last executing test programs:

3m15.68030847s ago: executing program 3 (id=281):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', <r3=>0x0})
r4 = syz_open_dev$loop(&(0x7f0000000080), 0xffffffffffffffff, 0x8202)
ioctl$BLKGETSIZE(r4, 0x1260, &(0x7f00000000c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@ipv4_newaddr={0x28, 0x14, 0x509, 0x70bd23, 0x25dfdbfd, {0x2, 0x20, 0x28, 0xcb, r3}, [@IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010102}, @IFA_LOCAL={0x8, 0x2, @multicast2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040014}, 0x40)
sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x50, r5, 0x1, 0x70bd2d, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x48c1}, 0x0)

3m15.68015s ago: executing program 3 (id=282):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x2, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000005000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0)

3m15.621483021s ago: executing program 3 (id=283):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x42280, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r3)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
syz_io_uring_submit(0x0, 0x0, 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x2, {{0x2, 0x1}, 0x2}}, 0x10)
socket(0x10, 0x3, 0x0)
r7 = socket(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x10)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'bridge0\x00', <r9=>0x0})
setsockopt$MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000240)={0x4, 0x0, 0x0, r9}, 0xc)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3m15.50152176s ago: executing program 3 (id=284):
r0 = getpgrp(0x0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
r1 = getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
lstat(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = syz_pidfd_open(r1, 0x0)
setns(r3, 0x24020000)
r4 = syz_clone(0x30288000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
r5 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@can_newroute={0x2c, 0x18, 0x1, 0x0, 0x25dfdbfe, {}, [@CGW_MOD_OR={0x15, 0x2, {{{0x2, 0x1, 0x1}, 0x2, 0x7, 0x0, 0x0, "b90316a140a9f4f2"}, 0x7}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x64044050}, 0x0)

3m15.396653262s ago: executing program 3 (id=285):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x10, 0x202}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MAX_AGE={0x8, 0x3, 0xd}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x5, 0xef, 0x8d, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0xfc, 0x2, '\x00', 0x5}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x5}, {0x9, 0xdb, 0x1, '\x00', 0xff}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0xf8, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x3, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xce}, {0x6c, 0x3f, 0x0, '\x00', 0x4}, {0x6e, 0x4, 0x0, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x9}, {0x13, 0x7}, {0x1, 0x6, 0x9}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="cfe6dde0c37efdbb43dc9b530735ea4ad3bf3cff834a5e80ea0801a83a3b9dbe6b7bf3c2c083a73c6d1fdf2caec8388cccbcfc4812ae7551c08ea285e17540f689e769433a1474b0b0eefa0000", 0x4d}, {&(0x7f0000000b00)="0f68da5a969f8065e077d641a4d4c420863c8d08000000e80c362c2a68c3cde331099ed6ee5b6fff63348a99366160fdb93e679fb1b442681719cebc39d64d79891173a4de56bfe45f5d9ae359d3442b577da2701a78de9ada0ec6beec3ad73156b4a1871b6a760f952a2ade1d84f898227ecb6a317553390de3068b6060865184ba9ff9684bf5b527929482dee1f75506fb6966bc2536c6b99c543d5e461d4daa148df99d385523ee0c1d6b03f4baf35ead8ea429e820f2dfbcab27fb62840c28438b0004e5214e4388a28be416f31a2c954d0f59ac5a13259880523a499ead753ff73d024d0ca8b36b80d16f106f961a78228e8fd83510cb571e3f8f189646289bc3846918c066142131433a589be2d5b10a24a6789f95a8dbb8977366af96ae9ac7f2b995a7d0ce0690b69816082103d8f663b76f2a08be5e710cf1039ba7988f5b42647f237c506c100086d235eead18e977e3371ba1cd12e1ed774039bb233d4693825237f86650d7f1b20dcb803cdc87a7a8af95e38238ddb96168a04b13b135da186c684a5f4d3126222b48015b3019d1620446a43d21a58bf089443b0a32b5abddf203c9eaf9fd4037062527a1298817ee5dbcfd605c2bfd98b2bcf2802b607fe1f4f09d1c2172a983b75fcc1fd7b8ddc09287a730b9c99814cb7f3755dc83477de169dc9fc20790c7745c083f850238fabf3cf12a033866f7aa7539ba92c7b03c30a2a9825aebc79a737500012f9e90b970716a5d72e0dfce8f37980dcc529476354468c7522801fd5ff8d6d716814a267f9beee53892be8a682eaf3d8e00ab87c61ab01850da4d0e7698c07854f3409e78ca71c8853ab53cadf47cc8fd9a734e60e4959d31efcc3554ea33cb8c18a12922d29cd8de26189686d1ec06786adbb85cb67eefb96507222535847c1c500cc974dc67ad94d8ca5d848b4569734ae78e9bda931ec633192fcfe0041f698f508e36c647f442779fb1517f03c17b384ed5db98932fb610cc84b31c0215558a5dfe78e9363fa03e13b52db2052cbbbf6920f20df9b47468927c1675ec7d6e18ca5cc36031a5bd70f7839a92cecc7f9f7150e22bfe486e3c5ab29dd4e64837f1995d2281662e81e72a1f7f9e438d2fa375dbbeb5f300fdc4f5c1a9632e5adbac40d0b8480147a4634b9b0d6d15cf54849733284e59650a01cef9fe49285f1c9083bcd6e60736906965a5bcc15b3cd85c585fdedf92fac9752dd32141eceef68ca74be399d0fc2543ce927ed237d1f2a0a26895be2f9fa8d5c4fddc224ae36575dc61c5560bbdcccd14d75fb4b79cf02dd3be945e9c937395", 0x3ab}], 0x2}}], 0x1, 0x4000)

3m15.010868441s ago: executing program 3 (id=288):
mkdir(0x0, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r0, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x26e1, 0x0)
close(r1)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40580)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f00000000c0)={0x8000005, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d430000da16827000", 0x0, 0x400, 0x0, 0x7})
ioctl$SIOCSIFHWADDR(r1, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @random="e51d0fff8d00"})

3m14.946669803s ago: executing program 32 (id=288):
mkdir(0x0, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r0, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x26e1, 0x0)
close(r1)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40580)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f00000000c0)={0x8000005, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d430000da16827000", 0x0, 0x400, 0x0, 0x7})
ioctl$SIOCSIFHWADDR(r1, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @random="e51d0fff8d00"})

3m9.430038946s ago: executing program 1 (id=362):
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
mmap$IORING_OFF_CQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000, 0x4010, r0, 0x8000000)
write$khugepaged_scan(r0, &(0x7f0000000040), 0x8)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0x0, 0x2, 0x10}, 0xc)
r3 = dup3(r1, r2, 0x80000)
ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x18, 0x0, &(0x7f00000000c0)=[@acquire={0x40046305, 0x1}, @acquire={0x40046305, 0x1}, @acquire={0x40046305, 0x1}], 0x3e, 0x0, &(0x7f0000000100)="b9bbf40ecb64c5909a9c02d31e051a1fb4fdebdf8772ee06bee1f3f91755c2aed9e5777b17b21b2018eac4197087be91fb04bbecde8b485a1137b16d5122"})
ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r4=>r2}, './file1\x00'})
ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f00000001c0)=0x1)
ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000200)={0x1fe, 0x0, &(0x7f0000ffd000/0x1000)=nil})
ioctl$VT_OPENQRY(r4, 0x5600, &(0x7f0000000240))
setsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000280)={0x0, 0x5}, 0x8)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f00000002c0)={0x48})
r5 = openat$cgroup_ro(r3, &(0x7f0000000340)='cgroup.controllers\x00', 0x0, 0x0)
r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/cgroup\x00')
close_range(r1, r6, 0x2)
r7 = dup2(0xffffffffffffffff, r0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000004c0)={@map=<r8=>r4, 0x2b, 0x1, 0x206, &(0x7f00000003c0)=[0x0], 0x1, 0x0, &(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000440)=[0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], <r9=>0x0}, 0x40)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000500)={@fallback=r2, r7, 0x1d, 0x4, 0x0, @void, @value=r0, @void, @void, r9}, 0x20)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000540)={0x48, 0x2, 0x0, 0x0, 0x0, <r10=>0x0})
ioctl$IOMMU_DESTROY$hwpt(r5, 0x3b80, &(0x7f00000005c0)={0x8, r10})
ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000600)={{0x1, 0x1, 0x18, <r11=>r8}, './file0\x00'})
io_uring_register$IORING_REGISTER_FILES_UPDATE(r11, 0x6, &(0x7f0000000680)={0x200, 0x0, &(0x7f0000000640)=[r0]}, 0x1)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil)
setsockopt$inet_int(r11, 0x0, 0xb, &(0x7f00000006c0)=0x6, 0x4)
fcntl$notify(r1, 0x402, 0xc)
read$snapshot(r0, &(0x7f0000000700)=""/181, 0xb5)
getsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f00000007c0), &(0x7f0000000800)=0x8)

3m9.429913605s ago: executing program 1 (id=363):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r1, 0x1, 0x70bd28, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x10, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xb, 0x1, @l2={'eth', 0x3a, 'lo\x00'}}]}]}, 0x24}}, 0x1f00)

3m9.379498525s ago: executing program 1 (id=365):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000010000000900000000140002007663616e3000fd000000000000000000f6555b73717114f8f0080001000100000014000600ff020000000000a73c4e8109b6112010bed1491f0e0dd4bea75b1400000000000000075e43e5f7cf309b66b3e8c44b51090e8ca3d3014db25edbe6ff9787fd6a0e0aec94779abdad13c465dea41bb811c0225757feb3d52941a7bb0f03746c5fc55970946f41e38e7bd92e3cae9799c73b3c51dc6d57802203c9db2ca323eb516ad0bdca590494869c222c1f736b9a0ecb62e4aa2b5b03d20b4a8e20ab58de69bff76da343acd0e3b3d42a52798e1d98968690fb5b9948928e323fa17bd73fe165fd08a203d811f24d7ab4bcc0ccf0d6d637f2140499ba3b5965656618b339dd8f10ab2c251be85a08cc4ed6bcf91fe4f7cd160b14207169a7126600000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x48c1}, 0x0)

3m9.378656701s ago: executing program 1 (id=366):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = syz_clone3(&(0x7f00000002c0)={0x4000, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100), {0x5}, &(0x7f0000000140)=""/79, 0x4f, &(0x7f00000001c0)=""/8, &(0x7f0000000200)}, 0x58)
tkill(r2, 0x4)
pselect6(0x0, 0x0, 0x0, &(0x7f00000006c0)={0x6, 0x15, 0x7, 0x5, 0x8, 0x1, 0xcc7f, 0x7f}, &(0x7f0000000700)={0x0, 0x989680}, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r3 = syz_open_procfs(r2, &(0x7f0000000440)='smaps\x00')
ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000380)={0x0, 0x22, 0x1, 0x5})
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x60300400, 0x2)
r5 = dup2(r4, r4)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000280)={0x0, 0x2, 0x0, "adbdee06009e4aeabde9eefaff7a78cda902552f08cef4a662dd836c7451f8e5"})
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8f100a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
pread64(r3, &(0x7f0000002280)=""/4096, 0x1000, 0xd33)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='b:::\x00', 0x0)
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x13, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xe4}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

3m8.440780655s ago: executing program 1 (id=384):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x90, 0x0, 0x106c, 0x7fffffff, 0x8000000000000, 0x8000000400007f, 0x0, 0x8, 0x5, 0x4, 0x0, 0x8001], 0xffff5001, 0x385210})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 31)
connect$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x1000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x24)

3m8.259521966s ago: executing program 1 (id=390):
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x2, 0x1)
mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0)
r0 = eventfd2(0x5, 0xc01)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, <r1=>0x0})
timer_create(0x2, &(0x7f0000000140)={0x0, 0x21, 0x1, @tid=r1}, &(0x7f0000000180))
eventfd(0x80000001)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x100)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0xf2)
read$eventfd(r2, &(0x7f0000000000), 0x8)
unshare(0x22020600)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
openat$cgroup_ro(r4, &(0x7f00000001c0)='cgroup.freeze\x00', 0x300, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r5=>r4, {0x7, 0xc}}, './file0/file0\x00'})
read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)

3m8.162882627s ago: executing program 33 (id=390):
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x2, 0x1)
mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0)
r0 = eventfd2(0x5, 0xc01)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, <r1=>0x0})
timer_create(0x2, &(0x7f0000000140)={0x0, 0x21, 0x1, @tid=r1}, &(0x7f0000000180))
eventfd(0x80000001)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x100)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0xf2)
read$eventfd(r2, &(0x7f0000000000), 0x8)
unshare(0x22020600)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
openat$cgroup_ro(r4, &(0x7f00000001c0)='cgroup.freeze\x00', 0x300, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r5=>r4, {0x7, 0xc}}, './file0/file0\x00'})
read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)

3m0.49820734s ago: executing program 2 (id=524):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x90, 0x0, 0x106c, 0x7fffffff, 0x8000000000000, 0x8000000400007f, 0x0, 0x8, 0x5, 0x4, 0x0, 0x8001], 0xffff5001, 0x385210})
ioctl$KVM_RUN(r2, 0xae80, 0x100000)
connect$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x1000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x24)

3m0.31751756s ago: executing program 2 (id=532):
r0 = socket$netlink(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd25, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20044080}, 0x4008000)

3m0.26150786s ago: executing program 2 (id=535):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'team_slave_0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r1}, @IFLA_HSR_SLAVE2={0x8, 0x2, r2}]}}}]}, 0x40}, 0x1, 0x0, 0xe00000000000000}, 0x0)

3m0.210719176s ago: executing program 2 (id=537):
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x5c280, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x195)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xd, 0x4, 0x40000004, 0x12, 0x20188, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r1, <r2=>0xffffffffffffffff}, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000040)={r2, 0x0, 0x0, 0x4}, 0x20)
openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400000000fedbdf2500000400", @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c040280060002000100000008000500", @ANYRES32=r4], 0x44}}, 0x0)
mount$bind(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00', 0x0, 0x181097, 0x0)

3m0.20647918s ago: executing program 2 (id=539):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0) (async)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x181043, 0x0) (async)
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000280)={0x5, 0x2}) (async, rerun: 32)
r2 = socket$netlink(0x10, 0x3, 0x0) (rerun: 32)
sendmsg(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000001c0)="5500000018007f5f00fe01b2a4a2809302060000ff41fd01040400000300120002002800000019002d4400009b84136ef75afb83de066a5900e1baac341b61130000f2ff00000100"/85, 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) (async)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180)) (async, rerun: 32)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (rerun: 32)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r4=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r4, 0xef7, 0x30, 0x30, 0x0, @in6={0x1b, 0x4e1d, 0x7, @loopback, 0xbff}, @ib={0x1b, 0xf, 0xffa, {"50916300000000000000000700"}, 0x8000000000000001, 0x6, 0x3}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r4, 0x2000000a}}, 0x10)
close_range(r3, r3, 0x0) (async)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_GET_TIMERSLACK(0x1e) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r5}, 0x18)
r6 = syz_clone(0x80008000, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_readv(r6, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)=""/193, 0xc1}], 0x1, 0x0)

2m59.671162076s ago: executing program 2 (id=555):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x2, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000300000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0)

2m59.566378738s ago: executing program 34 (id=555):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x2, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000300000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0)

1m10.769806191s ago: executing program 6 (id=2211):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x40000101})
ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, 0x0, 0x3})
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)
ioctl$TIOCSIG(r3, 0x40045436, 0x14)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r4=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000280)={0x1, r4, 0x1, 0x1, 0xa, 0x1ff, 0x1})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="662700000000000024001280090001007866726d0000000014000280040003"], 0x44}}, 0x0)

1m10.020069331s ago: executing program 6 (id=2235):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x1f, 0x100, 0x300}})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00'})
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2000020, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRES16=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
pipe(&(0x7f0000000040))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002ebd7000000000001400000018000180140002006e657464657673696d3000000000000a83742fdeab2c6a09d9435baadb0008000f00ffffffff"], 0x34}, 0x1, 0x0, 0x0, 0x85}, 0x0)
r6 = open(&(0x7f0000000000)='.\x00', 0x6000, 0x36)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r7=>r6}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r8=>r7, {0x7}}, './file1\x00'})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c0000001c000100000000000000020004000000574a0ee2a4317fbc6c45a65e7e801881552230ef50c9cfedc222785b8f461e4a9f946afce832dff8792bad3f75b3fa2fba468eaf7a30cd267c5a67a2e5abd32b72e057f91b88c1f37ce4937c6052448e48a6785159c7a68ed7467d801025489d77eafbb51d9494c3478da2a318934982cc184185", @ANYBLOB="bb0aa8003d9d6a887dc0eb4dee353e7b488fe919a560c8b683f797b94916928dd76650b599629542387b9172369eb663155d63da10a294a7e2f70bf181dffd464e91", @ANYBLOB="e4d937332b07f5022af8508e143f5c0ad88d4a5b611d8c519c"], 0x1c}, 0x1, 0x1000000}, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/stat\x00', 0x0, 0x0)
r10 = shmget$private(0x0, 0x13000, 0x2, &(0x7f0000feb000/0x13000)=nil)
shmat(r10, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
munmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000)
mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000feb000/0x2000)=nil)
preadv(r9, &(0x7f00000012c0)=[{&(0x7f0000001800)=""/250, 0xfa}], 0x1, 0x40000004, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = socket(0x2, 0x3, 0xff)
setsockopt$inet_int(r8, 0x0, 0xb, &(0x7f0000001d00)=0x5, 0xfeb6)
setsockopt$inet_int(r11, 0x0, 0xc, 0x0, 0x0)
sendto$inet(r11, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10)

1m9.959815526s ago: executing program 6 (id=2239):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000004dc0)=ANY=[@ANYBLOB="10100000000000001801000005000000ece538e8b62831eafcd9056be7c8a4f36891e0bd363476ba635f8d61e20221d10831df051097c214cf0e5f4345fa2c1eff6b0f8eedd3687f41fdd27b53aabf690ef80b8953b86b7943136212b1ec5c95809bc5d24c84f1ea4c6a1ff8b0dfc20e9b15115ddad4e233132bb07ee1577ae158a9ec4de6171ac0a7542ea221a3d97d80e7bed34fde3c64661a751d33a6d102ec5e611cee97f445ff21d4d3b360a17a83b7594ad811751ceb59ea8b5cde9525ac5679cf2e35907c0abbb85a25c776a98af56eff37c6627d00c51fd572f6113013d16a54d005b0f833f3c9cde6b897312b7ddc1b063781f822e06890c08ad3025e80b4a550a680e58053a8c33d2e1858f971a40788f6b287baa082a334140c0091f5f2d232ecbc86218a477e468e5be1b48d7787071b5c891cc3efde21a3b0337adeaa6a41ce8fd6edf1b0a47ca0cd6d785cc2c1c3803dde4d9749a10e21d489531efca60760b4ff2061dd7800c4f23c3d1e2bcd694fcc87261a2fdfee6baaa701c7083e9675a75b8d530f09f72d8d3fed4ed848ba18d11635893b52c84a6f0fdc9711b63cba52c9e33ac701261d5459b6ff53be036549b6d0e617d125a6a758370d0671f5f956918db7c4d0afb4f7369bad2a1cf0b7bcf130464bb031b092392a72e8234c1cc1d41190dad660bd1d9283d7d4c7f7410c83f6cfbd25b438097f3e5fd4a23e56c1995179797f03c6dfc5e8be4515d9c72ef9ecbb7cd80d4e71d2ac2f31396081eb9fee4b5d633aee32775a004f7aee9f33d81f9e469a1bef0a995ca8d50c2d853bfb1ebaf301d0c649b74827ae650b6a3bec85e2e9fd45e33bdd8c29cb0692d78a73700daf8eaff8efc06f8c07b3ce384ab1d925cdc440a4b85ace1edb6202df092fe6b37c11e10f3cb3d9e0cc19d55989766aec965403244c8dabfcdcc51c2297131307048ffc88b47d07e821656fa73395dd464d79ee82b3d4f47bd29f42f44f9521efdec7b0e8b5436d496ae046d72d69bc3d35a62829954fdf87fa10330a7864465ee86c540b2e1320e8453701898027ef86ad0d7c31c009f0e5f4c35eeb870ba4caa3708656b38c3797aaadb4b372acf23c05d55d98eb8c1c628e744a6a4439b5a515a2a083f8fbc71a2e6800c3ffec640d21d05a4b1f4548c5541f809e9766cce96b2c53b220361638c4dc43af7d5edb874bb48ca3c8a837fdccff0c8b50bc402da6262c5e3b344f313153fd455e4414f2b0e4a2bcf881b5615e399f8bbe6c3c20a314539b856de845a6e37e5f6925f3d5929eb59243b792834b0de7643077681b9113f5d192c4e96ebea0465901e5aa5da812b0d112089c048e29c523a753f7babe4e3de0bff0f220493bef0e7b76b051cecc325a8fb60a76880155ed33bbbccb472dd3b568829eb7cfb4280521adee82b1b1b7c31b0baa329f81f254526461b787d32bd18a760944a3f728a8a257f2bb9bc9172daeeb9a3d099fa60a440063b70cb48a54cf8739467f7e2b075b74800056475332bd226daf3e7a85c198107c3fe4818e78dda31d1d8c4c618c218e368a0e20655c325f95ebdb03320448cfd754064e7a6b69b1677d12a5c63b853d77bd06b4759e30e764806b91d5e9e54c907255ead2d433538105dc4dd9d364de0a82bbbe035d34e215be51d468b95a87e0e6d76264ff4a8bde40e956782351b5595118d6f630ae1eeeb5755177d0cd71f259eb580ba0918194a3b75d6110d58079c57ffef2f53a8d0fcd824c1bf83e612a2c63b0dc6f0e6997d7905d5adf649da853204a522043147f7b7debd7c01835b4f311ad3a6c4122f4cc970e2926ea30aaaf307555dea57ef2dbe3e5ec783dc447d1834cb1cc711c34051d5077d373013e995d34dd20a4ae0f3356b388a46ca2d3686daa528246dd0ab3e7400406e88797294d61b24e81ce8812e0eb38e898c658dafa957618e969f73f988fb6a5b13b0bdd2a63e666f88513f5f15d0f0a743be28c5fa6386d9af70292e96b54d4d5495ab142b036f11a7c18d6245ceb713a30c875af0e7124934b1bda9a9484e617360e2b9b63052da78188ab3ff5e2c8df92e3ff7845343165fd501f097296d614e163a33d8e15032147e2f3dd57e8207c11a11cd9d39a786223d2b6b000ab841e3237bcca18431f26a0ece2e478c28b56ccb93966151be4e52d823d1bc345d9a5c2925d06c27e4c74dd2783f55d32d07ae2eb68fe6d5614cf979e3c16d3f467efee15169eb5a641837b93bc06733eab8e30cd85c731ea46a24266dfe87fb8a9515b25841a246e6d8df10faa34da94576a4a3e1ffc78323cc58b122c0a0993da408b82f4a311c2250483a701df3e99fba515f31791b5b8b6ee31cb92731d656b7ff43b38d3b2d9f59008a7400d6f2dece551883f32d0281395379aa42285e90dff71bad695156ba4842936f6ddcd99cdb5ef8a147a15cf6ede0eff9b5106306806574fe9b3ede36418c97ebbb1de5b7b23a453b98e10634956a34cbf40b62b4cff86935ddbdd31cf5b78e1248b19ba060cff190f1f2f178dab05e0d6395d9b1440b01ed10f5c46c903d3e2f78e9393124a981c7db5126210ce0981dfe0566d0751f3a76b66f06390a1df65218832cb33c91a1a78c67b24b4aa1a52231a6152a2483684eecf19522d5a22bde3cac03fd1de054e36325490af9081bda7b85e007e8714fa6f945257d8bbb766f612f682d19f885d054055de33423889c45157120dfde3ae504c6fd55c65fd652245fbc1d20e535da9e326341fd39bbb8f81117516747c7bd6a0e41faae21d4a7b905a6e82d4584bb56c0c2e540e7c69ce8594724b08c1ccb578617cc7f4f203f1f96011a5a3e9e4ae90ec5b7d5c1b5c682706b331c57e56966ac4017dc56e7a701c2c27657dc7fc436c4c02c51a76537bb90fffd13c1a2bb473245cbf0f34b020cc1b267ba624b09616448eabc753f3eb69256aa7f4ae3c590cca158457b1fd5e37c977ea19f30f813e0169c6b37496162134b6ea6501d6e5910a9b4b5597fd379bdceda96f016fea03ebfe375bdd60d9a61099e593706255f8b1a1048db705b304eb2f7b61737df8ddea67277059f37dc9065e71bfb49efbbbe79661afd5f58f388f02a03dcb69758237b6789fcbdc4ea2fea4132d33d777cd5193c210e345f06a1568e061b39b774ed321e435f44a54842435af0d574ceec62e3132d8b57d490d1e8f1860fbd95e6a30176af9c085760e5ecc9199df22b76069e1ec85035c69d754f399824ebd886693d897b55f139cf6053a27d6389e9158d7f187ee506c304953dcb5c0c72fa5c942933bcd0ed00127fc842cd2f50d6483faa9a775450ea4cac5a18d4c4868ca696f136c28a4703d1562167671ad50ea5e70d0c43f95992130db3ac2e97e10f614a8974650366d369437f12e598dd37f474ab5010b3dd4ef6c3a23e37db0ee18675bc16f0e0e96e50a72f3816e08dee4e9407b0906d57a7caf9539288bda2d6577e09c417c01f910f18a324bd7c1b9388fd464109a5cafa70ee2cf83197c6a0acc5e012343ce8afe4e6a94f0f55b2230c9a6acdc9b9cea5c4a06f6d4376a5d8c43a562736b617acfa01f2b8dfc0f4c25cd3f8d7c675ee2cb72d030dbe4f78805dd9589b4874093dd7b4c6b6715fd245e6d853dbbb4ffdaa4f665870f7f22ed0a9d862cff03581ff2c4bc9ee5768c7ca806460a882dd0ffc96238a22715b6a49d50df7705c2d1ad35ab7df6660ba3ded28f6bedd9dba2158c6a3cc7943d6df0bc376135ea3b9211523130ad77dd1532841a7067a77b01573952bab397520a23eac4d5f67c54ff293e14d7e21792b909fae37de019200b6dcdaf815d0c747d891de553072f7d9dec9cb0657f9f2962c0be6f122bf1d8793995ecde34a14d46acbd238d0cc0edfa3556b7a7c763f37bd162bb6d638eda49818fe97ee6f5637254ff1b31cd1c358f19b362a978b689d5661873da06124960f1b25fa2c069586584ce5c83b72c4844ad85c917e35e0fbc6f565771579997cd31fdf3e42dcc1ab17573328e6a73affe545fc82c149566cb11b439cfb804b581a12c1054d4fee14feae7d91db10348b3470e282fc93c07376e050731cbfc091e3b858a9e1679b4c92b44656802a239ef3f0b91a5649eccdbff499328e9243ba7c25aa50de56d3e0dbafcc6aeab35b64b027e36d6e7868d5f6ea7e46d7d6bc263a3f304b5642e60fa847369f6ea08bd9049822fc6f7cebac468e88db61846c417be1c78ea28691e3a58d46607597c2746b0cdcdde0c8d2f21c6f407d88f17fec2eaa290db8b4513e29439be7ddd719d712e8b01dcff54fe42563e40973ad4f1b00bc9489cd10390b63adef8101b82144370e23d92ee972b129e14a3c1945288f7ebbb67999afcda79c63bb458949b6821cb7f6888d422283de23f19de6b06109a5b9e66be004c00c45854599c4323662f51424c3ce2d10d2d75b827669a18622b7ebadf590aae33903d4c9a90e5533d9dfcb7d1f6052c77d92799caa323b7a21493357119b5e3c0b9e69ccfbf28ec7d5b99871644f35bfabbb5c143d136d906b51564b7d8fefd3d31fdbe875c733f3d70994f70fb1c70d23ecc14de56d0c5abd21cb4bff75a353baa80a04ac3a153d8d569ef4c2562067e50be7345ceafd57d7e80028880755e97520b8bcafd55e3162701fe7972f31dfe1ddc77b79e97fd7c0a3fde0c5ee973d2885f3c9148c6b872de4dbb2fc83cfb665074aaf02401f4fc4dd95dc071333bded7cfc1a1af81824dbe4da2622ffc8e78acdc82a917e76fe4e9b0b5fe4e7d38947d3dfe70e7faa1952a4ebd47de74892167dccc2f60ae8d8457e2b1e50ca63b3692fcd13cdf92e25d0fb048d1c2b7196aa2e694bef12a7d206e9aef9bfec220deec4c59283516d3b6f6735c6186af1baed16d1f6c88c4de6e1e87aadceb42d4abe5a28edff4d57f8c4dc43d9481140635ab3604f052597d5e79f524ed8774d039fd83317ce1f909b4eadeae59239526113bf414c933e7dcfa9b2f0ffd3293a013394d8522f00465207ffcb7d96f0702bd06faf0f947691747ba1a05b4dea153178390466ea1a7548ec58d6ea4042da3373b70edf2a98e8bcf30fac5a657315a36be25dbb24aa0283bac1aa63bccff625da4ccd79a30c77f443761de7eed7410700de59a00878984e11374b291fda37c7aebbb7d95aabcec51a0f3975a19e2053f5c45d5dc4be3c2d0f5391f43d3a3d14dd5a69f93d0311bd948cb18e16bbf929331de9bed528c929fecee03777021eb5ec02c6637933b266d1195da1b62d2b0df0726c7bbafab2a0ec060d3e7bebc5002209dcaf4790d38aa0a07a3979e2f489672f8d095d6a6971a5a30c61af3b3eba960974ed4a0989b1e48204fc80e0756e0f7d8c3d4f120643794234653f08d8d5bc8fa905759ca0a1b36e4b490d86d4434bbc4814d6c86a787e0098b00d04e7391e3976f9c3f665227aa7a4d66fe3a694eb8dbbab093fc6760392047eb085db0abf5326aa9611f1da7bcaea327b12b97b5683096d5f014dea74536db50710b722d4d859c399784058f20f181117a707504da274cc55b632eca9f5c225f96144856b30736f9dd40df0faa53fa90760f81a91c96484f15527fda27eb2e47defa383e70b388b3d4c2707b4fa1ec51f5a8b5689bbe9c4d3234d050bbcfddb88fecf317bcd35627693c3082f07146df8df9f3e3fef2d9a9875b6a485a53d9664fb899eb7d07b6c2bf53c605b54acbc5dd1492d8f6babf83eb734f9292a482d6772ab6274d17444b99d08e83bf3e003196c43972fe5700000000000000380c0000000000001201000006000000d4a6eae5207c05f71374a188711515145096481b3c0659d371fc254ca442cda4ee9870f70390481d797ea971e9f87a545baec6409da47388132eb4e99db05929dd3e075c98c24beab9f2c422f6bd93f33de0ec12cb1d8e96853e1da8b075c719f654e6325fc564037a91f14a077b8eb9809a067b8b2a508fc78fd96c2675f43179169597b63b05691cbbee6b45240ab40f3c59a384f00232e9f47122a1231953470a1f867144522af69b952b505c92afa10a2b0d25bb0fb419835f47c88a9e86aadba335b21372344526e14ccaca18f5094e52f2b2f4b8c13be7c87252045cf252be12e161276cc0e4a8270abd4e15d2f3f7c3de4fe49326bfede7c65a10c84c54926582615f830b1764ed7514e83b558b7a3d054050431feac7604be80863e9b5e93267635d5621e2785205437c05a1960efca88b27d79c0e070b043ae489d2ae25b8e176825804618072e8a46131a69564e58f3da24d4bbb086556058d2c3032a43314bd466bf595c0a86b618b2f77adf3bc476b7f0d4f0cd8419c3f3ae5381ba0b8ad383acd7840f2268ed5560cc9218ef43cddec1756da272e1cb8cac1444b9442e9c3757113ad5a6a76fdc870dfafaa38e925ce66b2c10be4ebdf57928c8de1ea3bb779b6a02b290409635fd2ed9bfc5a7d5d9d41b9133f5e1fbc7e52cccaccbfce4254e00ab7e49c300e11a1a924878f639c3004254fd09c3fc790a43d3b302845cec02a73b3b9e0cac54cea71d3affcaddcb439e95ad0fed8f31c9ffd15de4143ba8a1c09fcfe593941a3c8e6d52838c4f908df2c990d2e7a535ac0513a669d8067ca270832d2417e0391bf0eff867b10c1eafb8da9402263536416064d8049060b429960c05c90d66b1ba27dc67bbf701a171adcf1ba0c4cad2e2f1e101debbfd8b49d87cdb5492b95ba8f40e6e2e15552acc2e0a7f5dbc33e2f7fe90829ea8dff28d7d1489f4924da4bbeff2538a70e06520cf752cb031bebc4e2673396dc97af8ad1e143b255eb666e111326935d756508087d2f04952a7f58904c03319411b963075d7502aaa444c7326208236f43be4487caff29073e542765e9b4430e01a7ef5afbc0e5fcec9c59404548673d4e01dd7444f61300a95463d3944d76e5aec04fe97e0f3b1cc8a20c11a84c67d1f438734b58f0c471ab3e9d951ba5e70a99ec65c8c4d4c117ecc8682db449fe44ec64fbf0e7f619999b8fcbde13a06408dd7044f612f296b5374b8eb9a1818b8589574f61842721a879dfce055766f8e223cd7038fc5543bf50c9b3d0c52c0cc677e7af50ab8ed9ba83101f8d3d669fc457d7aab023601add802570d6154eeeb827304c7492d9aef54fb1077bf1a3584c65547147a1b7fa3664a61b3c8f5af0dd4817bdd9deb9854f95264ca72cb4de4195af3280487056936b818b21b2daf86e72fdd0b9e185a31e626f050b7ef74b0c33b9305834256a9f0406c4071493ec2d33cf0ea11b06a4d0db442ee5ce2732a3f4c7b77da06dfb1c640827506f91a7f4434c0209fdbd6e5bd947f5d8db740b351348197e033c8df580bde047baa2354ba6caf08a18947000df7d6ca569e4714412ac8e6ea4a0d7e45ee8793db2c39d11e592a92e51e3f06fa953ea8cce80c3cf401473585e83815be91da7b5da809fbddb2cac9cd20a84bd12ab8a050b2cc98c2d420fb7837ed057bd15cf2d8cc3e2af8542d2385963827d31e43c77239598f4c469c9ad35ef6a85606a5484426d63c8677c6e4e395bc447e492d6394cad45afb5fcb444a79302b1e450b58d8e0f953493417213283e4c1ad29a007529dcc5856d9bd4a10280cec7f9ae2e0530b69e591386c527abff28858ac8e82b3bab7084ddbda1efe5ce5c90374a55420c6184a808fccf35ada403269bbc997454a026b8ada653607eff68139fa07958e1ffe44ff358cfe37e2c44cb49a722c9fbfeb036f29625eb4bfe915d9c38beb2edd022c046f021d365b7a08039c2bb0d8a29a84bd2357b273d8c00b812b56593d83551b707b460cc4923f52c9987b2c35bc28a39a941f57171942270867bd83e4e0970b5f12932f6ad9c186be688f3e2cef0ccbf1fca39e52af019b9c8c09ddef8af1b224b14cb4ed55697e4642e6fabeb3b4f8796d7b56ba37c1b141198639c655973bd97654d60d3804d86c103def3f32dd3ed0c3ef19673421bcc40437015c31895ecb5ba0f677bb0751e7900291fa9890303ae84ce67dfa5368d2ca60577862b89b99c9a9780a86b1df2b784f182f6eba319573b7d18a604386ea727dd4b4e4c0e98b67e6034e5211ecb82a5acf74f2c0c180824b10409e8cb48d20daf375ce82ce406013741f2f0ce6da1cb1e8cd91f741687fe6dc14060d4048861132a9f321deb97d43e79e5ace8d9ff088d4107e36b650020326309d71875ea79ce6d65900d31049acc0e06e19401eef3204123c04e82628097d7968481775460c6a5a56b02b151c9f88ac91a5fc30db34c6c5ebb7e5b36bf6d29d257b281010ce44a2c8af82bb442748775283a2ebf9b9d6ec82fe6a1ffa61cd0dea3d80b9b91316ab6d5dd592fdf764afaf6bf4db07cba94ab5c0c59567f684456e635d688cd846c8c0d526a801cd307c3a3ed1a1f03df5125ccdb3fb550df3f13ab1c01426c1180918b1f375bca4ea556f21e0a09a79c072814d27b338b2062b5b3e81779b0aaddaeee851f9ece4b5c03326d5611ba39eae2cd6c0aa2a8f01d0f4e8006b7f70e2bee5ec77c1357331b6643866fc121d567cac5ebcb92eb34bd784dbf887979606e40ec335fbdd004b08f4da2611d0c43ca6c16c700c72986170c973f313aaca50e12458194738453fd8f3705ba390f6e51ce4eb7d4e7cdf03616c9d37278724624a1b073860f968cb64cc7834b08b4cf3f0cb6c4a26daab4e51b9798c0a997daec7839e5d7ca329cca6cf60fbf948e73005b8395fc2369c4a03b13b0880d4e5bb343c77e586e21cd3e9beeca9a04f87970a7dc94e84135887684deb7feb2839f45ab988972a402b1b2bf6131de05215f04ad65792c754c60c2e772be5f4e79bd601fbd00873543f29b132bd26118a3d05366b1f234a46d362b0239bf99fc1632bf156b8609a43a2899882c40388aa979051691781fb8906fd91f9fb22d979f6d24b4d95da249f2201ade9718412d2571b09b4d043c836ed40d985a95746fcc449fb298fbcd01ff6a7807db04e0fd58387f2e865c0893e146945e633b8d1b4c3a0d83eb3a4fa92546d6e2ffa2d37a06b44e080d1573a742f9958e653c6ec5d62235cf1ae8c83d39b8bac7b09986b3c9d8feadc6bc48586209324fed6d63205a33196c5d35e7c51cf38dba9ad6bd3c59baba6ec222b417db4ba0954d6fcca7e942a5fba008492bb6bcfd9ebe0c779a50f1687491398818c0d29056986ccd6f378b16da8abea80bec975ab8a7bf6fdb080e69bc2c1757079d88498148015a2f9c0f5c60b81c72517775f9ceef54df9cdc68578bf0aa3c5984793c45a42e83a49b290b9136c9d3ea0736c6cc3eaabbd533a695388654912d6955d5cdc7ae92f2d7021f9e206ca30acfcbd74006b0a62fa8b6266d1fa29d76f11d79c788e2bcd70c8326def603705fc6fcadd7e4d3fdaff0b405d26fb6cc3adde2bf24a1871c4cdb75f43a3c6cd243abf388e331c6597a08a08e4b971ab0f2c350c55106e2d33359d8ea442e5b2fccab5f986a54a8a7728eab016823311cb5b6520a578d0c4f30827e5c6ae249324ba39298671899778076284f5bbf4375f3df9bd895377fb50e743c69a25a6904bab58b3f866558015be337e6996f87e111d08cd36e6930cdbe37bc52303b848578d5db23384ce30653a80db739f5a05ea7d9eef9d786ee07623c2113f015624f3e0b37399d778333a404a0d7700a623f204ac91e388b9df8359294c653380e8ad420046801a029c735c22b69d19055111141facd11ffa0adbd6168cb92f32847d79e8ba5a607c06c6651119ab85616bb01cfa01b4c8a126a9c1c1468de3012ffbe5af7c1563de3b442bd8b10413f78ef4117b98be378a53626bea8532647641baf5c3c58a056e7e02b6bd90671a036ee10133fbdfca6e1c3f3ad9b2feda273da42fc8d3509fa608756e4d087697f55f075443920fda3865f4ea2acf869438880aeac9962892ebe327fe773e9305ea2c166c4e8da2df4c9785b8ffda444ce564dfd055e476d45276c2778f12b1553f09c60c4757071a7188aef964d0857413fcc1464d78db8e4fd895753a596a5299e7b0f119b8dd10a44f26b301a7a622eb36d2bb8a582c5f8fa790143fb51f36a8f15285c6a86b103fb5864441f8b22ed02a689863ac9bd66df3c8925b9f4bc3d3082cb50dad04ad48b6508905ca2d0822a00c237956d59f646e79e43b24cef330000000000000058000000000000002900000009000000c33114de9ca6e542dc45ec991bd2d1b9b30e4c9c7ea04562697d6dd2c14560eeb2dde296305774dda94f88b32be117008f4d115605722aacf2e0f391e7af53e1e47900000000000010100000000000000701000093980000bd0a33560047a5627fa4e0cf3d457883f5e055430e95d9d3eed0079736d127bccaeddb9a10c0b3314cafbe9b1d7ef366bff7bdb8f4a94c07a9fa6b22f25b6994bf23b2441e0296af9638901060d67b474436312945b922378ab22792275c85cfd9d453ddf5f4d41305fc3c5f3aeee3dcb58b299061c95fb7010b80d90eafa82690274dabc8ef5174c2e6dbcb03f419dee7cbc14e2256a379565cc8e0b95312cc03fe1d01e215bc789d34947c1f839d04527a095ba95736af8d6859681f821ef5a31c0f6ca87bc13458b7a99085bb4b751324a811554daaeea71102ca3c8ec2683eca595ab017a92b46cb0956788f201ef88524d7d9343adbc51a4c9d66ba39bee4422421edc9010a25c74d6a3f3e97822435f1e353567041e6d67601f4172b0f4578c316b53349ed6dff21486070687e4963e02ce14e787780bc9208fa67f55307e337213c9164e64160d45a1734085d265c87316690f74f574f9e2e8f461db77b4c0def15704148e14892cb05c7a818aef4eb533b44ace3378ef1034b7d46a6036075158f630c2c58b5127d5e5cd4aa551a9a0f6e868467dae9b4efc94759fdd4fd97a0292b104f33d8395f2a5181b5a1c975f3b6324dfc34352c94d0d8fda04e32f81d956f8caee8067e599b644f10bfe0b9d76b710cf855d54d6fccd34f6c485c16d8d4e3cdad71fdca3acaf7c00630484e34616679efae0d9bb95cd948fc493c4956ebb8d1e1c007f7928affd60c8f9df6326e8948a2508831cbd71100dde312e8cfc5e987c7b5c380c689a8430d27460810280c39bc171af1023bf25818d12b475a2c835689ba080f796d038b2526c4c9471b4fbf99ef9254fcdbc7dec56859b288780bf376f4381fdc7407ca1297d1901c85ee432f19e9dfc89c2d8473058a8ffc13ee76f893f52a0f823ee4069ec01869bfdc6ab627c4d704d8c7f193ce075fb81104361aa06bfa14c6458e9d330526dd5a4b629a015b6b61bcaf205a89f5a76be88b4652f971956683b3b5b22c78c359e7f5278dba69e08c09438be0380c8c81c7bce6cedf30a15064e6b1363809ab382f775c240a3ade838dddc4c4054d4a304a1ddf1723428abb3cf9dd9a765298f3ad22675e491a701615a8f479289f0a9eae30bda05af918b787238613028b233e1d70d82ed9b78dbc544c1081d781a0b927d2387f8720716a915b10509ef502218f675e1ca407a67633a7c170684ae6b6111c5ae5603dfd933b734902fb593d06dfe84cd94c6b3a14f39f170f8b5be74650cedbb12e3b32403805abcdd6e6b7704b8c65f6b525fd25767792ebe9d6e254fa24c2ab16fb1eef38e12517ef5639c64808548e6a3f99895ae3fd09ea41f53c4d9b9444e39427712964c7cf4f7548e2af946f7de1ea74e0e4c95ab913a18e52bdf4217f43cce73fe9ddede0fbd21cfa084b24c0b893206b97bde38634d0aad46340c690fc439a09d40f93658e7b4100639719134d50d75b93399a2ccc6e702e6339d05064c8740b7b65b8b35ae177760fba281375a769e48ad68fcf701864f721ea1e492ca3f258b4155340c925b5011fa1c1e68d22d9cd43d9575a8de74beed960481f249c99307509b3500d5e7c543f"], 0x2d68}, 0x0, 0xe3d08660d7cd4684})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000140), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
setsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, 0x0, 0xe5)
r5 = fsopen(&(0x7f0000000500)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000380)='}\x00', &(0x7f0000000880)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xecQ\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849@\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xf4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;\xf1C\xea!J\x19\xe1\xfe\x0f\x84\xdfY\x10\xed\x1c\xb2n\xc0ME\xaa\x9e\xd1f\x92q\xeb\xdb)\xcd1(>\x8e\x0f}\x03\xdd\xf8\x84\x9bz!\x80F\xc5ls< \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x1c\x9f\xbd\xcd\xea\xc3w\xa3\xf5\x1d.\x00\x00\x00\xa0\xf4\xe9\xe2\x83\xac\xde\x95cmvM\x12\xc1O\x1f#\xcd\x90\x1e\x03\x1e}\xe7w\xe7\"Oh`\xed\bM9\xaf\xa3BQ\xbf\xfd1\x1cG\xb5\xed\x86\xb9Q(\x19dZ\x8da\x008e*\x928\xcf\x0f\x0e\x05\x1dM?\x11$E\xc3\x12\x1e\xffI\x84t0D\xec\xf3T\xe2\xddJm\x87\xc9\xb1\xff\n\xa1\x13\xcbo\xc6\xda\x84\x02\xa3\x14\xf2q\x96\xa8Sa\xe4\x1f\x01\xa2]\xb2\xc9\xd5\xff\xfd\xf2\xb5\xf5\xef \xc7\x02\x927\xdb\xa5\a\x9eS\xb6\xe2\xbaL\x99n\xb4\xe3\xf7\x0eU\xc0', 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x400, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x40083, 0x715cb}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @local}, @IFLA_IPTUN_TTL={0x5}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80d1}, 0x20004000)

1m9.139782385s ago: executing program 6 (id=2249):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000070961c40e90f55dbfb690102c9030902120001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0xa840, 0x582)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000100)={&(0x7f0000000300)=[{0x6, 0x0, 0x0, 0x0}], 0x1})
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/igmp6\x00')
read$FUSE(r1, &(0x7f0000002240)={0x2020}, 0xffffffc9)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000002200)='./file0/file0\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, &(0x7f00000003c0)="00ea1c7c000700", 0x7, r2)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f0000000000)={0xfffffffa, 0x200401, 0xe, 0xc6cf, 0x92, "000300000000de00", 0x73, 0x1fd})
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180)=0x3)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000340)='./file0/file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2001080, 0x0)

1m7.709922977s ago: executing program 6 (id=2253):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) (async)
r1 = socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xb5}, 0x48)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x2c, 0x0, &(0x7f0000000080)) (async, rerun: 64)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) (async, rerun: 64)
mmap$xdp(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r1, 0x100000000)

1m7.490498004s ago: executing program 6 (id=2255):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x4b52, &(0x7f0000000000))
r1 = io_uring_setup(0xcbf, &(0x7f00000001c0)={0x0, 0x7809, 0x2000, 0x1, 0x5})
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r1, 0xc, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r2 = socket(0xa, 0x3, 0x3a)
getsockopt$MRT6(r2, 0x29, 0x24, 0x0, &(0x7f0000000180))
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1m7.411177684s ago: executing program 35 (id=2255):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x4b52, &(0x7f0000000000))
r1 = io_uring_setup(0xcbf, &(0x7f00000001c0)={0x0, 0x7809, 0x2000, 0x1, 0x5})
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r1, 0xc, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r2 = socket(0xa, 0x3, 0x3a)
getsockopt$MRT6(r2, 0x29, 0x24, 0x0, &(0x7f0000000180))
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

42.899159568s ago: executing program 0 (id=2657):
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x40, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x78, 0x10, 0x503, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1244c}, [@IFLA_LINKINFO={0x58, 0x12, 0x0, 0x1, @vti={{0x8}, {0x4c, 0x2, 0x0, 0x1, [@IFLA_VTI_LOCAL={0x8, 0x4, @private=0xa010101}, @IFLA_VTI_REMOTE={0x8, 0x5, @private=0xa0100fe}, @IFLA_VTI_LOCAL={0x8, 0x4, @rand_addr=0x64010102}, @vti_common_policy=[@IFLA_VTI_FWMARK={0x8, 0x6, 0x2d616b45}, @IFLA_VTI_LINK={0x8}, @IFLA_VTI_IKEY={0x8, 0x2, 0x5}, @IFLA_VTI_FWMARK={0x8, 0x6, 0xe}, @IFLA_VTI_FWMARK={0x8, 0x6, 0x4}, @IFLA_VTI_IKEY={0x8, 0x2, 0x9}]]}}}]}, 0x78}}, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000040)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000480)={0x0, 0x0, r2, 0x0, 0x7a, 0x5, 0x9, 0x0, {0x2, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0xea8c0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c643c, &(0x7f0000000300))
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000580), 0x40000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000540), r5)
sendmsg$SEG6_CMD_DUMPHMAC(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x14, r6, 0x301, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x200000c0}, 0x4)
ioctl$FBIOGET_FSCREENINFO(r4, 0x4602, &(0x7f00000005c0))
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x3c, 0x0, 0x20, 0x70b92d, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_TX_MAX_FRAMES={0x8, 0x7, 0x1}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0xfffffffffffffe65, 0x16, 0xe384}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0x10001}, @ETHTOOL_A_COALESCE_PKT_RATE_LOW={0x8, 0xd, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40851}, 0x4014)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0017800400ad0014"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)

42.895714388s ago: executing program 0 (id=2658):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
syz_emit_ethernet(0x12, &(0x7f0000000080)={@random="659b3dfadf01", @link_local, @void, {@llc={0x4, {@llc={0x0, 0x0, "e3", "dd"}}}}}, 0x0)
syz_extract_tcp_res$synack(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x10, r0, 0x2000)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x4}, 0x50)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000340), 0xc2080)
getsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f0000000280)={@remote, @rand_addr, <r3=>0x0}, &(0x7f0000000180)=0xc)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x1e, 0x16, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8003}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@generic={0xf9, 0x9, 0x6, 0x7fff, 0x4}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x3}, @jmp={0x5, 0x1, 0x6, 0x8, 0x0, 0x30, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0xb}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r3, 0x24}, 0x94)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x6)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000cc0)={0x44, r8, 0x1, 0x70bd2a, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x38, 0x9, 0x5}}]}, 0x44}, 0x1, 0x0, 0x0, 0x200040d0}, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f00000001c0)={0x400, 0xf0, 0x280, 0x640, 0xbbb7, 0x2, 0x20, 0xffffffff, {}, {0x2, 0x2}, {0x0, 0x3, 0x20}, {0x0, 0x8}, 0x0, 0x3f0, 0x80, 0xd, 0x0, 0x80, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x4, 0x20, 0x1, 0x0, 0xb})
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_X86_GUEST_MODE(r9, 0x4068aea3, &(0x7f0000000080))
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_udp_int(r11, 0x11, 0xa, 0x0, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)

42.590719724s ago: executing program 0 (id=2663):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58)
r1 = socket$inet(0xa, 0x1, 0x84)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r1, 0xffffffff)
r2 = accept4(r1, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000040)={<r3=>0x0, 0x2, 0x10}, &(0x7f0000000080)=0xc)
r4 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x37)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRES32=r6, @ANYRES8=r3, @ANYRES8=r2], 0x7c}}, 0x50)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000070000000080a01010000000000000000020000000900010073797a30000000000900020073797a32000000002c00058008000140000000000800024000000000080001400000000608000140000000f9080001400000005c080009"], 0xc4}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000000c0)={0x10001, 0x3, 0x0, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
sendto$unix(r4, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0)
openat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)={0x80000, 0x1, 0xc}, 0x18)
recvfrom(r4, &(0x7f00000030c0)=""/4117, 0x1015, 0x0, 0x0, 0x0)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r4, 0x12, 0x2, &(0x7f0000000200)=""/136, &(0x7f0000000000)=0x88)

41.809849095s ago: executing program 0 (id=2686):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
timer_create(0x1, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000540), 0x4, 0x2)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000600)={'\x00', 0x81, 0x10001, 0x7f, 0x9, 0x8})
ioctl$BLKTRACESTART(r2, 0x1274, 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r3, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x2, 0x3})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = io_uring_setup(0xaae, &(0x7f0000000080)={0x0, 0xdf4, 0x80, 0x7, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
writev(r0, &(0x7f0000000000)=[{&(0x7f00000004c0)='4', 0x1}], 0x1)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600))
socket$netlink(0x10, 0x3, 0x8)
socket$netlink(0x10, 0x3, 0x0)
r6 = syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$cont(0x19, r6, 0x20000000d, 0x7)

41.433038953s ago: executing program 0 (id=2693):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c00", @ANYRES16=r1, @ANYBLOB="010700000000000005001600de0008000300", @ANYRES32=r2], 0x1c}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)

41.186727049s ago: executing program 0 (id=2698):
socket(0x10, 0x803, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)

41.075908617s ago: executing program 36 (id=2698):
socket(0x10, 0x803, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)

3.77791662s ago: executing program 7 (id=3298):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r0, 0x0, r0)
r1 = syz_io_uring_setup(0x5ce, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0) (async, rerun: 32)
r4 = io_uring_setup(0x4822, &(0x7f0000000180)) (async, rerun: 32)
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0) (async, rerun: 64)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@ldst={0x1, 0x0, 0x4, 0x2, 0x1}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x94) (rerun: 64)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x82e, 0x0, 0x0, 0x4}]}, 0x10) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456}) (async)
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2.978957412s ago: executing program 7 (id=3303):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x50, 0x10, 0x401, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x32b, 0x28000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x6}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@host})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7cb, &(0x7f0000000140)={&(0x7f0000001080)={{@my=0x0}, {@host}, 0x400, "4145fdc5fec7663a106cef95c8d86f03d655b82e62dc5204ff06732791d90936bf31f7b4eafad3ed43e8da42de6780edce2e2f941399c9b9002a6a538fc1ebd3e994ce6fa4a67c775c476cdbedebbe34904cbe0d5808cf5892aa1e563f949f38cd2ebaa2c46464183ead798b1af0ba7ad5db77736a5329e7297e674242854f87ef03b0fba724523033529e64be44188740b9e9a0ba6944e9724c4aaa8470ab8d35a1746a1da4dfa2112cb5135d97efae0975e7fa5e421fe7ec12a8bbd7714076b63ddaca822d7c0383ccc4e21b11c8a0443850c05f4bb6716b6ba83016b709b44a9959c44daa717ed76b43f7c235fae47730ff2d435ed29d062451ab74bd9f65d9bf96e1afc645ca2249c89146fc815210d465ca0ede0acbfe1165b15d222ed668b79b14f901078d35e7421637588c887b0f2335ea84a442fc95bbcf0ea3b308ee18d913901cb8f40dd2798e781c4b1c620c23565b5bc18e25c206f772c863c8a8864f460c239033717d41f94fbf13b1d0c7271364bd6d144160e1df33fcb33e5d45a5e7ea4264d089397d7e022c6e1f37a2e464c01b4df6a906d3a46d9432ba1966d73aa0627491e3b3c33bee03ff2138896b64862910f24dbacc3c686e0059ff5915c8b69bce3c4022c5c80d574274d1107c9935898ae444a6c38dbd8319e778e1a86a293094bd98d0ae3ae2c32a4bcb20e0517c03e7b46839f4e3601ff98244ca5485cacbfe53c935cf14038bba908af19834a86b56cf68a7170448a434b55d66c080ea095b02ba4c3f8ba492c9e50111bf1b3085cc0f3938a54840a1219404b36f71ee071a8b9f3ab4ad0fc3c92a48cb6bc63ed74877d8425c88eb40d18c6260ff221dc295d1fa1557cfcfe1cb3a1d61b4b1235e28903ae5a4d3d358f6d3e2c87b110e38aab0fd1ca2c047b3ea826d8cd9b980b3fc64fbf38d0d3fed0057b30612880a3d93aa3e16e1c1902cc8c206d7732f426fbb063b020a03d08e3bcd4ff32c30c8ea424ea0c746e72c23e8d53576cc801bdf82f8bba865074e5dde3177820c24be87b9bd36e30a81d1d50b5aa0628262d46d19060ae37a33aa8e515fed3f8bfdf65ba5f8e11e4d517a50ce03f82bc5b3c8e9b3eb6572f1a686430170ce64bc1a61246fd99b2d8a3215104478eead271fcca07bc66e637d5543ad47147f5ad50cc5a203a37b7d2f67bb0387ae189ee7d5cfc0a421b0f0e6286aaf28a3eadfad1b8c83a26ac0a1d4a3846d93e161c82be100278d94e35fc7b5f1feb833f1b975adb33bec5d777cfbdb2c5fe171e205fd6596b37ba646b9ecb163fabcd89a469f6ad539a80937748105298b0a6364d75c6de3cbcbb96c44055489f3f47149551e7f53d3a22d837cfb59c3e43f0c95760791ed36ff84ae82a679e4e062461bda5db7c27fb00c3238266734bc7c16d45ce7cd3f0b7e63c309877816048f24"}, 0x418, 0x3})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000340)={{}, {}, [], {0x4, 0x4}, [], {}, {0x20, 0x5}}, 0x24, 0x2)
rmdir(&(0x7f0000000000)='./file0\x00')
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = dup3(r0, r1, 0x0)
fsmount(r3, 0x0, 0x8a)

2.978795632s ago: executing program 7 (id=3304):
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10000, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=virtio,access=', @ANYBLOB='3'])
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x18, 0x4, 0x8, 0x1}, 0x50) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x18, 0x4, 0x8, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0}, 0x20)
creat(&(0x7f0000004d00)='./file0/file0\x00', 0x0)

2.889171784s ago: executing program 7 (id=3306):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e80)=ANY=[@ANYBLOB="cb160002f1000000b70700000100f0ff5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd364158a4591c559f76c0130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce74c4dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f00c484d339c480f70006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08ef74c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d3287a7b01ab84d336f3c0f45a0642d6f2c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe91ff799a11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d253e8778e6e8ffe4ea50b076446f35efffc806b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd3153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be15579518540000bc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e99948a9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676080000007229e0237c1e34641848531712ff09e89fb062a3e66f4f3c9d7a7fc9aab1ced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a690bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b270a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b380380020000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9}, 0x48) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close(r0) (async)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x9c)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r2=>0x0}) (async)
bind$can_raw(r1, &(0x7f0000000000), 0x10)
read(r1, &(0x7f00000017c0)=""/4090, 0xffa) (async)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, &(0x7f0000000340)=0x1, 0x4) (async)
ioctl$SIOCGSTAMP(r1, 0x8906, 0x0)
sendmsg$can_raw(r1, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r2}, 0x10, &(0x7f0000000200)={&(0x7f0000000280)=@canfd={{0x0, 0x1}, 0x0, 0x3, 0x0, 0x0, "64180c7b4301652a01a1bdb1314e2b5c5c887a1afa5ad421c481ff3842955e4756e9940bf338f1d16623188f87ecfc7106544e3c0fee6f87a1552209e3b2c363"}, 0x48}}, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e21, 0x0, @empty}}}, &(0x7f0000000000)=0x9c) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000040000008500000029000000180100002020602500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xcb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x9}, 0xc)

2.756205345s ago: executing program 5 (id=3310):
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0), 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_SMBUS(r0, 0x720, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
fsopen(&(0x7f0000000040)='xfs\x00', 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xe, 0xfff2}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x4}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44044}, 0x4048084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe6, 0x0)

2.756134728s ago: executing program 7 (id=3311):
r0 = socket$isdn(0x22, 0x3, 0x10)
ioctl$IMCLEAR_L2(r0, 0x80044946, &(0x7f0000000000)=0x8)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)
r2 = syz_pidfd_open(r1, 0x0)
pidfd_send_signal(r2, 0x2, 0x0, 0x0)

2.617415376s ago: executing program 7 (id=3312):
r0 = mq_open(&(0x7f0000000140)='{\x00', 0x40, 0x8, 0x0)
mq_notify(r0, &(0x7f0000000300)={0x0, 0x2b, 0x1, @thr={0x0, 0x0}})
r1 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000280)={0x4d, 0x2, 0x3, "8baadc000000000000ffffffff00000000c300000000000000001c00", 0x34565559})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x0)
syz_open_dev$sndpcmc(0x0, 0x5, 0x200000)
r3 = socket$unix(0x1, 0x5, 0x0)
r4 = dup2(r3, r2)
r5 = socket(0x10, 0x3, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r5], 0x40}}, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8)
getsockopt$inet6_opts(r7, 0x29, 0x37, 0xffffffffffffffff, &(0x7f0000000440))
r8 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r8, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x4}, 0x80, 0x0}, 0x24000059)
r9 = socket$netlink(0x10, 0x3, 0x8000000004)
setsockopt$sock_timeval(r5, 0x1, 0x43, &(0x7f0000000240)={0x0, 0x2710}, 0x10)
clock_gettime(0xd10dae85e4692df3, 0x0)
writev(r9, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000000000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f00000005c0)={'batadv0\x00', <r12=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYRES16=r11, @ANYBLOB="1c4000009b18c4629131243052076990c622eed6617af52904b8547552ef7ee7ce93a1fd5fc91ea9f9d63d735f0996542a19ae179ee9cdb38d05acd42c227c9010078ed89f30497450a4955c9209d2328614cdc2", @ANYBLOB="030300000000000000000600140008000300", @ANYRES32=r12], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.939776308s ago: executing program 8 (id=3315):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000090000000000006b00000008000300", @ANYRES32=r2, @ANYBLOB='\n\x00'], 0x28}}, 0x0)

1.939369912s ago: executing program 8 (id=3316):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x200)
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, &(0x7f0000000080))
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064d2, &(0x7f0000000180))

1.922897754s ago: executing program 5 (id=3317):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000004240), 0x2000, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f0000004280)={0x18, 0x0, 0x0, 0x0, 0x0, 0x1}) (async, rerun: 64)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x208004, 0x21fffc, 0xc, 0x0, 0x2, 0xff7ffffb}) (async, rerun: 64)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x2, r1, 0x0, &(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x7}) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000c06ff020000000000000000000000010500010007d0a3000000010007000000cdbcafed3f7f07f9deb29cc5daa785abdf6984fe7934ff086451d3cc9f07e071d8c186210e1cd4bfdb5ba9bbd7a4110118cae85a7875513e33f15cd5cb99f128542fab3157643fd4291915b86860a3b4399995025b42331916f0c43d4884038fba8512fe9fe9675239ac7563bc2778bb7cd19d035c54e5f92f1c26b225540638338aa0a9"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x94) (async, rerun: 64)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x440100, 0x0) (async, rerun: 64)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
r3 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00') (async)
r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000200)=0x8001100) (async)
getdents(r3, &(0x7f0000000000)=""/42, 0x2a) (async)
syz_open_dev$usbfs(&(0x7f00000001c0), 0x8, 0x10000) (async)
getdents64(r3, &(0x7f0000000080)=""/147, 0x93) (async, rerun: 64)
r5 = socket(0x10, 0x80002, 0x0) (rerun: 64)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x4800, 0x0) (async, rerun: 32)
recvmmsg$unix(r3, &(0x7f00000002c0), 0x0, 0x40020000, 0x0) (async, rerun: 32)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x40, 0x9, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x1a}, [@IPSET_ATTR_SETNAME={0x0, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x40}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000001}, 0x80) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000003d40), 0x4) (async, rerun: 64)
getsockopt$SO_COOKIE(r6, 0x1, 0x39, &(0x7f0000000140), &(0x7f0000001300)=0x8) (async, rerun: 64)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000000), 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, 0x0) (async)
syz_emit_ethernet(0x299, &(0x7f0000001480)={@local, @broadcast, @void, {@ipv4={0x800, @gre={{0x6, 0x4, 0x0, 0x3e, 0x28b, 0x64, 0x0, 0x7, 0x2f, 0x0, @broadcast, @broadcast, {[@lsrr={0x83, 0x3, 0xda}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0xf3, 0x3, [0x9, 0x1], "e1ef79f385dc4316daf1b1fa0910d4f10c9a8f290433bd2b083ec2fb3cce9baa2e67ed764ba369f55f7a991c49f2fc564c911a67a115f4c4322fb8a88cdfa10f0d0aca1d878acf4062ce2224bc4964d5428c8acaf5406fbca371b332422aa02933e5c7d53de7093ea9d7ac19ad1919b10ec77a6b53210371a0a9f375a136a0d71db39968f6ce3a58ca9b19105e28ecc22c450c9e3214d7f6b459902db93eed0522c95b62ed8b6ad68693c971b932ad8570197b0cfb6c717c0ed2735b6c15bd6c1edd40771934d370de1d44221ed77895abaf93cdaa8d12666177cbee83758e9c246b96aaf73df3542ba44d44080ecf52c78de8"}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0x7, 0x6], "b14ee50e9d0f74cdbaf78f5290f9c1ddf484b5934326c8ebea1d756d32e2d7cd97bd71f7bfe37c96068ae2b0c238d421e53aeaeed702cb45f14597e20f630f26fb696d67c145c9732b8f8580186e2646ef14b7df138b99ba5984daa205a591e5141e085acf1a0345ef3f5bfc437d203a298ee01ea878518a1be9682d347b8a41afb638cb9d456ef7630ab94ca45480cb72caf3d1e4adc548cfca31e6bba057a844443c276dc3bfc484ff911a4273dbfcd9433ad41d58240cbcce020f81c899880d9f056da09696752600"}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x3, {{0x8, 0x1, 0x89, 0x2, 0x0, 0x3, 0x4, 0x48}, 0x1, {0x8}}}, {0x8, 0x22eb, 0x4, {{0x7, 0x2, 0x10, 0x0, 0x1, 0x0, 0x7, 0x9}, 0x2, {0xccb2, 0xffff, 0x1, 0x4, 0x1, 0x1}}}, {0x8, 0x6558, 0x4, "acc4c5797edf0c884df89ac9b255912ff6126cab8043c47648cf4388940bcc3ec29bdea83d1987c703b17a960c563cc03441a15037fc020c5b86e4d43c6f1a812430ab6c96709dadab33f481a37745975bd88ef9ceff326f39af58e64c227695d3a7f961328f375e3b3a"}}}}}}, 0x0) (async, rerun: 64)
setsockopt$MRT_ADD_MFC_PROXY(r6, 0x0, 0xd2, &(0x7f0000000200)={@empty=0x1f, @multicast2=0xe000031f, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0x0, 0x6, 0x5}, 0x3c) (rerun: 64)

1.922703818s ago: executing program 8 (id=3318):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'team_slave_0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r1}, @IFLA_HSR_SLAVE2={0x8, 0x2, r2}]}}}]}, 0x40}}, 0xa000000)

1.817471386s ago: executing program 5 (id=3319):
r0 = socket(0x10, 0x803, 0x0)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4095}, 0x4800)
recvmsg(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/20, 0x14}], 0x1}, 0x40010020)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x100, 0x70bd25, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000780)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYRESOCT, @ANYRES16=r6, @ANYRESDEC=r6, @ANYRES8=r5, @ANYRES32=r5, @ANYRESHEX=r5], 0x4c}, 0x1, 0x0, 0x0, 0x48c00}, 0x400c041)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newlink={0x58, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, r4, 0x8000, 0x1c05}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_REMOTE={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x12)

1.769497445s ago: executing program 5 (id=3320):
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$alg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a)

1.769287192s ago: executing program 8 (id=3321):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r1, &(0x7f0000000080)={0x2020}, 0x2020)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r5, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800) (async)
r7 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2)
ioctl$vim2m_VIDIOC_EXPBUF(r7, 0xc0405668, &(0x7f0000000100)={0x0, 0x1, 0x40000002})

1.769010288s ago: executing program 5 (id=3322):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0x4004480f, &(0x7f0000000580)={0x0, 0x6, {0xb1f, @struct={0x7ff, 0x100}, 0x0, 0x8000000003, 0x8, 0x8, 0x8, 0x10000, 0x452, @usage, 0x6, 0x3, [0x400, 0xfffffffffffffff6, 0x1, 0x2, 0x8, 0x9]}, {0x5, @usage=0xad0a, 0x0, 0x2, 0x1, 0x100000000, 0xffffffff00000001, 0x8f, 0x43, @struct={0x3, 0x2}, 0x5, 0xba33, [0x5, 0xf000000000000000, 0x9, 0x401, 0x8, 0xb34]}, {0x4b, @struct={0xd9d2, 0x7ff}, 0x0, 0x9, 0x1, 0xe1f, 0x8000, 0x9, 0x404, @usage=0x9, 0x3, 0x33, [0x100000000, 0x114, 0x409, 0x174e, 0x6f9add4, 0x50f800000000000]}, {0x2ee, 0x5, 0x9}})
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
close_range(r2, 0xffffffffffffffff, 0x2)
write$binfmt_misc(r3, &(0x7f0000000000)="180c4552", 0x4)
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000080)={&(0x7f0000000540)=[0xfffffffa, 0x3, 0x5, 0xe04, 0xf, 0x8, 0x8001, 0x40, 0x7, 0x9, 0xd, 0x8, 0xb, 0x9, 0x0, 0x9, 0x1, 0x9, 0xd9, 0x10, 0xbe, 0x10000, 0x6, 0x0, 0xd2f, 0x3, 0x1ff, 0x9, 0x7fff, 0x8, 0x6, 0x7fffffff, 0x656, 0x3, 0x6, 0x6, 0x3, 0x1, 0x1, 0xffffffff, 0x8f03, 0x4, 0x800, 0x9, 0xc, 0x1000, 0x2, 0x1, 0xf608, 0x9d, 0x3, 0x0, 0xecb8, 0x200, 0x0, 0xbad, 0x3, 0xffffffff, 0x6, 0xfffffff7, 0x0, 0x5, 0x3, 0x0, 0x7e, 0x6, 0xa00, 0x8001, 0x9, 0x1, 0x0, 0x80, 0x5e88, 0x81, 0x20ea, 0x2, 0x475b, 0x10, 0x80, 0xb21, 0x2, 0x6, 0x4, 0x80000000, 0x8, 0x7, 0x3, 0xf7, 0x0, 0x401, 0xffff, 0x9, 0x7, 0x9, 0x6, 0x7, 0x6, 0x0, 0x9, 0xc08b, 0x0, 0x9, 0x5, 0xa, 0xfffffffd, 0xbe3f, 0x1ff, 0x6, 0x4, 0x0, 0x0, 0x6, 0xa, 0xfffffffb, 0x60, 0x7, 0x1, 0x765, 0x3, 0xfcf, 0x5, 0x9, 0x4, 0x2, 0x7f, 0x7, 0x40, 0x6, 0x6a11, 0x2, 0x0, 0x5, 0x5e4, 0x2, 0xe, 0x80, 0x270, 0x9, 0x0, 0x6, 0x0, 0x1, 0xffffff80, 0x6e6c, 0xffff, 0x813, 0x7, 0x5, 0x81, 0x401, 0x1b, 0x7, 0xa847, 0x3, 0x10000, 0xc3, 0x7f, 0x9, 0x7, 0x5, 0x4, 0x2, 0x66, 0x9, 0x3, 0x0, 0x46dc, 0x5162, 0x8, 0x1, 0x8000, 0xfffff800, 0x1, 0x3, 0x4, 0x29eb, 0x1, 0x2, 0x8, 0x7fff, 0x0, 0x1, 0x9, 0x2, 0x80000000, 0x2, 0x7, 0x0, 0xb7ae, 0xc, 0x4, 0x100, 0x8, 0x8, 0x10000, 0x6, 0x3, 0x80, 0x2, 0x1, 0x7fff, 0x417, 0xa, 0x9, 0x6, 0x7, 0x7, 0x9, 0x4, 0x4, 0x7fffffff, 0x6, 0x3, 0x0, 0x80000001, 0x6, 0xfffff800, 0x3, 0x8, 0x80000001, 0x1000, 0x5, 0x9, 0x8, 0x1, 0xf, 0x6, 0x5, 0xaa, 0x8001, 0x9e, 0x4, 0xee, 0x9, 0x7fffffff, 0x200, 0x7, 0x7fffffff, 0x8, 0x1, 0x3, 0x2, 0x400, 0x4, 0x1000, 0x697, 0xfffffffe, 0xe, 0x7, 0x8, 0x2, 0xc, 0x101, 0x4, 0x1, 0x200, 0x2, 0x6, 0xff, 0x7c, 0xfffffffa, 0x2, 0x10, 0x3, 0x342, 0x7, 0xfffeffff, 0x4, 0x7, 0x8, 0x7, 0x0, 0x6533, 0x15f2, 0x8, 0x7, 0xff, 0x4a5, 0x4, 0x3ff, 0xffffffff, 0x0, 0x7, 0xfffffe01, 0x1, 0x6f, 0x8, 0xf9, 0x6, 0x8, 0xfffffffa, 0x8, 0xfffffffa, 0x8000, 0xffffffff, 0xfffffffa, 0x80, 0x2142d85a, 0xfb, 0xd, 0x0, 0x101, 0x101, 0x80, 0x1, 0x94b6, 0xfffffff9, 0x4, 0x9, 0x7, 0x10000, 0x80000001, 0x7, 0x6, 0x8, 0x401, 0xfffffff9, 0xb4, 0x3, 0x80000000, 0x0, 0x57df, 0x1ff, 0x9, 0x22eacb61, 0x8, 0xa4, 0x3, 0xffff72c5, 0xb, 0x4, 0x0, 0x100, 0x2f17, 0x8, 0x0, 0x80e3, 0x80000001, 0x6, 0x9, 0x4a6, 0x101, 0x3, 0x2, 0x4, 0xb, 0x8, 0x3, 0x80, 0x8, 0x20000000, 0x6, 0x7ff, 0x800, 0x80000001, 0x3, 0x5, 0x4, 0x8, 0x100, 0x4, 0x7f, 0x6, 0x800, 0x80000000, 0x0, 0x2, 0x3616, 0xa7, 0x1, 0x4c, 0x7, 0x3, 0x2, 0x6, 0x2, 0xff, 0x3ff, 0x7, 0x2, 0x10, 0x800, 0x6, 0x0, 0x3, 0x4, 0x2, 0x0, 0x2, 0xb20, 0x8, 0x10, 0x1, 0xae9b, 0x9, 0x1, 0xff, 0x7, 0x6, 0xad5, 0x6, 0x6, 0x81, 0x6, 0x6, 0x1, 0x3, 0xeabc, 0x5, 0x7c36, 0x80000, 0x5, 0x9, 0x9, 0x10001, 0x0, 0x52e, 0x0, 0xb, 0x5, 0x7ff, 0x4, 0xb, 0x9, 0x3, 0x5, 0x8, 0x2, 0xe, 0x6, 0x879a, 0x9, 0x7, 0x6, 0x10, 0x7, 0x356, 0x3, 0x653, 0x6, 0x9, 0x100, 0x9, 0x0, 0x0, 0x7f, 0xfffff20b, 0x6, 0x19c6, 0x2, 0x8001, 0x6, 0xea6d, 0x3, 0x1, 0x8, 0x9, 0x8, 0x18000, 0x6, 0xffff, 0x3, 0x8, 0xd25c, 0x8, 0x2, 0xbcc, 0x1, 0xffffffff, 0xb, 0x4, 0x1, 0x8, 0x5, 0x7, 0xfffe000, 0x1, 0xb4ca, 0x9, 0x2, 0x1, 0x2, 0x4, 0x5, 0x8, 0xfffff037, 0x7, 0x4d, 0xf, 0x6, 0x180, 0x0, 0x60653e97, 0x101, 0x6, 0x98f, 0x22, 0x2, 0xff, 0x0, 0x7a, 0xf31, 0x8, 0x80000001, 0x0, 0x3, 0xb, 0x5, 0x2, 0x9, 0x9, 0x1, 0x2, 0x4, 0x3, 0x6, 0x9, 0x13bb, 0x2, 0xf28, 0xa, 0xffffffff, 0x4, 0x8, 0xfff, 0xe5c4, 0xc80c, 0x9, 0x3170, 0x2, 0x7, 0x8, 0x8, 0xffffffff, 0x3, 0x7ff, 0x0, 0x6, 0x9, 0x2, 0x6, 0xc, 0x1, 0xc9e, 0x2, 0xff, 0x1, 0x1, 0x5, 0x1ff, 0xffff0123, 0xff, 0xd0a8, 0x8d, 0x9, 0x5, 0x0, 0x7, 0x3, 0x2f9, 0x2, 0x7, 0xa44, 0x10001, 0x3ef70ce9, 0x7, 0x10000, 0x412, 0x7, 0x6, 0x7, 0x5, 0x5, 0x6, 0x2b, 0x9, 0x6b, 0x4, 0x4, 0x1, 0x6, 0x0, 0x2, 0xffffff80, 0x8000, 0x7, 0xffff, 0x8, 0x9, 0x8ef, 0x5, 0x3, 0x7, 0x8, 0xb22e, 0x4, 0x8e1e, 0x7, 0x4, 0x8, 0x1000, 0x81, 0x9, 0x9, 0x3, 0x8000, 0x1ff, 0x9, 0x8, 0x4, 0x8, 0xd8, 0x80, 0x5, 0xffff, 0x3f, 0x5, 0x7777, 0x3, 0x8, 0xdb, 0x2f, 0x1000, 0x0, 0x4, 0x32, 0x4, 0x8, 0x8, 0xfffffffc, 0x4, 0x3be0, 0x83, 0x80, 0x3, 0x1000, 0xfffffffe, 0x8, 0xfffffffa, 0x3f13, 0x3, 0x10001, 0xa0, 0xb8, 0x6, 0x1, 0xfff, 0x5, 0x6, 0xfffffffa, 0x8, 0x10000, 0x5, 0x2, 0xfffffffa, 0x286a6820, 0x0, 0x7, 0x0, 0x8, 0x5, 0x9, 0x7fffffff, 0xfffffffd, 0x4, 0x7fff, 0x4, 0x8, 0xf, 0x6, 0x8, 0x1, 0x3, 0x9, 0x4, 0x8, 0x0, 0x8, 0x4, 0x0, 0x8, 0x10001, 0x1fffc, 0x1, 0x8, 0x4, 0x3ff, 0xffff85cd, 0x5, 0x2, 0x4, 0x3, 0x4, 0x4, 0x6, 0x54b, 0x3e3d, 0x2, 0xfffffff8, 0x2, 0x1, 0x6, 0x8, 0x4, 0x3, 0x6, 0x7, 0xd9, 0x0, 0x9, 0xffffffff, 0x9, 0x8, 0x6, 0x2, 0x8001, 0x1, 0x7, 0x3, 0x0, 0x8000, 0x6, 0x6, 0x8, 0x5, 0x70, 0x4, 0x2, 0x3, 0xe7, 0x2, 0x8, 0x8, 0x6, 0xea8, 0x6, 0x8, 0x400, 0x0, 0xfffffc01, 0x5c, 0x7, 0x7, 0x8, 0x4, 0x7f, 0x2, 0x4, 0x9, 0x2, 0xfffff001, 0x5, 0x6, 0x2, 0xbf, 0x1000, 0xe, 0x1, 0x5, 0x100, 0xffff, 0xfffffffc, 0x9, 0x4, 0x5, 0x100, 0x7fff, 0xa09, 0x435a, 0xb, 0x3, 0x8, 0x5, 0x2, 0x9, 0x5, 0x8e, 0xfffff000, 0xff, 0xb3d, 0x8, 0x7a6e, 0x10001, 0x0, 0x3, 0xe, 0x5, 0x1, 0x10000, 0xffffffff, 0xfffffffd, 0x5, 0xfffffff2, 0x6, 0x5, 0x3, 0x1, 0x0, 0x4, 0x58482de2, 0xffffffff, 0x5, 0x6, 0x8, 0x2, 0x8, 0x3, 0x200, 0x0, 0x6c, 0x10000, 0x8a, 0x2, 0xb44, 0xc7f1, 0x80000000, 0x10000, 0x1, 0x4830, 0x1, 0x3, 0x10001, 0x8, 0x2, 0xfffffffc, 0x1ff, 0x9, 0x101, 0x4, 0x0, 0x40, 0x1, 0x1, 0x9, 0x7, 0x2, 0x6, 0x65f, 0x1a2, 0x7, 0x1, 0xc7c, 0xfffffff8, 0x100, 0x107, 0x4, 0x6, 0x8, 0x9, 0xff, 0x5, 0xffff, 0x9, 0x3, 0x47, 0x0, 0x9, 0x0, 0xda, 0x0, 0x8, 0x2, 0xfffffffc, 0x3, 0x2, 0x2, 0x3, 0x3, 0x0, 0x6, 0xb, 0x9, 0x6b26, 0x3, 0x400, 0x9, 0x10000, 0xf, 0x7, 0xb, 0x43, 0xfffff810, 0x7, 0x6, 0x3, 0x7f, 0x68f, 0xa, 0x3, 0x4f7dfb54, 0x30000, 0x6, 0x1, 0x6, 0x100, 0x1, 0x1, 0x1000, 0xdac1, 0x4, 0x1000, 0x80000000, 0x4, 0x2ac, 0x9, 0x5, 0x9, 0xffffff6e, 0x0, 0xffff58b1, 0x6000, 0x3, 0xdc, 0xaf7, 0x8000, 0x6, 0x1, 0x2, 0x7, 0x1, 0x8, 0x5af38316, 0xffff, 0x1, 0x4, 0x9, 0x1, 0x6f, 0xfffffff8, 0xfffffff9, 0x3, 0x0, 0x401, 0x9627, 0x5, 0x2, 0x8, 0x6, 0x1, 0x3, 0x0, 0x7, 0xfb, 0xf58, 0x80, 0x5, 0x0, 0x3, 0x80000001, 0x0, 0x9, 0x6, 0x18, 0x9, 0x1, 0x2, 0xfffffff7, 0x0, 0x0, 0x3, 0x0, 0xa5eb, 0x4, 0x0, 0x7, 0x6, 0x7, 0x0, 0xb, 0x7, 0x80, 0x0, 0x3, 0x128, 0x6, 0x4bb, 0x0, 0x7, 0x4, 0x487235d5, 0x6, 0xe50, 0x4caa, 0x9, 0x61af, 0x10001, 0xfff, 0x7, 0x2, 0x7, 0x9, 0x3, 0x1000, 0x2, 0x39a, 0x6, 0x1, 0x1ff, 0x80000000, 0x5, 0x3, 0x200, 0x3, 0x4, 0x7fff, 0x2, 0x258, 0xafb, 0x5d, 0x1, 0x101, 0x6, 0x28, 0x7ff, 0x9, 0xfffffff7, 0x1, 0xffffffff, 0x1, 0x5, 0xfffffa95, 0x1, 0xfff], 0x4, 0x400, 0x5})
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000400)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000020000ffffffffff00", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c55080000000c547d03d8a0f4bd00", [0x0, 0x6]}})

1.359019069s ago: executing program 8 (id=3325):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000040))

1.049514784s ago: executing program 4 (id=3329):
syz_emit_ethernet(0x66, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd601200b000303a0000000000000000000000000000000000ff020000000000000000000000000001a00090"], 0x0)

1.049171098s ago: executing program 4 (id=3330):
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$alg(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a)

1.049081338s ago: executing program 4 (id=3331):
syz_emit_ethernet(0x66, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd601200b000303a0000000000000000000000000000000000ff020000000000000000000000000001a00090"], 0x0) (fail_nth: 2)

939.887343ms ago: executing program 4 (id=3332):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x2, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000020000000000aa4e200e22"], 0x0)

934.906961ms ago: executing program 4 (id=3333):
socket(0x2b, 0x80801, 0x1)
socket(0x2b, 0x1, 0x1)
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
setresuid(0xffffffffffffffff, 0x0, 0xee01)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="14010020140001d7373423b947ae3a8b9e"], 0x114}, 0x1, 0x0, 0x0, 0x20004084}, 0x4000)

859.246495ms ago: executing program 4 (id=3334):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x52b6c295b2a635f1)
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r0, &(0x7f0000000540)=0x5, 0x12)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

99.932441ms ago: executing program 8 (id=3335):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4d6, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0x800}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

0s ago: executing program 5 (id=3336):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r0, &(0x7f0000000b00)=[{&(0x7f0000000940)='\r', 0x2000}], 0x2)

kernel console output (not intermixed with test programs):

0][T13982]  </TASK>
[  222.296418][T13984] GUP no longer grows the stack in syz.0.2640 (13984): 200000004000-20000000a000 (200000002000)
[  222.398028][T13984] CPU: 2 UID: 0 PID: 13984 Comm: syz.0.2640 Not tainted syzkaller #0 PREEMPT(full) 
[  222.398050][T13984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  222.398058][T13984] Call Trace:
[  222.398063][T13984]  <TASK>
[  222.398069][T13984]  dump_stack_lvl+0x16c/0x1f0
[  222.398095][T13984]  gup_vma_lookup+0x1d2/0x220
[  222.398110][T13984]  __get_user_pages+0x243/0x34a0
[  222.398130][T13984]  ? find_held_lock+0x2b/0x80
[  222.398149][T13984]  ? __pfx___get_user_pages+0x10/0x10
[  222.398167][T13984]  get_user_pages_remote+0x243/0xab0
[  222.398181][T13984]  ? mas_parent_gap+0x730/0x7b0
[  222.398196][T13984]  ? __pfx_get_user_pages_remote+0x10/0x10
[  222.398212][T13984]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  222.398231][T13984]  __access_remote_vm+0x24d/0x850
[  222.398246][T13984]  ? do_raw_spin_lock+0x12c/0x2b0
[  222.398260][T13984]  ? __pfx___access_remote_vm+0x10/0x10
[  222.398275][T13984]  proc_pid_cmdline_read+0x4de/0x8e0
[  222.398289][T13984]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  222.398303][T13984]  ? rw_verify_area+0xcf/0x6c0
[  222.398319][T13984]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  222.398332][T13984]  vfs_readv+0x5be/0x8b0
[  222.398351][T13984]  ? __pfx_vfs_readv+0x10/0x10
[  222.398368][T13984]  ? kmem_cache_free+0x2d1/0x4d0
[  222.398392][T13984]  ? __fget_files+0x20e/0x3c0
[  222.398406][T13984]  ? do_preadv+0x1a6/0x270
[  222.398421][T13984]  do_preadv+0x1a6/0x270
[  222.398436][T13984]  ? __pfx_do_preadv+0x10/0x10
[  222.398456][T13984]  do_syscall_64+0xcd/0x4e0
[  222.398471][T13984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.398483][T13984] RIP: 0033:0x7fe75ff8eec9
[  222.398494][T13984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.398505][T13984] RSP: 002b:00007fe760d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  222.398517][T13984] RAX: ffffffffffffffda RBX: 00007fe7601e5fa0 RCX: 00007fe75ff8eec9
[  222.398524][T13984] RDX: 0000000000000001 RSI: 0000200000001480 RDI: 0000000000000004
[  222.398531][T13984] RBP: 00007fe760011f91 R08: 00000000fffffffd R09: 0000000000000000
[  222.398537][T13984] R10: 0000000000000304 R11: 0000000000000246 R12: 0000000000000000
[  222.398544][T13984] R13: 00007fe7601e6038 R14: 00007fe7601e5fa0 R15: 00007ffe024cdaa8
[  222.398558][T13984]  </TASK>
[  222.496074][    C2] vkms_vblank_simulate: vblank timer overrun
[  222.510568][ T6038] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  222.660256][ T6038] usb 10-1: Using ep0 maxpacket: 32
[  222.664392][ T6038] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  222.669690][ T6038] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  222.672339][T13993] /dev/sr0: Can't open blockdev
[  222.672972][ T6038] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  222.677931][ T6038] usb 10-1: Product: syz
[  222.679395][ T6038] usb 10-1: Manufacturer: syz
[  222.681616][ T6038] usb 10-1: SerialNumber: syz
[  222.686469][ T6038] usb 10-1: config 0 descriptor??
[  222.688786][T13978] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  222.715826][T14002] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  222.767041][T14004] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2646'.
[  222.772669][ T5962] Bluetooth: hci1: unexpected event for opcode 0x0c14
[  222.828285][T14009] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2647'.
[  222.846827][T14011] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  222.969273][ T6038] usb 10-1: USB disconnect, device number 29
[  222.978645][T13978] netlink: 'syz.5.2637': attribute type 7 has an invalid length.
[  222.982596][T13978] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2637'.
[  222.985374][T14019] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  222.989113][T14019] IPv6: NLM_F_CREATE should be set when creating new route
[  222.992249][T14019] IPv6: NLM_F_CREATE should be set when creating new route
[  222.998043][T14019] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  223.003282][T14019] SELinux:  Context u:r:untrusted_app:s0:c512,c768 is not valid (left unmapped).
[  223.011026][   T40] audit: type=1400 audit(1759449856.475:1016): avc:  denied  { relabelto } for  pid=14017 comm="syz.0.2653" name="syz0" dev="cgroup" ino=504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="u:r:untrusted_app:s0:c512,c768"
[  223.018428][T14019] netlink: 'syz.0.2653': attribute type 10 has an invalid length.
[  223.021349][   T40] audit: type=1400 audit(1759449856.485:1017): avc:  denied  { associate } for  pid=14017 comm="syz.0.2653" name="syz0" dev="cgroup" ino=504 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="u:r:untrusted_app:s0:c512,c768"
[  223.021400][   T40] audit: type=1400 audit(1759449856.485:1018): avc:  denied  { add_name } for  pid=14017 comm="syz.0.2653" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="u:r:untrusted_app:s0:c512,c768"
[  223.021437][   T40] audit: type=1400 audit(1759449856.485:1019): avc:  denied  { create } for  pid=14017 comm="syz.0.2653" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  223.021471][   T40] audit: type=1400 audit(1759449856.485:1020): avc:  denied  { associate } for  pid=14017 comm="syz.0.2653" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  223.025009][T14019] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.077569][T14019] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.192933][T14024] /dev/sr0: Can't open blockdev
[  223.193760][T14031] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  223.199241][   T40] audit: type=1400 audit(1759449856.665:1021): avc:  denied  { write } for  pid=14023 comm="syz.7.2654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  223.245800][T14033] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  223.334581][   T40] audit: type=1400 audit(1759449856.805:1022): avc:  denied  { bind } for  pid=14034 comm="syz.0.2658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  223.339056][T14039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2658'.
[  223.507113][   T40] audit: type=1400 audit(1759449856.975:1023): avc:  denied  { getopt } for  pid=14049 comm="syz.0.2663" lport=54792 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  223.510511][T14052] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2663'.
[  223.926112][T14084] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2674'.
[  224.129733][T14104] FAULT_INJECTION: forcing a failure.
[  224.129733][T14104] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.136598][T14104] CPU: 2 UID: 0 PID: 14104 Comm: syz.4.2681 Not tainted syzkaller #0 PREEMPT(full) 
[  224.136621][T14104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  224.136631][T14104] Call Trace:
[  224.136650][T14104]  <TASK>
[  224.136657][T14104]  dump_stack_lvl+0x16c/0x1f0
[  224.136702][T14104]  should_fail_ex+0x512/0x640
[  224.136735][T14104]  _copy_to_user+0x32/0xd0
[  224.136760][T14104]  simple_read_from_buffer+0xcb/0x170
[  224.136787][T14104]  proc_fail_nth_read+0x197/0x240
[  224.136806][T14104]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  224.136825][T14104]  ? rw_verify_area+0xcf/0x6c0
[  224.136846][T14104]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  224.136863][T14104]  vfs_read+0x1e1/0xcf0
[  224.136891][T14104]  ? __pfx___mutex_lock+0x10/0x10
[  224.136911][T14104]  ? __pfx_vfs_read+0x10/0x10
[  224.136942][T14104]  ? __fget_files+0x20e/0x3c0
[  224.136965][T14104]  ksys_read+0x12a/0x250
[  224.136990][T14104]  ? __pfx_ksys_read+0x10/0x10
[  224.137023][T14104]  do_syscall_64+0xcd/0x4e0
[  224.137043][T14104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.137058][T14104] RIP: 0033:0x7f8e4698d8dc
[  224.137071][T14104] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  224.137085][T14104] RSP: 002b:00007f8e478c4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  224.137101][T14104] RAX: ffffffffffffffda RBX: 00007f8e46be5fa0 RCX: 00007f8e4698d8dc
[  224.137111][T14104] RDX: 000000000000000f RSI: 00007f8e478c40a0 RDI: 0000000000000004
[  224.137119][T14104] RBP: 00007f8e478c4090 R08: 0000000000000000 R09: 0000000000000000
[  224.137128][T14104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  224.137136][T14104] R13: 00007f8e46be6038 R14: 00007f8e46be5fa0 R15: 00007ffc995d64f8
[  224.137158][T14104]  </TASK>
[  224.370570][T14116] openvswitch: netlink: Message has 24 unknown bytes.
[  224.373320][T14116] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  224.737110][T14137] netlink: 'syz.5.2695': attribute type 63 has an invalid length.
[  224.747816][T14132] bridge0: port 3(syz_tun) entered disabled state
[  224.760886][T14132] syz_tun (unregistering): left allmulticast mode
[  224.763290][T14132] syz_tun (unregistering): left promiscuous mode
[  224.765500][T14132] bridge0: port 3(syz_tun) entered disabled state
[  224.959251][T14142] random: crng reseeded on system resumption
[  224.966924][T14142] Restarting kernel threads ...
[  224.969451][T14142] Done restarting kernel threads.
[  225.040299][ T6759] usb 9-1: new full-speed USB device number 38 using dummy_hcd
[  225.108575][T14145] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2700'.
[  225.112221][T14145] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2700'.
[  225.215042][ T6759] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  225.216308][T14157] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  225.218731][ T6759] usb 9-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  225.232720][ T6759] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  225.236841][ T6759] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.248484][ T6759] usbtmc 9-1:16.0: bulk endpoints not found
[  225.280379][ T5955] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  225.286079][ T5955] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  225.294723][ T5955] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  225.299026][ T5955] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  225.307025][ T5955] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  225.430963][T14168] ieee802154 phy0 wpan0: encryption failed: -22
[  225.440195][   T56] usb 10-1: new low-speed USB device number 30 using dummy_hcd
[  225.475544][T14160] chnl_net:caif_netlink_parms(): no params data found
[  225.571127][T14160] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.574092][T14160] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.577165][T14160] bridge_slave_0: entered allmulticast mode
[  225.581093][T14160] bridge_slave_0: entered promiscuous mode
[  225.586835][T14160] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.590499][T14160] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.592286][   T56] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  225.592860][T14160] bridge_slave_1: entered allmulticast mode
[  225.595922][   T56] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.598618][T14160] bridge_slave_1: entered promiscuous mode
[  225.602471][   T56] usb 10-1: config 0 has no interface number 0
[  225.608198][   T56] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  225.612614][   T56] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.616849][   T56] usb 10-1: config 0 descriptor??
[  225.625547][   T56] iowarrior 10-1:0.1: no interrupt-in endpoint found
[  225.666753][T14160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.674834][T14160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.740997][T14160] team0: Port device team_slave_0 added
[  225.746367][T14160] team0: Port device team_slave_1 added
[  225.808077][T14160] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.812237][T14160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.823121][T14160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.828853][ T1024] usb 10-1: USB disconnect, device number 30
[  225.832021][T14160] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.835453][T14160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.848646][T14160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.908027][T14160] hsr_slave_0: entered promiscuous mode
[  225.911115][T14160] hsr_slave_1: entered promiscuous mode
[  225.913943][T14160] debugfs: 'hsr0' already exists in 'hsr'
[  225.916258][T14160] Cannot create hsr debugfs directory
[  225.933018][T14183] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.938200][T14183] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.242847][T14160] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  226.249445][T14160] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  226.258103][T14160] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  226.264996][T14160] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  226.335791][T14160] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.351712][T14160] 8021q: adding VLAN 0 to HW filter on device team0
[  226.358588][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[  226.361898][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  226.372450][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.376119][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  226.553373][T14160] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.656885][T14216] IPVS: set_ctl: invalid protocol: 8192 73.127.0.0:0
[  226.812736][T14160] veth0_vlan: entered promiscuous mode
[  226.819136][T14160] veth1_vlan: entered promiscuous mode
[  226.842047][T14160] veth0_macvtap: entered promiscuous mode
[  226.858349][T14160] veth1_macvtap: entered promiscuous mode
[  226.877469][T14160] batman_adv: batadv0: Interface activated: batadv_slave_0
[  226.889244][T14160] batman_adv: batadv0: Interface activated: batadv_slave_1
[  226.901589][ T1249] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  226.905166][ T1249] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  226.923207][T14235] team_slave_0: entered promiscuous mode
[  226.926736][T14235] team_slave_0: left promiscuous mode
[  226.934853][ T1249] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  226.938701][ T1249] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.007096][T12775] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.009543][T12775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.049404][ T1249] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.052345][ T1249] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.390329][ T5962] Bluetooth: hci1: command tx timeout
[  227.580413][   T54] usb 10-1: new full-speed USB device number 31 using dummy_hcd
[  227.743031][   T54] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  227.746447][   T54] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  227.749597][   T54] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  227.754949][   T54] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  227.760015][   T54] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.771328][   T54] usbtmc 10-1:16.0: probe with driver usbtmc failed with error -22
[  227.809891][   T54] usb 9-1: USB disconnect, device number 38
[  228.042849][T14268] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2734'.
[  228.221514][T14276] openvswitch: netlink: IP tunnel dst address not specified
[  228.313244][T14279] mac80211_hwsim hwsim26 wlan1: entered allmulticast mode
[  228.329811][T14279] netlink: 'syz.8.2739': attribute type 10 has an invalid length.
[  228.334001][T14279] mac80211_hwsim hwsim26 wlan1: left allmulticast mode
[  228.478111][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  228.478127][   T40] audit: type=1400 audit(1759449861.945:1029): avc:  denied  { read } for  pid=14286 comm="syz.8.2742" name="btrfs-control" dev="devtmpfs" ino=1341 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  228.492931][   T40] audit: type=1400 audit(1759449861.945:1030): avc:  denied  { open } for  pid=14286 comm="syz.8.2742" path="/dev/btrfs-control" dev="devtmpfs" ino=1341 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  228.906518][T14292] sp0: Synchronizing with TNC
[  229.123264][T14303] fuse: Unknown parameter 'groupS2®Ž÷v}Áº£¸�ÿ똮8]Ñ™
g_­„“¯(
îá£ÝÐe)…Ò•¸qáT
[  229.123264][T14303] &KÌ¡ouM‹iÛ¶‚3Ÿ
[  229.123264][T14303] |�Lo©LwœßD:ýN‡öðK2iÖ³ÕNÍÿß?é˜+D7ž/è¸é¯òÀ­ýT3}‚©"±Hm£ä¤
[  229.123264][T14303] úR¨dñd`±½æä�jO�S»úÅE¯Þ
[  229.123264][T14303] ñz00000000000000000000'
[  229.352879][T14318] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2754'.
[  229.357166][T14318] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2754'.
[  229.627175][   T40] audit: type=1400 audit(1759449863.095:1031): avc:  denied  { read } for  pid=14333 comm="syz.7.2759" lport=60712 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  229.742697][T14347] netlink: 'syz.7.2763': attribute type 1 has an invalid length.
[  229.745477][T14347] netlink: 228 bytes leftover after parsing attributes in process `syz.7.2763'.
[  229.806328][T14349] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�zR'
[  229.812804][T14349] CPU: 3 UID: 0 PID: 14349 Comm: syz.4.2764 Not tainted syzkaller #0 PREEMPT(full) 
[  229.812831][T14349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  229.812844][T14349] Call Trace:
[  229.812850][T14349]  <TASK>
[  229.812858][T14349]  dump_stack_lvl+0x16c/0x1f0
[  229.812912][T14349]  sysfs_warn_dup+0x7f/0xa0
[  229.812935][T14349]  sysfs_do_create_link_sd+0x124/0x140
[  229.812963][T14349]  sysfs_create_link+0x61/0xc0
[  229.812992][T14349]  device_add+0x62c/0x1aa0
[  229.813026][T14349]  ? __pfx_device_add+0x10/0x10
[  229.813045][T14349]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  229.813075][T14349]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  229.813103][T14349]  wiphy_register+0x1df4/0x29f0
[  229.813125][T14349]  ? netdev_run_todo+0x864/0x1320
[  229.813148][T14349]  ? __dev_printk+0x1d0/0x270
[  229.813177][T14349]  ? __pfx_wiphy_register+0x10/0x10
[  229.813209][T14349]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  229.813235][T14349]  ieee80211_register_hw+0x2546/0x4120
[  229.813267][T14349]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  229.813294][T14349]  ? find_held_lock+0x2b/0x80
[  229.813319][T14349]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  229.813343][T14349]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  229.813370][T14349]  ? __hrtimer_setup+0x176/0x280
[  229.813395][T14349]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  229.813430][T14349]  ? trace_kmalloc+0x2b/0xd0
[  229.813448][T14349]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  229.813476][T14349]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  229.813495][T14349]  ? hwsim_new_radio_nl+0xa0e/0x12c0
[  229.813517][T14349]  ? __asan_memcpy+0x3c/0x60
[  229.813546][T14349]  hwsim_new_radio_nl+0xb51/0x12c0
[  229.813571][T14349]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  229.813602][T14349]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  229.813629][T14349]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  229.813661][T14349]  genl_family_rcv_msg_doit+0x209/0x2f0
[  229.813688][T14349]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  229.813724][T14349]  ? bpf_lsm_capable+0x9/0x10
[  229.813744][T14349]  ? security_capable+0x7e/0x260
[  229.813765][T14349]  ? ns_capable+0xd7/0x110
[  229.813790][T14349]  genl_rcv_msg+0x55c/0x800
[  229.813819][T14349]  ? __pfx_genl_rcv_msg+0x10/0x10
[  229.813845][T14349]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  229.813870][T14349]  ? __lock_acquire+0x62e/0x1ce0
[  229.813893][T14349]  netlink_rcv_skb+0x158/0x420
[  229.813917][T14349]  ? __pfx_genl_rcv_msg+0x10/0x10
[  229.813944][T14349]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  229.813985][T14349]  ? netlink_deliver_tap+0x1ae/0xd30
[  229.814008][T14349]  ? selinux_netlink_send+0x578/0x830
[  229.814029][T14349]  ? is_vmalloc_addr+0x86/0xa0
[  229.814058][T14349]  genl_rcv+0x28/0x40
[  229.814079][T14349]  netlink_unicast+0x5a7/0x870
[  229.814106][T14349]  ? __pfx_netlink_unicast+0x10/0x10
[  229.814130][T14349]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  229.814159][T14349]  netlink_sendmsg+0x8d1/0xdd0
[  229.814186][T14349]  ? __pfx_netlink_sendmsg+0x10/0x10
[  229.814220][T14349]  ____sys_sendmsg+0xa98/0xc70
[  229.814246][T14349]  ? copy_msghdr_from_user+0x10a/0x160
[  229.814266][T14349]  ? __pfx_____sys_sendmsg+0x10/0x10
[  229.814304][T14349]  ___sys_sendmsg+0x134/0x1d0
[  229.814326][T14349]  ? __pfx____sys_sendmsg+0x10/0x10
[  229.814380][T14349]  __sys_sendmsg+0x16d/0x220
[  229.814401][T14349]  ? __pfx___sys_sendmsg+0x10/0x10
[  229.814421][T14349]  ? __x64_sys_futex+0x1e0/0x4c0
[  229.814457][T14349]  do_syscall_64+0xcd/0x4e0
[  229.814481][T14349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.814500][T14349] RIP: 0033:0x7f8e4698eec9
[  229.814516][T14349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.814533][T14349] RSP: 002b:00007f8e478c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  229.814553][T14349] RAX: ffffffffffffffda RBX: 00007f8e46be5fa0 RCX: 00007f8e4698eec9
[  229.814565][T14349] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000005
[  229.814576][T14349] RBP: 00007f8e46a11f91 R08: 0000000000000000 R09: 0000000000000000
[  229.814587][T14349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  229.814598][T14349] R13: 00007f8e46be6038 R14: 00007f8e46be5fa0 R15: 00007ffc995d64f8
[  229.814622][T14349]  </TASK>
[  229.980743][   T29] usb 13-1: new full-speed USB device number 2 using dummy_hcd
[  230.144383][   T29] usb 13-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  230.148637][   T29] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  230.152730][   T29] usb 13-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  230.157909][   T29] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  230.162246][   T29] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.173048][   T29] usbtmc 13-1:16.0: bulk endpoints not found
[  230.277301][T14361] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2768'.
[  230.295471][T14365] ./bus: Can't lookup blockdev
[  230.302458][T14365] binder: BINDER_SET_CONTEXT_MGR already set
[  230.305382][T14365] binder: 14364:14365 ioctl 4018620d 200000000100 returned -16
[  230.335851][    T9] usb 10-1: USB disconnect, device number 31
[  230.411391][   T40] audit: type=1400 audit(1759449863.885:1032): avc:  denied  { setattr } for  pid=14371 comm="syz.5.2772" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  230.413532][T14372] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14372 comm=syz.5.2772
[  230.432122][ T5962] Bluetooth: hci1: command tx timeout
[  230.435501][   T40] audit: type=1400 audit(1759449863.905:1033): avc:  denied  { bind } for  pid=14373 comm="syz.7.2773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  230.442695][   T40] audit: type=1400 audit(1759449863.905:1034): avc:  denied  { mounton } for  pid=14373 comm="syz.7.2773" path="/syzcgroup/unified/syz7" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  230.465918][   T40] audit: type=1400 audit(1759449863.935:1035): avc:  denied  { getopt } for  pid=14376 comm="syz.5.2774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  230.472202][T14377] 9p: Unknown uid 00000000004294967295
[  230.497452][T14379] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2775'.
[  230.514122][T14379] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.550384][T12867] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[  230.694626][   T40] audit: type=1400 audit(1759449864.165:1036): avc:  denied  { read } for  pid=14387 comm="syz.7.2777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  230.702370][T12867] usb 9-1: too many configurations: 9, using maximum allowed: 8
[  230.709903][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.715977][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.720752][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.724519][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.728305][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.735696][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.739742][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.745991][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.750009][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.753791][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.756966][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.760735][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.761577][T14402] team_slave_0: entered promiscuous mode
[  230.763991][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.766370][T14402] batadv0: entered promiscuous mode
[  230.768050][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.770689][T14402] hsr2: Slave A (team_slave_0) is not up; please bring it up to get a fully working HSR network
[  230.773958][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.780040][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.785161][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.789583][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.793078][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.796488][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.800045][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.803225][T12867] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.806673][T12867] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.811135][T12867] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.815183][T12867] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  230.818908][T12867] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  230.822520][T12867] usb 9-1: Product: syz
[  230.824301][T12867] usb 9-1: Manufacturer: syz
[  230.826838][T12867] usb 9-1: SerialNumber: syz
[  230.833094][T12867] usb 9-1: config 0 descriptor??
[  230.840729][T12867] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  230.990565][T13374] usb 12-1: new high-speed USB device number 7 using dummy_hcd
[  231.040271][T12867] usb 9-1: USB disconnect, device number 39
[  231.048033][T12867] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  231.154653][T13374] usb 12-1: config 0 has an invalid interface number: 50 but max is 0
[  231.158111][T13374] usb 12-1: config 0 has no interface number 0
[  231.161723][T13374] usb 12-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  231.169574][T13374] usb 12-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  231.173853][T13374] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.177211][T13374] usb 12-1: Product: syz
[  231.178686][T13374] usb 12-1: Manufacturer: syz
[  231.180290][T13374] usb 12-1: SerialNumber: syz
[  231.183419][T13374] usb 12-1: config 0 descriptor??
[  231.192058][T13374] yurex 12-1:0.50: USB YUREX device now attached to Yurex #0
[  231.251406][T14421] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2786'.
[  231.255404][T14421] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2786'.
[  231.329444][T14423] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2787'.
[  231.332899][T14423] netlink: 'syz.5.2787': attribute type 1 has an invalid length.
[  231.335910][T14423] netlink: 'syz.5.2787': attribute type 2 has an invalid length.
[  231.338523][T14423] netlink: 'syz.5.2787': attribute type 3 has an invalid length.
[  231.447154][    C2] usb 12-1: yurex_control_callback - control failed: -71
[  231.449641][ T6759] usb 12-1: USB disconnect, device number 7
[  231.453338][ T6759] yurex 12-1:0.50: USB YUREX #0 now disconnected
[  231.534305][T14426] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2788'.
[  231.685812][T14439] kAFS: Can only specify source 'none' with -o dyn
[  231.689051][T14439] kAFS: unparsable volume name
[  231.692600][T14439] kAFS: unparsable volume name
[  231.694473][T14439] kAFS: unparsable volume name
[  231.696153][T14439] kAFS: unparsable volume name
[  231.697835][T14439] kAFS: unparsable volume name
[  231.699508][T14439] kAFS: unparsable volume name
[  231.701572][T14439] kAFS: unparsable volume name
[  231.703402][T14439] kAFS: unparsable volume name
[  231.705328][T14439] kAFS: unparsable volume name
[  231.707417][T14439] kAFS: unparsable volume name
[  231.709717][T14439] kAFS: unparsable volume name
[  231.712711][T14439] kAFS: unparsable volume name
[  231.714587][T14439] kAFS: unparsable volume name
[  231.716301][T14439] kAFS: unparsable volume name
[  231.717978][T14439] kAFS: unparsable volume name
[  231.719713][T14439] kAFS: unparsable volume name
[  231.722651][T14439] kAFS: unparsable volume name
[  231.724426][T14439] kAFS: unparsable volume name
[  231.726052][T14439] kAFS: unparsable volume name
[  231.727890][T14439] kAFS: unparsable volume name
[  231.729562][T14439] kAFS: unparsable volume name
[  231.731522][T14439] kAFS: unparsable volume name
[  231.733477][T14439] kAFS: unparsable volume name
[  231.735369][T14439] kAFS: unparsable volume name
[  231.737125][T14439] kAFS: unparsable volume name
[  231.739053][T14439] kAFS: unparsable volume name
[  231.741757][T14439] kAFS: unparsable volume name
[  232.067074][   T40] audit: type=1400 audit(1759449865.535:1037): avc:  denied  { write } for  pid=14475 comm="syz.7.2805" name="ndctl0" dev="devtmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  232.207911][T14484] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  232.210414][T14484] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  232.216910][T14484] vhci_hcd vhci_hcd.0: Device attached
[  232.220352][T14485] vhci_hcd: cannot find the pending unlink 1023
[  232.226548][T14485] vhci_hcd: cannot find the pending unlink 1023
[  232.226952][T14484] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(6)
[  232.232238][T14484] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  232.235844][T14484] vhci_hcd vhci_hcd.0: Device attached
[  232.253075][T14488] vhci_hcd: connection closed
[  232.254493][T14485] vhci_hcd: connection closed
[  232.256622][   T12] vhci_hcd: stop threads
[  232.261371][   T12] vhci_hcd: release socket
[  232.263482][   T12] vhci_hcd: disconnect device
[  232.265906][   T12] vhci_hcd: stop threads
[  232.267799][   T12] vhci_hcd: release socket
[  232.270535][   T12] vhci_hcd: disconnect device
[  232.309284][T14492] netlink: 'syz.4.2806': attribute type 13 has an invalid length.
[  232.313668][T14492] netlink: 'syz.4.2806': attribute type 17 has an invalid length.
[  232.359722][T14492] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  232.537783][T14508] vxfs: WRONG superblock magic 00000000 at 1
[  232.556984][T14508] vxfs: WRONG superblock magic 00000000 at 8
[  232.562063][T14508] vxfs: can't find superblock.
[  232.714981][ T1024] usb 13-1: USB disconnect, device number 2
[  232.738654][T14521] netlink: 'syz.8.2816': attribute type 1 has an invalid length.
[  232.893031][T14531] netlink: 'syz.5.2817': attribute type 7 has an invalid length.
[  232.895679][T14531] netlink: 'syz.5.2817': attribute type 8 has an invalid length.
[  232.900028][   T40] audit: type=1400 audit(1759449866.365:1038): avc:  denied  { map } for  pid=14532 comm="syz.7.2819" path="socket:[70928]" dev="sockfs" ino=70928 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  233.120945][ T1024] usb 13-1: new full-speed USB device number 3 using dummy_hcd
[  233.273043][ T1024] usb 13-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  233.276875][ T1024] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  233.280768][ T1024] usb 13-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  233.284948][ T1024] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  233.287889][ T1024] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.297937][ T1024] usbtmc 13-1:16.0: bulk endpoints not found
[  233.400306][    T9] usb 12-1: new full-speed USB device number 8 using dummy_hcd
[  233.572538][    T9] usb 12-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  233.577790][    T9] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  233.582862][    T9] usb 12-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  233.589347][    T9] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  233.593413][    T9] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.602792][    T9] usbtmc 12-1:16.0: bulk endpoints not found
[  233.621474][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  233.621491][   T40] audit: type=1400 audit(1759449867.095:1040): avc:  denied  { watch_sb watch_reads } for  pid=14558 comm="syz.5.2829" path="/529/file0" dev="tmpfs" ino=2770 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  233.976050][T14574] validate_nla: 1 callbacks suppressed
[  233.976073][T14574] netlink: 'syz.4.2832': attribute type 10 has an invalid length.
[  233.984949][T14574] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.989728][T14574] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  234.047936][T14574] __nla_validate_parse: 10 callbacks suppressed
[  234.047951][T14574] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2832'.
[  234.219712][T14582] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2834'.
[  234.224086][T14582] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2834'.
[  234.260325][ T5955] Bluetooth: hci1: command 0x0406 tx timeout
[  234.342701][T14588] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2836'.
[  234.345925][T14588] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2836'.
[  234.501064][T14596] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2838'.
[  234.507795][T14596] ip6gre1: entered allmulticast mode
[  234.564325][T14598] netlink: 'syz.4.2839': attribute type 1 has an invalid length.
[  234.568511][T14598] netlink: 228 bytes leftover after parsing attributes in process `syz.4.2839'.
[  234.967196][T14618] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2844'.
[  235.050505][T13374] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  235.053320][   T40] audit: type=1800 audit(1759449868.525:1041): pid=14622 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.2846" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0
[  235.064194][T13374] hid-generic 0000:0000:0000.000B: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  235.083643][   T40] audit: type=1400 audit(1759449868.555:1042): avc:  denied  { map } for  pid=14621 comm="syz.4.2846" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[  235.092978][   T40] audit: type=1400 audit(1759449868.555:1043): avc:  denied  { execute_no_trans } for  pid=14621 comm="syz.4.2846" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F520C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="hugetlbfs" ino=69458 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  235.672839][T14645] input: syz1 as /devices/virtual/input/input23
[  235.726306][   T40] audit: type=1400 audit(1759450125.197:1044): avc:  denied  { execute } for  pid=14646 comm="syz.4.2855" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=757 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  235.817650][T12867] usb 13-1: USB disconnect, device number 3
[  235.839368][   T40] audit: type=1400 audit(1759450125.307:1045): avc:  denied  { name_bind } for  pid=14651 comm="syz.8.2857" src=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  235.844798][T14652] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2857'.
[  235.877732][T14654] IPv6: NLM_F_CREATE should be specified when creating new route
[  236.149567][ T6759] usb 12-1: USB disconnect, device number 8
[  236.278566][T14670] lo: entered promiscuous mode
[  236.306499][T14670] netlink: 124 bytes leftover after parsing attributes in process `syz.8.2863'.
[  236.311840][   T40] audit: type=1400 audit(1759450125.787:1046): avc:  denied  { setopt } for  pid=14669 comm="syz.8.2863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  236.442598][   T40] audit: type=1400 audit(1759450125.917:1047): avc:  denied  { connect } for  pid=14678 comm="syz.8.2865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  236.809560][T14701] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=261 sclass=netlink_route_socket pid=14701 comm=syz.5.2873
[  236.878148][T14716] team_slave_0: entered promiscuous mode
[  236.882406][T14716] team_slave_0: left promiscuous mode
[  237.154919][T14741] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  237.157746][T14741] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  237.162765][T14741] vhci_hcd vhci_hcd.0: Device attached
[  237.165832][T14747] vhci_hcd: cannot find the pending unlink 1023
[  237.166668][T14741] netlink: 'syz.5.2885': attribute type 13 has an invalid length.
[  237.172473][T14741] netlink: 'syz.5.2885': attribute type 17 has an invalid length.
[  237.176231][T14741] "syz.5.2885" (14741) uses obsolete ecb(arc4) skcipher
[  237.220400][T14747] vhci_hcd: connection closed
[  237.222080][   T61] vhci_hcd: stop threads
[  237.226666][   T61] vhci_hcd: release socket
[  237.228464][   T61] vhci_hcd: disconnect device
[  237.290429][T12867] usb 9-1: new low-speed USB device number 40 using dummy_hcd
[  237.298507][T14754] fuse: Bad value for 'fd'
[  237.301511][   T40] audit: type=1400 audit(1759450126.777:1048): avc:  denied  { call } for  pid=14751 comm="syz.8.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  237.308669][   T40] audit: type=1400 audit(1759450126.777:1049): avc:  denied  { transfer } for  pid=14751 comm="syz.8.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  237.442892][T12867] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  237.445816][T12867] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  237.449973][T12867] usb 9-1: config 0 has no interface number 0
[  237.460240][T12867] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  237.463287][T12867] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.467475][T12867] usb 9-1: config 0 descriptor??
[  237.472067][T12867] iowarrior 9-1:0.1: no interrupt-in endpoint found
[  237.479666][T14760] kvm: vcpu 0: requested 1664 ns lapic timer period limited to 200000 ns
[  237.610688][T14766] overlayfs: statfs failed on './file0'
[  237.674206][T14737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=41235 sclass=netlink_route_socket pid=14737 comm=syz.4.2883
[  237.679658][T13374] usb 9-1: USB disconnect, device number 40
[  237.870663][T14783] team_slave_0: entered promiscuous mode
[  237.874743][T14783] team_slave_0: left promiscuous mode
[  237.940436][T12867] usb 13-1: new full-speed USB device number 4 using dummy_hcd
[  237.979160][T14790] mkiss: ax0: crc mode is auto.
[  238.091909][T12867] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  238.096068][T12867] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  238.103692][T12867] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  238.106896][T12867] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.318455][T12867] usb 13-1: usb_control_msg returned -32
[  238.320446][T12867] usbtmc 13-1:16.0: can't read capabilities
[  238.325675][T12867] usb 13-1: USB disconnect, device number 4
[  238.362323][T14811] xt_limit: Overflow, try lower: 271964/0
[  238.509407][T14816] CUSE: unknown device info ""
[  238.511989][T14816] CUSE: zero length info key specified
[  238.520725][   T56] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[  238.681831][   T56] usb 10-1: config 0 has no interfaces?
[  238.686069][   T56] usb 10-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  238.690411][   T56] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.693670][   T56] usb 10-1: Product: syz
[  238.695420][   T56] usb 10-1: Manufacturer: syz
[  238.697352][   T56] usb 10-1: SerialNumber: syz
[  238.701875][   T56] usb 10-1: config 0 descriptor??
[  238.857567][T13374] usb 9-1: new low-speed USB device number 41 using dummy_hcd
[  238.996368][T14806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.999899][T14806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  239.013235][T13374] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  239.016762][T13374] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  239.021985][T13374] usb 9-1: config 0 has no interface number 0
[  239.024463][T13374] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  239.028213][T13374] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.035358][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  239.035380][   T40] audit: type=1400 audit(1759450128.507:1051): avc:  denied  { create } for  pid=14832 comm="syz.7.2919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  239.041216][T13374] usb 9-1: config 0 descriptor??
[  239.067233][T13374] iowarrior 9-1:0.1: no interrupt-in endpoint found
[  239.200872][T14841] Can't find a SQUASHFS superblock on nullb0
[  239.277239][T14845] __nla_validate_parse: 4 callbacks suppressed
[  239.277252][T14845] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.2922'.
[  239.286586][   T56] usb 9-1: USB disconnect, device number 41
[  239.640674][T14864] ubi31: attaching mtd0
[  239.644981][T14864] ubi31: scanning is finished
[  239.647160][T14864] ubi31: empty MTD device detected
[  239.654320][T14866] team_slave_0: entered promiscuous mode
[  239.657322][T14866] team_slave_0: left promiscuous mode
[  239.744421][T14864] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  239.747072][T14864] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  239.749482][T14864] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  239.755001][T14864] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  239.760437][T14864] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  239.762874][T14864] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  239.765571][T14864] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 889096582
[  239.769440][T14864] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  239.778502][T14868] ubi31: background thread "ubi_bgt31d" started, PID 14868
[  239.898195][T14875] SELinux:  truncated policydb string identifier
[  239.902675][T14875] SELinux: failed to load policy
[  240.071285][T14883] tipc: Started in network mode
[  240.073600][T14883] tipc: Node identity , cluster identity 4711
[  240.076676][T14883] tipc: Failed to obtain node identity
[  240.078987][T14883] tipc: Enabling of bearer <eth:sit0> rejected, failed to enable media
[  240.123750][   T40] audit: type=1400 audit(1759450129.597:1052): avc:  denied  { getopt } for  pid=14884 comm="syz.7.2936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  240.188673][   T40] audit: type=1400 audit(1759450129.657:1053): avc:  denied  { write } for  pid=14887 comm="syz.7.2937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  240.196800][T14888] 9p: Unknown Cache mode or invalid value fs
[  240.264732][   T40] audit: type=1400 audit(1759450129.737:1054): avc:  denied  { remount } for  pid=14892 comm="syz.8.2939" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  240.309091][T14893] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.390434][T14893] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.498888][T14893] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.579546][T14893] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.636913][T14895] binder: BINDER_SET_CONTEXT_MGR already set
[  240.639556][T14895] binder: 14894:14895 ioctl 4018620d 2000000000c0 returned -16
[  240.646761][T14895] binder: BINDER_SET_CONTEXT_MGR already set
[  240.649560][T14895] binder: 14894:14895 ioctl 4018620d 200000000040 returned -16
[  240.695238][T12775] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  240.700443][   T56] usb 12-1: new high-speed USB device number 9 using dummy_hcd
[  240.708722][ T1152] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  240.718678][ T1152] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  240.734479][ T1152] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  240.788383][T14901] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2942'.
[  240.793493][T14901] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2942'.
[  240.853693][   T56] usb 12-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  240.856539][   T56] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.859052][   T40] audit: type=1400 audit(1759450130.327:1055): avc:  denied  { getopt } for  pid=14903 comm="syz.8.2944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  240.865565][   T56] usb 12-1: Product: syz
[  240.867162][   T56] usb 12-1: Manufacturer: syz
[  240.869017][   T56] usb 12-1: SerialNumber: syz
[  240.882263][   T56] usb 12-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  240.926721][ T1024] usb 12-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  241.110397][   T54] usb 9-1: new full-speed USB device number 42 using dummy_hcd
[  241.134483][ T6759] usb 12-1: USB disconnect, device number 9
[  241.250854][   T24] usb 10-1: USB disconnect, device number 32
[  241.271891][   T54] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  241.275905][   T54] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  241.280854][   T54] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  241.283576][   T54] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.496369][   T54] usb 9-1: usb_control_msg returned -32
[  241.498316][   T54] usbtmc 9-1:16.0: can't read capabilities
[  241.513935][   T54] usb 9-1: USB disconnect, device number 42
[  241.685914][   T40] audit: type=1800 audit(1759450131.157:1056): pid=14923 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.2951" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  241.743432][T14926] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2953'.
[  241.746919][T14926] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2953'.
[  241.825155][T14935] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2956'.
[  241.829416][T14935] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2956'.
[  241.940888][ T1024] ath9k_htc 12-1:1.0: ath9k_htc: Target is unresponsive
[  241.945398][ T1024] ath9k_htc: Failed to initialize the device
[  241.953581][ T6759] usb 12-1: ath9k_htc: USB layer deinitialized
[  241.958674][   T40] audit: type=1400 audit(1759450131.427:1057): avc:  denied  { bind } for  pid=14938 comm="syz.5.2958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  241.972118][   T40] audit: type=1400 audit(1759450131.447:1058): avc:  denied  { listen } for  pid=14938 comm="syz.5.2958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  241.978186][   T40] audit: type=1400 audit(1759450131.447:1059): avc:  denied  { accept } for  pid=14938 comm="syz.5.2958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  242.108953][T14959] netlink: 'syz.7.2963': attribute type 1 has an invalid length.
[  242.128419][T14962] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2964'.
[  242.133068][T14962] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2964'.
[  242.169015][T14959] 8021q: adding VLAN 0 to HW filter on device bond2
[  242.173258][T14959] bond1: (slave bond2): making interface the new active one
[  242.177346][T14959] bond1: (slave bond2): Enslaving as an active interface with an up link
[  242.189441][T14959] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1107 sclass=netlink_route_socket pid=14959 comm=syz.7.2963
[  242.222025][T14966] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14966 comm=syz.8.2965
[  242.381513][T14985] netlink: 'syz.7.2972': attribute type 10 has an invalid length.
[  242.393773][T14986] FAULT_INJECTION: forcing a failure.
[  242.393773][T14986] name failslab, interval 1, probability 0, space 0, times 0
[  242.396229][T14985] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2972'.
[  242.399350][T14986] CPU: 3 UID: 0 PID: 14986 Comm: syz.4.2970 Not tainted syzkaller #0 PREEMPT(full) 
[  242.399376][T14986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  242.399387][T14986] Call Trace:
[  242.399395][T14986]  <TASK>
[  242.399403][T14986]  dump_stack_lvl+0x16c/0x1f0
[  242.399476][T14986]  should_fail_ex+0x512/0x640
[  242.399508][T14986]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  242.399535][T14986]  should_failslab+0xc2/0x120
[  242.399553][T14986]  __kmalloc_cache_noprof+0x6a/0x3e0
[  242.399576][T14986]  ? rcu_is_watching+0x12/0xc0
[  242.399600][T14986]  ? vhost_task_create+0xe5/0x370
[  242.399622][T14986]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  242.399652][T14986]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  242.399678][T14986]  vhost_task_create+0xe5/0x370
[  242.399698][T14986]  ? __pfx_vhost_task_create+0x10/0x10
[  242.399726][T14986]  ? __pfx_vhost_task_fn+0x10/0x10
[  242.399760][T14986]  kvm_mmu_post_init_vm+0x1b7/0x380
[  242.399785][T14986]  kvm_arch_vcpu_ioctl_run+0x66/0x1970
[  242.399813][T14986]  ? kvm_vcpu_ioctl+0x14c5/0x1690
[  242.399844][T14986]  kvm_vcpu_ioctl+0x5eb/0x1690
[  242.399873][T14986]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  242.399898][T14986]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  242.399924][T14986]  ? do_vfs_ioctl+0x128/0x14f0
[  242.399947][T14986]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  242.399971][T14986]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  242.400005][T14986]  ? hook_file_ioctl_common+0x145/0x410
[  242.400040][T14986]  ? selinux_file_ioctl+0x180/0x270
[  242.400061][T14986]  ? selinux_file_ioctl+0xb4/0x270
[  242.400086][T14986]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  242.400128][T14986]  __x64_sys_ioctl+0x18b/0x210
[  242.400162][T14986]  do_syscall_64+0xcd/0x4e0
[  242.400187][T14986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.400206][T14986] RIP: 0033:0x7f8e4698eec9
[  242.400221][T14986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.400238][T14986] RSP: 002b:00007f8e478a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  242.400257][T14986] RAX: ffffffffffffffda RBX: 00007f8e46be6090 RCX: 00007f8e4698eec9
[  242.400269][T14986] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  242.400279][T14986] RBP: 00007f8e478a3090 R08: 0000000000000000 R09: 0000000000000000
[  242.400290][T14986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  242.400301][T14986] R13: 00007f8e46be6128 R14: 00007f8e46be6090 R15: 00007ffc995d64f8
[  242.400327][T14986]  </TASK>
[  242.866757][   T40] audit: type=1400 audit(1759450132.337:1060): avc:  denied  { write } for  pid=15017 comm="syz.8.2985" lport=42638 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  242.948838][T15029] netlink: 'syz.4.2989': attribute type 2 has an invalid length.
[  242.953151][T15029] netlink: 'syz.4.2989': attribute type 2 has an invalid length.
[  243.293214][T15059] netlink: 'syz.5.2998': attribute type 1 has an invalid length.
[  243.328741][T15059] bond2: entered promiscuous mode
[  243.331393][T15059] 8021q: adding VLAN 0 to HW filter on device bond2
[  243.373861][T15063] program syz.7.3000 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  243.614347][T15085] FAULT_INJECTION: forcing a failure.
[  243.614347][T15085] name failslab, interval 1, probability 0, space 0, times 0
[  243.623569][T15085] CPU: 2 UID: 0 PID: 15085 Comm: syz.5.3008 Not tainted syzkaller #0 PREEMPT(full) 
[  243.623600][T15085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  243.623613][T15085] Call Trace:
[  243.623621][T15085]  <TASK>
[  243.623631][T15085]  dump_stack_lvl+0x16c/0x1f0
[  243.623663][T15085]  should_fail_ex+0x512/0x640
[  243.623687][T15085]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[  243.623716][T15085]  should_failslab+0xc2/0x120
[  243.623735][T15085]  __kmalloc_cache_node_noprof+0x6d/0x420
[  243.623761][T15085]  ? __get_vm_area_node+0x101/0x330
[  243.623788][T15085]  __get_vm_area_node+0x101/0x330
[  243.623812][T15085]  __vmalloc_node_range_noprof+0x271/0x14b0
[  243.623836][T15085]  ? vhost_task_create+0x1d2/0x370
[  243.623868][T15085]  ? local_lock_release+0x99/0x140
[  243.623894][T15085]  ? vhost_task_create+0x1d2/0x370
[  243.623915][T15085]  ? rcu_read_unlock+0x17/0x60
[  243.623938][T15085]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  243.623971][T15085]  ? vhost_task_create+0x1d2/0x370
[  243.623990][T15085]  __vmalloc_node_noprof+0xad/0xf0
[  243.624015][T15085]  ? vhost_task_create+0x1d2/0x370
[  243.624041][T15085]  copy_process+0x2c6e/0x76a0
[  243.624082][T15085]  ? __pfx_copy_process+0x10/0x10
[  243.624115][T15085]  ? lockdep_init_map_type+0x5c/0x280
[  243.624140][T15085]  ? lockdep_init_map_type+0x5c/0x280
[  243.624164][T15085]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  243.624199][T15085]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  243.624227][T15085]  vhost_task_create+0x1d2/0x370
[  243.624250][T15085]  ? __pfx_vhost_task_create+0x10/0x10
[  243.624277][T15085]  ? __pfx_vhost_task_fn+0x10/0x10
[  243.624308][T15085]  kvm_mmu_post_init_vm+0x1b7/0x380
[  243.624331][T15085]  kvm_arch_vcpu_ioctl_run+0x66/0x1970
[  243.624358][T15085]  ? kvm_vcpu_ioctl+0x14c5/0x1690
[  243.624387][T15085]  kvm_vcpu_ioctl+0x5eb/0x1690
[  243.624413][T15085]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  243.624433][T15085]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  243.624454][T15085]  ? do_vfs_ioctl+0x128/0x14f0
[  243.624473][T15085]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  243.624491][T15085]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  243.624518][T15085]  ? hook_file_ioctl_common+0x145/0x410
[  243.624546][T15085]  ? selinux_file_ioctl+0x180/0x270
[  243.624565][T15085]  ? selinux_file_ioctl+0xb4/0x270
[  243.624586][T15085]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  243.624611][T15085]  __x64_sys_ioctl+0x18b/0x210
[  243.624636][T15085]  do_syscall_64+0xcd/0x4e0
[  243.624661][T15085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.624678][T15085] RIP: 0033:0x7f4943b8eec9
[  243.624694][T15085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.624711][T15085] RSP: 002b:00007f4944947038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  243.624730][T15085] RAX: ffffffffffffffda RBX: 00007f4943de5fa0 RCX: 00007f4943b8eec9
[  243.624742][T15085] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  243.624753][T15085] RBP: 00007f4944947090 R08: 0000000000000000 R09: 0000000000000000
[  243.624764][T15085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.624774][T15085] R13: 00007f4943de6038 R14: 00007f4943de5fa0 R15: 00007ffd70fe6158
[  243.624800][T15085]  </TASK>
[  243.624811][T15085] syz.5.3008: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  243.773894][T15085] CPU: 2 UID: 0 PID: 15085 Comm: syz.5.3008 Not tainted syzkaller #0 PREEMPT(full) 
[  243.773912][T15085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  243.773919][T15085] Call Trace:
[  243.773924][T15085]  <TASK>
[  243.773929][T15085]  dump_stack_lvl+0x16c/0x1f0
[  243.773947][T15085]  warn_alloc+0x248/0x3a0
[  243.773966][T15085]  ? __pfx_warn_alloc+0x10/0x10
[  243.773999][T15085]  ? __kmalloc_cache_node_noprof+0x272/0x420
[  243.774017][T15085]  ? __kasan_kmalloc+0x8a/0xb0
[  243.774035][T15085]  ? __get_vm_area_node+0x208/0x330
[  243.774052][T15085]  __vmalloc_node_range_noprof+0xb2c/0x14b0
[  243.774067][T15085]  ? local_lock_release+0x99/0x140
[  243.774083][T15085]  ? vhost_task_create+0x1d2/0x370
[  243.774097][T15085]  ? rcu_read_unlock+0x17/0x60
[  243.774112][T15085]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  243.774132][T15085]  ? vhost_task_create+0x1d2/0x370
[  243.774144][T15085]  __vmalloc_node_noprof+0xad/0xf0
[  243.774158][T15085]  ? vhost_task_create+0x1d2/0x370
[  243.774173][T15085]  copy_process+0x2c6e/0x76a0
[  243.774197][T15085]  ? __pfx_copy_process+0x10/0x10
[  243.774216][T15085]  ? lockdep_init_map_type+0x5c/0x280
[  243.774230][T15085]  ? lockdep_init_map_type+0x5c/0x280
[  243.774243][T15085]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  243.774264][T15085]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  243.774281][T15085]  vhost_task_create+0x1d2/0x370
[  243.774294][T15085]  ? __pfx_vhost_task_create+0x10/0x10
[  243.774311][T15085]  ? __pfx_vhost_task_fn+0x10/0x10
[  243.774331][T15085]  kvm_mmu_post_init_vm+0x1b7/0x380
[  243.774347][T15085]  kvm_arch_vcpu_ioctl_run+0x66/0x1970
[  243.774365][T15085]  ? kvm_vcpu_ioctl+0x14c5/0x1690
[  243.774384][T15085]  kvm_vcpu_ioctl+0x5eb/0x1690
[  243.774403][T15085]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  243.774419][T15085]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  243.774437][T15085]  ? do_vfs_ioctl+0x128/0x14f0
[  243.774452][T15085]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  243.774467][T15085]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  243.774488][T15085]  ? hook_file_ioctl_common+0x145/0x410
[  243.774510][T15085]  ? selinux_file_ioctl+0x180/0x270
[  243.774523][T15085]  ? selinux_file_ioctl+0xb4/0x270
[  243.774538][T15085]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  243.774555][T15085]  __x64_sys_ioctl+0x18b/0x210
[  243.774571][T15085]  do_syscall_64+0xcd/0x4e0
[  243.774587][T15085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.774599][T15085] RIP: 0033:0x7f4943b8eec9
[  243.774608][T15085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.774619][T15085] RSP: 002b:00007f4944947038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  243.774630][T15085] RAX: ffffffffffffffda RBX: 00007f4943de5fa0 RCX: 00007f4943b8eec9
[  243.774637][T15085] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  243.774644][T15085] RBP: 00007f4944947090 R08: 0000000000000000 R09: 0000000000000000
[  243.774650][T15085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.774657][T15085] R13: 00007f4943de6038 R14: 00007f4943de5fa0 R15: 00007ffd70fe6158
[  243.774671][T15085]  </TASK>
[  243.774707][T15085] Mem-Info:
[  243.905510][T15085] active_anon:13901 inactive_anon:648 isolated_anon:0
[  243.905510][T15085]  active_file:2452 inactive_file:24581 isolated_file:0
[  243.905510][T15085]  unevictable:18162 dirty:51 writeback:30
[  243.905510][T15085]  slab_reclaimable:9258 slab_unreclaimable:90311
[  243.905510][T15085]  mapped:26347 shmem:2466 pagetables:2058
[  243.905510][T15085]  sec_pagetables:322 bounce:0
[  243.905510][T15085]  kernel_misc_reclaimable:0
[  243.905510][T15085]  free:430070 free_pcp:16146 free_cma:0
[  243.924978][T15085] Node 0 active_anon:55320kB inactive_anon:2592kB active_file:9776kB inactive_file:98036kB unevictable:69112kB isolated(anon):0kB isolated(file):0kB mapped:105336kB dirty:228kB writeback:0kB shmem:6332kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:15504kB pagetables:7372kB sec_pagetables:1288kB all_unreclaimable? no Balloon:0kB
[  243.936339][T15085] Node 1 active_anon:400kB inactive_anon:0kB active_file:32kB inactive_file:296kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:112kB pagetables:928kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  243.947651][T15085] Node 0 DMA free:15008kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:60kB local_pcp:24kB free_cma:0kB
[  243.958342][T15085] lowmem_reserve[]: 0 1240 1240 1240 1240
[  243.961046][T15085] Node 0 DMA32 free:156592kB boost:0kB min:27608kB low:34508kB high:41408kB reserved_highatomic:0KB free_highatomic:0KB active_anon:55320kB inactive_anon:2592kB active_file:9776kB inactive_file:98036kB unevictable:69112kB writepending:228kB present:2080628kB managed:1270512kB mlocked:8kB bounce:0kB free_pcp:39432kB local_pcp:7556kB free_cma:0kB
[  243.973529][T15085] lowmem_reserve[]: 0 0 0 0 0
[  243.975154][T15085] Node 1 Normal free:1548824kB boost:0kB min:39632kB low:49540kB high:59448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:400kB inactive_anon:0kB active_file:32kB inactive_file:296kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781892kB mlocked:0kB bounce:0kB free_pcp:25144kB local_pcp:9636kB free_cma:0kB
[  243.985948][T15085] lowmem_reserve[]: 0 0 0 0 0
[  243.988225][T15085] Node 0 DMA: 8*4kB (U) 14*8kB (U) 15*16kB (U) 13*32kB (U) 14*64kB (U) 14*128kB (U) 5*256kB (U) 2*512kB (U) 3*1024kB (U) 3*2048kB (UM) 0*4096kB = 15008kB
[  243.994295][T15085] Node 0 DMA32: 413*4kB (UME) 189*8kB (UME) 114*16kB (UME) 63*32kB (UME) 108*64kB (UME) 149*128kB (UME) 135*256kB (UME) 92*512kB (UME) 37*1024kB (UM) 2*2048kB (M) 0*4096kB = 156636kB
[  244.001013][T15085] Node 1 Normal: 214*4kB (UME) 314*8kB (UME) 241*16kB (UME) 333*32kB (UME) 225*64kB (UME) 198*128kB (UME) 175*256kB (UME) 173*512kB (UME) 142*1024kB (UME) 4*2048kB (UME) 294*4096kB (UM) = 1548824kB
[  244.008037][T15085] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  244.012837][T15085] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  244.016553][T15085] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  244.020066][T15085] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  244.025035][T15085] 45890 total pagecache pages
[  244.027080][T15085] 0 pages in swap cache
[  244.028844][T15085] Free swap  = 124996kB
[  244.030980][T15085] Total swap = 124996kB
[  244.032783][T15085] 1048443 pages RAM
[  244.034307][T15085] 0 pages HighMem/MovableOnly
[  244.035773][T15085] 281502 pages reserved
[  244.037082][T15085] 0 pages cma reserved
[  244.590476][    T9] usb 12-1: new low-speed USB device number 10 using dummy_hcd
[  244.593357][T15139] mac80211_hwsim hwsim25 wlan0: entered allmulticast mode
[  244.706889][T15150] FAULT_INJECTION: forcing a failure.
[  244.706889][T15150] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  244.712412][T15150] CPU: 2 UID: 0 PID: 15150 Comm: syz.5.3024 Not tainted syzkaller #0 PREEMPT(full) 
[  244.712443][T15150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  244.712457][T15150] Call Trace:
[  244.712464][T15150]  <TASK>
[  244.712474][T15150]  dump_stack_lvl+0x16c/0x1f0
[  244.712505][T15150]  should_fail_ex+0x512/0x640
[  244.712535][T15150]  _copy_to_user+0x32/0xd0
[  244.712568][T15150]  drm_ioctl+0x5eb/0xc30
[  244.712602][T15150]  ? __pfx_drm_syncobj_fd_to_handle_ioctl+0x10/0x10
[  244.712637][T15150]  ? __pfx_drm_ioctl+0x10/0x10
[  244.712680][T15150]  ? selinux_file_ioctl+0x180/0x270
[  244.712706][T15150]  ? selinux_file_ioctl+0xb4/0x270
[  244.712733][T15150]  ? __pfx_drm_ioctl+0x10/0x10
[  244.712764][T15150]  __x64_sys_ioctl+0x18b/0x210
[  244.712796][T15150]  do_syscall_64+0xcd/0x4e0
[  244.712825][T15150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.712846][T15150] RIP: 0033:0x7f4943b8eec9
[  244.712864][T15150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.712884][T15150] RSP: 002b:00007f4944947038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  244.712915][T15150] RAX: ffffffffffffffda RBX: 00007f4943de5fa0 RCX: 00007f4943b8eec9
[  244.712928][T15150] RDX: 0000200000000180 RSI: 00000000c01064c2 RDI: 0000000000000005
[  244.712941][T15150] RBP: 00007f4944947090 R08: 0000000000000000 R09: 0000000000000000
[  244.712954][T15150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.712967][T15150] R13: 00007f4943de6038 R14: 00007f4943de5fa0 R15: 00007ffd70fe6158
[  244.712998][T15150]  </TASK>
[  244.795957][    T9] usb 12-1: config 0 has an invalid interface number: 1 but max is 0
[  244.799487][    T9] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  244.805141][    T9] usb 12-1: config 0 has no interface number 0
[  244.808286][    T9] usb 12-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  244.812884][    T9] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.819193][    T9] usb 12-1: config 0 descriptor??
[  244.825063][    T9] iowarrior 12-1:0.1: no interrupt-in endpoint found
[  245.104472][    T9] usb 12-1: USB disconnect, device number 10
[  245.349843][T15177] __nla_validate_parse: 6 callbacks suppressed
[  245.349860][T15177] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3033'.
[  245.356392][T15177] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3033'.
[  245.390354][ T6759] usb 9-1: new high-speed USB device number 43 using dummy_hcd
[  245.427852][T15180] FAULT_INJECTION: forcing a failure.
[  245.427852][T15180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  245.434269][T15180] CPU: 2 UID: 0 PID: 15180 Comm: syz.8.3034 Not tainted syzkaller #0 PREEMPT(full) 
[  245.434295][T15180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  245.434307][T15180] Call Trace:
[  245.434316][T15180]  <TASK>
[  245.434326][T15180]  dump_stack_lvl+0x16c/0x1f0
[  245.434354][T15180]  should_fail_ex+0x512/0x640
[  245.434383][T15180]  _copy_to_user+0x32/0xd0
[  245.434409][T15180]  simple_read_from_buffer+0xcb/0x170
[  245.434438][T15180]  proc_fail_nth_read+0x197/0x240
[  245.434459][T15180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  245.434480][T15180]  ? rw_verify_area+0xcf/0x6c0
[  245.434503][T15180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  245.434522][T15180]  vfs_read+0x1e1/0xcf0
[  245.434552][T15180]  ? __pfx___mutex_lock+0x10/0x10
[  245.434573][T15180]  ? __pfx_vfs_read+0x10/0x10
[  245.434604][T15180]  ? __fget_files+0x20e/0x3c0
[  245.434626][T15180]  ksys_read+0x12a/0x250
[  245.434651][T15180]  ? __pfx_ksys_read+0x10/0x10
[  245.434676][T15180]  ? fput+0x9b/0xd0
[  245.434698][T15180]  do_syscall_64+0xcd/0x4e0
[  245.434720][T15180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.434737][T15180] RIP: 0033:0x7f269478d8dc
[  245.434751][T15180] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  245.434769][T15180] RSP: 002b:00007f26955fb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  245.434787][T15180] RAX: ffffffffffffffda RBX: 00007f26949e5fa0 RCX: 00007f269478d8dc
[  245.434800][T15180] RDX: 000000000000000f RSI: 00007f26955fb0a0 RDI: 0000000000000006
[  245.434811][T15180] RBP: 00007f26955fb090 R08: 0000000000000000 R09: 0000000000000000
[  245.434822][T15180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  245.434833][T15180] R13: 00007f26949e6038 R14: 00007f26949e5fa0 R15: 00007fffab59fc78
[  245.434864][T15180]  </TASK>
[  245.554878][T15182] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3035'.
[  245.562487][   T29] IPVS: starting estimator thread 0...
[  245.570312][T15182] binfmt_misc: register: failed to install interpreter file ./file0
[  245.601483][ T6759] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.614124][ T6759] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  245.617420][ T6759] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.624555][ T6759] usb 9-1: config 0 descriptor??
[  245.650467][T15183] IPVS: using max 45 ests per chain, 108000 per kthread
[  245.694636][T15192] netlink: 'syz.8.3038': attribute type 1 has an invalid length.
[  245.696801][T15193] netlink: 'syz.8.3038': attribute type 1 has an invalid length.
[  245.717454][T15192] bond1: entered promiscuous mode
[  245.719333][T15192] 8021q: adding VLAN 0 to HW filter on device bond1
[  245.731227][T15192] (unnamed net_device) (uninitialized): option use_carrier: invalid value (168)
[  245.735176][T15193] (unnamed net_device) (uninitialized): option use_carrier: invalid value (168)
[  245.832658][ T6759] usbhid 9-1:0.0: can't add hid device: -71
[  245.837065][ T6759] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  245.841402][ T6759] usb 9-1: USB disconnect, device number 43
[  246.046294][T15217] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3043'.
[  246.049541][T15217] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3043'.
[  246.222901][   T29] usb 12-1: new high-speed USB device number 11 using dummy_hcd
[  246.293334][ T6759] usb 9-1: new high-speed USB device number 44 using dummy_hcd
[  246.370805][   T29] usb 12-1: Using ep0 maxpacket: 16
[  246.377750][   T29] usb 12-1: config index 0 descriptor too short (expected 9, got 0)
[  246.380545][   T29] usb 12-1: can't read configurations, error -22
[  246.450374][ T6759] usb 9-1: Using ep0 maxpacket: 16
[  246.456485][ T6759] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  246.461188][ T6759] usb 9-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  246.465006][ T6759] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.469780][ T6759] usb 9-1: config 0 descriptor??
[  246.510372][   T29] usb 12-1: new high-speed USB device number 12 using dummy_hcd
[  246.660284][   T29] usb 12-1: Using ep0 maxpacket: 16
[  246.673830][   T29] usb 12-1: config index 0 descriptor too short (expected 9, got 0)
[  246.677393][   T29] usb 12-1: can't read configurations, error -22
[  246.681003][   T29] usb usb12-port1: attempt power cycle
[  246.747097][T15237] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  246.786477][T15239] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3053'.
[  246.789656][T15239] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3053'.
[  246.887313][ T6759] kye 0003:0458:5016.000C: control desc unexpectedly large
[  246.899860][T15242] can: request_module (can-proto-0) failed.
[  246.900499][ T6759] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:0458:5016.000C/input/input24
[  246.926969][ T6759] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/0003:0458:5016.000C/input/input25
[  247.006426][ T6759] kye 0003:0458:5016.000C: input,hiddev0,hidraw1: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.4-1/input0
[  247.020322][   T29] usb 12-1: new high-speed USB device number 13 using dummy_hcd
[  247.040910][   T29] usb 12-1: Using ep0 maxpacket: 16
[  247.046475][   T29] usb 12-1: config index 0 descriptor too short (expected 9, got 0)
[  247.051908][   T29] usb 12-1: can't read configurations, error -22
[  247.150282][    T9] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  247.180610][   T29] usb 12-1: new high-speed USB device number 14 using dummy_hcd
[  247.201994][   T29] usb 12-1: Using ep0 maxpacket: 16
[  247.211038][   T29] usb 12-1: config index 0 descriptor too short (expected 9, got 0)
[  247.214693][   T29] usb 12-1: can't read configurations, error -22
[  247.218614][   T29] usb usb12-port1: unable to enumerate USB device
[  247.281662][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  247.281676][   T40] audit: type=1400 audit(1759450136.757:1064): avc:  denied  { create } for  pid=15247 comm="syz.5.3055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  247.292890][   T40] audit: type=1400 audit(1759450136.767:1065): avc:  denied  { relabelfrom } for  pid=15247 comm="syz.5.3055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  247.303335][   T40] audit: type=1400 audit(1759450136.767:1066): avc:  denied  { relabelto } for  pid=15247 comm="syz.5.3055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  247.310284][    T9] usb 13-1: Using ep0 maxpacket: 16
[  247.314855][    T9] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  247.320028][    T9] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  247.326781][    T9] usb 13-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  247.330890][    T9] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.341812][    T9] usb 13-1: config 0 descriptor??
[  247.342838][T15246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.349803][T15246] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.448917][T15248] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3055'.
[  247.796808][    T9] usbhid 13-1:0.0: can't add hid device: -71
[  247.798922][    T9] usbhid 13-1:0.0: probe with driver usbhid failed with error -71
[  247.804265][    T9] usb 13-1: USB disconnect, device number 5
[  247.842237][T15260] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3059'.
[  248.457883][T15266] netlink: 'syz.8.3062': attribute type 11 has an invalid length.
[  248.770270][ T6759] usb 13-1: new full-speed USB device number 6 using dummy_hcd
[  248.815748][T15272] 9pnet_fd: Insufficient options for proto=fd
[  248.908397][T15275] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3066'.
[  248.934761][ T6759] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  248.939336][ T6759] usb 13-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  248.945465][ T6759] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  248.952219][ T6759] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  248.956716][ T6759] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.973865][ T6759] usbtmc 13-1:16.0: bulk endpoints not found
[  249.169467][T15291] netlink: 'syz.7.3073': attribute type 10 has an invalid length.
[  249.355538][T13374] usb 9-1: USB disconnect, device number 44
[  249.493898][   T40] audit: type=1400 audit(1759450138.967:1067): avc:  denied  { map } for  pid=15312 comm="syz.4.3083" path="/dev/vcsa" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  249.600712][T15323] veth0_to_bond: entered allmulticast mode
[  249.748050][T15330] binder: 15329:15330 ioctl 80049367 200000000440 returned -22
[  249.836267][ T5955] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  249.847361][ T5955] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  249.853016][ T5955] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  249.858567][ T5955] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  249.858785][T15336] support for the xor transformation has been removed.
[  249.868129][ T5955] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  249.907771][   T46] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  249.912677][   T46] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  249.916926][   T46] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.021861][   T46] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  250.028729][   T46] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  250.036779][   T46] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.038880][T15341] FAULT_INJECTION: forcing a failure.
[  250.038880][T15341] name failslab, interval 1, probability 0, space 0, times 0
[  250.044879][T15341] CPU: 2 UID: 0 PID: 15341 Comm: syz.4.3093 Not tainted syzkaller #0 PREEMPT(full) 
[  250.044904][T15341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  250.044916][T15341] Call Trace:
[  250.044923][T15341]  <TASK>
[  250.044932][T15341]  dump_stack_lvl+0x16c/0x1f0
[  250.044959][T15341]  should_fail_ex+0x512/0x640
[  250.044983][T15341]  ? fs_reclaim_acquire+0xae/0x150
[  250.045007][T15341]  ? tomoyo_encode2+0x100/0x3e0
[  250.045035][T15341]  should_failslab+0xc2/0x120
[  250.045053][T15341]  __kmalloc_noprof+0xd2/0x510
[  250.045080][T15341]  ? d_absolute_path+0x136/0x1a0
[  250.045107][T15341]  tomoyo_encode2+0x100/0x3e0
[  250.045134][T15341]  tomoyo_encode+0x29/0x50
[  250.045155][T15341]  tomoyo_realpath_from_path+0x18f/0x6e0
[  250.045187][T15341]  tomoyo_path_number_perm+0x245/0x580
[  250.045207][T15341]  ? tomoyo_path_number_perm+0x237/0x580
[  250.045229][T15341]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  250.045250][T15341]  ? find_held_lock+0x2b/0x80
[  250.045299][T15341]  ? find_held_lock+0x2b/0x80
[  250.045322][T15341]  ? hook_file_ioctl_common+0x145/0x410
[  250.045357][T15341]  ? __fget_files+0x20e/0x3c0
[  250.045381][T15341]  security_file_ioctl+0x9b/0x240
[  250.045410][T15341]  __x64_sys_ioctl+0xb7/0x210
[  250.045439][T15341]  do_syscall_64+0xcd/0x4e0
[  250.045467][T15341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.045490][T15341] RIP: 0033:0x7f8e4698eec9
[  250.045508][T15341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.045527][T15341] RSP: 002b:00007f8e478c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  250.045548][T15341] RAX: ffffffffffffffda RBX: 00007f8e46be5fa0 RCX: 00007f8e4698eec9
[  250.045562][T15341] RDX: 0000000000000000 RSI: 00000000000054a2 RDI: 0000000000000004
[  250.045575][T15341] RBP: 00007f8e478c4090 R08: 0000000000000000 R09: 0000000000000000
[  250.045588][T15341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.045600][T15341] R13: 00007f8e46be6038 R14: 00007f8e46be5fa0 R15: 00007ffc995d64f8
[  250.045629][T15341]  </TASK>
[  250.045653][T15341] ERROR: Out of memory at tomoyo_realpath_from_path.
[  250.070469][    T9] usb 12-1: new low-speed USB device number 15 using dummy_hcd
[  250.124652][T15331] chnl_net:caif_netlink_parms(): no params data found
[  250.166443][   T46] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  250.170626][   T46] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  250.174858][   T46] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.272763][    T9] usb 12-1: config 0 has an invalid interface number: 1 but max is 0
[  250.276077][    T9] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  250.280231][    T9] usb 12-1: config 0 has no interface number 0
[  250.282867][    T9] usb 12-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  250.287256][    T9] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.293167][    T9] usb 12-1: config 0 descriptor??
[  250.297449][    T9] iowarrior 12-1:0.1: no interrupt-in endpoint found
[  250.315350][   T40] audit: type=1400 audit(1759450139.797:1068): avc:  denied  { listen } for  pid=15353 comm="syz.4.3097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  250.324074][   T46] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  250.324123][   T46] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  250.324139][   T46] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.338050][T15331] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.338180][T15331] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.338369][T15331] bridge_slave_0: entered allmulticast mode
[  250.339512][T15331] bridge_slave_0: entered promiscuous mode
[  250.351300][T15331] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.353684][T15331] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.356884][T15331] bridge_slave_1: entered allmulticast mode
[  250.360954][T15331] bridge_slave_1: entered promiscuous mode
[  250.421776][T15331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  250.429869][T15331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  250.475850][T15331] team0: Port device team_slave_0 added
[  250.496837][T15331] team0: Port device team_slave_1 added
[  250.502887][    T9] usb 12-1: USB disconnect, device number 15
[  250.586522][T15331] batman_adv: batadv0: Adding interface: batadv_slave_0
[  250.589443][T15331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.599613][T15331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  250.605132][T15331] batman_adv: batadv0: Adding interface: batadv_slave_1
[  250.608173][T15331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  250.617690][T15331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  250.628427][   T46] tipc: Resetting bearer <eth:sit0>
[  250.715023][   T29] SELinux: failure in sel_netif_sid_slow(), invalid network interface (1509)
[  250.720784][   T46] tipc: Disabling bearer <eth:sit0>
[  250.807451][   T46] bond1 (unregistering): (slave gretap1): Releasing active interface
[  250.836310][T15370] binder: BINDER_SET_CONTEXT_MGR already set
[  250.839841][T15370] binder: 15369:15370 ioctl 4018620d 2000000000c0 returned -16
[  250.849433][T15370] binder: BINDER_SET_CONTEXT_MGR already set
[  250.854036][T15370] binder: 15369:15370 ioctl 4018620d 200000000040 returned -16
[  251.049984][T15376] 9pnet_virtio: no channels available for device syz
[  251.049993][   T40] audit: type=1400 audit(1759450140.517:1069): avc:  denied  { mounton } for  pid=15375 comm="syz.4.3106" path="/615/file0/file0" dev="9p" ino=71827687 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  251.083532][T15379] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  251.156571][   T40] audit: type=1400 audit(1759450140.627:1070): avc:  denied  { append } for  pid=15383 comm="syz.4.3108" name="ppp" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  251.170236][   T40] audit: type=1400 audit(1759450140.627:1071): avc:  denied  { map } for  pid=15383 comm="syz.4.3108" path="socket:[76378]" dev="sockfs" ino=76378 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  251.263197][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  251.271605][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  251.277312][   T46] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  251.282217][   T46] bond0 (unregistering): Released all slaves
[  251.289328][   T46] bond1 (unregistering): Released all slaves
[  251.364848][   T29] SELinux: failure in sel_netif_sid_slow(), invalid network interface (1509)
[  251.438116][   T46] bond2 (unregistering): Released all slaves
[  251.515605][T15331] hsr_slave_0: entered promiscuous mode
[  251.518202][T15331] hsr_slave_1: entered promiscuous mode
[  251.527046][   T54] usb 13-1: USB disconnect, device number 6
[  251.530791][T15331] debugfs: 'hsr0' already exists in 'hsr'
[  251.532790][T15331] Cannot create hsr debugfs directory
[  251.586785][   T46] tipc: Disabling bearer <udp:syz2>
[  251.591556][   T46] tipc: Left network mode
[  251.620822][T15403] __nla_validate_parse: 5 callbacks suppressed
[  251.620834][T15403] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3116'.
[  251.634746][   T46] IPVS: stopping backup sync thread 11624 ...
[  251.847224][   T46] team_slave_0: left promiscuous mode
[  251.849931][   T46] batadv0: left promiscuous mode
[  251.858947][   T46] batadv_slave_0: left promiscuous mode
[  251.874571][   T46] hsr_slave_0: left promiscuous mode
[  251.877848][   T46] hsr_slave_1: left promiscuous mode
[  251.882809][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.889023][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  251.899882][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.903030][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.914528][   T46] veth1_macvtap: left promiscuous mode
[  251.917952][   T46] veth0_macvtap: left promiscuous mode
[  251.940502][ T5962] Bluetooth: hci4: command tx timeout
[  252.082800][   T54] usb 12-1: new full-speed USB device number 16 using dummy_hcd
[  252.118197][T15428] XFS (nbd4): SB validate failed with error -5.
[  252.182135][T12867] usb 13-1: new low-speed USB device number 7 using dummy_hcd
[  252.254848][   T54] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  252.258029][   T54] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  252.263400][   T54] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  252.267736][   T54] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.352259][T12867] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  252.356744][T12867] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  252.360868][T12867] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x8B is Bulk; changing to Interrupt
[  252.365406][T12867] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  252.371155][T12867] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  252.375662][T12867] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.391851][T12867] usbtmc 13-1:16.0: bulk endpoints not found
[  252.477790][   T54] usb 12-1: GET_CAPABILITIES returned 0
[  252.479721][   T54] usbtmc 12-1:16.0: can't read capabilities
[  252.580312][ T6256] usb 9-1: new full-speed USB device number 45 using dummy_hcd
[  252.694643][   T40] audit: type=1400 audit(1759450142.157:1072): avc:  denied  { write } for  pid=15415 comm="syz.7.3118" name="/" dev="configfs" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  252.715661][T12867] usb 12-1: USB disconnect, device number 16
[  252.741904][ T6256] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  252.745195][ T6256] usb 9-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  252.748545][ T6256] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  252.753129][ T6256] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  252.756329][ T6256] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.786810][ T6256] usbtmc 9-1:16.0: bulk endpoints not found
[  253.257849][   T40] audit: type=1400 audit(1759450142.727:1073): avc:  denied  { unmount } for  pid=12703 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  253.309598][ T6038] usb 13-1: USB disconnect, device number 7
[  253.635992][T15462] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3130'.
[  253.638893][T15462] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3130'.
[  253.923737][T15468] FAULT_INJECTION: forcing a failure.
[  253.923737][T15468] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.928375][T15468] CPU: 2 UID: 0 PID: 15468 Comm: syz.8.3132 Not tainted syzkaller #0 PREEMPT(full) 
[  253.928391][T15468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  253.928398][T15468] Call Trace:
[  253.928403][T15468]  <TASK>
[  253.928408][T15468]  dump_stack_lvl+0x16c/0x1f0
[  253.928426][T15468]  should_fail_ex+0x512/0x640
[  253.928444][T15468]  _copy_from_user+0x2e/0xd0
[  253.928460][T15468]  drm_ioctl+0x4fb/0xc30
[  253.928480][T15468]  ? __pfx_drm_gem_change_handle_ioctl+0x10/0x10
[  253.928497][T15468]  ? __pfx_drm_ioctl+0x10/0x10
[  253.928518][T15468]  ? selinux_file_ioctl+0x180/0x270
[  253.928533][T15468]  ? selinux_file_ioctl+0xb4/0x270
[  253.928548][T15468]  ? __pfx_drm_ioctl+0x10/0x10
[  253.928565][T15468]  __x64_sys_ioctl+0x18b/0x210
[  253.928581][T15468]  do_syscall_64+0xcd/0x4e0
[  253.928599][T15468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.928611][T15468] RIP: 0033:0x7f269478eec9
[  253.928620][T15468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.928631][T15468] RSP: 002b:00007f26955fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  253.928642][T15468] RAX: ffffffffffffffda RBX: 00007f26949e5fa0 RCX: 00007f269478eec9
[  253.928649][T15468] RDX: 0000200000000180 RSI: 00000000c01064d2 RDI: 0000000000000003
[  253.928656][T15468] RBP: 00007f26955fb090 R08: 0000000000000000 R09: 0000000000000000
[  253.928663][T15468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.928669][T15468] R13: 00007f26949e6038 R14: 00007f26949e5fa0 R15: 00007fffab59fc78
[  253.928683][T15468]  </TASK>
[  254.037181][ T5962] Bluetooth: hci4: command tx timeout
[  254.443943][T15498] netlink: 228 bytes leftover after parsing attributes in process `syz.8.3139'.
[  254.571599][T15331] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  254.578263][T15331] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  254.584225][T15331] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  254.601734][T15331] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  254.645169][   T46] IPVS: stop unused estimator thread 0...
[  254.683607][T15331] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.707777][T15331] 8021q: adding VLAN 0 to HW filter on device team0
[  254.716859][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.720832][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.731423][T12775] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.734618][T12775] bridge0: port 2(bridge_slave_1) entered forwarding state
[  254.755549][T15525] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3143'.
[  254.759618][T15525] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3143'.
[  254.851428][T15331] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.886066][    T9] hid-generic 0003:0004:0000.000D: unknown main item tag 0x0
[  254.888484][    T9] hid-generic 0003:0004:0000.000D: unknown main item tag 0x0
[  254.892081][    T9] hid-generic 0003:0004:0000.000D: unknown main item tag 0x0
[  254.895955][    T9] hid-generic 0003:0004:0000.000D: hidraw1: USB HID v0.00 Device [syz0] on syz1
[  254.945303][T15538] fido_id[15538]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  255.038888][T15331] veth0_vlan: entered promiscuous mode
[  255.047516][T15331] veth1_vlan: entered promiscuous mode
[  255.074161][T15331] veth0_macvtap: entered promiscuous mode
[  255.079111][T15331] veth1_macvtap: entered promiscuous mode
[  255.092702][T15331] batman_adv: batadv0: Interface activated: batadv_slave_0
[  255.102559][T15331] batman_adv: batadv0: Interface activated: batadv_slave_1
[  255.111936][   T46] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.115632][   T46] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.125298][   T46] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.129033][   T46] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  255.177777][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.181649][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.204503][T12775] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.207236][T12775] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.286476][T15548] netlink: 23788 bytes leftover after parsing attributes in process `syz.5.3148'.
[  255.361278][ T6759] usb 9-1: USB disconnect, device number 45
[  255.573021][ T5955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  255.577556][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  255.582117][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  255.588685][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  255.598270][ T5955] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  255.601904][T15574] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3158'.
[  255.605460][T15574] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3158'.
[  255.705049][T15581] tipc: Started in network mode
[  255.706545][T15581] tipc: Node identity , cluster identity 4711
[  255.708380][T15581] tipc: Failed to obtain node identity
[  255.710385][T15581] tipc: Enabling of bearer <eth:sit0> rejected, failed to enable media
[  255.844935][T15568] chnl_net:caif_netlink_parms(): no params data found
[  255.858851][   T40] audit: type=1400 audit(1759450145.327:1074): avc:  denied  { create } for  pid=15594 comm="syz.5.3165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  255.945223][T15568] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.949103][T15568] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.953089][T15568] bridge_slave_0: entered allmulticast mode
[  255.958100][T15568] bridge_slave_0: entered promiscuous mode
[  255.969709][T15568] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.973307][T15568] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.975847][T15568] bridge_slave_1: entered allmulticast mode
[  255.979672][T15568] bridge_slave_1: entered promiscuous mode
[  256.032313][T15608] netlink: 23788 bytes leftover after parsing attributes in process `syz.7.3169'.
[  256.042280][T15568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  256.047703][T15568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  256.100701][ T5955] Bluetooth: hci4: command tx timeout
[  256.109976][T15568] team0: Port device team_slave_0 added
[  256.115441][T15612] tipc: Started in network mode
[  256.117218][T15612] tipc: Node identity , cluster identity 4711
[  256.119288][T15612] tipc: Failed to obtain node identity
[  256.122218][T15612] tipc: Enabling of bearer <eth:sit0> rejected, failed to enable media
[  256.127781][T15568] team0: Port device team_slave_1 added
[  256.128456][T12867] IPVS: starting estimator thread 0...
[  256.179536][T15568] batman_adv: batadv0: Adding interface: batadv_slave_0
[  256.183144][T15568] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  256.195153][T15568] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  256.215992][T15568] batman_adv: batadv0: Adding interface: batadv_slave_1
[  256.219203][T15568] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  256.220258][T15615] IPVS: using max 46 ests per chain, 110400 per kthread
[  256.230369][T15568] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  256.374212][T15568] hsr_slave_0: entered promiscuous mode
[  256.377493][T15568] hsr_slave_1: entered promiscuous mode
[  256.645193][T15649] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  256.645563][T13374] hid (null): bogus close delimiter
[  256.647645][T15649] team0: Device ipvlan2 is already an upper device of the team interface
[  256.649452][T13374] hid (null): invalid report_count -1459942286
[  256.658159][T13374] hid-generic 0005:C423:0004.000E: unknown main item tag 0x6
[  256.663095][T13374] hid-generic 0005:C423:0004.000E: bogus close delimiter
[  256.666943][T13374] hid-generic 0005:C423:0004.000E: item 0 0 2 10 parsing failed
[  256.669496][T13374] hid-generic 0005:C423:0004.000E: probe with driver hid-generic failed with error -22
[  256.778429][T15664] tipc: Started in network mode
[  256.784048][T15664] tipc: Node identity , cluster identity 4711
[  256.786297][T15664] tipc: Failed to obtain node identity
[  256.788115][T15664] tipc: Enabling of bearer <eth:sit0> rejected, failed to enable media
[  256.813470][ T6759] usb 10-1: new full-speed USB device number 33 using dummy_hcd
[  256.903434][   T40] audit: type=1400 audit(1759450146.377:1075): avc:  denied  { connect } for  pid=15665 comm="syz.7.3190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  256.914485][T15671] team_slave_0: entered promiscuous mode
[  256.918435][T15671] team_slave_0: left promiscuous mode
[  256.987102][ T6759] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  256.991575][ T6759] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  256.995641][ T6759] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  256.996768][T15675] netlink: 'syz.7.3193': attribute type 27 has an invalid length.
[  257.001585][ T6759] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  257.007372][ T6759] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.020864][ T6759] usbtmc 10-1:16.0: probe with driver usbtmc failed with error -22
[  257.038558][   T40] audit: type=1400 audit(1759450146.507:1076): avc:  denied  { append } for  pid=15676 comm="syz.8.3194" name="video8" dev="devtmpfs" ino=975 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  257.089737][T15675] vxcan1: left allmulticast mode
[  257.114524][   T40] audit: type=1400 audit(1759450146.587:1077): avc:  denied  { write } for  pid=15676 comm="syz.8.3194" dev="sockfs" ino=78520 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  257.150428][T15675] veth0_to_bond: left allmulticast mode
[  257.180926][T15675] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  257.196060][T15675] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  257.270615][T15675] vlan0: left promiscuous mode
[  257.392987][T15675] geneve2: left promiscuous mode
[  257.395223][T15675] geneve2: left allmulticast mode
[  257.436776][T15678] 8021q: adding VLAN 0 to HW filter on device team0
[  257.441623][T15678] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  257.452449][   T61] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  257.470275][   T61] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  257.485431][   T61] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  257.496828][T15568] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  257.501188][T15568] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  257.505911][T15568] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  257.513991][T15568] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  257.538809][T15691] IPVS: length: 184 != 24
[  257.586183][T15568] 8021q: adding VLAN 0 to HW filter on device bond0
[  257.608226][T15568] 8021q: adding VLAN 0 to HW filter on device team0
[  257.618076][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.621622][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.627572][T15693] netlink: 'syz.7.3196': attribute type 2 has an invalid length.
[  257.633345][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.636559][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.700533][ T5962] Bluetooth: hci2: command tx timeout
[  257.815093][T15568] 8021q: adding VLAN 0 to HW filter on device batadv0
[  257.934715][T15703] fuse: Bad value for 'fd'
[  257.999161][T15568] veth0_vlan: entered promiscuous mode
[  258.006609][T15568] veth1_vlan: entered promiscuous mode
[  258.024635][T15568] veth0_macvtap: entered promiscuous mode
[  258.029235][T15568] veth1_macvtap: entered promiscuous mode
[  258.046181][T15568] batman_adv: batadv0: Interface activated: batadv_slave_0
[  258.055974][T15568] batman_adv: batadv0: Interface activated: batadv_slave_1
[  258.069220][ T1152] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.073296][ T1152] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.077367][ T1152] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.081562][ T1152] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  258.180547][ T5962] Bluetooth: hci4: command tx timeout
[  258.198009][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.201794][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  258.220420][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.223771][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  258.600425][T15749] veth0: entered promiscuous mode
[  258.603203][T15749] __nla_validate_parse: 4 callbacks suppressed
[  258.603219][T15749] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3215'.
[  258.695623][T15749] veth0 (unregistering): left promiscuous mode
[  258.832548][T15761] syz_tun: entered allmulticast mode
[  259.011913][T15759] syz_tun: left allmulticast mode
[  259.113521][ T5962] Bluetooth: hci1: unexpected event for opcode 0x2039
[  259.116774][T15775] syzkaller0: entered allmulticast mode
[  259.121173][T15775] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3226'.
[  259.124030][T15775] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3226'.
[  259.127667][T15775] netlink: 'syz.4.3226': attribute type 6 has an invalid length.
[  259.302694][T15787] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3230'.
[  259.448230][T15804] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  259.449277][T15804] overlayfs: failed to resolve './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  259.465632][ T5962] Bluetooth: hci3: command 0x0406 tx timeout
[  259.564194][T15815] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3244'.
[  259.591386][ T6759] usb 10-1: USB disconnect, device number 33
[  259.674157][   T40] audit: type=1400 audit(1759450149.147:1078): avc:  denied  { module_load } for  pid=15827 comm="syz.5.3250" path="/14/bus" dev="tmpfs" ino=89 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  259.730035][T15825] KVM: debugfs: duplicate directory 15825-10
[  259.783081][ T5955] Bluetooth: hci2: command tx timeout
[  259.846876][T15839] binder: BINDER_SET_CONTEXT_MGR already set
[  259.848929][T15839] binder: 15838:15839 ioctl 4018620d 200000000040 returned -16
[  260.280598][T13374] usb 10-1: new full-speed USB device number 34 using dummy_hcd
[  260.446138][T13374] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  260.449807][T13374] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  260.453403][T13374] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  260.458466][T13374] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  260.462065][T13374] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.473059][T13374] usbtmc 10-1:16.0: probe with driver usbtmc failed with error -22
[  260.486749][T15868] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3266'.
[  260.501261][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  260.591631][T15873] team_slave_0: entered promiscuous mode
[  260.595510][T15873] team_slave_0: left promiscuous mode
[  260.680774][   T53] usb 13-1: new low-speed USB device number 8 using dummy_hcd
[  260.834490][   T53] usb 13-1: config 0 has an invalid interface number: 1 but max is 0
[  260.836486][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  260.838397][   T53] usb 13-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  260.841020][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  260.846135][   T53] usb 13-1: config 0 has no interface number 0
[  260.853100][   T53] usb 13-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  260.859076][   T53] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.872075][   T53] usb 13-1: config 0 descriptor??
[  260.876019][   T53] iowarrior 13-1:0.1: no interrupt-in endpoint found
[  260.910046][T15890] qrtr: Invalid version 0
[  261.124137][T13374] usb 13-1: USB disconnect, device number 8
[  261.263012][T15900] team_slave_0: entered promiscuous mode
[  261.266282][T15900] team_slave_0: left promiscuous mode
[  261.860270][ T5955] Bluetooth: hci2: command tx timeout
[  261.910246][   T54] usb 13-1: new full-speed USB device number 9 using dummy_hcd
[  262.081857][   T54] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  262.085871][   T54] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  262.092685][   T54] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  262.097281][   T54] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.213903][T15939] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3293'.
[  262.223612][T15935] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3291'.
[  262.252512][T15941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3294'.
[  262.319148][   T54] usb 13-1: usb_control_msg returned -32
[  262.321628][   T54] usbtmc 13-1:16.0: can't read capabilities
[  262.335307][   T54] usb 13-1: USB disconnect, device number 9
[  262.343662][T15948] vxcan1: entered allmulticast mode
[  262.630253][   T56] usb 12-1: new high-speed USB device number 17 using dummy_hcd
[  262.800262][   T56] usb 12-1: Using ep0 maxpacket: 32
[  262.804698][   T56] usb 12-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  262.808440][   T56] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.814384][   T56] usb 12-1: config 0 descriptor??
[  262.821693][   T56] as10x_usb: device has been detected
[  262.825225][   T56] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  262.857612][   T56] usb 12-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  262.874644][   T56] as10x_usb: error during firmware upload part1
[  262.877920][   T56] Registered device nBox DVB-T Dongle
[  263.061157][ T6038] usb 10-1: USB disconnect, device number 34
[  263.106938][   T24] usb 12-1: USB disconnect, device number 17
[  263.135029][   T24] Unregistered device nBox DVB-T Dongle
[  263.145450][   T24] as10x_usb: device has been disconnected
[  263.431944][T16007] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3310'.
[  263.514689][   T40] audit: type=1326 audit(1759450152.987:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.524051][   T40] audit: type=1326 audit(1759450152.987:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.534116][   T40] audit: type=1326 audit(1759450152.987:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.542855][   T40] audit: type=1326 audit(1759450152.987:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.553065][   T40] audit: type=1326 audit(1759450152.987:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.562586][   T40] audit: type=1326 audit(1759450152.987:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.570419][   T40] audit: type=1326 audit(1759450152.987:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.579465][   T40] audit: type=1326 audit(1759450152.987:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.587665][   T40] audit: type=1326 audit(1759450152.987:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  263.600753][ T6038] usb 9-1: new full-speed USB device number 46 using dummy_hcd
[  263.761781][ T6038] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  263.765474][ T6038] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  263.770967][ T6038] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  263.774456][ T6038] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.934793][T16012] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3313'.
[  263.950324][ T5955] Bluetooth: hci2: command tx timeout
[  263.986335][ T6038] usb 9-1: usb_control_msg returned -32
[  263.988299][ T6038] usbtmc 9-1:16.0: can't read capabilities
[  264.004257][ T6038] usb 9-1: USB disconnect, device number 46
[  264.268302][T16025] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3317'.
[  264.281748][T16024] team_slave_0: entered promiscuous mode
[  264.284753][T16024] team_slave_0: left promiscuous mode
[  264.318491][T16031] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16031 comm=syz.5.3319
[  264.650248][ T6256] usb 10-1: new high-speed USB device number 35 using dummy_hcd
[  264.680537][   T40] kauditd_printk_skb: 7664 callbacks suppressed
[  264.680555][   T40] audit: type=1326 audit(1759450154.147:8752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.691925][   T40] audit: type=1326 audit(1759450154.157:8753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.703890][   T40] audit: type=1326 audit(1759450154.157:8754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.716976][   T40] audit: type=1326 audit(1759450154.157:8755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.724346][   T40] audit: type=1326 audit(1759450154.157:8756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.731777][   T40] audit: type=1326 audit(1759450154.157:8757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.740379][   T40] audit: type=1326 audit(1759450154.157:8758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.747990][   T40] audit: type=1326 audit(1759450154.157:8759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.757336][   T40] audit: type=1326 audit(1759450154.157:8760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.764959][   T40] audit: type=1326 audit(1759450154.157:8761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16009 comm="syz.7.3312" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5018eec9 code=0x50000
[  264.811512][ T6256] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  264.816335][ T6256] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  264.819779][ T6256] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  264.824528][ T6256] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  264.827369][ T6256] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.832248][ T6256] usb 10-1: config 0 descriptor??
[  265.000231][   T24] usb 13-1: new full-speed USB device number 10 using dummy_hcd
[  265.124051][T16059] FAULT_INJECTION: forcing a failure.
[  265.124051][T16059] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.128389][T16059] CPU: 0 UID: 0 PID: 16059 Comm: syz.4.3331 Not tainted syzkaller #0 PREEMPT(full) 
[  265.128414][T16059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  265.128426][T16059] Call Trace:
[  265.128433][T16059]  <TASK>
[  265.128442][T16059]  dump_stack_lvl+0x16c/0x1f0
[  265.128492][T16059]  should_fail_ex+0x512/0x640
[  265.128543][T16059]  _copy_from_iter+0x29f/0x1720
[  265.128574][T16059]  ? __pfx__copy_from_iter+0x10/0x10
[  265.128598][T16059]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  265.128627][T16059]  copy_page_from_iter+0xde/0x180
[  265.128662][T16059]  tun_build_skb.constprop.0+0x2e8/0x1500
[  265.128693][T16059]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  265.128715][T16059]  ? unwind_get_return_address+0x59/0xa0
[  265.128741][T16059]  ? arch_stack_walk+0xa6/0x100
[  265.128781][T16059]  ? _kstrtoull+0x145/0x200
[  265.128802][T16059]  tun_get_user+0x14a5/0x3cd0
[  265.128835][T16059]  ? __pfx_tun_get_user+0x10/0x10
[  265.128859][T16059]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  265.128891][T16059]  ? find_held_lock+0x2b/0x80
[  265.128917][T16059]  ? tun_get+0x191/0x370
[  265.128943][T16059]  tun_chr_write_iter+0xdc/0x210
[  265.128966][T16059]  vfs_write+0x7d3/0x11d0
[  265.128994][T16059]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  265.129019][T16059]  ? __pfx_vfs_write+0x10/0x10
[  265.129042][T16059]  ? find_held_lock+0x2b/0x80
[  265.129082][T16059]  ksys_write+0x12a/0x250
[  265.129105][T16059]  ? __pfx_ksys_write+0x10/0x10
[  265.129136][T16059]  do_syscall_64+0xcd/0x4e0
[  265.129158][T16059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.129177][T16059] RIP: 0033:0x7fd44b38d97f
[  265.129194][T16059] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  265.129211][T16059] RSP: 002b:00007fd44c1f1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  265.129229][T16059] RAX: ffffffffffffffda RBX: 00007fd44b5e5fa0 RCX: 00007fd44b38d97f
[  265.129241][T16059] RDX: 0000000000000066 RSI: 0000200000000200 RDI: 00000000000000c8
[  265.129252][T16059] RBP: 00007fd44c1f1090 R08: 0000000000000000 R09: 0000000000000000
[  265.129263][T16059] R10: 0000000000000066 R11: 0000000000000293 R12: 0000000000000001
[  265.129275][T16059] R13: 00007fd44b5e6038 R14: 00007fd44b5e5fa0 R15: 00007fffbe4faf58
[  265.129297][T16059]  </TASK>
[  265.151546][   T24] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  265.212409][   T24] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  265.216482][   T24] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  265.219851][   T24] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.251317][ T6256] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  265.431534][   T24] usb 13-1: usb_control_msg returned -32
[  265.433405][   T24] usbtmc 13-1:16.0: can't read capabilities
[  265.513870][   T24] usb 13-1: USB disconnect, device number 10
[  266.087970][ T6038] usb 10-1: USB disconnect, device number 35
[  266.157904][T16079] [U] 
[  266.158773][T16079] [U] 
[  266.159617][T16079] [U] 
[  266.160466][T16079] [U] 
[  266.166621][T16079] [U] 
[  266.167668][T16079] [U] 
[  266.168611][T16079] [U] 
[  266.169541][T16079] [U] 
[  266.170875][T16079] [U] 
[  266.171696][T16079] [U] 
[  266.172474][T16079] [U] 
[  266.173291][T16079] [U] 
[  266.174834][T16079] [U] 
[  266.175945][T16079] [U] 
[  266.177005][T16079] [U] 
[  266.177928][T16079] [U] 
[  266.179250][T16077] [U] 
[  266.181833][ T5962] ------------[ cut here ]------------
[  266.183751][ T5962] WARNING: CPU: 1 PID: 5962 at net/bluetooth/hci_conn.c:567 hci_conn_timeout+0x11a/0x210
[  266.186779][ T5962] Modules linked in:
[  266.188912][ T5962] CPU: 1 UID: 0 PID: 5962 Comm: kworker/u33:7 Not tainted syzkaller #0 PREEMPT(full) 
[  266.194730][ T5962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  266.199120][ T5962] Workqueue: hci2 hci_conn_timeout
[  266.201363][ T5962] RIP: 0010:hci_conn_timeout+0x11a/0x210
[  266.203245][ T5962] Code: 00 e8 7a 51 70 f7 4c 89 f1 4c 89 e2 48 c7 c6 20 1e b7 8c 48 c7 c7 40 4f 5c 90 e8 11 e5 86 fa e9 4d ff ff ff e8 57 51 70 f7 90 <0f> 0b 90 e8 4e 51 70 f7 48 8d bb f5 f6 ff ff 48 b8 00 00 00 00 00
[  266.209146][ T5962] RSP: 0018:ffffc90003cf7c30 EFLAGS: 00010293
[  266.211249][ T5962] RAX: 0000000000000000 RBX: ffff88803be54948 RCX: ffffffff8a4ad6ff
[  266.213756][ T5962] RDX: ffff888028ffa480 RSI: ffffffff8a4ad7a9 RDI: 0000000000000005
[  266.216620][ T5962] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000
[  266.219091][ T5962] R10: 00000000ffffffff R11: 0000000000002b81 R12: ffff88803be54000
[  266.221887][ T5962] R13: 0000000000000000 R14: ffffffff9060e154 R15: ffffc90003cf7d10
[  266.224842][ T5962] FS:  0000000000000000(0000) GS:ffff8880d6f55000(0000) knlGS:0000000000000000
[  266.227766][ T5962] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  266.229867][ T5962] CR2: 0000200000000080 CR3: 000000004ab49000 CR4: 0000000000352ef0
[  266.232428][ T5962] Call Trace:
[  266.233530][ T5962]  <TASK>
[  266.234475][ T5962]  process_one_work+0x9cf/0x1b70
[  266.236089][ T5962]  ? __pfx_process_one_work+0x10/0x10
[  266.237790][ T5962]  ? assign_work+0x1a0/0x250
[  266.239256][ T5962]  worker_thread+0x6c8/0xf10
[  266.240785][ T5962]  ? __kthread_parkme+0x19e/0x250
[  266.242508][ T5962]  ? __pfx_worker_thread+0x10/0x10
[  266.244293][ T5962]  kthread+0x3c5/0x780
[  266.245867][ T5962]  ? __pfx_kthread+0x10/0x10
[  266.247524][ T5962]  ? rcu_is_watching+0x12/0xc0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  266.249218][ T5962]  ? __pfx_kthread+0x10/0x10
[  266.251181][ T5962]  ret_from_fork+0x56a/0x730
[  266.252668][ T5962]  ? __pfx_kthread+0x10/0x10
[  266.254169][ T5962]  ret_from_fork_asm+0x1a/0x30
[  266.255683][ T5962]  </TASK>
[  266.256669][ T5962] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  266.258914][ T5962] CPU: 1 UID: 0 PID: 5962 Comm: kworker/u33:7 Not tainted syzkaller #0 PREEMPT(full) 
[  266.262081][ T5962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  266.265771][ T5962] Workqueue: hci2 hci_conn_timeout
[  266.267511][ T5962] Call Trace:
[  266.268556][ T5962]  <TASK>
[  266.269469][ T5962]  dump_stack_lvl+0x3d/0x1f0
[  266.270904][ T5962]  vpanic+0x6e8/0x7a0
[  266.272175][ T5962]  ? __pfx_vpanic+0x10/0x10
[  266.273619][ T5962]  ? hci_conn_timeout+0x11a/0x210
[  266.275251][ T5962]  panic+0xca/0xd0
[  266.276664][ T5962]  ? __pfx_panic+0x10/0x10
[  266.278352][ T5962]  ? check_panic_on_warn+0x1f/0xb0
[  266.280263][ T5962]  check_panic_on_warn+0xab/0xb0
[  266.281798][ T5962]  __warn+0xf6/0x3c0
[  266.283079][ T5962]  ? hci_conn_timeout+0x11a/0x210
[  266.284618][ T5962]  report_bug+0x3c3/0x580
[  266.285964][ T5962]  ? hci_conn_timeout+0x11a/0x210
[  266.287541][ T5962]  handle_bug+0x184/0x210
[  266.288938][ T5962]  exc_invalid_op+0x17/0x50
[  266.290415][ T5962]  asm_exc_invalid_op+0x1a/0x20
[  266.292004][ T5962] RIP: 0010:hci_conn_timeout+0x11a/0x210
[  266.293859][ T5962] Code: 00 e8 7a 51 70 f7 4c 89 f1 4c 89 e2 48 c7 c6 20 1e b7 8c 48 c7 c7 40 4f 5c 90 e8 11 e5 86 fa e9 4d ff ff ff e8 57 51 70 f7 90 <0f> 0b 90 e8 4e 51 70 f7 48 8d bb f5 f6 ff ff 48 b8 00 00 00 00 00
[  266.299854][ T5962] RSP: 0018:ffffc90003cf7c30 EFLAGS: 00010293
[  266.301698][ T5962] RAX: 0000000000000000 RBX: ffff88803be54948 RCX: ffffffff8a4ad6ff
[  266.304139][ T5962] RDX: ffff888028ffa480 RSI: ffffffff8a4ad7a9 RDI: 0000000000000005
[  266.306523][ T5962] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000
[  266.308930][ T5962] R10: 00000000ffffffff R11: 0000000000002b81 R12: ffff88803be54000
[  266.311783][ T5962] R13: 0000000000000000 R14: ffffffff9060e154 R15: ffffc90003cf7d10
[  266.314940][ T5962]  ? hci_conn_timeout+0x6f/0x210
[  266.316846][ T5962]  ? hci_conn_timeout+0x119/0x210
[  266.318418][ T5962]  process_one_work+0x9cf/0x1b70
[  266.319897][ T5962]  ? __pfx_process_one_work+0x10/0x10
[  266.321430][ T5962]  ? assign_work+0x1a0/0x250
[  266.322954][ T5962]  worker_thread+0x6c8/0xf10
[  266.324453][ T5962]  ? __kthread_parkme+0x19e/0x250
[  266.326024][ T5962]  ? __pfx_worker_thread+0x10/0x10
[  266.327676][ T5962]  kthread+0x3c5/0x780
[  266.328986][ T5962]  ? __pfx_kthread+0x10/0x10
[  266.330461][ T5962]  ? rcu_is_watching+0x12/0xc0
[  266.331984][ T5962]  ? __pfx_kthread+0x10/0x10
[  266.333601][ T5962]  ret_from_fork+0x56a/0x730
[  266.335146][ T5962]  ? __pfx_kthread+0x10/0x10
[  266.336672][ T5962]  ret_from_fork_asm+0x1a/0x30
[  266.338312][ T5962]  </TASK>
[  266.340104][ T5962] Kernel Offset: disabled
[  266.341636][ T5962] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:04:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000080000 RBX=ffff88802ac7e025 RCX=ffffc90006ed1000 RDX=0000000000080000
RSI=ffffffff8b4e0284 RDI=0000000000000005 RBP=0000000000000000 RSP=ffffc900043478a8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=ffff88802ac7e029 R13=ffffc90004347948 R14=ffff88802ac7e6c0 R15=0000000000000004
RIP=ffffffff81bb2966 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f0a4e3f66c0 ffffffff 00c00000
GS =0000 ffff8880d6e55000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000002000 CR3=000000004ebac000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000040002 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f07c4bf600 000055f07c4bf600
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd3aa30c30 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff85206560 RDI=ffffffff9ab6fae0 RBP=ffffffff9ab6faa0 RSP=ffffc90003cf7548
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff356dfae R15=dffffc0000000000
RIP=ffffffff85206587 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6f55000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000000080 CR3=000000004ab49000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcd579e896
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcd579e896 00007ffcd579e89c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be4812fbe
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be4812fcb
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be4812fc5
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be4812fd9
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be481305f
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be481313d
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be49b74a8 00007f0be49b74a0 00007f0be49b7498 00007f0be49b7470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be551d100 00007f0be49b7460 00007f0be49b0004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0be49b74b8 00007f0be49b74b0 00007f0be49b74a8 00007f0be49b74a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000005 RBX=ffff88805e665458 RCX=ffffc900036f6ecc RDX=0000000000000002
RSI=ffffffff8e1c3620 RDI=ffff88805e665458 RBP=0000000000000001 RSP=ffffc900036f6e88
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000006abb
R12=ffffffff8e1c3620 R13=ffffc900036f6ecc R14=0000000000000002 R15=0000000000000002
RIP=ffffffff8b51c4f0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd44c1f16c0 ffffffff 00c00000
GS =0000 ffff8880d7055000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00002000008e3000 CR3=0000000036829000 CR4=00352ef0
DR0=0000000000000000 DR1=000000000000000e DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffbe4fb466
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffbe4fb466 00007fffbe4fb46c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b412fbe
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b412fcb
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b412fc5
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b412fd9
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b41305f
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b41313d
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b5b74a8 00007fd44b5b74a0 00007fd44b5b7498 00007fd44b5b7470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44c11d100 00007fd44b5b7460 00007fd44b5b0004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd44b5b74b8 00007fd44b5b74b0 00007fd44b5b74a8 00007fd44b5b74a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000003a0cbfc1 RBX=0000000000000000 RCX=00007f0a5018eec9 RDX=0000000000000064
RSI=0000000000000000 RDI=0000000000000000 RBP=00007fffbd098c2c RSP=00007fffbd098bd0
R8 =0000001dbd098cbf R9 =00000000000927c0 R10=0000000000000001 R11=0000000000000246
R12=0000000000000137 R13=00000000000927c0 R14=00000000000404b1 R15=00007fffbd098c80
RIP=00007f0a5004eae4 RFL=00000202 [-------] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556371e500 ffffffff 00c00000
GS =0000 0000000000000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ff9ef8e3e9c CR3=000000004ebac000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0003000800140006 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffbd098d76
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffbd098d76 00007fffbd098d7c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0a50212fbe
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0a50212fcb
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0a50212fc5
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0a50212fd9
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0a5021305f
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0a5021313d
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 907c222cd4ac058d b3cde99e17ae192a 5496095f733dd6f9 a91ec95ffda193ce
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c2cd148632d20992 5c95a4507449309f d88e0710907c0004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 17ae192a5496095f 733dd6f9a91ec95f fda193cee77eef52 7554b80429f57a61
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000