman_adv: batadv0: Adding interface: batadv_slave_1
[  316.509267][T11230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  316.516981][T11230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  316.565101][T11230] hsr_slave_0: entered promiscuous mode
[  316.568516][T11230] hsr_slave_1: entered promiscuous mode
[  316.571399][T11230] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  316.573929][T11230] Cannot create hsr debugfs directory
[  316.706466][T11230] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  316.711180][T11230] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  316.718238][T11230] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  316.723657][T11230] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  316.777174][T11230] 8021q: adding VLAN 0 to HW filter on device bond0
[  316.792398][T11230] 8021q: adding VLAN 0 to HW filter on device team0
[  316.799181][ T8312] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.801044][ T8312] bridge0: port 1(bridge_slave_0) entered forwarding state
[  316.817386][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.819444][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  316.970695][T11230] 8021q: adding VLAN 0 to HW filter on device batadv0
[  317.094006][T11230] veth0_vlan: entered promiscuous mode
[  317.105471][T11230] veth1_vlan: entered promiscuous mode
[  317.131163][T11230] veth0_macvtap: entered promiscuous mode
[  317.144083][T11230] veth1_macvtap: entered promiscuous mode
[  317.153778][T11230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.157036][T11230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.161829][T11230] batman_adv: batadv0: Interface activated: batadv_slave_0
[  317.185897][T11230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  317.189101][T11230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.192512][T11230] batman_adv: batadv0: Interface activated: batadv_slave_1
[  317.197614][T11230] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  317.200450][T11230] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  317.203570][T11230] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  317.207193][T11230] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  317.274362][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.276496][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.293395][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.295450][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.405894][T11280] FAULT_INJECTION: forcing a failure.
[  317.405894][T11280] name failslab, interval 1, probability 0, space 0, times 0
[  317.410340][T11280] CPU: 3 UID: 0 PID: 11280 Comm: syz.4.1437 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  317.413133][T11280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  317.416269][T11280] Call Trace:
[  317.417478][T11280]  <TASK>
[  317.418342][T11280]  dump_stack_lvl+0x16c/0x1f0
[  317.419679][T11280]  should_fail_ex+0x497/0x5b0
[  317.421031][T11280]  ? fs_reclaim_acquire+0xae/0x150
[  317.422477][T11280]  should_failslab+0xc2/0x120
[  317.423822][T11280]  __kmalloc_noprof+0xce/0x4f0
[  317.425315][T11280]  ? io_complete_rw+0xc2/0x260
[  317.426834][T11280]  ? io_alloc_async_data+0x9d/0x150
[  317.428446][T11280]  ? kiocb_done+0x1ba/0xc10
[  317.430132][T11280]  io_alloc_async_data+0x9d/0x150
[  317.431770][T11280]  io_prep_rw+0x30d/0xb70
[  317.432918][T11280]  io_prep_rwv+0xa8/0x360
[  317.434064][T11280]  ? __pfx_io_prep_rwv+0x10/0x10
[  317.435354][T11280]  ? io_issue_sqe+0x1d3/0x1360
[  317.436612][T11280]  io_submit_sqes+0x850/0x25f0
[  317.438006][T11280]  __do_sys_io_uring_enter+0xd43/0x1620
[  317.439477][T11280]  ? __fget_files+0x206/0x3a0
[  317.440705][T11280]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  317.442273][T11280]  ? fput+0x67/0x440
[  317.443300][T11280]  ? ksys_write+0x1ba/0x250
[  317.444487][T11280]  ? __pfx_ksys_write+0x10/0x10
[  317.445769][T11280]  __do_fast_syscall_32+0x73/0x120
[  317.447104][T11280]  do_fast_syscall_32+0x32/0x80
[  317.448390][T11280]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  317.449979][T11280] RIP: 0023:0xf7fb3579
[  317.451046][T11280] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  317.455926][T11280] RSP: 002b:00000000f513657c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  317.458135][T11280] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000047ba
[  317.460948][T11280] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  317.463039][T11280] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  317.465084][T11280] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  317.466994][T11280] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  317.469034][T11280]  </TASK>
[  317.880375][T11293] netlink: 'syz.1.1441': attribute type 4 has an invalid length.
[  317.883455][T11293] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1441'.
[  317.926276][ T5948] Bluetooth: hci1: command tx timeout
[  319.040611][T11316] program syz.3.1447 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  319.268833][T11325] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1450'.
[  319.772392][T11350] Cannot find set identified by id 0 to match
[  319.930398][T11358] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1455'.
[  319.932792][T11358] netlink: 'syz.5.1455': attribute type 25 has an invalid length.
[  319.940706][T11358] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  319.943091][T11358] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  319.945333][T11358] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  319.947647][T11358] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  320.006179][ T5948] Bluetooth: hci1: command tx timeout
[  320.009484][   T39] audit: type=1326 audit(1733640474.747:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.015054][   T39] audit: type=1326 audit(1733640474.747:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.020700][   T39] audit: type=1326 audit(1733640474.747:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.026336][   T39] audit: type=1326 audit(1733640474.747:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.033125][   T39] audit: type=1326 audit(1733640474.747:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.038868][   T39] audit: type=1326 audit(1733640474.747:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.045055][   T39] audit: type=1326 audit(1733640474.747:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.052201][   T39] audit: type=1326 audit(1733640474.747:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.058992][   T39] audit: type=1326 audit(1733640474.747:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.066821][   T39] audit: type=1326 audit(1733640474.777:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11360 comm="syz.3.1456" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  320.613841][T11373] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  320.986159][ T5977] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  321.320514][ T5977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.323505][ T5977] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  321.325855][ T5977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.328914][ T5977] usb 6-1: config 0 descriptor??
[  321.629598][ T5977] usbhid 6-1:0.0: can't add hid device: -71
[  321.631217][ T5977] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  321.634309][ T5977] usb 6-1: USB disconnect, device number 20
[  321.853740][T11392] ������ speed is unknown, defaulting to 1000
[  321.895412][T11392] ������ speed is unknown, defaulting to 1000
[  321.904432][T11394] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  321.919703][T11394] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  322.066208][ T5977] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  322.106422][ T5948] Bluetooth: hci1: command tx timeout
[  322.238509][ T5977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.241653][ T5977] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  322.244649][ T5977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.259366][ T5977] usb 6-1: config 0 descriptor??
[  322.525413][T11407] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  322.946174][T11415] 9pnet: Could not find request transport: f���fd
[  323.005538][T11424] netlink: 'syz.5.1470': attribute type 1 has an invalid length.
[  323.008071][T11424] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1470'.
[  323.101768][T11431] netlink: 'syz.5.1471': attribute type 1 has an invalid length.
[  323.444494][T11449] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  323.446232][T11449] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  323.448376][T11449] vhci_hcd vhci_hcd.0: Device attached
[  323.646136][    T8] vhci_hcd: vhci_device speed not set
[  323.706645][    T8] usb 47-1: new full-speed USB device number 2 using vhci_hcd
[  323.896139][ T5977] usbhid 6-1:0.0: can't add hid device: -71
[  323.923415][ T5977] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  324.001879][ T5977] usb 6-1: USB disconnect, device number 21
[  324.176138][ T5948] Bluetooth: hci1: command tx timeout
[  324.206494][T11460] afs: Unknown parameter '�'
[  324.207875][T11460] afs: Unknown parameter '�'
[  324.209155][T11460] afs: Unknown parameter '�'
[  324.210384][T11460] afs: Unknown parameter '�'
[  324.211684][T11460] afs: Unknown parameter '�'
[  324.212976][T11460] afs: Unknown parameter '�'
[  324.214264][T11460] afs: Unknown parameter '�'
[  324.215537][T11460] afs: Unknown parameter '�'
[  324.216888][T11460] afs: Unknown parameter './file0'
[  324.218307][T11460] afs: Unknown parameter './file0'
[  324.219717][T11460] afs: Unknown parameter './file0'
[  324.221174][T11460] afs: Unknown parameter './file0'
[  324.222615][T11460] afs: Unknown parameter './file0'
[  324.224041][T11460] afs: Unknown parameter './file0'
[  324.225474][T11460] afs: Unknown parameter './file0'
[  324.227183][T11460] afs: Unknown parameter './file0'
[  324.228594][T11460] afs: Unknown parameter './file0'
[  324.230025][T11460] afs: Unknown parameter './file0'
[  324.231448][T11460] afs: Unknown parameter './file0'
[  324.232851][T11460] afs: Unknown parameter './file0'
[  324.234223][T11460] afs: Unknown parameter './file0'
[  324.235572][T11460] afs: Unknown parameter './file0'
[  324.237018][T11460] afs: Unknown parameter './file0'
[  324.238422][T11460] afs: Unknown parameter './file0'
[  324.239830][T11460] afs: Unknown parameter './file0'
[  324.241244][T11460] afs: Unknown parameter './file0'
[  324.242666][T11460] afs: Unknown parameter './file0'
[  324.244074][T11460] afs: Unknown parameter './file0'
[  324.245483][T11460] afs: Unknown parameter './file0'
[  324.246987][T11460] afs: Unknown parameter './file0'
[  324.248398][T11460] afs: Unknown parameter './file0'
[  324.249835][T11460] afs: Unknown parameter './file0'
[  324.251234][T11460] afs: Unknown parameter './file0'
[  324.252642][T11460] afs: Unknown parameter './file0'
[  324.254087][T11460] afs: Unknown parameter './file0'
[  324.255482][T11460] afs: Unknown parameter './file0'
[  324.256931][T11460] afs: Unknown parameter './file0'
[  324.258347][T11460] afs: Unknown parameter './file0'
[  324.259754][T11460] afs: Unknown parameter './file0'
[  324.261157][T11460] afs: Unknown parameter './file0'
[  324.262555][T11460] afs: Unknown parameter './file0'
[  324.263954][T11460] afs: Unknown parameter './file0'
[  324.265365][T11460] afs: Unknown parameter './file0'
[  324.266794][T11460] afs: Unknown parameter './file0'
[  324.268200][T11460] afs: Unknown parameter './file0'
[  324.453396][T11472] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  324.665074][T11482] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  324.666884][T11482] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  324.669139][T11482] vhci_hcd vhci_hcd.0: Device attached
[  324.877634][T11450] vhci_hcd: connection reset by peer
[  324.880567][ T8312] vhci_hcd: stop threads
[  324.881940][ T8312] vhci_hcd: release socket
[  324.883496][ T8312] vhci_hcd: disconnect device
[  324.986223][ T5977] vhci_hcd: vhci_device speed not set
[  325.046166][ T5977] usb 45-1: new full-speed USB device number 4 using vhci_hcd
[  325.659619][T11486] vhci_hcd: connection reset by peer
[  325.662120][   T68] vhci_hcd: stop threads
[  325.664094][   T68] vhci_hcd: release socket
[  325.665961][   T68] vhci_hcd: disconnect device
[  326.807324][T11525] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  326.809079][T11525] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  326.811599][T11525] vhci_hcd vhci_hcd.0: Device attached
[  328.502635][T11526] vhci_hcd: connection closed
[  328.502877][ T8312] vhci_hcd: stop threads
[  328.505380][ T8312] vhci_hcd: release socket
[  328.528090][ T8312] vhci_hcd: disconnect device
[  328.782035][T11561] netlink: 'syz.5.1503': attribute type 4 has an invalid length.
[  328.791998][T11561] netlink: 'syz.5.1503': attribute type 4 has an invalid length.
[  328.799775][    T8] vhci_hcd: vhci_device speed not set
[  328.804869][T11561] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  328.837925][ T6005] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  329.006920][ T6005] usb 8-1: Using ep0 maxpacket: 16
[  329.017576][ T6005] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  329.022273][ T6005] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  329.024828][ T6005] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.047794][ T6005] usb 8-1: config 0 descriptor??
[  329.091742][ T6005] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  329.266470][ T1016] usb 8-1: USB disconnect, device number 26
[  329.704696][T11567] netlink: 'syz.4.1505': attribute type 4 has an invalid length.
[  329.722442][T11567] netlink: 'syz.4.1505': attribute type 4 has an invalid length.
[  329.741610][T11567] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  329.817156][T11570] ALSA: seq fatal error: cannot create timer (-22)
[  329.819384][T11569] ALSA: seq fatal error: cannot create timer (-22)
[  329.948014][T11573] ubi: mtd0 is already attached to ubi0
[  330.180595][ T5977] vhci_hcd: vhci_device speed not set
[  330.456976][T11593] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1511'.
[  330.459639][T11593] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  330.462006][T11593] batman_adv: batadv0: Removing interface: batadv_slave_0
[  330.474142][T11593] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  330.479305][T11593] batman_adv: batadv0: Removing interface: batadv_slave_1
[  330.597975][T11600] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  330.600190][T11600] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  330.611566][T11600] vhci_hcd vhci_hcd.0: Device attached
[  330.806215][ T5948] Bluetooth: hci0: command tx timeout
[  330.807381][ T6005] vhci_hcd: vhci_device speed not set
[  330.877573][ T6005] usb 39-1: new full-speed USB device number 15 using vhci_hcd
[  331.298364][T11607] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  331.300223][T11607] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  331.303465][T11607] vhci_hcd vhci_hcd.0: Device attached
[  331.572019][T11616] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  331.574422][T11616] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  331.577924][T11616] vhci_hcd vhci_hcd.0: Device attached
[  331.756187][ T1016] vhci_hcd: vhci_device speed not set
[  331.816525][ T1016] usb 47-1: new full-speed USB device number 3 using vhci_hcd
[  332.092915][T11601] vhci_hcd: connection reset by peer
[  332.095053][ T8312] vhci_hcd: stop threads
[  332.098540][ T8312] vhci_hcd: release socket
[  332.100007][ T8312] vhci_hcd: disconnect device
[  332.163106][T11623] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1517'.
[  332.176236][    T8] vhci_hcd: vhci_device speed not set
[  332.236261][    T8] usb 45-1: new full-speed USB device number 5 using vhci_hcd
[  332.273570][T11627] hub 2-0:1.0: USB hub found
[  332.275532][T11627] hub 2-0:1.0: 2 ports detected
[  332.432991][T11610] vhci_hcd: connection reset by peer
[  332.434716][ T8312] vhci_hcd: stop threads
[  332.437390][ T8312] vhci_hcd: release socket
[  332.442682][ T8312] vhci_hcd: disconnect device
[  332.559163][T11630] netlink: 'syz.4.1518': attribute type 4 has an invalid length.
[  332.612842][T11631] netlink: 'syz.4.1518': attribute type 4 has an invalid length.
[  332.735771][T11619] vhci_hcd: connection reset by peer
[  332.766467][ T8312] vhci_hcd: stop threads
[  332.767660][ T8312] vhci_hcd: release socket
[  332.776522][ T8312] vhci_hcd: disconnect device
[  332.810508][T11630] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  333.719946][   T39] kauditd_printk_skb: 11 callbacks suppressed
[  333.719958][   T39] audit: type=1326 audit(1733640488.457:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11660 comm="syz.1.1524" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f24579 code=0x0
[  333.815965][T11664] 9pnet_virtio: no channels available for device syz
[  333.914667][T11665] netlink: 'syz.5.1526': attribute type 4 has an invalid length.
[  333.926672][T11665] netlink: 'syz.5.1526': attribute type 4 has an invalid length.
[  333.949409][T11665] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  334.896497][ T5948] Bluetooth: hci0: command tx timeout
[  335.203245][T11681] ucma_write: process 84 (syz.5.1530) changed security contexts after opening file descriptor, this is not allowed.
[  335.610716][T11691] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1531'.
[  336.056363][ T6005] vhci_hcd: vhci_device speed not set
[  336.143435][T11708] netlink: 'syz.1.1534': attribute type 4 has an invalid length.
[  336.212468][T11710] netlink: 'syz.1.1534': attribute type 4 has an invalid length.
[  336.231656][T11708] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  336.636934][T11716] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input50
[  336.930744][T11727] netlink: 'syz.5.1539': attribute type 1 has an invalid length.
[  336.967586][ T1016] vhci_hcd: vhci_device speed not set
[  337.039803][T11727] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  337.356798][    T8] vhci_hcd: vhci_device speed not set
[  337.478505][T11760] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  337.480268][T11760] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  337.485424][T11760] vhci_hcd vhci_hcd.0: Device attached
[  337.759040][T11778] FAULT_INJECTION: forcing a failure.
[  337.759040][T11778] name failslab, interval 1, probability 0, space 0, times 0
[  337.763221][T11778] CPU: 3 UID: 0 PID: 11778 Comm: syz.4.1546 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  337.766298][ T5977] usb 40-1: SetAddress Request (2) to port 0
[  337.766772][T11778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  337.766785][T11778] Call Trace:
[  337.766793][T11778]  <TASK>
[  337.766800][T11778]  dump_stack_lvl+0x16c/0x1f0
[  337.775255][ T5977] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[  337.776477][T11778]  should_fail_ex+0x497/0x5b0
[  337.776498][T11778]  ? fs_reclaim_acquire+0xae/0x150
[  337.776521][T11778]  should_failslab+0xc2/0x120
[  337.776545][T11778]  __kmalloc_noprof+0xce/0x4f0
[  337.785062][T11778]  ? io_complete_rw+0xc2/0x260
[  337.786648][T11778]  ? io_alloc_async_data+0x9d/0x150
[  337.788389][T11778]  ? kiocb_done+0x1ba/0xc10
[  337.789947][T11778]  io_alloc_async_data+0x9d/0x150
[  337.791641][T11778]  io_prep_rw+0x30d/0xb70
[  337.793084][T11778]  io_prep_rwv+0xa8/0x360
[  337.794538][T11778]  ? __pfx_io_prep_rwv+0x10/0x10
[  337.796178][T11778]  ? io_issue_sqe+0x1d3/0x1360
[  337.797816][T11778]  io_submit_sqes+0x850/0x25f0
[  337.799446][T11778]  __do_sys_io_uring_enter+0xd43/0x1620
[  337.801535][T11778]  ? __fget_files+0x206/0x3a0
[  337.803117][T11778]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  337.805004][T11778]  ? fput+0x67/0x440
[  337.806266][T11778]  ? ksys_write+0x1ba/0x250
[  337.807733][T11778]  ? __pfx_ksys_write+0x10/0x10
[  337.809361][T11778]  __do_fast_syscall_32+0x73/0x120
[  337.811066][T11778]  do_fast_syscall_32+0x32/0x80
[  337.812718][T11778]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  337.814842][T11778] RIP: 0023:0xf7fb3579
[  337.816224][T11778] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  337.822293][T11778] RSP: 002b:00000000f513657c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  337.825001][T11778] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000047ba
[  337.827464][T11778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  337.829951][T11778] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  337.832458][T11778] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  337.834951][T11778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  337.837606][T11778]  </TASK>
[  337.912289][T11780] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[  337.976156][ T8719] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  338.146096][ T8719] usb 8-1: Using ep0 maxpacket: 16
[  338.149689][ T8719] usb 8-1: config 0 has an invalid interface number: 143 but max is 0
[  338.151826][ T8719] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  338.159845][ T8719] usb 8-1: config 0 has no interface number 0
[  338.164350][ T8719] usb 8-1: config 0 interface 143 has no altsetting 0
[  338.168675][ T8719] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  338.171019][ T8719] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  338.175577][ T8719] usb 8-1: Product: syz
[  338.178284][ T8719] usb 8-1: SerialNumber: syz
[  338.182410][ T8719] usb 8-1: config 0 descriptor??
[  338.208632][T11763] vhci_hcd: connection reset by peer
[  338.211186][ T8314] vhci_hcd: stop threads
[  338.216223][ T8314] vhci_hcd: release socket
[  338.217838][ T8314] vhci_hcd: disconnect device
[  338.246493][ T5948] Bluetooth: hci0: command tx timeout
[  338.312953][T11786] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  338.312953][T11786]    program syz.4.1548 not setting count and/or reply_len properly
[  338.368010][T11789] netlink: 'syz.5.1549': attribute type 4 has an invalid length.
[  338.390508][ T5976] usb 8-1: USB disconnect, device number 27
[  338.408149][T11789] netlink: 'syz.5.1549': attribute type 4 has an invalid length.
[  338.453348][T11789] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  339.309978][T11801] netlink: 'syz.1.1552': attribute type 4 has an invalid length.
[  339.315104][T11801] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1552'.
[  339.939751][T11823] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  339.941612][T11823] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  339.946719][T11823] vhci_hcd vhci_hcd.0: Device attached
[  340.116162][ T5976] vhci_hcd: vhci_device speed not set
[  340.176210][ T5976] usb 43-1: new full-speed USB device number 13 using vhci_hcd
[  340.496193][ T5948] Bluetooth: hci0: command tx timeout
[  340.730643][T11830] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  340.733878][T11830] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null.
[  340.969822][T11835] xt_CT: You must specify a L4 protocol and not use inversions on it
[  342.004711][T11824] vhci_hcd: connection reset by peer
[  342.014532][   T68] vhci_hcd: stop threads
[  342.015680][   T68] vhci_hcd: release socket
[  342.017528][   T68] vhci_hcd: disconnect device
[  342.136148][T11852] netlink: 'syz.3.1564': attribute type 4 has an invalid length.
[  342.194291][T11852] netlink: 'syz.3.1564': attribute type 4 has an invalid length.
[  342.272036][T11852] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  342.555619][T11861] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  342.557356][T11861] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  342.559437][T11861] vhci_hcd vhci_hcd.0: Device attached
[  343.016141][ T5977] usb 40-1: device descriptor read/8, error -110
[  343.439075][ T5977] usb usb40-port1: attempt power cycle
[  343.507310][ T5935] vhci_hcd: vhci_device speed not set
[  343.576212][ T5935] usb 39-1: new full-speed USB device number 16 using vhci_hcd
[  343.586871][T11868] netlink: 'syz.3.1566': attribute type 4 has an invalid length.
[  343.589081][T11868] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1566'.
[  343.706099][T11862] vhci_hcd: connection reset by peer
[  343.708311][ T1184] vhci_hcd: stop threads
[  343.709883][ T1184] vhci_hcd: release socket
[  343.711802][ T1184] vhci_hcd: disconnect device
[  343.965853][T11874] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1568'.
[  343.976579][T11874] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1568'.
[  343.997556][ T1016] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  344.126160][ T1016] usb 6-1: device descriptor read/64, error -71
[  344.326196][ T5948] Bluetooth: hci0: command tx timeout
[  344.386198][ T1016] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  344.516194][ T1016] usb 6-1: device descriptor read/64, error -71
[  344.626880][ T1016] usb usb6-port1: attempt power cycle
[  344.661514][T11882] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1570'.
[  345.126171][ T1016] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  345.156518][ T1016] usb 6-1: device descriptor read/8, error -71
[  345.289030][ T5976] vhci_hcd: vhci_device speed not set
[  345.416174][ T1016] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  345.446687][ T1016] usb 6-1: device descriptor read/8, error -71
[  345.556302][ T1016] usb usb6-port1: unable to enumerate USB device
[  345.576171][ T6002] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  345.736172][ T6002] usb 8-1: Using ep0 maxpacket: 8
[  345.739222][ T6002] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  345.742088][ T6002] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  345.744448][ T6002] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.747846][ T6002] usb 8-1: config 0 descriptor??
[  345.959484][T11892] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'.
[  345.978590][ T6002] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  345.996377][ T6002] usb 8-1: USB disconnect, device number 28
[  346.527345][T11911] overlayfs: failed to resolve './file0': -2
[  346.529534][T11911] overlay: Unknown parameter 'smackfsroot'
[  346.626299][ T5997] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  346.776115][ T5997] usb 10-1: Using ep0 maxpacket: 16
[  346.778641][ T5997] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[  346.780625][ T5997] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  346.783073][ T5997] usb 10-1: config 0 has no interface number 0
[  346.784611][ T5997] usb 10-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  346.791589][ T5997] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  346.794440][ T5997] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  346.797169][ T5997] usb 10-1: Product: syz
[  346.798510][ T5997] usb 10-1: SerialNumber: syz
[  346.801273][ T5997] usb 10-1: config 0 descriptor??
[  346.982261][ T5945] Bluetooth: hci4: sending frame failed (-49)
[  346.985456][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  347.009105][ T5997] usbhid 10-1:0.8: couldn't find an input interrupt endpoint
[  347.011869][ T5997] usb 10-1: USB disconnect, device number 2
[  347.338508][T11923] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  347.555856][ T8719] libceph: connect (1)[c::]:6789 error -101
[  347.557620][ T8719] libceph: mon0 (1)[c::]:6789 connect error
[  347.653073][T11933] ceph: No mds server is up or the cluster is laggy
[  348.718657][ T5935] vhci_hcd: vhci_device speed not set
[  348.726264][ T5976] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  348.778384][T11949] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  348.780155][T11949] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  348.782817][T11949] vhci_hcd vhci_hcd.0: Device attached
[  348.798984][T11949] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  348.886674][ T5976] usb 10-1: Using ep0 maxpacket: 16
[  348.890122][ T5976] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.894002][ T5976] usb 10-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  348.897315][ T5976] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.901948][ T5976] usb 10-1: config 0 descriptor??
[  348.906762][ T5976] input: bcm5974 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input51
[  348.986531][ T6005] vhci_hcd: vhci_device speed not set
[  349.046178][ T6005] usb 45-1: new full-speed USB device number 6 using vhci_hcd
[  349.111328][ T5340] bcm5974 10-1:0.0: could not read from device
[  349.111835][    T8] usb 10-1: USB disconnect, device number 3
[  349.117293][ T6502] bcm5974 10-1:0.0: could not read from device
[  349.373875][T11954] vhci_hcd: connection reset by peer
[  349.377229][ T8312] vhci_hcd: stop threads
[  349.378313][ T8312] vhci_hcd: release socket
[  349.379440][ T8312] vhci_hcd: disconnect device
[  349.923469][T11970] 9pnet: Unknown protocol version 9
[  350.051336][ T5977] usb usb40-port1: unable to enumerate USB device
[  350.486863][ T5935] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  350.637824][ T5935] usb 9-1: Using ep0 maxpacket: 16
[  350.642503][ T5935] usb 9-1: config 0 has an invalid interface number: 8 but max is 0
[  350.645425][ T5935] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  350.656204][ T5935] usb 9-1: config 0 has no interface number 0
[  350.658459][ T5935] usb 9-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  350.678011][ T5935] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  350.682921][ T5935] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  350.688587][ T5935] usb 9-1: Product: syz
[  350.690101][ T5935] usb 9-1: SerialNumber: syz
[  350.693753][ T5935] usb 9-1: config 0 descriptor??
[  350.946375][    T9] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  351.054308][ T5935] usbhid 9-1:0.8: couldn't find an input interrupt endpoint
[  351.059444][ T5935] usb 9-1: USB disconnect, device number 16
[  351.106251][    T9] usb 6-1: Using ep0 maxpacket: 16
[  351.109187][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.112055][    T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  351.114993][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.118451][    T9] usb 6-1: config 0 descriptor??
[  351.121757][    T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input52
[  352.498527][T12015] 9pnet: Unknown protocol version 9
[  352.929936][T12025] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  352.931684][T12025] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  352.934290][T12025] vhci_hcd vhci_hcd.0: Device attached
[  353.106126][ T1016] vhci_hcd: vhci_device speed not set
[  353.166175][ T1016] usb 43-1: new full-speed USB device number 14 using vhci_hcd
[  353.507869][T12034] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  353.509959][T12034] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  353.513078][T12034] vhci_hcd vhci_hcd.0: Device attached
[  353.685263][T12043] misc userio: The device must be registered before sending interrupts
[  353.805858][ T5340] bcm5974 6-1:0.0: could not read from device
[  353.831864][ T5340] bcm5974 6-1:0.0: could not read from device
[  353.841123][ T5340] bcm5974 6-1:0.0: could not read from device
[  353.844504][ T5340] bcm5974 6-1:0.0: could not read from device
[  353.848902][    T9] usb 6-1: USB disconnect, device number 26
[  354.026209][ T5935] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  354.176250][ T5935] usb 10-1: Using ep0 maxpacket: 16
[  354.189644][ T5935] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.192951][ T5935] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  354.195803][ T5935] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  354.199606][ T5935] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  354.209778][ T5935] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.217797][ T5935] usb 10-1: config 0 descriptor??
[  354.364136][T12029] vhci_hcd: connection reset by peer
[  354.367062][ T8312] vhci_hcd: stop threads
[  354.368282][ T8312] vhci_hcd: release socket
[  354.369676][ T8312] vhci_hcd: disconnect device
[  354.631779][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.633693][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.635684][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.637662][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.639538][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.641435][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.643336][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.645212][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.647298][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.649185][ T5935] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0
[  354.657963][ T5935] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/0003:045E:07DA.0003/input/input53
[  354.665609][ T5935] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  354.748460][T12039] vhci_hcd: connection reset by peer
[  354.750126][   T45] vhci_hcd: stop threads
[  354.752593][   T45] vhci_hcd: release socket
[  354.755184][   T45] vhci_hcd: disconnect device
[  354.816144][ T6005] vhci_hcd: vhci_device speed not set
[  354.845680][ T5935] usb 10-1: USB disconnect, device number 4
[  355.046209][ T8719] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  355.200933][ T8719] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  355.204085][ T8719] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.207123][ T8719] usb 9-1: Product: syz
[  355.208611][ T8719] usb 9-1: Manufacturer: syz
[  355.210215][ T8719] usb 9-1: SerialNumber: syz
[  355.216620][ T8719] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  355.248991][ T8719] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  355.404433][T12066] FAULT_INJECTION: forcing a failure.
[  355.404433][T12066] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  355.409151][T12066] CPU: 3 UID: 0 PID: 12066 Comm: syz.1.1621 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  355.411921][T12066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  355.415188][T12066] Call Trace:
[  355.416039][T12066]  <TASK>
[  355.416960][T12066]  dump_stack_lvl+0x16c/0x1f0
[  355.418323][T12066]  should_fail_ex+0x497/0x5b0
[  355.419552][T12066]  _copy_to_user+0x32/0xd0
[  355.420717][T12066]  simple_read_from_buffer+0xd0/0x160
[  355.422190][T12066]  proc_fail_nth_read+0x198/0x270
[  355.423930][T12066]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  355.425842][T12066]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  355.427688][T12066]  vfs_read+0x1df/0xbe0
[  355.430823][T12066]  ? __fget_files+0x1fc/0x3a0
[  355.430850][T12066]  ? __pfx___mutex_lock+0x10/0x10
[  355.430865][T12066]  ? __pfx_vfs_read+0x10/0x10
[  355.430880][T12066]  ? __fget_files+0x206/0x3a0
[  355.430895][T12066]  ksys_read+0x12b/0x250
[  355.430906][T12066]  ? __pfx_ksys_read+0x10/0x10
[  355.430921][T12066]  __do_fast_syscall_32+0x73/0x120
[  355.430936][T12066]  do_fast_syscall_32+0x32/0x80
[  355.430949][T12066]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  355.430965][T12066] RIP: 0023:0xf7f24579
[  355.430976][T12066] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  355.430986][T12066] RSP: 002b:00000000f50a65b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  355.430998][T12066] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50a6620
[  355.431005][T12066] RDX: 000000000000000f RSI: 00000000f73b0ff4 RDI: 0000000000000000
[  355.431011][T12066] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  355.431018][T12066] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  355.431024][T12066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  355.431052][T12066]  </TASK>
[  356.336254][ T8719] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive
[  356.338602][ T8719] ath9k_htc: Failed to initialize the device
[  356.381596][ T8719] usb 9-1: ath9k_htc: USB layer deinitialized
[  356.590153][ T8719] usb 9-1: USB disconnect, device number 17
[  357.192339][T12099] 9pnet_virtio: no channels available for device syz
[  357.393278][T12102] input: syz0 as /devices/virtual/input/input54
[  357.720206][T12106] netlink: 'syz.1.1631': attribute type 4 has an invalid length.
[  357.729690][T12106] netlink: 'syz.1.1631': attribute type 4 has an invalid length.
[  357.746891][T12106] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  358.318259][ T1016] vhci_hcd: vhci_device speed not set
[  358.729921][T12115] fuse: Unknown parameter '000000000000000000040x00000000000000070000000000000000000001777777777777777777777'
[  358.977116][T12128] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  358.978863][T12128] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  358.981480][T12128] vhci_hcd vhci_hcd.0: Device attached
[  359.508154][ T6005] vhci_hcd: vhci_device speed not set
[  359.566145][ T6005] usb 45-1: new full-speed USB device number 7 using vhci_hcd
[  359.766369][ T5948] Bluetooth: hci0: command tx timeout
[  359.855719][T12144] Illegal XDP return value 4294967274 on prog  (id 241) dev N/A, expect packet loss!
[  360.102410][T12131] vhci_hcd: connection reset by peer
[  360.104368][ T1145] vhci_hcd: stop threads
[  360.105874][ T1145] vhci_hcd: release socket
[  360.108766][ T1145] vhci_hcd: disconnect device
[  361.746829][T12163] xt_CT: No such helper "syz0"
[  361.761252][T12167] syzkaller0: entered promiscuous mode
[  361.762756][T12167] syzkaller0: entered allmulticast mode
[  361.882513][T12171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1647'.
[  362.337819][T12191] 9pnet: Unknown protocol version 9p2000.
[  363.196185][ T1016] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  363.378444][ T1016] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.382367][ T1016] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.385199][ T1016] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  363.388745][ T1016] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  363.391093][ T1016] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.398939][ T1016] usb 10-1: config 0 descriptor??
[  363.419477][T12201] netlink: set zone limit has 8 unknown bytes
[  363.419478][T12200] netlink: set zone limit has 8 unknown bytes
[  363.476747][T12208] binder: 12207:12208 ioctl c0306201 20000580 returned -14
[  364.482471][T12231] netlink: 'syz.1.1663': attribute type 4 has an invalid length.
[  364.521792][T12231] netlink: 'syz.1.1663': attribute type 4 has an invalid length.
[  364.556359][T12231] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  364.558342][T12233] syzkaller0: entered promiscuous mode
[  364.559784][T12233] syzkaller0: entered allmulticast mode
[  364.564544][T12233] PF_CAN: dropped non conform CAN FD skbuff: dev type 780, len 65487
[  365.056144][ T6005] vhci_hcd: vhci_device speed not set
[  365.336120][ T8719] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  365.489397][ T8719] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  365.491761][ T8719] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.493817][ T8719] usb 8-1: Product: syz
[  365.494903][ T8719] usb 8-1: Manufacturer: syz
[  365.496234][ T8719] usb 8-1: SerialNumber: syz
[  365.502201][ T8719] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  365.512876][ T8719] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  365.766614][T12255] netlink: 2060 bytes leftover after parsing attributes in process `syz.1.1671'.
[  365.819115][ T1016] usbhid 10-1:0.0: can't add hid device: -71
[  365.821800][ T1016] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  365.828101][ T1016] usb 10-1: USB disconnect, device number 5
[  365.924694][ T5976] usb 8-1: USB disconnect, device number 29
[  366.149965][T12279] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  366.152315][T12279] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  366.154702][T12279] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  366.459105][T12285] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1678'.
[  366.513877][T12286] overlay: Unknown parameter 'appraise_type'
[  366.558244][ T8719] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  366.558286][ T5948] Bluetooth: hci0: command tx timeout
[  366.561393][ T8719] ath9k_htc: Failed to initialize the device
[  366.565733][ T5976] usb 8-1: ath9k_htc: USB layer deinitialized
[  366.815106][T12292] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  366.817721][T12292] overlayfs: failed to set xattr on upper
[  366.820610][T12292] overlayfs: ...falling back to redirect_dir=nofollow.
[  366.823817][T12292] overlayfs: ...falling back to index=off.
[  366.825771][T12292] overlayfs: ...falling back to uuid=null.
[  367.329759][T12325] netlink: 'syz.4.1688': attribute type 4 has an invalid length.
[  367.340106][T12325] netlink: 'syz.4.1688': attribute type 4 has an invalid length.
[  367.362558][T12325] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  367.805647][T12310] overlayfs: statfs failed on './file0'
[  367.930187][T12332] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 12332 comm: syz.5.1691)
[  367.933746][   T39] audit: type=1800 audit(1733640522.718:99): pid=12332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1691" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=35364 res=0 errno=0
[  367.935668][T12332] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  369.356160][ T5948] Bluetooth: hci0: command tx timeout
[  369.480349][T12387] netlink: 'syz.4.1706': attribute type 4 has an invalid length.
[  369.530556][T12388] netlink: 'syz.4.1706': attribute type 4 has an invalid length.
[  369.600207][T12387] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  370.055399][T12392] netlink: 'syz.5.1707': attribute type 4 has an invalid length.
[  370.186960][T12393] netlink: 'syz.5.1707': attribute type 4 has an invalid length.
[  370.250789][T12392] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  371.248343][T12409] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1711'.
[  371.251615][T12409] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  371.489048][T12416] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1713'.
[  371.620933][ T5948] Bluetooth: hci0: command tx timeout
[  371.765072][T12422] pimreg: entered allmulticast mode
[  371.915037][T12427] netlink: 'syz.4.1716': attribute type 4 has an invalid length.
[  371.920221][T12427] netlink: 'syz.4.1716': attribute type 4 has an invalid length.
[  371.967592][T12427] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  372.444887][T12435] sg_write: data in/out 768/5 bytes for SCSI command 0x77-- guessing data in;
[  372.444887][T12435]    program syz.5.1719 not setting count and/or reply_len properly
[  373.110659][T12446] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1723'.
[  373.590774][T12467] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  373.592557][T12467] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  373.595146][T12467] vhci_hcd vhci_hcd.0: Device attached
[  373.765968][ T5935] vhci_hcd: vhci_device speed not set
[  373.824708][ T5935] usb 47-1: new full-speed USB device number 4 using vhci_hcd
[  373.949683][T12484] team0: left allmulticast mode
[  373.951043][T12484] team_slave_0: left allmulticast mode
[  373.952618][T12484] team_slave_1: left allmulticast mode
[  373.954209][T12484] bridge0: port 3(team0) entered disabled state
[  373.959076][T12484] bridge_slave_0: left allmulticast mode
[  373.960578][T12484] bridge_slave_0: left promiscuous mode
[  373.962590][T12484] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.967057][T12484] bridge_slave_1: left allmulticast mode
[  373.968691][T12484] bridge_slave_1: left promiscuous mode
[  373.970203][T12484] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.971682][ T5948] Bluetooth: hci0: command tx timeout
[  373.975950][T12484] bond0: (slave bond_slave_0): Releasing backup interface
[  373.994762][T12484] bond0: (slave bond_slave_1): Releasing backup interface
[  374.002743][T12484] team_slave_0: left promiscuous mode
[  374.014808][T12484] team0: Port device team_slave_0 removed
[  374.016953][T12484] team_slave_1: left promiscuous mode
[  374.021813][T12484] team0: Port device team_slave_1 removed
[  374.104998][   T39] audit: type=1326 audit(1733640529.034:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12483 comm="syz.4.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb3579 code=0x7fc00000
[  374.446533][T12497] netlink: 'syz.3.1734': attribute type 4 has an invalid length.
[  374.464875][T12497] netlink: 'syz.3.1734': attribute type 4 has an invalid length.
[  374.476403][T12497] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  374.733735][   T39] audit: type=1326 audit(1733640529.676:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12483 comm="syz.4.1733" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fb3579 code=0x7fc00000
[  374.869194][T12507] 9pnet_virtio: no channels available for device syz
[  374.963254][T12470] vhci_hcd: connection reset by peer
[  374.965348][ T8314] vhci_hcd: stop threads
[  374.966523][ T8314] vhci_hcd: release socket
[  374.968023][ T8314] vhci_hcd: disconnect device
[  375.581657][T12517] dccp_v6_rcv: dropped packet with invalid checksum
[  376.496839][ T5948] Bluetooth: hci0: command tx timeout
[  376.554909][T12539] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  376.557234][T12539] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  376.563874][T12539] vhci_hcd vhci_hcd.0: Device attached
[  377.026353][  T833] vhci_hcd: vhci_device speed not set
[  377.086898][  T833] usb 45-1: new full-speed USB device number 8 using vhci_hcd
[  377.670876][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  377.673278][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  377.709907][T12542] vhci_hcd: connection reset by peer
[  377.730917][   T45] vhci_hcd: stop threads
[  377.730936][   T45] vhci_hcd: release socket
[  377.732048][   T45] vhci_hcd: disconnect device
[  377.876647][T12559] syzkaller1: entered promiscuous mode
[  377.878719][T12559] syzkaller1: entered allmulticast mode
[  378.032817][T12573] tipc: Started in network mode
[  378.034144][T12573] tipc: Node identity 56b676e00113, cluster identity 4711
[  378.037010][T12573] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.039851][T12573] syzkaller0: MTU too low for tipc bearer
[  378.041401][T12573] tipc: Disabling bearer <eth:syzkaller0>
[  378.383619][    C3] Unknown status report in ack skb
[  378.546175][T12609] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  378.840732][ T5935] vhci_hcd: vhci_device speed not set
[  378.930694][T12621] binder: 12617:12621 ioctl c0306201 0 returned -14
[  378.962530][T12622] netlink: 'syz.5.1771': attribute type 4 has an invalid length.
[  379.018083][T12623] netlink: 'syz.5.1771': attribute type 4 has an invalid length.
[  379.073484][T12622] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  379.505744][T12634] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1773'.
[  379.508111][T12634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1773'.
[  379.627840][T12633] ������ speed is unknown, defaulting to 1000
[  379.667213][T12633] ������ speed is unknown, defaulting to 1000
[  380.317670][   T39] audit: type=1326 audit(1733640535.342:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.329785][   T39] audit: type=1326 audit(1733640535.342:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.335780][   T39] audit: type=1326 audit(1733640535.352:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.345558][   T39] audit: type=1326 audit(1733640535.352:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.354175][   T39] audit: type=1326 audit(1733640535.352:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.364614][   T39] audit: type=1326 audit(1733640535.352:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.370625][   T39] audit: type=1326 audit(1733640535.352:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.376577][   T39] audit: type=1326 audit(1733640535.352:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.382345][   T39] audit: type=1326 audit(1733640535.352:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  380.388538][   T39] audit: type=1326 audit(1733640535.352:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12672 comm="syz.5.1783" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ff00000
[  381.074777][ T5948] Bluetooth: hci0: command tx timeout
[  381.435067][T12709] netlink: 'syz.1.1791': attribute type 4 has an invalid length.
[  381.482176][T12709] netlink: 'syz.1.1791': attribute type 4 has an invalid length.
[  381.493234][T12709] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  382.218114][  T833] vhci_hcd: vhci_device speed not set
[  382.680751][T12726] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1797'.
[  382.685942][T12726] netlink: 'syz.1.1797': attribute type 3 has an invalid length.
[  382.688049][T12726] netlink: 'syz.1.1797': attribute type 3 has an invalid length.
[  382.690332][T12726] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1797'.
[  383.514200][ T5948] Bluetooth: hci0: command tx timeout
[  384.140004][T12758] FAULT_INJECTION: forcing a failure.
[  384.140004][T12758] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  384.148383][T12758] CPU: 2 UID: 0 PID: 12758 Comm: syz.5.1805 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  384.151500][T12758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  384.154276][T12758] Call Trace:
[  384.155164][T12758]  <TASK>
[  384.155936][T12758]  dump_stack_lvl+0x16c/0x1f0
[  384.157229][T12758]  should_fail_ex+0x497/0x5b0
[  384.158811][T12758]  ? fs_reclaim_acquire+0xae/0x150
[  384.160577][T12758]  should_fail_alloc_page+0xe7/0x130
[  384.162165][T12758]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  384.163920][T12758]  __alloc_pages_noprof+0x190/0x25b0
[  384.165456][T12758]  ? hlock_class+0x4e/0x130
[  384.166793][T12758]  ? mark_lock+0xb5/0xc60
[  384.168076][T12758]  ? __lock_acquire+0x15a9/0x3c40
[  384.169542][T12758]  ? __pfx_mark_lock+0x10/0x10
[  384.171020][T12758]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  384.172667][T12758]  ? finish_task_switch.isra.0+0x217/0xcc0
[  384.174289][T12758]  ? __pfx___lock_acquire+0x10/0x10
[  384.175776][T12758]  ? __lock_acquire+0x15a9/0x3c40
[  384.177253][T12758]  ? hlock_class+0x4e/0x130
[  384.178557][T12758]  ? __lock_acquire+0xcc5/0x3c40
[  384.180048][T12758]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  384.181865][T12758]  ? policy_nodemask+0xea/0x4e0
[  384.183338][T12758]  alloc_pages_mpol_noprof+0x2c9/0x610
[  384.184888][T12758]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  384.186561][T12758]  ? lock_acquire.part.0+0x11b/0x380
[  384.188061][T12758]  get_free_pages_noprof+0xc/0x40
[  384.189510][T12758]  __pollwait+0x291/0x4c0
[  384.190730][T12758]  ? __pfx___pollwait+0x10/0x10
[  384.192126][T12758]  tcp_poll+0xc9/0xf90
[  384.193375][T12758]  ? __pfx_tcp_poll+0x10/0x10
[  384.194644][T12758]  ? lock_acquire+0x2f/0xb0
[  384.195948][T12758]  ? __fget_files+0x40/0x3a0
[  384.197298][T12758]  ? __pfx_tcp_poll+0x10/0x10
[  384.198757][T12758]  sock_poll+0x15e/0x510
[  384.199974][T12758]  ? __pfx_sock_poll+0x10/0x10
[  384.201347][T12758]  do_select+0xd88/0x17e0
[  384.202660][T12758]  ? __pfx_do_select+0x10/0x10
[  384.204134][T12758]  ? mark_lock+0xb5/0xc60
[  384.205478][T12758]  ? hlock_class+0x4e/0x130
[  384.206806][T12758]  ? __pfx___pollwait+0x10/0x10
[  384.208327][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.209755][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.211150][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.212507][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.213879][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.215343][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.216801][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.218263][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.219716][T12758]  ? __pfx_pollwake+0x10/0x10
[  384.221177][T12758]  ? compat_core_sys_select+0x1de/0x880
[  384.222875][T12758]  ? __pfx_lock_release+0x10/0x10
[  384.224436][T12758]  ? trace_lock_acquire+0x14e/0x1f0
[  384.226051][T12758]  ? compat_core_sys_select+0x687/0x880
[  384.227750][T12758]  compat_core_sys_select+0x687/0x880
[  384.229440][T12758]  ? __pfx_compat_core_sys_select+0x10/0x10
[  384.231268][T12758]  ? get_pid_task+0xfc/0x250
[  384.232722][T12758]  ? set_compat_user_sigmask+0x20f/0x2a0
[  384.234436][T12758]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  384.236271][T12758]  do_compat_pselect+0x202/0x240
[  384.237800][T12758]  ? __pfx_do_compat_pselect+0x10/0x10
[  384.239471][T12758]  __ia32_compat_sys_pselect6_time32+0x17c/0x240
[  384.241415][T12758]  ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10
[  384.243493][T12758]  __do_fast_syscall_32+0x73/0x120
[  384.245137][T12758]  do_fast_syscall_32+0x32/0x80
[  384.246490][T12758]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  384.248125][T12758] RIP: 0023:0xf7f95579
[  384.249340][T12758] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  384.254445][T12758] RSP: 002b:00000000f50f557c EFLAGS: 00000292 ORIG_RAX: 0000000000000134
[  384.256660][T12758] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000200001c0
[  384.258760][T12758] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000000
[  384.260859][T12758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  384.262962][T12758] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  384.265132][T12758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.267162][T12758]  </TASK>
[  384.982240][T12768] [U] 
[  385.638747][T12791] overlayfs: missing 'lowerdir'
[  386.370936][T12802] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  386.373182][T12802] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  386.375977][T12802] vhci_hcd vhci_hcd.0: Device attached
[  386.505469][T12809] bond0: entered promiscuous mode
[  386.507748][T12809] bond_slave_0: entered promiscuous mode
[  386.509828][T12809] bond_slave_1: entered promiscuous mode
[  386.511896][T12809] syz_tun: entered promiscuous mode
[  386.514415][T12809] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  386.523603][T12809] bond0: left promiscuous mode
[  386.527888][T12809] bond_slave_0: left promiscuous mode
[  386.531365][T12809] bond_slave_1: left promiscuous mode
[  386.533756][T12809] syz_tun: left promiscuous mode
[  386.882652][ T6005] vhci_hcd: vhci_device speed not set
[  386.952532][ T6005] usb 47-1: new full-speed USB device number 5 using vhci_hcd
[  387.307655][T12805] vhci_hcd: connection reset by peer
[  387.310024][   T45] vhci_hcd: stop threads
[  387.313588][   T45] vhci_hcd: release socket
[  387.315424][   T45] vhci_hcd: disconnect device
[  388.341129][   T30] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  388.440558][    C0] af_packet: tpacket_rcv: packet too big, clamped from 70 to 4294967286. macoff=82
[  388.501678][   T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  388.505247][   T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.507711][   T30] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  388.510131][   T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.514468][   T30] usb 6-1: config 0 descriptor??
[  388.540831][T12849] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1826'.
[  388.543235][T12849] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1826'.
[  388.919627][T12835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.928219][T12835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.935694][T12835] sctp: [Deprecated]: syz.1.1823 (pid 12835) Use of int in max_burst socket option deprecated.
[  388.935694][T12835] Use struct sctp_assoc_value instead
[  388.942360][T12835] netlink: 'syz.1.1823': attribute type 1 has an invalid length.
[  388.949868][   T30] usbhid 6-1:0.0: can't add hid device: -71
[  388.951591][   T30] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  388.958553][   T30] usb 6-1: USB disconnect, device number 27
[  388.996227][T12856] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  388.997972][T12856] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  389.000484][T12856] vhci_hcd vhci_hcd.0: Device attached
[  389.612709][    T9] vhci_hcd: vhci_device speed not set
[  389.671751][    T9] usb 45-1: new full-speed USB device number 9 using vhci_hcd
[  390.060920][T12859] vhci_hcd: connection reset by peer
[  390.062960][ T8312] vhci_hcd: stop threads
[  390.064281][ T8312] vhci_hcd: release socket
[  390.065771][ T8312] vhci_hcd: disconnect device
[  390.287385][ T8719] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  390.446166][ T8719] usb 6-1: Using ep0 maxpacket: 16
[  390.449913][ T8719] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  390.452601][ T8719] usb 6-1: config 0 has no interface number 0
[  390.454857][ T8719] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  390.461045][ T8719] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  390.479968][ T8719] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  390.483188][ T8719] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  390.485729][ T8719] usb 6-1: Product: syz
[  390.487538][ T8719] usb 6-1: SerialNumber: syz
[  390.490136][ T8719] usb 6-1: config 0 descriptor??
[  390.494404][ T8719] cm109 6-1:0.8: invalid payload size 0, expected 4
[  390.496992][ T8719] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input57
[  390.705747][    C3] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  390.705994][   T78] usb 6-1: USB disconnect, device number 28
[  390.707538][    C3] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  390.719071][   T78] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  391.499437][ T5935] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  391.658413][ T5935] usb 6-1: Using ep0 maxpacket: 8
[  391.662327][ T5935] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  391.665093][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  391.669401][ T5935] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  391.674199][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  391.678271][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  391.683312][ T5935] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  391.686422][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  391.690357][ T5935] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  391.694411][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  391.700411][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  391.705586][ T5935] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  391.708418][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  391.715015][ T5935] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  391.719397][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  391.724315][ T5935] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  391.732929][ T5935] usb 6-1: string descriptor 0 read error: -22
[  391.735296][ T5935] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  391.738626][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.749029][ T5935] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  391.850383][T12900] syz.4.1840: attempt to access beyond end of device
[  391.850383][T12900] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  391.853703][T12900] hpfs: hpfs_map_sector(): read error
[  391.882088][T12905] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1841'.
[  391.930577][T12905] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1841'.
[  391.996445][ T6005] vhci_hcd: vhci_device speed not set
[  392.166132][T12918] capability: warning: `syz.4.1844' uses 32-bit capabilities (legacy support in use)
[  392.193100][   T78] usb 6-1: USB disconnect, device number 29
[  392.732230][   T78] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  392.891256][   T78] usb 8-1: Using ep0 maxpacket: 16
[  392.894434][   T78] usb 8-1: config 0 has an invalid interface number: 8 but max is 0
[  392.896836][   T78] usb 8-1: config 0 has no interface number 0
[  392.898391][   T78] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  392.901928][   T78] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  392.906074][   T78] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  392.909038][   T78] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  392.911503][   T78] usb 8-1: Product: syz
[  392.912909][   T78] usb 8-1: SerialNumber: syz
[  392.915434][   T78] usb 8-1: config 0 descriptor??
[  392.918110][   T78] cm109 8-1:0.8: invalid payload size 0, expected 4
[  392.920685][   T78] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.8/input/input58
[  393.124236][    C0] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  393.124554][ T5935] usb 8-1: USB disconnect, device number 30
[  393.126067][    C0] cm109 8-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  393.133798][ T5935] cm109 8-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  393.728893][T12956] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  393.797921][T12960] xt_NFQUEUE: number of queues (257) out of range (got 65786)
[  394.009136][ T5945] Bluetooth: hci1: command 0x0405 tx timeout
[  394.330457][T12974] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  394.332198][T12974] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  394.334788][T12974] vhci_hcd vhci_hcd.0: Device attached
[  395.059793][ T6005] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  395.209043][ T6005] usb 6-1: Using ep0 maxpacket: 16
[  395.212784][ T6005] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  395.214906][ T6005] usb 6-1: config 0 has no interface number 0
[  395.216530][ T6005] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  395.219496][ T6005] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  395.223996][ T6005] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  395.226365][ T6005] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  395.228572][ T6005] usb 6-1: Product: syz
[  395.230187][ T6005] usb 6-1: SerialNumber: syz
[  395.233146][ T6005] usb 6-1: config 0 descriptor??
[  395.237658][ T6005] cm109 6-1:0.8: invalid payload size 0, expected 4
[  395.242015][ T6005] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input59
[  395.323362][T12976] vhci_hcd: connection reset by peer
[  395.325141][   T45] vhci_hcd: stop threads
[  395.328509][   T45] vhci_hcd: release socket
[  395.329961][   T45] vhci_hcd: disconnect device
[  395.394308][T12991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  395.399333][    T9] vhci_hcd: vhci_device speed not set
[  395.404180][T12991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  395.413684][T12991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  395.438553][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  395.440571][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  395.442543][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  395.444590][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  395.446498][ T6005] usb 6-1: USB disconnect, device number 30
[  395.446542][    C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  395.449886][    C0] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  395.456891][ T6005] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  396.163846][T13016] 9pnet_virtio: no channels available for device syz
[  396.424124][   T39] kauditd_printk_skb: 770 callbacks suppressed
[  396.444988][   T39] audit: type=1800 audit(1733640551.550:882): pid=13013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1871" name="bus" dev="9p" ino=36701702 res=0 errno=0
[  396.576350][T13017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1871'.
[  396.643473][T13017] veth7: entered promiscuous mode
[  396.939019][   T39] audit: type=1326 audit(1733640552.092:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13023 comm="syz.3.1875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  396.944932][   T39] audit: type=1326 audit(1733640552.092:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13023 comm="syz.3.1875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  396.950461][   T39] audit: type=1326 audit(1733640552.092:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13023 comm="syz.3.1875" exe="/syz-executor" sig=0 arch=40000003 syscall=183 compat=1 ip=0xf740e579 code=0x7ffc0000
[  396.963646][   T39] audit: type=1326 audit(1733640552.092:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13023 comm="syz.3.1875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  396.969633][   T39] audit: type=1326 audit(1733640552.102:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13023 comm="syz.3.1875" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000
[  397.041970][T13019] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1873'.
[  397.427002][T13045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  397.970065][T13054] 9pnet_virtio: no channels available for device syz
[  398.653230][   T39] audit: type=1800 audit(1733640553.809:888): pid=13051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1881" name="bus" dev="9p" ino=36701702 res=0 errno=0
[  398.680957][T13051] syz.4.1881 (13051) used greatest stack depth: 20368 bytes left
[  398.936620][T13075] random: crng reseeded on system resumption
[  399.202732][ T5976] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  399.381314][ T5976] usb 8-1: Using ep0 maxpacket: 8
[  399.384594][ T5976] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  399.581584][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  399.588411][ T5976] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  399.591573][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  399.594413][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  399.598089][ T5976] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  399.600041][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  399.603037][ T5976] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  399.606064][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  399.608917][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  399.612630][ T5976] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[  399.614578][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  399.617446][ T5976] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  399.620414][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  399.623197][ T5976] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  399.628531][ T5976] usb 8-1: string descriptor 0 read error: -22
[  399.630178][ T5976] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  399.632598][ T5976] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.646628][ T5976] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  399.787376][T13100] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  399.789077][T13100] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  399.791118][T13100] vhci_hcd vhci_hcd.0: Device attached
[  399.849607][ T5935] usb 8-1: USB disconnect, device number 31
[  399.979424][ T5976] vhci_hcd: vhci_device speed not set
[  400.048875][ T5976] usb 45-1: new full-speed USB device number 10 using vhci_hcd
[  400.876507][T13103] vhci_hcd: connection reset by peer
[  400.878088][   T68] vhci_hcd: stop threads
[  400.879570][   T68] vhci_hcd: release socket
[  400.881248][   T68] vhci_hcd: disconnect device
[  401.147699][T13119] netlink: 'syz.4.1898': attribute type 4 has an invalid length.
[  401.715860][T13134] [U] V�3��Fپ"S��/��4:�XTZ�W�T��LW��=
[  401.718970][T13134] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  401.818905][T13148] sg_write: data in/out 196608/4 bytes for SCSI command 0xdb-- guessing data in;
[  401.818905][T13148]    program syz.3.1905 not setting count and/or reply_len properly
[  402.097853][T13161] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  402.099569][T13161] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  402.101751][T13161] vhci_hcd vhci_hcd.0: Device attached
[  403.086389][T13162] vhci_hcd: connection closed
[  403.086633][ T8313] vhci_hcd: stop threads
[  403.091498][ T8313] vhci_hcd: release socket
[  403.094717][ T8313] vhci_hcd: disconnect device
[  403.278535][   T30] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  403.448550][   T30] usb 10-1: too many configurations: 9, using maximum allowed: 8
[  403.451666][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.453964][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.456910][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.460296][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.462627][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.465472][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.467862][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.470361][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.473143][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.475627][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.478366][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.481126][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.483811][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.486153][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.490854][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.508713][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.511087][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.513923][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.516810][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.520110][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.523473][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.526337][   T30] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  403.529569][   T30] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  403.533054][   T30] usb 10-1: config 0 interface 0 has no altsetting 0
[  403.536829][   T30] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  403.540132][   T30] usb 10-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  403.542850][   T30] usb 10-1: Product: syz
[  403.544235][   T30] usb 10-1: Manufacturer: syz
[  403.545859][   T30] usb 10-1: SerialNumber: syz
[  403.549143][   T30] usb 10-1: config 0 descriptor??
[  403.567581][   T30] yurex 10-1:0.0: USB YUREX device now attached to Yurex #0
[  403.761637][ T5997] usb 10-1: USB disconnect, device number 6
[  403.767491][ T5997] yurex 10-1:0.0: USB YUREX #0 now disconnected
[  404.009174][T13200] sp0: Synchronizing with TNC
[  404.110345][T13205] netlink: 'syz.4.1918': attribute type 3 has an invalid length.
[  404.113864][T13206] netlink: 'syz.4.1918': attribute type 3 has an invalid length.
[  405.153994][ T5976] vhci_hcd: vhci_device speed not set
[  406.145932][T13248] tty tty2: ldisc open failed (-12), clearing slot 1
[  406.529428][T13258] 9pnet: Found fid 0 not clunked
[  407.218718][T13274] netlink: 'syz.3.1937': attribute type 1 has an invalid length.
[  407.220895][T13274] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1937'.
[  407.275010][T13275] netlink: 2060 bytes leftover after parsing attributes in process `syz.3.1937'.
[  408.368971][T13308] 9pnet_fd: Insufficient options for proto=fd
[  408.444299][T13315] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  408.595633][T13320] XFS (sr0): Invalid superblock magic number
[  409.083517][   T39] audit: type=1326 audit(1733640564.269:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.088801][   T39] audit: type=1326 audit(1733640564.269:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.094328][   T39] audit: type=1326 audit(1733640564.269:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.100994][   T39] audit: type=1326 audit(1733640564.279:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.107680][   T39] audit: type=1326 audit(1733640564.279:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.113291][   T39] audit: type=1326 audit(1733640564.279:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=284 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.124925][   T39] audit: type=1326 audit(1733640564.329:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13342 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.282236][   T39] audit: type=1326 audit(1733640564.469:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13342 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=1 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.288133][   T39] audit: type=1326 audit(1733640564.479:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f95598 code=0x7ffc0000
[  409.293604][   T39] audit: type=1326 audit(1733640564.479:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13340 comm="syz.5.1955" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f95579 code=0x7ffc0000
[  409.667267][T13354] 9pnet_virtio: no channels available for device syz
[  409.790468][T13356] netlink: 'syz.4.1958': attribute type 10 has an invalid length.
[  409.804608][T13356] team0: Device hsr_slave_0 failed to register rx_handler
[  409.879486][T13362] can0: slcan on ptm0.
[  410.358794][T13368] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  410.361035][T13368] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  410.375644][T13368] vhci_hcd vhci_hcd.0: Device attached
[  410.611337][T13383] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  410.701575][ T6002] vhci_hcd: vhci_device speed not set
[  410.771525][ T6002] usb 45-1: new full-speed USB device number 11 using vhci_hcd
[  410.863621][T13360] can0 (unregistered): slcan off ptm0.
[  411.221651][   T78] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  411.296770][T13377] vhci_hcd: connection reset by peer
[  411.324194][ T8313] vhci_hcd: stop threads
[  411.325321][ T8313] vhci_hcd: release socket
[  411.326508][ T8313] vhci_hcd: disconnect device
[  411.370596][   T78] usb 10-1: Using ep0 maxpacket: 16
[  411.383205][   T78] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[  411.385360][   T78] usb 10-1: config 0 has no interface number 0
[  411.386990][   T78] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  411.389777][   T78] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  411.394328][   T78] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  411.396529][   T78] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  411.398640][   T78] usb 10-1: Product: syz
[  411.399780][   T78] usb 10-1: SerialNumber: syz
[  411.403687][   T78] usb 10-1: config 0 descriptor??
[  411.408749][   T78] cm109 10-1:0.8: invalid payload size 0, expected 4
[  411.411704][   T78] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.8/input/input60
[  411.624862][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.627000][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.629056][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.631170][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.634329][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.636373][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.638442][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.640801][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.642735][   T78] usb 10-1: USB disconnect, device number 7
[  411.642819][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.646140][    C0] cm109 10-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  411.652957][   T78] cm109 10-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  411.662393][T13418] 9pnet_virtio: no channels available for device syz
[  412.236136][T13432] FAULT_INJECTION: forcing a failure.
[  412.236136][T13432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.239886][T13432] CPU: 3 UID: 0 PID: 13432 Comm: syz.3.1970 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  412.242649][T13432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  412.245433][T13432] Call Trace:
[  412.246368][T13432]  <TASK>
[  412.247144][T13432]  dump_stack_lvl+0x16c/0x1f0
[  412.248394][T13432]  should_fail_ex+0x497/0x5b0
[  412.249756][T13432]  _copy_from_iter+0x29b/0x1400
[  412.251535][T13432]  ? trace_lock_acquire+0x14e/0x1f0
[  412.253441][T13432]  ? __pfx__copy_from_iter+0x10/0x10
[  412.255339][T13432]  ? __virt_addr_valid+0x1a4/0x590
[  412.257201][T13432]  ? __virt_addr_valid+0x5e/0x590
[  412.259031][T13432]  ? const_folio_flags.constprop.0+0x56/0x150
[  412.261219][T13432]  ? __phys_addr_symbol+0x30/0x80
[  412.263025][T13432]  ? __check_object_size+0x488/0x710
[  412.265079][T13432]  skb_copy_datagram_from_iter+0x124/0x710
[  412.267101][T13432]  ? iov_iter_single_seg_count+0x132/0x360
[  412.269218][T13432]  tun_get_user+0x197f/0x3e30
[  412.270813][T13432]  ? find_held_lock+0x2d/0x110
[  412.272057][T13432]  ? __pfx_tun_get_user+0x10/0x10
[  412.273380][T13432]  ? find_held_lock+0x2d/0x110
[  412.274632][T13432]  ? __pfx_lock_release+0x10/0x10
[  412.275981][T13432]  tun_chr_write_iter+0xdc/0x210
[  412.277283][T13432]  vfs_write+0x5ae/0x1150
[  412.278416][T13432]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  412.279866][T13432]  ? __pfx_vfs_write+0x10/0x10
[  412.281137][T13432]  ? __fget_files+0x40/0x3a0
[  412.282355][T13432]  ksys_write+0x12b/0x250
[  412.283486][T13432]  ? __pfx_ksys_write+0x10/0x10
[  412.284767][T13432]  __do_fast_syscall_32+0x73/0x120
[  412.286220][T13432]  do_fast_syscall_32+0x32/0x80
[  412.287494][T13432]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  412.289152][T13432] RIP: 0023:0xf740e579
[  412.290222][T13432] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  412.296504][T13432] RSP: 002b:00000000f50f657c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  412.299503][T13432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000540
[  412.302350][T13432] RDX: 000000000000003e RSI: 0000000000000000 RDI: 0000000000000000
[  412.305152][T13432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  412.307957][T13432] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  412.310780][T13432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  412.313591][T13432]  </TASK>
[  412.753165][T13451] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  412.754923][T13451] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  412.762990][T13451] vhci_hcd vhci_hcd.0: Device attached
[  413.593034][T13476] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  413.756665][ T8719] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  413.916447][ T8719] usb 10-1: Using ep0 maxpacket: 16
[  413.919126][ T8719] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[  413.921303][ T8719] usb 10-1: config 0 has no interface number 0
[  413.922931][ T8719] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  413.925797][ T8719] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  413.929868][ T8719] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  413.932271][ T8719] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  413.934622][ T8719] usb 10-1: Product: syz
[  413.935813][ T8719] usb 10-1: SerialNumber: syz
[  413.938564][ T8719] usb 10-1: config 0 descriptor??
[  413.941920][ T8719] cm109 10-1:0.8: invalid payload size 0, expected 4
[  413.944204][ T8719] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.8/input/input61
[  413.968736][T13459] vhci_hcd: connection closed
[  413.975096][   T45] vhci_hcd: stop threads
[  413.978084][   T45] vhci_hcd: release socket
[  413.979369][   T45] vhci_hcd: disconnect device
[  414.144143][    C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.146891][    C3] cm109 10-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  414.149372][ T8719] usb 10-1: USB disconnect, device number 8
[  414.156339][ T8719] cm109 10-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  414.427052][T13510] FAULT_INJECTION: forcing a failure.
[  414.427052][T13510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.430468][T13510] CPU: 2 UID: 0 PID: 13510 Comm: syz.3.1993 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  414.433261][T13510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  414.436046][T13510] Call Trace:
[  414.437176][T13510]  <TASK>
[  414.437974][T13510]  dump_stack_lvl+0x16c/0x1f0
[  414.439591][T13510]  should_fail_ex+0x497/0x5b0
[  414.440872][T13510]  _copy_to_user+0x32/0xd0
[  414.442069][T13510]  simple_read_from_buffer+0xd0/0x160
[  414.443571][T13510]  proc_fail_nth_read+0x198/0x270
[  414.444922][T13510]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  414.446463][T13510]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  414.447910][T13510]  vfs_read+0x1df/0xbe0
[  414.449029][T13510]  ? __fget_files+0x1fc/0x3a0
[  414.450272][T13510]  ? __pfx___mutex_lock+0x10/0x10
[  414.451609][T13510]  ? __pfx_vfs_read+0x10/0x10
[  414.452852][T13510]  ? __fget_files+0x206/0x3a0
[  414.454091][T13510]  ksys_read+0x12b/0x250
[  414.455209][T13510]  ? __pfx_ksys_read+0x10/0x10
[  414.456487][T13510]  __do_fast_syscall_32+0x73/0x120
[  414.457823][T13510]  do_fast_syscall_32+0x32/0x80
[  414.459101][T13510]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  414.460758][T13510] RIP: 0023:0xf740e579
[  414.461831][T13510] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  414.466804][T13510] RSP: 002b:00000000f50f65b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  414.466889][T13505] 9pnet_virtio: no channels available for device syz
[  414.468960][T13510] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50f6620
[  414.468972][T13510] RDX: 000000000000000f RSI: 00000000f7400ff4 RDI: 0000000000000000
[  414.475517][T13510] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  414.477572][T13510] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  414.479633][T13510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  414.481688][T13510]  </TASK>
[  414.482563][    C2] vkms_vblank_simulate: vblank timer overrun
[  414.690866][T13514] sctp: [Deprecated]: syz.5.1995 (pid 13514) Use of struct sctp_assoc_value in delayed_ack socket option.
[  414.690866][T13514] Use struct sctp_sack_info instead
[  414.696338][T13514] netlink: 64985 bytes leftover after parsing attributes in process `syz.5.1995'.
[  414.835941][T13517] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  414.837665][T13517] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  414.839694][T13517] vhci_hcd vhci_hcd.0: Device attached
[  415.074780][   T35] vhci_hcd: vhci_device speed not set
[  415.134738][   T35] usb 43-1: new full-speed USB device number 15 using vhci_hcd
[  415.183389][T13528] afs: Unknown parameter 'dyn'
[  415.843816][ T6002] vhci_hcd: vhci_device speed not set
[  415.897032][T13523] vhci_hcd: connection reset by peer
[  415.899141][ T8312] vhci_hcd: stop threads
[  415.900345][ T8312] vhci_hcd: release socket
[  415.901829][ T8312] vhci_hcd: disconnect device
[  416.086529][T13553] syz.4.2006: attempt to access beyond end of device
[  416.086529][T13553] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0
[  416.090892][T13553] XFS (nbd4): SB validate failed with error -5.
[  416.163494][ T5977] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[  416.255806][T13551] uprobe: syz.1.2005:13551 failed to unregister, leaking uprobe
[  416.333433][ T5977] usb 8-1: Using ep0 maxpacket: 16
[  416.336873][ T5977] usb 8-1: config 0 has an invalid interface number: 8 but max is 0
[  416.339925][ T5977] usb 8-1: config 0 has no interface number 0
[  416.342344][ T5977] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  416.346466][ T5977] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  416.364556][ T5977] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  416.367981][ T5977] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  416.370986][ T5977] usb 8-1: Product: syz
[  416.372567][ T5977] usb 8-1: SerialNumber: syz
[  416.383395][ T5977] usb 8-1: config 0 descriptor??
[  416.398614][ T5977] cm109 8-1:0.8: invalid payload size 0, expected 4
[  416.411623][ T5977] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.8/input/input62
[  416.448037][T13568] 9pnet_virtio: no channels available for device syz
[  416.519950][T13571] 9pnet_virtio: no channels available for device syz
[  416.668163][    C1] cm109_urb_ctl_callback: 4 callbacks suppressed
[  416.668184][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  416.670638][ T8719] usb 8-1: USB disconnect, device number 32
[  416.671702][    C1] cm109 8-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  416.678197][ T8719] cm109 8-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  417.194782][T13574] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2010'.
[  417.327361][T13580] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  417.329114][T13580] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  417.331460][T13580] vhci_hcd vhci_hcd.0: Device attached
[  418.292254][T13584] vhci_hcd: connection closed
[  418.292498][ T8313] vhci_hcd: stop threads
[  418.294934][ T8313] vhci_hcd: release socket
[  418.296193][ T8313] vhci_hcd: disconnect device
[  418.990232][ T8719] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  419.141505][ T8719] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  419.145409][ T8719] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  419.148904][ T8719] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  419.153999][ T8719] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  419.156950][ T8719] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.159771][ T8719] usb 6-1: config 0 descriptor??
[  419.220860][T13614] FAULT_INJECTION: forcing a failure.
[  419.220860][T13614] name failslab, interval 1, probability 0, space 0, times 0
[  419.224434][T13614] CPU: 3 UID: 0 PID: 13614 Comm: syz.4.2020 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  419.227227][T13614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  419.230029][T13614] Call Trace:
[  419.230924][T13614]  <TASK>
[  419.231713][T13614]  dump_stack_lvl+0x16c/0x1f0
[  419.232977][T13614]  should_fail_ex+0x497/0x5b0
[  419.234223][T13614]  ? fs_reclaim_acquire+0xae/0x150
[  419.235575][T13614]  should_failslab+0xc2/0x120
[  419.236831][T13614]  __kmalloc_cache_noprof+0x68/0x420
[  419.238230][T13614]  ? __pfx___folio_start_writeback+0x10/0x10
[  419.239811][T13614]  ? do_raw_spin_lock+0x12d/0x2c0
[  419.241158][T13614]  netfs_buffer_make_space+0x432/0x6b0
[  419.242598][T13614]  netfs_buffer_append_folio+0x298/0x360
[  419.244086][T13614]  netfs_write_folio+0x540/0x1930
[  419.245440][T13614]  netfs_writepages+0x29a/0x9d0
[  419.246725][T13614]  ? __pfx_netfs_writepages+0x10/0x10
[  419.248148][T13614]  ? __pfx___lock_acquire+0x10/0x10
[  419.249523][T13614]  ? __pfx_netfs_writepages+0x10/0x10
[  419.249951][ T5976] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  419.250934][T13614]  do_writepages+0x1b3/0x820
[  419.254790][T13614]  ? __pfx_do_writepages+0x10/0x10
[  419.256151][T13614]  ? wbc_attach_fdatawrite_inode+0x13a/0x190
[  419.257727][T13614]  ? __pfx_lock_release+0x10/0x10
[  419.259058][T13614]  ? do_raw_spin_lock+0x12d/0x2c0
[  419.260393][T13614]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  419.261817][T13614]  ? lock_acquire+0x2f/0xb0
[  419.263020][T13614]  ? wbc_attach_fdatawrite_inode+0x24/0x190
[  419.264594][T13614]  ? do_raw_spin_unlock+0x172/0x230
[  419.265970][T13614]  filemap_fdatawrite_wbc+0x104/0x160
[  419.267380][T13614]  __filemap_fdatawrite_range+0xb3/0xf0
[  419.268858][T13614]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  419.270580][T13614]  ? __pfx___lock_acquire+0x10/0x10
[  419.271974][T13614]  v9fs_dir_release+0x429/0x590
[  419.273278][T13614]  ? __pfx_v9fs_dir_release+0x10/0x10
[  419.274691][T13614]  ? __pfx_v9fs_dir_release+0x10/0x10
[  419.276116][T13614]  __fput+0x3f8/0xb60
[  419.277185][T13614]  ? _raw_spin_unlock_irq+0x23/0x50
[  419.278558][T13614]  task_work_run+0x14e/0x250
[  419.279795][T13614]  ? __pfx_task_work_run+0x10/0x10
[  419.281157][T13614]  syscall_exit_to_user_mode+0x27b/0x2a0
[  419.282632][T13614]  __do_fast_syscall_32+0x80/0x120
[  419.283983][T13614]  do_fast_syscall_32+0x32/0x80
[  419.285279][T13614]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  419.286942][T13614] RIP: 0023:0xf7fb3579
[  419.288021][T13614] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  419.293034][T13614] RSP: 002b:00000000f511557c EFLAGS: 00000292 ORIG_RAX: 000000000000014a
[  419.295214][T13614] RAX: 0000000000000009 RBX: 000000000000000a RCX: 0000000000000009
[  419.297277][T13614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  419.299350][T13614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  419.301421][T13614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  419.303477][T13614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  419.305568][T13614]  </TASK>
[  419.307257][T13614] ------------[ cut here ]------------
[  419.308833][T13614] WARNING: CPU: 0 PID: 13614 at lib/iov_iter.c:255 _copy_from_iter+0x39b/0x1400
[  419.311548][T13614] Modules linked in:
[  419.312695][T13614] CPU: 0 UID: 0 PID: 13614 Comm: syz.4.2020 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  419.317126][T13614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  419.320065][T13614] RIP: 0010:_copy_from_iter+0x39b/0x1400
[  419.321551][T13614] Code: 64 fd 0f 01 cb 4c 89 f9 4c 89 f7 48 89 de f3 a4 0f 1f 00 48 89 cb 0f 01 ca 4d 89 fc 49 29 cc e9 1d ff ff ff e8 d6 42 01 fd 90 <0f> 0b 90 e9 ae fd ff ff e8 c8 42 01 fd 89 de bf 01 00 00 00 e8 9c
[  419.326507][T13614] RSP: 0018:ffffc900061270d8 EFLAGS: 00010293
[  419.328095][T13614] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8497fac8
[  419.330226][T13614] RDX: ffff88801ec72440 RSI: ffffffff8497fdaa RDI: 0000000000000001
[  419.332317][T13614] RBP: 0000000000000076 R08: 0000000000000001 R09: 0000000000000000
[  419.334390][T13614] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802243d5a0
[  419.336438][T13614] R13: ffff88805018e6c0 R14: ffff88802243d5a0 R15: 0000000000000076
[  419.338485][T13614] FS:  0000000000000000(0000) GS:ffff88802b400000(0063) knlGS:00000000f5115b40
[  419.340994][T13614] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  419.342706][T13614] CR2: 00000000f524631a CR3: 0000000060796000 CR4: 0000000000352ef0
[  419.344769][T13614] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  419.346943][T13614] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  419.349095][T13614] Call Trace:
[  419.350238][T13614]  <TASK>
[  419.351041][T13614]  ? __warn+0xea/0x3c0
[  419.352134][T13614]  ? _copy_from_iter+0x39b/0x1400
[  419.353453][T13614]  ? report_bug+0x3c0/0x580
[  419.354643][T13614]  ? handle_bug+0x54/0xa0
[  419.355785][T13614]  ? exc_invalid_op+0x17/0x50
[  419.357022][T13614]  ? asm_exc_invalid_op+0x1a/0x20
[  419.358333][T13614]  ? _copy_from_iter+0xb8/0x1400
[  419.359634][T13614]  ? _copy_from_iter+0x39a/0x1400
[  419.361076][T13614]  ? _copy_from_iter+0x39b/0x1400
[  419.362396][T13614]  ? _copy_from_iter+0x39a/0x1400
[  419.363711][T13614]  ? __pfx_lock_release+0x10/0x10
[  419.365040][T13614]  ? trace_lock_acquire+0x14e/0x1f0
[  419.366397][T13614]  ? __pfx__copy_from_iter+0x10/0x10
[  419.367779][T13614]  ? __virt_addr_valid+0x1a4/0x590
[  419.369137][T13614]  ? __virt_addr_valid+0x5e/0x590
[  419.370677][T13614]  ? __phys_addr_symbol+0x30/0x80
[  419.372007][T13614]  ? __check_object_size+0x488/0x710
[  419.373426][T13614]  p9pdu_vwritef+0x2cb/0x21d0
[  419.374670][T13614]  ? p9pdu_writef+0xc4/0x100
[  419.375877][T13614]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  419.377230][T13614]  ? __pfx_p9_tag_alloc+0x10/0x10
[  419.378551][T13614]  ? __pfx_mark_lock+0x10/0x10
[  419.379936][T13614]  p9_client_prepare_req+0x244/0x4d0
[  419.381313][T13614]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  419.382815][T13614]  ? __pfx_mark_lock+0x10/0x10
[  419.384062][T13614]  ? hlock_class+0x4e/0x130
[  419.385256][T13614]  ? mark_lock+0xb5/0xc60
[  419.386390][T13614]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  419.387876][T13614]  p9_client_rpc+0x1c3/0xc10
[  419.389101][T13614]  ? mark_lock+0xb5/0xc60
[  419.390286][T13614]  ? __pfx_p9_client_rpc+0x10/0x10
[  419.391638][T13614]  ? __pfx_register_lock_class+0x10/0x10
[  419.393098][T13614]  ? __pfx_mark_lock+0x10/0x10
[  419.394351][T13614]  ? hlock_class+0x4e/0x130
[  419.395540][T13614]  ? __lock_acquire+0x15a9/0x3c40
[  419.396872][T13614]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  419.398347][T13614]  p9_client_write+0x31f/0x680
[  419.399612][T13614]  ? __pfx_p9_client_write+0x10/0x10
[  419.401193][T13614]  ? lock_acquire.part.0+0x11b/0x380
[  419.402579][T13614]  ? find_held_lock+0x2d/0x110
[  419.403840][T13614]  v9fs_issue_write+0xe2/0x180
[  419.405111][T13614]  ? __pfx_v9fs_issue_write+0x10/0x10
[  419.406511][T13614]  ? rcu_is_watching+0x12/0xc0
[  419.407766][T13614]  ? trace_netfs_sreq+0x198/0x220
[  419.409094][T13614]  netfs_do_issue_write+0x92/0x110
[  419.410492][T13614]  netfs_advance_write+0x384/0xc80
[  419.411827][T13614]  netfs_write_folio+0xc19/0x1930
[  419.413140][T13614]  netfs_writepages+0x29a/0x9d0
[  419.414405][T13614]  ? __pfx_netfs_writepages+0x10/0x10
[  419.415791][T13614]  ? __pfx___lock_acquire+0x10/0x10
[  419.417150][T13614]  ? __pfx_netfs_writepages+0x10/0x10
[  419.418539][T13614]  do_writepages+0x1b3/0x820
[  419.419836][T13614]  ? __pfx_do_writepages+0x10/0x10
[  419.421178][T13614]  ? wbc_attach_fdatawrite_inode+0x13a/0x190
[  419.422742][T13614]  ? __pfx_lock_release+0x10/0x10
[  419.424056][T13614]  ? do_raw_spin_lock+0x12d/0x2c0
[  419.425375][T13614]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  419.425404][ T5976] usb 10-1: Using ep0 maxpacket: 16
[  419.426751][T13614]  ? lock_acquire+0x2f/0xb0
[  419.429989][T13614]  ? wbc_attach_fdatawrite_inode+0x24/0x190
[  419.431537][T13614]  ? do_raw_spin_unlock+0x172/0x230
[  419.432010][ T5976] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[  419.432887][T13614]  filemap_fdatawrite_wbc+0x104/0x160
[  419.435235][ T5976] usb 10-1: config 0 has no interface number 0
[  419.436611][T13614]  __filemap_fdatawrite_range+0xb3/0xf0
[  419.438751][ T5976] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  419.440240][T13614]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  419.440269][T13614]  ? __pfx___lock_acquire+0x10/0x10
[  419.440287][T13614]  v9fs_dir_release+0x429/0x590
[  419.440303][T13614]  ? __pfx_v9fs_dir_release+0x10/0x10
[  419.445687][ T5976] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  419.446968][T13614]  ? __pfx_v9fs_dir_release+0x10/0x10
[  419.449947][ T5976] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  419.450209][T13614]  __fput+0x3f8/0xb60
[  419.453400][ T5976] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  419.454776][T13614]  ? _raw_spin_unlock_irq+0x23/0x50
[  419.457893][ T5976] usb 10-1: Product: syz
[  419.458920][T13614]  task_work_run+0x14e/0x250
[  419.463883][ T5976] usb 10-1: SerialNumber: syz
[  419.464512][T13614]  ? __pfx_task_work_run+0x10/0x10
[  419.466630][ T5976] usb 10-1: config 0 descriptor??
[  419.466925][T13614]  syscall_exit_to_user_mode+0x27b/0x2a0
[  419.470835][ T5976] cm109 10-1:0.8: invalid payload size 0, expected 4
[  419.471537][T13614]  __do_fast_syscall_32+0x80/0x120
[  419.474551][ T5976] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.8/input/input63
[  419.475148][T13614]  do_fast_syscall_32+0x32/0x80
[  419.480055][T13614]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  419.481697][T13614] RIP: 0023:0xf7fb3579
[  419.482758][T13614] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  419.487679][T13614] RSP: 002b:00000000f511557c EFLAGS: 00000292 ORIG_RAX: 000000000000014a
[  419.490036][T13614] RAX: 0000000000000009 RBX: 000000000000000a RCX: 0000000000000009
[  419.492090][T13614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  419.494135][T13614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  419.496173][T13614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  419.498204][T13614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  419.500351][T13614]  </TASK>
[  419.501169][T13614] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  419.503034][T13614] CPU: 0 UID: 0 PID: 13614 Comm: syz.4.2020 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  419.505774][T13614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  419.508536][T13614] Call Trace:
[  419.509424][T13614]  <TASK>
[  419.510209][T13614]  dump_stack_lvl+0x3d/0x1f0
[  419.511431][T13614]  panic+0x71d/0x800
[  419.512474][T13614]  ? __pfx_panic+0x10/0x10
[  419.513639][T13614]  ? show_trace_log_lvl+0x29d/0x3d0
[  419.514992][T13614]  ? check_panic_on_warn+0x1f/0xb0
[  419.516337][T13614]  ? _copy_from_iter+0x39b/0x1400
[  419.517647][T13614]  check_panic_on_warn+0xab/0xb0
[  419.518945][T13614]  __warn+0xf6/0x3c0
[  419.519972][T13614]  ? _copy_from_iter+0x39b/0x1400
[  419.521343][T13614]  report_bug+0x3c0/0x580
[  419.522492][T13614]  handle_bug+0x54/0xa0
[  419.523563][T13614]  exc_invalid_op+0x17/0x50
[  419.524750][T13614]  asm_exc_invalid_op+0x1a/0x20
[  419.526020][T13614] RIP: 0010:_copy_from_iter+0x39b/0x1400
[  419.527478][T13614] Code: 64 fd 0f 01 cb 4c 89 f9 4c 89 f7 48 89 de f3 a4 0f 1f 00 48 89 cb 0f 01 ca 4d 89 fc 49 29 cc e9 1d ff ff ff e8 d6 42 01 fd 90 <0f> 0b 90 e9 ae fd ff ff e8 c8 42 01 fd 89 de bf 01 00 00 00 e8 9c
[  419.532413][T13614] RSP: 0018:ffffc900061270d8 EFLAGS: 00010293
[  419.533989][T13614] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8497fac8
[  419.536008][T13614] RDX: ffff88801ec72440 RSI: ffffffff8497fdaa RDI: 0000000000000001
[  419.538006][T13614] RBP: 0000000000000076 R08: 0000000000000001 R09: 0000000000000000
[  419.540041][T13614] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802243d5a0
[  419.542101][T13614] R13: ffff88805018e6c0 R14: ffff88802243d5a0 R15: 0000000000000076
[  419.544158][T13614]  ? _copy_from_iter+0xb8/0x1400
[  419.545457][T13614]  ? _copy_from_iter+0x39a/0x1400
[  419.546771][T13614]  ? _copy_from_iter+0x39a/0x1400
[  419.548079][T13614]  ? __pfx_lock_release+0x10/0x10
[  419.549397][T13614]  ? trace_lock_acquire+0x14e/0x1f0
[  419.550756][T13614]  ? __pfx__copy_from_iter+0x10/0x10
[  419.552132][T13614]  ? __virt_addr_valid+0x1a4/0x590
[  419.553459][T13614]  ? __virt_addr_valid+0x5e/0x590
[  419.554769][T13614]  ? __phys_addr_symbol+0x30/0x80
[  419.556087][T13614]  ? __check_object_size+0x488/0x710
[  419.557472][T13614]  p9pdu_vwritef+0x2cb/0x21d0
[  419.558702][T13614]  ? p9pdu_writef+0xc4/0x100
[  419.559906][T13614]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  419.561242][T13614]  ? __pfx_p9_tag_alloc+0x10/0x10
[  419.562550][T13614]  ? __pfx_mark_lock+0x10/0x10
[  419.563799][T13614]  p9_client_prepare_req+0x244/0x4d0
[  419.565189][T13614]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  419.566693][T13614]  ? __pfx_mark_lock+0x10/0x10
[  419.567949][T13614]  ? hlock_class+0x4e/0x130
[  419.569150][T13614]  ? mark_lock+0xb5/0xc60
[  419.570301][T13614]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  419.571883][T13614]  p9_client_rpc+0x1c3/0xc10
[  419.573038][T13614]  ? mark_lock+0xb5/0xc60
[  419.574020][T13614]  ? __pfx_p9_client_rpc+0x10/0x10
[  419.575179][T13614]  ? __pfx_register_lock_class+0x10/0x10
[  419.576565][T13614]  ? __pfx_mark_lock+0x10/0x10
[  419.577819][T13614]  ? hlock_class+0x4e/0x130
[  419.579016][T13614]  ? __lock_acquire+0x15a9/0x3c40
[  419.580350][T13614]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  419.581841][T13614]  p9_client_write+0x31f/0x680
[  419.583104][T13614]  ? __pfx_p9_client_write+0x10/0x10
[  419.584500][T13614]  ? lock_acquire.part.0+0x11b/0x380
[  419.585877][T13614]  ? find_held_lock+0x2d/0x110
[  419.587132][T13614]  v9fs_issue_write+0xe2/0x180
[  419.588393][T13614]  ? __pfx_v9fs_issue_write+0x10/0x10
[  419.589786][T13614]  ? rcu_is_watching+0x12/0xc0
[  419.591048][T13614]  ? trace_netfs_sreq+0x198/0x220
[  419.592364][T13614]  netfs_do_issue_write+0x92/0x110
[  419.593695][T13614]  netfs_advance_write+0x384/0xc80
[  419.595032][T13614]  netfs_write_folio+0xc19/0x1930
[  419.596357][T13614]  netfs_writepages+0x29a/0x9d0
[  419.597634][T13614]  ? __pfx_netfs_writepages+0x10/0x10
[  419.599096][T13614]  ? __pfx___lock_acquire+0x10/0x10
[  419.600478][T13614]  ? __pfx_netfs_writepages+0x10/0x10
[  419.601965][T13614]  do_writepages+0x1b3/0x820
[  419.603186][T13614]  ? __pfx_do_writepages+0x10/0x10
[  419.604533][T13614]  ? wbc_attach_fdatawrite_inode+0x13a/0x190
[  419.606090][T13614]  ? __pfx_lock_release+0x10/0x10
[  419.607395][T13614]  ? do_raw_spin_lock+0x12d/0x2c0
[  419.608722][T13614]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  419.610122][T13614]  ? lock_acquire+0x2f/0xb0
[  419.611306][T13614]  ? wbc_attach_fdatawrite_inode+0x24/0x190
[  419.612855][T13614]  ? do_raw_spin_unlock+0x172/0x230
[  419.614146][T13614]  filemap_fdatawrite_wbc+0x104/0x160
[  419.615516][T13614]  __filemap_fdatawrite_range+0xb3/0xf0
[  419.616943][T13614]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  419.618522][T13614]  ? __pfx___lock_acquire+0x10/0x10
[  419.619851][T13614]  v9fs_dir_release+0x429/0x590
[  419.621142][T13614]  ? __pfx_v9fs_dir_release+0x10/0x10
[  419.622547][T13614]  ? __pfx_v9fs_dir_release+0x10/0x10
[  419.623947][T13614]  __fput+0x3f8/0xb60
[  419.625012][T13614]  ? _raw_spin_unlock_irq+0x23/0x50
[  419.626365][T13614]  task_work_run+0x14e/0x250
[  419.627573][T13614]  ? __pfx_task_work_run+0x10/0x10
[  419.628913][T13614]  syscall_exit_to_user_mode+0x27b/0x2a0
[  419.630372][T13614]  __do_fast_syscall_32+0x80/0x120
[  419.631705][T13614]  do_fast_syscall_32+0x32/0x80
[  419.632977][T13614]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  419.634605][T13614] RIP: 0023:0xf7fb3579
[  419.635665][T13614] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  419.640623][T13614] RSP: 002b:00000000f511557c EFLAGS: 00000292 ORIG_RAX: 000000000000014a
[  419.642765][T13614] RAX: 0000000000000009 RBX: 000000000000000a RCX: 0000000000000009
[  419.644803][T13614] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  419.646828][T13614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  419.648876][T13614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  419.650920][T13614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  419.652958][T13614]  </TASK>
[  419.654318][T13614] Kernel Offset: disabled
[  419.655473][T13614] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:49:34  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff85153a50 RDI=ffffffff9a6682c0 RBP=ffffffff9a668280 RSP=ffffc900061269e0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff34cd0aa R15=dffffc0000000000
RIP=ffffffff85153a77 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f524631a CR3=0000000060796000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000002b012dd RBX=0000000000000001 RCX=ffffffff8b1ae889 RDX=0000000000000000
RSI=ffffffff8b4cd0e0 RDI=ffffffff8bb13800 RBP=ffffed10039dc910 RSP=ffffc9000047fe08
R8 =0000000000000001 R9 =ffffed10056a6fed R10=ffff88802b537f6b R11=0000000000000000
R12=0000000000000001 R13=ffff88801cee4880 R14=ffffffff901cbd10 R15=0000000000000000
RIP=ffffffff8b1afc6f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002001f000 CR3=0000000060796000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000a969fd RBX=0000000000000002 RCX=ffffffff8b1ae889 RDX=0000000000000000
RSI=ffffffff8b4cd0e0 RDI=ffffffff8bb13800 RBP=ffffed10039df000 RSP=ffffc9000048fe08
R8 =0000000000000001 R9 =ffffed10056c6fed R10=ffff88802b637f6b R11=0000000000000000
R12=0000000000000002 R13=ffff88801cef8000 R14=ffffffff901cbd10 R15=0000000000000000
RIP=ffffffff8b1afc6f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002d45ffff CR3=0000000021d2e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000001 Opmask01=0000000000000200 Opmask02=0000000000000002 Opmask03=0000000000000000
Opmask04=00000000fffffffb Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd9e781c40 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030203030203030 2036322034622064 3820303920303920 3039203039203300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030203030203030 2036322034622064 3220303320303320 3033203033203300
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3130302030303030 3030303030302032 3539322e39313420 20323932300a3030
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3020302020303030 3020303030302030 3033302e24303020 2020333230000020
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 305a59582a573e3b 3c393b5e51573e39 3a39333824333b3e 2a2a51343e36003a
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3b3a3a3a3a3a3a3a 3a3a3a3a3a3a2a30 524b58554d435845 2a3833383a3a3a3a
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000009a5887 RBX=0000000000000003 RCX=ffffffff8b1ae889 RDX=0000000000000000
RSI=ffffffff8b4cd0e0 RDI=ffffffff8bb13800 RBP=ffffed10039df488 RSP=ffffc9000049fe08
R8 =0000000000000001 R9 =ffffed10056e6fed R10=ffff88802b737f6b R11=0000000000000000
R12=0000000000000003 R13=ffff88801cefa440 R14=ffffffff901cbd10 R15=0000000000000000
RIP=ffffffff8b1afc6f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055ab5e98fff0 CR3=00000000256f0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 005858585858582e 7a7973d0000000e4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ff0f0e0d0c0b0a09
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000