last executing test programs:

39.860046994s ago: executing program 1 (id=439):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x20, r0, 0x8, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1b}]}, 0x20}, 0x1, 0x0, 0x0, 0x4895}, 0x40804)
setrlimit(0x2, &(0x7f00000000c0)={0x0, 0x2400000})
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={0x0, &(0x7f0000000680)=""/4096, 0x0, 0x0, 0x2}, 0x38)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x9c)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x7fffffff)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/242, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/60, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000073d000/0x3000)=nil)

39.501151269s ago: executing program 1 (id=445):
r0 = timerfd_create(0x8, 0x80000)
timerfd_gettime(r0, &(0x7f0000005d00))
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x1, &(0x7f0000000000)=0xffffffffffffffff, 0x6)
unshare(0x6a040000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84)
r4 = syz_open_procfs(r2, &(0x7f00000001c0)='net/ip_mr_vif\x00')
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f00000000c0)={0x2, 0x0, 0x80000001, 0xf, r2})
bind$alg(r4, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x7, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r5}, &(0x7f0000000080), &(0x7f0000000540)}, 0x20)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000000300)="7c5c2fd01461b7678f7ff63fc8c939b2b615945f0341253253a78c24d13204ee3ed4090c9e0f2d75cb448cb2154d1350813010bee365135429deffddb5363c109dfba564c9efd0a55762b1ce8d7096ebd584d2da1573600a4e3bf2ca084a7898a28000b00e7f14366f039a4dcc180b01aec59fd727169049f8fd6ee8e8c7b00c4e59ae02400c216c8ab4067af2397c588c87a222fd3fa4085e560ff809e1b99b08c8f3d73e2ada9457ca23e3691c6d517164aa38471d37be3adbc41333b30713c20ac67868c2640db7c53f", 0xcb}, {&(0x7f0000000940)="2eb2031d0e0aac740718c607838b9a5735389f1685ef673b43f5854de614a9719f15cc159ec8fde5caad31c2803a922e64f4aa64ede70c0c6c5ea2a5e7265c4d023476ffb131325cd2abfdab3a97a1a2be24f41c6e2775ad409416ded851314b73e2f86d642509ef4b10c1619617d857c597aeef5ed698a505c11f9d9a518fd1543a872c608b33594c8e42b0f4fbe824ebdcd981a66f9d79408f5a6d81aaaf2aa91a4e82f440c1436d172934afc20c0e7ddf8f101751d653001307557b96985a6765aeeae773826b3cc9142941d30537be9e58947a54d5f3a7016cb119f97132dac37403c9f53233e1f23779887e2d4594f5d2bbb7ce829c62bab89582138d74fb2367517795d686a1d6bd08d9c3d2d99a4fca61f1d16344e31e40b725a84b4729fd49470a1589b24e7709175e6e5d3192779b4417b820ca5fc56d5969b9679feadd57347d75bc4c9ba34915365a3537455d8546f0f9c583be5556d4aa1881e07b308e834d788e5bae188d8f8f149771f7819f6cac9a3dd9584e4e03d85347f02c20d8d2260c3dc4f5bb3d76c33d02ba9cd096b7fc74ecebc1db0d38f0bcc421d6a1f16de0a9b1c2ac9337e69153dcb319e8ef578f934feeb9385cb6e6c40f1f5fff109fcefab6e9a729f2073330cdd46a0460534eb0635210942bc6f7ce449c2294232a6f8fc835fdf63c5e7c2243eacb7c4475b4d774466a50f5d2c65497394742ba7193dee413e55bb8267d6adb3e814a7d1553b8a1f7f22c8bc483cbfc4e3127d66d83ef10084c41754faf2e8904e231c63c1e483f6346a5422dfbc88bcb8303db457c5fd557889aa0316d9c6d6fb2ade71dace537205a52688990e20f64e9487b93519c6ecc9c845dda5f4470b6181a461472b4b3d250336574a339853687c4963e35a97f07868a10ce3d6b81ace5d685c5ba3319a9239760249d1f8a05ef12d048e92ed1be97be8748d0915f8345cabd60955557f257c2720f38c29e50961156537c99829aff7a9af2cdbf1bd4b70dee6f7567a0bcaac7c78c58c301210ff230c1df8209afe052451fc1e0f22f78fb15ca990c0909c55863be082b4ded0519ff38b5751be25e9385a594d2631419d652d1c36932e426edb033bd16c542a430346489d523dec00755cc988902bbed8abc50c258e3b709b8f38f49216164c857358f32517c20557e1ecaac290d1fc056bf9213fffb3812402f2345fb11699319fe5eb3836cd9f7185a424c62bcaab3b4a96c65b5e152eadc3b8282ab8b99b462625029fc6602495a4bc4e2006a18ae2208aef65673decdf4e37a88a50a6c8a3c0b023b767fb44d6dad967ed357cf637459c042aeb28f13ed9231605171dab3d44d0bd823b1050ae4510223d03496d1367e02edb972dbe94e7e724515af48f48fe0157cb32b9677e73e8aca5b7e9ef2a6aa2d35cb6ecb8bee8b35dc8601c9d16a68f5744bceb59dfc3ff511e5de66d5f4708ecb0564d41bba496b69a3f2c214297520cc7952da0e19f4e3648aea2f4604838215ec283372ecce4d9adc25254f10b42be08a8ee0ad46176fb18d0c2de00ccce967a797e6714b50e51e436255617ac85271f812e193ca67ad8e203992b3112f5217547a5e0582dcde0d49b1edd289212d5c76be2d94602cebb10cb06ecb7a9f80986860ada78b87468c6dcced1c8967850dcbadfc786e265017f614bc19715ab8e87297da07b6f63e798e374018de08aa5db07a4f1470c7f275d0078af5f9e8c0bf8cf501386f59f53ba807bc5a6874b3ab6dc0f965f91cbcddc7c2941f79559a48955d4f2ed70cdbaa55606db0c3ee935c078a058912365cc63b0947938fcafe4bcb3d25780f0b77b8b03574782b48ec284ea0644fb5ad172b8578a9d00298eb876d35fda1d5a54da666acfa2277c563041e9c0886b70b8f2d8d0c9d2065db4e37ea9354391104209afe7a1146e044825f8289f67af6f0e5b882587b2bb44c8bbca4dd39cf44fd24c35362dec2e776b8283a333b665b4f746710049e778edae3853f2ec7e687ef750d127078c6010ad2d21589b62bc65534709a8d8c43db1c7b840803c03da8916b4c285fa7d618d00d3b544b8ef262f842a03539ebf4c14b6e5f3e02652b50f34a9d016abbed574912bd268e3f5c84333bf6a5c0b5df63176a091f4b8eee4974a561e8344cd12a7b9010c84aaabcdb6e8baf0124c4e20a8430410e979df31c4396ad3716bd1be19aa321fdd1470aca112f47ed4607aaf62e36a69a2989b2cd28f32ddacd6c39b018149fb303ade5df6070a825049ea0cca5fb2e72e927f711ece8162f56de08895b4f99069f30517807160578655005b76f1087c356a5b1c4625a88aa446ca4a1d419040f7eeb52c42861afae83a9e246698ba4506da52834a9ea518c3554af2cbabb6e1320db0efdf6a003193f518492ea717969fcfb017cab7478d2efee060b2e8e7497ea978ba455208b86bb13b8056ae762b6b35111ce40058c52230c7416eea8e41d6c96c5583ba4574d7036368cd8e27a1dd336cae4cbc0a9c293dd3f46e82536b71bc4fc149a8b9b75a44ebe2be26402a8a35160b219e71ae7423da3ebb4e1e1bc5eab0ebb0fb967b5c20bb604a25a2f17ff0ab763bf4dd74fa9a1701faad9a367948f83cf8906bbef6fece68e4a61aafc023184f1bb0ac50892b5628f5f0103b87873392d6db3232076ea6dd287a61bd62b18405df0bfc63beddd7c4da4975e2727a55a5fdb8de00054146f3d8d5c873a0c1fc0f811cfc75ba8a521a8a96ea94059f35d33c4d7775e2a56ba8a7af1a5026859ed131d909f7d2a8632c91549f3036076f1f26163f6d04e1aa25396ea3251d1b9db89c81873ee647efa2ebe922295f119ac6143a71591f19b9a4ff974e712e5521eb5ce49b7c8c53637405faaf804d3fefd1f183b5a364ed7b85bc26c2e3a78586c8d7fe6b4fb1c7b668f391db84e3795b358f5ba1d53d236ffee591420e42189fc0206acbbd171af6300165f80be575b8eea9fb6f2980488048889b4f8eff582d8f774eaeef03b4017621e5b2af4a6bf0df27c6a0ceacc74bfe6bfa0109a566c907dc41beb3add91cb0875a9a3ec1e36e2528c38ac0d4397d4aa834a3288b1d97383520968ad6d8dc588522c0f8be7f1fe2069b9f4ccfa4971c6a4d8e1936850054a1cda06ce3c32df15da13f74433b9d2f429230805ce303ea1da9d0d4aa8113b544dea0e3b3df3bc776d9bfab13c247d03eb77c6f69847c564b963e3903b1a4e564b94334be6a1c7540a688808eef4501456d162f7194ac921b2d914f4ffd57aa894900e4a2555e3e7ea360318d103fcc1ad0b6c700ed581d1779cd46b9f4964f35e820d405f474ded963e328d7be7e137a75dfa2b07a83c3ce3917d53f5213f59ab4978867543cfecadc06b14b3f19773820f60933efa6cfac62103cd46077127da96514e276f6074c8a15d6e4665279f372bd1ad4694966d62a5c1a2f6d59aa29f648756afb4b77e8427b1c71734a9fd890ef8d89a531b0feafc2812bd6ce3b92b2ec286815cd8d1c8a7915907a17e73fd40fb7cb8a90467bbf5ea235c7316c2b4f05ef6e24a7ee23939c535f0037017e22deb6350ad3049d3f4d506d0fd1c8ed2b2d36f9cb9ef6fd363a33c83994e122dc2f25da1a02c4246af6af061dc076ea4f64f8d7e4c14de6ba5dc756bf1c8dc0c8b615c65c8a97ad11d87d5d1ad8cc5da21fad0ee08043f649931c6854caaa79a7313fedbfa9646627e5118e0999daf815f25c0613ee89be6db965052f2415894067fc75d2e9f9259dbfae46c207e1659370a7d0ea589a6177e6f3b63f96067e2f7ea2385265eba89e9857ff842672d4cf2fd435ca995adcde26418fe84c0395891fd8bdfb33c41327d16a74aef2b1de777fe3418b2b63a6a14f1cfd1ca5f602437198ffb40429871d842e7c5971f438fe87ad90e84b17a115fe209593fc5a2fa61fda28eb7f5022d6bc1760e6386c3204adb59f015368375e37fbdf8cf1e8647c77fcdb80e7f9448b4f70b8d89e46aed34912f8f80b506563ef49ea934d03091adfb1dbebcedee7b79f08587a64515c61ac69e4f213f1615cbcec4f94fb0773da1189217b46dbda247296de0d3a2f53ccebff9a0a34fa0afea86400d30adf381e3563f0a2a609a74fbd09526cd9ad5e8a250a51d41158ac85df4cce869e22c22c6a7195290760042ecea0f84c7edbeeaef384a6ad214f5f8bc760066da7a0f8a461d04eb98e5783e4a36593a3dde6c82d11872ceaea0ea019e91ca98e162ae2d470a3c2e85ac7c5b6ee237d743f139f7768640fe5bb50b39cf47884ded37566e6196c06da4f21420d202d8dff3e1640681b7ad5645357929df32d8aab8600fd1182276ac0c24207f9ef63c29db8949b4094d002a90df473cd90effad0bfde1aae8b04ad894e871fc41615111c0f68520f0a3de683c9e262740aee089f7bd2742b27d174c806a130bebd29fc216dd832a1010b54b072440214684ad072ee5d0b82e2c6099cce5955019dae81c149f52e9d071d58b1e09cc4051703c87eea9a7614affb56dc7bbe7a75032c579742fbc4e1c96962156d0db9974b26f5b2e6e8832fdee14450119767449d55699048afb6eb0077f43d434cc54d59a884b7b967372029976a16e40fac6fb83feea17f7bce538c519e2b82cc4facba9453037abd431e19a0c675d153ef4be4e3fcbb51a83486ca4f26a0251bff684eb005d9f2d3af6030d9660928668f640867cc8d6d54887d04d3b2862478f34706ec707893bae81ce9849416c2851207ec1d396cd4e8cca25c2bece8a0ff9d1de4aba90d762f0e61e9231955d3ecb92e8b6bd440fbbde721d0b6e2c8203e0f78ba9ca6fe09c254aaadec8c3cb9c6cf419521137eb98d304495dbce14fd33bd344b7841ded4530ffe4ed3091780d844531d7f7e2cd0370c127e84ed6adddd0b376152b1529ec6d5d66aeae4a8f147322c3e29242fe23aa56f1f78eb794a1c861fb89e28647f70bdfc5ef12aaa46fa8c8256ac155e6517e16c2a8b7b7b6f80957bac76b67cc441a828d5117a958b86eb0e4da2d0c1df695c3692c04de7b530efb6abeb41a45c4a5ca6671908b507b90092cdd253e3b0cb00b0f76dc45017d8707870a1e5d2b850390910c7cc1d4dfa3fe17a7450bf9c33224080e97a5f677612067060ec1ce23bded60e62f63c09e30cbd3b729ae723c69729dcbe877cad668aac4c16175a51f8df79593b87b51a2827eedc8d3a6f82a512f98aa0859a313d8450218001c34cd43bcb5933651c9c0cf7d3596c94413726621a3c3566c309f34c5f31260efa0f546223f3e35ce41c0e9bc8516d741f3ad177d6e1bfab66ecf36b9a770e9c028cfdbd98351915b9d2af2e23ce4a6f72599e1db519a7a31b370b0fa3961f2afff8db2c81577157e729ea05a898040e0978992361923736e793452e36254355c7ba62893b17d7106f8f2c858d0c058b9a4413256d1e6b465bf1cd065a4b529a0d5ae7eb2a485184a85fb43838a85f53555e76a3b55abee34ed99da6ea85cd87cb6cdf514be1475f5ba356c206ea7d1c3dc516c2992535032b58095b4b7d414c9dbac336d7f342c7bfd33cda9314189374aeea65d44d0bc1bc2e1d7f3ecb4cf5ce2a7ab1fc8e1ec7582f4335607d6afcd6bc098687e7461c160c391aec7ef26a1a7045885b3d558b3abfc311d7cb05770ab7e67632eae6bb8d222b774655085b7dd18f7c15c37dfc552dac44f0cb8a7d558fbd325373f32e02ed9fe3799c001933c5698c6c9812bf33e37b6e2d13144bfb26f4fdab1634ec35b", 0x1000}, {&(0x7f0000000400)="6fb5956acd04e7f8e4c86d0283ec5716c5f496347f25", 0x16}, {&(0x7f0000000440)="403506a8c053c3e1b2479fb0af20f745e39058d568e5f5d0650a0ff253c4405b5c3dce428f53fd4bf5edc2796f6af88d6d5547ed5c49be48d569f6724b915e41c3f3f149c930d6df23c11788821bd29a22dea0ae4689c292dc1350d58bb742e45b792ef8843a54b44f9fb5bd4e7e386ac09291fa65dfef9b32bfc91f15cbb42e6086e3ede4159b5c1597", 0x8a}, {&(0x7f0000000500)="aef84eaed72260908f6565f09e98dd1176f5509c4c238a14a7f6dedd25fc8f3975fcf7e629bc5a54", 0x28}, {&(0x7f0000000700)="38f77ee22f488f6c649082d92a20c6680cd5dba29cb789b86e90fca0fe5633cd63051405a2773c8920ed5b9372fca9f43121e5b4f8928f19e7329083", 0x3c}, {&(0x7f0000000740)="2d47f68817e4825514df7fdcd2b9a6fe86afb5be035bff7f6b1c9bd3319aa28fa787a96d38918b7292c01443c985621e56c2140a9da51cdab871dab06de2e9dc7d8cd5854b0ca6841b00dccf7b403fac137e32e49c9bdf42dcb3c9ebe31121009638dc6558bbd8edb84f889ebd7eac2e77bb7de8ff533e5cc7fca6ff293b08c4daa985f59d2889d4e459f57f2ad4d4874b74af769614298ac8a3564118590484432ed974cf5d52404c9fe18da2f645463979ba7944107ef6297d18495657bdd838681570eb3697bacdb402ec9d32488e590b95d9258d4e", 0xd7}, {&(0x7f0000000840)="da13770d81279d17da409c3b0436fd1a30f1bf32ac1d23f304ac195d272b11e1d39957c490795a4ba2cc631b5cc13d849f04b23bb96528b3fed4a10fa6de8df3a5d1b79609b3b62e840ebad78037be9efcc9ac30d13c50a9", 0x58}], 0x8, &(0x7f00000019c0)=[@iv={0x70, 0x117, 0x2, 0x55, "f3bdb4537a7f6734509b81c77aec7fce3e073436f3bef9599113f6a28932058b4c88035fbbd35605a1a9b2b10a99b5698312b971ab36d403b3ded78d1579b21dd048a85d06a3747c9482cb6f3cc39499b804cbe88e"}], 0x70, 0x4000000}, 0x8010)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f00000005c0)={{0x8180000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0xb}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x6, 0x0, 0x3, 0x0, 0xfe, 0xfc}, {0x3000, 0x8000000, 0x0, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x10}, {0x10000, 0x1, 0xa, 0xfa, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3c, 0x0, 0xff}, {0x0, 0xdddd1000, 0x0, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x5000, 0xe, 0xfe, 0x0, 0x0, 0x0, 0xb0}, {0xeeee8000, 0x0, 0xf, 0x0, 0x0, 0x87, 0x0, 0xd, 0x26, 0x4}, {0x80a0000, 0x3}, {0x8000000, 0x8000}, 0x9df9ffdb, 0x0, 0x0, 0x2b, 0x3, 0x3800, 0x0, [0x0, 0x0, 0x1]})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r11, 0x4004ae99, &(0x7f0000000100)=0x4)
sendmsg$nl_xfrm(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d80000001b0001000000000000000000fe8000000000000000000000000000bbe000000100000000000000000000000000000000000000000000000000000000114e69291ab4de478d2e4f2bf9f24f1d36fb465fbf2e60d461532347a14b5f9ebbf228551bd4e1b0716cc27736590e39dced009e6c6bd17b2ccf5ec8c0e9e785843e696add430b35ea12ec87936d5ef70b350bfacc192295ddfc5c02725bb3e49deb81ea61b8f42a543754a90262088f1c"], 0xd8}}, 0x2000)
ioctl$SNDCTL_SYNTH_ID(r4, 0xc08c5114, &(0x7f0000000100)={"977a46eeab219dc263cd2f501e46b7e4225ea2b5e0733f1035ee03f3c5ab", 0x3, 0x1, 0x1, 0x8, 0xfffffffa, 0x101, 0xff, 0x0, [0xfffffffe, 0xf0f4, 0x7fff, 0x10001, 0x70, 0x100, 0xec, 0x2da, 0x0, 0x4, 0x4, 0x6, 0x6, 0x43, 0x0, 0x7, 0x8, 0x10001, 0x9]})

38.831362349s ago: executing program 1 (id=448):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000030c0), 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x20000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000080)={0xb0, 0x8, 0x200, "d70e280d47c704ca0646642784809db1e4cb90d7838274be41bb49d8baf344f0611673a236c0e064870cabe45c3685a2bfe1e57ae131e4be0a40b3a96df9e19cdf3498fedbd88a79a6964918b655b08e1dd01e1d76ae8fe7a02fa6bc697b1476c04b962ddf7e68aa589e0750b54ab689f0482094c8b75aba64c069b82a6ae05c6c3a2f07b9fc8decff6071c48ac683901e96471d120666594aacd414ffdbba7c7343a94df64898acb0fdc1e1f6e646a3"})
ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000040))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'syztnl2\x00', &(0x7f0000000240)={'syztnl2\x00', <r4=>0x0, 0x2f, 0x0, 0x5, 0xa2, 0x1, @loopback, @private0, 0x10, 0x8, 0x3ff, 0xf}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl1\x00', &(0x7f0000000300)={'gretap0\x00', <r5=>0x0, 0x10, 0x700, 0x0, 0x800, {{0x6, 0x4, 0x3, 0x1, 0x18, 0x66, 0x0, 0x1, 0x4, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@end, @end]}}}}})
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', <r8=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r8}, 0x40)
r9 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r10=>0xffffffffffffffff})
getpeername$packet(r10, &(0x7f0000000000)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r9, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r11}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
r12 = socket(0x400000000010, 0x3, 0x0)
r13 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r14, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r14, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0x4c}, @TCA_ROUTE4_IIF={0x8, 0x4, r14}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x800)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000380)={@empty, <r15=>0x0}, &(0x7f00000003c0)=0x14)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)={0x12c, r3, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4c040)
close_range(r0, r0, 0x0)
r16 = socket(0x1, 0x2, 0x0)
r17 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES8=r0], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r17, &(0x7f0000000600), &(0x7f0000001380)=@udp=r16}, 0x20)
recvmsg(r16, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000440)=""/101, 0x65}], 0x1}, 0x40000162)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0xfdfdffff})

38.751475856s ago: executing program 1 (id=450):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)

38.751121588s ago: executing program 1 (id=451):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0) (async)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000040)={0x3, 0xd38c, 0x2})
close(r0) (async)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080), 0x1200002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000440)={'geneve0\x00', &(0x7f0000000600)=@ethtool_dump={0x40, 0x8cc, 0x4}})
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000040000000400fc800c00018008000600"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)

38.520878273s ago: executing program 1 (id=452):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001000010500000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0160000000000000180012800900010069706970000000000800e38004001300"], 0x38}}, 0x800)

38.471299112s ago: executing program 32 (id=452):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001000010500000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0160000000000000180012800900010069706970000000000800e38004001300"], 0x38}}, 0x800)

5.147480039s ago: executing program 4 (id=1080):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
tkill(0x0, 0x8)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000052c0), 0x0, 0x0)
ioctl$SIOCGSKNS(r1, 0x894c, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
lseek(r2, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x80, 0x4, 0x4, 0xe05, 0xe3, 0x80})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x9897f, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r5=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000a40)={<r6=>0xffffffffffffffff})
flock(r6, 0x2)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000500)={{0x6, 0x5}, 'port1\x00', 0x40, 0x40401, 0x4, 0x7, 0x3, 0x0, 0xa8, 0x0, 0x0, 0xfb})
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001000010426bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="03150000000000001c0012800c0001006d6163766c616e000c000280080007000100000008000500dc89017b3a453e0d2e250b3de180a1074cdc18e86c0612d4663984fd693c8358c1cbba877ad4d7b0bd09cf1dc4e529d39cb709b8ecf0d5fcc5832245b0fefbd8553c260e161a0baac844d42bbe6b763f10fc0a0bf2722d59af84d12178d0434ec4dd0cd841ca1eef9055051a25bb5dab00a0397f63411830a2d84f030994086fe7d1793eea2a8f5499c74c43cebee5260e8c7902ee8f56802c4908da30bf684a6eaa", @ANYRES32=r5, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x2004c050}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000780)={'batadv0\x00', <r10=>0x0})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010b00000000000000000c00000008000300", @ANYRES32=r10], 0x1c}}, 0x0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="f791d429812d083022e172256e7e94af9137390cb45ac4c8e4210258f809b3b0b8bdc383fe061da41a63600de3ca88d7545d0e61cc1918cc4a37ebdccd920827671003371f4985e70f0db5bfe20adf2d9164f708c8065b2e4cf1a62983e3", @ANYRES32=r5, @ANYBLOB="080039000010000008002b000400000005002d00010000000a0009000000000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x20000800}, 0x40001)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[], 0x16)

5.146101008s ago: executing program 4 (id=1083):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x248c00, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7)

4.521120932s ago: executing program 4 (id=1099):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x9)
pread64(r0, &(0x7f0000000040)=""/160, 0xa0, 0xffffffffffffffff)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r1, &(0x7f0000000480)={0x2, 0x4e22, @empty}, 0x10)
r2 = syz_open_dev$swradio(&(0x7f0000001f40), 0x0, 0x2)
ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000180)={0xb, @raw_data="43553038522f066aa77bcbd58029d9e29e40e1ab76791ba30239eb507475c6c2cbb955b7d140e4f162db4862b37117cac86845a7d8f7f38c0b0a396404170e2cec3a2aa0d8d197425150e7ff584f4d217116b1fdc8c5d5b07b17d099ca09fffc6b04d47bdf6b8e55d400967e7839fc52c1e4d0d7e57761669b250d429f54e44efaf46fc412b198b64750948c8966522a045074677219326dfba82ddead81002829ea3b9676e4df2af4cfacaf6344419001e43e4498bfab7b8cc4e36954ee1765000be9e18c1655b6"})
listen(r1, 0x1ff)
sendto$inet(r1, &(0x7f00000004c0)="ab", 0x1, 0x20c0, &(0x7f00000001c0)={0x2, 0x4e22, @loopback=0x7f0000c0}, 0x10)

4.520896042s ago: executing program 4 (id=1100):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020000) (async)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) (async)
r2 = syz_open_dev$vbi(&(0x7f00000001c0), 0x2, 0x2) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000001001000050000000400000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000e0d36275"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r3, 0x0, 0x0}, 0x20) (async)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000040)={0x6, 0x2, 0x0, 0x0, 0x8, 0x7, 0x2})
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) (async)
clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x9, 0x6, 0xfffffffffffffffe, 0x9, 0x7, 0xb, 0x651, 0xfffffffffffffffc, 0x9657, 0x0, 0x7fffffff, 0x0, 0x1000000000000008, 0xb, 0x0, 0xcc0, 0x0, 0x1, 0x80007, 0x0, 0x0, 0x5, 0x0, 0xfffffffffffffffd, 0x3, 0x2000000000000}) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$nfs(&(0x7f0000000040)='\x00', &(0x7f0000000100)='./bus\x00', &(0x7f0000000140), 0x4000, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r4, 0xc040564a, &(0x7f0000000080)={0x401, 0x0, 0x6001, 0xfffffffa, 0x8, 0x9, 0x1, 0x1})

4.450351647s ago: executing program 4 (id=1102):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000340)={'bond_slave_0\x00', &(0x7f00000004c0)=@ethtool_channels={0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2}})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r4, 0x4068aea3, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000083000040"])
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000040)={0x4, 0x0, 0x3, 0x1d, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})

4.340525781s ago: executing program 4 (id=1104):
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaa", @ANYRES32=<r0=>0x41424344, @ANYRES32=0x41424344], 0x0)
r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068109e733e1a", 0xe, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff280012800b00010065727370616e0000180002800400120005001630"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
preadv(r6, &(0x7f0000000a40)=[{&(0x7f00000007c0)=""/129, 0x81}, {0x0, 0x2}], 0x2, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r4, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r8=>0xffffffffffffffff, {0x1}}, './file0\x00'})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x181005, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000880)=ANY=[@ANYRESOCT=r11, @ANYRESDEC=r11, @ANYRESDEC, @ANYRESDEC=r4, @ANYRES16=r5, @ANYRESDEC=r8, @ANYRESOCT=r0, @ANYRES64=r9])
syz_usbip_server_init(0x1)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000994bd740f60d5600b5a0000000010902"], 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = socket(0x10, 0x3, 0x0)
r14 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r15=>0x0})
sendmsg$nl_route_sched(r13, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r15, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8}]}}]}, 0x3c}}, 0x0)
sendmmsg$inet6(r5, &(0x7f0000002c80)=[{{&(0x7f00000001c0)={0xa, 0x4e21, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000480)="0b520caf6dd9dea7fd925823d0c7a6be8da96fccf2c0bda2e109912ebd248480fecada3e19c96bcd1f6be071feefe6dc5859c2987332b25e13cd878f3b5c3527b19c1b92045b5d4f08c0e2ea0a79dd15214c569072152be283fea8b8d2baf2da93ce7ecd2223e415662567fba7c14ce6f10eb5f4935a7053ad2935f433302acdb5b6fa6c7a2049be4310cafb0d4d9e234b9022427e4649603ec3", 0x9a}, {&(0x7f0000000680)="598fd2c4e2ae8cc1a30a18be4a191d6dbcfa4cb5ba3d5fcad0fccd10a639dcaff483b4e89fa96db568b563f4fefa56944ca29b189d2956809148ede2926ed0013ccc023414521aeeeb0a2893571a1773275c8ed4e5182937f49e12cd6d48488c97a94c70f4d84d923a669bdfab4960d76a5ba68565a7b3401d65cde36b492d315243e9c55350bd8d985962531d427ae452d675e90a61ee021c19dbdd88fa37067045dec02ae4f9bf28e4c9718789e0e1a59d72cc657986efac24bfc0f6e7885d8ec28a37b695d0597d2cbe4353b51da7f82a6448652efc6d819321f4a8a01a3b669c30", 0xe3}], 0x2, &(0x7f00000031c0)=[@dstopts={{0x68, 0x29, 0x37, {0x2c, 0x9, '\x00', [@calipso={0x7, 0x20, {0x2, 0x6, 0x27, 0x9, [0xa, 0x4, 0xc8000000000000]}}, @generic={0x7e, 0x21, "ba5a514eedb297b47f01b04028328f3a718ecd9dc5379a362e579c2b2ec8295e49"}, @pad1, @enc_lim={0x4, 0x1, 0x4}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x4a}}, @hopopts_2292={{0x1c0, 0x29, 0x36, {0x3c, 0x34, '\x00', [@generic={0x4, 0x6b, "d0fb02154d8cb147c940eb19a3fe6d5af6ced143c2b3a289607a4d6b76ed3038f6eeeb39d084073568020da338f316674d3f22728d4955502ad04266155afa9452a337912936fb1507fd6d5c3eff7b89dbf655b95c8a90a8aacf795d2a12d40a2ffab578be7b96f33fa9c5"}, @generic={0x2, 0x22, "51191ab74f034d5034a683889016200dc8d58172422c79282f22a448c5d94eb38cd4"}, @pad1, @jumbo={0xc2, 0x4, 0xdc4}, @hao={0xc9, 0x10, @local}, @jumbo={0xc2, 0x4, 0x2}, @pad1, @generic={0x8d, 0xe6, "8fd61290a2c954b3db167526292a875f1b3e7fd04b6b94501f21294fc64f0c23d41ba86044462255f910399988c335f5439a99853c63a68201cef0044fec28c4164b77876d6f14dc55ad6c22b501bad9025f4928c8a6bee02efd971acb229533771867838e461c33ba49ab937ffb28786ecf692706740b2071a7263e4819f6d82b56e69beaece58f65d0aad0819f36f9b8855f552fd191438f8622535ee59580034505bde6fa51a99c5e57a3dbe3858676f3199ca8639d01e8213af51ac451abbc4d3ba50ea5fed996e6f299c40e6c8b5503c69b378e9b464b0993ed12a384641021ea79732b"}, @ra={0x5, 0x2, 0x8}]}}}, @tclass={{0x14, 0x29, 0x43, 0x8}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x21, 0x2, 0x2, 0xb, 0x0, [@rand_addr=' \x01\x00']}}}, @rthdrdstopts={{0x110, 0x29, 0x37, {0x73, 0x1e, '\x00', [@pad1, @generic={0x3f, 0xe0, "c057b8996a3e139f20b2f8184b8e982c7d099155afca54ece73d905fac6afd0e1ed7c2eb51cabf4659acca4f803043a377a37957e681f93640b17466b64b5384a9e32ef028b61460f32518a33017a921d48cf7c2f6883ee9976a206de0601280ab68a1a05ea3989441a9e6a9415c6da0b62206f37f44e4cb33455d643b1a6818234ff9800f42edcb1c344bd78c6239049b0add6e1501c0fc48dd5ae328988ef58783f3d0eae76eeb2650a47282b442853a3fdcf4432991477682e0cb4ff4a768475fa1bd5105bdaa1be49c9c34633078b9df5fa5738db00555414b7ccc160fbe"}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x7ff}]}}}, @tclass={{0x14, 0x29, 0x43, 0x4}}, @hopopts_2292={{0x30, 0x29, 0x36, {0x6, 0x3, '\x00', [@ra={0x5, 0x2, 0x8}, @enc_lim={0x4, 0x1, 0x9}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0xd7}, @ra={0x5, 0x2, 0x5}]}}}, @rthdr={{0xa8, 0x29, 0x39, {0x87, 0x12, 0x2, 0x3, 0x0, [@empty, @mcast2, @remote, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @dev={0xfe, 0x80, '\x00', 0x1d}, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}}}], 0x480}}, {{&(0x7f0000000340)={0xa, 0x4e22, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f00000010c0)=[{&(0x7f0000000380)="6d49c11999bd9be90ba68626466c71b74d0afe", 0x13}, {&(0x7f0000000c80)="e041662d32e5022e02d5224e33201107e38c5873de74784b4119fcf5bf196480034ed2d3baafd074062d22308ca2cc025b2e192a5b88f894f8b38eeec83e9d8771a1b9bcdb0530ceb72dace228f547451ff2f71c6a7c0c0aea28d4a9eccab1856b5e179330d4ce533d8cb59aa7b1e2d293d94419657d3c811064e217bb3a4588ecf8cca87456381f484442172eceb53ecac314ff0bf8e40f03d9f7d2c3ef995599f6425342e538126044f928696ad0ba46f69e3dfbe7364dfb85f83bf155b0e4555b584a48d1405e1a700151c3561f9f60d22e6e2db6cfa09b83565f80091a0bad2b40458b68c0", 0xe7}, {&(0x7f0000000780)="c300c8dde037b63e2a361bd63c231b8f675caac0768a05061a2aa78bdceb759464a23580090e8640be4ea28f5df0c2bdccf36530ca96ec1bd3af922fdf0805a5cb138f7944ef1156113565f01278db8d0b859e9291586728256a4b4e7740728b0db3ed6416ee58c92bec4cf6a5d57f4d63b8b0c843f7aaf96755537e11216c68595db3d7e9918ce97d8aa1af4c55", 0x8e}, {&(0x7f00000005c0)="22a04f12d75cb0da8cbac1b8c23a170b2fa381f032b58caaee220d250b0bf5ce74dce3a66bbc686d0eded1f68ecca2cec51d4cb75bad72cc31b67554575c94a30448f8db0581608a2a8f666c4a62586afffc631a9407b04ac145669b00fac8c4a1d6b5cb5231f49d0a120b910023fca862398f094783d1df75756e21cf3018", 0x7f}, {&(0x7f0000000400)="3165c8ba4cdfaea37e5cc54c3d817abd99539e", 0x13}, {&(0x7f0000000d80)="3100bf88782201db5936dad223f2ee9f942c8480e124f13f5f36e12096fa6fc31b7142208dc7b2fc5465cf2ce1cba06c4f33d746c68c48d7cc9f38502c4172ceab9192bae9f7bf960cbccd4cf72fbef65ed14e25a7aba19b96d8c1d02784026c46cacbc9523b695d19771758eddf5ebc383a7223", 0x74}, {&(0x7f0000000e00)="310bc46c526e0675da3514b255b176c906d36e400862d46e4886f352dcdd38b7d7f66a2428c65eb485d78bebdbe0b7a14cbb90ced223b9c405fd0685c992e4112f4ab52bca6fdec67aefa8cbe87dae4470253a42eb", 0x55}, {&(0x7f0000000e80)="58bf187d85e3453cdff3708cf4951645f4a902f71a94d91acf6b51d2e4a33dc524215bad818213294192bfe4ebacbe5889db96dacc584a447873d06d7da9fa1a44bc02401da3e923529fb0567932f6215dcc4afc251b657b51bf6851edcec13ab44f8331a90c1b8ab2c4324506e320f6d6872570fb6256f3a5828c15c256325b9d76376d7e307d5c62cb8cc6dcd238ed0d98ed2f3fe765779401c7a358bc4258b2fe75a9d4cff8067ced92bb076a43f09321294cebffe08edbd09e55c4b9972ce025838cf2c83c837cf438852f602b005a947c", 0xd3}, {&(0x7f0000000f80)="2a9b6f88bfad1cd3bfc609d8559c0d484911ffff92795f5e0c364fa7ad52dafc946333cf9ac703271fb85234b1618e2395b97413a72a75a09437c17bcd3d8890d914b0bcd716f8b1fd8354d27af986e637a7e0ecb8082d91150af7", 0x5b}, {&(0x7f0000001000)="05de16b72d8a8a9bea6d0c4982184202242eb1b54475d6eb02855945dc89229d40186badc428547ca9ab27932b70d7dbfc48180ddd8b4f7199709fa1b02abea501d92544dfc6f6970dc02fffa47a058235479fd76e621ce0b4844fa68c9d35bfe6a03159b699a65feacec1d782391d6e1164d9a5d7cbe3e739532c0573234095379b81f55be2bcbf9dd20aaf40c7f96f127748b85b7a08ef81062b65d772b83e75ea88d39038c1857c5e1f215e2ce3a1", 0xb0}], 0xa, &(0x7f0000001180)=[@dstopts_2292={{0x38, 0x29, 0x4, {0x0, 0x3, '\x00', [@hao={0xc9, 0x10, @empty}, @ra, @pad1, @enc_lim={0x4, 0x1, 0x5}, @enc_lim={0x4, 0x1, 0xf8}]}}}, @tclass={{0x14, 0x29, 0x43, 0x80000001}}], 0x50}}, {{&(0x7f0000000540)={0xa, 0x4e21, 0x8, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x800}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000001200)="1bc148b10b1ae0ffdd5665825bdfbe55da3d88836270bb8a2ce7561a07fd606142e9ef4602e3b6550ac93386382ae42a80d37321db7eb7c1f38e59b204f407a78186544ba134b54911bff01b3c2e67f170d563e7792e5d3314d636c4c20cd73f27150366d79eaae243cc18b8db3b54d2da808c184a3fd09a89af9f94628fdd5363cfc383f867ef2091e0f01fa3cc36438a76df2b653f1dd0b6fb8ee055f655e9a2532534ba8d28c3a2", 0xa9}, {&(0x7f00000012c0)="366537f4d1696bed3ae790cb46b461c9dc0fe0366ef247ea9f1dff9d57b44c2dba4b5b2389a74b91c7f9eaa34c17f8882a817d78efe84f2e94bd311e55aa3050ea97d604d086ec2d960e4effa5cd367d1e72f3d9cf4f886990c6678310b7496a723a4ff605455cb739cac8fdd39d1c6f5bb17ccb9e234e8783f5ea1be9391da5c1b5503b5ed74c23159cabb97c298186bbea8b734e168ce73482a82d6287c61b2ed13290385a9a0507784badfa0f4345eeb728edd8a77d43d431368bc529e12e9f5abddc1e3dcc31f06139954f50159bd11d3e79008b35d08e212ad21fe3f47c", 0xe0}, {&(0x7f00000013c0)="1e6bce7d88ac4de399cbb9741b8f7ba8328ca283bcb6b4b0b640559c3f0b139b57c3c79704fab0253683d1bd", 0x2c}], 0x3, &(0x7f0000001440)=[@rthdrdstopts={{0x38, 0x29, 0x37, {0x16, 0x3, '\x00', [@hao={0xc9, 0x10, @private2}, @enc_lim={0x4, 0x1, 0xd}, @pad1, @jumbo]}}}, @rthdr_2292={{0x98, 0x29, 0x39, {0x4, 0x10, 0x1, 0x20, 0x0, [@loopback, @empty, @mcast1, @remote, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1]}}}], 0xd0}}, {{&(0x7f0000001540)={0xa, 0x4e22, 0x5, @empty, 0x7}, 0x1c, &(0x7f0000001680)=[{&(0x7f0000001580)="9ae0515aa6028c2fdb86f699b09dbc1c5089e1c4192270eda2f19e773bb21aca88323576716484d0fc7b4d51810ba620e878290460929e24ac0c022b602bdfb38fbb63731c44e92b00bcffc60e84cf14a7b7435e83d74ec6b648be4c73ac104f46e21d617895f871252caea4c01a1ebd6196f458bbd4b14af66c1907ef8afcea14e8c58d77195e4ce253c26cc62e6fa3a59269039c8a98a8af0fc2edc78a8b191ff051f3f02abe7e436632969b22446574650dc95c382f9b9c1b44e3678eb2627a7b971f855972620254b90739a4973839141f8cb93f91d64fd8d952e705792f386b4384679a0f1dcf0d1f5b0b42c135a1f0a3982e5d94f3f279653715", 0xfd}, {&(0x7f0000001900)="ea27a7b59631f3aac077bf55637e5e362fb936fc8bf7ed2405e0567c86de34ca6a502faefa9641e3e07cc1ed00a442e1320c43edc0dbd6be20f38093ae384571e9e54bc620cfed4fa177aa2579e7aed59eaba59c90c2069e7c3b1ad61232996cbf61336ce0099239522996d4d95be193f87345a52793c4caa3b565083fc62197090e91049c00c26872e445c084325f2e21a0aeef6ea5b9b909bf710039f71fd1dc3ae1b918385cb5e6280f4d239818ac43f21035e86c4843ab62d2001323ce91480d30c63e78c7aa43cfa7e6662345671230bbecbbc56585fe5917819f3e9f485d6f98f14a269acebebc144b93c155cff87dbcd9e0560121ec96e4bea709c606b18b5cbc24fcc46cad5f01c98438f17e690e1e20d202de5dc1758a30320d8fafb3fea99556fc0fd12cee5c6fbbce86d3c83a5601e1088618944940180f1846952c16ee74c668722c99b1bd83a03d38c9cb8783f58f4912ec200e8bfaeff3e549b6ef054b9e1df1e22472d5cb74ce4eeaf5a0254c8e50f7352af0a1d187f3266ac52de9b709ab64c046f107e614e5e70a0f3212f2963a256f74740fa6ec64e6efea8413ca3458d1b97508867f84080bc6881f99659167fe12fda57583fa33e75e8f615388cbe0dd6d705906921b32e130283d66ec9befc2be175cd69771630e594fd8bd33061a1147d8c0c5ddb00ee145dac672357ce2cf4add81a9dbd51edb75c04a71ac049ed545871e2c7fe1eb6e3a6bbf55b9f453976188f2426858379a6bf9002da47a4565e0b17b7dc3d5ca46c8c3d28b63d5e8d25ea90641447534febe3f0cbfbe9cf0265625b3a44c5bd04ee885cfaf1cd25b5c64a6ffe9d31774c522f1733c1a2683f4d363df63ee784d291502ecec91428b42f7c27bef5ca9a899b93b254f1fe3cf33d8b1ecdda176cad45876081aa992e06984b4c785b61f5956d0f05bf933c2848ac7e61f9a898e9b39859a8f21a48c3bf74ef58fdf98b11e75cb27bb8b796e24a1503b947a4edfdbc6dfd1d5067a1c8fab8123d66146593dcaea3eba4102ed5e5735a25d1d5bcad0912ff9fec72cd8bfd31a074ac1ffd5d0dfbd80bc808b6dd898b573edcecc74edcb1f67d07f59184ce180a7591f40a3b07db6479c869331bcfedb3030d8a88c9d9ead9cb5ede969dfcb6339c9fc1c017412a3375cc3d58970b6911abd51d406ca04f63bfbe69f159d1212ec0a714c5621d70073e18bd31997c70ac3a7c86d0c08f32e3110940f1d05e0b548ed1096fc08fddc14ac81428d525d6fe61eeaaa2a2f7c61f39226302869e7c721f205edbabc5f016f657ce112050d0335714a25f3582222577350897dd570aad5721a897c73e4f0759fdac0c27e1d1cc0ca5b546700086a6c4c081aca6559cb41dc66024205468c0dba8c10268050f1732bbc762c4047d91d51add83c13cdccaab2030ac0b1bf7bb40dc8fc85aa7949238dc94608e19667dd192111f26cea965be871c9005b4b5a80bb594a39f6ba51d9aeec3a7384e0a6f4ad892182f47a163807c74a0c9af7ed855ae9f4037b27a424ffa7ad2be3baed6aa9913fb858bb9412c49926f2e140c441aca7ea3deae29a30198a5238c45c43bfc99b8027b1f850fc051020a4a673ed2f5fb40f5482e59230c5b1e56042d0c1ae9f0f572a5fb0067527635fde29edbb6db250c2214ebf0d7bc63e60bd09a5e4d11e814f3d6e69b3031e45619ab87a1496948e770c71a8d48a396092d7a589e7dc61301d4c0476e097b02604fc01b9438fbb6ceceafd3d0ab81e7edccc175ebc9428641ff08f0504b8f9e1dccf8310373516856f5dc6dab4eb443b92a6fa365a0ad6b155377df86ed903267b647dacbe236892903593bd262ad63650a5c73b1d2f873575dae578de273bf446773d6f1f6135af7680d92a1d735663921b9dcaf1eb4d86c2b3d7952feee6ff7c7d0ba03aa9eb34fe18500e2e81e1900d14bd00a895c005c0361f6b89f44f5a2d03b57ba3df455ccd3c258d2980d5ae9cbe425410a31d481eef1fe61f5b2de2b35a73e6081d727599c7e1f1cbc4c6fc692ae32029b6535266603461ac18ec129481950919c65df19ae605782d5acb8c51698de7ac242ba3ab7ced27f0c29acf5d9bd5819d935ea3be70a9745cff825b51337862acd5b6ec9455d2c55ffcbd0c38992c18cd22110a7624fd933a76021ed434f2a568ab85a00245ce71b02605cdb7068beaabfae59673d35599b93834578e7b6ce8180b2c835df58f5ffe0390d87955eb5348d7bc975cf62ad6ec09e4b12186bf178c700e0eec894ea6d4cf77612343db197efeb44a0c6c2d20b8bcb72c075d13737d54cbfd276b03e66a17f2aa906960188163ee0b3fb7f0704438e18acdb2e35c70516867dfc2b73bc631481fbb36b530da6a8c114c9916c30a1e02da0d96146051b1aeb22ef18275048f5dedee4a6aa761d55e3d8f5142ce91c5a23f4a59ded8c8e262dd184cde5574336bec31f8dd7a160cd93af82d627f57b6747f2f9f6b96303ca3b5ce1e20b0e98462e23a7a2034d05f26790de315df41253b1dc9423e11e9eba36047e48eb19659bb64b98daf063cfc3afcac74eda2fbe98798a55d8f72c60c2b03e2784a3531695f38538f34b078d478186d5a3399181d816ca590b3a8e8713cdb88ecfb2e8fe5ebc181a497f74ca3f57e6bb3640291180a09071d7a352454af098289649bf9bbe332918509d296e6e75b32bb282911404e424f57a57d48089964e62430cf98802d27010b2102bda501dfe8b9ecd4ae1c94da3b5900a61c28f14ec5232f45b2f11d7f5718374f0a3ce6adcb7e00b1f7e51f6b02ac4b123c22db1f74afbcccc3e11fcf4200d581b80e3f2f1a3ed908d649e207ab744ced1d3354f82a181481db859827d9a28674b4a3b23c7cb00feb74b080cb0c1d9b49ea23b28cd94144c2f72d38d09f5e4b57d846dd3e464c5dbb0c62e60cce46745c2b689fe579999bde6495b9e4337adf2c0624b0e9738beca734b3c4b16bccf2e1862ec00d6e3f209396d529ba05d1a980caf97bb300867f36a59204c0f6734affa3d243f8c33924152997e6c20f9207252f09eb23ddd7221dd42e1271aefe6d22dec36a4451c11b262da119c7983aabee5504a0f55a10fb1cd87d314eaec122ad73cbb4ee69365fc0a4257eb71e16727fa4d172fdbaf244e702691d25dc6b8bb5a4d5390e18ce656bc8ea90b0d562c5cc762b2e1ad665200004a46ced81265c45d321761ef1d1799f3a1e699d3e60a52658a945a19240dc1fa0de5fa5beee03d7266256e02eff25137bd29e6f1677c4fc1f496142de1c10d6879a6d832a7d37143a3a24f68a25a2d1ef774f1704acc08b6804a29813db19f394d814e9849f100f69a9d97f07943bd52b9695fe2b8c00c241aca7cef0831f62b8d1f2f3fc44e2936c6d5ac2978e37169060f6bd4da57a86fcddcfef6cb0dc1fffb1308b1f9e05cd325a0dcd9b270c548733666601e2aee5f756dbd79f855b3344ae0dbe574be2935f92e028e1563f8a01c33fb2f245b86f50684920a1cd39f1d9ae2f85d5984b96d454dbf4871e8d3ea3e69cafaae63d229b8b306cca41f776ac162ce0087be00dd40f8f143f0634b88031cc6df9a22819ebd5005ed7dda528bccef9a4f63e06c24e49f70ac5c1868e10be5db6bef63d0d140c10215f2eb01df99b3ea01c618a011ffa68d5f19ae8d4b8a769b083ffffef2379693e34632e781bd17efa8b5199debfbcfccdb0275df5782c00ee8c0a13c4b31be5562f1680af86ac62a21bc7d6ebe5f33981103546178ff1a29252489bbbda4aaca10ff54a4379766dc403c201a5ee9cc24889078e40b5b8956305feca0bf2e243815888ce41074be4d233f3c43514b8634a17c018f2086d69139001ccad8ddb45e0af618ce41c058335263c455b4193600c5ac5e26288bf703e18dcbd7ba0bf77b8ccaa3c616cb6574bad18091ce606d0822ee5682417c5ddc51ab36936127504ea253a220c36b2807a2e1c509ce5a0c36995379e494e3a8617ba69beab93c146b2fc09a989f82ee43a214aabe1e34e1b29efc59a7807894c1303e12e002d4d143e3b119bed782495ebd7e045d31099985b0fae036896846ebc5b3177f287045e8e0e8c46fdd4d7d1bfdc8fe1392709fc1356552afb82241c7919e0c4f6344735179d210bcdb1fd74cc0f895cd6f5fe4137c7b1c639bac88e7270c44e69a99134d624a3fb2219caa11903160e33b4cc614b15945efad89d4a105f33b505e1bc8653ce3722d1c3fb6166577394391be79edd6fe6781c4513c3d1daa0c341381083cdbd36e5e213b84a90dc1daaf0d6ae8c13e0d9fec394d31c592d5cfe0072c2dd6f078a19acd325843511fd47c9c8f39ee64064c424d0756572bfe78ba0042ec06437ce2877f87ec05baf06ff92006eb5ced189484c6f94dd8e215f6d476d13bbe56ae73b468f3469548fe4ef030fbd6253456fca1c1f44928e8d00f930a810f86f39b5d7bf37902865fb62f3c63b7f0f2350941a56bc318e90b51a9df646382a5b4206722396c0c439dba3e2e3f09c1c26b286f5c4751baef8cb0e797f4f5f3c769bf629e10b39c31ac30aa20d26a65fe4fd8199734f1ab82d2317dbc14f9a2391619544e4a73b3f66d7361f9bf81b3d9789144eb2c2668db3aef32e6e84c789add2b92af193b2d8c693dc45b2ddfb590dd44c779b9aa91c508fa7299dd2192fe59baf1a050f79a5504df19112b8d50cf5301f7c221a3d391436deabd4a40dd34d48cc49e12954aa8baf0542cd34653b1a2a1931b03669bcd8386d82a051782781780debb402c7e08ba72a7b534d3d96e9cbd20c530b6df98408f81a027814a7878e677c00ce9fbfc1aade9cded16b7a8da6d7ff26f9bda7e3ceb90d868782320b2df91e1285a06cb0da60fc804462611920dd7f79ace2d3c81a09a40f3105db57374d736ee80a0685d811e18919e7ba4c249e5fc0657af61e4b3afd2a1284356d70447f6d4a21d995bd055103cb4cae79e68c91c608c4b459469b2c53e22d33dab895e200b037329d3d0bca236dc5ff505f98f3e5ba2124498be245ef4412d17db1cf6f90653cc320679ddbdd693464447afaaaf2a35989058302f773ce3f29da2c52f1401d7ba39187cb17c6bb42ea4334c1e98ef5ec25852b73477bdeb832f95110fb446981f999f6e25d584ede8c085a76d180881f210de8a52aee152bad9d74e57fe0798fa30a824fc2e2f516fbe7ec538c4d7633127ea8367fa10d91d0b15cce4ef8a4ba1957eace4c0ef53c50039575458ea7622f8d0f47a76994ff48cc015c230fad163763ac0a0cb4cc935920c7016993b27b999485d2418a9a1257f402fc5d96518edff1803e0038aa21a885028b9b3b9fd9b18eaf5afb983bf5a8f18058af2786cdfd8ffd287f1df0ff54e560ae59571b5e2ffdacb68b1983aa3b9a47897afe1f7d3be7542ef06c95a3f6cefe4a43beaa1e6ae637425f2a788cc5c6dabede522ee2bf613ba29eef8f0cd6b3ef7b05b4a6ab2f5285b5399b8d45f0bcfc5fb27d41cdb3b9617126257637c60745c8ab96ee85d288401f8030727ec428b7757be0f92e6f6eff79b7e3c42120debdf007991db2a4dae82d2367efc96444b43534b5a121bec284eb03b40649acfacb8d7f8561619251c56c6e9e861dbec811802a485687eed6b78b9af5a72ae9149f0daf2f7ca79a405bc60c85c8741be78843023832713c437221b012f5149ffecb01235754f971adab8ec587badc2dd57e209d20db0b898cefabda3ffa9d0fc9ceffd25c0a5a951899a138b022", 0x1000}], 0x2}}, {{&(0x7f00000016c0)={0xa, 0x4e23, 0x4, @remote, 0x5}, 0x1c, &(0x7f0000001780)=[{&(0x7f0000001700)="159c8622515802f1cb1067137eb78edf83b327ec88452a772606ac526b85e616e23c06fd67f6811dc2e68f48d17cb5ebd8486c5e4fd9a6608c954f55ef446d9f66163f9ba7606b3747b477d7b45910d2b1a539261bfde965d7c33e2262681e3a8333f371f6ed8622eefc4d31ae312515c1442ba500f3dfa9", 0x78}], 0x1, &(0x7f0000002dc0)=ANY=[@ANYBLOB="140000000000000029000000080000000200000000000000200000000000000029000000370000008400000000000000c2040000010100001400000000000000290000000b000000000000060000000024000000000000002900000032000000fe880000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="00000000880100000000000029000000370000008b2d00000000000004a4c5c5fccd1af9c8116d505c7cf79cbac40bdfc24bc4af44830a9999d396156e3f42691025f10f807242bd4123a55605447cec1e8c9d67cfbdfbb669da5018dab65932f85c973c9b6e57071dc523890324995012f2aeb9576791126282e82080201f17860502930cb31472392f7c85e68071a8473ea12897141bd6f423e9695c519c27ddd8cfee63ebda4e6a6d8b14f60e2d15b3c11a73032e3c98dd7c854675762b9e9dfd070fe67c92f9a1ebc83662d7d14414cae10401040e5b5bf0dc19324188c5b65dc06ed9e43aa8b453373c413add8ebac3fae1d7e5954f32c53ed24033854e01b70bdc63f99a5f24e26590b58f5ee3f82180de6449b48598cb0009103d6fca32992b0775d07da5c90850c090894c9f5b29a4bf16c9ea9523d882d3f042760d05c20400000fff0738000000000c010e00ffffffffffffffffffffffffffffffff050000000000000008000000000000000100000000000000060000000000000007100000000302090500ffffffffffffffff04010500000000140000000000000029000000080000000500000000000000140000000000000029000000080000000300000000000000200000000000000029000000370000002c0000000000000004010004010700001400000000000000290000000b0000000000001000000000f00000000000000029000000040000002b1a000000000000c910fc0100000000000000000000000000000490033f7988e9bd44ec4eb01ab1721900000000000000003d25ba6c0e961cb0bcc62823ceaa183d1ec7307113130b55a59eb90fff805c3ff6d9fd7e14cb568c3db9e72ccf8d64347f26cccc208e9e9b3d932f73d7990eae02996df940153c40365e12024b4ecb575b35a6b7232df4398ea81235fd9b11d34329757c62475c339f1eac13618550260bfee0aad9291338b132c910fc02000000000000000000000000000004017fc20400010001040181040157010800000050e7d1891358184f1d6a9cc599ed899aa82c9b1ccb3bd9e65151fdc43250b23e8aa9040fe16617a7803301019b544395a260ffc40700000000000000f654978b0325e971c3"], 0x358}}], 0x5, 0x40000)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000000)={'wlan1\x00'})

1.9194823s ago: executing program 0 (id=1128):
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r0, 0x851, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r3, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1.737649305s ago: executing program 0 (id=1132):
r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2) (async)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x7) (async)
ioctl$TCSETA(r4, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
r5 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0x5, 0x1}) (async, rerun: 32)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x12, r3, 0x0, 0x0, 0x0, 0x1, 0x1, {0x3}}) (rerun: 32)
io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0x0)

1.570239062s ago: executing program 2 (id=1135):
creat(&(0x7f0000000000)='./file0\x00', 0x1)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x14})

1.469210505s ago: executing program 2 (id=1137):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x3ff, 0x1, 0xb5315258, 0x5, 0xc, [{0x2000008, 0xf}, {0x8, 0x5d4}, {0xd, 0x8}, {0x7f9, 0x8}, {0x5, 0x3}, {0x4, 0x1}, {0x6, 0x40d}, {0x10001, 0x1800000}], 0x0, 0xd, 0x6, 0x3078182a3427730f, 0x1}}) (async)
mount(&(0x7f0000000300), &(0x7f0000000100)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) (async)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000004, 0x42031, 0xffffffffffffffff, 0x0)

1.380010429s ago: executing program 2 (id=1138):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f00000002c0)={@rand_addr, @rand_addr, <r3=>0x0}, &(0x7f0000000400)=0xc)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000480)={'syztnl2\x00', <r4=>0x0, 0x4, 0x0, 0x7f, 0x9, 0x20, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @private2, 0x8, 0x8000, 0xa7, 0x400}})
r5 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x34}, 0xe, r6})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f00000008c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000880)={&(0x7f0000000540)={0x314, r2, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}, @ETHTOOL_A_DEBUG_HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x274, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0xd0, 0x3, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x57}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\xff\xff\xff\xff\xff\xff'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'workdir'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, 'nfs_export=on'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'workdir'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '-,&!!\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd59}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'PPPPPP'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0xb8, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '!\xa3\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'workdir'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'PPPPPP'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\xff\xff\xff\xff\xff\xff'}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ':\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '\xe2+@%...\x05\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x200}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '\xff\xff\xff\xff\xff\xff'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\'\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0xcf, 0x5, "d2831edb72cbb7f309b2a474ec1bcd71f73de63a62d112a0510122402094b4afd616558b0df2c52805dc5818f86718e4f6fb46a66bc145d9c7064adfef4a93946dc8abd9b7926d9503174f673bb753f7323bfcb83a85f94d3e8d7e644dfc8b8c8b4b0c4996367dfa75a8ea40c24db69f035b0305face382689fcf4c487ffbb2ef7a1c4a7426994b8b657c8919eec0fa5f479b37ae286fcc1e5affb8611853187584720f202dec6879fa5ce09bc21a62f0a42a8a709c992078eeed3da1851139f031ea0a1312868e97de56e"}]}, @ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}]}]}, 0x314}, 0x1, 0x0, 0x0, 0x4000085}, 0x800)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r7=>0x0})
dup2(0xffffffffffffffff, r0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)={0x44, r8, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x3}, @device_a, @broadcast, @initial, {0x7, 0xf95}, @value=@ver_80211n={0x0, 0x1, 0x2, 0x1}}, 0x1, 0x3, 0x25c, @void}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x30, r8, 0x100, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xa, 0xc}}}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1c}]}, 0x30}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x17, 0x300fb, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x30000)

1.169127635s ago: executing program 2 (id=1141):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7d, 0x2, 0x1, 0x7f, 0x4, 0xfffffff9, 0xfffffff2, 0x5f, 0x8, 0x3, 0xffff2d37, 0x1dd2, 0x5, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x5, 0x3c5b, 0x1, 0x4024, 0xffffffff, 0xfffffffe, 0xc50, 0x20002, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x645, 0x7, 0xa, 0x0, 0x74, 0x7, 0x7, 0x103, 0x0, 0x5, 0x40003f, 0x91, 0x4, 0x7dd5, 0x3, 0x3, 0x4, 0x8, 0x0, 0x80, 0x4, 0x0, 0x2000006, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x0, 0x7, 0x2, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x3, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0x9, 0xff, 0x1005, 0x400, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x7, 0x8000, 0xffff, 0x9, 0x7f, 0x9, 0x5, 0x8, 0x4, 0x1, 0x7, 0xb, 0x9, 0x0, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x80000002, 0x0, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x0, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x8, 0x0, 0x60000000, 0x7, 0x53cf697b, 0x5, 0x4006, 0x54fe12d2, 0x1, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x7, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x80000800], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a9, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc6, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x7f, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x918)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r2, 0x40107447, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$CDROMGETSPINDOWN(r0, 0x531d, &(0x7f0000000180))
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffecf)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="eac80025b0e7a0f35591ca020003001dcd13f897f9ab8c0f1e8150053e57ec3eb8eb430bac18f3374bf052042ee146769fc5afdac4948b5f1189a76ab8adfd41b49ab586c628d10bda5d7841a0efe86345da"], 0xf)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
socket$inet6_udp(0xa, 0x2, 0x0)
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r3, 0x4008af13, &(0x7f0000000040)={0x1, 0x1})
r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000008, 0x40010, 0xffffffffffffffff, 0x8000000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x44, &(0x7f0000000080)=0x400, 0x0, 0x4)

1.168278803s ago: executing program 3 (id=1142):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000400), &(0x7f0000000240)}, 0x20)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9", 0x5, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000008000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000340)="f30fc734b10f01d1c74424001f013c50c7442402ff250000c7442406000000000f011c24b90e030000b83a000000ba000000000f309a0d0000002a00440f20c03502000000440f22c03e660fd1358a0000000f350f236e66e178"}], 0x1, 0x0, 0x0, 0xffffffffffffff78)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000400), &(0x7f0000000240)}, 0x20) (async)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9", 0x5, 0xfffffffffffffffe) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) (async)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) (async)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) (async)
dup(r3) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) (async)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000008000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000340)="f30fc734b10f01d1c74424001f013c50c7442402ff250000c7442406000000000f011c24b90e030000b83a000000ba000000000f309a0d0000002a00440f20c03502000000440f22c03e660fd1358a0000000f350f236e66e178"}], 0x1, 0x0, 0x0, 0xffffffffffffff78) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)

910.218772ms ago: executing program 2 (id=1143):
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, &(0x7f0000000340), 0x8)
getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000200)=0x1, &(0x7f0000000240)=0x4)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f0000000240)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, @val={@void, {0x8100, 0x4, 0x1, 0x1}}, {@x25={0x805, {0x0, 0xc, 0xff, "e1721e7e2340e094d601abbfb3e01cdef15fba60536847d27ddb54a271904c37e29266a583e45a219fa58b1c94b70a96b32ab4ec7106adb0b1c611813e2d42299cd37c95362bf7a2f0d7cb8f30b25cc6cb8069c89b630cc1ba"}}}}, &(0x7f0000000100)={0x1, 0x1, [0x940, 0x212, 0x156, 0x482]})
connect$inet6(r1, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @private2}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71006000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x8fff5], 0x0, 0x0, 0x1f, 0x1}}, 0x3c)

828.071099ms ago: executing program 3 (id=1144):
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000180))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
chdir(&(0x7f0000000100)='./file0\x00')
unlink(&(0x7f0000000000)='./file0\x00')
open(&(0x7f0000000580)='./file0\x00', 0x181242, 0x1df2a23c5997fa5f)

700.252196ms ago: executing program 3 (id=1145):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfe, 0x4000000}, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='io_uring_cqe_overflow\x00', r3, 0x0, 0x8}, 0x18)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f00000001c0))
io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFMTU(r1, 0x8923, &(0x7f0000000040)={'wlan1\x00', 0xffffeb60})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x4000, 0x4a080}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)

699.775636ms ago: executing program 0 (id=1146):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000000)=0x5, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="400000001e00010a0000000000000000ac1414aa0000000000050000000000000000000000000000ac1e000100000000"], 0x40}}, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
listen(r1, 0x80)
accept$netrom(r1, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000000)=0x5, 0x4) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="400000001e00010a0000000000000000ac1414aa0000000000050000000000000000000000000000ac1e000100000000"], 0x40}}, 0x0) (async)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040)) (async)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async)
listen(r1, 0x80) (async)
accept$netrom(r1, 0x0, 0x0) (async)

699.333152ms ago: executing program 2 (id=1147):
r0 = syz_io_uring_setup(0x832, &(0x7f0000000300)={0x0, 0xc4cc, 0x10100, 0x4}, &(0x7f0000000480)=<r1=>0x0, &(0x7f0000000440)=<r2=>0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r4, r3, &(0x7f0000002080)=0x64, 0x23b)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mknod(&(0x7f00000001c0)='./file1/file3\x00', 0x40, 0x44)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x80c0}, 0xc044)
io_uring_enter(r0, 0x5b43, 0x94d, 0x0, 0x0, 0x0)

430.802956ms ago: executing program 0 (id=1148):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x40080, 0x0)
r1 = semget$private(0x0, 0x0, 0x0)
semtimedop(r1, &(0x7f0000000000)=[{0x2, 0x3ff}, {0x2, 0x17}, {0x0, 0x8000}, {0x4, 0x9, 0x800}, {0x0, 0x6, 0x1800}], 0x5, &(0x7f0000000040)={0x0, 0x3938700})
move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCSREP(0xffffffffffffffff, 0x40084503, &(0x7f0000000240)=[0x40005, 0x47f])

428.388621ms ago: executing program 3 (id=1149):
bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@base={0x1, 0x20, 0x40, 0x282, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4})
socket$isdn(0x22, 0x3, 0x24) (async)
r1 = socket$isdn(0x22, 0x3, 0x24)
ioctl$sock_netdev_private(r1, 0x89ec, &(0x7f0000000040)="ed1363cf2363fcaa4d568883") (async)
ioctl$sock_netdev_private(r1, 0x89ec, &(0x7f0000000040)="ed1363cf2363fcaa4d568883")
syz_emit_ethernet(0x62, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb81002d0086dd6000000000280600fc010000000000000000000000000000fe80000000000000000000000000001c00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a02000099078000048f06a024c60699ba6fec52f1fd645fe14f989bb653c93cf1b5dd85ce7fcfa766bb601"], 0x0)

270.21398ms ago: executing program 3 (id=1150):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_REGS(r3, 0x8090ae81, &(0x7f0000000340))
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, 0x0, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88a8}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @gre}]}, 0x34}}, 0x0)

153.856555ms ago: executing program 0 (id=1151):
r0 = syz_io_uring_setup(0x71e2, &(0x7f0000000140)={0x0, 0x0, 0x10180, 0x5, 0xfffffffd}, &(0x7f0000000100), &(0x7f0000000080))
openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x452040, 0x0)
syz_io_uring_setup(0x1002943, &(0x7f0000001400)={0x0, 0x2000000, 0x10}, &(0x7f0000001480), &(0x7f00000014c0))
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

153.311713ms ago: executing program 3 (id=1152):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000100000000000000ff0200000000000000000000000000014f1c4e20"], 0xd6)

0s ago: executing program 0 (id=1153):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) (rerun: 32)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(r7, 0x4188aea7, &(0x7f0000000080)={0x1, 0x0, [{0x0, 0x0, 0x6}]})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000800)={@flat=@binder={0x66646185, 0xa, 0x0, 0x38}, @flat=@weak_binder={0x77622a85, 0x1101, 0x2}, @fda={0x66642a85, 0x3, 0x1, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
r8 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r8)
getsockname$packet(r8, &(0x7f0000000180)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8040}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r9}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r8, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'sit0\x00', r9, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}})

kernel console output (not intermixed with test programs):

456196][ T1179] bond_slave_1: left promiscuous mode
[   75.459456][ T1179] bond0 (unregistering): (slave batadv0): Releasing backup interface
[   75.462602][ T1179] batadv0: left promiscuous mode
[   75.465326][ T1179] bond0 (unregistering): Released all slaves
[   75.533586][ T7446] chnl_net:caif_netlink_parms(): no params data found
[   75.668596][ T7446] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.671762][ T7446] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.676750][ T7446] bridge_slave_0: entered allmulticast mode
[   75.680766][ T7446] bridge_slave_0: entered promiscuous mode
[   75.702643][ T7446] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.706269][ T7446] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.709273][ T7446] bridge_slave_1: entered allmulticast mode
[   75.713010][ T7446] bridge_slave_1: entered promiscuous mode
[   75.763336][ T7446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.768852][ T7446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   75.820287][ T7446] team0: Port device team_slave_0 added
[   75.826226][ T7446] team0: Port device team_slave_1 added
[   75.871739][ T7446] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.874802][ T7446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.886351][ T7446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.891555][ T7446] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.894780][ T7446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.904705][ T7446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.946193][ T1179] hsr_slave_0: left promiscuous mode
[   75.948657][ T1179] hsr_slave_1: left promiscuous mode
[   75.950958][ T1179] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.955940][ T1179] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.417882][ T1179] team0 (unregistering): Port device team_slave_1 removed
[   76.481623][ T1179] team0 (unregistering): Port device team_slave_0 removed
[   76.954438][ T7446] hsr_slave_0: entered promiscuous mode
[   76.957348][ T7446] hsr_slave_1: entered promiscuous mode
[   76.959886][ T7446] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   76.962401][ T7446] Cannot create hsr debugfs directory
[   77.024027][ T5928] Bluetooth: hci0: command tx timeout
[   77.138104][ T7446] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   77.142359][ T7446] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   77.147062][ T7446] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   77.151920][ T7446] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   77.202480][ T7446] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.222282][ T7446] 8021q: adding VLAN 0 to HW filter on device team0
[   77.231064][  T105] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.234125][  T105] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.243978][  T105] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.246228][  T105] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.374219][ T7446] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.531232][ T7446] veth0_vlan: entered promiscuous mode
[   77.538851][ T7446] veth1_vlan: entered promiscuous mode
[   77.554423][ T7446] veth0_macvtap: entered promiscuous mode
[   77.558438][ T7446] veth1_macvtap: entered promiscuous mode
[   77.567296][ T7446] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.570483][ T7446] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.573433][ T7446] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   77.576563][ T7446] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.580409][ T7446] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.585456][ T7446] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.589499][ T7446] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.593405][ T7446] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.597905][ T7446] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.600999][ T7446] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   77.604716][ T7446] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   77.609323][ T7446] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.617317][ T7446] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.620831][ T7446] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.623814][ T7446] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.627037][ T7446] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.676955][  T105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.679654][  T105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.695763][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.698643][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.707981][   T40] audit: type=1400 audit(1746496577.126:505): avc:  denied  { mounton } for  pid=7446 comm="syz-executor" path="/syzkaller.0ODaEM/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   77.900102][ T7518] netlink: 'syz.4.455': attribute type 4 has an invalid length.
[   78.041904][   T40] audit: type=1400 audit(1746496577.456:506): avc:  denied  { mounton } for  pid=7522 comm="syz.4.456" path="/bus" dev="proc" ino=4026531855 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[   78.041959][ T7525] SELinux: security_context_str_to_sid (root) failed with errno=-22
[   78.114971][ T7523] netlink: 12 bytes leftover after parsing attributes in process `syz.4.456'.
[   78.330842][   T40] audit: type=1400 audit(1746496577.746:507): avc:  denied  { sys_chroot } for  pid=7543 comm="dhcpcd" capability=18  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[   78.337604][   T40] audit: type=1400 audit(1746496577.746:508): avc:  denied  { setgid } for  pid=7543 comm="dhcpcd" capability=6  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[   78.345064][   T40] audit: type=1400 audit(1746496577.746:509): avc:  denied  { setrlimit } for  pid=7543 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[   78.644734][   T67] Bluetooth: hci4: sending frame failed (-49)
[   78.647273][ T5928] Bluetooth: hci4: Opcode 0x1003 failed: -49
[   78.695910][ T7547] sp0: Synchronizing with TNC
[   79.105303][ T5928] Bluetooth: hci0: command tx timeout
[   79.135967][   T40] audit: type=1400 audit(1746496578.556:510): avc:  denied  { allowed } for  pid=7552 comm="syz.0.459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   79.295299][   T40] audit: type=1400 audit(1746496578.716:511): avc:  denied  { create } for  pid=7555 comm="syz.0.460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   79.301748][   T40] audit: type=1400 audit(1746496578.716:512): avc:  denied  { write } for  pid=7555 comm="syz.0.460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   79.438299][ T7572] netlink: 'syz.4.465': attribute type 3 has an invalid length.
[   79.441236][ T7572] netlink: 666 bytes leftover after parsing attributes in process `syz.4.465'.
[   79.668186][   T40] audit: type=1400 audit(1746496579.086:513): avc:  denied  { read write } for  pid=7582 comm="syz.0.469" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   79.670471][ T7583] Bluetooth: MGMT ver 1.23
[   79.675386][   T40] audit: type=1400 audit(1746496579.086:514): avc:  denied  { open } for  pid=7582 comm="syz.0.469" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   79.833815][ T7345] usb 8-1: device descriptor read/8, error -110
[   79.954563][   T34] usb 8-1: USB disconnect, device number 11
[   79.958836][   T34] usblp0: removed
[   79.982693][ T5970] usb 7-1: USB disconnect, device number 12
[   80.071047][ T7597] tc_dump_action: action bad kind
[   80.220847][ T7615] netlink: 'syz.0.480': attribute type 58 has an invalid length.
[   80.224788][ T7615] netlink: 20 bytes leftover after parsing attributes in process `syz.0.480'.
[   80.249876][ T7620] xt_hashlimit: size too large, truncated to 1048576
[   80.283791][ T7627] netlink: 'syz.0.480': attribute type 58 has an invalid length.
[   80.286632][ T7627] netlink: 20 bytes leftover after parsing attributes in process `syz.0.480'.
[   80.361808][ T7648] FAULT_INJECTION: forcing a failure.
[   80.361808][ T7648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   80.367916][ T7648] CPU: 3 UID: 0 PID: 7648 Comm: syz.3.489 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   80.367937][ T7648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.367944][ T7648] Call Trace:
[   80.367948][ T7648]  <TASK>
[   80.367952][ T7648]  dump_stack_lvl+0x16c/0x1f0
[   80.367969][ T7648]  should_fail_ex+0x512/0x640
[   80.367985][ T7648]  _copy_from_user+0x2e/0xd0
[   80.368000][ T7648]  input_event_from_user+0x133/0x3b0
[   80.368015][ T7648]  ? __pfx_input_event_from_user+0x10/0x10
[   80.368027][ T7648]  ? __pfx___might_resched+0x10/0x10
[   80.368041][ T7648]  ? input_inject_event+0x1a5/0x390
[   80.368054][ T7648]  evdev_write+0x37b/0x750
[   80.368068][ T7648]  ? __pfx_evdev_write+0x10/0x10
[   80.368080][ T7648]  ? bpf_lsm_file_permission+0x9/0x10
[   80.368095][ T7648]  ? security_file_permission+0x71/0x210
[   80.368111][ T7648]  ? rw_verify_area+0xcf/0x680
[   80.368126][ T7648]  vfs_write+0x25c/0x1180
[   80.368140][ T7648]  ? __pfx_evdev_write+0x10/0x10
[   80.368154][ T7648]  ? __pfx_vfs_write+0x10/0x10
[   80.368167][ T7648]  ? find_held_lock+0x2b/0x80
[   80.368185][ T7648]  ? __fget_files+0x204/0x3c0
[   80.368204][ T7648]  ? __fget_files+0x20e/0x3c0
[   80.368223][ T7648]  ksys_write+0x205/0x240
[   80.368237][ T7648]  ? __pfx_ksys_write+0x10/0x10
[   80.368251][ T7648]  ? rcu_is_watching+0x12/0xc0
[   80.368266][ T7648]  do_syscall_64+0xcd/0x260
[   80.368282][ T7648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.368293][ T7648] RIP: 0033:0x7f295778e969
[   80.368301][ T7648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.368311][ T7648] RSP: 002b:00007f2958538038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   80.368321][ T7648] RAX: ffffffffffffffda RBX: 00007f29579b5fa0 RCX: 00007f295778e969
[   80.368328][ T7648] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   80.368334][ T7648] RBP: 00007f2958538090 R08: 0000000000000000 R09: 0000000000000000
[   80.368339][ T7648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   80.368345][ T7648] R13: 0000000000000000 R14: 00007f29579b5fa0 R15: 00007ffeb6df9ca8
[   80.368357][ T7648]  </TASK>
[   80.465341][ T7655] netlink: 'syz.3.492': attribute type 1 has an invalid length.
[   80.467776][ T7655] netlink: 228 bytes leftover after parsing attributes in process `syz.3.492'.
[   80.470863][ T7657] cgroup: No subsys list or none specified
[   80.471200][ T7655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.492'.
[   80.474671][ T7657] overlay: ./file0 is not a directory
[   80.480745][ T7655] netlink: 40 bytes leftover after parsing attributes in process `syz.3.492'.
[   80.484658][ T7655] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=7655 comm=syz.3.492
[   80.514408][ T7662] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   80.516757][ T7662] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   80.532430][ T7664] @: renamed from hsr0 (while UP)
[   80.565872][ T7669] netlink: 12 bytes leftover after parsing attributes in process `syz.0.498'.
[   80.569514][ T7669] netlink: 32 bytes leftover after parsing attributes in process `syz.0.498'.
[   80.572390][ T7669] netlink: 32 bytes leftover after parsing attributes in process `syz.0.498'.
[   80.629706][ T7679] FAULT_INJECTION: forcing a failure.
[   80.629706][ T7679] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   80.630127][ T7679] CPU: 3 UID: 0 PID: 7679 Comm: syz.0.501 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   80.630149][ T7679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.630159][ T7679] Call Trace:
[   80.630167][ T7679]  <TASK>
[   80.630172][ T7679]  dump_stack_lvl+0x16c/0x1f0
[   80.630201][ T7679]  should_fail_ex+0x512/0x640
[   80.630217][ T7679]  _copy_from_user+0x2e/0xd0
[   80.630232][ T7679]  input_event_from_user+0x133/0x3b0
[   80.630246][ T7679]  ? __pfx_input_event_from_user+0x10/0x10
[   80.630258][ T7679]  ? __pfx___might_resched+0x10/0x10
[   80.630272][ T7679]  ? input_inject_event+0x1a5/0x390
[   80.630285][ T7679]  evdev_write+0x37b/0x750
[   80.630300][ T7679]  ? __pfx_evdev_write+0x10/0x10
[   80.630312][ T7679]  ? bpf_lsm_file_permission+0x9/0x10
[   80.630326][ T7679]  ? security_file_permission+0x71/0x210
[   80.630342][ T7679]  ? rw_verify_area+0xcf/0x680
[   80.630357][ T7679]  vfs_write+0x25c/0x1180
[   80.630372][ T7679]  ? __pfx_evdev_write+0x10/0x10
[   80.630385][ T7679]  ? __pfx_vfs_write+0x10/0x10
[   80.630399][ T7679]  ? find_held_lock+0x2b/0x80
[   80.630411][ T7679]  ? __fget_files+0x204/0x3c0
[   80.630429][ T7679]  ? __fget_files+0x20e/0x3c0
[   80.630448][ T7679]  ksys_write+0x205/0x240
[   80.630462][ T7679]  ? __pfx_ksys_write+0x10/0x10
[   80.630481][ T7679]  do_syscall_64+0xcd/0x260
[   80.630495][ T7679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.630506][ T7679] RIP: 0033:0x7f05f638e969
[   80.630515][ T7679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.630525][ T7679] RSP: 002b:00007f05f7264038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   80.630535][ T7679] RAX: ffffffffffffffda RBX: 00007f05f65b5fa0 RCX: 00007f05f638e969
[   80.630541][ T7679] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   80.630547][ T7679] RBP: 00007f05f7264090 R08: 0000000000000000 R09: 0000000000000000
[   80.630553][ T7679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   80.630559][ T7679] R13: 0000000000000000 R14: 00007f05f65b5fa0 R15: 00007fff07200d88
[   80.630571][ T7679]  </TASK>
[   80.869891][ T7701] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[   80.872814][ T7701] overlayfs: conflicting options: userxattr,redirect_dir=on
[   80.902859][ T7712] netlink: 'syz.0.512': attribute type 1 has an invalid length.
[   80.922781][ T7712] 8021q: adding VLAN 0 to HW filter on device bond1
[   80.933562][ T7712] bond1: (slave gretap1): making interface the new active one
[   80.936623][ T7712] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   81.107404][ T7735] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   81.110463][ T7735] overlayfs: failed to set xattr on upper
[   81.112814][ T7735] overlayfs: ...falling back to redirect_dir=nofollow.
[   81.117323][ T7735] overlayfs: ...falling back to index=off.
[   81.119799][ T7735] overlayfs: ...falling back to uuid=null.
[   81.122215][ T7735] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[   81.153041][   T34] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[   81.183393][ T5928] Bluetooth: hci0: command tx timeout
[   81.312999][   T34] usb 8-1: Using ep0 maxpacket: 8
[   81.316361][   T34] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[   81.319295][   T34] usb 8-1: config 179 has no interface number 0
[   81.321682][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   81.326115][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   81.330073][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   81.334550][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   81.338517][   T34] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   81.343918][   T34] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   81.347265][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.357066][ T7695] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   81.363844][   T10] cfg80211: failed to load regulatory.db
[   81.573122][   T34] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:179.65/input/input8
[   81.613784][ T7737] random: crng reseeded on system resumption
[   81.794001][   T57] usb 8-1: USB disconnect, device number 13
[   81.794066][    C3] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   81.799271][    C3] dummy_hcd dummy_hcd.3: timer fired with no URBs pending?
[   81.802192][   T57] xpad 8-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[   81.963063][   T65] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[   82.050059][ T7728] macvlan0: entered promiscuous mode
[   82.051902][ T7728] macvlan0: entered allmulticast mode
[   82.053673][ T7728] veth1_vlan: entered allmulticast mode
[   82.114626][   T65] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   82.117897][   T65] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   82.121878][   T65] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   82.125613][   T65] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.230278][ T7777] tmpfs: Bad value for 'mpol'
[   82.230299][ T7776] tmpfs: Bad value for 'mpol'
[   82.333209][   T65] usb 9-1: usb_control_msg returned -32
[   82.335520][   T65] usbtmc 9-1:16.0: can't read capabilities
[   82.686624][ T7738] usbtmc 9-1:16.0: usb_control_msg returned -32
[   82.690189][   T57] usb 9-1: USB disconnect, device number 2
[   82.789086][ T7806] FAULT_INJECTION: forcing a failure.
[   82.789086][ T7806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   82.793847][ T7806] CPU: 0 UID: 0 PID: 7806 Comm: syz.3.542 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   82.793870][ T7806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   82.793881][ T7806] Call Trace:
[   82.793886][ T7806]  <TASK>
[   82.793899][ T7806]  dump_stack_lvl+0x16c/0x1f0
[   82.793939][ T7806]  should_fail_ex+0x512/0x640
[   82.793966][ T7806]  _copy_from_user+0x2e/0xd0
[   82.793989][ T7806]  input_event_from_user+0x133/0x3b0
[   82.794010][ T7806]  ? __pfx_input_event_from_user+0x10/0x10
[   82.794029][ T7806]  ? __pfx___might_resched+0x10/0x10
[   82.794049][ T7806]  ? input_inject_event+0x1a5/0x390
[   82.794070][ T7806]  evdev_write+0x37b/0x750
[   82.794093][ T7806]  ? __pfx_evdev_write+0x10/0x10
[   82.794113][ T7806]  ? bpf_lsm_file_permission+0x9/0x10
[   82.794134][ T7806]  ? security_file_permission+0x71/0x210
[   82.794157][ T7806]  ? rw_verify_area+0xcf/0x680
[   82.794180][ T7806]  vfs_write+0x25c/0x1180
[   82.794201][ T7806]  ? __pfx_evdev_write+0x10/0x10
[   82.794224][ T7806]  ? __pfx_vfs_write+0x10/0x10
[   82.794244][ T7806]  ? find_held_lock+0x2b/0x80
[   82.794264][ T7806]  ? __fget_files+0x204/0x3c0
[   82.794293][ T7806]  ? __fget_files+0x20e/0x3c0
[   82.794325][ T7806]  ksys_write+0x205/0x240
[   82.794348][ T7806]  ? __pfx_ksys_write+0x10/0x10
[   82.794379][ T7806]  do_syscall_64+0xcd/0x260
[   82.794403][ T7806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.794421][ T7806] RIP: 0033:0x7f295778e969
[   82.794434][ T7806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.794450][ T7806] RSP: 002b:00007f2958538038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   82.794465][ T7806] RAX: ffffffffffffffda RBX: 00007f29579b5fa0 RCX: 00007f295778e969
[   82.794476][ T7806] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   82.794485][ T7806] RBP: 00007f2958538090 R08: 0000000000000000 R09: 0000000000000000
[   82.794495][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   82.794503][ T7806] R13: 0000000000000000 R14: 00007f29579b5fa0 R15: 00007ffeb6df9ca8
[   82.794526][ T7806]  </TASK>
[   82.879713][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.903914][ T7810] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[   82.907717][   T40] kauditd_printk_skb: 22 callbacks suppressed
[   82.907729][   T40] audit: type=1400 audit(1746496582.326:537): avc:  denied  { connect } for  pid=7811 comm="syz.3.544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   82.912996][ T7810] overlayfs: missing 'lowerdir'
[   82.916242][   T40] audit: type=1400 audit(1746496582.326:538): avc:  denied  { read } for  pid=7811 comm="syz.3.544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   83.010327][ T7816] ieee802154 phy1 wpan1: encryption failed: -22
[   83.091198][ T7825] evm: overlay not supported
[   83.109919][ T7828] fuse: Bad value for 'group_id'
[   83.111557][ T7828] fuse: Bad value for 'group_id'
[   83.155811][ T7836] mkiss: ax0: crc mode is auto.
[   83.263976][ T5928] Bluetooth: hci0: command tx timeout
[   83.331224][ T7862] __nla_validate_parse: 2 callbacks suppressed
[   83.331236][ T7862] netlink: 16 bytes leftover after parsing attributes in process `syz.0.564'.
[   83.351767][ T7864] netfs: Couldn't get user pages (rc=-14)
[   83.355544][   T40] audit: type=1400 audit(1746496582.776:539): avc:  denied  { read } for  pid=7863 comm="syz.4.563" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   83.363432][   T40] audit: type=1400 audit(1746496582.776:540): avc:  denied  { open } for  pid=7863 comm="syz.4.563" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   83.370977][   T40] audit: type=1400 audit(1746496582.776:541): avc:  denied  { ioctl } for  pid=7863 comm="syz.4.563" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x64c6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   83.389240][ T7859] hub 2-0:1.0: USB hub found
[   83.391803][ T7859] hub 2-0:1.0: 2 ports detected
[   83.680570][   T40] audit: type=1326 audit(1746496583.096:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7886 comm="syz.4.571" exe="/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7ff9d218e969 code=0x0
[   83.691267][   T40] audit: type=1400 audit(1746496583.106:543): avc:  denied  { watch watch_reads } for  pid=7890 comm="syz.2.572" path="/104" dev="tmpfs" ino=576 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   83.693975][ T7891] xt_ecn: cannot match TCP bits for non-tcp packets
[   83.767962][ T7899] netlink: 52 bytes leftover after parsing attributes in process `syz.2.574'.
[   83.909348][ T7904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.576'.
[   83.958274][ T7906] FAULT_INJECTION: forcing a failure.
[   83.958274][ T7906] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   83.963636][ T7906] CPU: 0 UID: 0 PID: 7906 Comm: syz.2.577 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   83.963652][ T7906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   83.963659][ T7906] Call Trace:
[   83.963663][ T7906]  <TASK>
[   83.963667][ T7906]  dump_stack_lvl+0x16c/0x1f0
[   83.963699][ T7906]  should_fail_ex+0x512/0x640
[   83.963718][ T7906]  _copy_from_user+0x2e/0xd0
[   83.963733][ T7906]  input_event_from_user+0x133/0x3b0
[   83.963747][ T7906]  ? __pfx_input_event_from_user+0x10/0x10
[   83.963760][ T7906]  ? __pfx___might_resched+0x10/0x10
[   83.963774][ T7906]  ? input_inject_event+0x1a5/0x390
[   83.963787][ T7906]  evdev_write+0x37b/0x750
[   83.963802][ T7906]  ? __pfx_evdev_write+0x10/0x10
[   83.963815][ T7906]  ? bpf_lsm_file_permission+0x9/0x10
[   83.963831][ T7906]  ? security_file_permission+0x71/0x210
[   83.963847][ T7906]  ? rw_verify_area+0xcf/0x680
[   83.963862][ T7906]  vfs_write+0x25c/0x1180
[   83.963876][ T7906]  ? __pfx_evdev_write+0x10/0x10
[   83.963890][ T7906]  ? __pfx_vfs_write+0x10/0x10
[   83.963903][ T7906]  ? find_held_lock+0x2b/0x80
[   83.963916][ T7906]  ? __fget_files+0x204/0x3c0
[   83.963934][ T7906]  ? __fget_files+0x20e/0x3c0
[   83.963953][ T7906]  ksys_write+0x205/0x240
[   83.963968][ T7906]  ? __pfx_ksys_write+0x10/0x10
[   83.963982][ T7906]  ? rcu_is_watching+0x12/0xc0
[   83.963997][ T7906]  do_syscall_64+0xcd/0x260
[   83.964012][ T7906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.964022][ T7906] RIP: 0033:0x7f652958e969
[   83.964031][ T7906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.964041][ T7906] RSP: 002b:00007f652a43e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   83.964052][ T7906] RAX: ffffffffffffffda RBX: 00007f65297b5fa0 RCX: 00007f652958e969
[   83.964058][ T7906] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   83.964069][ T7906] RBP: 00007f652a43e090 R08: 0000000000000000 R09: 0000000000000000
[   83.964075][ T7906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   83.964081][ T7906] R13: 0000000000000000 R14: 00007f65297b5fa0 R15: 00007ffd0b4f5b38
[   83.964093][ T7906]  </TASK>
[   84.058748][    C0] vkms_vblank_simulate: vblank timer overrun
[   84.080609][   T40] audit: type=1400 audit(1746496583.496:544): avc:  denied  { ioctl } for  pid=7912 comm="syz.2.579" path="socket:[18072]" dev="sockfs" ino=18072 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   84.220133][ T7927] nfs: Unknown parameter 'fd'
[   84.256740][ T7931] FAULT_INJECTION: forcing a failure.
[   84.256740][ T7931] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.262328][ T7931] CPU: 2 UID: 0 PID: 7931 Comm: syz.0.586 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   84.262365][ T7931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.262376][ T7931] Call Trace:
[   84.262382][ T7931]  <TASK>
[   84.262389][ T7931]  dump_stack_lvl+0x16c/0x1f0
[   84.262417][ T7931]  should_fail_ex+0x512/0x640
[   84.262441][ T7931]  _copy_from_user+0x2e/0xd0
[   84.262466][ T7931]  input_event_from_user+0x133/0x3b0
[   84.262488][ T7931]  ? __pfx_input_event_from_user+0x10/0x10
[   84.262508][ T7931]  ? __pfx___might_resched+0x10/0x10
[   84.262531][ T7931]  ? input_inject_event+0x1a5/0x390
[   84.262556][ T7931]  evdev_write+0x37b/0x750
[   84.262578][ T7931]  ? __pfx_evdev_write+0x10/0x10
[   84.262600][ T7931]  ? bpf_lsm_file_permission+0x9/0x10
[   84.262622][ T7931]  ? security_file_permission+0x71/0x210
[   84.262647][ T7931]  ? rw_verify_area+0xcf/0x680
[   84.262671][ T7931]  vfs_write+0x25c/0x1180
[   84.262694][ T7931]  ? __pfx_evdev_write+0x10/0x10
[   84.262716][ T7931]  ? __pfx_vfs_write+0x10/0x10
[   84.262738][ T7931]  ? find_held_lock+0x2b/0x80
[   84.262762][ T7931]  ? __fget_files+0x204/0x3c0
[   84.262790][ T7931]  ? __fget_files+0x20e/0x3c0
[   84.262824][ T7931]  ksys_write+0x205/0x240
[   84.262848][ T7931]  ? __pfx_ksys_write+0x10/0x10
[   84.262897][ T7931]  do_syscall_64+0xcd/0x260
[   84.262923][ T7931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.262939][ T7931] RIP: 0033:0x7f05f638e969
[   84.262954][ T7931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.262970][ T7931] RSP: 002b:00007f05f7264038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   84.262986][ T7931] RAX: ffffffffffffffda RBX: 00007f05f65b5fa0 RCX: 00007f05f638e969
[   84.262996][ T7931] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   84.263008][ T7931] RBP: 00007f05f7264090 R08: 0000000000000000 R09: 0000000000000000
[   84.263019][ T7931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   84.263028][ T7931] R13: 0000000000000000 R14: 00007f05f65b5fa0 R15: 00007fff07200d88
[   84.263050][ T7931]  </TASK>
[   84.404675][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.589'.
[   84.407430][ T7938] netlink: 12 bytes leftover after parsing attributes in process `syz.3.589'.
[   84.434360][   T40] audit: type=1400 audit(1746496583.856:545): avc:  denied  { getopt } for  pid=7940 comm="syz.3.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   84.470642][   T40] audit: type=1400 audit(1746496583.886:546): avc:  denied  { connect } for  pid=7935 comm="syz.0.588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   84.487400][ T7949] openvswitch: netlink: IP tunnel TTL not specified.
[   84.543694][ T1143] tipc: Subscription rejected, illegal request
[   84.576359][ T7958] cgroup2: Unknown parameter 'memory_recursiveprot-'
[   84.627683][ T7965] netlink: 'syz.3.595': attribute type 9 has an invalid length.
[   84.631166][ T7965] netlink: 'syz.3.595': attribute type 7 has an invalid length.
[   84.634909][ T7965] netlink: 'syz.3.595': attribute type 8 has an invalid length.
[   84.682618][ T7969] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2878)
[   84.685350][ T7970] FAULT_INJECTION: forcing a failure.
[   84.685350][ T7970] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   84.685682][ T7969] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[   84.691101][ T7970] CPU: 3 UID: 0 PID: 7970 Comm: syz.3.597 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   84.691125][ T7970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.691140][ T7970] Call Trace:
[   84.691146][ T7970]  <TASK>
[   84.691153][ T7970]  dump_stack_lvl+0x16c/0x1f0
[   84.691178][ T7970]  should_fail_ex+0x512/0x640
[   84.691204][ T7970]  _copy_from_user+0x2e/0xd0
[   84.691227][ T7970]  input_event_from_user+0x133/0x3b0
[   84.691249][ T7970]  ? __pfx_input_event_from_user+0x10/0x10
[   84.691270][ T7970]  ? __pfx___might_resched+0x10/0x10
[   84.691292][ T7970]  ? input_inject_event+0x1a5/0x390
[   84.691314][ T7970]  evdev_write+0x37b/0x750
[   84.691337][ T7970]  ? __pfx_evdev_write+0x10/0x10
[   84.691358][ T7970]  ? bpf_lsm_file_permission+0x9/0x10
[   84.691380][ T7970]  ? security_file_permission+0x71/0x210
[   84.691404][ T7970]  ? rw_verify_area+0xcf/0x680
[   84.691427][ T7970]  vfs_write+0x25c/0x1180
[   84.691448][ T7970]  ? __pfx_evdev_write+0x10/0x10
[   84.691471][ T7970]  ? __pfx_vfs_write+0x10/0x10
[   84.691492][ T7970]  ? find_held_lock+0x2b/0x80
[   84.691512][ T7970]  ? __fget_files+0x204/0x3c0
[   84.691540][ T7970]  ? __fget_files+0x20e/0x3c0
[   84.691571][ T7970]  ksys_write+0x205/0x240
[   84.691594][ T7970]  ? __pfx_ksys_write+0x10/0x10
[   84.691615][ T7970]  ? rcu_is_watching+0x12/0xc0
[   84.691641][ T7970]  do_syscall_64+0xcd/0x260
[   84.691665][ T7970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.691682][ T7970] RIP: 0033:0x7f295778e969
[   84.691695][ T7970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.691711][ T7970] RSP: 002b:00007f2958538038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   84.691726][ T7970] RAX: ffffffffffffffda RBX: 00007f29579b5fa0 RCX: 00007f295778e969
[   84.691737][ T7970] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   84.691747][ T7970] RBP: 00007f2958538090 R08: 0000000000000000 R09: 0000000000000000
[   84.691757][ T7970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   84.691766][ T7970] R13: 0000000000000000 R14: 00007f29579b5fa0 R15: 00007ffeb6df9ca8
[   84.691789][ T7970]  </TASK>
[   84.759307][ T7966] ISOFS: Unable to identify CD-ROM format.
[   84.842469][ T7974] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (288 ns). Using initial count to start timer.
[   84.902532][ T7981] netlink: 16 bytes leftover after parsing attributes in process `syz.4.601'.
[   84.940297][ T7986] netlink: 'syz.4.602': attribute type 10 has an invalid length.
[   84.941495][ T7987] netlink: 36 bytes leftover after parsing attributes in process `syz.2.603'.
[   84.943281][ T7986] veth1_macvtap: left promiscuous mode
[   85.047323][ T7993] vxcan1 speed is unknown, defaulting to 1000
[   85.172207][ T8008] FAULT_INJECTION: forcing a failure.
[   85.172207][ T8008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.184495][ T8008] CPU: 1 UID: 0 PID: 8008 Comm: syz.2.610 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   85.184534][ T8008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.184544][ T8008] Call Trace:
[   85.184551][ T8008]  <TASK>
[   85.184557][ T8008]  dump_stack_lvl+0x16c/0x1f0
[   85.184601][ T8008]  should_fail_ex+0x512/0x640
[   85.184633][ T8008]  _copy_from_user+0x2e/0xd0
[   85.184657][ T8008]  input_event_from_user+0x133/0x3b0
[   85.184678][ T8008]  ? __pfx_input_event_from_user+0x10/0x10
[   85.184697][ T8008]  ? __pfx___might_resched+0x10/0x10
[   85.184718][ T8008]  ? input_inject_event+0x1a5/0x390
[   85.184741][ T8008]  evdev_write+0x37b/0x750
[   85.184765][ T8008]  ? __pfx_evdev_write+0x10/0x10
[   85.184785][ T8008]  ? bpf_lsm_file_permission+0x9/0x10
[   85.184806][ T8008]  ? security_file_permission+0x71/0x210
[   85.184830][ T8008]  ? rw_verify_area+0xcf/0x680
[   85.184853][ T8008]  vfs_write+0x25c/0x1180
[   85.184874][ T8008]  ? __pfx_evdev_write+0x10/0x10
[   85.184896][ T8008]  ? __pfx_vfs_write+0x10/0x10
[   85.184917][ T8008]  ? find_held_lock+0x2b/0x80
[   85.184936][ T8008]  ? __fget_files+0x204/0x3c0
[   85.184964][ T8008]  ? __fget_files+0x20e/0x3c0
[   85.184995][ T8008]  ksys_write+0x205/0x240
[   85.185019][ T8008]  ? __pfx_ksys_write+0x10/0x10
[   85.185039][ T8008]  ? rcu_is_watching+0x12/0xc0
[   85.185074][ T8008]  do_syscall_64+0xcd/0x260
[   85.185097][ T8008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.185115][ T8008] RIP: 0033:0x7f652958e969
[   85.185129][ T8008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.185145][ T8008] RSP: 002b:00007f652a43e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.185161][ T8008] RAX: ffffffffffffffda RBX: 00007f65297b5fa0 RCX: 00007f652958e969
[   85.185172][ T8008] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   85.185182][ T8008] RBP: 00007f652a43e090 R08: 0000000000000000 R09: 0000000000000000
[   85.185192][ T8008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   85.185202][ T8008] R13: 0000000000000000 R14: 00007f65297b5fa0 R15: 00007ffd0b4f5b38
[   85.185225][ T8008]  </TASK>
[   85.369186][ T8026] netlink: 'syz.4.616': attribute type 1 has an invalid length.
[   85.386607][ T8026] 8021q: adding VLAN 0 to HW filter on device bond1
[   85.413286][ T8026] bond1: (slave gretap1): making interface the new active one
[   85.417099][ T8026] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   85.442415][ T8020] CIFS: iocharset name too long
[   85.474727][ T8037] xt_hashlimit: size too large, truncated to 1048576
[   85.481292][ T8037] warn_alloc: 3 callbacks suppressed
[   85.481306][ T8037] syz.2.619: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[   85.491650][ T8037] CPU: 2 UID: 0 PID: 8037 Comm: syz.2.619 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   85.491672][ T8037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.491678][ T8037] Call Trace:
[   85.491682][ T8037]  <TASK>
[   85.491687][ T8037]  dump_stack_lvl+0x16c/0x1f0
[   85.491704][ T8037]  warn_alloc+0x248/0x3a0
[   85.491722][ T8037]  ? __pfx_warn_alloc+0x10/0x10
[   85.491743][ T8037]  ? __get_vm_area_node+0x1b9/0x300
[   85.491755][ T8037]  ? __get_vm_area_node+0x1e5/0x300
[   85.491771][ T8037]  __vmalloc_node_range_noprof+0x1110/0x1540
[   85.491791][ T8037]  ? hashlimit_mt_check_common+0x8bb/0x1460
[   85.491808][ T8037]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   85.491828][ T8037]  __kvmalloc_node_noprof+0x2ff/0x600
[   85.491844][ T8037]  ? hashlimit_mt_check_common+0x8bb/0x1460
[   85.491859][ T8037]  ? net_generic+0xea/0x2a0
[   85.491870][ T8037]  ? hashlimit_mt_check_common+0x8bb/0x1460
[   85.491885][ T8037]  ? hashlimit_mt_check_common+0x8bb/0x1460
[   85.491899][ T8037]  hashlimit_mt_check_common+0x8bb/0x1460
[   85.491915][ T8037]  hashlimit_mt_check+0x71/0x90
[   85.491928][ T8037]  ? __pfx_hashlimit_mt_check+0x10/0x10
[   85.491940][ T8037]  xt_check_match+0x283/0xa50
[   85.491953][ T8037]  ? yield_to+0x2c2/0x7f0
[   85.491966][ T8037]  ? __pfx_xt_check_match+0x10/0x10
[   85.491980][ T8037]  ? xt_find_target+0x1f2/0x290
[   85.491993][ T8037]  ? xt_find_match+0x1f6/0x290
[   85.492007][ T8037]  find_check_entry.constprop.0+0x34e/0xa20
[   85.492024][ T8037]  ? __pfx_find_check_entry.constprop.0+0x10/0x10
[   85.492041][ T8037]  ? kasan_quarantine_put+0x10a/0x240
[   85.492058][ T8037]  ? lockdep_hardirqs_on+0x7c/0x110
[   85.492081][ T8037]  ? kfree+0x2b6/0x4d0
[   85.492107][ T8037]  ? translate_table+0xc0e/0x17b0
[   85.492129][ T8037]  translate_table+0xd0b/0x17b0
[   85.492160][ T8037]  ? __pfx_translate_table+0x10/0x10
[   85.492176][ T8037]  ? xt_alloc_table_info+0x3e/0xa0
[   85.492201][ T8037]  do_ip6t_set_ctl+0x570/0xb00
[   85.492223][ T8037]  ? nf_sockopt_find.constprop.0+0x222/0x290
[   85.492243][ T8037]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[   85.492257][ T8037]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   85.492278][ T8037]  ? nf_sockopt_find.constprop.0+0x222/0x290
[   85.492291][ T8037]  nf_setsockopt+0x8a/0xf0
[   85.492303][ T8037]  ipv6_setsockopt+0x135/0x170
[   85.492315][ T8037]  rawv6_setsockopt+0xc2/0x510
[   85.492326][ T8037]  ? __pfx_rawv6_setsockopt+0x10/0x10
[   85.492337][ T8037]  ? selinux_socket_setsockopt+0x6a/0x80
[   85.492349][ T8037]  ? sock_common_setsockopt+0x2e/0xf0
[   85.492363][ T8037]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   85.492376][ T8037]  do_sock_setsockopt+0x221/0x470
[   85.492388][ T8037]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   85.492408][ T8037]  __sys_setsockopt+0x1a0/0x230
[   85.492419][ T8037]  __x64_sys_setsockopt+0xbd/0x160
[   85.492428][ T8037]  ? do_syscall_64+0x91/0x260
[   85.492441][ T8037]  ? lockdep_hardirqs_on+0x7c/0x110
[   85.492453][ T8037]  do_syscall_64+0xcd/0x260
[   85.492468][ T8037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.492479][ T8037] RIP: 0033:0x7f652958e969
[   85.492487][ T8037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.492497][ T8037] RSP: 002b:00007f652a3fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   85.492507][ T8037] RAX: ffffffffffffffda RBX: 00007f65297b6160 RCX: 00007f652958e969
[   85.492514][ T8037] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000087
[   85.492520][ T8037] RBP: 00007f6529610ab1 R08: 0000000000000588 R09: 0000000000000000
[   85.492526][ T8037] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000
[   85.492532][ T8037] R13: 0000000000000000 R14: 00007f65297b6160 R15: 00007ffd0b4f5b38
[   85.492544][ T8037]  </TASK>
[   85.492548][ T8037] Mem-Info:
[   85.497824][ T8042] vxcan1 speed is unknown, defaulting to 1000
[   85.499926][ T8037] active_anon:7251 inactive_anon:0 isolated_anon:0
[   85.499926][ T8037]  active_file:5589 inactive_file:46754 isolated_file:0
[   85.499926][ T8037]  unevictable:1768 dirty:88 writeback:31
[   85.499926][ T8037]  slab_reclaimable:11823 slab_unreclaimable:77289
[   85.499926][ T8037]  mapped:24046 shmem:2536 pagetables:1019
[   85.499926][ T8037]  sec_pagetables:307 bounce:0
[   85.499926][ T8037]  kernel_misc_reclaimable:0
[   85.499926][ T8037]  free:458362 free_pcp:4837 free_cma:0
[   85.633742][ T8037] Node 0 active_anon:29088kB inactive_anon:0kB active_file:22352kB inactive_file:186948kB unevictable:3588kB isolated(anon):0kB isolated(file):0kB mapped:96372kB dirty:372kB writeback:60kB shmem:6336kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12304kB pagetables:4496kB sec_pagetables:1228kB all_unreclaimable? no Balloon:0kB
[   85.644248][ T8037] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:144kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   85.654667][ T8037] Node 0 DMA free:15360kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   85.664141][ T8037] lowmem_reserve[]: 0 1238 1238 1238 1238
[   85.666248][ T8037] Node 0 DMA32 free:238524kB boost:0kB min:27576kB low:34468kB high:41360kB reserved_highatomic:0KB active_anon:29028kB inactive_anon:0kB active_file:22352kB inactive_file:186948kB unevictable:3588kB writepending:376kB present:2080628kB managed:1268568kB mlocked:108kB bounce:0kB free_pcp:8276kB local_pcp:1120kB free_cma:0kB
[   85.677271][ T8037] lowmem_reserve[]: 0 0 0 0 0
[   85.679102][ T8037] Node 1 Normal free:1576512kB boost:0kB min:39660kB low:49572kB high:59484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781964kB mlocked:0kB bounce:0kB free_pcp:12216kB local_pcp:4400kB free_cma:0kB
[   85.680277][ T8063] netlink: 24 bytes leftover after parsing attributes in process `syz.0.628'.
[   85.688829][ T8037] lowmem_reserve[]: 0 0 0 0 0
[   85.688859][ T8037] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   85.697958][ T8037] Node 0 DMA32: 126*4kB (UME) 301*8kB (M) 385*16kB (UME) 368*32kB (UM) 297*64kB (ME) 10*128kB (M) 19*256kB (M) 19*512kB (UME) 34*1024kB (UME) 10*2048kB (UME) 31*4096kB (UM) = 238000kB
[   85.706175][ T8037] Node 1 Normal: 38*4kB (UM) 77*8kB (UME) 62*16kB (UME) 35*32kB (UME) 34*64kB (UME) 19*128kB (UME) 7*256kB (UE) 7*512kB (UM) 3*1024kB (UE) 4*2048kB (UME) 379*4096kB (M) = 1576512kB
[   85.712430][ T8037] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   85.715660][ T8037] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   85.718872][ T8037] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   85.722128][ T8037] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   85.725444][ T8037] 54823 total pagecache pages
[   85.727125][ T8037] 0 pages in swap cache
[   85.728465][ T8037] Free swap  = 124996kB
[   85.729823][ T8037] Total swap = 124996kB
[   85.731161][ T8037] 1048443 pages RAM
[   85.732446][ T8037] 0 pages HighMem/MovableOnly
[   85.734069][ T8037] 281970 pages reserved
[   85.735467][ T8037] 0 pages cma reserved
[   85.775769][   T57] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[   85.836429][ T8081] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   85.943245][   T57] usb 8-1: Using ep0 maxpacket: 8
[   85.951319][   T57] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[   85.952405][ T8094] FAULT_INJECTION: forcing a failure.
[   85.952405][ T8094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   85.954247][   T57] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   85.958492][ T8094] CPU: 2 UID: 0 PID: 8094 Comm: syz.4.636 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   85.958513][ T8094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.958523][ T8094] Call Trace:
[   85.958529][ T8094]  <TASK>
[   85.958535][ T8094]  dump_stack_lvl+0x16c/0x1f0
[   85.958558][ T8094]  should_fail_ex+0x512/0x640
[   85.958581][ T8094]  _copy_from_user+0x2e/0xd0
[   85.958602][ T8094]  input_event_from_user+0x133/0x3b0
[   85.958621][ T8094]  ? __pfx_input_event_from_user+0x10/0x10
[   85.958633][ T8094]  ? __pfx___might_resched+0x10/0x10
[   85.958648][ T8094]  ? input_inject_event+0x1a5/0x390
[   85.958661][ T8094]  evdev_write+0x37b/0x750
[   85.958675][ T8094]  ? __pfx_evdev_write+0x10/0x10
[   85.958687][ T8094]  ? bpf_lsm_file_permission+0x9/0x10
[   85.958701][ T8094]  ? security_file_permission+0x71/0x210
[   85.958717][ T8094]  ? rw_verify_area+0xcf/0x680
[   85.958732][ T8094]  vfs_write+0x25c/0x1180
[   85.958751][ T8094]  ? __pfx_evdev_write+0x10/0x10
[   85.958772][ T8094]  ? __pfx_vfs_write+0x10/0x10
[   85.958791][ T8094]  ? find_held_lock+0x2b/0x80
[   85.958810][ T8094]  ? __fget_files+0x204/0x3c0
[   85.958836][ T8094]  ? __fget_files+0x20e/0x3c0
[   85.958860][ T8094]  ksys_write+0x205/0x240
[   85.958875][ T8094]  ? __pfx_ksys_write+0x10/0x10
[   85.958894][ T8094]  do_syscall_64+0xcd/0x260
[   85.958909][ T8094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.958919][ T8094] RIP: 0033:0x7ff9d218e969
[   85.958928][ T8094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.958938][ T8094] RSP: 002b:00007ff9d2f7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.958952][ T8094] RAX: ffffffffffffffda RBX: 00007ff9d23b5fa0 RCX: 00007ff9d218e969
[   85.958962][ T8094] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   85.958972][ T8094] RBP: 00007ff9d2f7f090 R08: 0000000000000000 R09: 0000000000000000
[   85.958981][ T8094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   85.958990][ T8094] R13: 0000000000000000 R14: 00007ff9d23b5fa0 R15: 00007ffeff29c038
[   85.959011][ T8094]  </TASK>
[   86.041375][   T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   86.044765][   T57] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   86.048762][   T57] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   86.053965][   T57] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   86.056809][   T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.108828][ T8098] netlink: 28 bytes leftover after parsing attributes in process `syz.4.638'.
[   86.113507][ T8098] netlink: 28 bytes leftover after parsing attributes in process `syz.4.638'.
[   86.209102][ T8104] sg_write: data in/out 440207358/4056 bytes for SCSI command 0x45-- guessing data in;
[   86.209102][ T8104]    program syz.2.641 not setting count and/or reply_len properly
[   86.224190][ T8104] netlink: 'syz.2.641': attribute type 3 has an invalid length.
[   86.262383][   T57] usb 8-1: usb_control_msg returned -32
[   86.264294][   T57] usbtmc 8-1:16.0: can't read capabilities
[   86.375807][ T8120] IPVS: length: 136 != 24
[   86.618981][ T8145] usbtmc 8-1:16.0: INITIATE_CLEAR returned 0
[   86.666495][ T5928] Bluetooth: hci2: ACL packet for unknown connection handle 401
[   86.679890][ T8149] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   86.724530][ T8157] sctp: [Deprecated]: syz.4.658 (pid 8157) Use of int in max_burst socket option deprecated.
[   86.724530][ T8157] Use struct sctp_assoc_value instead
[   86.731200][ T8157] bridge_slave_0: default FDB implementation only supports local addresses
[   86.819961][   T57] usb 8-1: USB disconnect, device number 14
[   86.900715][ T8181] wg2: entered promiscuous mode
[   86.902431][ T8181] wg2: entered allmulticast mode
[   86.992609][ T8187] netlink: 'syz.2.665': attribute type 29 has an invalid length.
[   87.595113][ T8208] overlayfs: empty lowerdir
[   87.650851][ T8217] netlink: 'syz.3.675': attribute type 1 has an invalid length.
[   87.650956][ T8218] netlink: 'syz.3.675': attribute type 1 has an invalid length.
[   87.654314][ T8217] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.659066][ T8218] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.664031][ T8217] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[   87.667262][ T8217] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.738120][ T8226] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[   87.744571][ T8226] netlink: 'syz.4.678': attribute type 1 has an invalid length.
[   87.757849][ T8226] 8021q: adding VLAN 0 to HW filter on device bond2
[   87.771873][ T8226] 8021q: adding VLAN 0 to HW filter on device bond2
[   87.774729][ T8226] bond2: (slave vti0): The slave device specified does not support setting the MAC address
[   87.778599][ T8226] bond2: (slave vti0): Error -95 calling set_mac_address
[   87.820989][ T8231] bond2: (slave veth0_to_bond): making interface the new active one
[   87.824562][ T8231] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[   87.983973][ T8246] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   88.296770][ T8273] fuse: Bad value for 'user_id'
[   88.298380][ T8273] fuse: Bad value for 'user_id'
[   88.595174][ T8310] vxcan1 speed is unknown, defaulting to 1000
[   88.721274][ T8333] __nla_validate_parse: 7 callbacks suppressed
[   88.721284][ T8333] netlink: 1041 bytes leftover after parsing attributes in process `syz.4.708'.
[   88.816823][   T40] kauditd_printk_skb: 26 callbacks suppressed
[   88.816834][   T40] audit: type=1400 audit(1746496588.236:573): avc:  denied  { ioctl } for  pid=8351 comm="syz.3.712" path="socket:[22692]" dev="sockfs" ino=22692 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   88.905829][   T40] audit: type=1400 audit(1746496588.326:574): avc:  denied  { append } for  pid=8363 comm="syz.3.716" name="sg1" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   88.912321][ T8364] program syz.3.716 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   88.915385][   T40] audit: type=1400 audit(1746496588.326:575): avc:  denied  { mount } for  pid=8362 comm="syz.0.715" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[   88.915426][   T40] audit: type=1400 audit(1746496588.326:576): avc:  denied  { watch } for  pid=8362 comm="syz.0.715" path="/183/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   89.024380][   T40] audit: type=1400 audit(1746496588.446:577): avc:  denied  { unmount } for  pid=5931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[   89.086876][   T40] audit: type=1400 audit(1746496588.506:578): avc:  denied  { create } for  pid=8376 comm="syz.0.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[   89.166962][ T8385] netlink: 32 bytes leftover after parsing attributes in process `syz.0.721'.
[   89.171434][ T8385] netlink: 32 bytes leftover after parsing attributes in process `syz.0.721'.
[   89.296118][   T65] usb 8-1: new full-speed USB device number 15 using dummy_hcd
[   89.347784][ T8407] netlink: 12 bytes leftover after parsing attributes in process `syz.2.723'.
[   89.351540][ T8407] netlink: 48 bytes leftover after parsing attributes in process `syz.2.723'.
[   89.409794][ T8416] netlink: 12 bytes leftover after parsing attributes in process `syz.2.728'.
[   89.415136][   T40] audit: type=1400 audit(1746496588.826:579): avc:  denied  { map } for  pid=8406 comm="syz.0.725" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   89.425676][ T8414] netlink: 132 bytes leftover after parsing attributes in process `syz.4.727'.
[   89.448455][ T8421] netlink: 4 bytes leftover after parsing attributes in process `syz.2.729'.
[   89.465539][   T65] usb 8-1: not running at top speed; connect to a high speed hub
[   89.473262][   T65] usb 8-1: config 1 interface 0 altsetting 228 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[   89.477263][   T65] usb 8-1: config 1 interface 0 has no altsetting 0
[   89.481649][   T40] audit: type=1400 audit(1746496588.896:580): avc:  denied  { write } for  pid=8430 comm="syz.4.731" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   89.489062][   T65] usb 8-1: New USB device found, idVendor=05ac, idProduct=0229, bcdDevice= 0.40
[   89.491328][ T8431] netlink: 4 bytes leftover after parsing attributes in process `syz.4.731'.
[   89.491876][   T65] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.500855][   T65] usb 8-1: Product: А
[   89.502204][   T65] usb 8-1: Manufacturer: Д
[   89.503786][   T65] usb 8-1: SerialNumber: ⱍ
[   89.505447][ T8433] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   89.509532][ T8371] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   89.556894][ T8438] FAULT_INJECTION: forcing a failure.
[   89.556894][ T8438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   89.561555][ T8438] CPU: 2 UID: 0 PID: 8438 Comm: syz.0.734 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   89.561597][ T8438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.561604][ T8438] Call Trace:
[   89.561608][ T8438]  <TASK>
[   89.561613][ T8438]  dump_stack_lvl+0x16c/0x1f0
[   89.561645][ T8438]  should_fail_ex+0x512/0x640
[   89.561664][ T8438]  _copy_from_user+0x2e/0xd0
[   89.561680][ T8438]  input_event_from_user+0x133/0x3b0
[   89.561693][ T8438]  ? __pfx_input_event_from_user+0x10/0x10
[   89.561706][ T8438]  ? __pfx___might_resched+0x10/0x10
[   89.561720][ T8438]  ? input_inject_event+0x1a5/0x390
[   89.561733][ T8438]  evdev_write+0x37b/0x750
[   89.561747][ T8438]  ? __pfx_evdev_write+0x10/0x10
[   89.561760][ T8438]  ? bpf_lsm_file_permission+0x9/0x10
[   89.561774][ T8438]  ? security_file_permission+0x71/0x210
[   89.561789][ T8438]  ? rw_verify_area+0xcf/0x680
[   89.561809][ T8438]  vfs_write+0x25c/0x1180
[   89.561823][ T8438]  ? __pfx_evdev_write+0x10/0x10
[   89.561837][ T8438]  ? __pfx_vfs_write+0x10/0x10
[   89.561850][ T8438]  ? find_held_lock+0x2b/0x80
[   89.561863][ T8438]  ? __fget_files+0x204/0x3c0
[   89.561881][ T8438]  ? __fget_files+0x20e/0x3c0
[   89.561900][ T8438]  ksys_write+0x205/0x240
[   89.561915][ T8438]  ? __pfx_ksys_write+0x10/0x10
[   89.561929][ T8438]  ? rcu_is_watching+0x12/0xc0
[   89.561945][ T8438]  do_syscall_64+0xcd/0x260
[   89.561960][ T8438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.561971][ T8438] RIP: 0033:0x7f05f638e969
[   89.561979][ T8438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.561989][ T8438] RSP: 002b:00007f05f7264038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   89.562000][ T8438] RAX: ffffffffffffffda RBX: 00007f05f65b5fa0 RCX: 00007f05f638e969
[   89.562006][ T8438] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   89.562012][ T8438] RBP: 00007f05f7264090 R08: 0000000000000000 R09: 0000000000000000
[   89.562018][ T8438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   89.562024][ T8438] R13: 0000000000000000 R14: 00007f05f65b5fa0 R15: 00007fff07200d88
[   89.562037][ T8438]  </TASK>
[   89.646987][ T8436] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1869176685 (3738353370 ns) > initial count (3200571110 ns). Using initial count to start timer.
[   89.807330][ T8447] netlink: 28 bytes leftover after parsing attributes in process `syz.4.738'.
[   89.921704][   T65] usbhid 8-1:1.0: can't add hid device: -71
[   89.924601][   T65] usbhid 8-1:1.0: probe with driver usbhid failed with error -71
[   89.930851][   T65] usb 8-1: USB disconnect, device number 15
[   89.966413][ T8452] QAT: Stopping all acceleration devices.
[   90.029163][ T8457] gre0: left promiscuous mode
[   90.039922][ T8457] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[   90.045593][ T8459] unsupported nla_type 14345
[   90.108828][ T8465] validate_nla: 3 callbacks suppressed
[   90.108844][ T8465] netlink: 'syz.4.745': attribute type 27 has an invalid length.
[   90.144665][ T8465] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.147809][ T8465] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.209105][ T8465] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.218113][ T8465] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.265139][ T8465] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.268166][ T8465] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.271178][ T8465] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.274032][ T8465] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.450644][ T8478] can0: slcan on ptm0.
[   90.523793][ T8477] can0 (unregistered): slcan off ptm0.
[   90.579188][   T40] audit: type=1400 audit(1746496589.996:581): avc:  denied  { getopt } for  pid=8485 comm="syz.3.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   90.635746][ T1023] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[   90.750504][ T8497] dvmrp5: entered allmulticast mode
[   90.754430][ T8497] dvmrp5: left allmulticast mode
[   90.783063][ T1023] usb 7-1: Using ep0 maxpacket: 16
[   90.786991][ T1023] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   90.792415][ T1023] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[   90.796469][ T1023] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.802302][ T1023] usb 7-1: config 0 descriptor??
[   90.814633][ T1023] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input9
[   90.874977][ T8500] FAULT_INJECTION: forcing a failure.
[   90.874977][ T8500] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   90.879043][ T8500] CPU: 1 UID: 0 PID: 8500 Comm: syz.3.754 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   90.879059][ T8500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.879065][ T8500] Call Trace:
[   90.879069][ T8500]  <TASK>
[   90.879073][ T8500]  dump_stack_lvl+0x16c/0x1f0
[   90.879090][ T8500]  should_fail_ex+0x512/0x640
[   90.879106][ T8500]  _copy_from_user+0x2e/0xd0
[   90.879121][ T8500]  input_event_from_user+0x133/0x3b0
[   90.879135][ T8500]  ? __pfx_input_event_from_user+0x10/0x10
[   90.879148][ T8500]  ? __pfx___might_resched+0x10/0x10
[   90.879161][ T8500]  ? input_inject_event+0x1a5/0x390
[   90.879175][ T8500]  evdev_write+0x37b/0x750
[   90.879189][ T8500]  ? __pfx_evdev_write+0x10/0x10
[   90.879201][ T8500]  ? bpf_lsm_file_permission+0x9/0x10
[   90.879216][ T8500]  ? security_file_permission+0x71/0x210
[   90.879232][ T8500]  ? rw_verify_area+0xcf/0x680
[   90.879247][ T8500]  vfs_write+0x25c/0x1180
[   90.879261][ T8500]  ? __pfx_evdev_write+0x10/0x10
[   90.879275][ T8500]  ? __pfx_vfs_write+0x10/0x10
[   90.879288][ T8500]  ? find_held_lock+0x2b/0x80
[   90.879301][ T8500]  ? __fget_files+0x204/0x3c0
[   90.879319][ T8500]  ? __fget_files+0x20e/0x3c0
[   90.879338][ T8500]  ksys_write+0x205/0x240
[   90.879352][ T8500]  ? __pfx_ksys_write+0x10/0x10
[   90.879366][ T8500]  ? rcu_is_watching+0x12/0xc0
[   90.879382][ T8500]  do_syscall_64+0xcd/0x260
[   90.879397][ T8500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.879408][ T8500] RIP: 0033:0x7f295778e969
[   90.879416][ T8500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.879426][ T8500] RSP: 002b:00007f2958538038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   90.879435][ T8500] RAX: ffffffffffffffda RBX: 00007f29579b5fa0 RCX: 00007f295778e969
[   90.879442][ T8500] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   90.879448][ T8500] RBP: 00007f2958538090 R08: 0000000000000000 R09: 0000000000000000
[   90.879453][ T8500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   90.879459][ T8500] R13: 0000000000000000 R14: 00007f29579b5fa0 R15: 00007ffeb6df9ca8
[   90.879472][ T8500]  </TASK>
[   90.977817][ T8502] netlink: 'syz.3.755': attribute type 6 has an invalid length.
[   91.007737][ T5328] bcm5974 7-1:0.0: could not read from device
[   91.013858][ T5328] bcm5974 7-1:0.0: could not read from device
[   91.017152][ T1023] usb 7-1: USB disconnect, device number 13
[   91.017289][ T5328] bcm5974 7-1:0.0: could not read from device
[   91.607292][ T8526] FAULT_INJECTION: forcing a failure.
[   91.607292][ T8526] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   91.612109][ T8526] CPU: 3 UID: 0 PID: 8526 Comm: syz.2.763 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   91.612124][ T8526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   91.612130][ T8526] Call Trace:
[   91.612134][ T8526]  <TASK>
[   91.612139][ T8526]  dump_stack_lvl+0x16c/0x1f0
[   91.612156][ T8526]  should_fail_ex+0x512/0x640
[   91.612172][ T8526]  _copy_from_user+0x2e/0xd0
[   91.612188][ T8526]  input_event_from_user+0x133/0x3b0
[   91.612201][ T8526]  ? __pfx_input_event_from_user+0x10/0x10
[   91.612214][ T8526]  ? __pfx___might_resched+0x10/0x10
[   91.612227][ T8526]  ? input_inject_event+0x1a5/0x390
[   91.612241][ T8526]  evdev_write+0x37b/0x750
[   91.612255][ T8526]  ? __pfx_evdev_write+0x10/0x10
[   91.612267][ T8526]  ? bpf_lsm_file_permission+0x9/0x10
[   91.612281][ T8526]  ? security_file_permission+0x71/0x210
[   91.612297][ T8526]  ? rw_verify_area+0xcf/0x680
[   91.612312][ T8526]  vfs_write+0x25c/0x1180
[   91.612326][ T8526]  ? __pfx_evdev_write+0x10/0x10
[   91.612340][ T8526]  ? __pfx_vfs_write+0x10/0x10
[   91.612353][ T8526]  ? find_held_lock+0x2b/0x80
[   91.612366][ T8526]  ? __fget_files+0x204/0x3c0
[   91.612384][ T8526]  ? __fget_files+0x20e/0x3c0
[   91.612403][ T8526]  ksys_write+0x205/0x240
[   91.612417][ T8526]  ? __pfx_ksys_write+0x10/0x10
[   91.612436][ T8526]  do_syscall_64+0xcd/0x260
[   91.612451][ T8526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.612461][ T8526] RIP: 0033:0x7f652958e969
[   91.612470][ T8526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.612480][ T8526] RSP: 002b:00007f652a43e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   91.612490][ T8526] RAX: ffffffffffffffda RBX: 00007f65297b5fa0 RCX: 00007f652958e969
[   91.612496][ T8526] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   91.612503][ T8526] RBP: 00007f652a43e090 R08: 0000000000000000 R09: 0000000000000000
[   91.612508][ T8526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   91.612514][ T8526] R13: 0000000000000000 R14: 00007f65297b5fa0 R15: 00007ffd0b4f5b38
[   91.612527][ T8526]  </TASK>
[   91.980303][   T40] audit: type=1400 audit(1746496591.396:582): avc:  denied  { ioctl } for  pid=8539 comm="syz.3.766" path="socket:[24636]" dev="sockfs" ino=24636 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   92.520562][ T8568] fuse: Bad value for 'group_id'
[   92.522167][ T8568] fuse: Bad value for 'group_id'
[   92.612437][ T8585] sp0: Synchronizing with TNC
[   92.634385][ T8585] [U] �
[   92.929661][ T8628] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[   93.129809][ T8663] IPVS: set_ctl: invalid protocol: 32449 172.20.20.20:0
[   93.132977][ T8663] usb usb8: usbfs: process 8663 (syz.3.805) did not claim interface 0 before use
[   93.240952][ T8667] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[   93.244987][ T8667] macsec1: entered allmulticast mode
[   93.246859][ T8667] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode
[   93.250219][ T8667] batman_adv: batadv0: Adding interface: macsec1
[   93.252432][ T8667] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.261188][ T8667] batman_adv: batadv0: Interface activated: macsec1
[   93.273176][ T8667] random: crng reseeded on system resumption
[   93.354719][ T8673] syz.3.806: attempt to access beyond end of device
[   93.354719][ T8673] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[   93.360396][ T8673] XFS (nbd3): SB validate failed with error -5.
[   93.682951][   T57] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[   93.836056][   T57] usb 7-1: Using ep0 maxpacket: 8
[   93.839057][   T57] usb 7-1: config index 0 descriptor too short (expected 74, got 45)
[   93.842987][   T57] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[   93.846793][   T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   93.851013][   T57] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[   93.858454][   T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[   93.861512][   T57] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   93.865918][   T57] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   93.868716][   T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.899922][ T8691] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[   93.929770][   T40] kauditd_printk_skb: 5 callbacks suppressed
[   93.929781][   T40] audit: type=1400 audit(1746496593.346:588): avc:  denied  { ioctl } for  pid=8694 comm="syz.4.814" path="socket:[23794]" dev="sockfs" ino=23794 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[   94.059697][ T8714] FAULT_INJECTION: forcing a failure.
[   94.059697][ T8714] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.065721][ T8714] CPU: 3 UID: 0 PID: 8714 Comm: syz.4.819 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   94.065737][ T8714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   94.065744][ T8714] Call Trace:
[   94.065748][ T8714]  <TASK>
[   94.065752][ T8714]  dump_stack_lvl+0x16c/0x1f0
[   94.065770][ T8714]  should_fail_ex+0x512/0x640
[   94.065785][ T8714]  _copy_from_user+0x2e/0xd0
[   94.065800][ T8714]  input_event_from_user+0x133/0x3b0
[   94.065814][ T8714]  ? __pfx_input_event_from_user+0x10/0x10
[   94.065827][ T8714]  ? __pfx___might_resched+0x10/0x10
[   94.065841][ T8714]  ? input_inject_event+0x1a5/0x390
[   94.065854][ T8714]  evdev_write+0x37b/0x750
[   94.065868][ T8714]  ? __pfx_evdev_write+0x10/0x10
[   94.065881][ T8714]  ? bpf_lsm_file_permission+0x9/0x10
[   94.065895][ T8714]  ? security_file_permission+0x71/0x210
[   94.065911][ T8714]  ? rw_verify_area+0xcf/0x680
[   94.065926][ T8714]  vfs_write+0x25c/0x1180
[   94.065940][ T8714]  ? __pfx_evdev_write+0x10/0x10
[   94.065954][ T8714]  ? __pfx_vfs_write+0x10/0x10
[   94.065968][ T8714]  ? find_held_lock+0x2b/0x80
[   94.065980][ T8714]  ? __fget_files+0x204/0x3c0
[   94.065998][ T8714]  ? __fget_files+0x20e/0x3c0
[   94.066017][ T8714]  ksys_write+0x205/0x240
[   94.066032][ T8714]  ? __pfx_ksys_write+0x10/0x10
[   94.066051][ T8714]  do_syscall_64+0xcd/0x260
[   94.066072][ T8714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.066082][ T8714] RIP: 0033:0x7ff9d218e969
[   94.066091][ T8714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.066101][ T8714] RSP: 002b:00007ff9d2f7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   94.066111][ T8714] RAX: ffffffffffffffda RBX: 00007ff9d23b5fa0 RCX: 00007ff9d218e969
[   94.066118][ T8714] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   94.066123][ T8714] RBP: 00007ff9d2f7f090 R08: 0000000000000000 R09: 0000000000000000
[   94.066129][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   94.066136][ T8714] R13: 0000000000000000 R14: 00007ff9d23b5fa0 R15: 00007ffeff29c038
[   94.066148][ T8714]  </TASK>
[   94.076182][   T57] usb 7-1: GET_CAPABILITIES returned 0
[   94.164493][   T57] usbtmc 7-1:16.0: can't read capabilities
[   94.244881][ T5968] usb 7-1: USB disconnect, device number 14
[   94.295877][ T8739] __nla_validate_parse: 15 callbacks suppressed
[   94.295893][ T8739] netlink: 116 bytes leftover after parsing attributes in process `syz.3.828'.
[   94.362269][ T8752] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   94.366348][ T8752] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   94.369114][ T8752] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   94.371827][ T8752] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   94.377004][ T8752] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[   94.379751][ T8752] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[   94.382483][ T8752] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[   94.386075][ T8752] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[   94.390082][ T8752] geneve3: entered promiscuous mode
[   94.391927][ T8752] geneve3: entered allmulticast mode
[   94.480908][   T40] audit: type=1400 audit(1746496593.896:589): avc:  denied  { remount } for  pid=8773 comm="syz.0.842" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[   94.481550][ T8775] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.506547][ T8780] FAULT_INJECTION: forcing a failure.
[   94.506547][ T8780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.510698][ T8780] CPU: 0 UID: 0 PID: 8780 Comm: syz.0.843 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   94.510713][ T8780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   94.510720][ T8780] Call Trace:
[   94.510724][ T8780]  <TASK>
[   94.510728][ T8780]  dump_stack_lvl+0x16c/0x1f0
[   94.510747][ T8780]  should_fail_ex+0x512/0x640
[   94.510762][ T8780]  _copy_from_user+0x2e/0xd0
[   94.510778][ T8780]  input_event_from_user+0x133/0x3b0
[   94.510792][ T8780]  ? __pfx_input_event_from_user+0x10/0x10
[   94.510804][ T8780]  ? __pfx___might_resched+0x10/0x10
[   94.510818][ T8780]  ? input_inject_event+0x1a5/0x390
[   94.510831][ T8780]  evdev_write+0x37b/0x750
[   94.510845][ T8780]  ? __pfx_evdev_write+0x10/0x10
[   94.510857][ T8780]  ? bpf_lsm_file_permission+0x9/0x10
[   94.510872][ T8780]  ? security_file_permission+0x71/0x210
[   94.510888][ T8780]  ? rw_verify_area+0xcf/0x680
[   94.510903][ T8780]  vfs_write+0x25c/0x1180
[   94.510917][ T8780]  ? __pfx_evdev_write+0x10/0x10
[   94.510931][ T8780]  ? __pfx_vfs_write+0x10/0x10
[   94.510944][ T8780]  ? find_held_lock+0x2b/0x80
[   94.510957][ T8780]  ? __fget_files+0x204/0x3c0
[   94.510975][ T8780]  ? __fget_files+0x20e/0x3c0
[   94.510999][ T8780]  ksys_write+0x205/0x240
[   94.511013][ T8780]  ? __pfx_ksys_write+0x10/0x10
[   94.511027][ T8780]  ? rcu_is_watching+0x12/0xc0
[   94.511042][ T8780]  do_syscall_64+0xcd/0x260
[   94.511057][ T8780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.511068][ T8780] RIP: 0033:0x7f05f638e969
[   94.511076][ T8780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.511087][ T8780] RSP: 002b:00007f05f7264038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   94.511097][ T8780] RAX: ffffffffffffffda RBX: 00007f05f65b5fa0 RCX: 00007f05f638e969
[   94.511103][ T8780] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   94.511109][ T8780] RBP: 00007f05f7264090 R08: 0000000000000000 R09: 0000000000000000
[   94.511115][ T8780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   94.511121][ T8780] R13: 0000000000000000 R14: 00007f05f65b5fa0 R15: 00007fff07200d88
[   94.511133][ T8780]  </TASK>
[   94.587136][    C0] vkms_vblank_simulate: vblank timer overrun
[   94.615508][ T8783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.845'.
[   94.618615][ T8783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.845'.
[   94.633325][ T8787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.846'.
[   94.691533][ T8788] netlink: 4 bytes leftover after parsing attributes in process `syz.0.845'.
[   94.848406][ T8801] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[   95.165874][ T8746] Bluetooth: hci0: Opcode 0x080f failed: -4
[   95.224878][   T40] audit: type=1400 audit(1746496594.646:590): avc:  denied  { ioctl } for  pid=8813 comm="syz.2.853" path="socket:[24129]" dev="sockfs" ino=24129 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   95.254971][ T8816] FAULT_INJECTION: forcing a failure.
[   95.254971][ T8816] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.259855][ T8816] CPU: 0 UID: 0 PID: 8816 Comm: syz.2.854 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   95.259875][ T8816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.259882][ T8816] Call Trace:
[   95.259888][ T8816]  <TASK>
[   95.259895][ T8816]  dump_stack_lvl+0x16c/0x1f0
[   95.259920][ T8816]  should_fail_ex+0x512/0x640
[   95.259942][ T8816]  _copy_from_user+0x2e/0xd0
[   95.259965][ T8816]  input_event_from_user+0x133/0x3b0
[   95.259984][ T8816]  ? __pfx_input_event_from_user+0x10/0x10
[   95.260002][ T8816]  ? __pfx___might_resched+0x10/0x10
[   95.260023][ T8816]  ? input_inject_event+0x1a5/0x390
[   95.260044][ T8816]  evdev_write+0x37b/0x750
[   95.260066][ T8816]  ? __pfx_evdev_write+0x10/0x10
[   95.260085][ T8816]  ? bpf_lsm_file_permission+0x9/0x10
[   95.260105][ T8816]  ? security_file_permission+0x71/0x210
[   95.260123][ T8816]  ? rw_verify_area+0xcf/0x680
[   95.260145][ T8816]  vfs_write+0x25c/0x1180
[   95.260165][ T8816]  ? __pfx_evdev_write+0x10/0x10
[   95.260186][ T8816]  ? __pfx_vfs_write+0x10/0x10
[   95.260205][ T8816]  ? find_held_lock+0x2b/0x80
[   95.260222][ T8816]  ? __fget_files+0x204/0x3c0
[   95.260245][ T8816]  ? __fget_files+0x20e/0x3c0
[   95.260274][ T8816]  ksys_write+0x205/0x240
[   95.260294][ T8816]  ? __pfx_ksys_write+0x10/0x10
[   95.260322][ T8816]  do_syscall_64+0xcd/0x260
[   95.260340][ T8816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.260355][ T8816] RIP: 0033:0x7f652958e969
[   95.260368][ T8816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.260382][ T8816] RSP: 002b:00007f652a43e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   95.260397][ T8816] RAX: ffffffffffffffda RBX: 00007f65297b5fa0 RCX: 00007f652958e969
[   95.260407][ T8816] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   95.260416][ T8816] RBP: 00007f652a43e090 R08: 0000000000000000 R09: 0000000000000000
[   95.260425][ T8816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   95.260434][ T8816] R13: 0000000000000000 R14: 00007f65297b5fa0 R15: 00007ffd0b4f5b38
[   95.260454][ T8816]  </TASK>
[   95.342882][    C0] vkms_vblank_simulate: vblank timer overrun
[   95.392567][   T40] audit: type=1400 audit(1746496594.806:591): avc:  denied  { getopt } for  pid=8817 comm="syz.2.855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   95.408939][ T8818] vxcan1 speed is unknown, defaulting to 1000
[   95.659205][ T8834] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[   95.669121][ T8834] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[   95.701610][ T8842] xt_bpf: check failed: parse error
[   95.835392][ T8851] : entered promiscuous mode
[   95.839427][ T8852] netlink: 'syz.3.868': attribute type 25 has an invalid length.
[   95.911438][   T40] audit: type=1400 audit(1746496595.326:592): avc:  denied  { read write } for  pid=8861 comm="syz.4.874" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   95.983390][   T57] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   96.021948][   T40] audit: type=1400 audit(1746496595.436:593): avc:  denied  { write } for  pid=8873 comm="syz.2.879" name="file0" dev="tmpfs" ino=1070 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   96.031108][   T40] audit: type=1400 audit(1746496595.436:594): avc:  denied  { open } for  pid=8873 comm="syz.2.879" path="/195/file0" dev="tmpfs" ino=1070 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   96.038923][   T40] audit: type=1400 audit(1746496595.436:595): avc:  denied  { ioctl } for  pid=8873 comm="syz.2.879" path="/195/file0" dev="tmpfs" ino=1070 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   96.055945][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.058328][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.060600][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.062981][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.065237][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.067494][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.069750][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.071997][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.077267][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.079582][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.081876][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.084354][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.086549][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.088663][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.090902][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.094103][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.097151][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.100222][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.103953][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.106989][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.110496][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.114284][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.117323][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.120362][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.123447][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.126975][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.127149][ T8887] input: syz0 as /devices/virtual/input/input10
[   96.129950][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.130036][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.139126][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.142124][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.145036][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.145074][ T8876] blktrace: Concurrent blktraces are not allowed on loop5
[   96.153009][   T57] usb 5-1: Using ep0 maxpacket: 32
[   96.158792][   T57] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   96.166303][   T57] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   96.169853][   T57] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   96.173583][   T57] usb 5-1: Product: syz
[   96.175314][   T57] usb 5-1: Manufacturer: syz
[   96.177043][   T57] usb 5-1: SerialNumber: syz
[   96.181110][   T57] usb 5-1: config 0 descriptor??
[   96.183732][   T40] audit: type=1326 audit(1746496595.606:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.2.882" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f652958e969 code=0x0
[   96.184008][ T8844] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   96.206484][ T8889] netlink: 'syz.3.883': attribute type 3 has an invalid length.
[   96.208921][ T8889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.883'.
[   96.322415][ T8899] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[   96.324952][ T8899] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   96.328271][ T8899] vhci_hcd vhci_hcd.0: Device attached
[   96.341016][ T8904] vhci_hcd: connection closed
[   96.341212][   T12] vhci_hcd: stop threads
[   96.346081][   T12] vhci_hcd: release socket
[   96.347530][   T12] vhci_hcd: disconnect device
[   96.393129][ T5928] Bluetooth: hci0: command 0x080f tx timeout
[   96.484922][   T40] audit: type=1804 audit(1746496595.906:597): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.887" name="/newroot/219/file0" dev="tmpfs" ino=1176 res=1 errno=0
[   96.492671][ T5968] usb 5-1: USB disconnect, device number 9
[   97.098937][ T8928] netlink: 4 bytes leftover after parsing attributes in process `syz.4.892'.
[   97.102516][ T8928] netlink: 'syz.4.892': attribute type 19 has an invalid length.
[   97.108386][ T8928] netlink: 12 bytes leftover after parsing attributes in process `syz.4.892'.
[   97.137342][ T8932] program syz.2.894 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   97.237887][ T8937] netlink: 32 bytes leftover after parsing attributes in process `syz.4.895'.
[   97.441663][ T8945] netlink: 20 bytes leftover after parsing attributes in process `syz.2.897'.
[   97.525089][ T8953] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[   97.689814][ T8970] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[   97.727138][ T8974] SELinux: syz.2.905 (8974) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   97.830762][ T8988] FAULT_INJECTION: forcing a failure.
[   97.830762][ T8988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.839188][ T8988] CPU: 3 UID: 0 PID: 8988 Comm: syz.2.910 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   97.839210][ T8988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.839220][ T8988] Call Trace:
[   97.839225][ T8988]  <TASK>
[   97.839231][ T8988]  dump_stack_lvl+0x16c/0x1f0
[   97.839256][ T8988]  should_fail_ex+0x512/0x640
[   97.839279][ T8988]  _copy_from_user+0x2e/0xd0
[   97.839300][ T8988]  input_event_from_user+0x133/0x3b0
[   97.839320][ T8988]  ? __pfx_input_event_from_user+0x10/0x10
[   97.839337][ T8988]  ? __pfx___might_resched+0x10/0x10
[   97.839358][ T8988]  ? input_inject_event+0x1a5/0x390
[   97.839378][ T8988]  evdev_write+0x37b/0x750
[   97.839400][ T8988]  ? __pfx_evdev_write+0x10/0x10
[   97.839418][ T8988]  ? bpf_lsm_file_permission+0x9/0x10
[   97.839439][ T8988]  ? security_file_permission+0x71/0x210
[   97.839457][ T8988]  ? rw_verify_area+0xcf/0x680
[   97.839472][ T8988]  vfs_write+0x25c/0x1180
[   97.839486][ T8988]  ? __pfx_evdev_write+0x10/0x10
[   97.839500][ T8988]  ? __pfx_vfs_write+0x10/0x10
[   97.839513][ T8988]  ? find_held_lock+0x2b/0x80
[   97.839526][ T8988]  ? __fget_files+0x204/0x3c0
[   97.839543][ T8988]  ? __fget_files+0x20e/0x3c0
[   97.839562][ T8988]  ksys_write+0x205/0x240
[   97.839577][ T8988]  ? __pfx_ksys_write+0x10/0x10
[   97.839590][ T8988]  ? rcu_is_watching+0x12/0xc0
[   97.839606][ T8988]  do_syscall_64+0xcd/0x260
[   97.839621][ T8988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.839632][ T8988] RIP: 0033:0x7f652958e969
[   97.839641][ T8988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.839651][ T8988] RSP: 002b:00007f652a43e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   97.839661][ T8988] RAX: ffffffffffffffda RBX: 00007f65297b5fa0 RCX: 00007f652958e969
[   97.839672][ T8988] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   97.839678][ T8988] RBP: 00007f652a43e090 R08: 0000000000000000 R09: 0000000000000000
[   97.839684][ T8988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   97.839690][ T8988] R13: 0000000000000000 R14: 00007f65297b5fa0 R15: 00007ffd0b4f5b38
[   97.839702][ T8988]  </TASK>
[   98.055927][ T9006] syz.0.917: attempt to access beyond end of device
[   98.055927][ T9006] loop0: rw=0, sector=1, nr_sectors = 1 limit=0
[   98.061464][ T9006] qnx4: unable to read the superblock
[   98.111128][ T9009] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[   98.113902][ T9009] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   98.117690][ T9009] vhci_hcd vhci_hcd.0: Device attached
[   98.120022][ T9011] vhci_hcd: cannot find the pending unlink 1023
[   98.127155][ T9011] vhci_hcd: connection closed
[   98.128444][ T8960] vhci_hcd: stop threads
[   98.131888][ T8960] vhci_hcd: release socket
[   98.133647][ T8960] vhci_hcd: disconnect device
[   98.340776][ T9018] FAULT_INJECTION: forcing a failure.
[   98.340776][ T9018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.344988][ T9018] CPU: 2 UID: 0 PID: 9018 Comm: syz.4.920 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   98.345002][ T9018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.345009][ T9018] Call Trace:
[   98.345012][ T9018]  <TASK>
[   98.345016][ T9018]  dump_stack_lvl+0x16c/0x1f0
[   98.345033][ T9018]  should_fail_ex+0x512/0x640
[   98.345049][ T9018]  _copy_from_user+0x2e/0xd0
[   98.345064][ T9018]  input_event_from_user+0x133/0x3b0
[   98.345077][ T9018]  ? __pfx_input_event_from_user+0x10/0x10
[   98.345089][ T9018]  ? __pfx___might_resched+0x10/0x10
[   98.345103][ T9018]  ? input_inject_event+0x1a5/0x390
[   98.345117][ T9018]  evdev_write+0x37b/0x750
[   98.345130][ T9018]  ? __pfx_evdev_write+0x10/0x10
[   98.345143][ T9018]  ? bpf_lsm_file_permission+0x9/0x10
[   98.345157][ T9018]  ? security_file_permission+0x71/0x210
[   98.345172][ T9018]  ? rw_verify_area+0xcf/0x680
[   98.345188][ T9018]  vfs_write+0x25c/0x1180
[   98.345201][ T9018]  ? __pfx_evdev_write+0x10/0x10
[   98.345215][ T9018]  ? __pfx_vfs_write+0x10/0x10
[   98.345229][ T9018]  ? find_held_lock+0x2b/0x80
[   98.345241][ T9018]  ? __fget_files+0x204/0x3c0
[   98.345259][ T9018]  ? __fget_files+0x20e/0x3c0
[   98.345278][ T9018]  ksys_write+0x205/0x240
[   98.345292][ T9018]  ? __pfx_ksys_write+0x10/0x10
[   98.345311][ T9018]  do_syscall_64+0xcd/0x260
[   98.345325][ T9018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.345336][ T9018] RIP: 0033:0x7ff9d218e969
[   98.345345][ T9018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.345355][ T9018] RSP: 002b:00007ff9d2f7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.345365][ T9018] RAX: ffffffffffffffda RBX: 00007ff9d23b5fa0 RCX: 00007ff9d218e969
[   98.345371][ T9018] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   98.345377][ T9018] RBP: 00007ff9d2f7f090 R08: 0000000000000000 R09: 0000000000000000
[   98.345383][ T9018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   98.345388][ T9018] R13: 0000000000000000 R14: 00007ff9d23b5fa0 R15: 00007ffeff29c038
[   98.345401][ T9018]  </TASK>
[   98.535764][ T9038] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.540594][ T9038] bond0: (slave rose0): Enslaving as an active interface with an up link
[   98.580374][ T9049] FAULT_INJECTION: forcing a failure.
[   98.580374][ T9049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.588109][ T9049] CPU: 3 UID: 0 PID: 9049 Comm: syz.4.930 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   98.588130][ T9049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.588141][ T9049] Call Trace:
[   98.588146][ T9049]  <TASK>
[   98.588152][ T9049]  dump_stack_lvl+0x16c/0x1f0
[   98.588178][ T9049]  should_fail_ex+0x512/0x640
[   98.588202][ T9049]  _copy_from_user+0x2e/0xd0
[   98.588224][ T9049]  input_event_from_user+0x133/0x3b0
[   98.588244][ T9049]  ? __pfx_input_event_from_user+0x10/0x10
[   98.588264][ T9049]  ? __pfx___might_resched+0x10/0x10
[   98.588286][ T9049]  ? input_inject_event+0x1a5/0x390
[   98.588307][ T9049]  evdev_write+0x37b/0x750
[   98.588328][ T9049]  ? __pfx_evdev_write+0x10/0x10
[   98.588348][ T9049]  ? bpf_lsm_file_permission+0x9/0x10
[   98.588370][ T9049]  ? security_file_permission+0x71/0x210
[   98.588392][ T9049]  ? rw_verify_area+0xcf/0x680
[   98.588416][ T9049]  vfs_write+0x25c/0x1180
[   98.588437][ T9049]  ? __pfx_evdev_write+0x10/0x10
[   98.588459][ T9049]  ? __pfx_vfs_write+0x10/0x10
[   98.588479][ T9049]  ? find_held_lock+0x2b/0x80
[   98.588499][ T9049]  ? __fget_files+0x204/0x3c0
[   98.588526][ T9049]  ? __fget_files+0x20e/0x3c0
[   98.588556][ T9049]  ksys_write+0x205/0x240
[   98.588578][ T9049]  ? __pfx_ksys_write+0x10/0x10
[   98.588598][ T9049]  ? rcu_is_watching+0x12/0xc0
[   98.588623][ T9049]  do_syscall_64+0xcd/0x260
[   98.588647][ T9049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.588663][ T9049] RIP: 0033:0x7ff9d218e969
[   98.588676][ T9049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.588691][ T9049] RSP: 002b:00007ff9d2f7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.588707][ T9049] RAX: ffffffffffffffda RBX: 00007ff9d23b5fa0 RCX: 00007ff9d218e969
[   98.588718][ T9049] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   98.588727][ T9049] RBP: 00007ff9d2f7f090 R08: 0000000000000000 R09: 0000000000000000
[   98.588736][ T9049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   98.588744][ T9049] R13: 0000000000000000 R14: 00007ff9d23b5fa0 R15: 00007ffeff29c038
[   98.588771][ T9049]  </TASK>
[   98.738122][ T9067] xt_hashlimit: size too large, truncated to 1048576
[   98.951936][   T40] kauditd_printk_skb: 11 callbacks suppressed
[   98.951951][   T40] audit: type=1400 audit(1746496598.366:609): avc:  denied  { mounton } for  pid=9082 comm="syz.2.936" path="/proc/624/task" dev="proc" ino=25484 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   98.967340][ T9086] af_packet: tpacket_rcv: packet too big, clamped from 48 to 4294967272. macoff=96
[   99.012258][ T9090] afs: Unknown parameter 'dyn�p�g��wf�ٴ繖&��3���S���qK[;)}+fe����!!�u�l����G�Ɔ)���
}'
[   99.016005][ T9090] overlayfs: failed to resolve '/Ex���]�T�f7���h�$���Q"W
��nrgL�WL�C�_�D�Ldyn�p�g��wf�ٴ繖&��3���S���qK[;)}+fe����!!�u�l����G�Ɔ)���
}': -2
[   99.119785][   T40] audit: type=1400 audit(1746496598.536:610): avc:  denied  { create } for  pid=9094 comm="syz.0.940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   99.126374][   T40] audit: type=1400 audit(1746496598.536:611): avc:  denied  { bind } for  pid=9094 comm="syz.0.940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   99.142522][ T9099] FAULT_INJECTION: forcing a failure.
[   99.142522][ T9099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   99.147910][ T9099] CPU: 1 UID: 0 PID: 9099 Comm: syz.3.941 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[   99.147934][ T9099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   99.147944][ T9099] Call Trace:
[   99.147950][ T9099]  <TASK>
[   99.147957][ T9099]  dump_stack_lvl+0x16c/0x1f0
[   99.148001][ T9099]  should_fail_ex+0x512/0x640
[   99.148031][ T9099]  _copy_from_user+0x2e/0xd0
[   99.148057][ T9099]  input_event_from_user+0x133/0x3b0
[   99.148081][ T9099]  ? __pfx_input_event_from_user+0x10/0x10
[   99.148102][ T9099]  ? __pfx___might_resched+0x10/0x10
[   99.148125][ T9099]  ? input_inject_event+0x1a5/0x390
[   99.148149][ T9099]  evdev_write+0x37b/0x750
[   99.148174][ T9099]  ? __pfx_evdev_write+0x10/0x10
[   99.148196][ T9099]  ? bpf_lsm_file_permission+0x9/0x10
[   99.148217][ T9099]  ? security_file_permission+0x71/0x210
[   99.148242][ T9099]  ? rw_verify_area+0xcf/0x680
[   99.148266][ T9099]  vfs_write+0x25c/0x1180
[   99.148288][ T9099]  ? __pfx_evdev_write+0x10/0x10
[   99.148312][ T9099]  ? __pfx_vfs_write+0x10/0x10
[   99.148333][ T9099]  ? find_held_lock+0x2b/0x80
[   99.148353][ T9099]  ? __fget_files+0x204/0x3c0
[   99.148382][ T9099]  ? __fget_files+0x20e/0x3c0
[   99.148414][ T9099]  ksys_write+0x205/0x240
[   99.148436][ T9099]  ? __pfx_ksys_write+0x10/0x10
[   99.148458][ T9099]  ? rcu_is_watching+0x12/0xc0
[   99.148480][ T9099]  do_syscall_64+0xcd/0x260
[   99.148495][ T9099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.148506][ T9099] RIP: 0033:0x7f295778e969
[   99.148515][ T9099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.148524][ T9099] RSP: 002b:00007f2958538038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   99.148535][ T9099] RAX: ffffffffffffffda RBX: 00007f29579b5fa0 RCX: 00007f295778e969
[   99.148541][ T9099] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[   99.148547][ T9099] RBP: 00007f2958538090 R08: 0000000000000000 R09: 0000000000000000
[   99.148553][ T9099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   99.148559][ T9099] R13: 0000000000000000 R14: 00007f29579b5fa0 R15: 00007ffeb6df9ca8
[   99.148571][ T9099]  </TASK>
[   99.165928][   T40] audit: type=1400 audit(1746496598.586:612): avc:  denied  { create } for  pid=9082 comm="syz.2.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[   99.592800][   T40] audit: type=1400 audit(1746496599.006:613): avc:  denied  { write } for  pid=9123 comm="syz.4.948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   99.592925][ T9124] __nla_validate_parse: 6 callbacks suppressed
[   99.592934][ T9124] netlink: 256 bytes leftover after parsing attributes in process `syz.4.948'.
[   99.598939][   T40] audit: type=1400 audit(1746496599.006:614): avc:  denied  { nlmsg_write } for  pid=9123 comm="syz.4.948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   99.601071][ T9124] unsupported nlmsg_type 40
[   99.676602][   T40] audit: type=1400 audit(1746496599.096:615): avc:  denied  { execmem } for  pid=9123 comm="syz.4.948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   99.735655][ T9130] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.950'.
[   99.738525][ T9130] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.950'.
[   99.788247][ T9134] netlink: 68 bytes leftover after parsing attributes in process `syz.4.948'.
[   99.827699][ T5928] Bluetooth: hci2: Unable to find connection for big 0xc9
[   99.866397][   T40] audit: type=1400 audit(1746496599.286:616): avc:  denied  { override_creds } for  pid=9140 comm="syz.4.954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  100.085542][ T9158] fuse: root generation should be zero
[  100.088975][ T9150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.956'.
[  100.089026][ T9158] netlink: 4 bytes leftover after parsing attributes in process `syz.4.956'.
[  100.353630][   T40] audit: type=1400 audit(1746496599.776:617): avc:  denied  { read } for  pid=9166 comm="syz.3.961" path="socket:[24525]" dev="sockfs" ino=24525 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  100.362696][ T9167] IPv6: NLM_F_CREATE should be specified when creating new route
[  100.397862][ T9169] xt_CT: You must specify a L4 protocol and not use inversions on it
[  100.628444][ T9186] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  100.631543][ T9186] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  100.640409][ T9186] netlink: 24 bytes leftover after parsing attributes in process `syz.2.968'.
[  100.656190][ T9186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.968'.
[  100.659280][ T9186] netlink: 24 bytes leftover after parsing attributes in process `syz.2.968'.
[  100.663329][ T9186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.968'.
[  100.705585][ T9188] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=9188 comm=syz.2.969
[  100.956273][   T40] audit: type=1400 audit(1746496600.376:618): avc:  denied  { getopt } for  pid=9221 comm="syz.2.977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  100.975414][ T9225] xt_hashlimit: size too large, truncated to 1048576
[  101.128462][ T9231] team0: Port device team_slave_1 removed
[  101.138138][ T9233] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9233 comm=syz.4.978
[  101.237272][ T9237] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32792 sclass=netlink_route_socket pid=9237 comm=syz.2.981
[  101.366208][ T9271] netlink: 'syz.4.995': attribute type 1 has an invalid length.
[  101.380542][ T9269] netlink: 'syz.0.994': attribute type 27 has an invalid length.
[  101.401176][ T9269] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.432532][ T9275] 9pnet_virtio: no channels available for device 127.0.0.1
[  101.463330][ T9269] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.467357][ T9277] autofs: Unknown parameter '��re�6���$�J�dD�_U`ji{���;l��8���j�����-g����w\�ΰj�'���Hٽٯ'
[  101.471787][ T9269] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.473645][ T9277] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  101.511589][ T9269] veth1_vlan: left allmulticast mode
[  101.514725][ T9269] macvlan0: left promiscuous mode
[  101.516418][ T9269] macvlan0: left allmulticast mode
[  101.539498][ T9269] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  101.543842][ T9269] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  101.547371][ T9269] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  101.550909][ T9269] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  101.625823][ T9275] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.629024][ T9275] 8021q: adding VLAN 0 to HW filter on device team0
[  101.634129][ T9275] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  103.503053][ T5928] Bluetooth: hci2: command 0x0c1a tx timeout
[  103.503119][ T9271] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  104.368298][ T9271] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  104.376143][ T9271] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  104.383041][ T9271] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  104.385266][ T9271] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  104.389094][ T9271] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  104.682031][ T9307] netlink: 'syz.2.1006': attribute type 21 has an invalid length.
[  104.686046][ T9307] IPv6: NLM_F_CREATE should be specified when creating new route
[  105.583579][   T67] Bluetooth: hci2: command 0x0c1a tx timeout
[  105.698868][ T9329] vlan3: entered allmulticast mode
[  105.700676][ T9329] bridge0: entered allmulticast mode
[  105.716893][ T9331] fuse: Unknown parameter 'grou'
[  105.813729][ T9344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=58480 sclass=netlink_route_socket pid=9344 comm=syz.2.1016
[  105.814875][ T9345] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=58480 sclass=netlink_route_socket pid=9345 comm=syz.2.1016
[  105.823624][ T9345] xt_hashlimit: size too large, truncated to 1048576
[  105.823667][ T9344] xt_hashlimit: size too large, truncated to 1048576
[  105.886543][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  105.886560][   T40] audit: type=1400 audit(1746496605.306:625): avc:  denied  { ioctl } for  pid=9359 comm="syz.4.1020" path="socket:[27954]" dev="sockfs" ino=27954 ioctlcmd=0x5402 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  105.893252][ T9360] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  105.899326][   T40] audit: type=1400 audit(1746496605.306:626): avc:  denied  { setopt } for  pid=9359 comm="syz.4.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  105.905385][ T9360] CIFS mount error: No usable UNC path provided in device string!
[  105.905385][ T9360] 
[  105.915733][ T9360] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  105.925917][   T40] audit: type=1400 audit(1746496605.346:627): avc:  denied  { getopt } for  pid=9363 comm="syz.3.1022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  105.970110][ T9372] Bluetooth: MGMT ver 1.23
[  106.027230][ T9387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.030087][ T9387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.036059][   T40] audit: type=1400 audit(1746496605.456:628): avc:  denied  { create } for  pid=9388 comm="syz.0.1030" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  106.044112][   T40] audit: type=1400 audit(1746496605.456:629): avc:  denied  { sys_admin } for  pid=9388 comm="syz.0.1030" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  106.053261][ T9389] vxcan1 speed is unknown, defaulting to 1000
[  106.108306][ T9395] netlink: 'syz.2.1032': attribute type 1 has an invalid length.
[  106.121399][ T9395] 8021q: adding VLAN 0 to HW filter on device bond2
[  106.131007][ T9396] 8021q: adding VLAN 0 to HW filter on device bond2
[  106.133877][ T9396] bond2: (slave vti0): The slave device specified does not support setting the MAC address
[  106.137692][ T9396] bond2: (slave vti0): Error -95 calling set_mac_address
[  106.154904][ T9394] bond2: (slave veth0_to_bond): making interface the new active one
[  106.157632][ T9394] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  106.272932][   T40] audit: type=1326 audit(1746496605.686:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9411 comm="syz.3.1037" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f295778e969 code=0x0
[  106.277589][ T9408] vxcan1 speed is unknown, defaulting to 1000
[  106.428984][ T9430] __nla_validate_parse: 5 callbacks suppressed
[  106.428994][ T9430] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1040'.
[  106.429366][   T40] audit: type=1400 audit(1746496605.846:631): avc:  denied  { bind } for  pid=9429 comm="syz.0.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  106.463110][   T67] Bluetooth: hci0: command 0x080f tx timeout
[  106.495124][ T9433] Malformed UNC in devname
[  106.495124][ T9433] 
[  106.497677][ T9433] CIFS: VFS: Malformed UNC in devname
[  106.574303][ T9437] vxcan1 speed is unknown, defaulting to 1000
[  106.814436][ T9446] Bluetooth: MGMT ver 1.23
[  106.901172][   T40] audit: type=1400 audit(1746496607.319:632): avc:  denied  { getopt } for  pid=9452 comm="syz.4.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  106.910054][   T40] audit: type=1400 audit(1746496607.319:633): avc:  denied  { setopt } for  pid=9452 comm="syz.4.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  106.940965][ T9459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1050'.
[  107.315254][ T9492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  107.370015][ T9496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1062'.
[  107.373677][ T9496] IPVS: Error joining to the multicast group
[  107.395764][ T9501] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  107.397615][ T9498] program syz.3.1063 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  107.399847][ T9501] Error validating options; rc = [-22]
[  107.409642][   T40] audit: type=1400 audit(1746496607.829:634): avc:  denied  { ioctl } for  pid=9497 comm="syz.3.1063" path="socket:[29119]" dev="sockfs" ino=29119 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  107.422218][ T9503] random: crng reseeded on system resumption
[  107.537643][ T9503] Restarting kernel threads ... done.
[  107.551048][ T9503] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=9503 comm=syz.2.1065
[  107.616095][ T9516] syzkaller1: entered promiscuous mode
[  107.617958][ T9516] syzkaller1: entered allmulticast mode
[  107.673923][   T67] Bluetooth: hci2: command 0x0c1a tx timeout
[  107.714769][ T9522] xt_ecn: cannot match TCP bits for non-tcp packets
[  107.718540][ T9522] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1070'.
[  107.722125][ T9522] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1070'.
[  107.862037][ T9525] misc userio: No port type given on /dev/userio
[  107.868754][ T9525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1071'.
[  107.940930][ T9530] vti0: entered promiscuous mode
[  108.073241][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  108.093247][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  108.438503][ T9573] FAULT_INJECTION: forcing a failure.
[  108.438503][ T9573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.444514][ T9573] CPU: 3 UID: 0 PID: 9573 Comm: syz.3.1088 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  108.444538][ T9573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.444548][ T9573] Call Trace:
[  108.444554][ T9573]  <TASK>
[  108.444561][ T9573]  dump_stack_lvl+0x16c/0x1f0
[  108.444593][ T9573]  should_fail_ex+0x512/0x640
[  108.444617][ T9573]  _copy_to_user+0x32/0xd0
[  108.444642][ T9573]  simple_read_from_buffer+0xcb/0x170
[  108.444667][ T9573]  proc_fail_nth_read+0x197/0x270
[  108.444692][ T9573]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  108.444718][ T9573]  ? rw_verify_area+0xcf/0x680
[  108.444738][ T9573]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  108.444762][ T9573]  vfs_read+0x1de/0xc70
[  108.444789][ T9573]  ? __pfx___mutex_lock+0x10/0x10
[  108.444811][ T9573]  ? __pfx_vfs_read+0x10/0x10
[  108.444841][ T9573]  ? __fget_files+0x20e/0x3c0
[  108.444873][ T9573]  ksys_read+0x12a/0x240
[  108.444896][ T9573]  ? __pfx_ksys_read+0x10/0x10
[  108.444927][ T9573]  do_syscall_64+0xcd/0x260
[  108.444951][ T9573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.444968][ T9573] RIP: 0033:0x7f295778d37c
[  108.444981][ T9573] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  108.444997][ T9573] RSP: 002b:00007f2958538030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  108.445013][ T9573] RAX: ffffffffffffffda RBX: 00007f29579b5fa0 RCX: 00007f295778d37c
[  108.445024][ T9573] RDX: 000000000000000f RSI: 00007f29585380a0 RDI: 0000000000000006
[  108.445034][ T9573] RBP: 00007f2958538090 R08: 0000000000000000 R09: 0000000000000000
[  108.445044][ T9573] R10: 0000000000000036 R11: 0000000000000246 R12: 0000000000000001
[  108.445053][ T9573] R13: 0000000000000000 R14: 00007f29579b5fa0 R15: 00007ffeb6df9ca8
[  108.445077][ T9573]  </TASK>
[  108.543046][   T67] Bluetooth: hci0: command 0x080f tx timeout
[  108.579229][ T9579] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1091'.
[  108.600465][ T9582] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1092'.
[  108.606187][ T9582] Invalid/unusable pipe
[  108.670353][  T837] IPVS: starting estimator thread 0...
[  108.761928][ T9606] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1098'.
[  108.783064][ T9596] IPVS: using max 44 ests per chain, 105600 per kthread
[  109.053082][   T34] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  109.093273][   T24] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  109.194386][ T5928] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  109.198281][ T5928] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  109.202285][ T5928] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  109.203218][   T34] usb 5-1: Using ep0 maxpacket: 8
[  109.206666][ T5928] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  109.208923][   T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  109.210538][ T5928] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  109.213452][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  109.213468][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  109.213480][   T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  109.213501][   T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  109.213513][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.255934][ T9634] vxcan1 speed is unknown, defaulting to 1000
[  109.263030][   T24] usb 8-1: Using ep0 maxpacket: 32
[  109.275375][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  109.279917][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  109.284460][   T24] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  109.290639][   T24] usb 8-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  109.293818][   T24] usb 8-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  109.296586][   T24] usb 8-1: Product: syz
[  109.298310][   T24] usb 8-1: Manufacturer: syz
[  109.300053][   T24] usb 8-1: SerialNumber: syz
[  109.316561][   T24] input: appletouch as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/input/input14
[  109.492722][ T9640] vxcan1 speed is unknown, defaulting to 1000
[  109.512974][   T34] usb 5-1: GET_CAPABILITIES returned 0
[  109.515313][   T34] usbtmc 5-1:16.0: can't read capabilities
[  109.518373][   T10] usb 8-1: USB disconnect, device number 16
[  109.549172][   T10] appletouch 8-1:1.0: input: appletouch disconnected
[  109.614129][ T9634] chnl_net:caif_netlink_parms(): no params data found
[  109.713796][ T5928] Bluetooth: hci2: ISO packet for unknown connection handle 22
[  109.723910][ T9634] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.726074][ T9634] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.728337][ T9634] bridge_slave_0: entered allmulticast mode
[  109.730818][ T9634] bridge_slave_0: entered promiscuous mode
[  109.736007][ T9634] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.738230][ T9634] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.740492][ T9634] bridge_slave_1: entered allmulticast mode
[  109.744759][ T9634] bridge_slave_1: entered promiscuous mode
[  109.776618][ T9634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.780959][ T9634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.814415][ T9634] team0: Port device team_slave_0 added
[  109.817762][ T9634] team0: Port device team_slave_1 added
[  109.846034][ T9634] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.848245][ T9634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.856691][ T9634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.862691][ T9634] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.865714][ T9634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.882298][ T9634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.949824][   T10] usb 5-1: USB disconnect, device number 10
[  109.962585][ T9634] hsr_slave_0: entered promiscuous mode
[  109.966717][ T9634] hsr_slave_1: entered promiscuous mode
[  109.969644][ T9634] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  109.972763][ T9634] Cannot create hsr debugfs directory
[  110.191045][ T9657] netlink: 14528 bytes leftover after parsing attributes in process `syz.3.1111'.
[  110.545989][ T9634] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  110.561303][ T9634] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  110.570952][ T9634] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  110.582398][ T9634] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  110.749258][ T9634] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.790744][ T9634] 8021q: adding VLAN 0 to HW filter on device team0
[  110.810782][  T217] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.813082][  T217] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.825638][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.827766][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.936670][   T40] kauditd_printk_skb: 106 callbacks suppressed
[  110.936687][   T40] audit: type=1400 audit(1746496611.359:741): avc:  denied  { read write } for  pid=5931 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  110.951951][   T40] audit: type=1400 audit(1746496611.359:742): avc:  denied  { module_request } for  pid=9634 comm="syz-executor" kmod="netdev-nicvf0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  110.962309][   T40] audit: type=1400 audit(1746496611.369:743): avc:  denied  { read write open } for  pid=5931 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  110.974691][   T40] audit: type=1400 audit(1746496611.369:744): avc:  denied  { ioctl } for  pid=5931 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  110.988916][   T40] audit: type=1400 audit(1746496611.409:745): avc:  denied  { create } for  pid=9687 comm="syz.2.1121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  111.002409][   T40] audit: type=1400 audit(1746496611.419:746): avc:  denied  { create } for  pid=9687 comm="syz.2.1121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  111.011488][   T40] audit: type=1400 audit(1746496611.429:747): avc:  denied  { create } for  pid=9687 comm="syz.2.1121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  111.018896][   T40] audit: type=1400 audit(1746496611.439:748): avc:  denied  { create } for  pid=9689 comm="syz.0.1122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  111.029889][   T40] audit: type=1400 audit(1746496611.439:749): avc:  denied  { create } for  pid=9689 comm="syz.0.1122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  111.037627][   T40] audit: type=1400 audit(1746496611.439:750): avc:  denied  { write } for  pid=9689 comm="syz.0.1122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  111.235635][ T9701] tipc: Invalid UDP bearer configuration
[  111.235661][ T9701] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  111.240278][ T9702] tipc: Invalid UDP bearer configuration
[  111.240297][ T9702] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  111.258328][ T9700] [U] v�3��f��"S��/��4:�XTz�W�t��lW��=
[  111.260439][ T9700] [U] J"�e:��"


[  111.263853][ T5928] Bluetooth: hci0: command tx timeout
[  111.306951][ T9704] syzkaller1: entered promiscuous mode
[  111.308604][ T9704] syzkaller1: entered allmulticast mode
[  111.316278][ T9706] fuse: Invalid rootmode
[  111.653709][ T9728] sp0: Synchronizing with TNC
[  111.765894][ T9634] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.814756][ T9741] __nla_validate_parse: 4 callbacks suppressed
[  111.814766][ T9741] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1136'.
[  111.991086][ T9750] FAULT_INJECTION: forcing a failure.
[  111.991086][ T9750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  111.995944][ T9750] CPU: 3 UID: 0 PID: 9750 Comm: syz.3.1139 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  111.995960][ T9750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.995966][ T9750] Call Trace:
[  111.995970][ T9750]  <TASK>
[  111.995974][ T9750]  dump_stack_lvl+0x16c/0x1f0
[  111.995993][ T9750]  should_fail_ex+0x512/0x640
[  111.996008][ T9750]  _copy_from_user+0x2e/0xd0
[  111.996024][ T9750]  input_event_from_user+0x133/0x3b0
[  111.996037][ T9750]  ? __pfx_input_event_from_user+0x10/0x10
[  111.996050][ T9750]  ? __pfx___might_resched+0x10/0x10
[  111.996063][ T9750]  ? input_inject_event+0x1a5/0x390
[  111.996077][ T9750]  evdev_write+0x37b/0x750
[  111.996090][ T9750]  ? __pfx_evdev_write+0x10/0x10
[  111.996103][ T9750]  ? bpf_lsm_file_permission+0x9/0x10
[  111.996117][ T9750]  ? security_file_permission+0x71/0x210
[  111.996132][ T9750]  ? rw_verify_area+0xcf/0x680
[  111.996147][ T9750]  vfs_write+0x25c/0x1180
[  111.996161][ T9750]  ? __pfx_evdev_write+0x10/0x10
[  111.996175][ T9750]  ? __pfx_vfs_write+0x10/0x10
[  111.996188][ T9750]  ? find_held_lock+0x2b/0x80
[  111.996201][ T9750]  ? __fget_files+0x204/0x3c0
[  111.996219][ T9750]  ? __fget_files+0x20e/0x3c0
[  111.996238][ T9750]  ksys_write+0x205/0x240
[  111.996252][ T9750]  ? __pfx_ksys_write+0x10/0x10
[  111.996266][ T9750]  ? rcu_is_watching+0x12/0xc0
[  111.996282][ T9750]  do_syscall_64+0xcd/0x260
[  111.996297][ T9750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.996308][ T9750] RIP: 0033:0x7f295778e969
[  111.996316][ T9750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.996326][ T9750] RSP: 002b:00007f2958538038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  111.996336][ T9750] RAX: ffffffffffffffda RBX: 00007f29579b5fa0 RCX: 00007f295778e969
[  111.996342][ T9750] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[  111.996348][ T9750] RBP: 00007f2958538090 R08: 0000000000000000 R09: 0000000000000000
[  111.996354][ T9750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  111.996360][ T9750] R13: 0000000000000000 R14: 00007f29579b5fa0 R15: 00007ffeb6df9ca8
[  111.996372][ T9750]  </TASK>
[  112.018219][ T9747] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  112.471506][ T9726] [U] �
[  112.618108][ T9773] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1146'.
[  112.779418][ T9634] veth0_vlan: entered promiscuous mode
[  112.787513][ T9777] mac80211_hwsim hwsim9 `���: renamed from wlan1 (while UP)
[  112.794969][ T9778] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1146'.
[  112.811074][ T9777] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.813430][ T9777] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.832154][ T9634] veth1_vlan: entered promiscuous mode
[  112.890253][ T9634] veth0_macvtap: entered promiscuous mode
[  112.904915][ T9634] veth1_macvtap: entered promiscuous mode
[  112.925100][ T9634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.928345][ T9634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.932089][ T9634] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.948238][ T9634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.951423][ T9634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.963534][ T9634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.966800][ T9634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.970519][ T9634] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.981875][ T9634] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.991696][ T9634] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.994459][ T9634] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.997126][ T9634] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.089697][ T9784] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  113.093806][ T9784] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  113.095773][ T9784] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  113.103091][ T9784] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  113.184660][ T9634] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: macsec1
[  113.188131][ T9634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.210892][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.223095][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.251304][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.255118][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.318859][ T9634] ==================================================================
[  113.321340][ T9634] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[  113.323775][ T9634] Write of size 8 at addr ffff888025278808 by task syz-executor/9634
[  113.327116][ T9634] 
[  113.328600][ T9634] CPU: 2 UID: 0 PID: 9634 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  113.328614][ T9634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.328621][ T9634] Call Trace:
[  113.328625][ T9634]  <TASK>
[  113.328629][ T9634]  dump_stack_lvl+0x116/0x1f0
[  113.328645][ T9634]  print_report+0xc3/0x670
[  113.328656][ T9634]  ? __virt_addr_valid+0x5e/0x590
[  113.328670][ T9634]  ? __phys_addr+0xc6/0x150
[  113.328684][ T9634]  ? binder_add_device+0xa4/0xb0
[  113.328697][ T9634]  kasan_report+0xe0/0x110
[  113.328707][ T9634]  ? binder_add_device+0xa4/0xb0
[  113.328721][ T9634]  binder_add_device+0xa4/0xb0
[  113.328733][ T9634]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[  113.328752][ T9634]  binderfs_fill_super+0x8d4/0x1360
[  113.328768][ T9634]  ? __pfx_binderfs_fill_super+0x10/0x10
[  113.328788][ T9634]  ? shrinker_register+0x1a8/0x260
[  113.328799][ T9634]  ? sget_fc+0x808/0xc20
[  113.328814][ T9634]  ? __pfx_set_anon_super_fc+0x10/0x10
[  113.328828][ T9634]  ? __pfx_binderfs_fill_super+0x10/0x10
[  113.328843][ T9634]  get_tree_nodev+0xda/0x190
[  113.328858][ T9634]  vfs_get_tree+0x8b/0x340
[  113.328870][ T9634]  path_mount+0x14d4/0x1f20
[  113.328881][ T9634]  ? kmem_cache_free+0x2d4/0x4d0
[  113.328896][ T9634]  ? __pfx_path_mount+0x10/0x10
[  113.328907][ T9634]  ? putname+0x154/0x1a0
[  113.328918][ T9634]  __x64_sys_mount+0x28d/0x310
[  113.328928][ T9634]  ? __pfx___x64_sys_mount+0x10/0x10
[  113.328938][ T9634]  ? rcu_is_watching+0x12/0xc0
[  113.328951][ T9634]  do_syscall_64+0xcd/0x260
[  113.328965][ T9634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.328975][ T9634] RIP: 0033:0x7fd59cf9010a
[  113.328983][ T9634] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.328994][ T9634] RSP: 002b:00007ffd91ffe5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  113.329003][ T9634] RAX: ffffffffffffffda RBX: 00007fd59d010e74 RCX: 00007fd59cf9010a
[  113.329010][ T9634] RDX: 00007fd59d0208cb RSI: 00007fd59d010e74 RDI: 00007fd59d0208cb
[  113.329016][ T9634] RBP: 00007fd59d0110bd R08: 0000000000000000 R09: 00007fd59d1b6738
[  113.329022][ T9634] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd59cfec1a8
[  113.329028][ T9634] R13: 00007fd59cfec180 R14: 0000000000000009 R15: 0000000000000000
[  113.329037][ T9634]  </TASK>
[  113.329041][ T9634] 
[  113.404909][ T9634] Allocated by task 9748:
[  113.406250][ T9634]  kasan_save_stack+0x33/0x60
[  113.407687][ T9634]  kasan_save_track+0x14/0x30
[  113.409106][ T9634]  __kasan_kmalloc+0xaa/0xb0
[  113.410542][ T9634]  tomoyo_find_next_domain+0xfd/0x20b0
[  113.412151][ T9634]  tomoyo_bprm_check_security+0x12e/0x1d0
[  113.413860][ T9634]  security_bprm_check+0x1b9/0x1e0
[  113.415434][ T9634]  bprm_execve+0x810/0x1650
[  113.416870][ T9634]  kernel_execve+0x2ef/0x3b0
[  113.418339][ T9634]  call_usermodehelper_exec_async+0x255/0x4c0
[  113.420237][ T9634]  ret_from_fork+0x45/0x80
[  113.421654][ T9634]  ret_from_fork_asm+0x1a/0x30
[  113.423173][ T9634] 
[  113.423944][ T9634] Freed by task 9748:
[  113.425199][ T9634]  kasan_save_stack+0x33/0x60
[  113.426655][ T9634]  kasan_save_track+0x14/0x30
[  113.428092][ T9634]  kasan_save_free_info+0x3b/0x60
[  113.429603][ T9634]  __kasan_slab_free+0x51/0x70
[  113.431082][ T9634]  kfree+0x2b6/0x4d0
[  113.432297][ T9634]  tomoyo_find_next_domain+0x839/0x20b0
[  113.434001][ T9634]  tomoyo_bprm_check_security+0x12e/0x1d0
[  113.435756][ T9634]  security_bprm_check+0x1b9/0x1e0
[  113.437363][ T9634]  bprm_execve+0x810/0x1650
[  113.438802][ T9634]  kernel_execve+0x2ef/0x3b0
[  113.440278][ T9634]  call_usermodehelper_exec_async+0x255/0x4c0
[  113.442172][ T9634]  ret_from_fork+0x45/0x80
[  113.443529][ T9634]  ret_from_fork_asm+0x1a/0x30
[  113.445021][ T9634] 
[  113.445799][ T9634] The buggy address belongs to the object at ffff888025278800
[  113.445799][ T9634]  which belongs to the cache kmalloc-512 of size 512
[  113.450048][ T9634] The buggy address is located 8 bytes inside of
[  113.450048][ T9634]  freed 512-byte region [ffff888025278800, ffff888025278a00)
[  113.454007][ T9634] 
[  113.454793][ T9634] The buggy address belongs to the physical page:
[  113.456754][ T9634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25278
[  113.459327][ T9634] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  113.461831][ T9634] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  113.464132][ T9634] page_type: f5(slab)
[  113.465402][ T9634] raw: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[  113.468040][ T9634] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  113.470687][ T9634] head: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[  113.473318][ T9634] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  113.475993][ T9634] head: 00fff00000000002 ffffea0000949e01 00000000ffffffff 00000000ffffffff
[  113.478629][ T9634] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  113.481237][ T9634] page dumped because: kasan: bad access detected
[  113.483162][ T9634] page_owner tracks the page as allocated
[  113.484935][ T9634] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5938, tgid 5938 (syz-executor), ts 49806425586, free_ts 49800329274
[  113.491257][ T9634]  post_alloc_hook+0x181/0x1b0
[  113.492765][ T9634]  get_page_from_freelist+0x135c/0x3920
[  113.494701][ T9634]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  113.496532][ T9634]  alloc_pages_mpol+0x1fb/0x550
[  113.498041][ T9634]  new_slab+0x244/0x340
[  113.499339][ T9634]  ___slab_alloc+0xd9c/0x1940
[  113.500796][ T9634]  __slab_alloc.constprop.0+0x56/0xb0
[  113.502462][ T9634]  __kmalloc_noprof+0x2f2/0x510
[  113.503945][ T9634]  fib6_info_alloc+0x40/0x160
[  113.505408][ T9634]  ip6_route_info_create+0x33f/0x18e0
[  113.507084][ T9634]  addrconf_f6i_alloc+0x391/0x670
[  113.508633][ T9634]  ipv6_add_addr+0x531/0x1fe0
[  113.510139][ T9634]  inet6_addr_add+0x256/0x960
[  113.511568][ T9634]  inet6_rtm_newaddr+0x1619/0x1c70
[  113.513140][ T9634]  rtnetlink_rcv_msg+0x95b/0xe90
[  113.514743][ T9634]  netlink_rcv_skb+0x16a/0x440
[  113.516213][ T9634] page last free pid 5931 tgid 5931 stack trace:
[  113.518150][ T9634]  __free_frozen_pages+0x69d/0xff0
[  113.519712][ T9634]  __put_partials+0x16d/0x1c0
[  113.521203][ T9634]  qlist_free_all+0x4e/0x120
[  113.522653][ T9634]  kasan_quarantine_reduce+0x195/0x1e0
[  113.524340][ T9634]  __kasan_slab_alloc+0x69/0x90
[  113.525905][ T9634]  __kmalloc_cache_node_noprof+0x217/0x420
[  113.527672][ T9634]  __get_vm_area_node+0x101/0x300
[  113.529220][ T9634]  __vmalloc_node_range_noprof+0x277/0x1540
[  113.531036][ T9634]  vzalloc_noprof+0x6b/0x90
[  113.532443][ T9634]  xt_counters_alloc+0x4c/0x70
[  113.533941][ T9634]  __do_replace+0x97/0x9f0
[  113.535325][ T9634]  do_ip6t_set_ctl+0x87c/0xb00
[  113.536810][ T9634]  nf_setsockopt+0x8a/0xf0
[  113.538197][ T9634]  ipv6_setsockopt+0x135/0x170
[  113.539665][ T9634]  tcp_setsockopt+0xa4/0x100
[  113.541080][ T9634]  do_sock_setsockopt+0x221/0x470
[  113.542661][ T9634] 
[  113.543421][ T9634] Memory state around the buggy address:
[  113.545148][ T9634]  ffff888025278700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  113.547570][ T9634]  ffff888025278780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  113.549999][ T9634] >ffff888025278800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.552435][ T9634]                       ^
[  113.553785][ T9634]  ffff888025278880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.556083][ T9634]  ffff888025278900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.558498][ T9634] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  113.565397][ T9775] syz.2.1147 (9775): drop_caches: 2
[  113.609655][ T9634] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  113.612492][ T9634] CPU: 2 UID: 0 PID: 9634 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  113.616742][ T9634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.620867][ T9634] Call Trace:
[  113.622086][ T9634]  <TASK>
[  113.623270][ T9634]  dump_stack_lvl+0x3d/0x1f0
[  113.624687][ T9634]  panic+0x71c/0x800
[  113.625912][ T9634]  ? __pfx_panic+0x10/0x10
[  113.627343][ T9634]  ? mark_held_locks+0x49/0x80
[  113.629106][ T9634]  ? preempt_schedule_thunk+0x16/0x30
[  113.631162][ T9634]  ? binder_add_device+0xa4/0xb0
[  113.632756][ T9634]  ? preempt_schedule_common+0x44/0xc0
[  113.634499][ T9634]  ? check_panic_on_warn+0x1f/0xb0
[  113.636129][ T9634]  ? binder_add_device+0xa4/0xb0
[  113.637689][ T9634]  check_panic_on_warn+0xab/0xb0
[  113.639214][ T9634]  end_report+0x107/0x170
[  113.640708][ T9634]  kasan_report+0xee/0x110
[  113.642114][ T9634]  ? binder_add_device+0xa4/0xb0
[  113.643836][ T9634]  binder_add_device+0xa4/0xb0
[  113.645705][ T9634]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[  113.648037][ T9634]  binderfs_fill_super+0x8d4/0x1360
[  113.649671][ T9634]  ? __pfx_binderfs_fill_super+0x10/0x10
[  113.651400][ T9634]  ? shrinker_register+0x1a8/0x260
[  113.653002][ T9634]  ? sget_fc+0x808/0xc20
[  113.654548][ T9634]  ? __pfx_set_anon_super_fc+0x10/0x10
[  113.656552][ T9634]  ? __pfx_binderfs_fill_super+0x10/0x10
[  113.658721][ T9634]  get_tree_nodev+0xda/0x190
[  113.660467][ T9634]  vfs_get_tree+0x8b/0x340
[  113.662027][ T9634]  path_mount+0x14d4/0x1f20
[  113.663434][ T9634]  ? kmem_cache_free+0x2d4/0x4d0
[  113.664917][ T9634]  ? __pfx_path_mount+0x10/0x10
[  113.666366][ T9634]  ? putname+0x154/0x1a0
[  113.667618][ T9634]  __x64_sys_mount+0x28d/0x310
[  113.669024][ T9634]  ? __pfx___x64_sys_mount+0x10/0x10
[  113.670780][ T9634]  ? rcu_is_watching+0x12/0xc0
[  113.672402][ T9634]  do_syscall_64+0xcd/0x260
[  113.674288][ T9634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.676714][ T9634] RIP: 0033:0x7fd59cf9010a
[  113.678565][ T9634] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.686224][ T9634] RSP: 002b:00007ffd91ffe5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  113.689542][ T9634] RAX: ffffffffffffffda RBX: 00007fd59d010e74 RCX: 00007fd59cf9010a
[  113.692731][ T9634] RDX: 00007fd59d0208cb RSI: 00007fd59d010e74 RDI: 00007fd59d0208cb
[  113.695129][ T9634] RBP: 00007fd59d0110bd R08: 0000000000000000 R09: 00007fd59d1b6738
[  113.697435][ T9634] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd59cfec1a8
[  113.699742][ T9634] R13: 00007fd59cfec180 R14: 0000000000000009 R15: 0000000000000000
[  113.702118][ T9634]  </TASK>
[  113.703656][ T9634] Kernel Offset: disabled
[  113.704970][ T9634] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:14:12  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=ffff88802efda440 RCX=ffffffff81c2f5bf RDX=0000000000000000
RSI=0000000000000002 RDI=ffff88802efda440 RBP=ffff88802efda440 RSP=ffffc900049ef778
R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff90850517 R11=0000000000000000
R12=0000000000000002 R13=ffff88802efdaf30 R14=0000000000000131 R15=0000000000000001
RIP=ffffffff8197eacc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555556f10500 ffffffff 00c00000
GS =0000 ffff8880d69df000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555556f10808 CR3=00000000455c6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0000003 Opmask01=0000000000000000 Opmask02=0000000002fefcfe Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff07201110 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05f6411a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05f6411a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05f6411a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05f6411aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05f6411b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f05f6411c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 250073657479625f 6e695f74696d696c 5f74666f732e7972 6f6d656d2f732500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005640515c475f 4b4c5f514c484c49 5f51434a560b5c57 4a4840480a560000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000000e982b RBX=0000000000000001 RCX=ffffffff8b6cd419 RDX=0000000000000000
RSI=ffffffff8dbe124f RDI=ffffffff8bf482e0 RBP=ffffed1003a59488 RSP=ffffc90000177df8
R8 =0000000000000001 R9 =ffffed100d4a65bd R10=ffff88806a532deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801d2ca440 R14=ffffffff90850510 R15=0000000000000000
RIP=ffffffff8b6cbcaf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6adf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c2f8b7a CR3=0000000046f47000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529783488 00007f6529783480 00007f6529783478 00007f6529783450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f652a2ed100 00007f6529783440 00007f6529780004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529783498 00007f6529783490 00007f6529783488 00007f6529783480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854f5635 RDI=ffffffff9adf94e0 RBP=ffffffff9adf94a0 RSP=ffffc900048df520
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000033363954
R12=0000000000000000 R13=0000000000000031 R14=ffffffff9adf94a0 R15=ffffffff854f55d0
RIP=ffffffff854f565f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557515b500 ffffffff 00c00000
GS =0000 ffff8880d6bdf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f05f644db20 CR3=00000000596b0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0c0c0c0 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd91ffe5c0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd91ffe576
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd91ffe576 00007ffd91ffe57c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd59d011a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd59d011a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd59d011a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd59d011aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd59d011b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd59d011c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2029706d742d7a79 73287269646b6d00 706d742d7a79732f 2e00303030303031
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 050c554851085f5c 560d574c414e4800 554851085f5c560a 0b00151515151514
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000002 RBX=ffff88801e29af58 RCX=000000004624bc19 RDX=0000000000000000
RSI=ffff88801e29af58 RDI=ffff88801e29af30 RBP=ffff88801e29af30 RSP=ffffc900006cf6a0
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=0000000000000007 R13=0000000000000001 R14=ffff88801e29a440 R15=0000000000000000
RIP=ffffffff8197f68f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6cdf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f295797d2d8 CR3=0000000046f47000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000040000400 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd0b4f5ec0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6529611c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000