last executing test programs:

1m18.01283565s ago: executing program 0 (id=608):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/40}, @NFTA_TARGET_NAME={0x8, 0x1, 'TEE\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="580000001000010400004000fedbdf2501f80000", @ANYRES32=0x0, @ANYBLOB="01020400000000002800128008000100736974001c00028008000200c6120001060008001900000005000a00fd000000080004000100010008000a00fa"], 0x58}}, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x18, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x8044)

1m17.803657989s ago: executing program 0 (id=609):
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x4, 0x2e560)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000540)=ANY=[@ANYBLOB="1201500202000040"], 0x0)
ioctl$EVIOCRMFF(r0, 0x83c0550b, 0x0)

1m16.673439106s ago: executing program 0 (id=621):
r0 = mq_open(&(0x7f00000004c0)='letx\n\xdd\xbf)#\xd9\xbf{\xaa\xf4E\xf6\xad\x9c\x04h\xb3{\xe8J#\xb4\xdb\x9c\x01\xcd\xf0\x1b\xd8\xf4x7\xc1\xd7\x9e \xf1\rj|BR,\x8c\x05\xc3\xf5\x93\\k\xbb\xff\xbe\b4\x06\r=x\xeb\xbe:\x03\xbd\b.i\x12\x11\x00Qr\xe8\x0f\xf9\xb1n\x87\x8fC\x02\xe8\xe3g\x94\x99k\x1b\x0fZ\xda\xd7\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x40, 0x59, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0xc74, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0205647, &(0x7f0000000940)={0xf010000, @vbi={0x0, 0x9, 0x6, 0x32435750, [0x1, 0x4bf], [0x1, 0x2], 0x13a}})
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000340)=0xfdd)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
mq_notify(r0, &(0x7f00000000c0)={0x0, 0xc, 0x1})
readv(r0, &(0x7f0000001a00)=[{&(0x7f00000003c0)=""/18, 0x12}], 0x1)

1m16.672902534s ago: executing program 0 (id=622):
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000180)=0x5)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newrule={0x58, 0x20, 0x1, 0x0, 0x0, {0xa, 0x80, 0x14, 0x0, 0x20, 0x0, 0x0, 0x8}, [@FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20048081}, 0x48080)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c000000100039041800000000001f0000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c000280140003002001000000000000000000000000000114000200fc0200"/68], 0x5c}}, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x101441)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x9b301a, 0x0)
umount2(&(0x7f0000000080)='./file0/../file0\x00', 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x34}, {[@ssrr={0x89, 0x3, 0xce}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x1}}}}}}, 0x0)
ioctl$CEC_S_MODE(r5, 0x40046109, &(0x7f0000000100)=0x22)
ioctl$CEC_S_MODE(r5, 0x40046109, &(0x7f0000001440)=0x81)
ioctl$TCSETA(r3, 0x8925, &(0x7f0000000100))
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c000000100003052cbd7000fedbdf2500000020", @ANYRES32=0x0, @ANYBLOB="0000000000080400240012800b0001006d6163736563000014000280050006000000000005000f000000000008000500", @ANYRES32=r1], 0x4c}}, 0x0)

1m16.462782672s ago: executing program 0 (id=627):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000100000/0x3000)=nil, 0x3000, 0x1000006, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
write$FUSE_STATFS(r1, &(0x7f0000000140)={0x60, 0x0, 0x0, {{0x100, 0x616, 0x5, 0x1, 0x10, 0x1, 0x8, 0x3}}}, 0x60)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

1m16.003346717s ago: executing program 0 (id=630):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xdb)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0})
r4 = mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x401)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r6 = dup2(r5, r0)
r7 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r6, 0x37)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0xbc, 0x0, &(0x7f0000000880)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000680)={@fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0x7, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f00000005c0)=""/191, 0xbf, 0x0, 0x38}}, &(0x7f0000000700)={0x0, 0x18, 0x38}}, 0x1000}, @exit_looper, @free_buffer={0x40086303, r4}, @clear_death={0x400c630f, 0xc0de}, @free_buffer={0x40086303, r7}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000800)={@flat=@weak_handle, @fda={0x66646185, 0x0, 0x0, 0x3d}, @fda={0x66646185, 0x2, 0x2, 0x3d}}, &(0x7f00000004c0)={0x0, 0x18, 0x38}}}], 0x6e, 0x0, &(0x7f0000000500)="32c93c5f03852d7bc8a792b2839b78b9e32b021ac46ddc6f08695109c5255ea477794a3fdb7fd9bdac5f13afdae7d3ce05d5011529a9f17c953668ba64ce98fb0124d57cd681972425caaf87cab335b2bb6848cf5726186a86d5b5873b44779aa2d17ab4fae15176b8dac75108b2"})
ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f0000000000)={0x5, 0x6c, 0xf, 0x4890, 0xe, "7c0c32403fc907a5ea0a52ff90bf8d616afcbc", 0xb2, 0x5})
r8 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r8, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setxattr$security_ima(&(0x7f0000000300)='./file1\x00', &(0x7f0000000380), &(0x7f0000000480)=@md5={0x1, "3b48059217720a443673e3175bf6ae01"}, 0x11, 0x1)
listen(r8, 0x8)
r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x80600, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_GETINFO(r10, 0xffffffff80000501, 0x0, &(0x7f00000002c0))
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000180)=0x14)
r11 = accept4(r8, 0x0, 0x0, 0x0)
sendto$inet(r11, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x4}, 0x8)

1m15.936028617s ago: executing program 32 (id=630):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xdb)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0})
r4 = mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x401)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r6 = dup2(r5, r0)
r7 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r6, 0x37)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0xbc, 0x0, &(0x7f0000000880)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000680)={@fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0x7, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f00000005c0)=""/191, 0xbf, 0x0, 0x38}}, &(0x7f0000000700)={0x0, 0x18, 0x38}}, 0x1000}, @exit_looper, @free_buffer={0x40086303, r4}, @clear_death={0x400c630f, 0xc0de}, @free_buffer={0x40086303, r7}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000800)={@flat=@weak_handle, @fda={0x66646185, 0x0, 0x0, 0x3d}, @fda={0x66646185, 0x2, 0x2, 0x3d}}, &(0x7f00000004c0)={0x0, 0x18, 0x38}}}], 0x6e, 0x0, &(0x7f0000000500)="32c93c5f03852d7bc8a792b2839b78b9e32b021ac46ddc6f08695109c5255ea477794a3fdb7fd9bdac5f13afdae7d3ce05d5011529a9f17c953668ba64ce98fb0124d57cd681972425caaf87cab335b2bb6848cf5726186a86d5b5873b44779aa2d17ab4fae15176b8dac75108b2"})
ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f0000000000)={0x5, 0x6c, 0xf, 0x4890, 0xe, "7c0c32403fc907a5ea0a52ff90bf8d616afcbc", 0xb2, 0x5})
r8 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r8, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setxattr$security_ima(&(0x7f0000000300)='./file1\x00', &(0x7f0000000380), &(0x7f0000000480)=@md5={0x1, "3b48059217720a443673e3175bf6ae01"}, 0x11, 0x1)
listen(r8, 0x8)
r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x80600, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_GETINFO(r10, 0xffffffff80000501, 0x0, &(0x7f00000002c0))
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000180)=0x14)
r11 = accept4(r8, 0x0, 0x0, 0x0)
sendto$inet(r11, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x4}, 0x8)

1.742413416s ago: executing program 1 (id=1499):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x5608, 0x3)
io_uring_setup(0x7d1, &(0x7f0000000580)={0x0, 0xddf9, 0x2, 0xfffffffe, 0x183})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r1, 0x0, 0x1)
dup(r1)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000140)={0x8000, 0x0, 0x1})
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={0x0, 0x10, "02e10fba070ee9af99b79cfdd2370e7c"}, &(0x7f0000000180)=0x18)
unshare(0x22020400)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x26020000)
pipe2$9p(&(0x7f0000000000), 0x0)
eventfd2(0x7, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8042, 0x8)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r5, 0x0, 0x3})
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000000000006040000000000000001000084ffff00000000000001000000000000e5"], 0x0, 0x3e}, 0x20)

1.662659083s ago: executing program 1 (id=1500):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
userfaultfd(0x801)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x100000000000000, 0x0, 0x91}, 0x24044884)

1.662412758s ago: executing program 3 (id=1501):
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x9)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)

1.661619397s ago: executing program 1 (id=1502):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="58000000020601080000000000000000000000000c00078005001500010000000500010006000000050003000a00000005000400000000000900020073797a310000000014000300686173683a69702c706f72742c697000"], 0x58}, 0x1, 0x0, 0x0, 0xc0d1}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000002800)={0x0, <r2=>0x0}, &(0x7f0000002840)=0xc)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@broadcast}}}, &(0x7f0000000380)=0xe8)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x1025, &(0x7f00000004c0)=ANY=[@ANYBLOB="75737271756f74612c687567653d77697468696e5f73697a652c67727071816f74612c71756f74612c67727071756f74615f696e6f64655f686172646c696d6974356d302d652d366770341f2c666f776e65723e69a10d7b56cc9a583deeaef9495f741a23b9b752fa153151f059e0b205be3b414a12c8024374ecd580c9c122f22154870cf599be76563746d44a607acb9a4d0e2ed989308c2fd234e65f4e073795687713546c7fca0aea3baf02b67f822a2d1f8ed4f4515f42fc7433ca8a264fa5bf18531ad7d68dec6753da412c86b0fa8897432a330573c90eadd797b94f5d36e870468f4bfb52805425d6649e82c6", @ANYRESDEC=r2, @ANYBLOB=',subj_role=!,permit_directio,nolazytime,appraise,euid=', @ANYRESDEC=r3, @ANYBLOB=',context=staff_u,fscontext=unconfined_u,smackfsfloor=&,dont_measure,\x00'])
r4 = socket(0x1, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), &(0x7f0000000440), 0x2, 0x1)
setresuid(r2, r5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='squashfs\x00', 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002b80)={0x6, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000001000000007bf72030066fca22dd0000000000000097000100ffffffff9500000000000000"], &(0x7f0000001a40)='GPL\x00', 0x7}, 0x94)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2b, &(0x7f0000000680)={0x9, {{0xa, 0x4e21, 0xd48, @ipv4={'\x00', '\xff\xff', @empty}, 0x1}}, {{0xa, 0x4e21, 0x1000, @mcast2, 0xcbf8d2f0}}}, 0x108)
open(&(0x7f0000000040)='./file0\x00', 0x4000, 0x139)

1.592221551s ago: executing program 1 (id=1503):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r1 = io_uring_setup(0x7023, &(0x7f0000000280)={0x0, 0x2800226, 0x40, 0x0, 0x14a})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x8, 0x1800}, {0x3, 0xfffb, 0xc00}], 0x2, 0x0)
unshare(0x2c040000)
close_range(r1, 0xffffffffffffffff, 0x0)
listen(r0, 0x9)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000f00)=ANY=[@ANYBLOB="8500000008000000350000000000000085000000050000009500000000000000fed023000000c71adb30be7d75fa1f32f08a23ce3220b0cc9505d72768b8242dd90d17e4c52505756ca2b009546a0900000000000000d3df2bd87184446d165ae3939bbca322a415a98c8801000000000000800859362ed862b3c47fa8ce7c69adfd2f16af3a00000000000000000000009a317aa34f0c50f99eedac26048ab915e1be5aa845be00de14683ee4e859d65564a9c79d20e5a011e966388cd0bb39f45d6c508b8a0f7f2d48be0e2a8137c6741775428abf2ddfd2a473f5b271701e22f8cb42198906e1107fa780c435083cac323838727a606495803509f84729f3e8a2fbfb995f99b82df3b363a9cf6ba87fdfbf5a3dd0dde49b4193520e5e946687634c04000000000000bfbcd911eba0dee5e5ce6434f86fe82ee02f0e8e3173a97d85e232e584ace13387693614f3a7ef88709f4d552c7b3a7903e14dc418e58f3e98933b2c93fae25ec2dd190231e2531e1ffeff33676a4383a918cba3ad8318ea29f164563a42cdb596f255a251add2d2ae2fac0a0e7428e4bf07fc884be5721bdffe58c6a4b57014ce976ce8b9cddfa50175c53253d7659f0e88913d4fa7f37feb40337fada4363c0698510730725e23bdad60ceaeecfeeccc397565f204b82d6d4458d77a1b4abeadf350c21027d314237a9d448b82827ff3f29cc9b46c8fcfbb30d1fc18707c252b596cdbf4e77836adc1f59f9d1280333d135fdcdcee8eb817388666e02ff1b148b6bc3c283e71c0ad9c683c6bb6fea2d2d54af3ad488f0cc2e54a70c19ceac518adbe917652c34019d7478c716ab23d4a863b4dcd08d89f6cec674e9fd379d71e06357d207984e885ace8a0dbaffef403aff01d5f2f0e644b61cd8bd72a59f2d7cf67815aeb8761412d68c40dbed08b7eeda96b3856a519a71b83c19b2e8f88d92b66abec165663819a87e7cd8c082cb011051789c283eecfe08f0799f6c7023353b6d3af7177d6b56549616bfede82c598301c98b0420b1784b53238b39c0db1da864e593d45fd297e4d34e749bc737e0bcf36fd955a40124c00d40c3f21d26e6e276152412b4ef3f52dc416bb2d7463a93ee6c0b20c5749a44677a3c3a7aa9a47c7cd7bb52fbb2c8d63166f4ad1038f33258736b2224a66726f1fd4dce0eb6043a55fbdd341baba95cc5838a860068e0f3e73d992403455b03b25bd5414628d7325a6b25986666b336851d9c623c405bf608d4bd9347c83cb693aebab072be479705b0c6c9bb9728d131f8320b966898de1a16407692b57b6f7333eac0d2ed0a7a4457d9c70089fcf9aa553929a65777f3bbf6d0bdc6a11371a138c6d4b0fefc655716e4486f5c7a88e80b2fb0efb579333bef98ded75abfb982b1fb92f003a6aefb8bf25eacb848d8ed1c1162d000000000000000000000000e87dffd60f123527781805434d210bb72ac2c097c45b27dde4980bc85b43614d266a9d403c320f80646c7df8bdd1cf380000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/148, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff79}, 0x16)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0x83, 0x0, &(0x7f0000000e40)="04d31fcd275bfc58188e699fa7c9aa904991771e83b702f3717cf38ed0e92e83ae490758991fa1174a75fa8c45db732026d3de611ffbd09b683e2f08812d695dd9b87f08711c02bb5d2cbac05022bee8aee5339fb6eba21e534e43b9960f470bf9c075368c6a7ee0b6ef641feb6967490ae07547819adcf47330679551ae2bd7009b31", 0x0, 0x375, 0x0, 0x1b, 0x4b, &(0x7f0000000000), &(0x7f0000000e00)="2fda8e7aa8d9cecae13bcbb35230d1cf1f1b23e33fcbd1aa1bea454b04650cecef80daa9a0a349a8e46d661af6e7ee8cdb5e97e738fe54"}, 0x50)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r5, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)

1.292451554s ago: executing program 2 (id=1506):
r0 = socket$inet6(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000ec0)='zonefs\x00', 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4)
setsockopt$inet6_buf(r0, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4)
sendto$inet6(r0, &(0x7f0000000dc0)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a1b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e2cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97107339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd500"/1453, 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c)
recvmsg(r0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x10000)

942.644308ms ago: executing program 1 (id=1509):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240), &(0x7f0000000280)=@v2={0x2000000, [{0x5525, 0xffff314d}, {0x6b, 0x9}]}, 0x14, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r2, &(0x7f00000020c0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x3e, 0x81, 0x7ff})
lchown(&(0x7f0000000000)='./file0\x00', 0xee01, 0x0)
write$P9_RREADLINK(r1, &(0x7f0000000200)={0x10, 0x17, 0x1, {0x7, './file1'}}, 0x10)

772.482775ms ago: executing program 3 (id=1510):
socket$packet(0x11, 0xa, 0x300)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94)
msgget$private(0x0, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r1 = socket$pptp(0x18, 0x1, 0x2)
setsockopt$sock_void(r1, 0x1, 0x3f, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94) (async)
msgget$private(0x0, 0x15) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async)
socket$pptp(0x18, 0x1, 0x2) (async)
setsockopt$sock_void(r1, 0x1, 0x3f, 0x0, 0x0) (async)

722.059213ms ago: executing program 1 (id=1511):
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000000)={0xc, <r0=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(0xffffffffffffffff, 0x3b82, &(0x7f0000000040)={0x18, r0, 0x8, 0x0, &(0x7f00000000c0)=[{0x4, 0x8001}, {0x2, 0x8}, {0xa, 0x9}, {0x2, 0x3}, {0x81, 0x2e}, {0x19ef}, {0xfffffffffffffffe, 0x53b9}, {0xffffffffffffffff, 0x5}]})
r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r3, 0x5b23, &(0x7f0000000040))
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYRES16=0x0, @ANYRES32=r0, @ANYRESDEC=r2, @ANYBLOB="cb0580a94a66ba8c854ea5fe016052a5658ac11ce561d405a41e41b368e4cea73ffa8a9e1d92bbc55c0d300398908e5f20c7760a4cca4089a2e2d48155da6d71234b358a7f3b45a41d8f8ade71592328ee1cafdfbaef00c9a700dcd9209676499d910f7cadfce7f8c29e6bf18b2a67b7779898184f604ce086c241d2434903b148fc91689ba04799235878c6e748112391e05306947636d3b70088fce0a7cd6f19eb86f0c2a6c2447f46ad73297f", @ANYRESOCT=r4, @ANYRES8, @ANYRESDEC, @ANYBLOB="8ab68a397e354da626fa3fd33081bf0034975c9387cdb8d0dcddb7cd9e85baf656bbb3abdf4fa06c7d745dd9fe0285dc80f5da7ccbd549396f3308a69bec3fb3026e1ecb5b7707740c1ac2cb44a7d5ada363f27f019f10509e4e4d4da6fa4f74dd4d4bf45862ca9d1abfe4574b8986a3e070de955c9edb4855e7d9042472b45d4915bede082d32b183821f0dda433c98d8b9519972787e00265f28c8e380e5fcc6c124d5337c945fa1f3e4e965f42156c424c2ff416846fc93366e40f3def7ff26cee9c7e1b57e60f3ad2b1c133351f44f573876dc2268711a4b97255d4a2b75125085f9644d3838130f82e52148834d0e3f1e0b04c560d678de971621e661aedd4ef086777eb1cc3cb92d89f684ef0d"], 0x48)
r6 = socket(0x1, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r5, &(0x7f0000000240), &(0x7f00000000c0)=@tcp=r6}, 0x20)
ppoll(&(0x7f0000000100)=[{r6, 0x200}], 0x1, 0x0, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0)
r8 = eventfd(0x4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000480))
ioctl$VHOST_SET_LOG_FD(r7, 0x4004af07, &(0x7f0000000240)=r8)
ioctl$VHOST_SET_VRING_ERR(r7, 0x4008af22, &(0x7f0000000100)={0x1, r8})
ioctl$VHOST_SET_VRING_KICK(r7, 0x4008af20, &(0x7f0000000040)={0x1, r8})
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000600)=""/52, 0x0, 0x10000})
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/225, &(0x7f00000004c0)=""/75, &(0x7f0000000480)=""/30, 0x1})
ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000180))
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x48c})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0', [], 0xa, "6c14dbb1a8c3f2e1efa5e089f7b4d7b690b1554d54db3368e94ee212f359c5c2245fb40c888ba622357803363af37ee9a64f9be64830fd65ffbd13b899032c4f7a384e703bbb96b7b58980304f16a6dc737e"}, 0x5d)

721.761616ms ago: executing program 3 (id=1512):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
userfaultfd(0x801)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x200000000000000, 0x0, 0x91}, 0x24044884)

642.723784ms ago: executing program 3 (id=1513):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r1, &(0x7f0000000080)=""/116, 0xfffffeb2)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000001c0)=0x3)
close(0x3)
r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x1, 0x6, {<r4=>0x77359400}, {0x1, 0x0, 0x5, 0x9, 0x64, 0xe, "7cf93be8"}, 0xfffffff7, 0x1, {}, 0x2, 0x0, <r5=>0xffffffffffffffff})
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r6, 0x7aa, &(0x7f0000000200)={{@hyper, 0xffffffff}, 0x66, 0x7b})
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)}, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRES16=r5, @ANYRES16=0x0, @ANYRESHEX=r4, @ANYRES16=r7, @ANYRESDEC=r4], 0x20}, 0x1, 0x0, 0x0, 0x200400c4}, 0x4040)
r8 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$tcp_mem(r8, &(0x7f00000000c0)={0x40, 0x20, 0x3, 0x20, 0x6}, 0x48)
r9 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCRSGCAUSE(r8, 0x89e0, &(0x7f0000000140))
setsockopt$MRT_INIT(r9, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r9, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
read$FUSE(r8, &(0x7f00000023c0)={0x2020}, 0x2020)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r8)

572.66031ms ago: executing program 3 (id=1516):
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000080)=@chain)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffd, r1, 0x0)
syz_emit_ethernet(0x7f, &(0x7f0000000740)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x49, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, 'P~Y', 0x0, 0x0, 0x0, @private1, @mcast1={0xff, 0x0, '\x00', 0x0}, [@hopopts={0x3a}], "359464030f0f85ed3c6704aabff75bd73b"}}}}}}}, 0x0)

571.717435ms ago: executing program 3 (id=1518):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x1a, 0xa, 0x3, "b75c89e7a20c8eac1638b5394c000000000006000000000000e8ff00", 0x32314d54})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setreuid(0xee01, 0xee01)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r2, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x30}, 0x0)
listen(r1, 0x9)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0xb1, 0x5, 0x73, 0xfff00003}, {0x6, 0x8, 0x6, 0x400}]}, 0x10)
sendmsg$netlink(r5, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000004000)=ANY=[@ANYBLOB="2dbd7000ffdb1e62df25"], 0x10}], 0x1, 0x0, 0x0, 0x20000000}, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x4a)
r8 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000002c0), 0x101000, 0x0)
io_uring_setup(0x5801, &(0x7f0000000080)={0x0, 0x50c8, 0x10, 0x1, 0x1a3, 0x0, r8})
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0)
sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, r10, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="010028c670000800000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)

442.593901ms ago: executing program 2 (id=1521):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
userfaultfd(0x801)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x1000000, 0x91}, 0x24044884)

392.412716ms ago: executing program 2 (id=1523):
r0 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x3232, 0x100, 0x0, 0x3de}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x32, 0x2007, @fd=r0, 0x80, 0x0, 0x0, 0x0, 0x1, {0x5}}) (async)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000000), 0x4) (async)
sendmsg$kcm(r3, &(0x7f0000000040)={&(0x7f0000000180)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000380)="27050200340f14000600002fb96dbcf706060000170008005f452bedbdd53bc5ff1144ee162fd4b8bf7256da82f600102c21880b000000000100405700000006000040000000008007ad00286471ae81a0dd40958a7883336becfa55b4446e2cf6b6243835eb26c73b6de4a6bcfab5c1cb4dc1714c6e13e8a88e9c15f6b99d38c5b7088d9af691bc075c9da92afc7fb4be63df1f91887c77ddf8191264c05556056a8ccaba4e71482b0e0bc0d4853430438b342982177f90b62be1e10931a42b7e9569dcfdeaeaaa567f7660ecd6dd6f010e20fb9ea2c5ec621e09c3d3c0611dc1d097d3f6f02b71341c0f594b1f9e13a60927f9af51d0e9f664b261d0c26fed96f7dd26aa6bf9c4cb270425b84a0418d19b", 0x112}, {&(0x7f0000001280)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f807ee4636aad1b45472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee27010000002328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb0d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa2e9b598f0ae06efbc1a5d5bd91aed6b32deccf7755cef50fab72633c802533b9d94f17f9be978f2514c47671575ee528fbdddc6194328e605e4d10e293756d20eb8a545f2bfe48df5d1d98a270458392a0a57647dcb8ee005e78877a072d12d0429b9b9957a695c3289b4a59469691115e6ba204181708b9d1ae47418ed594b8128f20c100f5485a84e60d73ab818da73fab78caf42afd1f89cdb29dfdd6676c55ea00d35321bc4878170c62b056b4e03ae556ac804026cabcbc8e79e7a18f2f56442cd650aa2bc88f62ebb65bfafd3e5b4c62ac2e720ff0fdf03c46889df55ff91058319c953f90cd6e7f7b15d56a58ff6128357510c4c618aa25434881d58c39092969ba1f7c444465f16d1f2561991e357bda928f2a50422f774f318fb41169a0d0324a8efd19b940a17c28cda06b750cd02155dbdbd1dc695e190a997ae8f4bb8766983d8db8678a78ae8f044b868549e9c60f7ce25a36300ce07f304e75d285e914b3aec703969df969b81bcd3732736dd99fcab1944c751f8ef4c34cbb86d5f27ef9982be245949d5579b540750d1eac428b0cd2541295b577573b27e9ecac3934987e85b44bc85e6e307cf6f5683bf1c817369d556a368bc5560a1737aa2bec3cac4689e04fbe851ed4b6c1a355950522f8918af3855fe97ec285da15a20e8119483e7419fa2b0639d5add10b396a8033ec2b98d9a9fca3fc4202d0a6bcfa55798eacafa4c8efafb73a2ab89bb58b0c20364a6ad9c233dfb1bdbb87b8f91e3ab9790e876f906107183419aa7480e327388c01dc5f2d5bcb8a7565cddc4e1275741116416b66bf3adf9e7e31c3fc518740446ed2a394e7699baf9408c62b4c0e7a11dec8f4a67e78a3f00bedae9f55f36c52a1fd4ee3a8be7285f9ca898ee63d3718a7c4603bcb9a24537b34a41a6c0eee4cc609b014d3f4fb928aa7e3fa7a4f97dcef5c0e526b650284ffeda82f603ed9ea1eb6627d29d8bcd6c7e6fe128b1c4463b2cfe50c0ff9a46090635dde4b4d4a984e5a91f7486856cd2bf85088fa4d27b219628be8cdba7004d00985a73fb5b0b4b0f96844e73a8ff7884bdee1a0d6e62decfeebfb56351c135e6580fd61ea806ee5592fe4ffba5c73b8a4a04d44aa52645320cb73fe0c5f14a971d3b3f64c85f5ebaab5e1a061f5186050230286331048e43368e45cfc88e8f4d0d3b1b86b64d5394bc68c2b754389b3c18a45c1edb0496dd88cb3113bbdf1a0f127eb8cd52caf8da95b83d0decad3775b2f2e43776d0d32d447cdd0b267b32775e3473f51a233f8c91a4c07ad669da1844f3d9554f399d43ca1eda29c5c761b3936f845f0c4d1c090000004b5ab3291e06cd86de6116fc3236a11343d6f4ad02199717054ac15b0d0000000000007bd4bea33c0ca36e2c4209026849de21c1da1057f353cc824947d75119e4501b98cb9e621d0644e3f4a75353093557afcee7da41ad368fe1cbb426922772b9b262a861fbce9ae86d6e8c5a8de6a1e8f03456c0a354277a2f3ff46a62b6d6cdee4febf23e2350f94b47a05a4d0e7da37a2e97b899d92ca1f3bd1cded5588593e8bb99b9dce0731fa1174de14b63be2bf7e424f870551f213fab437aac092c2e9798959fa3616465e2b36fd49cc9af902d47debec02558c036ed991f1a3895b37cd70f3c405cca362c885542fd976e73be4cf7580a0c4d5a9527c77c189573e3be07ed15472f6b012939abb5be9f3e8a5b720307fb2dbca48b35d121702cfb6b3690559b08fbeb77d53d37582d7f44fe269ac51665632bf070cfc7445741b70306cb3f19b7fbecd19a78092dfd086a0da019734d95660ba4e5ce5bcf25f09403c32e3ec902f3717cca0eca25e791c2b8c2b8988645afa2446d5218abce136c0dbbafb95e4f4727a29cc567b3f73d5dbc1aeee746653a7f5c445add24a9c1b67d1bfeec85d2a6478e80c3acdb9439aa46c8cf14a98ffa89790ef7a94b3146088566812e28ccbafb466772b7fbb98dcf1e792eb6d0de0829c3c49c5ecdeea3e80017324a0fe724565c4e7a242764e9012442cae44b57c7121889c044be05b5eca70efb649bb528e751f072af93ae2c5053fdce196cce158136f904cf64f2cb8becc2d024f5ec32a38d78b87a4dfe7c53769dadef890efd160eb662cedb18a756aed83edfb9efbbb3648eb399e61f80077e64b95eae9d17083aed05cfc2e148621e36be1f41d373c721a11804fce269c688b0c647d6e1083e336d1f7f90a7a080a83397773cc351531070af5c1a1418f28dce95c01052a314a9ebe39cb9cddb8e7855e58c4a636b7f6250ecad312ede18664c03d92e330935295a35ea3e0306f25ca971300f782ae2f6e79a513732d22ef9b9bc41d17df3352a855cdd19b18f5abd6e6420f4f42f01750a64f6acdb6b46622fafebe3e913c64a1a6a59f980e97deae0dc83c12ccae6b430d7a28f21c3e0e38b32f3d5f1d44927fc34ed5c9ddb5be8eb936dbdcd327b63ea69d86c2da15cb834a18ee51a44f2da7b11d79486942fd04eade92fe5d93342970ca4cc73861b15facf97e9c53c15488c5630b17b9364c58652cfa6de0918327498ba8d6120d3be9139c51a6e9017525772397529ddd4fd1905614fd1cc7f1370a577ad10ec9ea742f9aedc9fee42c3df38f4b35ccb1cf8590eaf770b3f74af21f5119ac238e82e92c83321b06f106530abbbd321c3e1dc948accdc21a586ff37253ad1d0c5bfb51541f876be1b6e4f490046204b9edfe9a9721b9019a495d1efed10d4570f4c75ac56aa862f738b46cfe8899f6d92e862611b35be8931a2460dc646ed332b3046baf48613bbb543f4abda22d3d62a484665ba5bbf8fec1bb199b430a6e96cfad417a1644cc5f7f640004836c60f15a174eb7eb1750a71a141549f393c7d88b8729a33f841f7f8f2bd03dccaaa825f2e29105f6b4c11ac8e06bb3be9dfdecce66294a0be9dbc5f40123644fcac59ed0c968eb62fb14d111e900ad1c038f17d5471ab088f704de7db35753f818f55669a76e621b29d975253d177791e1434644a81b2b8bc4c8e147961b4f1b7f3e225571fecb10906957791b27d35a89e3ce84c91a2dc60aee460d8f41eb7b5e171516ef34d8c7dbbc8122cdeffa51b5a393d2cae7f69826d342d4d81b58ca7ddb0e688a15b39a00ef1aed5db337d1ab87e86f835663a4968c8bf5afd7cf80549f42588d9b8ea04ff3d9eac2b8ffd1155a504230103a68bd8b3c416a10d76cee236442a68393896587bc66c01a5f7f411325578d023d7619a89d0bcbbacae99b925fb72994e1ef4240cddad2294a56bec6d6243b95b04345c215bd48a3aa89786ba39b40101015d8bd038c32a7b0eb02a4eb5a640371d9b4af540eb99a1e26547cc214da21e9538754a802972411a0bf416707b95457d0b77daac9bdf27a82b9aa7992ad1d3815f9a56a746eefa6f7e1913b6e3e859b2cc7797adcae825b7aad17c11e66597042c327a6473489a9664c5ce0ff8b1ecfb691daa0bd50c17f4597826553686bc2e6f52585ffdfae76e26691699141a698e5b517e02130587ee503c7b5f638cbf32166b0d4ebe9222b6c9d50fb3db9d1ab060c31aabeef52cd51e5cf485eecc741e37a47c4996068f1d4b25f182b9d7bee4bec5cb070d3cea2f9762a41bb8d9ec5896ebcb2b17ca82f29bcce456412d8ed531afda50d259fcb7794216b6a9a873b6c3c4493c0c6d3e6a4f81f3b40dcc745a4e2383c678c472b1d5bf3ff02992bfe893a5bc96824039da1ee3cf8593e7d616d62f6e3c3e2c4e0cc58d5445998cf5b1c91c2468b2571b118709668efbbe72911f1bfa96b97c32f71cd7071f4c729e88631a89b53dd4bae6ef9c4ed082916e267479195599e9871b26b92c6885ded29f990070fddc4d8535088ddc70d6e83f797b6fa2260a92602eb90800000001cb7394f0c90fb5913b2f8d8d24c8f1056920e1facbe643dd49d8983b277da7282a986c28d5468aed9a4730579a20346d35f78b6bd2cacb4b9237fbfb0b7a2314105ff3b074a0e340b904e715e99c501e1435c15eaa262893c2883c90f26d2ff91792d46e4d867b62570e", 0xcf6}, {&(0x7f0000002100)="5f1e92a3edc04930506b082f36810b5832db2a44c60bcd178901df79afe478846fee3fedbc4046d360ea7e35f99f7d1704576dcd9a87039b63a65f778ec70ccf58d65bb7b9f893dbdfefe6c3d34afc1279a3837e43958fe55727352db8f3ea68bbc836320388977b036dc4cb772ad4d3eb83b59bd0faa950a4937417c27915d15b6c7e5c730ab601b47c5ed468ebbba68caf9ba84568a7927090f98982638edcc318339ebfdce89eb71c227d5c2318e0b51d05aab9ac0f88745791825dc27955e5386a9934cf1db5ea382a45bf83f28b315428c1a283b7cb27d70c02be8fa8359d5fbc43ff6e5913756ccf5299b5cebef1c24f6a2a6af15b065b02fb486aec28919dacb19d263a684788adfc0c3df5f6c4a882cb387121bcffc65ffa724444d2932f553fcc1aa1ed1d9965959a2c06bbf1ccf22c33c6a21a65ae9298b8cecbf700c870c9c122ce4c549d3dd2887239431f1ff5", 0x153}], 0x3}, 0x8010) (async, rerun: 32)
io_uring_enter(r0, 0x4a5a, 0x2ae5, 0x2, 0x0, 0x0) (async, rerun: 32)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) (async)
ioctl$TCSETS(r5, 0x80044704, &(0x7f00000000c0)={0x6, 0xaf, 0x9, 0x7, 0x3, "6ceb69bd405ea5c4246ce2a747e5e41edbfe89"})
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="17090010000000000000010000000500070000000000080009000000000008000a0000080000060002000000000014001f00000000000000000000000000000000001400200000000000000000000000ffffac1414bb06001b004e230000050021"], 0x6c}}, 0x0)
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

342.750038ms ago: executing program 2 (id=1524):
r0 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x8}}], {0x14}}, 0x3c}}, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000002800), 0x60c00, 0x0)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r3, 0x3b8b, &(0x7f00000028c0)={0x10, 0x1})
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}})
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f00000022c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e005", 0x26}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a0", 0xca}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x24000040}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

332.149548ms ago: executing program 2 (id=1527):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
userfaultfd(0x801)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000000c0)={0xc, 0x1, 0x0, "6040a7190200002000000000000000ff1057e31e94000000000000000006ff00", 0x42303159})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8000000000, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x2, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae50511ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed33147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3310200970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$unix(0x1, 0x2, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r7=>0x0})
r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r8, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x8b, 0x2, 0x1b61, 0x1, 0xffffffffffffffff, 0x8001, '\x00', r7, r8, 0x2, 0x1, 0x1, 0xb}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r6, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

250.402ms ago: executing program 4 (id=1528):
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x2, {{0x42, 0x4}, 0x2}}, 0x10)
bind$tipc(r0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000002c0)=<r2=>0x0)
r3 = syz_open_procfs(r2, &(0x7f0000000300)='net/psched\x00')
readlinkat(r3, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002780)=""/4112, 0x1010)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x2, 0x2}}}, 0x10)
bind$tipc(r1, &(0x7f0000000200)=@id={0x1e, 0x3, 0x1, {0x4e20, 0x4}}, 0x10)
bind$tipc(r0, 0x0, 0x0)
r4 = open(&(0x7f0000000280)='./cgroup\x00', 0x303a83, 0x10)
fcntl$notify(r4, 0x402, 0x8000003d)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4015)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x1, @empty}, 0x1c)
listen(r5, 0x9)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r6, 0x407, 0x100000)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)

250.094688ms ago: executing program 4 (id=1529):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000400), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r2, 0x40044103, &(0x7f0000000440))
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000001bc0)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000000240)=ANY=[@ANYBLOB="38000000030801020000000000000000000000040500030006000000060002400018000014000425edabe699800800044000000008080003407fffffff286f5e8a397b6c5fb0d5ff49235cbd636a0000006f0e202414db11159189deb870e7abb7c4f17ed49c467ded221b7e55e1304ec5045ec08e07ac2b172897c8ce53348918d26362bddfeb8944fe0e45c0c148e599bd9b6ad7027f76012c17f70760957b734c85d788a437ebf76c66912805510ef0594950"], 0x38}, 0x1, 0x0, 0x0, 0x20040}, 0x4000)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='io_uring_file_get\x00', r3, 0x0, 0xf}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='io_uring_file_get\x00', r4, 0x0, 0xf}, 0x18)
r5 = syz_io_uring_setup(0xc97, &(0x7f0000000380)={0x0, 0xfcc, 0x10100, 0x7, 0x267}, &(0x7f0000002000)=<r6=>0x0, &(0x7f0000000440)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x6000, @fd_index=0x8, 0xffffffffffffdffd, 0x0, 0x0, 0x22, 0x1})
io_uring_enter(r5, 0x48e9, 0xf2bb, 0x2, 0x0, 0x0)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x20)

249.255298ms ago: executing program 2 (id=1530):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000007c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}, 0xf}], 0x1, 0x2101, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000061044c000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4)
setsockopt$inet6_buf(r0, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4)
sendto$inet6(r0, &(0x7f0000000dc0)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a1b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e2cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97107339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd500"/1453, 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c)
recvmsg(r0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x10000)

192.146737ms ago: executing program 4 (id=1531):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
userfaultfd(0x801)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x2000000, 0x91}, 0x24044884)

191.822518ms ago: executing program 4 (id=1532):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = socket(0x1f, 0x6, 0xfffffffc)
bind$vsock_stream(r2, &(0x7f0000000040), 0x10)
listen(r2, 0x5)
r3 = socket(0x28, 0x5, 0x0)
getpeername$packet(r3, &(0x7f0000000300)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000002c0)=0x14)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a40000000060a8bae00000000000000000a0000010900010073797a31000000001400048010000180090001006d617371000000000900020073797a3200000000140000001100010000000000000000000100000a8cf71c5f63bc9d29d5d76dda6b2b045f5d4f32a81a057ad6a15b56a40a1d00dc82d9c66c675047c99e08b0f39f330516af0fef1bbf939e813a9f824e3052328a35859854c2692e42ee848d5391365933a8ff0700005c81ce952250b0434ba52ee6f252369a8a"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x17, 0xe, &(0x7f0000000580)=ANY=[@ANYRES8=r3, @ANYRES64=r5], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback=0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0x22, 0x0, &(0x7f0000000000)="06ff03076844268cb89e14f008004ee0ffff00febabec41177fb86dd1402e000030c", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
connect$vsock_stream(r3, &(0x7f0000000080), 0x10)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002480)=@deltfilter={0x24, 0x2d, 0x4, 0x70bd2f, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xc, 0xfff2}, {0x6, 0x2}, {0x4, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004885}, 0x40004)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sendmmsg(r3, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
dup3(r1, r0, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000500)={'ip_vti0\x00', &(0x7f0000000400)=@ethtool_rxnfc={0x2e, 0x11, 0x8, {0xe, @hdata="54027c94bfe4772e168efd0406fced3503c728593945e2b560e2f87b7f64d5085374769a1fb77e5c064e85cd3c01f847886feb9b", {0x0, @multicast, 0x100, 0x6, [0x5, 0x2]}, @hdata="6719f47560d51c102548b324cdddc8a6ca6a646f0774d9600b0be17b95cdc523c9804be2d9a4b3707b1d3dbd4e70a35ed7cb0f25", {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x0, 0x4, [0x7, 0x6]}, 0x6, 0x7}, 0x4, [0xffff, 0x4, 0x40, 0x0]}})
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="d8020000210000012bbd7000fcdbdf25ff020000000000000000000000000001e00000020000000000000000000000004e2000004e2400030200c02000000000", @ANYRES32=r4, @ANYRES32=r8, @ANYBLOB="b26b6e0001000000fb000100626c616b6532622d3136302d67656e6572696300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098050000f6fd39e2d051f23be41eb2305b8bde57f3c22a8e3a4281ce403d4aca0756a45970a2c2059ef04de27e1ad7765d25e0992a4f0825dd02eda6cc915e4cf015e3268b1c4756c213f78e64a3a510dc3602153fc3d47271fca583d09b2880ac560b2b15ebec8d1371fa6ec84f41172ae2ab44cd364f3d2c04000000830070af28174eec3a0a7380519628f0dbbef5551f87db2f75f65bc8bbd2b9590c01c06e22eafc04e6c3f0566830e21a156a6586d03bcdc4d5e30008001f000100000005001900330000000c0015005c0735000c00000008001e000400000010000a002abd700025bd70000000000034011400686d616328736861312d6176783229000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004007000000000000209b2f72e5e85a544ddb20c5924be8b0e332115febd2d1d805d854eceb3377d8fba1cf298ce630f355b68d808cc14d2a9158a49b47cb3033eb3404c9769385f1a245dfe09a126c09c4bfb2ade0a88301bcb1fc3e174d6c83543dc9e3123b7fc3f65210106719f65d1b4655ce02112cd21cb2c0f66826140f7cf510b9f06d17c22fed851ca9e4fb0e065b84873562033aef1873c52c40c614a52dc2d05c25d47af9516021d258bf627b2c5713ca505a1b833b4c9a1659064cd412030af6e5492ee8ef8e4a15eef3d58bd749c3d36f4814fb5567f6f8240fc429c2a48de7de49dd84da16a5aace020000000000000000001c000400feff4e234e200000fe880000000000000000000000000001"], 0x2d8}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r10 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
listen(r10, 0x1ad72f7)
accept4(r10, 0x0, 0x0, 0x80000)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r11, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x0, 0x2})

112.285137ms ago: executing program 4 (id=1533):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_recovery\x00', 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000100), 0x4)
r1 = fcntl$dupfd(r0, 0x406, r0)
read$FUSE(r1, &(0x7f000000a2c0)={0x2020}, 0x2020)
write$cgroup_pid(r1, &(0x7f0000000240), 0xfdef)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000001340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9420a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883f53b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725e78400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e0808657393921a4902c5340690bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eea61f766664e5e9c678dd5e8f7f07368b317b0e09580380717188b22574dc2b50cfe0d4c3ce4628ef8b90c4179be593b31bb716525863c2044781e7d79c5fb015c1cdef274fd95c943f4a31bd248b122e4c10c3b8f57d63615df5a7a14cac878cb10dc96e27fd49bfb2b1e711e2b0715d263b0bba3f396ab238b4bdc3a372ae821b5494dd8954d5dd9c2d894833e652e58bf110e4c0f4e364c3b4fc1b8262cf8d9651bbd9fd9fac5f2831e965935239b60f72a0194262077f2ad9b4d2dc036b8d1c9"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @sched_cls}, 0x94)
r5 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
symlinkat(&(0x7f0000000000)='.\x00', r6, &(0x7f0000000140)='./file0\x00')
unlinkat(r6, &(0x7f00000001c0)='./file0/../file0/file0\x00', 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r4, r4, 0x2f}, 0x20)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000001300)=ANY=[@ANYRES32=r4, @ANYRES32=r4, @ANYBLOB='/\x00'], 0x20)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe}, {}, {0x8, 0x1}}}, 0x24}}, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xbf, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r7, 0x4040534e, &(0x7f0000000180)={0x37, @time={0xbf, 0x316575}})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r8, 0x401c5820, &(0x7f0000000080)={0x8})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')

0s ago: executing program 4 (id=1534):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="24000000200001030000001164d0ad21c1542055d859ebd63500000000000200000000001a0000000500130001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4050}, 0x4000050)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe, 0xf0, 0xff, 0x7ff, 0x0, 0xfffffff0, 0xfffffffc, 0x13}}, {0x4}}]}]}, 0x48}}, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001)
ioctl$SNDRV_TIMER_IOCTL_STOP(r3, 0x54a1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x0, 0x0)
lseek(r4, 0x164, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000501c0007800c0001"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRES16=r3], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0xfffffffc, 0x0, 'queue1\x00', 0x200000})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000380)={r4, r4}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x60, 0x10, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3006, 0x41d0}, [@IFLA_PORT_SELF={0x40, 0x19, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xc, 0x2, '&.)!/.\'\x00'}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "e55bc2a97d6a62ffab79d6d3b9431daa"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "86fbef78b4f8669f19586b13c9859d9c"}, @IFLA_PORT_VF={0x8, 0x1, 0x2}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x48850}, 0x4040)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2)
ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
syz_io_uring_setup(0x6350, &(0x7f0000000080)={0x0, 0x2244, 0x20000, 0x3, 0x56}, &(0x7f0000000100)=<r9=>0x0, &(0x7f0000000180))
r10 = io_uring_setup(0x669, &(0x7f00000002c0))
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r10, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r10, 0xa, 0x0, r11)
syz_io_uring_submit(r9, 0x0, &(0x7f0000000240)=@IORING_OP_EPOLL_CTL=@mod={0x1d, 0x20, 0x0, r4, &(0x7f00000001c0)={0x10002000}, r6, 0x3, 0x0, 0x0, {0x0, r11}})

kernel console output (not intermixed with test programs):

value: 66
[  125.191555][  T839] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  125.195875][  T839] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  125.201740][  T839] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  125.206035][  T839] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  125.210305][  T839] usb 6-1: Product: syz
[  125.211677][  T839] usb 6-1: Manufacturer: syz
[  125.233430][ T6113] savu 0003:1E7D:2D5A.000F: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  125.238244][  T839] cdc_wdm 6-1:1.0: skipping garbage
[  125.240485][  T839] cdc_wdm 6-1:1.0: skipping garbage
[  125.243752][  T839] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  125.465682][ T6113] usb 9-1: USB disconnect, device number 2
[  125.467362][ T6110] usb 6-1: USB disconnect, device number 22
[  126.106944][ T8275] misc userio: Invalid payload size
[  126.332781][ T5975] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  126.354962][ T8283] openvswitch: netlink: Tunnel attr 9 has unexpected len 0 expected 2
[  126.356156][ T8284] openvswitch: netlink: Tunnel attr 9 has unexpected len 0 expected 2
[  126.522729][   T53] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  126.640890][ T8297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.751'.
[  126.677665][ T8301] geneve2: entered allmulticast mode
[  126.696767][   T53] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  126.699861][   T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.703267][   T53] usb 8-1: Product: syz
[  126.704990][   T53] usb 8-1: Manufacturer: syz
[  126.706541][   T53] usb 8-1: SerialNumber: syz
[  126.711309][   T53] usb 8-1: config 0 descriptor??
[  127.120615][  T839] usb 8-1: USB disconnect, device number 16
[  127.144655][ T8317] netlink: 'syz.1.758': attribute type 30 has an invalid length.
[  127.147925][ T8317] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  127.150797][ T8317] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  127.190851][ T8323] netlink: 'syz.1.759': attribute type 1 has an invalid length.
[  127.785929][ T8353] netlink: 24 bytes leftover after parsing attributes in process `syz.4.769'.
[  127.812866][ T8353] input: syz0 as /devices/virtual/input/input21
[  127.848160][ T8355] netlink: 8 bytes leftover after parsing attributes in process `syz.4.770'.
[  127.868373][ T8355] misc userio: Invalid payload size
[  128.093225][ T5975] Bluetooth: hci0: command tx timeout
[  128.140301][ T8369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8369 comm=syz.4.776
[  128.301544][ T8381] netlink: 8 bytes leftover after parsing attributes in process `syz.4.782'.
[  128.306214][ T8382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.780'.
[  128.306230][ T8382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.780'.
[  128.501942][   T40] kauditd_printk_skb: 25 callbacks suppressed
[  128.501953][   T40] audit: type=1400 audit(1758672356.566:499): avc:  denied  { wake_alarm } for  pid=8394 comm="syz.1.787" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  128.842691][    T9] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  128.972769][    T9] usb 6-1: device descriptor read/64, error -71
[  129.023205][ T8406] can0: slcan on ttyprintk.
[  129.108405][ T8406] Bluetooth: MGMT ver 1.23
[  129.206119][ T8427] loop2: detected capacity change from 0 to 7
[  129.217123][ T8427]  loop2: p1
[  129.218222][ T8427] loop2: partition table partially beyond EOD, truncated
[  129.220604][ T8427] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  129.222788][    T9] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  129.248094][ T5970] udevd[5970]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  129.266694][ T8408] can0 (unregistered): slcan off ttyprintk.
[  129.362749][    T9] usb 6-1: device descriptor read/64, error -71
[  129.474509][    T9] usb usb6-port1: attempt power cycle
[  129.530558][ T8452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.798'.
[  129.535676][ T8452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.798'.
[  129.622850][  T839] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  129.703196][ T5975] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  129.706335][ T5975] Bluetooth: hci2: Injecting HCI hardware error event
[  129.709244][ T5975] Bluetooth: hci2: hardware error 0x00
[  129.772773][  T839] usb 9-1: device descriptor read/64, error -71
[  129.812739][    T9] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  129.834107][    T9] usb 6-1: device descriptor read/8, error -71
[  130.013836][  T839] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  130.082721][    T9] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  130.103524][    T9] usb 6-1: device descriptor read/8, error -71
[  130.142796][  T839] usb 9-1: device descriptor read/64, error -71
[  130.222927][    T9] usb usb6-port1: unable to enumerate USB device
[  130.253514][  T839] usb usb9-port1: attempt power cycle
[  130.431090][ T8478] vxcan1 speed is unknown, defaulting to 1000
[  130.438277][ T8478] vxcan1 speed is unknown, defaulting to 1000
[  130.442309][ T8478] vxcan1 speed is unknown, defaulting to 1000
[  130.579180][ T8478] infiniband syz2: set active
[  130.582376][ T8478] infiniband syz2: added vxcan1
[  130.582596][ T6006] vxcan1 speed is unknown, defaulting to 1000
[  130.602880][  T839] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  130.616786][ T8478] RDS/IB: syz2: added
[  130.619189][ T8478] smc: adding ib device syz2 with port count 1
[  130.622018][ T8478] smc:    ib device syz2 port 1 has pnetid 
[  130.626225][ T6110] vxcan1 speed is unknown, defaulting to 1000
[  130.630794][ T8478] vxcan1 speed is unknown, defaulting to 1000
[  130.635473][  T839] usb 9-1: device descriptor read/8, error -71
[  130.740517][ T8478] vxcan1 speed is unknown, defaulting to 1000
[  130.854693][ T8478] vxcan1 speed is unknown, defaulting to 1000
[  130.872741][  T839] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  130.893286][  T839] usb 9-1: device descriptor read/8, error -71
[  130.957062][ T8478] vxcan1 speed is unknown, defaulting to 1000
[  131.003369][  T839] usb usb9-port1: unable to enumerate USB device
[  131.684753][ T8496] netlink: 8 bytes leftover after parsing attributes in process `syz.1.809'.
[  131.688421][ T8496] netlink: 8 bytes leftover after parsing attributes in process `syz.1.809'.
[  131.692085][ T8496] netlink: 8 bytes leftover after parsing attributes in process `syz.1.809'.
[  131.773032][ T5975] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  131.829229][ T8501] netlink: 28 bytes leftover after parsing attributes in process `syz.1.811'.
[  131.832504][ T8501] netlink: 28 bytes leftover after parsing attributes in process `syz.1.811'.
[  131.838071][ T8501] erspan0: entered promiscuous mode
[  131.840379][ T8501] batadv_slave_1: entered promiscuous mode
[  131.852535][ T8501] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  131.859421][   T40] audit: type=1400 audit(1758672359.926:500): avc:  denied  { map } for  pid=8500 comm="syz.1.811" path="/dev/comedi3" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  132.265355][ T8515] netlink: 'syz.1.817': attribute type 39 has an invalid length.
[  132.480643][ T8530] 9p: Unknown Cache mode or invalid value fs
[  132.501959][   T40] audit: type=1400 audit(1758672360.566:501): avc:  denied  { read } for  pid=8531 comm="syz.1.824" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  132.504193][ T8532] input: syz1 as /devices/virtual/input/input23
[  132.510412][   T40] audit: type=1400 audit(1758672360.566:502): avc:  denied  { open } for  pid=8531 comm="syz.1.824" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  132.536085][ T8534] batman_adv: batadv0: Adding interface: dummy0
[  132.538336][ T8534] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.547133][ T8534] batman_adv: batadv0: Interface activated: dummy0
[  132.551048][   T40] audit: type=1400 audit(1758672360.616:503): avc:  denied  { ioctl } for  pid=8522 comm="syz.4.820" path="socket:[25979]" dev="sockfs" ino=25979 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  132.557723][ T8534] batadv0: mtu less than device minimum
[  132.563581][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.568252][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.572684][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.577843][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.582111][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.586321][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.590284][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.593868][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.597127][ T8534] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  132.655269][ T1425] ieee802154 phy1 wpan1: encryption failed: -22
[  132.808095][ T8545] netlink: 'syz.3.829': attribute type 2 has an invalid length.
[  132.810610][ T8545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.829'.
[  132.848427][    C0] sr 2:0:0:0: [sr0] tag#20 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  132.852072][    C0] sr 2:0:0:0: [sr0] tag#20 CDB: Regenerate(16) 82 5a 86 a5 26 a3 50 1f b1 dd 8d ff 3e 90 d6 f5
[  132.962714][    T9] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  133.000217][   T40] audit: type=1400 audit(1758672361.066:504): avc:  denied  { accept } for  pid=8557 comm="syz.3.832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  133.002136][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.832'.
[  133.015737][ T8558] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8558 comm=syz.3.832
[  133.102799][    T9] usb 7-1: device descriptor read/64, error -71
[  133.352760][    T9] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  133.381870][ T8571] program syz.1.835 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  133.389484][ T8573] program syz.1.835 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  133.482684][    T9] usb 7-1: device descriptor read/64, error -71
[  133.494551][ T8581] netlink: 8 bytes leftover after parsing attributes in process `syz.4.838'.
[  133.592930][    T9] usb usb7-port1: attempt power cycle
[  133.919571][   T40] audit: type=1400 audit(1758672361.986:505): avc:  denied  { listen } for  pid=8582 comm="syz.3.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  133.944469][    T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  133.963620][    T9] usb 7-1: device descriptor read/8, error -71
[  134.202824][    T9] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  134.235472][    T9] usb 7-1: device descriptor read/8, error -71
[  134.299603][   T40] audit: type=1400 audit(1758672362.366:506): avc:  denied  { read } for  pid=8592 comm="syz.4.843" path="socket:[27950]" dev="sockfs" ino=27950 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  134.343965][    T9] usb usb7-port1: unable to enumerate USB device
[  134.446038][ T8606] binder: 8605:8606 ioctl 400c620e 200000001780 returned -22
[  135.728589][   T40] audit: type=1400 audit(1758672363.796:507): avc:  denied  { remount } for  pid=8619 comm="syz.2.853" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  136.026876][ T8636] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  136.131984][ T8645] netlink: 'syz.2.861': attribute type 2 has an invalid length.
[  136.136949][ T8645] __nla_validate_parse: 5 callbacks suppressed
[  136.136958][ T8645] netlink: 12 bytes leftover after parsing attributes in process `syz.2.861'.
[  136.308529][ T8664] netlink: 'syz.2.866': attribute type 10 has an invalid length.
[  136.314549][ T8664] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  136.328603][ T8664] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  136.333588][ T8664] netlink: 16 bytes leftover after parsing attributes in process `syz.2.866'.
[  136.337543][ T8664] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (32)
[  136.472515][   T40] audit: type=1400 audit(1758672364.536:508): avc:  denied  { read } for  pid=8673 comm="syz.2.869" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  136.479932][ T8674] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  136.479970][   T40] audit: type=1400 audit(1758672364.536:509): avc:  denied  { open } for  pid=8673 comm="syz.2.869" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  136.490797][   T40] audit: type=1400 audit(1758672364.546:510): avc:  denied  { watch } for  pid=8673 comm="syz.2.869" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  136.498176][   T40] audit: type=1400 audit(1758672364.546:511): avc:  denied  { watch_sb } for  pid=8673 comm="syz.2.869" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  136.965601][ T8682] overlay: Unknown parameter 'fsuuid'
[  136.968577][   T40] audit: type=1400 audit(1758672365.036:512): avc:  denied  { setopt } for  pid=8681 comm="syz.3.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  136.975295][   T40] audit: type=1400 audit(1758672365.046:513): avc:  denied  { ioctl } for  pid=8681 comm="syz.3.872" path="socket:[27083]" dev="sockfs" ino=27083 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  136.975507][ T8682] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  136.984904][ T8682] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  136.987871][ T8682] vhci_hcd vhci_hcd.0: Device attached
[  136.991722][ T8683] vhci_hcd: unknown pdu 1
[  136.995238][   T46] vhci_hcd: stop threads
[  136.996734][   T46] vhci_hcd: release socket
[  136.997828][   T40] audit: type=1400 audit(1758672365.066:514): avc:  denied  { module_load } for  pid=8681 comm="syz.3.872" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="tmpfs" ino=1039 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  136.998187][   T46] vhci_hcd: disconnect device
[  137.021710][ T8682] Invalid ELF header magic: != ELF
[  137.329133][ T8689] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  137.337477][ T8689] netlink: 'syz.4.874': attribute type 10 has an invalid length.
[  137.339921][ T8689] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  137.499844][ T8696] netlink: 12 bytes leftover after parsing attributes in process `syz.4.877'.
[  137.568606][ T8702] netlink: 'syz.3.880': attribute type 10 has an invalid length.
[  137.651698][ T8702] team0: Device dummy0 is up. Set it down before adding it as a team port
[  137.659711][ T8700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.879'.
[  137.683708][ T8711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.882'.
[  138.043318][  T839] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  138.076664][ T8731] vxcan1 speed is unknown, defaulting to 1000
[  139.036051][ T8742] netlink: 8 bytes leftover after parsing attributes in process `syz.1.895'.
[  139.093665][ T8753] netlink: 28 bytes leftover after parsing attributes in process `syz.4.894'.
[  139.097229][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  139.097245][   T40] audit: type=1400 audit(1758672367.166:519): avc:  denied  { execmem } for  pid=8741 comm="syz.4.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  139.120239][ T8758] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5136 sclass=netlink_route_socket pid=8758 comm=syz.1.901
[  139.132446][   T40] audit: type=1400 audit(1758672367.196:520): avc:  denied  { firmware_load } for  pid=8757 comm="syz.1.901" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  139.153840][ T8758] syz.1.901 (8758) used greatest stack depth: 19752 bytes left
[  140.102419][ T8775] netlink: 45 bytes leftover after parsing attributes in process `syz.1.907'.
[  140.220849][ T8781] autofs4:pid:8781:validate_dev_ioctl: path string terminator missing for cmd(0xc0189371)
[  140.892341][ T8799] can: request_module (can-proto-5) failed.
[  140.927628][ T8799] netlink: 8 bytes leftover after parsing attributes in process `syz.2.916'.
[  140.931106][ T8799] netlink: 24 bytes leftover after parsing attributes in process `syz.2.916'.
[  141.150770][ T8808] __nla_validate_parse: 2 callbacks suppressed
[  141.150785][ T8808] netlink: 36 bytes leftover after parsing attributes in process `syz.2.920'.
[  141.285913][   T40] audit: type=1400 audit(1758672369.356:521): avc:  denied  { execute } for  pid=8817 comm="syz.1.923" path="/dev/audio1" dev="devtmpfs" ino=1323 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  141.299455][   T40] audit: type=1400 audit(1758672369.366:522): avc:  denied  { remount } for  pid=8817 comm="syz.1.923" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  141.299518][ T8819] tmpfs: Cannot change global quota limit on remount
[  141.357274][ T5975] Bluetooth: hci0: Malformed HCI Event: 0x22
[  141.358162][   T40] audit: type=1400 audit(1758672369.426:523): avc:  denied  { ioctl } for  pid=8823 comm="syz.1.925" path="socket:[27260]" dev="sockfs" ino=27260 ioctlcmd=0x9425 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  141.641499][   T40] audit: type=1800 audit(1758672369.706:524): pid=8826 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.926" name="file0" dev="tmpfs" ino=365 res=0 errno=0
[  141.642378][ T8826] No control pipe specified
[  141.922705][   T53] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  141.991056][ T8830] net_ratelimit: 11 callbacks suppressed
[  141.991069][ T8830] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  142.053809][   T53] usb 9-1: device descriptor read/64, error -71
[  142.086676][   T40] audit: type=1400 audit(1758672370.156:525): avc:  denied  { mounton } for  pid=8837 comm="syz.2.930" path="mnt:[4026532868]" dev="nsfs" ino=4026532868 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  142.293628][   T53] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  142.424748][   T53] usb 9-1: device descriptor read/64, error -71
[  142.493271][  T839] usb 8-1: new full-speed USB device number 17 using dummy_hcd
[  142.524623][ T8855] netlink: 12 bytes leftover after parsing attributes in process `syz.1.937'.
[  142.542944][   T53] usb usb9-port1: attempt power cycle
[  142.562890][   T29] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  142.600502][ T8857] block nbd1: Attempted send on invalid socket
[  142.603436][ T8857] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  142.607089][ T8857] XFS (nbd1): SB validate failed with error -5.
[  142.644678][  T839] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid maxpacket 149, setting to 64
[  142.651288][  T839] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  142.654958][ T8856] delete_channel: no stack
[  142.657840][  T839] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.660373][  T839] usb 8-1: Product: syz
[  142.661720][  T839] usb 8-1: Manufacturer: syz
[  142.665068][  T839] usb 8-1: SerialNumber: syz
[  142.668461][  T839] usb 8-1: config 0 descriptor??
[  142.712704][   T29] usb 7-1: device descriptor read/64, error -71
[  142.901805][   T40] audit: type=1400 audit(1758672370.966:526): avc:  denied  { write } for  pid=8871 comm="syz.1.940" name="ptp1" dev="devtmpfs" ino=1288 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  142.917812][   T53] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  142.930883][ T8872] netlink: 'syz.1.940': attribute type 9 has an invalid length.
[  142.943240][   T53] usb 9-1: device descriptor read/8, error -71
[  142.952750][   T29] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  143.075528][ T8844] MTD: Couldn't look up '/dev/nullb0': -15
[  143.077582][ T8844] /dev/nullb0: Can't lookup blockdev
[  143.080541][ T6006] usb 8-1: USB disconnect, device number 17
[  143.083606][   T29] usb 7-1: device descriptor read/64, error -71
[  143.185886][   T53] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  143.193889][   T29] usb usb7-port1: attempt power cycle
[  143.203281][   T53] usb 9-1: device descriptor read/8, error -71
[  143.221679][ T8875] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=8875 comm=syz.1.941
[  143.227746][ T8875] netlink: 36 bytes leftover after parsing attributes in process `syz.1.941'.
[  143.313046][   T53] usb usb9-port1: unable to enumerate USB device
[  143.432141][   T40] audit: type=1326 audit(1758672371.496:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8878 comm="syz.1.942" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6db238eec9 code=0x0
[  143.532901][   T29] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  143.553165][   T29] usb 7-1: device descriptor read/8, error -71
[  143.674899][   T40] audit: type=1400 audit(1758672371.746:528): avc:  denied  { connect } for  pid=8885 comm="syz.3.944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  143.687144][ T8886] pim6reg: entered allmulticast mode
[  143.758509][ T8892] /dev/nullb0: Can't lookup blockdev
[  143.792737][   T29] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  143.813741][   T29] usb 7-1: device descriptor read/8, error -71
[  143.848425][ T8892] binder: 8891:8892 ioctl c0306201 2000000004c0 returned -14
[  143.852277][ T8892] binder: 8891:8892 ioctl c0306201 2000000001c0 returned -14
[  143.933025][   T29] usb usb7-port1: unable to enumerate USB device
[  144.185948][ T5329] Bluetooth: hci0: unexpected event for opcode 0x1003
[  144.637495][   T40] audit: type=1400 audit(1758672372.706:529): avc:  denied  { read append } for  pid=8924 comm="syz.1.954" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  144.645109][   T40] audit: type=1400 audit(1758672372.706:530): avc:  denied  { open } for  pid=8924 comm="syz.1.954" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  144.652957][ T5975] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  144.725130][   T40] audit: type=1400 audit(1758672372.796:531): avc:  denied  { getopt } for  pid=8937 comm="syz.4.958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  144.729118][ T8936] netlink: 'syz.1.957': attribute type 8 has an invalid length.
[  144.731329][ T8938] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  144.808378][ T8943] overlayfs: failed to resolve './bus': -2
[  144.818060][ T8941] Driver unsupported XDP return value 0 on prog  (id 45) dev N/A, expect packet loss!
[  144.974904][   T40] audit: type=1400 audit(1758672373.046:532): avc:  denied  { shutdown } for  pid=8951 comm="syz.1.962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  144.986975][ T8952] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  144.992015][   T40] audit: type=1400 audit(1758672373.056:533): avc:  denied  { create } for  pid=8953 comm="syz.3.961" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  145.060486][ T8961] sg_read: process 649 (syz.3.964) changed security contexts after opening file descriptor, this is not allowed.
[  145.077629][   T40] audit: type=1400 audit(1758672373.146:534): avc:  denied  { link } for  pid=8960 comm="syz.3.964" name="#12" dev="tmpfs" ino=1227 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  145.085658][   T40] audit: type=1400 audit(1758672373.146:535): avc:  denied  { rename } for  pid=8960 comm="syz.3.964" name="#13" dev="tmpfs" ino=1227 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  145.175084][ T8966] lo speed is unknown, defaulting to 1000
[  145.177747][ T8966] lo speed is unknown, defaulting to 1000
[  145.177810][ T8967] siw: device registration error -23
[  145.180956][ T8966] lo speed is unknown, defaulting to 1000
[  145.190854][ T8966] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  145.202414][ T8966] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  145.221928][ T8966] lo speed is unknown, defaulting to 1000
[  145.227711][ T8966] lo speed is unknown, defaulting to 1000
[  145.233251][ T8966] lo speed is unknown, defaulting to 1000
[  145.236793][ T8966] lo speed is unknown, defaulting to 1000
[  145.424980][    T9] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  145.443913][ T8983] 9pnet_fd: p9_fd_create_unix (8983): problem connecting socket: ./file0: -111
[  145.552754][    T9] usb 8-1: device descriptor read/64, error -71
[  145.604281][ T8991] trusted_key: syz.4.974 sent an empty control message without MSG_MORE.
[  145.803754][    T9] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  145.868944][ T5975] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  145.872145][ T5975] CPU: 0 UID: 0 PID: 5975 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) 
[  145.872166][ T5975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.872175][ T5975] Workqueue: hci0 hci_rx_work
[  145.872208][ T5975] Call Trace:
[  145.872213][ T5975]  <TASK>
[  145.872218][ T5975]  dump_stack_lvl+0x16c/0x1f0
[  145.872235][ T5975]  sysfs_warn_dup+0x7f/0xa0
[  145.872255][ T5975]  sysfs_create_dir_ns+0x24b/0x2b0
[  145.872271][ T5975]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  145.872286][ T5975]  ? find_held_lock+0x2b/0x80
[  145.872304][ T5975]  ? do_raw_spin_unlock+0x172/0x230
[  145.872318][ T5975]  kobject_add_internal+0x2c4/0x9b0
[  145.872338][ T5975]  kobject_add+0x16e/0x240
[  145.872354][ T5975]  ? __pfx_kobject_add+0x10/0x10
[  145.872370][ T5975]  ? do_raw_spin_unlock+0x172/0x230
[  145.872382][ T5975]  ? kobject_put+0xab/0x5a0
[  145.872400][ T5975]  device_add+0x288/0x1aa0
[  145.872417][ T5975]  ? __pfx_dev_set_name+0x10/0x10
[  145.872434][ T5975]  ? __pfx_device_add+0x10/0x10
[  145.872449][ T5975]  ? mgmt_send_event_skb+0x2fb/0x460
[  145.872464][ T5975]  hci_conn_add_sysfs+0x17e/0x230
[  145.872478][ T5975]  le_conn_complete_evt+0x1075/0x1d70
[  145.872490][ T5975]  ? preempt_count_sub+0xb0/0x160
[  145.872508][ T5975]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  145.872520][ T5975]  ? hci_event_packet+0x459/0x11c0
[  145.872536][ T5975]  hci_le_conn_complete_evt+0x23c/0x370
[  145.872550][ T5975]  hci_le_meta_evt+0x357/0x5e0
[  145.872563][ T5975]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  145.872576][ T5975]  hci_event_packet+0x685/0x11c0
[  145.872587][ T5975]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  145.872600][ T5975]  ? __pfx_hci_event_packet+0x10/0x10
[  145.872635][ T5975]  ? kcov_remote_start+0x3c9/0x6d0
[  145.872649][ T5975]  ? lockdep_hardirqs_on+0x7c/0x110
[  145.872674][ T5975]  hci_rx_work+0x2c5/0x16b0
[  145.872687][ T5975]  ? rcu_is_watching+0x12/0xc0
[  145.872704][ T5975]  process_one_work+0x9cc/0x1b70
[  145.872724][ T5975]  ? __pfx_process_one_work+0x10/0x10
[  145.872742][ T5975]  ? assign_work+0x1a0/0x250
[  145.872755][ T5975]  worker_thread+0x6c8/0xf10
[  145.872775][ T5975]  ? __pfx_worker_thread+0x10/0x10
[  145.872787][ T5975]  kthread+0x3c2/0x780
[  145.872799][ T5975]  ? __pfx_kthread+0x10/0x10
[  145.872811][ T5975]  ? rcu_is_watching+0x12/0xc0
[  145.872825][ T5975]  ? __pfx_kthread+0x10/0x10
[  145.872836][ T5975]  ret_from_fork+0x56a/0x730
[  145.872852][ T5975]  ? __pfx_kthread+0x10/0x10
[  145.872863][ T5975]  ret_from_fork_asm+0x1a/0x30
[  145.872884][ T5975]  </TASK>
[  145.932796][   T54] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  145.952236][ T5975] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  145.956718][ T5975] Bluetooth: hci0: failed to register connection device
[  146.084856][    T9] usb 8-1: device descriptor read/64, error -71
[  146.093440][   T54] usb 7-1: device descriptor read/64, error -71
[  146.203423][    T9] usb usb8-port1: attempt power cycle
[  146.245521][ T9007] netlink: 20 bytes leftover after parsing attributes in process `syz.4.978'.
[  146.344444][   T40] audit: type=1400 audit(1758672374.416:536): avc:  denied  { getopt } for  pid=9012 comm="syz.4.980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  146.362715][   T54] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  146.456977][   T40] audit: type=1400 audit(1758672374.526:537): avc:  denied  { write } for  pid=9014 comm="syz.4.981" path="socket:[29938]" dev="sockfs" ino=29938 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  146.492838][   T54] usb 7-1: device descriptor read/64, error -71
[  146.572776][    T9] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  146.603177][    T9] usb 8-1: device descriptor read/8, error -71
[  146.603717][   T54] usb usb7-port1: attempt power cycle
[  146.751702][ T9018] bond0: left allmulticast mode
[  146.754133][ T9018] bond_slave_0: left allmulticast mode
[  146.756294][ T9018] bond_slave_1: left allmulticast mode
[  146.758548][ T9018] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  146.765437][ T9018] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  146.852706][    T9] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  146.880546][ T9022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.984'.
[  146.884984][    T9] usb 8-1: device descriptor read/8, error -71
[  146.904781][ T5329] Bluetooth: hci0: Unknown advertising packet type: 0x32
[  146.904802][ T5329] Bluetooth: hci0: Malformed LE Event: 0x0d
[  146.962775][   T54] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  146.983522][   T54] usb 7-1: device descriptor read/8, error -71
[  146.993131][    T9] usb usb8-port1: unable to enumerate USB device
[  147.232812][   T54] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  147.263365][   T54] usb 7-1: device descriptor read/8, error -71
[  147.268433][   T40] audit: type=1400 audit(1758672375.336:538): avc:  denied  { mount } for  pid=9024 comm="syz.4.985" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  147.268804][ T9025] =======================================================
[  147.268804][ T9025] WARNING: The mand mount option has been deprecated and
[  147.268804][ T9025]          and is ignored by this kernel. Remove the mand
[  147.268804][ T9025]          option from the mount to silence this warning.
[  147.268804][ T9025] =======================================================
[  147.288421][ T9025] devpts: Bad value for 'max'
[  147.336110][ T9029] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  147.379810][   T54] usb usb7-port1: unable to enumerate USB device
[  147.486766][ T9037] overlayfs: failed to resolve './file1': -2
[  147.585653][ T9041] netlink: 4 bytes leftover after parsing attributes in process `syz.1.990'.
[  147.589410][ T9041] chnl_net:caif_netlink_parms(): no params data found
[  147.638078][ T9042] NILFS (nbd1): device size too small
[  147.892177][ T9053] netlink: 360 bytes leftover after parsing attributes in process `syz.1.993'.
[  148.253081][ T5329] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  148.256748][ T5329] Bluetooth: hci0: Injecting HCI hardware error event
[  148.260748][ T5975] Bluetooth: hci0: hardware error 0x00
[  148.329046][ T9071] JFS: discard option not supported on device
[  148.333576][ T9071] block nbd3: Attempted send on invalid socket
[  148.336089][ T9071] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  148.340081][ T9071] block nbd3: Attempted send on invalid socket
[  148.343113][ T9071] I/O error, dev nbd3, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  148.346700][ T9071] Mount JFS Failure: -5
[  148.457018][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1000'.
[  148.460658][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1000'.
[  148.464138][ T9076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1000'.
[  149.084082][  T839] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  149.235104][  T839] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  149.238804][  T839] usb 6-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config
[  149.246518][  T839] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  149.250160][  T839] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  149.262964][  T839] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  149.267351][  T839] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  149.270688][  T839] usb 6-1: Product: syz
[  149.272425][  T839] usb 6-1: Manufacturer: syz
[  149.278792][  T839] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  149.417279][ T9118] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1011'.
[  149.440276][ T9118] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1011'.
[  149.480383][ T6006] usb 6-1: USB disconnect, device number 27
[  149.567106][ T9123] vxcan1: tx address claim with dlc 0
[  149.599429][ T9126] program syz.2.1014 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  149.787691][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  149.787705][   T40] audit: type=1400 audit(1758672377.856:545): avc:  denied  { map } for  pid=9131 comm="syz.4.1015" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  150.271064][   T40] audit: type=1400 audit(1758672378.336:546): avc:  denied  { mount } for  pid=9146 comm="syz.1.1020" name="/" dev="pstore" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  150.277546][   T40] audit: type=1400 audit(1758672378.336:547): avc:  denied  { remount } for  pid=9146 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  150.283566][   T40] audit: type=1400 audit(1758672378.346:548): avc:  denied  { listen } for  pid=9146 comm="syz.1.1020" path=2F3239382FE91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  150.291015][   T40] audit: type=1400 audit(1758672378.346:549): avc:  denied  { connect } for  pid=9146 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  150.301138][   T40] audit: type=1400 audit(1758672378.366:550): avc:  denied  { unmount } for  pid=5964 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  150.329430][   T40] audit: type=1400 audit(1758672378.396:551): avc:  denied  { write } for  pid=9148 comm="syz.1.1021" name="mouse0" dev="devtmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  150.342916][ T5975] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  150.455640][ T9152] gfs2: gfs2 mount does not exist
[  150.489931][ T5975] block nbd1: Receive control failed (result -32)
[  150.490736][ T9149] misc userio: Invalid payload size
[  150.498076][ T9150] block nbd1: shutting down sockets
[  150.806030][   T40] audit: type=1400 audit(1758672378.876:552): avc:  denied  { read } for  pid=9156 comm="syz.4.1024" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  150.813331][   T40] audit: type=1400 audit(1758672378.876:553): avc:  denied  { open } for  pid=9156 comm="syz.4.1024" path="/90/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  150.820552][   T40] audit: type=1400 audit(1758672378.886:554): avc:  denied  { ioctl } for  pid=9156 comm="syz.4.1024" path="/90/file0/file0" dev="fuse" ino=64 ioctlcmd=0x5425 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  151.272421][ T9171] autofs: Unknown parameter '
[  151.272421][ T9171] 
'
[  151.272830][  T839] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  151.288256][ T9171] autofs: Unknown parameter './file0'
[  151.432739][  T839] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  151.436325][  T839] usb 8-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config
[  151.440581][  T839] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  151.444932][  T839] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  151.451629][  T839] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  151.455346][  T839] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  151.458535][  T839] usb 8-1: Product: syz
[  151.460241][  T839] usb 8-1: Manufacturer: syz
[  151.467334][  T839] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  151.671800][  T840] usb 8-1: USB disconnect, device number 22
[  151.918930][ T9192] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1035'.
[  151.928782][ T9192] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1035'.
[  151.961418][ T9195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1036'.
[  152.065545][ T9201] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1038'.
[  152.198172][ T9208] netlink: 'syz.2.1041': attribute type 3 has an invalid length.
[  152.445726][ T9214] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1043'.
[  152.449462][ T9214] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1043'.
[  152.456265][ T9214] erspan0: entered promiscuous mode
[  152.490770][ T9216] input: syz1 as /devices/virtual/input/input27
[  152.721180][ T9224] /dev/nullb0: Can't lookup blockdev
[  152.783558][ T9228] binder: BINDER_SET_CONTEXT_MGR bad uid 60929 != 0
[  152.786981][ T9228] binder: 9227:9228 ioctl 4018620d 2000000000c0 returned -1
[  152.837215][ T9232] vxcan1 speed is unknown, defaulting to 1000
[  152.859830][ T9238] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1052'.
[  153.017252][ T9232] lo speed is unknown, defaulting to 1000
[  153.073460][ T9259] netlink: 'syz.2.1060': attribute type 4 has an invalid length.
[  153.079215][ T9259] netlink: 'syz.2.1060': attribute type 4 has an invalid length.
[  153.086708][ T6110] lo speed is unknown, defaulting to 1000
[  153.088687][ T6110] syz0: Port: 1 Link ACTIVE
[  153.133369][  T839] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  153.295143][  T839] usb 6-1: config 0 has no interfaces?
[  153.298328][  T839] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  153.300967][  T839] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.303548][  T839] usb 6-1: Product: syz
[  153.304879][  T839] usb 6-1: Manufacturer: syz
[  153.306246][  T839] usb 6-1: SerialNumber: syz
[  153.309437][  T839] usb 6-1: config 0 descriptor??
[  153.569589][ T9240] netlink: 'syz.1.1050': attribute type 58 has an invalid length.
[  153.580003][ T6113] usb 6-1: USB disconnect, device number 28
[  153.998746][ T9279] Malformed UNC in devname
[  153.998746][ T9279] 
[  154.001378][ T9279] CIFS: VFS: Malformed UNC in devname
[  154.172085][ T9316] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  154.175669][ T9316] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  154.413130][ T6110] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  154.544491][ T6110] usb 7-1: device descriptor read/64, error -71
[  154.793609][ T6110] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  154.899831][ T9339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1084'.
[  154.930710][ T6110] usb 7-1: device descriptor read/64, error -71
[  154.940677][   T40] kauditd_printk_skb: 11 callbacks suppressed
[  154.940686][   T40] audit: type=1400 audit(1758672383.006:566): avc:  denied  { read } for  pid=9343 comm="syz.4.1085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  154.944053][    C2] sr 2:0:0:0: [sr0] tag#12 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  154.953674][    C2] sr 2:0:0:0: [sr0] tag#12 CDB: Regenerate(16) 82 5a 86 a5 26 a3 50 1f b1 dd 8d ff 3e 90 d6 f5
[  155.044097][ T6110] usb usb7-port1: attempt power cycle
[  155.163186][ T9362] misc userio: Can't change port type on an already running userio instance
[  155.197417][ T9364] netlink: 'syz.3.1092': attribute type 2 has an invalid length.
[  155.199858][ T9364] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1092'.
[  155.238540][   T40] audit: type=1400 audit(1758672383.306:567): avc:  denied  { mount } for  pid=9365 comm="syz.3.1093" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  155.263939][ T9372] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1094'.
[  155.382717][ T6110] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  155.413899][ T6110] usb 7-1: device descriptor read/8, error -71
[  155.438514][ T9386] blktrace: Concurrent blktraces are not allowed on sg0
[  155.652782][ T6110] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  155.683243][ T6110] usb 7-1: device descriptor read/8, error -71
[  155.792882][ T6110] usb usb7-port1: unable to enumerate USB device
[  155.961421][   T40] audit: type=1400 audit(1758672384.026:568): avc:  denied  { setopt } for  pid=9393 comm="syz.1.1102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  156.228000][ T9402] netlink: zone id is out of range
[  156.229855][ T9402] netlink: del zone limit has 4 unknown bytes
[  156.237086][  T839] IPVS: starting estimator thread 0...
[  156.303420][ T6110] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  156.333276][ T9403] IPVS: using max 42 ests per chain, 100800 per kthread
[  156.454285][ T6110] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  156.457825][ T6110] usb 6-1: config 1 descriptor has 1 excess byte, ignoring
[  156.460615][ T6110] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  156.464587][ T6110] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  156.472041][ T6110] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  156.475985][ T6110] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  156.479211][ T6110] usb 6-1: Product: syz
[  156.481019][ T6110] usb 6-1: Manufacturer: syz
[  156.487626][ T6110] cdc_wdm 6-1:1.0: skipping garbage
[  156.489820][ T6110] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  156.619260][ T9421] bridge_slave_1: left allmulticast mode
[  156.621150][ T9421] bridge_slave_1: left promiscuous mode
[  156.624141][ T9421] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.629645][ T9421] bridge_slave_0: left allmulticast mode
[  156.631483][ T9421] bridge_slave_0: left promiscuous mode
[  156.635219][ T9421] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.690178][  T839] usb 6-1: USB disconnect, device number 29
[  156.928586][ T9426] __nla_validate_parse: 2 callbacks suppressed
[  156.928597][ T9426] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'.
[  156.959028][   T40] audit: type=1400 audit(1758672385.026:569): avc:  denied  { append } for  pid=9427 comm="syz.3.1115" name="ptp1" dev="devtmpfs" ino=1288 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  157.001842][   T40] audit: type=1400 audit(1758672385.066:570): avc:  denied  { write } for  pid=9427 comm="syz.3.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  157.279443][ T9436] vxcan1 speed is unknown, defaulting to 1000
[  157.319686][ T9444] tmpfs: Bad value for 'mpol'
[  157.356580][ T9436] lo speed is unknown, defaulting to 1000
[  157.409669][ T9449] 9pnet: Unknown protocol version 9p20\++}
[  157.438845][ T9453] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1123'.
[  157.465882][ T9457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1124'.
[  157.662775][    T9] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  157.752722][ T6113] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  157.792773][    T9] usb 9-1: device descriptor read/64, error -71
[  157.893328][ T6113] usb 7-1: device descriptor read/64, error -71
[  158.045315][    T9] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  158.112189][   T40] audit: type=1400 audit(1758672386.176:571): avc:  denied  { accept } for  pid=9463 comm="syz.3.1127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  158.132798][ T6113] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  158.172730][    T9] usb 9-1: device descriptor read/64, error -71
[  158.262782][ T6113] usb 7-1: device descriptor read/64, error -71
[  158.294892][    T9] usb usb9-port1: attempt power cycle
[  158.295717][ T9469] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  158.304666][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.304666][ T9469] 
[  158.307781][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.310607][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.310607][ T9469] 
[  158.313866][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.316816][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.316816][ T9469] 
[  158.319824][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.323348][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.323348][ T9469] 
[  158.326594][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.329515][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.329515][ T9469] 
[  158.332573][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.336424][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.336424][ T9469] 
[  158.339400][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.342257][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.342257][ T9469] 
[  158.345680][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.348600][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.348600][ T9469] 
[  158.351738][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.354902][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.354902][ T9469] 
[  158.358094][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.361025][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.361025][ T9469] 
[  158.366289][ T9469] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  158.369142][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.369142][ T9469] 
[  158.372209][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.372209][ T9469] 
[  158.375403][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.375403][ T9469] 
[  158.378727][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.378727][ T9469] 
[  158.382011][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.382011][ T9469] 
[  158.383030][ T6113] usb usb7-port1: attempt power cycle
[  158.385512][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.385512][ T9469] 
[  158.390614][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.390614][ T9469] 
[  158.393871][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.393871][ T9469] 
[  158.397098][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.397098][ T9469] 
[  158.400273][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.400273][ T9469] 
[  158.403532][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.403532][ T9469] 
[  158.406733][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.406733][ T9469] 
[  158.409898][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.409898][ T9469] 
[  158.413073][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.413073][ T9469] 
[  158.416242][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.416242][ T9469] 
[  158.419293][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.419293][ T9469] 
[  158.422381][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.422381][ T9469] 
[  158.425619][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.425619][ T9469] 
[  158.428776][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.428776][ T9469] 
[  158.431935][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.431935][ T9469] 
[  158.435186][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.435186][ T9469] 
[  158.438322][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.438322][ T9469] 
[  158.441439][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.441439][ T9469] 
[  158.444710][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.444710][ T9469] 
[  158.447883][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.447883][ T9469] 
[  158.451016][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.451016][ T9469] 
[  158.454233][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.454233][ T9469] 
[  158.457353][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.457353][ T9469] 
[  158.460461][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.460461][ T9469] 
[  158.463703][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.463703][ T9469] 
[  158.466810][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.466810][ T9469] 
[  158.469910][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.469910][ T9469] 
[  158.473120][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.473120][ T9469] 
[  158.476228][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.476228][ T9469] 
[  158.479276][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.479276][ T9469] 
[  158.482588][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.482588][ T9469] 
[  158.485790][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.485790][ T9469] 
[  158.488872][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.488872][ T9469] 
[  158.492014][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.492014][ T9469] 
[  158.495302][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.495302][ T9469] 
[  158.498470][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.498470][ T9469] 
[  158.501974][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.501974][ T9469] 
[  158.505264][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.505264][ T9469] 
[  158.508415][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.508415][ T9469] 
[  158.511596][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.511596][ T9469] 
[  158.514808][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.514808][ T9469] 
[  158.518002][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.518002][ T9469] 
[  158.521181][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.521181][ T9469] 
[  158.524435][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.524435][ T9469] 
[  158.527609][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.527609][ T9469] 
[  158.530664][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.530664][ T9469] 
[  158.533886][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.533886][ T9469] 
[  158.537080][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.537080][ T9469] 
[  158.540184][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.540184][ T9469] 
[  158.543485][ T9469] CIFS mount error: No usable UNC path provided in device string!
[  158.543485][ T9469] 
[  158.635142][    T9] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  158.663801][    T9] usb 9-1: device descriptor read/8, error -71
[  158.742814][ T6113] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  158.763447][ T6113] usb 7-1: device descriptor read/8, error -71
[  158.862749][   T10] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  158.912882][    T9] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  158.933330][    T9] usb 9-1: device descriptor read/8, error -71
[  159.002730][ T6113] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  159.014758][   T10] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  159.017456][   T10] usb 6-1: config 1 descriptor has 1 excess byte, ignoring
[  159.019720][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  159.023085][   T10] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  159.028912][ T6113] usb 7-1: device descriptor read/8, error -71
[  159.035249][   T10] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  159.038990][   T10] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  159.042257][   T10] usb 6-1: Product: syz
[  159.044361][    T9] usb usb9-port1: unable to enumerate USB device
[  159.047278][   T10] usb 6-1: Manufacturer: syz
[  159.054213][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  159.056443][   T10] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  159.075331][ T9480] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  159.122150][ T9488] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1133'.
[  159.133864][ T6113] usb usb7-port1: unable to enumerate USB device
[  159.257223][ T6034] usb 6-1: USB disconnect, device number 30
[  160.308205][   T40] audit: type=1400 audit(1758672388.376:572): avc:  denied  { mounton } for  pid=9509 comm="syz.4.1141" path="/file0" dev="ramfs" ino=31552 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  160.311087][ T9511] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  160.319789][ T9511] overlayfs: failed to set xattr on upper
[  160.321589][ T9511] overlayfs: ...falling back to redirect_dir=nofollow.
[  160.323877][ T9511] overlayfs: ...falling back to index=off.
[  160.325982][ T9511] overlayfs: ...falling back to uuid=null.
[  160.328386][ T9511] overlayfs: ...falling back to xino=off.
[  160.359369][ T9513] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  160.421529][ T9515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1143'.
[  160.458486][ T9517] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1144'.
[  160.466558][ T9519] FAULT_INJECTION: forcing a failure.
[  160.466558][ T9519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.472014][ T9519] CPU: 2 UID: 0 PID: 9519 Comm: syz.3.1145 Not tainted syzkaller #0 PREEMPT(full) 
[  160.472037][ T9519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.472048][ T9519] Call Trace:
[  160.472054][ T9519]  <TASK>
[  160.472060][ T9519]  dump_stack_lvl+0x16c/0x1f0
[  160.472087][ T9519]  should_fail_ex+0x512/0x640
[  160.472114][ T9519]  _copy_from_user+0x2e/0xd0
[  160.472140][ T9519]  copy_msghdr_from_user+0x98/0x160
[  160.472163][ T9519]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  160.472189][ T9519]  ? __lock_acquire+0x62e/0x1ce0
[  160.472220][ T9519]  ___sys_recvmsg+0xdb/0x1a0
[  160.472242][ T9519]  ? __pfx____sys_recvmsg+0x10/0x10
[  160.472285][ T9519]  __sys_recvmsg+0x16a/0x220
[  160.472307][ T9519]  ? __pfx___sys_recvmsg+0x10/0x10
[  160.472359][ T9519]  do_syscall_64+0xcd/0x4e0
[  160.472385][ T9519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.472403][ T9519] RIP: 0033:0x7f8061b8eec9
[  160.472418][ T9519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.472434][ T9519] RSP: 002b:00007f8062a82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  160.472450][ T9519] RAX: ffffffffffffffda RBX: 00007f8061de5fa0 RCX: 00007f8061b8eec9
[  160.472462][ T9519] RDX: 0000000000010000 RSI: 0000200000000800 RDI: 0000000000000003
[  160.472470][ T9519] RBP: 00007f8062a82090 R08: 0000000000000000 R09: 0000000000000000
[  160.472478][ T9519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.472485][ T9519] R13: 00007f8061de6038 R14: 00007f8061de5fa0 R15: 00007ffe0c56b4e8
[  160.472503][ T9519]  </TASK>
[  160.574108][ T9524] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1148'.
[  160.577779][ T9524] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1148'.
[  160.957946][ T9542] 9pnet_virtio: no channels available for device syz
[  161.072768][ T6110] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  161.212784][ T6110] usb 8-1: device descriptor read/64, error -71
[  161.342728][ T9000] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  161.452919][ T6110] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  161.492857][ T9000] usb 6-1: Using ep0 maxpacket: 32
[  161.496687][ T9000] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.500834][ T9000] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  161.504864][ T9000] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  161.508634][ T9000] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.514049][ T9000] usb 6-1: config 0 descriptor??
[  161.592743][ T6110] usb 8-1: device descriptor read/64, error -71
[  161.603396][ T9548] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1156'.
[  161.638536][ T9550] FAULT_INJECTION: forcing a failure.
[  161.638536][ T9550] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.642862][ T9550] CPU: 1 UID: 0 PID: 9550 Comm: syz.4.1157 Not tainted syzkaller #0 PREEMPT(full) 
[  161.642883][ T9550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.642893][ T9550] Call Trace:
[  161.642899][ T9550]  <TASK>
[  161.642917][ T9550]  dump_stack_lvl+0x16c/0x1f0
[  161.642942][ T9550]  should_fail_ex+0x512/0x640
[  161.642964][ T9550]  _copy_to_user+0x32/0xd0
[  161.642990][ T9550]  simple_read_from_buffer+0xcb/0x170
[  161.643008][ T9550]  proc_fail_nth_read+0x197/0x240
[  161.643029][ T9550]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  161.643050][ T9550]  ? rw_verify_area+0xcf/0x6c0
[  161.643074][ T9550]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  161.643093][ T9550]  vfs_read+0x1e1/0xcf0
[  161.643112][ T9550]  ? __pfx___mutex_lock+0x10/0x10
[  161.643134][ T9550]  ? __pfx_vfs_read+0x10/0x10
[  161.643157][ T9550]  ? __fget_files+0x20e/0x3c0
[  161.643182][ T9550]  ksys_read+0x12a/0x250
[  161.643198][ T9550]  ? __pfx_ksys_read+0x10/0x10
[  161.643221][ T9550]  do_syscall_64+0xcd/0x4e0
[  161.643246][ T9550]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.643262][ T9550] RIP: 0033:0x7fb65518d8dc
[  161.643275][ T9550] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  161.643290][ T9550] RSP: 002b:00007fb656084030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  161.643306][ T9550] RAX: ffffffffffffffda RBX: 00007fb6553e5fa0 RCX: 00007fb65518d8dc
[  161.643316][ T9550] RDX: 000000000000000f RSI: 00007fb6560840a0 RDI: 0000000000000004
[  161.643326][ T9550] RBP: 00007fb656084090 R08: 0000000000000000 R09: 0000000000000000
[  161.643336][ T9550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.643345][ T9550] R13: 00007fb6553e6038 R14: 00007fb6553e5fa0 R15: 00007fff12f0a728
[  161.643368][ T9550]  </TASK>
[  161.704027][ T6110] usb usb8-port1: attempt power cycle
[  161.704297][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.042853][ T6110] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  162.073212][ T6110] usb 8-1: device descriptor read/8, error -71
[  162.323312][ T6110] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  162.353194][ T6110] usb 8-1: device descriptor read/8, error -71
[  162.463041][ T6110] usb usb8-port1: unable to enumerate USB device
[  163.653628][ T9564] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  163.657742][ T9564] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  163.662027][ T9564] overlayfs: fs on '.' does not support file handles, falling back to xino=off.
[  163.786920][ T9575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1166'.
[  163.889546][   T40] audit: type=1400 audit(1758672391.956:573): avc:  denied  { mount } for  pid=9567 comm="syz.3.1164" name="/" dev="hugetlbfs" ino=31628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  164.112452][   T10] usb 6-1: USB disconnect, device number 31
[  164.189028][   T40] audit: type=1400 audit(1758672392.256:574): avc:  denied  { mounton } for  pid=9597 comm="syz.4.1174" path="/bus" dev="bpf" ino=35157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  164.192242][ T9598] overlayfs: upper fs does not support tmpfile.
[  164.227723][ T9602] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1175'.
[  164.277254][ T9605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1177'.
[  164.360574][ T9608] block nbd4: not configured, cannot reconfigure
[  164.542786][   T10] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  164.662749][ T6113] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  164.682806][   T10] usb 7-1: device descriptor read/64, error -71
[  164.832738][ T6113] usb 9-1: Using ep0 maxpacket: 32
[  164.836573][ T6113] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  164.840463][ T6113] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  164.844448][ T6113] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  164.847933][ T6113] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.854209][ T6113] usb 9-1: config 0 descriptor??
[  164.920267][ T9623] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1184'.
[  164.932803][   T10] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  165.082742][   T10] usb 7-1: device descriptor read/64, error -71
[  165.192787][ T6006] usb 8-1: new full-speed USB device number 27 using dummy_hcd
[  165.193500][   T10] usb usb7-port1: attempt power cycle
[  165.298290][ T9631] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1187'.
[  165.322829][ T6006] usb 8-1: device descriptor read/64, error -71
[  165.327727][   T40] audit: type=1400 audit(1758672393.396:575): avc:  denied  { read } for  pid=9632 comm="syz.1.1188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  165.555539][   T10] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  165.573255][ T6006] usb 8-1: new full-speed USB device number 28 using dummy_hcd
[  165.574241][   T10] usb 7-1: device descriptor read/8, error -71
[  165.702796][ T6006] usb 8-1: device descriptor read/64, error -71
[  165.812756][   T10] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[  165.812978][ T6006] usb usb8-port1: attempt power cycle
[  165.843229][   T10] usb 7-1: device descriptor read/8, error -71
[  165.952928][   T10] usb usb7-port1: unable to enumerate USB device
[  166.152795][ T6006] usb 8-1: new full-speed USB device number 29 using dummy_hcd
[  166.173511][ T6006] usb 8-1: device descriptor read/8, error -71
[  166.412735][ T6006] usb 8-1: new full-speed USB device number 30 using dummy_hcd
[  166.433143][ T6006] usb 8-1: device descriptor read/8, error -71
[  166.486690][ T9647] block nbd1: Attempted send on invalid socket
[  166.488599][ T9647] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  166.491456][ T9647] ADFS-fs (nbd1): error: unable to read block 3, try 0
[  166.495769][ T9646] block nbd1: Attempted send on invalid socket
[  166.496084][   T40] audit: type=1400 audit(1758672394.566:576): avc:  denied  { getopt } for  pid=9645 comm="syz.1.1191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  166.498334][ T9646] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  166.509290][ T9646] ADFS-fs (nbd1): error: unable to read block 3, try 0
[  166.542936][ T6006] usb usb8-port1: unable to enumerate USB device
[  166.563101][ T1235] Bluetooth: hci4: Frame reassembly failed (-84)
[  167.122549][ T9650] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1192'.
[  167.170463][ T9655] binder: 9654:9655 ioctl c0306201 0 returned -14
[  167.170466][ T9656] binder: 9654:9656 ioctl c0306201 0 returned -14
[  167.211701][ T9659] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  167.218520][   T40] audit: type=1400 audit(1758672395.286:577): avc:  denied  { getopt } for  pid=9658 comm="syz.2.1194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  167.440030][ T6113] usb 9-1: USB disconnect, device number 15
[  168.572750][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  168.682804][ T9000] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  168.844512][ T9678] FAULT_INJECTION: forcing a failure.
[  168.844512][ T9678] name failslab, interval 1, probability 0, space 0, times 0
[  168.849813][ T9678] CPU: 1 UID: 0 PID: 9678 Comm: syz.2.1201 Not tainted syzkaller #0 PREEMPT(full) 
[  168.849851][ T9678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  168.849862][ T9678] Call Trace:
[  168.849867][ T9678]  <TASK>
[  168.849876][ T9678]  dump_stack_lvl+0x16c/0x1f0
[  168.849909][ T9678]  should_fail_ex+0x512/0x640
[  168.849932][ T9678]  ? fs_reclaim_acquire+0xae/0x150
[  168.849957][ T9678]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  168.849984][ T9678]  should_failslab+0xc2/0x120
[  168.850004][ T9678]  __kmalloc_noprof+0xd2/0x510
[  168.850029][ T9678]  tomoyo_realpath_from_path+0xc2/0x6e0
[  168.850058][ T9678]  ? tomoyo_profile+0x47/0x60
[  168.850076][ T9678]  tomoyo_path_number_perm+0x245/0x580
[  168.850099][ T9678]  ? tomoyo_path_number_perm+0x237/0x580
[  168.850123][ T9678]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  168.850146][ T9678]  ? find_held_lock+0x2b/0x80
[  168.850192][ T9678]  ? find_held_lock+0x2b/0x80
[  168.850212][ T9678]  ? hook_file_ioctl_common+0x145/0x410
[  168.850236][ T9678]  ? __fget_files+0x20e/0x3c0
[  168.850262][ T9678]  security_file_ioctl+0x9b/0x240
[  168.850287][ T9678]  __x64_sys_ioctl+0xb7/0x210
[  168.850316][ T9678]  do_syscall_64+0xcd/0x4e0
[  168.850343][ T9678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.850359][ T9678] RIP: 0033:0x7ff211d8eec9
[  168.850376][ T9678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.850393][ T9678] RSP: 002b:00007ff212c8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  168.850410][ T9678] RAX: ffffffffffffffda RBX: 00007ff211fe5fa0 RCX: 00007ff211d8eec9
[  168.850420][ T9678] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000003
[  168.850431][ T9678] RBP: 00007ff212c8f090 R08: 0000000000000000 R09: 0000000000000000
[  168.850443][ T9678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.850452][ T9678] R13: 00007ff211fe6038 R14: 00007ff211fe5fa0 R15: 00007ffcede7bab8
[  168.850477][ T9678]  </TASK>
[  168.850533][ T9678] ERROR: Out of memory at tomoyo_realpath_from_path.
[  168.933840][ T9000] usb 7-1: unable to get BOS descriptor or descriptor too short
[  168.937438][ T9000] usb 7-1: no configurations
[  168.939098][ T9000] usb 7-1: can't read configurations, error -22
[  169.404818][   T40] audit: type=1400 audit(1758672397.476:578): avc:  denied  { setopt } for  pid=9701 comm="syz.4.1210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  169.410767][   T40] audit: type=1400 audit(1758672397.476:579): avc:  denied  { write } for  pid=9701 comm="syz.4.1210" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  169.418933][   T40] audit: type=1400 audit(1758672397.476:580): avc:  denied  { ioctl } for  pid=9701 comm="syz.4.1210" path="/dev/ndctl0" dev="devtmpfs" ino=109 ioctlcmd=0x640a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  169.439056][   T40] audit: type=1400 audit(1758672397.506:581): avc:  denied  { read } for  pid=9703 comm="syz.4.1211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  169.510607][ T9712] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1215'.
[  169.514079][ T9712] debugfs: 'netdev:syzkaller0' already exists in 'phy9'
[  169.555457][   T40] audit: type=1800 audit(1758672397.626:582): pid=9716 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1217" name="file0" dev="tmpfs" ino=1629 res=0 errno=0
[  169.598509][   T40] audit: type=1400 audit(1758672397.666:583): avc:  denied  { getopt } for  pid=9719 comm="syz.3.1219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  169.671238][ T9732] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1224'.
[  169.932925][ T6113] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  170.109697][ T6113] usb 6-1: unable to get BOS descriptor or descriptor too short
[  170.112098][ T6113] usb 6-1: no configurations
[  170.113856][ T6113] usb 6-1: can't read configurations, error -22
[  170.132854][ T9000] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  170.294261][ T9725] FAULT_INJECTION: forcing a failure.
[  170.294261][ T9725] name failslab, interval 1, probability 0, space 0, times 0
[  170.299154][ T9725] CPU: 1 UID: 0 PID: 9725 Comm: syz.2.1221 Not tainted syzkaller #0 PREEMPT(full) 
[  170.299170][ T9725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  170.299176][ T9725] Call Trace:
[  170.299180][ T9725]  <TASK>
[  170.299185][ T9725]  dump_stack_lvl+0x16c/0x1f0
[  170.299220][ T9725]  should_fail_ex+0x512/0x640
[  170.299241][ T9725]  ? fs_reclaim_acquire+0xae/0x150
[  170.299269][ T9725]  ? tomoyo_encode2+0x100/0x3e0
[  170.299286][ T9725]  should_failslab+0xc2/0x120
[  170.299299][ T9725]  __kmalloc_noprof+0xd2/0x510
[  170.299310][ T9725]  ? d_absolute_path+0x136/0x1a0
[  170.299329][ T9725]  tomoyo_encode2+0x100/0x3e0
[  170.299347][ T9725]  tomoyo_encode+0x29/0x50
[  170.299363][ T9725]  tomoyo_realpath_from_path+0x18f/0x6e0
[  170.299384][ T9725]  tomoyo_path_number_perm+0x245/0x580
[  170.299398][ T9725]  ? tomoyo_path_number_perm+0x237/0x580
[  170.299425][ T9725]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  170.299441][ T9725]  ? find_held_lock+0x2b/0x80
[  170.299493][ T9725]  ? find_held_lock+0x2b/0x80
[  170.299508][ T9725]  ? hook_file_ioctl_common+0x145/0x410
[  170.299522][ T9725]  ? __fget_files+0x20e/0x3c0
[  170.299537][ T9725]  security_file_ioctl+0x9b/0x240
[  170.299555][ T9725]  __x64_sys_ioctl+0xb7/0x210
[  170.299574][ T9725]  do_syscall_64+0xcd/0x4e0
[  170.299597][ T9725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.299608][ T9725] RIP: 0033:0x7ff211d8eec9
[  170.299617][ T9725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.299630][ T9725] RSP: 002b:00007ff212c8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  170.299646][ T9725] RAX: ffffffffffffffda RBX: 00007ff211fe5fa0 RCX: 00007ff211d8eec9
[  170.299656][ T9725] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000003
[  170.299666][ T9725] RBP: 00007ff212c8f090 R08: 0000000000000000 R09: 0000000000000000
[  170.299678][ T9725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.299687][ T9725] R13: 00007ff211fe6038 R14: 00007ff211fe5fa0 R15: 00007ffcede7bab8
[  170.299711][ T9725]  </TASK>
[  170.299785][ T9725] ERROR: Out of memory at tomoyo_realpath_from_path.
[  170.374220][ T9000] usb 7-1: unable to get BOS descriptor or descriptor too short
[  170.376854][ T9000] usb 7-1: no configurations
[  170.378336][ T9000] usb 7-1: can't read configurations, error -22
[  170.797957][ T9770] FAULT_INJECTION: forcing a failure.
[  170.797957][ T9770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.803341][ T9770] CPU: 3 UID: 0 PID: 9770 Comm: syz.4.1239 Not tainted syzkaller #0 PREEMPT(full) 
[  170.803366][ T9770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  170.803376][ T9770] Call Trace:
[  170.803382][ T9770]  <TASK>
[  170.803389][ T9770]  dump_stack_lvl+0x16c/0x1f0
[  170.803419][ T9770]  should_fail_ex+0x512/0x640
[  170.803444][ T9770]  _copy_to_iter+0x29f/0x1710
[  170.803498][ T9770]  ? __pfx__copy_to_iter+0x10/0x10
[  170.803526][ T9770]  ? skb_recv_datagram+0x88/0xc0
[  170.803546][ T9770]  ? __pfx_skb_recv_datagram+0x10/0x10
[  170.803565][ T9770]  ? find_held_lock+0x2b/0x80
[  170.803592][ T9770]  j1939_sk_recvmsg+0x1ae/0x8b0
[  170.803615][ T9770]  ? __pfx_j1939_sk_recvmsg+0x10/0x10
[  170.803645][ T9770]  sock_recvmsg+0x1f6/0x250
[  170.803673][ T9770]  sock_read_iter+0x2b9/0x3b0
[  170.803699][ T9770]  ? __pfx_sock_read_iter+0x10/0x10
[  170.803737][ T9770]  ? __pfx_file_has_perm+0x10/0x10
[  170.803762][ T9770]  do_iter_readv_writev+0x743/0x9e0
[  170.803794][ T9770]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  170.803822][ T9770]  ? selinux_file_permission+0x126/0x660
[  170.803851][ T9770]  ? bpf_lsm_file_permission+0x9/0x10
[  170.803874][ T9770]  ? security_file_permission+0x71/0x210
[  170.803901][ T9770]  ? rw_verify_area+0xcf/0x6c0
[  170.803936][ T9770]  vfs_readv+0x4cb/0x8b0
[  170.803958][ T9770]  ? __pfx_vfs_readv+0x10/0x10
[  170.803991][ T9770]  ? __fget_files+0x20e/0x3c0
[  170.804010][ T9770]  ? __fget_files+0x190/0x3c0
[  170.804036][ T9770]  ? do_readv+0x28c/0x340
[  170.804050][ T9770]  do_readv+0x28c/0x340
[  170.804067][ T9770]  ? __pfx_do_readv+0x10/0x10
[  170.804090][ T9770]  do_syscall_64+0xcd/0x4e0
[  170.804117][ T9770]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.804136][ T9770] RIP: 0033:0x7fb65518eec9
[  170.804151][ T9770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.804167][ T9770] RSP: 002b:00007fb656084038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  170.804184][ T9770] RAX: ffffffffffffffda RBX: 00007fb6553e5fa0 RCX: 00007fb65518eec9
[  170.804197][ T9770] RDX: 0000000000000001 RSI: 00002000000006c0 RDI: 0000000000000003
[  170.804207][ T9770] RBP: 00007fb656084090 R08: 0000000000000000 R09: 0000000000000000
[  170.804217][ T9770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.804229][ T9770] R13: 00007fb6553e6038 R14: 00007fb6553e5fa0 R15: 00007fff12f0a728
[  170.804253][ T9770]  </TASK>
[  170.966546][   T40] audit: type=1400 audit(1758672399.036:584): avc:  denied  { call } for  pid=9779 comm="syz.2.1243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  170.967368][ T9780] binder_alloc: 9779: binder_alloc_buf size 17432 failed, no address space
[  170.976639][ T9780] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 8192 (num: 1 largest: 8192)
[  171.136612][   T40] audit: type=1400 audit(1758672399.206:585): avc:  denied  { write } for  pid=9786 comm="syz.4.1247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  171.142598][   T40] audit: type=1400 audit(1758672399.206:586): avc:  denied  { write } for  pid=9785 comm="syz.2.1246" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  171.149818][   T40] audit: type=1400 audit(1758672399.206:587): avc:  denied  { read } for  pid=9785 comm="syz.2.1246" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  171.264151][ T9800] program syz.2.1250 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  171.582694][ T6034] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  171.642833][ T9000] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  171.748248][ T6034] usb 8-1: unable to get BOS descriptor or descriptor too short
[  171.753365][ T6034] usb 8-1: no configurations
[  171.755246][ T6034] usb 8-1: can't read configurations, error -22
[  171.794373][ T9798] FAULT_INJECTION: forcing a failure.
[  171.794373][ T9798] name failslab, interval 1, probability 0, space 0, times 0
[  171.799637][ T9798] CPU: 1 UID: 0 PID: 9798 Comm: syz.4.1249 Not tainted syzkaller #0 PREEMPT(full) 
[  171.799657][ T9798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  171.799666][ T9798] Call Trace:
[  171.799672][ T9798]  <TASK>
[  171.799678][ T9798]  dump_stack_lvl+0x16c/0x1f0
[  171.799708][ T9798]  should_fail_ex+0x512/0x640
[  171.799729][ T9798]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  171.799775][ T9798]  should_failslab+0xc2/0x120
[  171.799795][ T9798]  __kmalloc_cache_noprof+0x6a/0x3e0
[  171.799821][ T9798]  ? raw_ioctl+0x819/0x2c30
[  171.799846][ T9798]  raw_ioctl+0x819/0x2c30
[  171.799873][ T9798]  ? __pfx_raw_ioctl+0x10/0x10
[  171.799893][ T9798]  ? selinux_file_ioctl+0x180/0x270
[  171.799918][ T9798]  ? selinux_file_ioctl+0xb4/0x270
[  171.799942][ T9798]  ? __pfx_raw_ioctl+0x10/0x10
[  171.799965][ T9798]  __x64_sys_ioctl+0x18e/0x210
[  171.799993][ T9798]  do_syscall_64+0xcd/0x4e0
[  171.800018][ T9798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.800036][ T9798] RIP: 0033:0x7fb65518eec9
[  171.800050][ T9798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.800073][ T9798] RSP: 002b:00007fb656084038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  171.800091][ T9798] RAX: ffffffffffffffda RBX: 00007fb6553e5fa0 RCX: 00007fb65518eec9
[  171.800102][ T9798] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000003
[  171.800113][ T9798] RBP: 00007fb656084090 R08: 0000000000000000 R09: 0000000000000000
[  171.800123][ T9798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.800132][ T9798] R13: 00007fb6553e6038 R14: 00007fb6553e5fa0 R15: 00007fff12f0a728
[  171.800156][ T9798]  </TASK>
[  171.801083][ T9000] usb 9-1: unable to get BOS descriptor or descriptor too short
[  171.873621][ T9000] usb 9-1: no configurations
[  171.875552][ T9000] usb 9-1: can't read configurations, error -22
[  172.122091][ T9804] FAULT_INJECTION: forcing a failure.
[  172.122091][ T9804] name failslab, interval 1, probability 0, space 0, times 0
[  172.126759][ T9804] CPU: 2 UID: 0 PID: 9804 Comm: syz.2.1251 Not tainted syzkaller #0 PREEMPT(full) 
[  172.126780][ T9804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  172.126791][ T9804] Call Trace:
[  172.126798][ T9804]  <TASK>
[  172.126805][ T9804]  dump_stack_lvl+0x16c/0x1f0
[  172.126831][ T9804]  should_fail_ex+0x512/0x640
[  172.126852][ T9804]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  172.126872][ T9804]  should_failslab+0xc2/0x120
[  172.126892][ T9804]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  172.126908][ T9804]  ? __pfx_acct_collect+0x10/0x10
[  172.126927][ T9804]  ? taskstats_exit+0x654/0xbe0
[  172.126948][ T9804]  taskstats_exit+0x654/0xbe0
[  172.126968][ T9804]  ? __pfx_taskstats_exit+0x10/0x10
[  172.126986][ T9804]  ? hrtimer_try_to_cancel+0x3a/0x2f0
[  172.127010][ T9804]  do_exit+0x5dc/0x2bf0
[  172.127034][ T9804]  ? lock_acquire+0x179/0x350
[  172.127052][ T9804]  ? __pfx_do_exit+0x10/0x10
[  172.127076][ T9804]  ? find_held_lock+0x2b/0x80
[  172.127104][ T9804]  do_group_exit+0xd3/0x2a0
[  172.127129][ T9804]  get_signal+0x2673/0x26d0
[  172.127152][ T9804]  ? task_work_add+0x1d5/0x360
[  172.127175][ T9804]  ? __pfx_get_signal+0x10/0x10
[  172.127198][ T9804]  ? __fput_deferred+0x213/0x480
[  172.127222][ T9804]  arch_do_signal_or_restart+0x8f/0x7d0
[  172.127244][ T9804]  ? __fget_files+0x20e/0x3c0
[  172.127261][ T9804]  ? __fget_files+0x190/0x3c0
[  172.127278][ T9804]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  172.127306][ T9804]  ? __pfx_do_readv+0x10/0x10
[  172.127325][ T9804]  exit_to_user_mode_loop+0x84/0x110
[  172.127344][ T9804]  do_syscall_64+0x41c/0x4e0
[  172.127367][ T9804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.127383][ T9804] RIP: 0033:0x7ff211d8eec9
[  172.127397][ T9804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.127412][ T9804] RSP: 002b:00007ff212c8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  172.127429][ T9804] RAX: fffffffffffffe00 RBX: 00007ff211fe5fa0 RCX: 00007ff211d8eec9
[  172.127439][ T9804] RDX: 0000000000000001 RSI: 00002000000006c0 RDI: 0000000000000003
[  172.127470][ T9804] RBP: 00007ff212c8f090 R08: 0000000000000000 R09: 0000000000000000
[  172.127479][ T9804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.127489][ T9804] R13: 00007ff211fe6038 R14: 00007ff211fe5fa0 R15: 00007ffcede7bab8
[  172.127510][ T9804]  </TASK>
[  172.386828][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.388964][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.391253][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.393760][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.396046][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.397862][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.400175][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.402136][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.405019][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.407310][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.409619][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.409635][ T9827] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1259'.
[  172.411095][   T53] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  172.411531][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.418847][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.419610][   T53] hid-generic 0000:0000:0000.0010: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  172.420778][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.420833][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.435084][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.437942][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.443515][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.446168][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.448008][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.450332][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.452213][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.455881][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.457781][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.460193][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.462045][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.467022][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.468993][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.471390][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.473665][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.473795][ T9833] netlink: 'syz.4.1261': attribute type 13 has an invalid length.
[  172.475971][ T9835] netlink: 'syz.4.1261': attribute type 13 has an invalid length.
[  172.476215][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.484630][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.487466][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.489356][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.491761][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.494174][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.496656][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.498514][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.501022][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.503278][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.505554][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.507411][ T9835] gretap0: refused to change device tx_queue_len
[  172.507426][ T9835] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  172.508030][ T9833] gretap0: refused to change device tx_queue_len
[  172.509613][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.509673][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.509678][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.509719][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.509723][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.509763][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.509768][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.509808][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.509812][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.509854][ T9823] binder: BINDER_SET_CONTEXT_MGR already set
[  172.514817][ T9833] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  172.517373][ T9823] binder: 9822:9823 ioctl 4018620d 2000000000c0 returned -16
[  172.633858][ T9840] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1262'.
[  172.684210][ T9846] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1265'.
[  172.921861][ T9850] netlink: 272 bytes leftover after parsing attributes in process `syz.4.1267'.
[  172.921886][ T9851] netlink: 272 bytes leftover after parsing attributes in process `syz.4.1267'.
[  172.928831][ T9850] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1267'.
[  172.933070][ T9850] tipc: Started in network mode
[  172.934611][ T9850] tipc: Node identity ac14142f, cluster identity 4711
[  172.936863][ T9850] tipc: New replicast peer: 0.0.0.0
[  172.938873][ T9850] tipc: Enabled bearer <udp:syz2>, priority 10
[  173.132862][ T9000] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[  173.207748][ T9856] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1269'.
[  173.284763][ T9848] FAULT_INJECTION: forcing a failure.
[  173.284763][ T9848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.288709][ T9848] CPU: 1 UID: 0 PID: 9848 Comm: syz.3.1266 Not tainted syzkaller #0 PREEMPT(full) 
[  173.288724][ T9848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  173.288731][ T9848] Call Trace:
[  173.288735][ T9848]  <TASK>
[  173.288740][ T9848]  dump_stack_lvl+0x16c/0x1f0
[  173.288758][ T9848]  should_fail_ex+0x512/0x640
[  173.288775][ T9848]  _copy_to_user+0x32/0xd0
[  173.288792][ T9848]  raw_ioctl+0x1c1e/0x2c30
[  173.288810][ T9848]  ? __pfx_raw_ioctl+0x10/0x10
[  173.288836][ T9848]  ? selinux_file_ioctl+0x180/0x270
[  173.288852][ T9848]  ? selinux_file_ioctl+0xb4/0x270
[  173.288868][ T9848]  ? __pfx_raw_ioctl+0x10/0x10
[  173.288883][ T9848]  __x64_sys_ioctl+0x18e/0x210
[  173.288902][ T9848]  do_syscall_64+0xcd/0x4e0
[  173.288919][ T9848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.288931][ T9848] RIP: 0033:0x7f8061b8eec9
[  173.288940][ T9848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.288951][ T9848] RSP: 002b:00007f8062a82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  173.288961][ T9848] RAX: ffffffffffffffda RBX: 00007f8061de5fa0 RCX: 00007f8061b8eec9
[  173.288969][ T9848] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000003
[  173.288975][ T9848] RBP: 00007f8062a82090 R08: 0000000000000000 R09: 0000000000000000
[  173.288982][ T9848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.288988][ T9848] R13: 00007f8061de6038 R14: 00007f8061de5fa0 R15: 00007ffe0c56b4e8
[  173.289001][ T9848]  </TASK>
[  173.291663][ T9000] usb 8-1: unable to get BOS descriptor or descriptor too short
[  173.343988][ T9000] usb 8-1: no configurations
[  173.345305][ T9000] usb 8-1: can't read configurations, error -22
[  173.517005][ T9870] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1273'.
[  174.016167][ T9888] tmpfs: Bad value for 'mpol'
[  174.063585][ T6051] tipc: Node number set to 2886997039
[  174.073013][ T6034] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  174.102942][ T6110] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  174.233160][ T6034] usb 6-1: Using ep0 maxpacket: 8
[  174.236828][ T6034] usb 6-1: config 0 has an invalid interface number: 33 but max is 3
[  174.239810][ T6034] usb 6-1: config 0 has an invalid interface number: 194 but max is 3
[  174.243111][ T6034] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  174.247125][ T6034] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 4
[  174.250746][ T6034] usb 6-1: config 0 has no interface number 0
[  174.255834][ T6034] usb 6-1: config 0 has no interface number 1
[  174.258416][ T6034] usb 6-1: config 0 interface 33 altsetting 3 endpoint 0x8 has invalid wMaxPacketSize 0
[  174.262230][ T6034] usb 6-1: config 0 interface 33 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  174.266402][ T6034] usb 6-1: config 0 interface 33 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  174.270565][ T6034] usb 6-1: config 0 interface 33 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  174.274650][ T6034] usb 6-1: config 0 interface 33 altsetting 3 endpoint 0x1 has an invalid bInterval 129, changing to 11
[  174.278911][ T6110] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  174.282116][ T6110] usb 9-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[  174.285787][ T6034] usb 6-1: config 0 interface 33 altsetting 3 bulk endpoint 0xB has invalid maxpacket 1023
[  174.289465][ T6034] usb 6-1: config 0 interface 33 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  174.293646][ T6110] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  174.297003][ T6110] usb 9-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  174.301880][ T6034] usb 6-1: config 0 interface 33 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  174.305986][ T6034] usb 6-1: config 0 interface 33 altsetting 3 endpoint 0x6 has an invalid bInterval 253, changing to 7
[  174.310219][ T6034] usb 6-1: config 0 interface 33 altsetting 3 has a duplicate endpoint with address 0x9, skipping
[  174.314197][ T6034] usb 6-1: config 0 interface 33 altsetting 3 has a duplicate endpoint with address 0xC, skipping
[  174.318365][ T6034] usb 6-1: config 0 interface 194 altsetting 0 bulk endpoint 0xA has invalid maxpacket 16
[  174.322180][ T6034] usb 6-1: config 0 interface 194 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  174.326378][ T6110] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  174.329705][ T6110] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  174.332697][ T6034] usb 6-1: config 0 interface 194 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  174.337419][ T6034] usb 6-1: config 0 interface 33 has no altsetting 0
[  174.339985][ T6110] usb 9-1: Product: syz
[  174.341628][ T6110] usb 9-1: Manufacturer: syz
[  174.346212][ T6034] usb 6-1: New USB device found, idVendor=0586, idProduct=3412, bcdDevice=f5.81
[  174.349432][ T6034] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.354471][ T6034] usb 6-1: Product: ꃦ皂㰚巪嵷䷜儱ɲ隱⻜髎峗ᗥ
[  174.356888][ T6034] usb 6-1: Manufacturer: 㹳镊�涽�꣔�⒧ﺼ졕হ앭ࠟ��肜鑢꺣ԭ⫮椆ꆱ�悜閉�䉲充㷨Ჽ㵕뎦沛ﲓ➑탸ញ鎺௜�㡙଑﫫짜闸೥��Чꨎᦞ
[  174.363166][ T6110] cdc_wdm 9-1:1.0: skipping garbage
[  174.364829][ T6110] cdc_wdm 9-1:1.0: skipping garbage
[  174.366458][ T6110] cdc_wdm 9-1:1.0: probe with driver cdc_wdm failed with error -22
[  174.370064][ T6034] usb 6-1: SerialNumber: Р
[  174.372825][ T6034] usb 6-1: config 0 descriptor??
[  174.375644][ T9882] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  174.379609][ T9882] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  174.383148][ T9882] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  174.560076][ T6110] usb 9-1: USB disconnect, device number 18
[  175.032722][ T6110] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  175.204234][ T9908] FAULT_INJECTION: forcing a failure.
[  175.204234][ T9908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.208237][ T9908] CPU: 2 UID: 0 PID: 9908 Comm: syz.2.1286 Not tainted syzkaller #0 PREEMPT(full) 
[  175.208252][ T9908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  175.208259][ T9908] Call Trace:
[  175.208263][ T9908]  <TASK>
[  175.208267][ T9908]  dump_stack_lvl+0x16c/0x1f0
[  175.208286][ T9908]  should_fail_ex+0x512/0x640
[  175.208303][ T9908]  _copy_to_user+0x32/0xd0
[  175.208321][ T9908]  simple_read_from_buffer+0xcb/0x170
[  175.208334][ T9908]  proc_fail_nth_read+0x197/0x240
[  175.208349][ T9908]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  175.208363][ T9908]  ? rw_verify_area+0xcf/0x6c0
[  175.208380][ T9908]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  175.208392][ T9908]  vfs_read+0x1e1/0xcf0
[  175.208405][ T9908]  ? __pfx___mutex_lock+0x10/0x10
[  175.208420][ T9908]  ? __pfx_vfs_read+0x10/0x10
[  175.208435][ T9908]  ? __fget_files+0x20e/0x3c0
[  175.208452][ T9908]  ksys_read+0x12a/0x250
[  175.208463][ T9908]  ? __pfx_ksys_read+0x10/0x10
[  175.208474][ T9908]  ? fput+0x9b/0xd0
[  175.208491][ T9908]  do_syscall_64+0xcd/0x4e0
[  175.208507][ T9908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.208518][ T9908] RIP: 0033:0x7ff211d8d8dc
[  175.208527][ T9908] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  175.208538][ T9908] RSP: 002b:00007ff212c8f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  175.208549][ T9908] RAX: ffffffffffffffda RBX: 00007ff211fe5fa0 RCX: 00007ff211d8d8dc
[  175.208556][ T9908] RDX: 000000000000000f RSI: 00007ff212c8f0a0 RDI: 0000000000000004
[  175.208562][ T9908] RBP: 00007ff212c8f090 R08: 0000000000000000 R09: 0000000000000000
[  175.208569][ T9908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.208575][ T9908] R13: 00007ff211fe6038 R14: 00007ff211fe5fa0 R15: 00007ffcede7bab8
[  175.208588][ T9908]  </TASK>
[  175.274196][ T6110] usb 7-1: unable to get BOS descriptor or descriptor too short
[  175.281578][ T6110] usb 7-1: no configurations
[  175.283160][ T6110] usb 7-1: can't read configurations, error -22
[  175.529248][ T9938] __nla_validate_parse: 3 callbacks suppressed
[  175.529264][ T9938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1297'.
[  175.537462][   T40] audit: type=1400 audit(1758672403.606:588): avc:  denied  { getopt } for  pid=9936 comm="syz.2.1297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  175.932833][ T6110] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  176.104743][ T6110] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  176.107490][ T6110] usb 7-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  176.110609][ T6110] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  176.113854][ T6110] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.119308][ T6110] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  176.122437][ T6110] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  176.125191][ T6110] usb 7-1: Product: syz
[  176.126556][ T6110] usb 7-1: Manufacturer: syz
[  176.134445][ T6110] cdc_wdm 7-1:1.0: skipping garbage
[  176.136107][ T6110] cdc_wdm 7-1:1.0: skipping garbage
[  176.137708][ T6110] cdc_wdm 7-1:1.0: skipping garbage
[  176.139443][ T6110] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  176.335239][ T9000] usb 7-1: USB disconnect, device number 46
[  176.831069][ T6034] usb 6-1: USB disconnect, device number 34
[  177.909686][   T40] audit: type=1400 audit(1758672405.976:589): avc:  denied  { unmount } for  pid=5977 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  177.965287][   T40] audit: type=1400 audit(1758672406.036:590): avc:  denied  { setattr } for  pid=10002 comm="syz.3.1320" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  177.996779][   T40] audit: type=1400 audit(1758672406.066:591): avc:  denied  { write } for  pid=10002 comm="syz.3.1320" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  178.006068][   T40] audit: type=1400 audit(1758672406.066:592): avc:  denied  { open } for  pid=10002 comm="syz.3.1320" path="/335/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  178.173040][   T53] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  178.324412][   T53] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  178.328084][   T53] usb 6-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  178.332420][   T53] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  178.336329][   T53] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  178.343420][   T53] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  178.347020][   T53] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  178.350202][   T53] usb 6-1: Product: syz
[  178.351954][   T53] usb 6-1: Manufacturer: syz
[  178.366640][   T53] cdc_wdm 6-1:1.0: skipping garbage
[  178.368788][   T53] cdc_wdm 6-1:1.0: skipping garbage
[  178.370731][   T53] cdc_wdm 6-1:1.0: skipping garbage
[  178.372342][   T53] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  178.397899][T10023] /dev/sg0: Can't lookup blockdev
[  178.534262][T10031] SELinux:  Context system_u:object_r:utempter_exec_t:s0 is not valid (left unmapped).
[  178.538887][   T40] audit: type=1400 audit(1758672406.606:593): avc:  denied  { relabelto } for  pid=10030 comm="syz.2.1330" name="file1" dev="tmpfs" ino=1597 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:utempter_exec_t:s0"
[  178.547037][   T40] audit: type=1400 audit(1758672406.606:594): avc:  denied  { associate } for  pid=10030 comm="syz.2.1330" name="file1" dev="tmpfs" ino=1597 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:utempter_exec_t:s0"
[  178.556063][   T40] audit: type=1400 audit(1758672406.606:595): avc:  denied  { read } for  pid=10030 comm="syz.2.1330" name="file1" dev="tmpfs" ino=1597 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:utempter_exec_t:s0"
[  178.564335][   T40] audit: type=1400 audit(1758672406.606:596): avc:  denied  { open } for  pid=10030 comm="syz.2.1330" path="/301/file1" dev="tmpfs" ino=1597 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:utempter_exec_t:s0"
[  178.576772][ T6113] usb 6-1: USB disconnect, device number 35
[  178.591537][   T40] audit: type=1400 audit(1758672406.656:597): avc:  denied  { write } for  pid=10030 comm="syz.2.1330" name="file1" dev="tmpfs" ino=1597 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:utempter_exec_t:s0"
[  179.037967][T10046] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1335'.
[  179.120414][T10050] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  179.125930][T10050] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  179.130404][T10050] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  179.207058][T10054] netlink: 'syz.4.1339': attribute type 27 has an invalid length.
[  179.230582][T10054] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.234613][T10054] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.261074][T10054] batman_adv: batadv0: Interface deactivated: dummy0
[  179.347264][T10054] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.369074][T10054] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.426989][   T40] audit: type=1400 audit(1758672407.496:598): avc:  denied  { unlink } for  pid=5973 comm="syz-executor" name="file1" dev="tmpfs" ino=1597 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:utempter_exec_t:s0"
[  179.490859][ T1340] IPVS: starting estimator thread 0...
[  179.588074][T10075] IPVS: using max 42 ests per chain, 100800 per kthread
[  179.599411][T10058] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.602331][T10058] 8021q: adding VLAN 0 to HW filter on device team0
[  179.605494][T10058] batman_adv: batadv0: Interface activated: dummy0
[  179.607788][T10058] batadv0: mtu less than device minimum
[  179.610980][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.614836][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.618547][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.622195][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.626005][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.629657][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.633396][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.637053][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.640738][T10058] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-272)
[  179.665351][   T75] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  179.669096][   T75] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  179.676629][   T75] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  179.680281][   T75] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  179.772906][T10095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1347'.
[  180.103486][T10084] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  180.243863][T10084] usb 6-1: device descriptor read/64, error -71
[  180.503227][T10084] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  180.572934][ T5329] Bluetooth: hci1: command 0x0405 tx timeout
[  180.642696][T10084] usb 6-1: device descriptor read/64, error -71
[  180.753171][T10084] usb usb6-port1: attempt power cycle
[  181.113513][T10084] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  181.133674][T10084] usb 6-1: device descriptor read/8, error -71
[  181.202806][T10085] usb 8-1: new high-speed USB device number 35 using dummy_hcd
[  181.382787][T10085] usb 8-1: Using ep0 maxpacket: 16
[  181.385678][T10085] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  181.390599][T10085] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  181.393594][T10084] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  181.396239][T10085] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.398860][T10085] usb 8-1: Product: syz
[  181.400264][T10085] usb 8-1: Manufacturer: syz
[  181.401719][T10085] usb 8-1: SerialNumber: syz
[  181.405735][T10085] usb 8-1: config 0 descriptor??
[  181.408610][T10085] hub 8-1:0.0: bad descriptor, ignoring hub
[  181.410557][T10085] hub 8-1:0.0: probe with driver hub failed with error -5
[  181.413397][T10084] usb 6-1: device descriptor read/8, error -71
[  181.416905][T10085] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input32
[  181.522842][T10084] usb usb6-port1: unable to enumerate USB device
[  181.707735][T10184] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1378'.
[  181.710671][T10184] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1378'.
[  181.714948][T10184] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1378'.
[  181.773749][T10153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1367'.
[  182.699401][T10201] kernel profiling enabled (shift: 6)
[  182.820072][T10207] Bluetooth: hci4: Frame reassembly failed (-84)
[  182.824473][   T75] Bluetooth: hci4: Frame reassembly failed (-84)
[  182.991117][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  182.991133][   T40] audit: type=1400 audit(1758672411.056:606): avc:  denied  { nlmsg_read } for  pid=10216 comm="syz.1.1387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  183.532349][T10225] overlayfs: failed to resolve './file1': -2
[  183.612835][T10230] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1391'.
[  183.836438][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1393'.
[  184.026322][   T40] audit: type=1400 audit(1758672412.096:607): avc:  denied  { mount } for  pid=10241 comm="syz.3.1395" name="/" dev="9p" ino=71827643 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  184.044448][   T40] audit: type=1400 audit(1758672412.116:608): avc:  denied  { unmount } for  pid=5977 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  184.054759][  T840] usb 8-1: USB disconnect, device number 35
[  184.289535][T10257] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1399'.
[  184.293058][T10257] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1399'.
[  184.879861][T10272] ÿÿÿÿ: renamed from bridge_slave_0
[  184.894226][ T5329] Bluetooth: hci4: command 0x1003 tx timeout
[  184.894243][ T5975] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  184.929794][T10276] netlink: 'syz.4.1406': attribute type 10 has an invalid length.
[  184.932283][T10276] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1406'.
[  185.115818][   T40] audit: type=1800 audit(1758672413.186:609): pid=10290 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1411" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  185.180180][T10292] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1411'.
[  185.296622][T10299] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  185.299381][T10299] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  185.303706][T10299] vhci_hcd vhci_hcd.0: Device attached
[  185.310835][T10299] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  185.317843][T10299] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  185.324323][T10301] vhci_hcd: connection closed
[  185.326274][ T1235] vhci_hcd: stop threads
[  185.330619][ T1235] vhci_hcd: release socket
[  185.332545][ T1235] vhci_hcd: disconnect device
[  185.342864][ T6006] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  185.506135][ T6006] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  185.510751][ T6006] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  185.515172][ T6006] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  185.518944][ T6006] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.525084][T10288] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  185.530723][ T6006] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  185.870737][   T54] usb 6-1: USB disconnect, device number 40
[  185.984828][   T40] audit: type=1400 audit(1758672414.056:610): avc:  denied  { mounton } for  pid=10314 comm="syz.3.1420" path="/proc/1018/cgroup" dev="proc" ino=37645 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  185.996613][   T40] audit: type=1400 audit(1758672414.056:611): avc:  denied  { bind } for  pid=10314 comm="syz.3.1420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  186.003097][   T40] audit: type=1400 audit(1758672414.056:612): avc:  denied  { remount } for  pid=10314 comm="syz.3.1420" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=filesystem permissive=1
[  186.003715][T10311] No source specified
[  186.031225][T10311] bridge4: the hash_elasticity option has been deprecated and is always 16
[  186.112455][T10333] kvm: pic: non byte read
[  186.115722][T10333] kvm: pic: non byte read
[  186.118699][T10333] kvm: pic: non byte read
[  186.121821][T10333] kvm: pic: non byte read
[  186.125815][T10333] kvm: pic: non byte read
[  186.128937][T10333] kvm: pic: non byte read
[  186.134514][T10331] fuse: Bad value for 'group_id'
[  186.134568][   T40] audit: type=1400 audit(1758672414.206:613): avc:  denied  { mounton } for  pid=10330 comm="syz.3.1424" path="/358/file0" dev="tmpfs" ino=1908 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  186.136531][T10331] fuse: Bad value for 'group_id'
[  186.149408][T10331] netlink: 'syz.3.1424': attribute type 10 has an invalid length.
[  186.152055][T10331] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  186.160006][T10331] batman_adv: batadv0: Removing interface: batadv_slave_0
[  186.161915][T10341] netlink: 'syz.2.1427': attribute type 178 has an invalid length.
[  186.169673][T10331] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  186.289571][T10348] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  186.294454][T10348] block device autoloading is deprecated and will be removed.
[  186.524238][T10360] overlay: Bad value for 'workdir'
[  186.562506][T10362] FAULT_INJECTION: forcing a failure.
[  186.562506][T10362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.566563][T10362] CPU: 2 UID: 0 PID: 10362 Comm: syz.3.1434 Not tainted syzkaller #0 PREEMPT(full) 
[  186.566578][T10362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  186.566585][T10362] Call Trace:
[  186.566589][T10362]  <TASK>
[  186.566594][T10362]  dump_stack_lvl+0x16c/0x1f0
[  186.566611][T10362]  should_fail_ex+0x512/0x640
[  186.566628][T10362]  _copy_from_user+0x2e/0xd0
[  186.566645][T10362]  copy_msghdr_from_user+0x98/0x160
[  186.566659][T10362]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  186.566679][T10362]  ___sys_sendmsg+0xfe/0x1d0
[  186.566693][T10362]  ? __pfx____sys_sendmsg+0x10/0x10
[  186.566722][T10362]  __sys_sendmsg+0x16d/0x220
[  186.566736][T10362]  ? __pfx___sys_sendmsg+0x10/0x10
[  186.566758][T10362]  do_syscall_64+0xcd/0x4e0
[  186.566774][T10362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.566785][T10362] RIP: 0033:0x7f8061b8eec9
[  186.566794][T10362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.566805][T10362] RSP: 002b:00007f8062a82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  186.566817][T10362] RAX: ffffffffffffffda RBX: 00007f8061de5fa0 RCX: 00007f8061b8eec9
[  186.566823][T10362] RDX: 0000000024044884 RSI: 0000200000000300 RDI: 0000000000000009
[  186.566830][T10362] RBP: 00007f8062a82090 R08: 0000000000000000 R09: 0000000000000000
[  186.566837][T10362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.566843][T10362] R13: 00007f8061de6038 R14: 00007f8061de5fa0 R15: 00007ffe0c56b4e8
[  186.566857][T10362]  </TASK>
[  186.710258][T10373] can0: slcan on ttyS3.
[  186.784152][T10374] can0 (unregistered): slcan off ttyS3.
[  186.855665][   T40] audit: type=1400 audit(1758672414.926:614): avc:  denied  { connect } for  pid=10382 comm="syz.2.1441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  186.862808][T10383] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input34
[  186.897813][T10387] __nla_validate_parse: 3 callbacks suppressed
[  186.897829][T10387] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1439'.
[  186.899909][T10386] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1442'.
[  186.980291][T10397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1447'.
[  186.983644][T10397] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1447'.
[  187.120955][T10414] fuse: Bad value for 'fd'
[  187.163067][T10418] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1454'.
[  187.166762][T10418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1454'.
[  187.170401][T10418] netlink: 'syz.4.1454': attribute type 11 has an invalid length.
[  187.175169][T10418] netlink: 'syz.4.1454': attribute type 13 has an invalid length.
[  187.184570][T10418] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1454'.
[  187.262770][   T10] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  187.405794][T10434] ubi31: attaching mtd0
[  187.407752][T10434] ubi31 error: ubi_attach_mtd_dev: bad VID header (2) or data offsets (66)
[  187.432747][   T10] usb 7-1: Using ep0 maxpacket: 8
[  187.436465][   T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  187.439819][   T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  187.446759][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  187.454261][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  187.458289][   T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  187.464192][   T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  187.468194][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.478857][   T40] audit: type=1400 audit(1758672415.546:615): avc:  denied  { getopt } for  pid=10436 comm="syz.1.1462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  187.679852][   T10] usb 7-1: usb_control_msg returned -32
[  187.681750][   T10] usbtmc 7-1:16.0: can't read capabilities
[  188.271540][ T5975] Bluetooth: hci1: unexpected event for opcode 0x2028
[  188.560422][T10486] netlink: 'syz.1.1478': attribute type 15 has an invalid length.
[  188.563373][T10486] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1478'.
[  188.571916][T10490] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1480'.
[  188.577356][   T40] audit: type=1400 audit(1758672416.646:616): avc:  denied  { listen } for  pid=10489 comm="syz.4.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  188.586194][   T40] audit: type=1400 audit(1758672416.646:617): avc:  denied  { getopt } for  pid=10489 comm="syz.4.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  188.609149][T10494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1481'.
[  189.229674][T10512] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  189.231896][T10512] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  189.235082][T10514] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(11)
[  189.237711][T10514] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  189.240237][T10512] vhci_hcd vhci_hcd.0: Device attached
[  189.240306][T10514] vhci_hcd vhci_hcd.0: Device attached
[  189.244938][T10516] vhci_hcd: connection closed
[  189.244983][T10515] vhci_hcd: connection closed
[  189.246487][   T46] vhci_hcd: stop threads
[  189.251854][   T46] vhci_hcd: release socket
[  189.254559][   T46] vhci_hcd: disconnect device
[  189.256942][   T46] vhci_hcd: stop threads
[  189.258875][   T46] vhci_hcd: release socket
[  189.261108][   T46] vhci_hcd: disconnect device
[  189.537569][   T40] audit: type=1400 audit(1758672417.606:618): avc:  denied  { accept } for  pid=10523 comm="syz.1.1491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  189.609846][T10530] block nbd1: Attempted send on invalid socket
[  189.612430][T10530] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  189.616992][T10530] XFS (nbd1): SB validate failed with error -5.
[  189.651509][T10538] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nbd1": -EINTR
[  189.765544][T10550] bridge3: entered promiscuous mode
[  189.770024][T10550] bridge3: entered allmulticast mode
[  189.882085][   T40] audit: type=1400 audit(1758672417.946:619): avc:  denied  { getopt } for  pid=10558 comm="syz.1.1502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  190.026787][   T40] audit: type=1326 audit(1758672418.096:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10560 comm="syz.1.1503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6db238eec9 code=0x7fc00000
[  190.035985][   T40] audit: type=1326 audit(1758672418.096:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10560 comm="syz.1.1503" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6db238eec9 code=0x7fc00000
[  190.045230][   T40] audit: type=1326 audit(1758672418.096:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10560 comm="syz.1.1503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6db238eec9 code=0x7fc00000
[  190.054661][   T40] audit: type=1326 audit(1758672418.096:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10560 comm="syz.1.1503" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6db238eec9 code=0x7fc00000
[  190.063897][   T40] audit: type=1326 audit(1758672418.096:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10560 comm="syz.1.1503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6db238eec9 code=0x7fc00000
[  190.071094][   T40] audit: type=1326 audit(1758672418.096:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10560 comm="syz.1.1503" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6db238eec9 code=0x7fc00000
[  190.094473][   T10] usb 7-1: USB disconnect, device number 47
[  190.312583][T10571] cgroup2: Unknown parameter ''
[  190.879136][T10590] syz_tun: entered allmulticast mode
[  190.883927][T10589] syz_tun: left allmulticast mode
[  191.022787][  T840] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  191.166647][T10622] loop2: detected capacity change from 0 to 7
[  191.172135][T10622] Dev loop2: unable to read RDB block 7
[  191.176682][T10622]  loop2: AHDI p1 p2 p3
[  191.178055][T10622] loop2: partition table partially beyond EOD, truncated
[  191.180700][T10622] loop2: p1 start 1601398130 is beyond EOD, truncated
[  191.183155][T10622] loop2: p2 start 1702059890 is beyond EOD, truncated
[  191.194124][  T840] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  191.197054][  T840] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  191.200511][  T840] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  191.204715][  T840] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  191.208890][  T840] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  191.214998][  T840] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  191.221674][  T840] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  191.225332][  T840] usb 6-1: Product: syz
[  191.226995][  T840] usb 6-1: Manufacturer: syz
[  191.233519][  T840] cdc_wdm 6-1:1.0: skipping garbage
[  191.235568][  T840] cdc_wdm 6-1:1.0: skipping garbage
[  191.238682][  T840] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  191.239133][T10632] tipc: Can't bind to reserved service type 2
[  191.240618][  T840] cdc_wdm 6-1:1.0: Unknown control protocol
[  191.546614][T10384] ==================================================================
[  191.549719][T10384] BUG: KASAN: slab-use-after-free in __mutex_lock+0xe8a/0x1060
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  191.552875][T10384] Read of size 8 at addr ffff888033ab00a0 by task khidpd_15c25886/10384
[  191.557814][T10384] 
[  191.558840][T10384] CPU: 2 UID: 0 PID: 10384 Comm: khidpd_15c25886 Not tainted syzkaller #0 PREEMPT(full) 
[  191.558863][T10384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  191.558875][T10384] Call Trace:
[  191.558881][T10384]  <TASK>
[  191.558887][T10384]  dump_stack_lvl+0x116/0x1f0
[  191.558914][T10384]  print_report+0xcd/0x630
[  191.558933][T10384]  ? __virt_addr_valid+0x81/0x610
[  191.558957][T10384]  ? __phys_addr+0xe8/0x180
[  191.558980][T10384]  ? __mutex_lock+0xe8a/0x1060
[  191.559008][T10384]  kasan_report+0xe0/0x110
[  191.559027][T10384]  ? __mutex_lock+0xe8a/0x1060
[  191.559052][T10384]  ? l2cap_unregister_user+0x71/0x240
[  191.559074][T10384]  __mutex_lock+0xe8a/0x1060
[  191.559096][T10384]  ? l2cap_unregister_user+0x71/0x240
[  191.559120][T10384]  ? __pfx___mutex_lock+0x10/0x10
[  191.559141][T10384]  ? rcu_is_watching+0x12/0xc0
[  191.559164][T10384]  ? lockdep_hardirqs_on+0x7c/0x110
[  191.559186][T10384]  ? __try_to_del_timer_sync+0x115/0x170
[  191.559211][T10384]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[  191.559240][T10384]  ? l2cap_unregister_user+0x71/0x240
[  191.559281][T10384]  l2cap_unregister_user+0x71/0x240
[  191.559305][T10384]  hidp_session_thread+0x45e/0x660
[  191.559322][T10384]  ? __pfx_hidp_session_thread+0x10/0x10
[  191.559340][T10384]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  191.559369][T10384]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  191.559395][T10384]  ? lockdep_hardirqs_on+0x7c/0x110
[  191.559415][T10384]  ? __kthread_parkme+0x19e/0x250
[  191.559442][T10384]  ? __pfx_hidp_session_thread+0x10/0x10
[  191.559458][T10384]  kthread+0x3c2/0x780
[  191.559475][T10384]  ? __pfx_kthread+0x10/0x10
[  191.559492][T10384]  ? rcu_is_watching+0x12/0xc0
[  191.559512][T10384]  ? __pfx_kthread+0x10/0x10
[  191.559529][T10384]  ret_from_fork+0x56a/0x730
[  191.559545][T10384]  ? __pfx_kthread+0x10/0x10
[  191.559562][T10384]  ret_from_fork_asm+0x1a/0x30
[  191.559589][T10384]  </TASK>
[  191.559594][T10384] 
[  191.637140][T10384] Allocated by task 7858:
[  191.638716][T10384]  kasan_save_stack+0x33/0x60
[  191.640493][T10384]  kasan_save_track+0x14/0x30
[  191.642385][T10384]  __kasan_kmalloc+0xaa/0xb0
[  191.644314][T10384]  __kmalloc_noprof+0x223/0x510
[  191.646308][T10384]  hci_alloc_dev_priv+0x1d/0x28a0
[  191.648398][T10384]  __vhci_create_device+0xf0/0x880
[  191.650445][T10384]  vhci_write+0x2c0/0x480
[  191.651938][T10384]  vfs_write+0x7d3/0x11d0
[  191.653448][T10384]  ksys_write+0x12a/0x250
[  191.654971][T10384]  do_syscall_64+0xcd/0x4e0
[  191.656641][T10384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.658571][T10384] 
[  191.659472][T10384] Freed by task 10203:
[  191.661071][T10384]  kasan_save_stack+0x33/0x60
[  191.662903][T10384]  kasan_save_track+0x14/0x30
[  191.664393][T10384]  kasan_save_free_info+0x3b/0x60
[  191.665971][T10384]  __kasan_slab_free+0x60/0x70
[  191.667549][T10384]  kfree+0x2b4/0x4d0
[  191.668784][T10384]  hci_release_dev+0x4ef/0x610
[  191.670296][T10384]  bt_host_release+0x6a/0xb0
[  191.672059][T10384]  device_release+0xa4/0x240
[  191.673611][T10384]  kobject_put+0x1e7/0x5a0
[  191.675431][T10384]  put_device+0x1f/0x30
[  191.676918][T10384]  vhci_release+0x185/0x230
[  191.678371][T10384]  __fput+0x3ff/0xb70
[  191.679809][T10384]  task_work_run+0x150/0x240
[  191.681323][T10384]  do_exit+0x86f/0x2bf0
[  191.683091][T10384]  do_group_exit+0xd3/0x2a0
[  191.684896][T10384]  get_signal+0x2673/0x26d0
[  191.686792][T10384]  arch_do_signal_or_restart+0x8f/0x7d0
[  191.688870][T10384]  exit_to_user_mode_loop+0x84/0x110
[  191.690663][T10384]  do_syscall_64+0x41c/0x4e0
[  191.692625][T10384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.694765][T10384] 
[  191.695765][T10384] Last potentially related work creation:
[  191.697846][T10384]  kasan_save_stack+0x33/0x60
[  191.699374][T10384]  kasan_record_aux_stack+0xa7/0xc0
[  191.701085][T10384]  insert_work+0x36/0x230
[  191.702523][T10384]  __queue_work+0x3f8/0x1160
[  191.704371][T10384]  queue_work_on+0x1a4/0x1f0
[  191.706003][T10384]  hci_recv_frame+0x503/0x880
[  191.707883][T10384]  vhci_write+0x399/0x480
[  191.709618][T10384]  vfs_write+0x7d3/0x11d0
[  191.711278][T10384]  ksys_write+0x12a/0x250
[  191.712799][T10384]  do_syscall_64+0xcd/0x4e0
[  191.714701][T10384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.716596][T10384] 
[  191.717480][T10384] Second to last potentially related work creation:
[  191.719590][T10384]  kasan_save_stack+0x33/0x60
[  191.721074][T10384]  kasan_record_aux_stack+0xa7/0xc0
[  191.722712][T10384]  insert_work+0x36/0x230
[  191.724085][T10384]  __queue_work+0x97e/0x1160
[  191.725585][T10384]  queue_work_on+0x1a4/0x1f0
[  191.727108][T10384]  hci_recv_frame+0x503/0x880
[  191.729039][T10384]  vhci_write+0x399/0x480
[  191.730456][T10384]  vfs_write+0x7d3/0x11d0
[  191.731854][T10384]  ksys_write+0x12a/0x250
[  191.733245][T10384]  do_syscall_64+0xcd/0x4e0
[  191.734666][T10384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.736730][T10384] 
[  191.737727][T10384] The buggy address belongs to the object at ffff888033ab0000
[  191.737727][T10384]  which belongs to the cache kmalloc-8k of size 8192
[  191.742478][T10384] The buggy address is located 160 bytes inside of
[  191.742478][T10384]  freed 8192-byte region [ffff888033ab0000, ffff888033ab2000)
[  191.746770][T10384] 
[  191.747603][T10384] The buggy address belongs to the physical page:
[  191.749663][T10384] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33ab0
[  191.752444][T10384] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  191.755892][T10384] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  191.758771][T10384] page_type: f5(slab)
[  191.760366][T10384] raw: 00fff00000000040 ffff88801b843180 ffffea0000f0fe00 dead000000000006
[  191.763860][T10384] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  191.767366][T10384] head: 00fff00000000040 ffff88801b843180 ffffea0000f0fe00 dead000000000006
[  191.770945][T10384] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  191.774476][T10384] head: 00fff00000000003 ffffea0000ceac01 00000000ffffffff 00000000ffffffff
[  191.778044][T10384] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  191.781646][T10384] page dumped because: kasan: bad access detected
[  191.784296][T10384] page_owner tracks the page as allocated
[  191.786670][T10384] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5956, tgid 5956 (sh), ts 47903423019, free_ts 47603165977
[  191.794646][T10384]  post_alloc_hook+0x1c0/0x230
[  191.796698][T10384]  get_page_from_freelist+0x132b/0x38e0
[  191.798558][T10384]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  191.801047][T10384]  alloc_pages_mpol+0x1fb/0x550
[  191.803095][T10384]  new_slab+0x247/0x330
[  191.804854][T10384]  ___slab_alloc+0xcf2/0x1750
[  191.806821][T10384]  __slab_alloc.constprop.0+0x56/0xb0
[  191.809058][T10384]  __kmalloc_cache_noprof+0xfb/0x3e0
[  191.811249][T10384]  tomoyo_init_log+0xc8a/0x2140
[  191.813291][T10384]  tomoyo_supervisor+0x302/0x13b0
[  191.815380][T10384]  tomoyo_env_perm+0x191/0x200
[  191.817369][T10384]  tomoyo_find_next_domain+0xec2/0x20b0
[  191.819656][T10384]  tomoyo_bprm_check_security+0x12e/0x1d0
[  191.822029][T10384]  security_bprm_check+0x1b9/0x1e0
[  191.824175][T10384]  bprm_execve+0x81a/0x1640
[  191.826059][T10384]  do_execveat_common.isra.0+0x4a5/0x610
[  191.828280][T10384] page last free pid 5949 tgid 5949 stack trace:
[  191.830792][T10384]  __free_frozen_pages+0x7d5/0x10f0
[  191.833007][T10384]  __put_partials+0x165/0x1c0
[  191.835014][T10384]  qlist_free_all+0x4d/0x120
[  191.836997][T10384]  kasan_quarantine_reduce+0x195/0x1e0
[  191.839189][T10384]  __kasan_slab_alloc+0x69/0x90
[  191.841270][T10384]  __kmalloc_node_track_caller_noprof+0x1d3/0x510
[  191.844000][T10384]  memdup_user+0x2a/0xe0
[  191.845811][T10384]  strndup_user+0x78/0xe0
[  191.847659][T10384]  __x64_sys_mount+0x137/0x310
[  191.849697][T10384]  do_syscall_64+0xcd/0x4e0
[  191.851702][T10384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.854131][T10384] 
[  191.855120][T10384] Memory state around the buggy address:
[  191.857482][T10384]  ffff888033aaff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  191.860839][T10384]  ffff888033ab0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  191.864189][T10384] >ffff888033ab0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  191.867513][T10384]                                ^
[  191.869645][T10384]  ffff888033ab0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  191.872955][T10384]  ffff888033ab0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  191.876220][T10384] ==================================================================
[  191.879802][T10384] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  191.882937][T10384] CPU: 2 UID: 0 PID: 10384 Comm: khidpd_15c25886 Not tainted syzkaller #0 PREEMPT(full) 
[  191.886947][T10384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  191.890816][T10384] Call Trace:
[  191.891898][T10384]  <TASK>
[  191.892889][T10384]  dump_stack_lvl+0x3d/0x1f0
[  191.894761][T10384]  vpanic+0x6e8/0x7a0
[  191.896492][T10384]  ? __pfx_vpanic+0x10/0x10
[  191.898398][T10384]  ? __pfx_vprintk_emit+0x10/0x10
[  191.900527][T10384]  ? __mutex_lock+0xe8a/0x1060
[  191.902557][T10384]  panic+0xca/0xd0
[  191.904180][T10384]  ? __pfx_panic+0x10/0x10
[  191.906107][T10384]  ? check_panic_on_warn+0x1f/0xb0
[  191.908258][T10384]  check_panic_on_warn+0xab/0xb0
[  191.910258][T10384]  end_report+0x107/0x170
[  191.912106][T10384]  kasan_report+0xee/0x110
[  191.914017][T10384]  ? __mutex_lock+0xe8a/0x1060
[  191.916039][T10384]  ? l2cap_unregister_user+0x71/0x240
[  191.918285][T10384]  __mutex_lock+0xe8a/0x1060
[  191.920095][T10384]  ? l2cap_unregister_user+0x71/0x240
[  191.921808][T10384]  ? __pfx___mutex_lock+0x10/0x10
[  191.923516][T10384]  ? rcu_is_watching+0x12/0xc0
[  191.925023][T10384]  ? lockdep_hardirqs_on+0x7c/0x110
[  191.926723][T10384]  ? __try_to_del_timer_sync+0x115/0x170
[  191.928688][T10384]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[  191.930581][T10384]  ? l2cap_unregister_user+0x71/0x240
[  191.932272][T10384]  l2cap_unregister_user+0x71/0x240
[  191.933895][T10384]  hidp_session_thread+0x45e/0x660
[  191.935512][T10384]  ? __pfx_hidp_session_thread+0x10/0x10
[  191.937404][T10384]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  191.940042][T10384]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  191.942010][T10384]  ? lockdep_hardirqs_on+0x7c/0x110
[  191.943689][T10384]  ? __kthread_parkme+0x19e/0x250
[  191.945279][T10384]  ? __pfx_hidp_session_thread+0x10/0x10
[  191.947114][T10384]  kthread+0x3c2/0x780
[  191.948867][T10384]  ? __pfx_kthread+0x10/0x10
[  191.950828][T10384]  ? rcu_is_watching+0x12/0xc0
[  191.952825][T10384]  ? __pfx_kthread+0x10/0x10
[  191.954333][T10384]  ret_from_fork+0x56a/0x730
[  191.955862][T10384]  ? __pfx_kthread+0x10/0x10
[  191.957807][T10384]  ret_from_fork_asm+0x1a/0x30
[  191.959851][T10384]  </TASK>
[  191.961799][T10384] Kernel Offset: disabled
[  191.963642][T10384] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:06:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000809 RBX=ffff888022c20af0 RCX=000000005a271a02 RDX=0000000000000000
RSI=ffff888022c20b40 RDI=ffff888022c20b18 RBP=0000000000000000 RSP=ffffc9000161f968
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000002 R11=0000000000000000
R12=ffff888022c20b40 R13=ffff888022c20000 R14=0000000000000002 R15=0000000000000001
RIP=ffffffff81976655 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d66b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c30d804 CR3=000000005e8d3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcede7bfc6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcede7bfc6 00007ffcede7bfcc
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff211e12fbe
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff211e12fcb
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff211e12fc5
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff211e12fd9
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff211e1305f
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff211e1313d
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 664d77d4202d6620 2807beeb034da343 c69fcf6fb898af4a 739d8026db7b783b
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030703ad4dd6d6b0 32c471744877d6e3 1e2226b959a00004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5a47bb4b825969c7 9671cfa2f8368e35 211696e5ecf514a8 04b239acecb35b47
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00d5bf6cecc7f5d8 e058f1c28269688d bbc97c20b541f359 5fe03f85578fad7c
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000d5bf 6cecc7f5d8e058f1 c28269688dbbc97c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20b541f3595fe03f 85578fad7c5a47bb 4b825969c79671cf a2f8368e35211696
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e5ecf514a804b239 acecb35b47030703 ad4dd6d6b032c471 744877d6e31e2226
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b959a042628f5bde da0a27aec5664d77 d4202d66202807be eb034da343c69fcf
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffc900068e0000 RBX=0000000000000000 RCX=ffff888106479070 RDX=000000000000009d
RSI=ffffffff86b46a98 RDI=ffff8881064792d0 RBP=0000000000000001 RSP=ffffc900006a0b78
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000001 R13=0000000000004e20 R14=ffff888106479070 R15=0000000000000001
RIP=ffffffff86b46ad5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa7b47c9300 ffffffff 00c00000
GS =0000 ffff8880d67b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000000200 CR3=000000003169a000 CR4=00352ef0
DR0=00000000000020ad DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000
Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04000db803000000 0a08060db0030604 000dac031004000d a8030004000da403
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000dd4032804000d d00301e008000dc8 031ffe08000dc003 02b204000dbc0318
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003072 656c6c616b7a7973 01ffffffffffffff ffdf080dd8030804
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 90033004000e8c03 1404000e88030e08 000e80030a04000d fc031004000df803
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000104c0a2a28810 000c800401000004 080606015dc802a2 08000ce003028080
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8080808080801000 0cd0030010000cc0 030210000cb00301 a010000190030303
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0303030301ffffff fffffffffff3080e 90033004000e8c03 1404000e88030e08
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000e80030a04000d fc031004000df803 0000000000003072 656c6c616b7a7973
ZMM25=2cb13ca32cb13ca3 2cb13ca32cb13ca3 2cb13ca32cb13ca3 2cb13ca32cb13ca3 2cb13ca32cb13ca3 2cb13ca32cb13ca3 2cb13ca32cb13ca3 2cb13ca32cb13ca3
ZMM26=031467ee031467ee 031467ee031467ee 031467ee031467ee 031467ee031467ee 031467ee031467ee 031467ee031467ee 031467ee031467ee 031467ee031467ee
ZMM27=adc10e2eadc10e2e adc10e2eadc10e2e adc10e2eadc10e2e adc10e2eadc10e2e adc10e2eadc10e2e adc10e2eadc10e2e adc10e2eadc10e2e adc10e2eadc10e2e
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=a0070000a0070000 a0070000a0070000 a0070000a0070000 a0070000a0070000 a0070000a0070000 a0070000a0070000 a0070000a0070000 a0070000a0070000
info registers vcpu 2

CPU#2
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8564c215 RDI=ffffffff9b118120 RBP=ffffffff9b1180e0 RSP=ffffc90003bcf630
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000064616552
R12=0000000000000000 R13=0000000000000030 R14=ffffffff9b1180e0 R15=ffffffff8564c1b0
RIP=ffffffff8564c23f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d68b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fff12f077b0 CR3=000000000e380000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000004000004 Opmask01=00000000c0000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 74353f673f510d0d a15df81cccf638b2
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5a75a062de19b137 0ec6a4a7902a7fab
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b74610c8df7f68bf 53e4995b95e6f592
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e0fcbbd3170141a2 de764923c164f4fa
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 00000000000000b4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ce486ccf4a5f99a5 bf4e341d50e33453
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a2e19970a8164fc 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5e28f75753c24b0a 3ad362ecb34c3cc3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a3a7b0b200000000 4b6f01973eae097b
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f670a3a37c2179fc f36f789f19b93753
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6980ae0e253bb712 4aad0ba01747276b
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e756f6d75004445 54504d4545525020 3a524f5455434558 452d5a5953000a29
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b504a4850004445 54504d4545525005 1f524f5455434558 45085a5953000a0c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff820b83db RDX=ffff888056f92440
RSI=ffffffff820b83e2 RDI=0000000000000004 RBP=00000000000001fd RSP=ffffc900038077d8
R8 =0000000000000004 R9 =00000000000001fd R10=00000000000000d4 R11=0000000000000000
R12=0000000000000001 R13=00000000000000d4 R14=ffff88803357e000 R15=00000000000000d3
RIP=ffffffff81bb9d88 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d69b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fb655f18710 CR3=0000000047dd9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000081120042 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb6553b76c3 00007fb6553b76c3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2073757461747320 6874697720646574
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 002a2f626f6c6700 0a2773252709000a 3a73656c69662075 7a2520746f67000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000f0a474a494200 0a0256000209000a 1f5640494c430550 5f0005514a42000a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000