last executing test programs:

57.833927478s ago: executing program 0 (id=1203):
r0 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x56, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000001c0)={0x0})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000005c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a", @ANYRESDEC=r3, @ANYRESDEC=r1], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @sched_cls}, 0x94)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={0x1, <r5=>0xffffffffffffffff}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={r5}, 0x4)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x20000810)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
syz_emit_ethernet(0xbb, &(0x7f0000000500)={@local, @link_local, @void, {@llc_tr={0x11, {@snap={0x1, 0xab, "adc1", 'zd~', 0x1, "affa412fe0060e99e03ea4d4791ad9d46477ff71d72bf11d2f062245fc435890d97443b16c89e7d50fbbcb416ff0f67232f60d8876080d43772fa064636321f4ee40231759d603a789dcc3f057bf2b539a8763917699499afdac501b008c3ffbba50fa99289e311d56bc849e539d46cf9181648bcc35ec05a862e1c3cd2c212778e5e51faa6fb32338365dc76039fd8a9015c1ee376d9eb91e7e4568d140a37c06ebbbd9"}}}}}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000000000e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000003c0)={0x0, <r7=>0x0}, 0x8)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)={@cgroup=r4, r4, 0x2f, 0x20, 0x4, @void, @void, @void, @value=r7}, 0x20)
syz_open_dev$vim2m(&(0x7f0000000440), 0x8, 0x2)
socket$rds(0x15, 0x5, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r8)

53.250638677s ago: executing program 1 (id=1226):
r0 = socket$l2tp(0x2, 0x2, 0x73)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x40240, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000003400), 0x101001, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r3, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "7ee5d52ffd"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}]}]}, 0x50}}, 0x0)
write$cgroup_int(r2, &(0x7f0000003880)=0x100000000, 0x12)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000004700)={'team0\x00', <r8=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r7, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
sendto$l2tp(r0, &(0x7f0000000040)="78e29fe478909c0ac5368e27766ddae83b60ac4527d839535999a82a70b5c48eab6bf41caaf0eac5bdf5c47a2ea8539f56e8f5bc5ade76b95bda65c56a618814fa00cd9b65ae8f2c979441b05a087a5875ec25d440eba8e266b71a79610dce17aaa20cedda20d592d1e253b3a2921b825dc8d28b09b9a733cd15de81c99a84e6c31d8e79ef70086aafd428a1eb9ce00a03112501182a1da35cc3acc8b0d3e91ffd56483b20d9c8df8433b0306842da3f06cf192a40d073e3", 0xb8, 0x20000001, &(0x7f0000000100)={0x2, 0x0, @remote, 0x2}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="304000001800010000feffffffffffff0100000002000009002200000600150004a538ae093a61a6457c446748b92453"], 0x30}, 0x1, 0x0, 0x0, 0x10001}, 0x4000000)

52.323288315s ago: executing program 0 (id=1228):
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
r2 = socket$inet(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, 0x0, &(0x7f0000000100)=0x1e)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f0000000040))
bpf$PROG_LOAD(0x4, &(0x7f0000000680)={0x3, 0x3, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x24d00)

52.30654078s ago: executing program 1 (id=1230):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
r1 = io_uring_setup(0x2f00, &(0x7f000000c480)={0x0, 0xe8e2, 0x400, 0x20001, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000540)=[{0x0}], 0x1)
r2 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x0, 0x2, 0x28b, 0x0, r1})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)}, 0x0)
io_uring_register$IORING_REGISTER_FILES(r2, 0x1e, &(0x7f0000000000)=[r1], 0x1)
r3 = creat(&(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x22)
r4 = fanotify_init(0x4, 0x1000)
fanotify_mark(r4, 0x105, 0x40009975, r3, 0x0)
setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x1)
readv(r4, &(0x7f0000000140)=[{&(0x7f0000000400)=""/142, 0x8e}], 0x1)

51.348356277s ago: executing program 1 (id=1234):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000200)={0x10000802, 0x0, 0x40000, 0x40000}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
listxattr(&(0x7f0000002240)='./file0\x00', &(0x7f00000022c0)=""/10, 0xa)
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r4, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)
sendmsg$can_j1939(r0, &(0x7f0000000640)={&(0x7f0000000300)={0x1d, r4, 0x0, {0x2, 0xff}, 0xff}, 0x18, &(0x7f0000000580)={&(0x7f0000000740)="4b16ece973caedd49474db2f1f9b0b1974e7b4a830c0baafe03d594bdf2a304b54f1427e7988d8390054aad6861e5ac62da9e4dd616af749f4db66c26ca121e7caf91ab90a73781b4fa9efc81ca5b2f20d0048357353bfff898300b67d0d3cea69aeed29744a7900e429068d2326340b6fde7c73c342124d0cb20df9635fe3933ec8657c65ee1667a1d7e90d652954f0cf6a718072337f732f1ac51392cd12fa88377c1bed85666ce994f4cd738cb47fcdde68b6dd59811ba0277505a040da36e8f5b74f3b8c26844c39419299dcc9757cce7471023fd17eaad82dee745a3e777060ed3151", 0xe5}, 0x1, 0x0, 0x0, 0x8010}, 0x40000)
r5 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a05000000000000000000050000090900020073797a31000000000c0000000000000000000004080005400000002d08000640000000001c000000120a01080000000000000000050000050800034000000009140000001100010000000000000000000a00000a"], 0x80}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r6, &(0x7f0000000300)={{0x6, @rose}, [@default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b3722133dc4fcf5979819d205e81f4a7f71c1926aae1efd7e0054a863f3d5c2925a943f3aa5cf649e3d883fe6cb55b5bb9fa6935849e6098ed88", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0xffff)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r9 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0, 0x1000})
iopl(0x3)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x0, 0x8, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r9, 0x0, 0x0, 0x0, {0x414}, 0x1})
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000000, 0x10, r0, 0x10000000)

51.037379324s ago: executing program 0 (id=1240):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
listen(r0, 0xc)
setsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000140)={@private2}, 0x14)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

50.586208565s ago: executing program 0 (id=1243):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000001d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='udp_fail_queue_rcv_skb\x00', r1, 0x0, 0x6}, 0x18)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000001d40)=ANY=[], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='udp_fail_queue_rcv_skb\x00', r5, 0x0, 0x6}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001440)={{0xffffffffffffffff, <r6=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f00000003c0)=r1}, 0x20)
pipe(&(0x7f0000000840)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000bc0)={r5, 0xe0, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r9=>0x0, 0x0, 0x0, 0x0, 0x9, 0x4, &(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0], <r10=>0x0, 0xc, &(0x7f00000009c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000a00), &(0x7f0000000a40), 0x8, 0x41, 0x8, 0x8, &(0x7f0000000a80)}}, 0x10)
r11 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x40802, 0x0)
ioctl$SG_IO(r11, 0x2285, &(0x7f0000002740)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x20000, &(0x7f0000000200)=""/4096}, &(0x7f00000025c0)="85c8800bfad6", 0x0, 0x8, 0x10011, 0x1, 0x0})
r12 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
linkat(r12, &(0x7f0000000000)='./file1\x00', r12, &(0x7f0000000240)='./file0\x00', 0x0)
r13 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, r13, 0x0)
r14 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000c40)=@o_path={&(0x7f0000000c00)='./file0\x00', 0x0, 0x10, r0}, 0x18)
r15 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r15, &(0x7f0000000440)=""/4096, 0x1000)
r16 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="1b00000000000000000000000600000000000000", @ANYRES32=0x1, @ANYRES64=r10, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="3e7d1c19eba5e93e040000000200000000000000c3fb51d131af490e03c51ad0e6e1975dcbb43f6446c2fe4d45400e276e751bd327c6769c46c6a8746b51777bf888764cae21c2aaa61bd5f504ed"], 0x50)
r17 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r16, @ANYBLOB='\t\x00'/20, @ANYRES32=r9, @ANYRES32, @ANYBLOB="01000000010000000100008c2304dc02d62600"/35], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x0, 0x12, &(0x7f00000014c0)=ANY=[@ANYBLOB="180000000400000000000000c107000003064000cc0000007f93feff0000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000860000001861000003000000000000000300000085200000f97802000000850000002a00000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xac, &(0x7f0000000780)=""/172, 0x41000, 0x4, '\x00', 0x0, @fallback=0x1, r8, 0x8, &(0x7f0000000880)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, r10, r1, 0x0, &(0x7f0000000d00)=[r2, r11, r12, r13, r14, r7, 0x1, r17, r16], 0x0, 0x10, 0x10001}, 0x94)
syz_emit_ethernet(0x86, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000800450000780000000000ff907864010101ac14142100004e20006490780200000000000000020000005bc30902bb4778ac28351b1ed825bc864d0288b120f8b0adbe789794a17ad7cf0c3bca7525cd0ddc78cd3c6999d4e1d24ff87eb55d22ff51c76255150fc3012e3bb94479a0e045949ced474f08f33e97"], 0x0)

50.586028994s ago: executing program 2 (id=1244):
r0 = syz_open_dev$sg(&(0x7f0000007b00), 0x1, 0x802)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000001c0)={0x53, 0xffffffffffffffff, 0x0, 0xe4, @scatter={0x2, 0x0, &(0x7f0000000180)=[{&(0x7f0000000240)=""/86, 0x1d}, {&(0x7f00000000c0)=""/186, 0xba}]}, 0xffffffffffffffff, 0x0, 0xc0, 0x10000, 0x3, 0x0})
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0, {0xf}}, './file0\x00'})
ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000040)={"9304e01e", 0xbee, 0x5, 0x6, 0x0, 0x5, "d0a640ba89db778719ea429b5c284a", "a6f28851", "0b8c449d", "a0c22f85", ["1e94c45ed3d8cb6675b7f6de", "403a3025ae7fc0e5ab30676f", "c8bd896e5d91150aa6145725", "2f10aa0d5acbb8726b59f995"]}) (async)
ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000040)={"9304e01e", 0xbee, 0x5, 0x6, 0x0, 0x5, "d0a640ba89db778719ea429b5c284a", "a6f28851", "0b8c449d", "a0c22f85", ["1e94c45ed3d8cb6675b7f6de", "403a3025ae7fc0e5ab30676f", "c8bd896e5d91150aa6145725", "2f10aa0d5acbb8726b59f995"]})

50.411123147s ago: executing program 3 (id=1245):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x8000)
syz_emit_ethernet(0x92, &(0x7f0000000180)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}, @val={@val={0x88a8, 0x4, 0x1, 0x1}, {0x8100, 0x7}}, {@mpls_mc={0x8848, {[{0x1, 0x0, 0x1}, {0x1}, {0x1, 0x0, 0x1}], @llc={@snap={0x1, 0xaa, "1c", "078000", 0x88a8, "50cc96f1f219b7598302b7c6f736b5ed7f88ca152047bbbbca042ce653da7e89a8f4c96445acf56974f03d9e5b71478e471c6785fe32bf3b8f5a9651926a57bbfd85701e469a4fa44205e92577326722f3acbbf2bd0533f71ff59484c1891be695140c260489eaf1"}}}}}}, &(0x7f0000000040)={0x1, 0x4, [0x61f, 0x4dd, 0x71, 0x57d]})
ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000000)={0x4})

50.409741162s ago: executing program 1 (id=1246):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=@ipv4_delrule={0x24, 0x21, 0xb12becd5a2b54ddf, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x6}]}, 0x24}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x8c0)
recvmmsg(r3, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000)=0x190, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r5=>0x0})
bind$can_raw(r4, &(0x7f00000001c0)={0x1d, r5}, 0x10)
r6 = memfd_create(&(0x7f0000000080)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aSpA\xd4\x98\x85D\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97\xe7\xe6\x97\xf9\xb3\xf6\xb9\v\xb5$\xee\x84\x1cn,B\xd5?\xe5E:+Pm\x1d\xb4\xb8', 0x0)
pipe2(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
splice(r7, 0x0, r6, &(0x7f0000000140), 0x4, 0x0)
write$tun(r8, &(0x7f0000000040)=ANY=[], 0x3)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r2, 0x1, 0x70bd28, 0x4000, {0x1a}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

50.240979268s ago: executing program 2 (id=1247):
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, 0x0, &(0x7f0000002000)) (async)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x125080, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (async)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) (async)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r1)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, r4, 0x400, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x14, 0x6, @l2={'eth', 0x3a, 'netpci0\x00'}}}}, ["", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0xc804}, 0x44) (async)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000180)) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r5=>0x0})
sendto$packet(r0, &(0x7f0000000000)="10", 0x5dc, 0x0, &(0x7f0000000340)={0x11, 0x8100, r5, 0x1, 0x0, 0x6, @local}, 0x14) (async)
msgsnd(0x0, &(0x7f0000000380)={0x1}, 0x8, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x4800, 0x0) (async)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x405, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc010, 0xc100}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x54011, 0x44800}}}}}}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0)

50.157525292s ago: executing program 3 (id=1248):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x23, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff3, 0x10}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0x1, 0x1}}}}]}, 0x40}}, 0x44080) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
r1 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r1, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0100d41f215c0000883795c04a31ba377a1b2cc32b38d3440c6942cb76cab3000000", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r4, @ANYBLOB="05005b"], 0x24}}, 0x0) (async)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_emit_ethernet(0x108, &(0x7f0000000400)={@link_local, @local, @void, {@x25={0x805, {0x3, 0x6, 0xfd, "c81f04c203b507b7777d2d747d22b12d815dd2f141a3a338cf081596e22c344973374a9238526b89a391b0031dd23edb5f132c18a09e439067c0ac01f2a51937299f94e8b8c6c1d3bd37026f8e652f126b809bcca6706b1fb4eab6fdab49895441c1c038f73fa3e9fddf8201a934eee1bd0168521bfc6b69ab01cfa65791f546279a793c9889dcd0bad72c31649258738520f1cc6f28c4f2c6f7869fee5bcd4761868d56da774cecbe05de7c16dae71683e02a0a64eee49e841b522bd5305eb6726bb12098d50f40aeddce942f1c2c5bf76dfb8beda0e719401d6ab4ec9c7159419e311774646ca0efdcc83ca4d5907c96552545dd7bf0"}}}}, &(0x7f0000000540)={0x0, 0x2, [0x3fc, 0x868, 0xdda, 0x355]}) (async)
ioctl$VIDIOC_G_SELECTION(r6, 0xc040565e, &(0x7f0000000040)={0x2, 0x2, 0x0, {0x6, 0xc, 0x1, 0x5}}) (async)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'gretap0\x00', &(0x7f0000000100)={'erspan0\x00', <r8=>0x0, 0x20, 0x7800, 0x4, 0x7, {{0x21, 0x4, 0x3, 0x0, 0x84, 0x66, 0x0, 0x3, 0x29, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x18, 0x3, [{0x7, 0x12, "2d4ff2a51646ed6ca27557762ead2b2d"}]}, @timestamp_prespec={0x44, 0x14, 0xe1, 0x3, 0x8, [{@empty, 0x7fff}, {@private=0xa010100, 0x9}]}, @ssrr={0x89, 0xf, 0xd, [@loopback, @dev={0xac, 0x14, 0x14, 0x2f}, @loopback]}, @lsrr={0x83, 0x13, 0x3d, [@remote, @local, @multicast1, @broadcast]}, @timestamp_prespec={0x44, 0x1c, 0xb3, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x81}, {@rand_addr=0x64010101, 0xc1ab}]}, @ra={0x94, 0x4}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'ip6_vti0\x00', <r9=>0x0, 0x4, 0xf, 0x5, 0x0, 0x26, @private2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x10, 0x7}})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f00000003c0)={&(0x7f0000000040), 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x58, r7, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x8}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x5}, @ETHTOOL_A_CHANNELS_HEADER={0x4}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x800)

50.156655949s ago: executing program 0 (id=1249):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r1], 0x68}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r7=>0x0})
bind$packet(r6, &(0x7f0000000300)={0x11, 0x0, r7, 0x1, 0x23, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}}, 0x14)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x6c, r5, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8040080}, 0x80)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), r8)
dup(r3)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)

50.053660227s ago: executing program 3 (id=1250):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_pie={{0x8}, {0xc, 0x2, [@TCA_PIE_TARGET={0x8, 0x1, 0xc0f}]}}]}, 0x38}}, 0x0)
connect$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x2}}, 0x10)

49.95413588s ago: executing program 3 (id=1251):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)

49.952965803s ago: executing program 2 (id=1252):
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x239, &(0x7f00000001c0)={0x0, 0x0, 0x11900}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8746}})
io_uring_enter(r0, 0x6256, 0x0, 0x0, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
r4 = add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000006162fe20b5676768696a6b6c6d6e6f707172737475767778797a30313233343536"], 0x29, 0xfffffffffffffffc)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, 0x0, &(0x7f0000000240)=@keyring={'key_or_keyring:', r4})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

49.833509037s ago: executing program 3 (id=1253):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x50)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100), 0x4)
r2 = creat(&(0x7f0000000240)='./file0\x00', 0x40)
close(r2)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x6000002, 0x4018831, r2, 0x0) (async)
read$char_usb(r2, &(0x7f0000000380)=""/190, 0xbe)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@ifindex, 0x5, 0x1, 0x1, &(0x7f0000000140)=[0x0], 0x1, 0x0, &(0x7f0000000180)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], <r3=>0x0}, 0x40)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x94001, 0x0) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', <r7=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000200000000000000080000000c00018008000100", @ANYRES32=r7, @ANYBLOB="4000028004000380380005"], 0x60}, 0x1, 0x0, 0x0, 0x40050}, 0x0) (async)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/address_bits', 0x40a200, 0x88)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000280)={@fallback=r4, r1, 0x7, 0x0, r2, @void, @value=r8, @void, @void, r3}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x13, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x81}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0x7c8}, {}, {}, {0x5, 0x0, 0xd, 0x0}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x5, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x68, '\x00', 0x0, @fallback=0x9, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

49.753754077s ago: executing program 0 (id=1254):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = add_key$user(&(0x7f0000000440), &(0x7f0000002180)={'syz', 0x1}, &(0x7f0000000240)="8b", 0x1, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f0000000140), &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000005c0)="370c099069efefe9fa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc2, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, r2, r1}, &(0x7f0000000480)=""/199, 0xc7, &(0x7f0000000580)={&(0x7f0000000340)={'sm3\x00'}})
r3 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r6 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=ANY=[@ANYBLOB='\\\x00\x00@', @ANYRES8=r6, @ANYBLOB="000000000000000000001400000008000f00fc00000018000180140002006e58c1c403c5657464657673696d300000000000000800050000fcffff08000900fd9365f373fc000000080011000700000008000e008041ce601ebc7c6c56f8f65055fae1d44af32f9f1a125d2bd9c7409109ccae4aeb41bdc6558030ad5ce0760532c43ea20fa73dd6f7e19a961d58a7bb10a50a76236282a84b0b0e2586372bc56c576b12dcf058a9365573df46c3d7a5c1fa1d4a79d46482d6ec2179c754d3f4118ab11ba57c0c2be8c6be123a00000000000000000000000000a463a026a2f3c11b94af9051754cd795f07c1117b734781cc7da584ecabf9bb220dd1f24d2947ea84ec10dee2b56d5670d724814766fac41fa0e08e016e72cf0876d1fad8e64ac60f6bae4c8aac1bad161c7894eeae3beb372746bebe7efdb78705896aee28d199027509595cce3888913b65267", @ANYRES32=r4], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x48065)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000bc0)={0x44, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x80, 0x1c, {0x3, 0x9, 0xe4c, 0x2, 0x3, 0x3865, 0x8, 0x9, 0x1, 0x5, 0x4, 0x81}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000009000000090000000060000000000000000000003000000000700000001000000060000f50d000000010000040600000005000000040000000f4f00000d00000004000084080000000900000000000000030000000f0000007457e10280000000070000000d00000002000000d20900000b00000003000000090000000f00000000000009030000000700000000000008020000000000000000000002040000000030612e3000"], &(0x7f0000000680)=""/233, 0xae, 0xe9, 0x0, 0x2, 0x10000}, 0x28)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='mem_disconnect\x00', r8}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000fc07ffff00000000000000008500000041000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f0000000040)={'syz_tun\x00', @random="6c3e7d65df10"})
ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f0000000240)={'pim6reg\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}})
r11 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r12 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r12, &(0x7f0000000200), 0x12)
bind$x25(r11, &(0x7f0000000080), 0x12)
close(r11)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0xe, 0x0, &(0x7f00000002c0)="ae24a21f9a824666f9acf0e0163f", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x3}, 0x50)

49.753277516s ago: executing program 3 (id=1255):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r0}, 0x18)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, @cgroup_sock}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200"], 0x10)
socket$l2tp(0x2, 0x2, 0x73)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018020000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000005600)='sys_enter\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r4}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0xc, 0x0, @val=@netfilter={0x0, 0x0, 0x5}}, 0x20)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x6002, 0x0)
ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x1)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000e40), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f00000000c0)=0x4)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$TUNSETSTEERINGEBPF(r7, 0x800454e0, &(0x7f0000000080)=r9)
fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f0000000200)='c:::\x00', &(0x7f0000000380)='./file0\x00', r9)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000040), 0x2000000000008, 0x800)
syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)

49.462841833s ago: executing program 2 (id=1256):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x400, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xb, 0x8}, {0x6, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40004)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
r1 = socket$inet6(0xa, 0x80002, 0x800088)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0xb, &(0x7f0000002740)=0x401, 0x4)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @remote, 0x6}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x400, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xb, 0x8}, {0x6, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40004) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) (async)
socket$inet6(0xa, 0x80002, 0x800088) (async)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) (async)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) (async)
setsockopt$inet6_udp_int(r1, 0x11, 0xb, &(0x7f0000002740)=0x401, 0x4) (async)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @remote, 0x6}, 0x1c) (async)

49.462415767s ago: executing program 1 (id=1257):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xfffffffc}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=@RTM_NEWMDB={0x17, 0x54, 0x1e5}, 0x18}}, 0x4080)
fchdir(r0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x6, 0x25dfdc03, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, [@RTA_SRC={0x8, 0x2, @private=0xa010102}]}, 0x24}}, 0x4044000)
socket$rds(0x15, 0x5, 0x0)

49.393761679s ago: executing program 1 (id=1258):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x80502, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)=0x7)
r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000140)=0x1)
write$ppp(r0, &(0x7f0000000000)="1bca55c447d22fb5e3d593ac0c65af90abc6ac2d9203bce0a14cb1c6cff5e6dd6696cd873a6f12925d2b270ee56a6bb40fc9d94fc028265525b394a78abd91297d80d71f2cc21757a283ae3253865e7f3d61ef731d579d7594a38a66624be82b1c4717505319524bf179eaf530264d6295c6148ebc1d6899cae2188a0582423e8728fb7487f18238c071bd58ef14d207d4a298db1ac0bbc80bdc78118a6fc5092b6beadf4f1e43064116d6c23a2208920820590a9ab31f1c220246aafabb6bc80f17eefa23aa9afcf58cebfedf7c2100f63676e697cf60436476c5761f1addacfe2f84e28fbbd84f7c439c0358ae1186423a89e2d1a3", 0xfffffdbe)

49.393397897s ago: executing program 2 (id=1259):
syz_usb_connect$cdc_ecm(0x3, 0x4f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010003020000202505a1a440000102030109023d00010103e19f11d50002020206000d240f01020000000200c40c08090582020002020875090503020000cd07030000000000000000000000000004f27ab45b6468f574ca3462199c9a78c1885c7815892c723ddc094d0e8450cbbc277d664b6d35155c69ee9bc5e096afef17c2782edcdbba1c05f67db2084143f94b58f811d25ea090469dcafc89e08e7163440e2b4755f42bceec13ed3f847e244fc2b32e6416404288725cbd707216be227d23def9cda1b59fd8888eb7cfbc87e64c4146993ed226bf738cba1d00"/237], 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000040)={@dev={0xac, 0x14, 0x14, 0x19}, @empty, 0x2, "4f6fb4d1af0f724e6118ecfbac0200843af297baebb0efa284da1403011a00", 0x0, 0x4, 0x81, 0x81}, 0x3c)
r0 = socket$kcm(0x10, 0x2, 0x10)
syz_io_uring_setup(0x1458, &(0x7f00000003c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r4, &(0x7f0000000480)=[{&(0x7f0000000200)=""/145, 0x91}], 0x1, &(0x7f00000007c0)=[{&(0x7f00000004c0)=""/41, 0x29}], 0x1, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x20, 0x0, r3, 0x0, 0x0, 0x0, 0x12100, 0x1})
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtaction={0x154, 0x30, 0x200, 0x0, 0x0, {0x9}, [{0x140, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3, 0x1}}}}, @m_sample={0x78, 0xc, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}]}, {0x42, 0x6, "2c95264043452d0401ddb6349baa9da8c535770a98a69454633d14cd877a597045a53bfea61a2a4f4bf3444fc73a4bc3b00a403a35fdb0e591e9cb49638d"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_skbmod={0x94, 0x20, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x4, 0x3ff, 0x2, 0x5, 0x5}, 0xc}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x101, 0x1b64, 0x4, 0x100, 0x7}, 0x9}}]}, {0x1d, 0x6, "387b811d646a7b266a823ad2aa011d6119797e401b90512b52"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x154}}, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x101880)
read(r5, &(0x7f00000002c0)=""/180, 0xb4)
close(r0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)

42.760445478s ago: executing program 2 (id=1260):
r0 = memfd_create(&(0x7f0000000300)='-B\xd5N\b\x84\xa2m\x00\v\x18\xfb\x91hMy\xdb\xd1\xa7\xb1S\xf1:)\x00\xda\xf2\xb6\x16\xad\xed\x84\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9c:\x10d\xee\xa9\xcb\x06k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\xcc\x86\xfe2E-\x16 \xc8\x95\xc1\xe0aM\x9b\x9f\xf5\xab~\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\xfb\xbc\xea\xe7\x99\xdcrE\xba\xb2\xf4\xd0\x9b\xdaH\x8d\xb6\x01\xc8\xb6\xbd', 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x9b1257219338a2c6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180), 0x8242, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000007000000070000000080000000d00000002000085230000000200000001000000040000000700000003000000060000000200000000000001000000001a0075040e000000000000020000000002400000000000080000000003000000000000090400000000000000000000030000000004000000040000000200000000612e2e6f006100"], &(0x7f0000000240)=""/84, 0x90, 0x54, 0x0, 0x4, 0x10000, @value=r4}, 0x28)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0145401, &(0x7f0000000000)={{0x3, 0x0, 0x1, 0x2}, 0x0, 0x0, 'id0\x00', 'timer0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f00000001c0)={0x5875, 0x4, 0x0, 0xfff, 0x4, 0x1})
setsockopt$IP_VS_SO_SET_ZERO(r3, 0x0, 0x48f, &(0x7f0000004ec0)={0x1, @empty, 0x4e22, 0x2, 'wlc\x00', 0x11, 0xfffff800, 0x2e}, 0x2c)

32.580955438s ago: executing program 32 (id=1254):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = add_key$user(&(0x7f0000000440), &(0x7f0000002180)={'syz', 0x1}, &(0x7f0000000240)="8b", 0x1, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f0000000140), &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000005c0)="370c099069efefe9fa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705a", 0xc2, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, r2, r1}, &(0x7f0000000480)=""/199, 0xc7, &(0x7f0000000580)={&(0x7f0000000340)={'sm3\x00'}})
r3 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r6 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=ANY=[@ANYBLOB='\\\x00\x00@', @ANYRES8=r6, @ANYBLOB="000000000000000000001400000008000f00fc00000018000180140002006e58c1c403c5657464657673696d300000000000000800050000fcffff08000900fd9365f373fc000000080011000700000008000e008041ce601ebc7c6c56f8f65055fae1d44af32f9f1a125d2bd9c7409109ccae4aeb41bdc6558030ad5ce0760532c43ea20fa73dd6f7e19a961d58a7bb10a50a76236282a84b0b0e2586372bc56c576b12dcf058a9365573df46c3d7a5c1fa1d4a79d46482d6ec2179c754d3f4118ab11ba57c0c2be8c6be123a00000000000000000000000000a463a026a2f3c11b94af9051754cd795f07c1117b734781cc7da584ecabf9bb220dd1f24d2947ea84ec10dee2b56d5670d724814766fac41fa0e08e016e72cf0876d1fad8e64ac60f6bae4c8aac1bad161c7894eeae3beb372746bebe7efdb78705896aee28d199027509595cce3888913b65267", @ANYRES32=r4], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x48065)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000bc0)={0x44, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x80, 0x1c, {0x3, 0x9, 0xe4c, 0x2, 0x3, 0x3865, 0x8, 0x9, 0x1, 0x5, 0x4, 0x81}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000009000000090000000060000000000000000000003000000000700000001000000060000f50d000000010000040600000005000000040000000f4f00000d00000004000084080000000900000000000000030000000f0000007457e10280000000070000000d00000002000000d20900000b00000003000000090000000f00000000000009030000000700000000000008020000000000000000000002040000000030612e3000"], &(0x7f0000000680)=""/233, 0xae, 0xe9, 0x0, 0x2, 0x10000}, 0x28)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='mem_disconnect\x00', r8}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000fc07ffff00000000000000008500000041000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f0000000040)={'syz_tun\x00', @random="6c3e7d65df10"})
ioctl$SIOCSIFHWADDR(r10, 0x8924, &(0x7f0000000240)={'pim6reg\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}})
r11 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r12 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r12, &(0x7f0000000200), 0x12)
bind$x25(r11, &(0x7f0000000080), 0x12)
close(r11)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0xe, 0x0, &(0x7f00000002c0)="ae24a21f9a824666f9acf0e0163f", 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x3}, 0x50)

7.820018214s ago: executing program 33 (id=1255):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r0}, 0x18)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x47, '\x00', 0x0, @cgroup_sock}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200"], 0x10)
socket$l2tp(0x2, 0x2, 0x73)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018020000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000005600)='sys_enter\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r4}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0xc, 0x0, @val=@netfilter={0x0, 0x0, 0x5}}, 0x20)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x6002, 0x0)
ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x1)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000e40), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f00000000c0)=0x4)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$TUNSETSTEERINGEBPF(r7, 0x800454e0, &(0x7f0000000080)=r9)
fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f0000000200)='c:::\x00', &(0x7f0000000380)='./file0\x00', r9)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000040), 0x2000000000008, 0x800)
syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)

7.776811464s ago: executing program 34 (id=1258):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x80502, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)=0x7)
r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000140)=0x1)
write$ppp(r0, &(0x7f0000000000)="1bca55c447d22fb5e3d593ac0c65af90abc6ac2d9203bce0a14cb1c6cff5e6dd6696cd873a6f12925d2b270ee56a6bb40fc9d94fc028265525b394a78abd91297d80d71f2cc21757a283ae3253865e7f3d61ef731d579d7594a38a66624be82b1c4717505319524bf179eaf530264d6295c6148ebc1d6899cae2188a0582423e8728fb7487f18238c071bd58ef14d207d4a298db1ac0bbc80bdc78118a6fc5092b6beadf4f1e43064116d6c23a2208920820590a9ab31f1c220246aafabb6bc80f17eefa23aa9afcf58cebfedf7c2100f63676e697cf60436476c5761f1addacfe2f84e28fbbd84f7c439c0358ae1186423a89e2d1a3", 0xfffffdbe)

0s ago: executing program 35 (id=1260):
r0 = memfd_create(&(0x7f0000000300)='-B\xd5N\b\x84\xa2m\x00\v\x18\xfb\x91hMy\xdb\xd1\xa7\xb1S\xf1:)\x00\xda\xf2\xb6\x16\xad\xed\x84\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9c:\x10d\xee\xa9\xcb\x06k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\xcc\x86\xfe2E-\x16 \xc8\x95\xc1\xe0aM\x9b\x9f\xf5\xab~\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\xfb\xbc\xea\xe7\x99\xdcrE\xba\xb2\xf4\xd0\x9b\xdaH\x8d\xb6\x01\xc8\xb6\xbd', 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x9b1257219338a2c6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180), 0x8242, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000007000000070000000080000000d00000002000085230000000200000001000000040000000700000003000000060000000200000000000001000000001a0075040e000000000000020000000002400000000000080000000003000000000000090400000000000000000000030000000004000000040000000200000000612e2e6f006100"], &(0x7f0000000240)=""/84, 0x90, 0x54, 0x0, 0x4, 0x10000, @value=r4}, 0x28)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0145401, &(0x7f0000000000)={{0x3, 0x0, 0x1, 0x2}, 0x0, 0x0, 'id0\x00', 'timer0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f00000001c0)={0x5875, 0x4, 0x0, 0xfff, 0x4, 0x1})
setsockopt$IP_VS_SO_SET_ZERO(r3, 0x0, 0x48f, &(0x7f0000004ec0)={0x1, @empty, 0x4e22, 0x2, 'wlc\x00', 0x11, 0xfffff800, 0x2e}, 0x2c)

kernel console output (not intermixed with test programs):

iscuous mode
[   77.098648][ T7549] bond3: (slave veth5): Enslaving as a backup interface with a down link
[   77.112582][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.116623][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.119672][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.122432][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.124918][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.129712][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.133424][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.137705][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.140536][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.148384][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149305][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149413][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149477][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149539][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149596][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149655][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149713][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149774][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149832][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149891][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.149950][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150011][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150070][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150128][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150187][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150283][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150344][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150411][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150517][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150845][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150911][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.150970][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151034][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151094][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151154][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151211][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151277][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151337][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151396][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151458][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151519][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151627][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151697][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151769][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151830][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151887][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.151946][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152005][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152067][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152127][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152189][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152248][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152311][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152848][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152934][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.152993][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153056][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153114][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153299][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153359][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153418][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153487][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153547][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153606][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.153666][ T7566] trusted_key: encrypted_key: hex blob is missing
[   77.158179][ T7572] tmpfs: User quota inode hardlimit too large.
[   77.234829][ T7583] __nla_validate_parse: 6 callbacks suppressed
[   77.234839][ T7583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.509'.
[   77.264725][   T40] audit: type=1400 audit(1751805479.541:483): avc:  denied  { getopt } for  pid=7586 comm="syz.1.510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   77.265764][ T7583] netlink: 'syz.2.509': attribute type 7 has an invalid length.
[   77.265785][ T7583] netlink: 'syz.2.509': attribute type 8 has an invalid length.
[   77.265791][ T7583] netlink: 4 bytes leftover after parsing attributes in process `syz.2.509'.
[   77.268890][ T7583] veth1_to_team: entered promiscuous mode
[   77.294739][ T7591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.511'.
[   77.300969][ T7583] erspan0: entered promiscuous mode
[   77.320094][ T7583] gretap0: entered promiscuous mode
[   77.390223][ T7604] netlink: 'syz.1.513': attribute type 10 has an invalid length.
[   77.399960][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.407914][ T7604] netlink: 'syz.1.513': attribute type 10 has an invalid length.
[   77.412701][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.417766][ T7607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.515'.
[   77.418705][ T7604] netlink: 'syz.1.513': attribute type 10 has an invalid length.
[   77.428707][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.435670][ T7604] netlink: 'syz.1.513': attribute type 10 has an invalid length.
[   77.439001][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.445257][ T7604] netlink: 'syz.1.513': attribute type 10 has an invalid length.
[   77.453637][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.463094][ T7604] netlink: 'syz.1.513': attribute type 10 has an invalid length.
[   77.479257][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.490261][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.511188][ T7619] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.521'.
[   77.513680][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.520841][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.533117][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.552926][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.559488][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.567849][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.574270][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.580596][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.587276][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.599167][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.606853][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.613952][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.622561][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.631004][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.642160][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.651471][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.664776][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.671778][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.678577][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.686612][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.692403][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.698539][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.705697][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.718192][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.732400][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.743691][ T7604] team0: Device hsr_slave_0 failed to register rx_handler
[   77.852798][ T7652] netlink: 68 bytes leftover after parsing attributes in process `syz.1.533'.
[   77.905449][ T7664] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   77.939238][ T7664] input: syz1 as /devices/virtual/input/input9
[   77.997033][ T7672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.538'.
[   78.000084][ T7672] netlink: 16 bytes leftover after parsing attributes in process `syz.1.538'.
[   78.051676][ T7677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.538'.
[   78.083496][ T7679] netlink: 204988 bytes leftover after parsing attributes in process `syz.3.541'.
[   78.328875][ T7694] batman_adv: batadv0: Adding interface: dummy0
[   78.331048][ T7694] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.339705][ T7694] batman_adv: batadv0: Interface activated: dummy0
[   78.353658][ T7694] batadv0: mtu less than device minimum
[   78.357233][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.361254][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.365020][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.368881][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.372583][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.376446][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.380201][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.383860][ T7694] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   78.425865][ T7701] fuse: Unknown parameter '00000000000000000003'
[   79.603877][ T7757] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[   79.606828][ T7757] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   79.611817][ T7757] vhci_hcd vhci_hcd.0: Device attached
[   79.616555][ T7758] vhci_hcd: cannot find a urb of seqnum 4294967226 max seqnum 0
[   79.620975][ T1143] vhci_hcd: stop threads
[   79.622728][ T1143] vhci_hcd: release socket
[   79.624160][ T1143] vhci_hcd: disconnect device
[   80.630723][ T7795] FAULT_INJECTION: forcing a failure.
[   80.630723][ T7795] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   80.637560][ T7795] CPU: 2 UID: 0 PID: 7795 Comm: syz.0.583 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   80.637584][ T7795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.637595][ T7795] Call Trace:
[   80.637600][ T7795]  <TASK>
[   80.637607][ T7795]  dump_stack_lvl+0x16c/0x1f0
[   80.637655][ T7795]  should_fail_ex+0x512/0x640
[   80.637688][ T7795]  _copy_from_user+0x2e/0xd0
[   80.637714][ T7795]  _autofs_dev_ioctl+0x117/0xb40
[   80.637736][ T7795]  ? hook_file_ioctl_common+0x145/0x410
[   80.637755][ T7795]  ? __pfx__autofs_dev_ioctl+0x10/0x10
[   80.637789][ T7795]  ? selinux_file_ioctl+0x180/0x270
[   80.637811][ T7795]  ? selinux_file_ioctl+0xb4/0x270
[   80.637836][ T7795]  autofs_dev_ioctl+0x1a/0x30
[   80.637857][ T7795]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[   80.637878][ T7795]  __x64_sys_ioctl+0x18e/0x210
[   80.637901][ T7795]  do_syscall_64+0xcd/0x4c0
[   80.637934][ T7795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.637952][ T7795] RIP: 0033:0x7f401598e929
[   80.637965][ T7795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.637981][ T7795] RSP: 002b:00007f4016899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   80.637998][ T7795] RAX: ffffffffffffffda RBX: 00007f4015bb5fa0 RCX: 00007f401598e929
[   80.638009][ T7795] RDX: 0000200000000100 RSI: 00000000c0189378 RDI: 0000000000000003
[   80.638020][ T7795] RBP: 00007f4016899090 R08: 0000000000000000 R09: 0000000000000000
[   80.638030][ T7795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   80.638040][ T7795] R13: 0000000000000000 R14: 00007f4015bb5fa0 R15: 00007ffee11b0248
[   80.638063][ T7795]  </TASK>
[   80.811184][ T7812] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.233016][ T7854] syz.2.603: attempt to access beyond end of device
[   81.233016][ T7854] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0
[   81.237800][ T7854] SQUASHFS error: Failed to read block 0x0: -5
[   81.239774][ T7854] unable to read squashfs_super_block
[   81.248025][ T7856] FAULT_INJECTION: forcing a failure.
[   81.248025][ T7856] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   81.252002][ T7856] CPU: 3 UID: 0 PID: 7856 Comm: syz.3.604 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   81.252017][ T7856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   81.252023][ T7856] Call Trace:
[   81.252027][ T7856]  <TASK>
[   81.252031][ T7856]  dump_stack_lvl+0x16c/0x1f0
[   81.252051][ T7856]  should_fail_ex+0x512/0x640
[   81.252069][ T7856]  _copy_from_user+0x2e/0xd0
[   81.252086][ T7856]  memdup_user+0x6b/0xe0
[   81.252102][ T7856]  _autofs_dev_ioctl+0x212/0xb40
[   81.252117][ T7856]  ? hook_file_ioctl_common+0x145/0x410
[   81.252129][ T7856]  ? __pfx__autofs_dev_ioctl+0x10/0x10
[   81.252145][ T7856]  ? selinux_file_ioctl+0x180/0x270
[   81.252161][ T7856]  ? selinux_file_ioctl+0xb4/0x270
[   81.252178][ T7856]  autofs_dev_ioctl+0x1a/0x30
[   81.252191][ T7856]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[   81.252205][ T7856]  __x64_sys_ioctl+0x18e/0x210
[   81.252219][ T7856]  do_syscall_64+0xcd/0x4c0
[   81.252240][ T7856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.252251][ T7856] RIP: 0033:0x7f6dd478e929
[   81.252260][ T7856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.252270][ T7856] RSP: 002b:00007f6dd25f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   81.252281][ T7856] RAX: ffffffffffffffda RBX: 00007f6dd49b5fa0 RCX: 00007f6dd478e929
[   81.252287][ T7856] RDX: 0000200000000100 RSI: 00000000c0189378 RDI: 0000000000000003
[   81.252293][ T7856] RBP: 00007f6dd25f6090 R08: 0000000000000000 R09: 0000000000000000
[   81.252299][ T7856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   81.252305][ T7856] R13: 0000000000000000 R14: 00007f6dd49b5fa0 R15: 00007ffc910c4e58
[   81.252318][ T7856]  </TASK>
[   81.310528][ T7857] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   81.314359][ T7857] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   81.318524][ T7857] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   81.322165][ T7857] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   81.330999][ T7857] vxlan0: entered promiscuous mode
[   81.337150][   T54] cfg80211: failed to load regulatory.db
[   81.397957][ T7861] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   81.812668][ T7867] CIFS: Unable to determine destination address
[   81.946623][ T7877] xfrm1: entered allmulticast mode
[   83.157798][   T40] kauditd_printk_skb: 29 callbacks suppressed
[   83.157814][   T40] audit: type=1400 audit(1751805485.441:513): avc:  denied  { setattr } for  pid=7890 comm="syz.2.616" path="/dev/ptyq9" dev="devtmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[   83.405122][   T61] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   83.545892][   T61] usb 7-1: device descriptor read/64, error -71
[   83.785135][   T61] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   83.917208][ T7897] validate_nla: 31 callbacks suppressed
[   83.917261][ T7897] netlink: 'syz.1.618': attribute type 3 has an invalid length.
[   83.921893][ T7897] netlink: 'syz.1.618': attribute type 1 has an invalid length.
[   83.924681][ T7897] __nla_validate_parse: 5 callbacks suppressed
[   83.924708][ T7897] netlink: 220 bytes leftover after parsing attributes in process `syz.1.618'.
[   83.931513][ T7897] NCSI netlink: No device for ifindex 0
[   83.935210][   T61] usb 7-1: device descriptor read/64, error -71
[   83.938053][ T7897] netlink: 'syz.1.618': attribute type 10 has an invalid length.
[   83.941151][ T7897] lo: entered promiscuous mode
[   83.948419][ T7897] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   84.045440][   T61] usb usb7-port1: attempt power cycle
[   84.385174][   T61] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   84.405972][   T61] usb 7-1: device descriptor read/8, error -71
[   84.599348][   T40] audit: type=1400 audit(1751805486.881:514): avc:  denied  { accept } for  pid=7901 comm="syz.1.620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   84.655101][   T61] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   84.678010][   T61] usb 7-1: device descriptor read/8, error -71
[   84.795883][   T61] usb usb7-port1: unable to enumerate USB device
[   84.821717][   T40] audit: type=1326 audit(1751805487.101:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.3.624" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6dd478e929 code=0x0
[   84.869487][ T7920] fuse: Unknown parameter 'æd0x0000000000000003'
[   85.181625][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0809
[   85.240057][   T40] audit: type=1400 audit(1751805487.521:516): avc:  denied  { create } for  pid=7945 comm="syz.1.635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[   85.286561][ T7944] netlink: 'syz.0.634': attribute type 1 has an invalid length.
[   85.354568][   T40] audit: type=1400 audit(1751805487.631:517): avc:  denied  { name_bind 0x1000000 } for  pid=7961 comm="syz.1.639" path="socket:[20556]" dev="sockfs" ino=20556 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[   85.364873][ T7961] fanotify: failed to encode fid (type=0, len=0, err=-2)
[   85.458942][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0407
[   85.591145][   T40] audit: type=1400 audit(1751805487.871:518): avc:  denied  { read append } for  pid=7992 comm="syz.0.647" name="file0" dev="9p" ino=35913946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   85.599248][   T40] audit: type=1400 audit(1751805487.871:519): avc:  denied  { open } for  pid=7992 comm="syz.0.647" path="/156/bus/file0" dev="9p" ino=35913946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   85.772298][ T8008] netlink: 8 bytes leftover after parsing attributes in process `syz.1.649'.
[   86.195169][   T40] audit: type=1400 audit(1751805488.471:520): avc:  denied  { ioctl } for  pid=8009 comm="syz.2.651" path="socket:[19785]" dev="sockfs" ino=19785 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   86.469994][ T8008] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[   86.479532][ T8016] dvmrp1: entered allmulticast mode
[   86.527876][   T40] audit: type=1400 audit(1751805488.811:521): avc:  denied  { ioctl } for  pid=8021 comm="syz.2.654" path="socket:[19224]" dev="sockfs" ino=19224 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   86.528329][ T8022] netlink: 4 bytes leftover after parsing attributes in process `syz.2.654'.
[   86.580445][ T8024] netlink: 88 bytes leftover after parsing attributes in process `syz.2.654'.
[   86.608017][ T8026] FAULT_INJECTION: forcing a failure.
[   86.608017][ T8026] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   86.612796][ T8026] CPU: 2 UID: 0 PID: 8026 Comm: syz.1.655 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   86.612812][ T8026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.612819][ T8026] Call Trace:
[   86.612823][ T8026]  <TASK>
[   86.612827][ T8026]  dump_stack_lvl+0x16c/0x1f0
[   86.612863][ T8026]  should_fail_ex+0x512/0x640
[   86.612889][ T8026]  _copy_from_user+0x2e/0xd0
[   86.612906][ T8026]  kstrtouint_from_user+0xd6/0x1d0
[   86.612919][ T8026]  ? __pfx_kstrtouint_from_user+0x10/0x10
[   86.612931][ T8026]  ? __lock_acquire+0xb8a/0x1c90
[   86.612947][ T8026]  proc_fail_nth_write+0x83/0x250
[   86.612963][ T8026]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   86.612980][ T8026]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   86.612994][ T8026]  vfs_write+0x2a0/0x1150
[   86.613012][ T8026]  ? __pfx___mutex_lock+0x10/0x10
[   86.613035][ T8026]  ? __pfx_vfs_write+0x10/0x10
[   86.613064][ T8026]  ? __fget_files+0x20e/0x3c0
[   86.613097][ T8026]  ksys_write+0x12a/0x250
[   86.613119][ T8026]  ? __pfx_ksys_write+0x10/0x10
[   86.613136][ T8026]  ? fdget+0x187/0x210
[   86.613154][ T8026]  do_syscall_64+0xcd/0x4c0
[   86.613171][ T8026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.613183][ T8026] RIP: 0033:0x7fc07bf8d3df
[   86.613192][ T8026] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   86.613203][ T8026] RSP: 002b:00007fc07cde5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   86.613213][ T8026] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc07bf8d3df
[   86.613219][ T8026] RDX: 0000000000000001 RSI: 00007fc07cde50a0 RDI: 0000000000000003
[   86.613225][ T8026] RBP: 00007fc07cde5090 R08: 0000000000000000 R09: 0000000000000000
[   86.613231][ T8026] R10: 000000000000000e R11: 0000000000000293 R12: 0000000000000001
[   86.613237][ T8026] R13: 0000000000000000 R14: 00007fc07c1b5fa0 R15: 00007fff50e2b448
[   86.613251][ T8026]  </TASK>
[   86.639373][ T8028] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[   86.682348][ T8028] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   86.687784][ T8028] vhci_hcd vhci_hcd.0: Device attached
[   86.697074][ T8029] vhci_hcd: connection closed
[   86.703303][ T1143] vhci_hcd: stop threads
[   86.707713][ T1143] vhci_hcd: release socket
[   86.709366][ T1143] vhci_hcd: disconnect device
[   86.945590][ T5310] Bluetooth: hci0: unexpected event for opcode 0x0000
[   86.947189][ T8035] netlink: 8 bytes leftover after parsing attributes in process `syz.2.658'.
[   86.951186][ T8035] comedi comedi0: rti802: I/O port conflict (0xee,4)
[   86.979374][ T8043] syzkaller1: tun_chr_ioctl cmd 1074025675
[   86.981424][ T8043] syzkaller1: persist enabled
[   87.029876][ T8043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.660'.
[   87.121591][ T5310] Bluetooth: hci2: SCO packet for unknown connection handle 200
[   87.272821][ T8052] netlink: 32 bytes leftover after parsing attributes in process `syz.1.664'.
[   87.282252][ T8052] netlink: 24 bytes leftover after parsing attributes in process `syz.1.664'.
[   87.384586][ T8070] fuse: Unknown parameter '0x0000000000000003'
[   87.399343][   T40] audit: type=1400 audit(1751805489.681:522): avc:  denied  { ioctl } for  pid=8071 comm="syz.1.668" path="socket:[19833]" dev="sockfs" ino=19833 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   87.570369][ T5310] Bluetooth: hci1: unexpected event for opcode 0x0407
[   87.640639][ T8097] tmpfs: Bad value for 'mpol'
[   87.650232][ T8113] raw_sendmsg: syz.1.681 forgot to set AF_INET. Fix it!
[   87.687924][ T8116] fuse: Unknown parameter '0x0000000000000003'
[   87.777288][ T8129] netlink: 20 bytes leftover after parsing attributes in process `syz.0.687'.
[   87.780376][ T8129] nbd: must specify a size in bytes for the device
[   87.787693][ T8131] netlink: 20 bytes leftover after parsing attributes in process `syz.0.687'.
[   87.791464][ T8131] nbd: must specify a size in bytes for the device
[   87.832967][ T5310] Bluetooth: hci1: unexpected event for opcode 0x0407
[   87.854117][ T8144] Driver unsupported XDP return value 0 on prog  (id 98) dev N/A, expect packet loss!
[   87.863340][ T8147] PKCS7: Unknown OID: [4] 5.25.43183(bad)
[   87.866052][ T8147] PKCS7: Only support pkcs7_signedData type
[   87.901955][ T8144] program syz.1.691 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   87.943398][ T8157] mmap: syz.2.693 (8157) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   88.015498][   T54] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[   88.021190][ T8156] 9pnet_rdma: rdma_create_trans (8156): problem binding to privport: 13
[   88.025935][ T8156] overlayfs: maximum fs stacking depth exceeded
[   88.033757][ T8164] fuse: Unknown parameter '0x0000000000000003'
[   88.102862][ T5310] Bluetooth: hci3: unexpected event for opcode 0x0407
[   89.010897][ T8185] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[   89.016322][   T40] kauditd_printk_skb: 28 callbacks suppressed
[   89.016331][   T40] audit: type=1400 audit(1751805491.301:551): avc:  denied  { ioctl } for  pid=8187 comm="syz.3.707" path="/dev/usbmon8" dev="devtmpfs" ino=762 ioctlcmd=0x9203 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   89.031830][   T40] audit: type=1400 audit(1751805491.301:552): avc:  denied  { append } for  pid=8187 comm="syz.3.707" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[   89.066143][ T5310] Bluetooth: hci0: unexpected event for opcode 0x0407
[   89.080712][ T8204] fuse: Unknown parameter 'fd0x0000000000000003'
[   89.093630][ T8201] netlink: 'syz.3.711': attribute type 1 has an invalid length.
[   89.099637][ T8206] sg_write: data in/out 10438218/1 bytes for SCSI command 0x6b-- guessing data in;
[   89.099637][ T8206]    program syz.2.713 not setting count and/or reply_len properly
[   89.119393][ T8207] __nla_validate_parse: 2 callbacks suppressed
[   89.119406][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.709'.
[   89.152295][ T8212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.715'.
[   89.190838][ T8207] bond0: (slave bond_slave_1): Releasing backup interface
[   89.191158][ T8216] syz.3.716: attempt to access beyond end of device
[   89.191158][ T8216] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[   89.197963][ T8216] syz.3.716: attempt to access beyond end of device
[   89.197963][ T8216] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[   89.202233][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   89.205597][ T8216] syz.3.716: attempt to access beyond end of device
[   89.205597][ T8216] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[   89.209858][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   89.212061][ T8217] netlink: 12 bytes leftover after parsing attributes in process `syz.2.715'.
[   89.228917][ T8216] syz.3.716: attempt to access beyond end of device
[   89.228917][ T8216] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[   89.234361][ T8216] syz.3.716: attempt to access beyond end of device
[   89.234361][ T8216] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[   89.240381][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   89.244897][ T8216] syz.3.716: attempt to access beyond end of device
[   89.244897][ T8216] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[   89.251730][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   89.256804][ T8216] syz.3.716: attempt to access beyond end of device
[   89.256804][ T8216] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[   89.262157][ T8216] syz.3.716: attempt to access beyond end of device
[   89.262157][ T8216] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[   89.267901][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   89.271293][ T8216] syz.3.716: attempt to access beyond end of device
[   89.271293][ T8216] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[   89.275448][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   89.278611][ T8216] syz.3.716: attempt to access beyond end of device
[   89.278611][ T8216] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[   89.282589][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   89.285913][ T8216] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   89.288800][ T8216] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[   89.311820][ T8225] netlink: 'syz.2.719': attribute type 1 has an invalid length.
[   89.315671][ T8225] netlink: 'syz.2.719': attribute type 10 has an invalid length.
[   89.317505][ T8226] xt_nfacct: accounting object `syz1' does not exists
[   89.318318][ T8225] netlink: 40 bytes leftover after parsing attributes in process `syz.2.719'.
[   89.336491][ T8225] team0: Port device geneve0 added
[   89.347501][   T40] audit: type=1400 audit(1751805491.631:553): avc:  denied  { watch } for  pid=8229 comm="syz.3.720" path="/217/file0" dev="9p" ino=35913874 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   89.355861][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0407
[   89.370815][ T8230] 9pnet_fd: p9_fd_create_unix (8230): problem connecting socket: ./file0/file0: -111
[   89.376010][   T40] audit: type=1400 audit(1751805491.651:554): avc:  denied  { write } for  pid=8229 comm="syz.3.720" name="file0" dev="9p" ino=35913946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   89.397629][   T40] audit: type=1400 audit(1751805491.681:555): avc:  denied  { map } for  pid=8229 comm="syz.3.720" path="/217/file0/cpu.stat" dev="9p" ino=35913970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   89.406227][ T8230] netfs: Couldn't get user pages (rc=-14)
[   89.406564][   T40] audit: type=1400 audit(1751805491.681:556): avc:  denied  { read write } for  pid=8224 comm="syz.2.719" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[   89.410948][ T8241] SELinux:  Context system_u:object_r:dhcpc_state_t:s0 is not valid (left unmapped).
[   89.415420][   T40] audit: type=1400 audit(1751805491.681:557): avc:  denied  { open } for  pid=8224 comm="syz.2.719" path="/168/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[   89.417410][ T8225] netlink: 12 bytes leftover after parsing attributes in process `syz.2.719'.
[   89.428287][   T40] audit: type=1400 audit(1751805491.701:558): avc:  denied  { relabelto } for  pid=8239 comm="syz.1.724" name="cgroup" dev="tmpfs" ino=889 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 trawcon="system_u:object_r:dhcpc_state_t:s0"
[   89.437404][   T40] audit: type=1400 audit(1751805491.701:559): avc:  denied  { associate } for  pid=8239 comm="syz.1.724" name="cgroup" dev="tmpfs" ino=889 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:dhcpc_state_t:s0"
[   89.488151][ T8247] fuse: Unknown parameter 'fd0x0000000000000003'
[   89.650515][ T5310] Bluetooth: hci3: unexpected event for opcode 0x0407
[   89.692795][ T8276] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.736' resets device
[   89.696031][ T8276] binder: BC_ACQUIRE_RESULT not supported
[   89.697777][ T8276] binder: 8275:8276 ioctl c0306201 200000000180 returned -22
[   89.708801][ T8281] fuse: Unknown parameter 'fd0x0000000000000003'
[   89.734146][ T8286] netlink: 24 bytes leftover after parsing attributes in process `syz.0.740'.
[   89.734313][ T8287] netlink: 20 bytes leftover after parsing attributes in process `syz.2.739'.
[   89.745797][   T40] audit: type=1400 audit(1751805492.021:560): avc:  denied  { read } for  pid=8284 comm="syz.2.739" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[   89.764812][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0407
[   89.981398][ T8310] netlink: 16 bytes leftover after parsing attributes in process `syz.3.747'.
[   90.634019][ T5310] Bluetooth: hci0: unexpected event for opcode 0x0407
[   90.691836][ T8338] binder: 8336:8338 ioctl c0046209 0 returned -22
[   90.823483][ T8347] [U] 
[   90.824842][ T8347] [U] 
[   90.825818][ T8347] [U] 
[   90.826798][ T8347] [U] 
[   90.828075][ T8347] [U] 
[   90.829155][ T8347] [U] 
[   90.830206][ T8347] [U] 
[   90.831287][ T8347] [U] 
[   90.832449][ T8347] [U] 
[   90.833521][ T8347] [U] 
[   90.834593][ T8347] [U] 
[   90.835690][ T8347] [U] 
[   90.838412][ T8347] [U] 
[   90.839429][ T8347] [U] 
[   90.840404][ T8347] [U] 
[   90.840489][ T8349] netlink: 'syz.0.762': attribute type 1 has an invalid length.
[   90.841341][ T8347] [U] 
[   90.844565][ T8349] netlink: 'syz.0.762': attribute type 3 has an invalid length.
[   90.848824][ T8346] [U] 
[   90.850186][ T8349] netlink: 224 bytes leftover after parsing attributes in process `syz.0.762'.
[   90.853842][ T8349] NCSI netlink: No device for ifindex 0
[   90.893772][ T5310] Bluetooth: hci3: unexpected event for opcode 0x0407
[   90.949591][ T8363] netlink: 'syz.1.767': attribute type 9 has an invalid length.
[   90.957711][ T8367] overlayfs: empty lowerdir
[   90.957818][ T8360] overlayfs: empty lowerdir
[   90.962314][ T8363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.767'.
[   91.115821][ T5310] Bluetooth: hci3: unexpected event for opcode 0x0411
[   91.149036][ T8388] netlink: 'syz.2.774': attribute type 27 has an invalid length.
[   91.152067][ T8388] netlink: 'syz.2.774': attribute type 5 has an invalid length.
[   91.217981][ T8393] program syz.2.776 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   91.222961][ T8391] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   91.232639][ T8395] netlink: 'syz.1.777': attribute type 4 has an invalid length.
[   91.236400][ T8391] kvm: pic: non byte read
[   91.267481][ T8395] : renamed from bond0 (while UP)
[   91.342494][ T8401] fuse: blksize only supported for fuseblk
[   91.343023][ T8404] xt_l2tp: unknown flags: f1
[   91.418581][ T8413] netlink: 'syz.1.781': attribute type 2 has an invalid length.
[   91.423527][ T8413] vxcan1: tx address claim with dlc 7
[   91.505198][ T5310] Bluetooth: hci1: Unable to find connection with handle 0x00c9
[   91.616060][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0407
[   91.765235][   T54] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   91.925244][   T54] usb 6-1: Using ep0 maxpacket: 8
[   91.930468][   T54] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[   91.934043][   T54] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   91.938097][   T54] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   91.942024][   T54] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   91.946269][   T54] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   91.951525][   T54] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   91.955418][   T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.065189][ T6211] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   92.165689][   T54] usb 6-1: usb_control_msg returned -32
[   92.167701][   T54] usbtmc 6-1:16.0: can't read capabilities
[   92.215193][ T6211] usb 7-1: Using ep0 maxpacket: 32
[   92.218370][ T6211] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[   92.221245][ T6211] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   92.224912][ T6211] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[   92.228766][ T6211] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   92.231731][ T6211] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   92.234935][ T6211] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   92.239917][ T6211] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   92.243295][ T6211] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.251544][ T6211] usb 7-1: config 0 descriptor??
[   92.463141][ T6211] usblp 7-1:0.0: usblp1: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   92.470148][ T6211] usb 7-1: USB disconnect, device number 6
[   92.477294][ T6211] usblp1: removed
[   92.518796][ T8461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.522426][ T8461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.795238][ T6211] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   92.800897][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0407
[   92.945216][ T6211] usb 7-1: Using ep0 maxpacket: 32
[   92.948130][ T8478] usbtmc 6-1:16.0: INITIATE_CLEAR returned 0
[   92.948720][ T6211] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[   92.953237][ T6211] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   92.956198][ T6211] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[   92.959315][ T6211] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   92.962451][ T6211] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   92.965503][ T6211] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   92.969663][ T6211] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   92.972581][ T6211] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.978075][ T6211] usb 7-1: config 0 descriptor??
[   93.186162][ T6211] usblp 7-1:0.0: usblp1: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   93.195792][ T6211] usb 7-1: USB disconnect, device number 7
[   93.199926][ T6211] usblp1: removed
[   93.226402][ T8483] tmpfs: Unknown parameter 'hug'
[   93.644176][ T8498] use of bytesused == 0 is deprecated and will be removed in the future,
[   93.647910][ T8498] use the actual size instead.
[   93.939495][ T8525] syzkaller1: entered promiscuous mode
[   93.941941][ T8525] syzkaller1: entered allmulticast mode
[   93.951538][ T8525] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.954873][ T8525] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.184961][ T8530] tipc: Started in network mode
[   94.188698][ T8530] tipc: Node identity ac14140f, cluster identity 4711
[   94.192177][ T8530] tipc: New replicast peer: 255.255.255.255
[   94.195651][ T8530] tipc: Enabled bearer <udp:syz2>, priority 10
[   94.198871][ T8530] __nla_validate_parse: 13 callbacks suppressed
[   94.198884][ T8530] netlink: 12 bytes leftover after parsing attributes in process `syz.2.823'.
[   94.205194][ T8530] tipc: Disabling bearer <udp:syz2>
[   94.697699][ T6042] usb 6-1: USB disconnect, device number 3
[   94.720549][   T40] kauditd_printk_skb: 23 callbacks suppressed
[   94.720565][   T40] audit: type=1400 audit(1751805497.001:584): avc:  denied  { write } for  pid=8540 comm="syz.3.829" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   94.753518][   T40] audit: type=1400 audit(1751805497.031:585): avc:  denied  { listen } for  pid=8540 comm="syz.3.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   94.824205][ T8554] bio_check_eod: 2 callbacks suppressed
[   94.824220][ T8554] syz.3.831: attempt to access beyond end of device
[   94.824220][ T8554] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[   94.830734][ T8554] syz.3.831: attempt to access beyond end of device
[   94.830734][ T8554] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[   94.835383][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   94.838573][ T8554] syz.3.831: attempt to access beyond end of device
[   94.838573][ T8554] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[   94.842846][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   94.849463][ T8554] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found
[   94.852452][ T8554] UDF-fs: Scanning with blocksize 512 failed
[   94.855294][ T8554] syz.3.831: attempt to access beyond end of device
[   94.855294][ T8554] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[   94.859710][ T8554] syz.3.831: attempt to access beyond end of device
[   94.859710][ T8554] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[   94.863977][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   94.868798][ T8554] syz.3.831: attempt to access beyond end of device
[   94.868798][ T8554] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[   94.872995][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   94.876123][ T8554] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found
[   94.878645][ T8554] UDF-fs: Scanning with blocksize 1024 failed
[   94.881011][ T8554] syz.3.831: attempt to access beyond end of device
[   94.881011][ T8554] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[   94.885511][ T8554] syz.3.831: attempt to access beyond end of device
[   94.885511][ T8554] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[   94.889642][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   94.894008][ T8554] syz.3.831: attempt to access beyond end of device
[   94.894008][ T8554] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[   94.898425][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   94.901624][ T8554] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found
[   94.904146][ T8554] UDF-fs: Scanning with blocksize 2048 failed
[   94.906683][ T8554] syz.3.831: attempt to access beyond end of device
[   94.906683][ T8554] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[   94.910883][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[   94.914119][ T8554] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[   94.917646][ T8554] UDF-fs: warning (device nbd3): udf_load_vrs: No anchor found
[   94.920170][ T8554] UDF-fs: Scanning with blocksize 4096 failed
[   94.922139][ T8554] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[   94.924033][   T40] audit: type=1400 audit(1751805497.201:586): avc:  denied  { mount } for  pid=8551 comm="syz.1.830" name="/" dev="9p" ino=35913874 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   94.936067][   T40] audit: type=1400 audit(1751805497.211:587): avc:  denied  { mounton } for  pid=8551 comm="syz.1.830" path="/181/file0/file0" dev="9p" ino=35913946 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   95.013320][ T8565] FAULT_INJECTION: forcing a failure.
[   95.013320][ T8565] name failslab, interval 1, probability 0, space 0, times 0
[   95.017405][ T8565] CPU: 3 UID: 0 PID: 8565 Comm: syz.3.833 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   95.017422][ T8565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.017428][ T8565] Call Trace:
[   95.017432][ T8565]  <TASK>
[   95.017437][ T8565]  dump_stack_lvl+0x16c/0x1f0
[   95.017471][ T8565]  should_fail_ex+0x512/0x640
[   95.017490][ T8565]  ? fs_reclaim_acquire+0xae/0x150
[   95.017504][ T8565]  ? tomoyo_encode2+0x100/0x3e0
[   95.017520][ T8565]  should_failslab+0xc2/0x120
[   95.017537][ T8565]  __kmalloc_noprof+0xd2/0x510
[   95.017552][ T8565]  ? d_absolute_path+0x136/0x1a0
[   95.017567][ T8565]  tomoyo_encode2+0x100/0x3e0
[   95.017585][ T8565]  tomoyo_encode+0x29/0x50
[   95.017600][ T8565]  tomoyo_realpath_from_path+0x18f/0x6e0
[   95.017621][ T8565]  tomoyo_path_number_perm+0x245/0x580
[   95.017651][ T8565]  ? tomoyo_path_number_perm+0x237/0x580
[   95.017666][ T8565]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   95.017681][ T8565]  ? find_held_lock+0x2b/0x80
[   95.017708][ T8565]  ? find_held_lock+0x2b/0x80
[   95.017721][ T8565]  ? hook_file_ioctl_common+0x145/0x410
[   95.017735][ T8565]  ? __fget_files+0x20e/0x3c0
[   95.017754][ T8565]  security_file_ioctl+0x9b/0x240
[   95.017770][ T8565]  __x64_sys_ioctl+0xb7/0x210
[   95.017784][ T8565]  do_syscall_64+0xcd/0x4c0
[   95.017802][ T8565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.017813][ T8565] RIP: 0033:0x7f6dd478e929
[   95.017823][ T8565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.017833][ T8565] RSP: 002b:00007f6dd25f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   95.017848][ T8565] RAX: ffffffffffffffda RBX: 00007f6dd49b5fa0 RCX: 00007f6dd478e929
[   95.017855][ T8565] RDX: 00002000000000c0 RSI: 0000000000004b72 RDI: 0000000000000006
[   95.017862][ T8565] RBP: 00007f6dd25f6090 R08: 0000000000000000 R09: 0000000000000000
[   95.017868][ T8565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.017874][ T8565] R13: 0000000000000000 R14: 00007f6dd49b5fa0 R15: 00007ffc910c4e58
[   95.017888][ T8565]  </TASK>
[   95.017898][ T8565] ERROR: Out of memory at tomoyo_realpath_from_path.
[   95.144076][   T40] audit: type=1400 audit(1751805497.421:588): avc:  denied  { bind } for  pid=8570 comm="syz.3.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   95.503436][   T40] audit: type=1400 audit(1751805497.781:589): avc:  denied  { unmount } for  pid=5959 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   95.630596][   T40] audit: type=1400 audit(1751805497.911:590): avc:  denied  { bind } for  pid=8601 comm="syz.1.843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   95.642594][   T40] audit: type=1400 audit(1751805497.921:591): avc:  denied  { write } for  pid=8601 comm="syz.1.843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   95.694875][ T8602] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[   95.836522][ T8616] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[   95.893093][ T8627] program syz.3.851 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   95.900314][ T8627] net_ratelimit: 12 callbacks suppressed
[   95.900326][ T8627] openvswitch: netlink: Unknown VXLAN extension attribute 0
[   95.952778][ T8634] loop6: detected capacity change from 0 to 524287487
[   95.957678][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.960657][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.963078][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.967592][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.970847][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.974164][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.979033][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.982218][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.987329][ T5949] ldm_validate_partition_table(): Disk read failed.
[   95.989847][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.992673][ T5949] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.996019][ T5949] Dev loop6: unable to read RDB block 0
[   95.998439][ T5949]  loop6: unable to read partition table
[   96.006186][ T8634] ldm_validate_partition_table(): Disk read failed.
[   96.008869][ T8634] Dev loop6: unable to read RDB block 0
[   96.011165][ T8634]  loop6: unable to read partition table
[   96.013041][ T8634] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[   96.062991][ T8634] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   96.067049][ T8636] loop6: detected capacity change from 524287487 to 524288
[   96.086884][ T8634] netlink: 84 bytes leftover after parsing attributes in process `syz.1.852'.
[   96.090582][ T8634] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   96.106468][   T40] audit: type=1804 audit(1751805498.391:592): pid=8643 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.857" name="/newroot/214/file0" dev="tmpfs" ino=1200 res=1 errno=0
[   96.123910][   T40] audit: type=1800 audit(1751805498.401:593): pid=8643 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.857" name="file0" dev="tmpfs" ino=1200 res=0 errno=0
[   96.176901][ T8649] validate_nla: 2 callbacks suppressed
[   96.176911][ T8649] netlink: 'syz.2.859': attribute type 1 has an invalid length.
[   96.196192][ T8649] 8021q: adding VLAN 0 to HW filter on device bond3
[   96.204866][ T8649] bond3: (slave gretap1): making interface the new active one
[   96.209064][ T8649] bond3: (slave gretap1): Enslaving as an active interface with an up link
[   96.215682][ T8656] nft_compat: unsupported protocol 0
[   96.229209][ T8656] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.289815][ T8662] geneve2: entered promiscuous mode
[   96.302402][ T8662] sp0: Synchronizing with TNC
[   96.394640][ T8672] SELinux:  policydb string length 3174408 does not match expected length 8
[   96.397634][ T8672] SELinux: failed to load policy
[   96.450902][ T8675] FAULT_INJECTION: forcing a failure.
[   96.450902][ T8675] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   96.456535][ T8675] CPU: 2 UID: 0 PID: 8675 Comm: syz.2.869 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   96.456551][ T8675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   96.456557][ T8675] Call Trace:
[   96.456561][ T8675]  <TASK>
[   96.456565][ T8675]  dump_stack_lvl+0x16c/0x1f0
[   96.456631][ T8675]  should_fail_ex+0x512/0x640
[   96.456654][ T8675]  _copy_to_user+0x32/0xd0
[   96.456672][ T8675]  con_font_op+0xc2c/0xf50
[   96.456695][ T8675]  ? __pfx_con_font_op+0x10/0x10
[   96.456713][ T8675]  ? __might_fault+0xe3/0x190
[   96.456731][ T8675]  ? __might_fault+0xe3/0x190
[   96.456753][ T8675]  ? __might_fault+0x13b/0x190
[   96.456772][ T8675]  vt_ioctl+0x48f/0x30a0
[   96.456784][ T8675]  ? lockdep_hardirqs_on+0x7c/0x110
[   96.456802][ T8675]  ? __pfx_vt_ioctl+0x10/0x10
[   96.456818][ T8675]  ? tomoyo_path_number_perm+0x18d/0x580
[   96.456834][ T8675]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   96.456849][ T8675]  ? do_vfs_ioctl+0x523/0x1a60
[   96.456862][ T8675]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   96.456875][ T8675]  ? tty_jobctrl_ioctl+0x152/0xe00
[   96.456889][ T8675]  ? __pfx_vt_ioctl+0x10/0x10
[   96.456900][ T8675]  tty_ioctl+0x65e/0x1640
[   96.456917][ T8675]  ? __pfx_tty_ioctl+0x10/0x10
[   96.456933][ T8675]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   96.456954][ T8675]  ? hook_file_ioctl_common+0x145/0x410
[   96.456969][ T8675]  ? selinux_file_ioctl+0x180/0x270
[   96.456984][ T8675]  ? selinux_file_ioctl+0xb4/0x270
[   96.457002][ T8675]  ? __pfx_tty_ioctl+0x10/0x10
[   96.457018][ T8675]  __x64_sys_ioctl+0x18e/0x210
[   96.457032][ T8675]  do_syscall_64+0xcd/0x4c0
[   96.457050][ T8675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.457062][ T8675] RIP: 0033:0x7f936ab8e929
[   96.457071][ T8675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.457082][ T8675] RSP: 002b:00007f936b9a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.457093][ T8675] RAX: ffffffffffffffda RBX: 00007f936adb5fa0 RCX: 00007f936ab8e929
[   96.457100][ T8675] RDX: 00002000000000c0 RSI: 0000000000004b72 RDI: 0000000000000006
[   96.457107][ T8675] RBP: 00007f936b9a0090 R08: 0000000000000000 R09: 0000000000000000
[   96.457113][ T8675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.457119][ T8675] R13: 0000000000000000 R14: 00007f936adb5fa0 R15: 00007fffc603eec8
[   96.457133][ T8675]  </TASK>
[   96.598045][ T8687] netlink: 68 bytes leftover after parsing attributes in process `syz.2.874'.
[   96.733423][ T8700] netlink: 'syz.2.879': attribute type 3 has an invalid length.
[   96.735987][ T8700] netlink: 132 bytes leftover after parsing attributes in process `syz.2.879'.
[   96.772364][ T8704] netlink: 24 bytes leftover after parsing attributes in process `syz.0.880'.
[   96.817548][ T8706] FAULT_INJECTION: forcing a failure.
[   96.817548][ T8706] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   96.822014][ T8706] CPU: 1 UID: 0 PID: 8706 Comm: syz.0.881 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[   96.822031][ T8706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   96.822037][ T8706] Call Trace:
[   96.822042][ T8706]  <TASK>
[   96.822046][ T8706]  dump_stack_lvl+0x16c/0x1f0
[   96.822073][ T8706]  should_fail_ex+0x512/0x640
[   96.822091][ T8706]  should_fail_alloc_page+0xe7/0x130
[   96.822111][ T8706]  prepare_alloc_pages+0x3c2/0x610
[   96.822126][ T8706]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[   96.822143][ T8706]  ? find_held_lock+0x2b/0x80
[   96.822158][ T8706]  ? is_bpf_text_address+0x8a/0x1a0
[   96.822173][ T8706]  ? bpf_ksym_find+0x127/0x1c0
[   96.822189][ T8706]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   96.822206][ T8706]  ? is_bpf_text_address+0x94/0x1a0
[   96.822220][ T8706]  ? kernel_text_address+0x8d/0x100
[   96.822234][ T8706]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   96.822250][ T8706]  ? arch_stack_walk+0xa6/0x100
[   96.822266][ T8706]  ? __lock_acquire+0x622/0x1c90
[   96.822279][ T8706]  ? __pfx_stack_trace_save+0x10/0x10
[   96.822294][ T8706]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   96.822309][ T8706]  ? policy_nodemask+0xea/0x4e0
[   96.822327][ T8706]  alloc_pages_mpol+0x1fb/0x550
[   96.822345][ T8706]  ? __pfx_alloc_pages_mpol+0x10/0x10
[   96.822363][ T8706]  ? desc_read_finalized_seq+0x131/0x1d0
[   96.822377][ T8706]  folio_alloc_mpol_noprof+0x36/0x2f0
[   96.822390][ T8706]  vma_alloc_folio_noprof+0xed/0x1e0
[   96.822401][ T8706]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[   96.822414][ T8706]  ? rcu_read_unlock+0x2d/0xb0
[   96.822431][ T8706]  do_wp_page+0x1e5b/0x4f20
[   96.822446][ T8706]  ? __pfx_do_wp_page+0x10/0x10
[   96.822459][ T8706]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   96.822475][ T8706]  __handle_mm_fault+0x2223/0x5490
[   96.822493][ T8706]  ? __pfx___handle_mm_fault+0x10/0x10
[   96.822506][ T8706]  ? __pfx_mt_find+0x10/0x10
[   96.822531][ T8706]  ? find_vma+0xbf/0x140
[   96.822541][ T8706]  ? __pfx_find_vma+0x10/0x10
[   96.822552][ T8706]  handle_mm_fault+0x589/0xd10
[   96.822566][ T8706]  ? __pkru_allows_pkey+0x41/0xb0
[   96.822584][ T8706]  do_user_addr_fault+0x7a6/0x1370
[   96.822602][ T8706]  ? rcu_is_watching+0x12/0xc0
[   96.822619][ T8706]  exc_page_fault+0x5c/0xb0
[   96.822635][ T8706]  asm_exc_page_fault+0x26/0x30
[   96.822645][ T8706] RIP: 0010:_copy_to_user+0xb6/0xd0
[   96.822663][ T8706] Code: 89 ee 48 89 ef e8 3a 87 df fc 4d 85 ff 75 a8 e8 80 8c df fc 89 de 4c 89 e7 e8 16 70 46 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 <f3> a4 0f 1f 00 0f 01 ca 48 89 cb eb 80 66 2e 0f 1f 84 00 00 00 00
[   96.822674][ T8706] RSP: 0018:ffffc9002192fa20 EFLAGS: 00050246
[   96.822684][ T8706] RAX: 0000000000000001 RBX: 0000000000002000 RCX: 0000000000002000
[   96.822690][ T8706] RDX: 0000000000000000 RSI: ffff888062400000 RDI: 0000200000001240
[   96.822697][ T8706] RBP: 0000200000001240 R08: 0000000000000000 R09: ffffed100c4803ff
[   96.822704][ T8706] R10: ffff888062401fff R11: 0000000000000000 R12: ffff888062400000
[   96.822711][ T8706] R13: 0000200000003240 R14: 00007ffffffff000 R15: 0000000000000000
[   96.822727][ T8706]  con_font_op+0xc2c/0xf50
[   96.822747][ T8706]  ? __pfx_con_font_op+0x10/0x10
[   96.822765][ T8706]  ? __might_fault+0xe3/0x190
[   96.822779][ T8706]  ? __might_fault+0xe3/0x190
[   96.822793][ T8706]  ? __might_fault+0x13b/0x190
[   96.822814][ T8706]  vt_ioctl+0x48f/0x30a0
[   96.822826][ T8706]  ? lockdep_hardirqs_on+0x7c/0x110
[   96.822844][ T8706]  ? __pfx_vt_ioctl+0x10/0x10
[   96.822859][ T8706]  ? tomoyo_path_number_perm+0x18d/0x580
[   96.822876][ T8706]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   96.822890][ T8706]  ? do_vfs_ioctl+0x523/0x1a60
[   96.822902][ T8706]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   96.822916][ T8706]  ? tty_jobctrl_ioctl+0x152/0xe00
[   96.822930][ T8706]  ? __pfx_vt_ioctl+0x10/0x10
[   96.822941][ T8706]  tty_ioctl+0x65e/0x1640
[   96.822958][ T8706]  ? __pfx_tty_ioctl+0x10/0x10
[   96.822974][ T8706]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   96.822996][ T8706]  ? hook_file_ioctl_common+0x145/0x410
[   96.823011][ T8706]  ? selinux_file_ioctl+0x180/0x270
[   96.823031][ T8706]  ? selinux_file_ioctl+0xb4/0x270
[   96.823063][ T8706]  ? __pfx_tty_ioctl+0x10/0x10
[   96.823090][ T8706]  __x64_sys_ioctl+0x18e/0x210
[   96.823114][ T8706]  do_syscall_64+0xcd/0x4c0
[   96.823137][ T8706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.823148][ T8706] RIP: 0033:0x7f401598e929
[   96.823158][ T8706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   96.823168][ T8706] RSP: 002b:00007f4016899038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.823178][ T8706] RAX: ffffffffffffffda RBX: 00007f4015bb5fa0 RCX: 00007f401598e929
[   96.823185][ T8706] RDX: 00002000000000c0 RSI: 0000000000004b72 RDI: 0000000000000006
[   96.823191][ T8706] RBP: 00007f4016899090 R08: 0000000000000000 R09: 0000000000000000
[   96.823197][ T8706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.823204][ T8706] R13: 0000000000000000 R14: 00007f4015bb5fa0 R15: 00007ffee11b0248
[   96.823217][ T8706]  </TASK>
[   97.067746][ T8713] loop6: detected capacity change from 0 to 63
[   97.337236][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.342234][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.347886][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.357169][ T8739] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   97.367950][ T8739] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   97.469752][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.474495][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.478380][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.481676][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.488476][ T8739] xfrm0 speed is unknown, defaulting to 1000
[   97.645480][ T5310] Bluetooth: hci0: command 0x0c1a tx timeout
[   97.907667][ T8786] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8786 comm=syz.0.906
[   97.912242][ T8786] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8786 comm=syz.0.906
[   97.921083][ T8786] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=58 sclass=netlink_audit_socket pid=8786 comm=syz.0.906
[   98.049893][ T5310] Bluetooth: hci2: ISO packet too small
[   98.824183][ T8814] SELinux:  Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped).
[   98.838730][ T8814] netlink: 'syz.3.914': attribute type 39 has an invalid length.
[   98.881664][ T8817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.915'.
[   98.914231][ T8821] Invalid/unusable pipe
[   98.931132][ T8822] netlink: zone id is out of range
[   98.954543][ T8822] netlink: set zone limit has 4 unknown bytes
[   99.023936][ T8833] geneve2: entered promiscuous mode
[   99.025825][ T8833] geneve2: entered allmulticast mode
[   99.121920][   T54] hid (null): unknown global tag 0xe
[   99.123762][   T54] hid (null): unknown global tag 0xd
[   99.125685][   T54] hid (null): unknown global tag 0xe
[   99.130336][   T54] hid-generic 0007:0000:0F82.0003: unknown main item tag 0x7
[   99.132823][   T54] hid-generic 0007:0000:0F82.0003: unknown global tag 0xe
[   99.135007][   T54] hid-generic 0007:0000:0F82.0003: item 0 1 1 14 parsing failed
[   99.138070][   T54] hid-generic 0007:0000:0F82.0003: probe with driver hid-generic failed with error -22
[   99.325892][ T8862] netlink: 180 bytes leftover after parsing attributes in process `syz.0.928'.
[   99.330027][ T8862] netlink: 180 bytes leftover after parsing attributes in process `syz.0.928'.
[   99.583410][ T8898] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   99.590838][ T8898] netlink: 84 bytes leftover after parsing attributes in process `syz.0.940'.
[   99.593872][ T8898] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   99.735355][ T5310] Bluetooth: hci0: command 0x0c1a tx timeout
[   99.830058][ T8920] syz.3.944 uses old SIOCAX25GETINFO
[   99.868033][ T5310] Bluetooth: hci0: SCO packet for unknown connection handle 200
[   99.896150][ T8929] netlink: 12 bytes leftover after parsing attributes in process `syz.1.947'.
[   99.901393][ T8929] netlink: 12 bytes leftover after parsing attributes in process `syz.1.947'.
[  100.100256][ T8938] netlink: 16 bytes leftover after parsing attributes in process `syz.2.950'.
[  100.275286][ T8952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.956'.
[  100.277554][   T40] kauditd_printk_skb: 31 callbacks suppressed
[  100.277567][   T40] audit: type=1400 audit(1751805502.561:625): avc:  denied  { lock } for  pid=8951 comm="syz.2.956" path="socket:[26860]" dev="sockfs" ino=26860 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  100.306206][ T8961] netlink: 12 bytes leftover after parsing attributes in process `syz.1.957'.
[  100.309555][ T8961] netlink: 1 bytes leftover after parsing attributes in process `syz.1.957'.
[  100.401722][ T8970] netlink: 'syz.1.960': attribute type 1 has an invalid length.
[  100.414490][ T8971] netlink: 28 bytes leftover after parsing attributes in process `syz.1.960'.
[  100.419070][ T8971] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.527072][   T40] audit: type=1400 audit(1751805502.811:626): avc:  denied  { map } for  pid=8983 comm="syz.1.963" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  100.534576][   T40] audit: type=1400 audit(1751805502.811:627): avc:  denied  { execute } for  pid=8983 comm="syz.1.963" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  100.692330][ T8988] erofs (device loop2): cannot find valid erofs superblock
[  100.767120][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0407
[  100.835715][ T9011] xfrm0 speed is unknown, defaulting to 1000
[  101.055412][   T54] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  101.061135][    C3] vcan0: j1939_tp_rxtimer: 0xffff88802b67d400: rx timeout, send abort
[  101.068431][   T40] audit: type=1400 audit(1751805503.351:628): avc:  denied  { read } for  pid=5341 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  101.078843][   T40] audit: type=1400 audit(1751805503.351:629): avc:  denied  { search } for  pid=5341 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  101.089741][   T40] audit: type=1400 audit(1751805503.351:630): avc:  denied  { search } for  pid=5341 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  101.098951][   T40] audit: type=1400 audit(1751805503.351:631): avc:  denied  { add_name } for  pid=5341 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  101.108502][   T40] audit: type=1400 audit(1751805503.351:632): avc:  denied  { create } for  pid=5341 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  101.117464][   T40] audit: type=1400 audit(1751805503.351:633): avc:  denied  { append open } for  pid=5341 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  101.126296][   T40] audit: type=1400 audit(1751805503.351:634): avc:  denied  { getattr } for  pid=5341 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  101.205689][   T54] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  101.209659][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.212454][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.216786][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.219868][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.222745][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.227302][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.231006][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.233803][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.238170][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.242476][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.246514][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.249966][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.253644][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.257598][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.261583][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.264956][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.268048][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.272234][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.277215][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.280609][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.283901][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.290131][   T54] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  101.294418][   T54] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  101.298160][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  101.302490][   T54] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  101.306374][   T54] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  101.309804][   T54] usb 7-1: Product: syz
[  101.311558][   T54] usb 7-1: Manufacturer: syz
[  101.313044][   T54] usb 7-1: SerialNumber: syz
[  101.317100][   T54] usb 7-1: config 0 descriptor??
[  101.323587][   T54] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[  101.360128][ T9034] overlay: Unknown parameter ':'
[  101.528610][  T836] usb 7-1: USB disconnect, device number 8
[  101.533029][  T836] yurex 7-1:0.0: USB YUREX #0 now disconnected
[  101.561583][    C3] vcan0: j1939_tp_rxtimer: 0xffff88802ae84c00: rx timeout, send abort
[  101.565331][    C3] vcan0: j1939_tp_rxtimer: 0xffff88802b67d400: abort rx timeout. Force session deactivation
[  101.603480][ T9055] netlink: 'syz.0.988': attribute type 1 has an invalid length.
[  101.614665][ T9055] 8021q: adding VLAN 0 to HW filter on device bond5
[  101.622778][ T9055] vlan2: entered allmulticast mode
[  101.624551][ T9055] veth1: entered allmulticast mode
[  101.629802][ T9055] bond5: (slave vlan2): making interface the new active one
[  101.632955][ T9055] bond5: (slave vlan2): Enslaving as an active interface with an up link
[  101.650558][ T9058] binder: binder_mmap: 9057 200000ffc000-200000fff000 bad vm_flags failed -1
[  101.815514][ T5310] Bluetooth: hci0: command 0x0c1a tx timeout
[  102.064256][    C3] vcan0: j1939_tp_rxtimer: 0xffff88802ae84c00: abort rx timeout. Force session deactivation
[  102.095207][   T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  102.255116][   T24] usb 8-1: Using ep0 maxpacket: 8
[  102.258932][   T24] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  102.262283][   T24] usb 8-1: config 0 has no interface number 0
[  102.264743][   T24] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  102.269412][   T24] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  102.273174][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.278585][   T24] usb 8-1: config 0 descriptor??
[  102.286737][   T24] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  102.498005][   T54] usb 8-1: USB disconnect, device number 2
[  102.895180][ T6211] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  103.041916][ T9110] netlink: 'syz.2.1003': attribute type 12 has an invalid length.
[  103.055473][ T6211] usb 6-1: Using ep0 maxpacket: 16
[  103.066321][ T6211] usb 6-1: config 0 has no interfaces?
[  103.068711][ T6211] usb 6-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  103.072324][ T6211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.077910][ T6211] usb 6-1: config 0 descriptor??
[  103.130884][ T9110] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  103.187745][ T9115] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=9115 comm=syz.2.1005
[  103.290491][ T6211] usb 6-1: USB disconnect, device number 4
[  103.322025][ T9117] kvm: emulating exchange as write
[  103.634376][ T9132] bio_check_eod: 3 callbacks suppressed
[  103.634392][ T9132] syz.3.1011: attempt to access beyond end of device
[  103.634392][ T9132] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  103.644343][ T9132] FAT-fs (nbd3): unable to read boot sector
[  103.703327][ T9140] program syz.0.1013 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  104.005527][  T836] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  104.107617][ T9168] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  104.158624][  T836] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  104.190150][  T836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.192922][  T836] usb 5-1: Product: syz
[  104.194296][  T836] usb 5-1: Manufacturer: syz
[  104.195825][  T836] usb 5-1: SerialNumber: syz
[  104.200960][  T836] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  104.228628][ T6042] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  104.275192][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  104.282458][ T9176] program syz.3.1025 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  104.293515][ T9179] pim6reg: entered allmulticast mode
[  104.296987][ T9178] pim6reg: left allmulticast mode
[  104.403812][ T9184] input: syz1 as /devices/virtual/input/input11
[  104.444563][ T9184] bond5: entered allmulticast mode
[  104.454226][ T9184] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.463031][ T9184] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.476751][ T9184] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.479234][  T836] usb 5-1: USB disconnect, device number 6
[  104.479957][ T9184] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.489590][   T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  104.492996][   T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  104.496083][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.503433][ T9161] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  104.509124][   T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  104.694412][ T9192] overlayfs: failed to clone upperpath
[  104.695474][ T9193] __nla_validate_parse: 7 callbacks suppressed
[  104.695490][ T9193] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1030'.
[  104.779622][   T61] usb 6-1: USB disconnect, device number 5
[  105.019874][ T9212] netlink: 432 bytes leftover after parsing attributes in process `syz.2.1035'.
[  105.072880][ T9214] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1036'.
[  105.137114][ T9216] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1037'.
[  105.257698][ T6042] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  105.260422][ T6042] ath9k_htc: Failed to initialize the device
[  105.263809][  T836] usb 5-1: ath9k_htc: USB layer deinitialized
[  105.386352][   T40] kauditd_printk_skb: 27 callbacks suppressed
[  105.386363][   T40] audit: type=1400 audit(1751805507.671:662): avc:  denied  { accept } for  pid=9247 comm="syz.3.1048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  105.394599][ T9248] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1048'.
[  105.463169][   T40] audit: type=1400 audit(1751805507.741:663): avc:  denied  { ioctl } for  pid=9270 comm="syz.0.1054" path="socket:[27186]" dev="sockfs" ino=27186 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  105.483949][ T9274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1055'.
[  105.516148][   T40] audit: type=1400 audit(1751805507.791:664): avc:  denied  { getattr } for  pid=9268 comm="syz.1.1053" name="/" dev="9p" ino=35913874 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  105.518290][ T9277] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  105.534960][ T5954] Bluetooth: hci1: unexpected event for opcode 0x0407
[  105.577376][ T9287] netlink: 'syz.2.1059': attribute type 10 has an invalid length.
[  105.591458][ T9274] hsr_slave_1 (unregistering): left promiscuous mode
[  105.599940][ T9287] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  105.603664][ T9287] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  105.609159][ T9287] netlink: 'syz.2.1059': attribute type 10 has an invalid length.
[  105.611808][ T9287] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1059'.
[  105.615790][ T9287] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  105.618838][ T9287] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  105.622788][ T9287] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  105.697328][ T9293] xt_time: invalid argument - start or stop time greater than 23:59:59
[  105.843797][   T40] audit: type=1400 audit(1751805508.121:665): avc:  denied  { connect } for  pid=9299 comm="syz.3.1063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  105.855470][   T40] audit: type=1400 audit(1751805508.131:666): avc:  denied  { write } for  pid=9299 comm="syz.3.1063" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  105.861244][ T9300] 8021q: adding VLAN 0 to HW filter on device bond3
[  105.912047][ T9303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1064'.
[  105.916029][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1064'.
[  105.919760][ T9303] netlink: 'syz.3.1064': attribute type 12 has an invalid length.
[  106.150505][   T40] audit: type=1400 audit(1751805508.431:667): avc:  denied  { checkpoint_restore } for  pid=9312 comm="syz.3.1067" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  106.391358][ T9326] syzkaller0: entered promiscuous mode
[  106.393709][ T9326] syzkaller0: entered allmulticast mode
[  106.405195][ T5954] Bluetooth: hci3: unexpected event for opcode 0x0c0d
[  106.410936][ T9326] tmpfs: Unknown parameter 'modu'
[  106.454242][ T9328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1071'.
[  106.459901][ T9328] xt_hashlimit: size too large, truncated to 1048576
[  106.581170][   T40] audit: type=1400 audit(1751805508.861:668): avc:  denied  { map } for  pid=9340 comm="syz.0.1075" path="socket:[27853]" dev="sockfs" ino=27853 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  106.581925][ T9341] netlink: 'syz.0.1075': attribute type 5 has an invalid length.
[  106.588016][   T40] audit: type=1400 audit(1751805508.861:669): avc:  denied  { accept } for  pid=9340 comm="syz.0.1075" path="socket:[27853]" dev="sockfs" ino=27853 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  106.599069][ T9341] netlink: 'syz.0.1075': attribute type 7 has an invalid length.
[  106.608893][ T9341] : entered promiscuous mode
[  106.914369][ T9374] binder: 9373:9374 ioctl 400c620e 200000001580 returned -22
[  106.975983][   T40] audit: type=1326 audit(1751805509.251:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9373 comm="syz.1.1084" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc07bf8e929 code=0x7ff00000
[  106.995113][   T40] audit: type=1326 audit(1751805509.251:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9373 comm="syz.1.1084" exe="/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fc07bfc3189 code=0x7ff00000
[  107.266071][  T836] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  107.426554][  T836] usb 5-1: Using ep0 maxpacket: 16
[  107.434183][  T836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.439112][  T836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  107.443137][  T836] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  107.448769][  T836] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  107.451520][  T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.463320][  T836] usb 5-1: config 0 descriptor??
[  107.678121][ T9413] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  107.823286][ T9426] openvswitch: netlink: Key type 2070 is out of range max 32
[  107.870261][  T836] HID 045e:07da: Invalid code 65791 type 1
[  107.878375][  T836] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:045E:07DA.0004/input/input13
[  107.888356][  T836] microsoft 0003:045E:07DA.0004: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  108.002806][ T9431] 9pnet: Could not find request transport: fd-rfdno=0x0000000000000004
[  108.084864][  T836] usb 5-1: USB disconnect, device number 7
[  108.110357][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.113804][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.123766][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.127480][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.130556][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.133695][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.137129][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.140271][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.146156][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.150433][ T9439] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[  108.412631][ T9451] 9pnet_virtio: no channels available for device syz
[  108.474847][ T9457] Invalid source name
[  108.478157][ T9457] UBIFS error (pid: 9457): cannot open "./file0", error -22
[  108.785788][ T9473] random: crng reseeded on system resumption
[  108.795612][ T9473] Restarting kernel threads ...
[  108.798344][ T9473] Done restarting kernel threads.
[  108.801803][ T9473] overlayfs: failed to resolve './file1': -2
[  108.929499][ T5954] Bluetooth: hci2: unexpected event for opcode 0x0407
[  109.214345][ T9485] tmpfs: Group quota inode hardlimit too large.
[  109.260402][ T9487] IPVS: set_ctl: invalid protocol: 51 172.20.20.15:20003
[  109.285194][  T836] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  109.438984][ T9493] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  109.456443][  T836] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 4
[  109.460509][  T836] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  109.462550][  T836] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  109.468986][  T836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.468999][  T836] usb 5-1: Product: syz
[  109.469006][  T836] usb 5-1: Manufacturer: syz
[  109.469911][ T9494] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9494 comm=syz.2.1122
[  109.480373][  T836] usb 5-1: SerialNumber: syz
[  109.483925][ T9483] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  109.485822][  T836] hub 5-1:1.0: bad descriptor, ignoring hub
[  109.491170][  T836] hub 5-1:1.0: probe with driver hub failed with error -5
[  109.694981][  T836] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  109.717028][  T836] usb 5-1: USB disconnect, device number 8
[  109.721503][  T836] usblp0: removed
[  110.207766][ T9520] __nla_validate_parse: 7 callbacks suppressed
[  110.207776][ T9520] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1129'.
[  110.212922][ T9520] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  110.401367][ T9535] 9pnet_fd: Insufficient options for proto=fd
[  110.507777][   T40] kauditd_printk_skb: 29942 callbacks suppressed
[  110.507792][   T40] audit: type=1400 audit(1751805512.791:30614): avc:  denied  { read } for  pid=9544 comm="syz.2.1138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  110.702120][ T9547] SELinux: syz.0.1139 (9547) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  110.768432][   T40] audit: type=1400 audit(1751805513.051:30615): avc:  denied  { egress } for  pid=28 comm="ksoftirqd/1" saddr=fe80::1c daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  110.778243][   T40] audit: type=1400 audit(1751805513.051:30616): avc:  denied  { sendto } for  pid=28 comm="ksoftirqd/1" saddr=fe80::1c daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  111.371939][ T9559] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1143'.
[  111.587290][ T9577] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831599472947593698 !
[  111.599111][   T40] audit: type=1400 audit(1751805513.881:30617): avc:  denied  { connect } for  pid=9578 comm="syz.0.1150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  111.694622][ T9593] netlink: 'syz.0.1154': attribute type 2 has an invalid length.
[  111.698044][ T9593] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1154'.
[  111.703225][ T9593] bridge0: port 3(veth0_to_bridge) entered blocking state
[  111.705309][ T9596] netlink: 'syz.0.1154': attribute type 2 has an invalid length.
[  111.706320][ T9593] bridge0: port 3(veth0_to_bridge) entered disabled state
[  111.709165][ T9596] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1154'.
[  111.712161][ T9593] veth0_to_bridge: entered allmulticast mode
[  111.719617][ T9593] veth0_to_bridge: entered promiscuous mode
[  111.722262][ T9593] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  111.730399][ T9593] bridge0: port 3(veth0_to_bridge) entered blocking state
[  111.733460][ T9593] bridge0: port 3(veth0_to_bridge) entered forwarding state
[  111.735258][ T5954] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  111.735314][ T5947] Bluetooth: hci4: command 0x1003 tx timeout
[  111.798469][   T40] audit: type=1400 audit(1751805514.081:30618): avc:  denied  { read } for  pid=9600 comm="syz.3.1157" path="socket:[26424]" dev="sockfs" ino=26424 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  111.844420][   T40] audit: type=1400 audit(1751805514.121:30619): avc:  denied  { map } for  pid=9604 comm="syz.0.1159" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  111.852872][   T40] audit: type=1400 audit(1751805514.121:30620): avc:  denied  { execute } for  pid=9604 comm="syz.0.1159" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  111.860777][   T40] audit: type=1400 audit(1751805514.141:30621): avc:  denied  { getopt } for  pid=9600 comm="syz.3.1157" lport=57118 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  112.084018][   T40] audit: type=1400 audit(1751805514.361:30622): avc:  denied  { getopt } for  pid=9611 comm="syz.0.1161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  112.122505][ T9616] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1162'.
[  112.156675][ T9616] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1162'.
[  112.242468][ T5954] Bluetooth: hci2: unexpected event for opcode 0x0407
[  112.611906][    C1] vcan0: j1939_tp_rxtimer: 0xffff888033e35400: rx timeout, send abort
[  112.734004][ T5310] Bluetooth: hci2: unexpected event for opcode 0x0407
[  112.956847][ T9670] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1178'.
[  112.996525][ T5310] Bluetooth: hci2: ACL packet too small
[  112.998927][ T5310] Bluetooth: hci2: ACL packet too small
[  113.001316][ T5310] Bluetooth: hci2: ACL packet too small
[  113.003778][ T5310] Bluetooth: hci2: ACL packet too small
[  113.006345][ T5310] Bluetooth: hci2: ACL packet too small
[  113.008241][ T5310] Bluetooth: hci2: ACL packet too small
[  113.010106][ T5310] Bluetooth: hci2: ACL packet too small
[  113.011876][ T5310] Bluetooth: hci2: ACL packet too small
[  113.013644][ T5310] Bluetooth: hci2: ACL packet too small
[  113.015840][ T5310] Bluetooth: hci2: ACL packet too small
[  113.017615][ T5310] Bluetooth: hci2: ACL packet too small
[  113.019337][ T5310] Bluetooth: hci2: ACL packet too small
[  113.021183][ T5310] Bluetooth: hci2: ACL packet too small
[  113.022919][ T5310] Bluetooth: hci2: ACL packet too small
[  113.025977][ T5310] Bluetooth: hci2: ACL packet too small
[  113.025996][ T5310] Bluetooth: hci2: ACL packet too small
[  113.026025][ T5310] Bluetooth: hci2: ACL packet too small
[  113.026043][ T5310] Bluetooth: hci2: ACL packet too small
[  113.026059][ T5310] Bluetooth: hci2: ACL packet too small
[  113.026074][ T5310] Bluetooth: hci2: ACL packet too small
[  113.037572][ T5310] Bluetooth: hci2: ACL packet too small
[  113.039316][ T5310] Bluetooth: hci2: ACL packet too small
[  113.041062][ T5310] Bluetooth: hci2: ACL packet too small
[  113.042845][ T5310] Bluetooth: hci2: ACL packet too small
[  113.044587][ T5310] Bluetooth: hci2: ACL packet too small
[  113.046462][ T5310] Bluetooth: hci2: ACL packet too small
[  113.048371][ T5310] Bluetooth: hci2: ACL packet too small
[  113.050121][ T5310] Bluetooth: hci2: ACL packet too small
[  113.051882][ T5310] Bluetooth: hci2: ACL packet too small
[  113.053637][ T5310] Bluetooth: hci2: ACL packet too small
[  113.055562][ T5310] Bluetooth: hci2: ACL packet too small
[  113.057380][ T5310] Bluetooth: hci2: ACL packet too small
[  113.059118][ T5310] Bluetooth: hci2: ACL packet too small
[  113.060985][ T5310] Bluetooth: hci2: ACL packet too small
[  113.062748][ T5310] Bluetooth: hci2: ACL packet too small
[  113.064494][ T5310] Bluetooth: hci2: ACL packet too small
[  113.066424][ T5310] Bluetooth: hci2: ACL packet too small
[  113.068134][ T5310] Bluetooth: hci2: ACL packet too small
[  113.069844][ T5310] Bluetooth: hci2: ACL packet too small
[  113.071509][ T5310] Bluetooth: hci2: ACL packet too small
[  113.073441][ T5310] Bluetooth: hci2: ACL packet too small
[  113.075263][ T5310] Bluetooth: hci2: ACL packet too small
[  113.077560][ T5310] Bluetooth: hci2: ACL packet too small
[  113.079636][ T5310] Bluetooth: hci2: ACL packet too small
[  113.081435][ T5310] Bluetooth: hci2: ACL packet too small
[  113.083261][ T5310] Bluetooth: hci2: ACL packet too small
[  113.085098][ T5310] Bluetooth: hci2: ACL packet too small
[  113.086886][ T5310] Bluetooth: hci2: ACL packet too small
[  113.088642][ T5310] Bluetooth: hci2: ACL packet too small
[  113.090385][ T5310] Bluetooth: hci2: ACL packet too small
[  113.092212][ T5310] Bluetooth: hci2: ACL packet too small
[  113.093976][ T5310] Bluetooth: hci2: ACL packet too small
[  113.096182][ T5310] Bluetooth: hci2: ACL packet too small
[  113.098199][ T5310] Bluetooth: hci2: ACL packet too small
[  113.099916][ T5310] Bluetooth: hci2: ACL packet too small
[  113.101662][ T5310] Bluetooth: hci2: ACL packet too small
[  113.103457][ T5310] Bluetooth: hci2: ACL packet too small
[  113.105345][ T5310] Bluetooth: hci2: ACL packet too small
[  113.107072][ T5310] Bluetooth: hci2: ACL packet too small
[  113.108820][ T5310] Bluetooth: hci2: ACL packet too small
[  113.110572][ T5310] Bluetooth: hci2: ACL packet too small
[  113.112336][ T5310] Bluetooth: hci2: ACL packet too small
[  113.114094][ T5310] Bluetooth: hci2: ACL packet too small
[  113.115421][    C1] vcan0: j1939_tp_rxtimer: 0xffff888033e35400: abort rx timeout. Force session deactivation
[  113.116104][ T5310] Bluetooth: hci2: ACL packet too small
[  113.121210][ T5310] Bluetooth: hci2: ACL packet too small
[  113.208491][ T5310] Bluetooth: hci0: unexpected event for opcode 0x0407
[  113.251506][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.259494][ T9691] hsr_slave_0: left promiscuous mode
[  113.264897][ T9691] hsr_slave_1: left promiscuous mode
[  113.328990][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.332402][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.337172][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.338323][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.342679][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.347742][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.350438][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.355547][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.358418][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.363441][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.366301][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.371363][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.374087][ T9691] netlink: 'syz.2.1185': attribute type 10 has an invalid length.
[  113.379348][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.387281][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.392511][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  113.597281][    C2] af_packet: tpacket_rcv: packet too big, clamped from 56 to 4294967272. macoff=96
[  113.707049][ T9707] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1190'.
[  113.750660][   T40] audit: type=1400 audit(1751805516.031:30623): avc:  denied  { getopt } for  pid=9708 comm="syz.1.1191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  113.862753][   T13] Bluetooth: (null): Invalid header checksum
[  113.864933][   T13] Bluetooth: (null): Invalid header checksum
[  113.891214][ T9712] 9p: Unknown uid 00000000004294967295
[  114.054676][ T1143] Bluetooth: (null): Invalid header checksum
[  114.121614][ T1143] Bluetooth: (null): Invalid header checksum
[  114.145309][ T9722] random: crng reseeded on system resumption
[  114.228671][   T12] Bluetooth: (null): Invalid header checksum
[  114.232455][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1196'.
[  114.349137][ T1143] Bluetooth: (null): Invalid header checksum
[  114.455671][ T9738] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1199'.
[  114.505787][ T1149] Bluetooth: (null): Invalid header checksum
[  114.656401][ T9747] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  114.858428][ T9755] 9pnet: Could not find request transport: virti>¤FœŸÃÊô©o
[  114.880032][ T9755] 9pnet: Could not find request transport: virti>¤FœŸÃÊô©o
[  115.215265][    C2] net_ratelimit: 6853 callbacks suppressed
[  115.215277][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.221128][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.225198][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.229168][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.233186][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.237229][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.241116][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.245169][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.249140][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.253138][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  115.321882][ T5310] Bluetooth: hci1: unexpected event for opcode 0x040f
[  115.574472][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  115.574487][   T40] audit: type=1400 audit(1751805517.851:30630): avc:  denied  { read } for  pid=9795 comm="syz.1.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  115.587829][ T9798] fuse: root generation should be zero
[  115.597884][ T9793] binder: 9792:9793 ioctl c0306201 200000000640 returned -22
[  115.608307][ T9799] xt_limit: Overflow, try lower: 1207959552/384
[  115.775919][ T9811] bond3: entered promiscuous mode
[  115.777413][ T9811] bond3: entered allmulticast mode
[  115.789484][ T9811] geneve3: entered allmulticast mode
[  115.793279][ T9811] bond3: (slave geneve3): making interface the new active one
[  115.835211][ T9811] geneve3: entered promiscuous mode
[  115.838705][ T9811] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  115.842531][ T9811] __nla_validate_parse: 2 callbacks suppressed
[  115.842540][ T9811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1219'.
[  115.852224][ T9811] bond3: left promiscuous mode
[  115.853604][ T9811] geneve3: left promiscuous mode
[  115.865116][ T9811] bond3: left allmulticast mode
[  115.867200][ T9811] 8021q: adding VLAN 0 to HW filter on device bond3
[  115.984504][ T9819] overlayfs: failed to clone lowerpath
[  116.458235][ T9832] tmpfs: Bad value for 'huge'
[  119.745055][    C2] sched: DL replenish lagged too much
[  119.796960][   T40] audit: type=1326 audit(1751805522.071:30631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9841 comm="syz.2.1227" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f936ab8e929 code=0x0
[  119.975630][ T9834] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.028652][ T9839] team0: No ports can be present during mode change
[  120.225179][    C2] net_ratelimit: 32646 callbacks suppressed
[  120.225193][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  120.225203][    C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  120.227393][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  120.231081][    C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  120.235925][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  120.239514][    C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  120.244201][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  120.247816][    C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  120.251550][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  120.255358][    C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  120.325129][ T5955] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  120.482737][ T5955] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  120.492646][ T5955] usb 5-1: config 0 interface 0 has no altsetting 0
[  120.498600][ T5955] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  120.502392][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  120.507753][ T5955] usb 5-1: Product: syz
[  120.509667][ T5955] usb 5-1: Manufacturer: syz
[  120.511766][ T5955] usb 5-1: SerialNumber: syz
[  120.519910][ T5955] usb 5-1: config 0 descriptor??
[  120.536813][ T5955] usb 5-1: selecting invalid altsetting 0
[  120.808287][ T5955] usb 5-1: USB disconnect, device number 9
[  121.055958][   T40] audit: type=1326 audit(1751805523.341:30632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9868 comm="syz.1.1234" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc07bf8e929 code=0x0
[  121.109757][ T9872] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1234'.
[  121.206462][   T40] audit: type=1400 audit(1751805523.491:30633): avc:  denied  { map } for  pid=9868 comm="syz.1.1234" path="/proc/783/task/784/fd" dev="proc" ino=30358 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  121.333882][ T9881] validate_nla: 28 callbacks suppressed
[  121.333893][ T9881] netlink: 'syz.3.1238': attribute type 10 has an invalid length.
[  121.377655][ T9881] lo: entered promiscuous mode
[  121.384962][ T9881] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  121.673892][ T9892] x_tables: ip6_tables: CT target: only valid in raw table, not ethtool
[  122.810042][ T6211] libceph: connect (1)[c::]:6789 error -101
[  122.853074][ T6211] libceph: mon0 (1)[c::]:6789 connect error
[  122.935330][   T54] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  123.087422][   T54] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.093043][   T54] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  123.108628][   T54] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  123.113603][   T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.121142][   T54] usb 5-1: Product: syz
[  123.128263][   T54] usb 5-1: Manufacturer: syz
[  123.135805][   T54] usb 5-1: SerialNumber: syz
[  123.163348][   T54] cdc_mbim 5-1:1.0: skipping garbage
[  123.179890][ T6211] libceph: connect (1)[c::]:6789 error -101
[  123.221763][ T6211] libceph: mon0 (1)[c::]:6789 connect error
[  123.364288][ T9943] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  123.779382][ T6211] libceph: connect (1)[c::]:6789 error -101
[  123.832045][ T6211] libceph: mon0 (1)[c::]:6789 connect error
[  123.987427][ T9943] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  123.990813][   T54] cdc_mbim 5-1:1.0: setting tx_max = 184
[  123.998261][   T54] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device
[  124.010536][   T54] wwan wwan0: port wwan0mbim0 attached
[  124.202970][   T40] audit: type=1400 audit(1751805526.481:30634): avc:  denied  { read write } for  pid=9942 comm="syz.0.1254" name="cdc-wdm0" dev="devtmpfs" ino=3002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  124.215975][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.218874][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.221687][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.223752][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.226161][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.228232][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.230368][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.232512][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.234617][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.237312][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.240170][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.242932][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.245320][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.247384][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.249496][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.251715][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.253862][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.255945][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.258230][    C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71
[  124.260304][    C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes
[  124.266202][   T40] audit: type=1400 audit(1751805526.481:30635): avc:  denied  { open } for  pid=9942 comm="syz.0.1254" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  125.235166][    C3] net_ratelimit: 39171 callbacks suppressed
[  125.235179][    C3] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  125.235202][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  125.235488][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  125.235983][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  125.236436][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  125.236878][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  125.237310][    C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  125.237370][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  125.237861][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  125.238327][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  125.632352][ T6012] libceph: connect (1)[c::]:6789 error -101
[  125.711182][ T6012] libceph: mon0 (1)[c::]:6789 connect error
[  125.715692][ T9945] ceph: No mds server is up or the cluster is laggy
[  130.245075][    C2] net_ratelimit: 54106 callbacks suppressed
[  130.245088][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  130.245156][    C3] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  130.245260][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  130.245531][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  130.245794][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  130.246046][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  130.246299][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  130.246554][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  130.246814][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  130.247071][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  132.898730][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  132.909536][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  135.255173][    C2] net_ratelimit: 51904 callbacks suppressed
[  135.255186][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  135.255260][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  135.257343][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  135.261004][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  135.264544][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  135.268475][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  135.271897][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  135.275639][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  135.279238][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  135.282976][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  140.265071][    C1] net_ratelimit: 33557 callbacks suppressed
[  140.265084][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  140.265370][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  140.267241][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  140.271264][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  140.274843][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  140.278562][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  140.282218][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  140.285933][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  140.289556][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  140.293275][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  145.275146][    C2] net_ratelimit: 33926 callbacks suppressed
[  145.275159][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  145.275313][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  145.277328][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  145.282801][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  145.285886][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  145.291092][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  145.294408][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  145.299577][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  145.302890][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  145.308041][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  150.285147][    C1] net_ratelimit: 36507 callbacks suppressed
[  150.285161][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  150.285290][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  150.287307][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  150.290841][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  150.294562][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  150.298217][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  150.301952][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  150.305703][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  150.309350][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  150.312978][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  155.295135][    C2] net_ratelimit: 33648 callbacks suppressed
[  155.295153][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  155.295316][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  155.298054][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  155.301689][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  155.305484][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  155.309295][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  155.312813][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  155.316556][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  155.320249][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  155.323970][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  158.634057][   T40] audit: type=1400 audit(1751805560.571:30636): avc:  denied  { execute } for  pid=9965 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  159.214391][   T40] audit: type=1400 audit(1751805561.371:30637): avc:  denied  { execute_no_trans } for  pid=9965 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  160.305161][    C2] net_ratelimit: 32305 callbacks suppressed
[  160.305174][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  160.305280][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  160.307282][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  160.310947][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  160.314504][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  160.318095][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  160.321701][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  160.325426][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  160.328979][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  160.332647][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  165.315129][    C2] net_ratelimit: 35858 callbacks suppressed
[  165.315141][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  165.315582][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  165.317314][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  165.322178][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  165.325737][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  165.329423][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  165.332903][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  165.336595][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  165.340206][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  165.343781][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  170.325092][    C2] net_ratelimit: 34853 callbacks suppressed
[  170.325104][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  170.325209][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  170.327284][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  170.330934][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  170.334583][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  170.338275][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  170.341877][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  170.345553][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  170.349229][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  170.352842][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  175.335099][    C2] net_ratelimit: 35708 callbacks suppressed
[  175.335111][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  175.335305][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  175.337271][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  175.341676][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  175.345247][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  175.348852][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  175.352293][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  175.356252][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  175.359450][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  175.364224][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  180.345292][    C1] net_ratelimit: 36829 callbacks suppressed
[  180.345295][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  180.345305][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  180.345557][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  180.347402][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  180.351054][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  180.354620][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  180.358278][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  180.361882][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  180.365470][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  180.368995][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  180.782732][ T5310] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  185.355079][    C2] net_ratelimit: 34140 callbacks suppressed
[  185.355092][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  185.355295][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  185.357262][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  185.360915][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  185.364545][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  185.368406][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  185.372051][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  185.376142][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  185.379523][    C2] bridge0: received packet on veth0_to_bridge with own address as source address (addr:62:95:62:6d:f5:1e, vlan:0)
[  185.383191][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  186.277270][ T1420] ==================================================================
[  186.279680][ T1420] BUG: KASAN: slab-use-after-free in handle_tx+0x5dc/0x630
[  186.281914][ T1420] Read of size 1 at addr ffff888029fed490 by task aoe_tx0/1420
[  186.285542][ T1420] 
[  186.287053][ T1420] CPU: 3 UID: 0 PID: 1420 Comm: aoe_tx0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  186.287068][ T1420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  186.287075][ T1420] Call Trace:
[  186.287080][ T1420]  <TASK>
[  186.287084][ T1420]  dump_stack_lvl+0x116/0x1f0
[  186.287111][ T1420]  print_report+0xcd/0x680
[  186.287128][ T1420]  ? __virt_addr_valid+0x81/0x610
[  186.287141][ T1420]  ? __phys_addr+0xe8/0x180
[  186.287154][ T1420]  ? handle_tx+0x5dc/0x630
[  186.287171][ T1420]  kasan_report+0xe0/0x110
[  186.287187][ T1420]  ? handle_tx+0x5dc/0x630
[  186.287206][ T1420]  handle_tx+0x5dc/0x630
[  186.287225][ T1420]  dev_hard_start_xmit+0x97/0x740
[  186.287240][ T1420]  __dev_queue_xmit+0x7eb/0x43e0
[  186.287254][ T1420]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.287269][ T1420]  ? finish_task_switch.isra.0+0x221/0xc10
[  186.287285][ T1420]  ? rcu_is_watching+0x12/0xc0
[  186.287299][ T1420]  ? __pfx___dev_queue_xmit+0x10/0x10
[  186.287313][ T1420]  ? __lock_acquire+0xb8a/0x1c90
[  186.287324][ T1420]  ? __lock_acquire+0xb8a/0x1c90
[  186.287335][ T1420]  ? do_raw_spin_lock+0x12c/0x2b0
[  186.287350][ T1420]  ? rcu_is_watching+0x12/0xc0
[  186.287364][ T1420]  tx+0xcc/0x190
[  186.287375][ T1420]  ? __pfx_tx+0x10/0x10
[  186.287384][ T1420]  kthread+0x1e4/0x3e0
[  186.287400][ T1420]  ? find_held_lock+0x2b/0x80
[  186.287414][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.287429][ T1420]  ? __pfx_default_wake_function+0x10/0x10
[  186.287444][ T1420]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.287459][ T1420]  ? __kthread_parkme+0x19e/0x250
[  186.287475][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.287490][ T1420]  kthread+0x3c2/0x780
[  186.287500][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.287511][ T1420]  ? rcu_is_watching+0x12/0xc0
[  186.287524][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.287534][ T1420]  ret_from_fork+0x5d4/0x6f0
[  186.287550][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.287560][ T1420]  ret_from_fork_asm+0x1a/0x30
[  186.287576][ T1420]  </TASK>
[  186.287579][ T1420] 
[  186.346413][ T1420] Allocated by task 8814:
[  186.347729][ T1420]  kasan_save_stack+0x33/0x60
[  186.349209][ T1420]  kasan_save_track+0x14/0x30
[  186.350652][ T1420]  __kasan_kmalloc+0xaa/0xb0
[  186.352096][ T1420]  alloc_tty_struct+0x96/0x8c0
[  186.353557][ T1420]  tty_init_dev.part.0+0x1e/0x500
[  186.355084][ T1420]  tty_open+0xa50/0xf90
[  186.356349][ T1420]  chrdev_open+0x234/0x6a0
[  186.357716][ T1420]  do_dentry_open+0x744/0x1c10
[  186.359203][ T1420]  vfs_open+0x82/0x3f0
[  186.360433][ T1420]  path_openat+0x1de4/0x2cb0
[  186.361833][ T1420]  do_filp_open+0x20b/0x470
[  186.363161][ T1420]  do_sys_openat2+0x11b/0x1d0
[  186.364571][ T1420]  __x64_sys_openat+0x174/0x210
[  186.366053][ T1420]  do_syscall_64+0xcd/0x4c0
[  186.367403][ T1420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.369172][ T1420] 
[  186.369889][ T1420] Freed by task 6031:
[  186.371087][ T1420]  kasan_save_stack+0x33/0x60
[  186.372517][ T1420]  kasan_save_track+0x14/0x30
[  186.373961][ T1420]  kasan_save_free_info+0x3b/0x60
[  186.375478][ T1420]  __kasan_slab_free+0x51/0x70
[  186.376980][ T1420]  kfree+0x2b4/0x4d0
[  186.378182][ T1420]  process_one_work+0x9cf/0x1b70
[  186.379673][ T1420]  worker_thread+0x6c8/0xf10
[  186.381054][ T1420]  kthread+0x3c2/0x780
[  186.382289][ T1420]  ret_from_fork+0x5d4/0x6f0
[  186.383696][ T1420]  ret_from_fork_asm+0x1a/0x30
[  186.385112][ T1420] 
[  186.385865][ T1420] Last potentially related work creation:
[  186.387525][ T1420]  kasan_save_stack+0x33/0x60
[  186.388937][ T1420]  kasan_record_aux_stack+0xa7/0xc0
[  186.390466][ T1420]  insert_work+0x36/0x230
[  186.391792][ T1420]  __queue_work+0x97e/0x10f0
[  186.393200][ T1420]  queue_work_on+0x1a4/0x1f0
[  186.394614][ T1420]  release_tty+0x4de/0x5d0
[  186.395948][ T1420]  tty_release_struct+0xb7/0xe0
[  186.397391][ T1420]  tty_release+0xe2d/0x1430
[  186.398701][ T1420]  __fput+0x3ff/0xb70
[  186.399959][ T1420]  task_work_run+0x150/0x240
[  186.401417][ T1420]  do_exit+0x86c/0x2bd0
[  186.402722][ T1420]  do_group_exit+0xd3/0x2a0
[  186.404102][ T1420]  get_signal+0x2673/0x26d0
[  186.405505][ T1420]  arch_do_signal_or_restart+0x8f/0x7d0
[  186.407221][ T1420]  exit_to_user_mode_loop+0x84/0x110
[  186.408877][ T1420]  do_syscall_64+0x3f6/0x4c0
[  186.410320][ T1420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.412142][ T1420] 
[  186.412900][ T1420] The buggy address belongs to the object at ffff888029fed000
[  186.412900][ T1420]  which belongs to the cache kmalloc-cg-2k of size 2048
[  186.417151][ T1420] The buggy address is located 1168 bytes inside of
[  186.417151][ T1420]  freed 2048-byte region [ffff888029fed000, ffff888029fed800)
[  186.421278][ T1420] 
[  186.422024][ T1420] The buggy address belongs to the physical page:
[  186.423959][ T1420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888029feb000 pfn:0x29fe8
[  186.426936][ T1420] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  186.429480][ T1420] memcg:ffff888034354701
[  186.430805][ T1420] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  186.433438][ T1420] page_type: f5(slab)
[  186.434699][ T1420] raw: 00fff00000000240 ffff88801b84c140 ffffea0000ced410 ffffea0001656c10
[  186.437356][ T1420] raw: ffff888029feb000 0000000000080006 00000000f5000000 ffff888034354701
[  186.439994][ T1420] head: 00fff00000000240 ffff88801b84c140 ffffea0000ced410 ffffea0001656c10
[  186.442654][ T1420] head: ffff888029feb000 0000000000080006 00000000f5000000 ffff888034354701
[  186.445325][ T1420] head: 00fff00000000003 ffffea0000a7fa01 00000000ffffffff 00000000ffffffff
[  186.447994][ T1420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  186.450633][ T1420] page dumped because: kasan: bad access detected
[  186.452526][ T1420] page_owner tracks the page as allocated
[  186.454215][ T1420] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5948, tgid 5948 (syz-executor), ts 51741895958, free_ts 51691220219
[  186.460438][ T1420]  post_alloc_hook+0x1c0/0x230
[  186.461852][ T1420]  get_page_from_freelist+0x1321/0x3890
[  186.463500][ T1420]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  186.465239][ T1420]  alloc_pages_mpol+0x1fb/0x550
[  186.466686][ T1420]  new_slab+0x23b/0x330
[  186.467926][ T1420]  ___slab_alloc+0xd9c/0x1940
[  186.469312][ T1420]  __slab_alloc.constprop.0+0x56/0xb0
[  186.470905][ T1420]  __kmalloc_cache_noprof+0xfb/0x3e0
[  186.472472][ T1420]  ipv6_add_dev+0x1c9/0x15f0
[  186.473899][ T1420]  addrconf_notify+0x53e/0x19e0
[  186.475383][ T1420]  notifier_call_chain+0xb9/0x410
[  186.476959][ T1420]  call_netdevice_notifiers_info+0xbe/0x140
[  186.478771][ T1420]  register_netdevice+0x182e/0x2270
[  186.480412][ T1420]  br_dev_newlink+0x6a/0x170
[  186.481900][ T1420]  rtnl_newlink+0xc42/0x2000
[  186.483347][ T1420]  rtnetlink_rcv_msg+0x95e/0xe90
[  186.484903][ T1420] page last free pid 5948 tgid 5948 stack trace:
[  186.486848][ T1420]  __free_frozen_pages+0x7fe/0x1180
[  186.488473][ T1420]  qlist_free_all+0x4d/0x120
[  186.489959][ T1420]  kasan_quarantine_reduce+0x195/0x1e0
[  186.491674][ T1420]  __kasan_slab_alloc+0x69/0x90
[  186.493191][ T1420]  __kmalloc_noprof+0x1d4/0x510
[  186.494690][ T1420]  tomoyo_supervisor+0x45b/0x13b0
[  186.496222][ T1420]  tomoyo_path_permission+0x270/0x3b0
[  186.497902][ T1420]  tomoyo_check_open_permission+0x349/0x3c0
[  186.499709][ T1420]  tomoyo_file_open+0x6b/0x90
[  186.501144][ T1420]  security_file_open+0x84/0x1e0
[  186.502693][ T1420]  do_dentry_open+0x596/0x1c10
[  186.504215][ T1420]  vfs_open+0x82/0x3f0
[  186.505479][ T1420]  path_openat+0x1de4/0x2cb0
[  186.506907][ T1420]  do_filp_open+0x20b/0x470
[  186.508279][ T1420]  do_sys_openat2+0x11b/0x1d0
[  186.509709][ T1420]  __x64_sys_openat+0x174/0x210
[  186.511140][ T1420] 
[  186.512008][ T1420] Memory state around the buggy address:
[  186.513739][ T1420]  ffff888029fed380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.516209][ T1420]  ffff888029fed400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.518626][ T1420] >ffff888029fed480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.521334][ T1420]                          ^
[  186.522822][ T1420]  ffff888029fed500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.525312][ T1420]  ffff888029fed580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  186.527718][ T1420] ==================================================================
[  186.530391][ T1420] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  186.532810][ T1420] CPU: 3 UID: 0 PID: 1420 Comm: aoe_tx0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  186.536431][ T1420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  186.539985][ T1420] Call Trace:
[  186.541158][ T1420]  <TASK>
[  186.542206][ T1420]  dump_stack_lvl+0x3d/0x1f0
[  186.543731][ T1420]  panic+0x71c/0x800
[  186.545035][ T1420]  ? __pfx_panic+0x10/0x10
[  186.546521][ T1420]  ? irqentry_exit+0x3b/0x90
[  186.548028][ T1420]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.549716][ T1420]  ? handle_tx+0x5dc/0x630
[  186.551148][ T1420]  ? check_panic_on_warn+0x1f/0xb0
[  186.553086][ T1420]  ? handle_tx+0x5dc/0x630
[  186.554744][ T1420]  check_panic_on_warn+0xab/0xb0
[  186.556255][ T1420]  end_report+0x107/0x170
[  186.557608][ T1420]  kasan_report+0xee/0x110
[  186.559021][ T1420]  ? handle_tx+0x5dc/0x630
[  186.560459][ T1420]  handle_tx+0x5dc/0x630
[  186.561857][ T1420]  dev_hard_start_xmit+0x97/0x740
[  186.563391][ T1420]  __dev_queue_xmit+0x7eb/0x43e0
[  186.564929][ T1420]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.566517][ T1420]  ? finish_task_switch.isra.0+0x221/0xc10
[  186.568577][ T1420]  ? rcu_is_watching+0x12/0xc0
[  186.570045][ T1420]  ? __pfx___dev_queue_xmit+0x10/0x10
[  186.571687][ T1420]  ? __lock_acquire+0xb8a/0x1c90
[  186.573231][ T1420]  ? __lock_acquire+0xb8a/0x1c90
[  186.574769][ T1420]  ? do_raw_spin_lock+0x12c/0x2b0
[  186.576382][ T1420]  ? rcu_is_watching+0x12/0xc0
[  186.577890][ T1420]  tx+0xcc/0x190
[  186.579237][ T1420]  ? __pfx_tx+0x10/0x10
[  186.580953][ T1420]  kthread+0x1e4/0x3e0
[  186.582655][ T1420]  ? find_held_lock+0x2b/0x80
[  186.584661][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.586607][ T1420]  ? __pfx_default_wake_function+0x10/0x10
[  186.589031][ T1420]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.591202][ T1420]  ? __kthread_parkme+0x19e/0x250
[  186.593337][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.595297][ T1420]  kthread+0x3c2/0x780
[  186.597061][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.599014][ T1420]  ? rcu_is_watching+0x12/0xc0
[  186.601052][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.602877][ T1420]  ret_from_fork+0x5d4/0x6f0
[  186.604359][ T1420]  ? __pfx_kthread+0x10/0x10
[  186.605812][ T1420]  ret_from_fork_asm+0x1a/0x30
[  186.607324][ T1420]  </TASK>
[  186.609089][ T1420] Kernel Offset: disabled
[  186.610485][ T1420] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:39:48  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88805ed628c0 RCX=ffffffff8a59d432 RDX=ffff88801d332440
RSI=0000000000000000 RDI=0000000000000007 RBP=1ffff92000000d98 RSP=ffffc90000006c78
R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000001 R11=0000000000002c00
R12=ffff88803c63cf99 R13=0000000000000001 R14=ffff88805ed62918 R15=ffff88805ed62974
RIP=ffffffff81bc2080 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6715000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f4d17f2ab20 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffc0000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4d18ced6c0 00007f4d18ced6c0
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4d18ced6b0 00007f4d18ced6b0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20303d766765735f 656c646e61683d53 4e4f4954504f5f4e 4153410063657865
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4d18ced100 00007f4d18185440 00007f4d18185458 00007f4d181854a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d534e4f4954504f 5f4e415341006365 786500726f747563 6578652d7a79732f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffffff8e5c4940 RCX=ffffc900006a1001 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc9000069f3c0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000095a7a
R12=ffffffff816acad4 R13=ffffc9000069f478 R14=ffff888029060000 R15=ffffc9000069f4ac
RIP=ffffffff8198769f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6815000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000400000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000cc160081 Opmask01=0000000000000001 Opmask02=00000000ffff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8b9065102b85aff6 8df802703ec2243b
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 04ec8703359da449 38c20e33b8a9068c
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b8376eb2115d1133 19b73e5c241431c7
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b275524a8b0b5e2d dedcf0d06f416fe4
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 00000000000000b4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fd31837d9028c56e 59bd34dd0ef3f256
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 63bdb0f7e828f331 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f2995fe00ce111ab 24d32eb0f4cba5a6
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3634884400000000 99236dee132314f8
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a2e7884a434d0d8c 027850a5cd1e0ed3
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4d1462ba91149d2d 6bcbdf8ef540f6df
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000a6425006469 702e73257325002f 6e75722f7261762f 0036353261687300
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000a410000414c 550b56005600000a 4b50570a5744530a 00131017444d5600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003f000800010000 003a000800010000 002900080000ffff 0028000800000001
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0011000500000000 00100005000003e8 000d000800335379 747466630003000c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0033000800000000 0032000800001000 0004000800000000 0043000500000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 001f000800000000 003d000800000000 001e000800000000 001b000800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 80410004803e0004 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a20203620203620 303920640a0a6e65 0a6d5f2020312020 36343420000a6262
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000003 RBX=0000000000000005 RCX=ffffffff95d77ed8 RDX=0000000000000003
RSI=0000000000000005 RDI=ffff888029368bb8 RBP=ffff888029368000 RSP=ffffc900006477f8
R8 =0000000000000000 R9 =0000000000000000 R10=00000000000000c8 R11=0000000000000001
R12=ffff888029368af0 R13=ffff888029368bb8 R14=0000000000000004 R15=0000000000000001
RIP=ffffffff81985a83 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6915000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffc0000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20303d766765735f 656c646e61683d53 4e4f4954504f5f4e 4153410063657865
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f276a0ed100 00007f2769585440 00007f2769585458 00007f27695854a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d534e4f4954504f 5f4e415341006365 786500726f747563 6578652d7a79732f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855bed55 RDI=ffffffff9b0c52e0 RBP=ffffffff9b0c52a0 RSP=ffffc90006b4f458
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000032343154
R12=0000000000000000 R13=0000000000000034 R14=ffffffff9b0c52a0 R15=ffffffff855becf0
RIP=ffffffff855bed7f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6a15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000002a713000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000000534c002 Opmask01=0000000000000000 Opmask02=00000000f0000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055fcb111f600 000055fcb111f600
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffe0c0b4e0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c737973007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49565c56005600 0b56000041000b56 000040494a564b4a 460a5340410a000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 613a61613a61613a 61613a61613a7264 6461282073736572 6464612065637275
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 29303a6e616c7620 2c62313a61613a61 613a61613a61613a 61613a7264646128
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2073736572646461 20656372756f7320 7361207373657264 6461206e776f2068
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 74697720305f6576 616c735f65676469 7262206e6f207465 6b63617020646576
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6965636572203a30 656764697262205d 3143202020205b5d 3431383634322e30
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000