last executing test programs:

19.746298296s ago: executing program 3 (id=831):
mlockall(0x6)
r0 = shmget(0x1, 0x1000, 0x400, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffb000/0x2000)=nil, 0x1000)
brk(0x689d80000003)
brk(0x17ffffffb)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x80042, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f0000000340)={0x42})
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000140)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x1000000, &(0x7f0000000200)='}n*(&[\\#-+{/-[.-*\'#{\x00')
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x28, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x10, 0x145, 0x0, 0x1, [@nested={0xc, 0x9, 0x0, 0x1, [@typed={0x8, 0x24, 0x0, 0x0, @fd}]}]}, @typed={0x4, 0x2}]}, 0x28}}, 0x4040040)
syz_clone3(&(0x7f0000000500)={0x280041800, &(0x7f0000000240), &(0x7f0000000280)=<r3=>0x0, &(0x7f00000002c0), {}, &(0x7f0000000300)=""/135, 0x87, &(0x7f00000003c0)=""/237, &(0x7f00000004c0)=[0xffffffffffffffff, 0x0], 0x2}, 0x58)
capset(&(0x7f0000000580)={0x20080522, r3}, &(0x7f00000005c0)={0x3, 0xaf6, 0x1, 0x0, 0x2, 0xff5d})
mknod(&(0x7f0000000080)='./bus\x00', 0x4, 0x6)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000)='jfs\x00', 0x8080, &(0x7f00000001c0)='Ricarl\x00')

19.617412111s ago: executing program 3 (id=834):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
futex(&(0x7f0000000340)=0x1, 0x8, 0x1, 0x0, 0x0, 0x2)
pipe2(0x0, 0x4800)
vmsplice(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x40000)
timer_create(0x3, 0x0, &(0x7f0000044000)=<r3=>0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r4=>0x0, <r5=>0x0})
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {r4, r5+60000000}}, 0x0)
timer_gettime(r3, &(0x7f0000000140))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)
sendmsg$IPVS_CMD_NEW_SERVICE(r6, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="1000ca400000"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x24000015)

19.533843105s ago: executing program 3 (id=837):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'dummy0\x00', 0x2}) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) (async)
r3 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$sock_int(r3, 0x1, 0xc, &(0x7f0000000000)=0x4806, 0x4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3b5c4a213642cd848e61e16b240d8b318efa89ca628444c4fc4026bd3dfd3bee3b628cb07b5d3f0c7578d42700a12002818ae366481ab20008197d723ad528fb934af4fc9fb11961a4dcd5aa7d39f7c9274ee6838d4ad0b4ad1573143eb5b4c96c45d704d71cc8a178786c85", @ANYRESOCT=r2, @ANYRESHEX=r1], 0x38}, 0x1, 0x0, 0x0, 0x4018004}, 0x0) (async)
timer_settime(0x0, 0x1, &(0x7f0000000440)={{0x0, 0x3938700}, {0x77359400}}, &(0x7f00000006c0))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4) (async)
r5 = socket$unix(0x1, 0x1, 0x0) (async)
r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
recvmmsg(r6, &(0x7f0000005400)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x40000041, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0}) (async)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, 0x0, 0x0) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
r8 = socket$kcm(0x11, 0x3, 0x0) (async)
mount$9p_virtio(&(0x7f0000000040), &(0x7f00000001c0)='.\x00', &(0x7f0000000080), 0x4, &(0x7f0000000140)={'trans=virtio,', {[{@version_u}]}}) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
sendmsg$kcm(r8, &(0x7f0000000080)={&(0x7f0000001340)=@hci={0x1f, 0x5865, 0x31}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000040)="b8b2821400000081000000008100", 0xe}], 0x1}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001600)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffb, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0xfffffffffffffff8}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {0x2, 0xb}, {0xd, 0x5}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) (async)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
socket$kcm(0x2, 0xa, 0x2) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) (async)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x183400, 0x119)

19.522666952s ago: executing program 3 (id=841):
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xf0, 0x10, 0x200, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x9, 0x0}, @in=@local, 0x4e23, 0x0, 0x0, 0x2000, 0xa, 0x0, 0x0, 0x2b}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc, 0xfffffffc}, 0x70bd27, 0x1, 0x2, 0x0, 0x2}}, 0xf0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x25dfdbfd, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="842a0a65bd8c2b", 0x7)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r0)
sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000500)={0x138, r3, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x8c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x40}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_NODE={0x6c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x564}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "4dc8dea6c6d2bd6b70d85f4e62b03760791a6930130681a6f10d490b3b28923f53"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r4, 0x1, 0x0, 0x0, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0xfffffff0, @link='broadcast-link\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r5 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000340)={<r6=>r0, 0x3, 0x4, 0x8000000000000000})
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000640)=[@text32={0x20, &(0x7f0000000400)="c4e1f829a08268d2fab9440a0000b85c000000ba000000000f30f30f09672e0f432e0f000fc7af3f000000c4e39d79df0ab8010000000f01c1260f239f0f01190f30", 0x42}], 0x1, 0x42, &(0x7f0000000680)=[@dstype0={0x6, 0xf}], 0x1)
mount(&(0x7f0000000300)=@sg0, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='xfs\x00', 0x0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00\x00\x00P\xf8\xa6\xed\xd3o\xfe+$\x8fa\x18\xc2\x12.}\v>*\n\xc5\'\x85\xf55=\xcc\xf7\x9d\x90\xce{\xbb\xb2x\xa9rSl\xdfiK\xc5\x01\xf3d\xa8,\x84\xe6\xea\x04-\xb4\f3\xa0#N\x16\xc8\x7f]\xe4n\xce\xec\xf6\xe1L\xb7\x96)rd\t\bVA\xbc-\xa8\xac\xf6\xd0\xc2\xa0y1\xba\x13\xea7\x1d0\xa3\xbb\xa9\xe8y\f\xda\x93\xb0:\x8c[\x83\xe9\x1b\xe1\x16\x02\a\x18\xb8\x16\xcd\x8b~\x1e\xdeM-\x89P\x8e\xce\x98\xd3s\xc50\xc3\xb5C\x90\xa7\xa9P\xf7\x9dn\xf0\xc0/\xf4bK,`m9\x86y\xa72\xe8\xfb\x12d\x96Su\xb1\x8c{p\x18\xcd\x11Q\aC\f\xe0\xe7\xd8\x89\xf2:b\x1c\n\x0e\xe1\xe2b\xad')

19.448432759s ago: executing program 3 (id=843):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pivot_root(0x0, &(0x7f00000001c0)='./file0/../file0/../file0\x00')
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000280)="26d1c4df1787ca33b0", 0x0, 0x9})
ioctl$KVM_SET_CLOCK(r2, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000000, 0x4})
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000", @ANYRES8], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r2, 0x4068aea3, &(0x7f0000000080)={0xbc, 0x0, 0x3})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40002, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000140)=""/170, 0xaa, 0x20000000000004)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000300)={0x1fe, 0x3c0, 0x140, &(0x7f0000000440)=[0x6a, 0x81, 0x200, 0x3, 0x9, 0x8, 0x5a05, 0x0, 0x9, 0x3ff, 0x80, 0xffffffffffff1b22, 0x8f16, 0x0, 0x7, 0xc, 0x65a6, 0x2, 0x7, 0x1, 0x80000000, 0x0, 0x8, 0x4, 0x6, 0x1003, 0x9, 0xb08e, 0x1, 0x9, 0x100, 0x10000, 0x9, 0xffffffffffff768f, 0xa22b, 0x1, 0x1, 0xe49e, 0x6, 0x8, 0xa, 0x5, 0x9, 0x3, 0x0, 0x8, 0xf, 0x1, 0x6, 0x40, 0xc8b, 0x8000000000000001, 0x5b, 0x101, 0x7fffffffffffffff, 0x4000000000, 0x5, 0x1, 0x8, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x2ba, 0x9, 0x1, 0x4, 0x7afb, 0x1, 0x5b3, 0xc82, 0x8, 0x4, 0x600000, 0x6, 0x70cd, 0xfffffffffffffffa, 0xb, 0x4, 0xffffffff, 0x2, 0x8001, 0x1, 0x8, 0x100000001, 0x4af, 0xfffffffffffffff7, 0xff, 0x20, 0x316d9f21, 0x4, 0xc, 0x5, 0x9, 0x0, 0x7, 0x8000000000000000, 0x3, 0x2, 0x3, 0x6, 0x2, 0x100, 0xd0fd, 0x8001, 0x9a33, 0x2, 0x7, 0x2, 0x5, 0x828b, 0xc, 0x6, 0x5, 0x80000001, 0x48ce, 0x2, 0x4, 0x1, 0x5, 0x5, 0xffffffffffffffff, 0x701f, 0x0, 0x1, 0x5, 0x80, 0x2]})
fallocate(r4, 0x0, 0x0, 0x1001f0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x3a})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
socket$kcm(0x2, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="14000000040000000400000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r6, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000080)='erofs\x00', 0x20, &(0x7f00000000c0)='overlay\x00')

19.191155256s ago: executing program 3 (id=850):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r2, @ANYBLOB="200001"], 0x38}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a00000001000000dd00000009"], 0x50)
r4 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x343402)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000080)={0x1, 0x4, 0x20})
close_range(r4, r4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020205d0af8ff00000000bea100000000000007010000f8ffffffb702000008000000b7030000ffee0000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000007b7080000000000007b8af8ff00000000bfa2000000f4000007020000f8ffffffb703001f4df74ef142701678789a300008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
r6 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x401)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000001800010002000000000000031d01020008000a00", @ANYRES32, @ANYBLOB='\b\x00\t\x00', @ANYRES32, @ANYBLOB="1500040003000000000300004505a8b9e859abc00100000008000e00", @ANYRES32], 0x44}}, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r6, 0x2288, &(0x7f00000010c0))
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010028bd070000000000000000000800010000000000"], 0x1c}, 0x1, 0x0, 0x0, 0xc04c015}, 0x40000)

4.050249206s ago: executing program 32 (id=850):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r2, @ANYBLOB="200001"], 0x38}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a00000001000000dd00000009"], 0x50)
r4 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x343402)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000080)={0x1, 0x4, 0x20})
close_range(r4, r4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020205d0af8ff00000000bea100000000000007010000f8ffffffb702000008000000b7030000ffee0000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000007b7080000000000007b8af8ff00000000bfa2000000f4000007020000f8ffffffb703001f4df74ef142701678789a300008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
r6 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x401)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000001800010002000000000000031d01020008000a00", @ANYRES32, @ANYBLOB='\b\x00\t\x00', @ANYRES32, @ANYBLOB="1500040003000000000300004505a8b9e859abc00100000008000e00", @ANYRES32], 0x44}}, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r6, 0x2288, &(0x7f00000010c0))
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010028bd070000000000000000000800010000000000"], 0x1c}, 0x1, 0x0, 0x0, 0xc04c015}, 0x40000)

2.320652938s ago: executing program 0 (id=1035):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, 0x0)
ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000540)={0x71, 0x7, 0x8, 0x5, 0x8000})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56", 0x2)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x0)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}], 0x1}, 0x0)
setresgid(0xee00, 0xee01, 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x18200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000a0000205e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c00000000000000ac141408000000000000000000000000000000000000560000000000fdffffff01000000fc020000000000000000000000000000000000003200000000000000fe8000000000000000000000000000bb0235000000000000000002000000000000000000ff010000000000000000000000000001000000003c00000002000000ac1414440000000000000000000000000000000001030000000000000000000000000000ff020000000000000000000000000001000004d33c00000002000000ffffffff0000000000000000000000f98675888413"], 0x23c}}, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(r6, 0x801c581f, &(0x7f0000000000)={0x7, 0xfeb, 0x7, 0x7, 0x81})
r7 = syz_open_dev$vim2m(&(0x7f0000000080), 0x200080000000002, 0x2)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffd000/0x1000)=nil)
ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000040)={0x13, 0x1, 0x2, "7e0efe3287fda55aab2500000000b482b200", 0x30313953})
ioctl$SG_IO(r6, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffb, 0x6, 0x6b, @buffer={0x0, 0x0, &(0x7f0000000140)=""/45}, &(0x7f0000000040)="08b4fffffede", &(0x7f0000000840)=""/4097, 0x8, 0x0, 0x0, 0x0})

2.0707646s ago: executing program 1 (id=1039):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 32)
setsockopt$netrom_NETROM_T2(0xffffffffffffffff, 0x103, 0x2, &(0x7f0000000000)=0xffffffff, 0x4) (async, rerun: 32)
r1 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 32)
r2 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newchain={0x2c, 0x64, 0x2, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xf, 0xffff}, {0xfff3, 0xffee}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x8}}]}, 0x2c}}, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x9}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_u32={{0xffffffffffffff68}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x1, 0x5, 0x1, 0x4, 0x401, 0xe, 0xfffffffa, [{0x200, 0x500, 0x3, 0xe}, {0x6783, 0x2, 0x8001, 0x10}, {0x40000, 0x53, 0xa9, 0x80000001}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x1, 0x5}}]}}]}, 0x7c}}, 0x24044094)

1.957042065s ago: executing program 1 (id=1043):
r0 = userfaultfd(0x80001)
prctl$PR_SET_THP_DISABLE(0x41, 0x1)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000180)=[{0x80000006}]}, 0x10)
getsockopt$sock_buf(r1, 0x1, 0x1a, 0x0, &(0x7f0000001400))
prctl$PR_SET_THP_DISABLE(0x41, 0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x458})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
splice(r2, 0x0, r3, 0x0, 0x1ffc, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x6000}})
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
read$FUSE(r4, &(0x7f0000006380)={0x2020, 0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
syz_fuse_handle_req(r4, &(0x7f0000002300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba701f71864ced67f1ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x130, 0x0, 0x400, {0x0, 0x10, 0x0, '\x00', {0x7ff, 0x7, 0x4, 0x10, r6, 0xffffffffffffffff, 0x1000, '\x00', 0x1, 0x80000002, 0x8, 0x2, {0x80000008103, 0x8}, {0x9, 0x10001}, {0x100000000, 0x7}, {0x9, 0xa82}, 0x70, 0xb, 0x4, 0x6}}}})
write$FUSE_INIT(r4, &(0x7f0000000200)={0x50, 0x0, r5, {0x7, 0x2b, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0x50)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000000)={"6843ef5bb368e67c97b36d5f0fbedb6989dbd9124dce17eea7d10d1e1f96f367", 0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000040)={"ac4d78c9d9b0fec2ef40453ee1e0eab33d18afecb05a3c91e8213c2924486389", r7})

1.909694818s ago: executing program 4 (id=1044):
getpid()
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x4c, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x60}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x190, r2, 0x4, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x4, 0x66}}}}, [@NL80211_ATTR_BEACON_HEAD={0x16f, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xd}, @device_b, @broadcast, @initial, {0x2}, @value=@ver_80211n={0x0, 0x92a, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}}, 0x9, @default, 0x0, @val={0x0, 0x19, @random="aa6338fd2775283a91983fc26a7d047ca7fff768c538dc96a1"}, @void, @void, @void, @void, @val={0x5, 0x73, {0x4, 0xb2, 0x0, "89831f1370c3d01bddee633488967bea5549405b7245fcd2748bd8181ece2393fd98d5a091045ff11ae308727344e257e1b6c80452a23076763eed4be55af24af65ad9501afc97aa6a50abc172fb2202c408bf6715f03cd0e61c5c619b0764ab5758f6330fd71ae55041bfe14fdad5bd"}}, @val={0x25, 0x3, {0x1, 0xaf}}, @val={0x2a, 0x1, {0x1, 0x0, 0x1}}, @val={0x3c, 0x4, {0x1, 0x2, 0x66, 0x4}}, @val={0x2d, 0x1a, {0x2, 0x3, 0x5, 0x0, {0x2d48f4cb00, 0x3, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x6, 0x9, 0x7}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0x1, 0xffffffffffffffff, 0x1, 0xf, 0x40}}, @void, [{0xdd, 0x76, "77787a1063a11280d6514211486b1dda5ebe55d234d5da4ce981e91600563e66108a53a356a8b2bebdaca839df2b675b9b9be5a24641e6abaa3b695919fba00443445eff16e25a955889d4bc5eac4d4f63fb7d1db5fefbb142ac7d4f294017f5c77082c34464087b0835008143c4097820750d213242"}]}}]}, 0x190}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
r6 = syz_genetlink_get_family_id$nl80211(0x0, r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, 0x0, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r6, 0x20, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x48}, @void, @val={0xc, 0x99, {0x0, 0x2e}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4c80}, 0x4000009)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x15)

1.840864348s ago: executing program 4 (id=1046):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000061"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100)={'#! ', './file0'}, 0xb) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) (rerun: 64)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (rerun: 64)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) (async, rerun: 64)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) (rerun: 64)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)={0x14, 0x16, 0xf15, 0x0, 0x0, "", [@typed={0xc20}]}, 0x14}], 0x1}, 0x0)

1.678281238s ago: executing program 4 (id=1051):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000180)="f345e199f3a766baf80cb85957d68eef66bafc0cb0f1ee460f01cbc744240000000000c74424021bde0000c7442406000000000f011424c403e97d4c2300fc66baf80cb840d01f8def66bafc0c66ed660f3a42c8008fa938930dd14ce8ae66460f388188fc750856", 0x68}], 0x1, 0x3, 0x0, 0x0) (async)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x8, 0x8a, 0x7fffffffffffe, 0xfffffffffffffffd, 0x2, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x6, 0x8, 0x10, 0x2, 0x3, 0x0, 0x3], 0x3000, 0x1011c4}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async, rerun: 64)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) (async, rerun: 64)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) (async)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000535000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000000)="660fc6d599ba4300b80000ef360fc7b9007866b80500000066b90d0000000f01d90f01df66b8010000000f01d93e81e700470f30ba4300b000eef4", 0x3b}], 0x1, 0x21, &(0x7f0000000100), 0x0)

1.445012482s ago: executing program 0 (id=1053):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x1418, 0x1, 0x0, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x44810)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "02080a", 0x8, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[@routing={0x29, 0x0, 0x0, 0xad}]}}}}}, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)

1.443474113s ago: executing program 4 (id=1054):
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf64(r0, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x6, 0x5, 0x40, 0x6, 0x2, 0x3, 0x7, 0x36f, 0x40, 0x1ce, 0x4, 0x200, 0x38, 0x4, 0x5, 0xad, 0x48bf}, [{0x4, 0x10000, 0x81, 0x5, 0x6e6, 0x4, 0x3b7, 0x6}, {0x60000000, 0x7, 0x6, 0x1, 0x548, 0x7fff, 0x4, 0x5}, {0x70000000, 0x6, 0xfffffffffffffffa, 0x3, 0x6, 0x4, 0x15, 0xd}, {0x2, 0xf, 0x0, 0x7ff, 0x0, 0x2, 0xbac7, 0x2}], "8f6ff560ad1c3adb7a24411f4c37f4e99f50dfbe2e60e0e9cb14b908a695061215db944897bfa31796813f020808a475c3e79ea6ce19ce4aa12004e2aada32b01e786aa4062864d720537805a8d8e6e82c9629ce7c38b9a4d27b8f5510c96e682cfa1f62fa4f499ebd20fd34c68c", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x68e)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_int(r1, 0x0, 0x2, &(0x7f0000000040)=0xff, 0x4)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) (async)
write$binfmt_elf64(r0, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x6, 0x5, 0x40, 0x6, 0x2, 0x3, 0x7, 0x36f, 0x40, 0x1ce, 0x4, 0x200, 0x38, 0x4, 0x5, 0xad, 0x48bf}, [{0x4, 0x10000, 0x81, 0x5, 0x6e6, 0x4, 0x3b7, 0x6}, {0x60000000, 0x7, 0x6, 0x1, 0x548, 0x7fff, 0x4, 0x5}, {0x70000000, 0x6, 0xfffffffffffffffa, 0x3, 0x6, 0x4, 0x15, 0xd}, {0x2, 0xf, 0x0, 0x7ff, 0x0, 0x2, 0xbac7, 0x2}], "8f6ff560ad1c3adb7a24411f4c37f4e99f50dfbe2e60e0e9cb14b908a695061215db944897bfa31796813f020808a475c3e79ea6ce19ce4aa12004e2aada32b01e786aa4062864d720537805a8d8e6e82c9629ce7c38b9a4d27b8f5510c96e682cfa1f62fa4f499ebd20fd34c68c", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x68e) (async)
socket$inet(0x2, 0x4000000000000001, 0x0) (async)
setsockopt$inet_int(r1, 0x0, 0x2, &(0x7f0000000040)=0xff, 0x4) (async)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) (async)

1.441149216s ago: executing program 0 (id=1056):
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000070961c40e90f55dbfb690102c9030902120001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0xa840, 0x582)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000100)={&(0x7f0000000500)=[{0xfffc, 0x0, 0x4f, &(0x7f0000000940)="23f038b55203532c39deec170c57fb4f72e76c092284fa21a52f0236ae528420f491fbd5b412213ea292d441c110bb7c5e5d5e0a8ad42d3002f23cbfe2a902ac9e17449ce3d2e815a8d90d3c8171e0"}], 0x1})
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (rerun: 64)
open_tree(r3, &(0x7f0000000640)='\x00', 0x89901) (async)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x30, 0x2, 0x3, 0x401, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x8}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x2, 0x1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000010}, 0x800)
r4 = epoll_create1(0x0) (async, rerun: 32)
r5 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
setsockopt$sock_int(r5, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) (async, rerun: 32)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000100)={0xa0028000}) (async, rerun: 32)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha1\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
r6 = accept4(r1, 0x0, 0x0, 0x800)
lsm_get_self_attr(0x2, 0x0, &(0x7f0000001280), 0x0) (async, rerun: 64)
sendmmsg$alg(r6, &(0x7f00000063c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000c40)="97b5ee06edbce480b6bdc020061952fd2661e171449c341cf2c2c9b0e932aaba", 0x20}], 0x1, 0x0, 0x0, 0x14}], 0x1, 0x800) (async, rerun: 64)
recvmsg$can_raw(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000080)=""/30, 0x1e}, {&(0x7f00000000c0)=""/170, 0xaa}], 0x2}, 0x12081)

1.348656278s ago: executing program 4 (id=1059):
madvise(&(0x7f0000bdd000/0x1000)=nil, 0x1000, 0x65)
mprotect(&(0x7f0000bdd000/0x2000)=nil, 0x2000, 0x4000006)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r0=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000040)={&(0x7f0000bde000/0x1000)=nil, 0x7ff, 0x1})
syz_clone(0x2000, 0x0, 0xffffffe0, 0x0, 0x0, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r1)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
r5 = socket(0x1e, 0x4, 0x0)
r6 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r7 = dup3(r6, r5, 0x0)
recvmmsg(r7, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1, 0x0, 0xfffffffffffffc88}, 0xffffffff}], 0x1, 0x40000001, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r8, <r9=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10)
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r4, 0x0, 0x0, 0x0, 0x3, [<r11=>0x0, 0x0, 0x0, <r12=>0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x2, [r11, 0x0, 0x0, r12], [0x2b8]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000001c0)={r11})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r13=>r0, {0x8001}}, './file0\x00'})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x9, [@ptr={0x2}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x2}, @type_tag={0xa, 0x0, 0x0, 0x12, 0x1}, @volatile={0xf}, @restrict={0x8, 0x0, 0x0, 0xb, 0x5}, @enum64={0x1, 0x0, 0x0, 0x13, 0x1, 0x8}]}, {0x0, [0x2e, 0x61, 0xb3, 0x30, 0x61, 0x0, 0x5f]}}, &(0x7f0000000100)=""/58, 0x69, 0x3a, 0x0, 0x4, 0x10000, @value=r13}, 0x28)

1.210758632s ago: executing program 0 (id=1062):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x22}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r1 = openat2$dir(0xffffff9c, &(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x3c, r3, 0x1, 0x70bd2d, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x45}, 0x8014)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r2, 0x40047211, &(0x7f0000000000)=0x20)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff0000002071a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010071ec7c45f2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050505f8e6fb0fd7ddcb12b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c20500000000000000cceaede3faedc51d29a47fc8136bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b001000000a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72323cc924e627f2f4b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fda4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b0600000000000000564a2b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1a5e1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9cdf99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f9166965a53beb05142e1b1550a8cb7852f6750b6ec962802c0320f8059195729d60c534ee8e8ff0010067fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b9617432e251d14b283f7d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b0000000032a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6fd9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205111b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e800fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a086535bd07820e690d2755768612bb7330a8b285f2584892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd0700000000000011b64b378ee96af15cbbc65d72ae980b6df22b5ca3ea377f36beb44b45c6f84b3f4d2c62ca91b4df16fc8cc5d18b35213e5f67ec200e768ab28feaff2195724b2965ebca822af6c0a4e598d34f9b5f1eb43de209cd5541fe72d89d5f9819c1529c242b72ccdb9541e54fcccf12457df695126458ebffaaebe98748dea4f0a0b0a1683ff327ca05070000000000000088a571761be31e4fdd530604d32149c22f81adc983adc81b335d0579f47763a97af46500c91d5b2640242661beca1b4e695f7aac5ae46a72ac99ec395bdf16e3fc75e7acbb2d10060bef6a793082f8cfd4721588787c8a8c6257a8a11d49f7f7ed9de6efb7dd8058fb0c8125ee9c1691afa39b5a70d489efcd3e95a483c59f8fa7443e795eac454a68ab647e0d5381df6528858895d57274e97046659ac9488c85e5728987fa9d43660eb28b7befbb981f8fde8754d792146e49ee14bff102540e247a8780c80e3ff0688e8cb5c500446756d0b76244766deecc69c4c3435c125f0f06c772a051b690113e59485586e0ff"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$msr(r0, &(0x7f0000000280)=""/29, 0x1d)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r8, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r9 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r9, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r9, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r8, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r9, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000180)="400f78112e670f797200c744240013010000c744240206000000ff2c24420f01ca0f01c564400fc76c8a41b937030000b8b7850000ba000000000f3066b825008ed0440f01f866ba4000ec", 0x4b}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000100)={0x2, 0x1, 0x0, 0x0, 0xfffffff7})
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000240)={0x8000000000000001, 0x3, 0x0, 0xfffffffb})

1.130859791s ago: executing program 4 (id=1064):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_connect(0x0, 0x1b, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x94}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

1.070350352s ago: executing program 1 (id=1066):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa33"], 0xfdef)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

881.058346ms ago: executing program 1 (id=1069):
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc0045540, &(0x7f00000003c0)=0x7f)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000180), 0x0, 0x28401)
ioctl$BLKFRASET(r2, 0x1264, &(0x7f0000000240)=0x80000000)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x1000000, 0x0, 0x1, 0x0, &(0x7f0000000280)="f8"})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000380)='gid_map\x00')
write$cgroup_int(r5, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
setsockopt$sock_timeval(r5, 0x1, 0x43, &(0x7f0000000440)={0x0, 0xea60}, 0x10)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0x2, 0x10}, {0xd, 0x4}, {0xe, 0x9}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000808}, 0x0)

800.723077ms ago: executing program 0 (id=1072):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000010"]) (async)
r3 = socket$netlink(0x10, 0x3, 0x0) (async)
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r4, 0x114, 0x6, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8, 0x5, 0x20000000}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x8c}}, 0x0)
dup3(r3, r1, 0x80000) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x44, 0x2c, 0x200, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xd, 0x3}, {0xfff1, 0xd}, {0xf, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0x4}, @TCA_CHAIN={0x8, 0xb, 0x101000}, @TCA_RATE={0x6, 0x5, {0x9, 0x3}}, @TCA_CHAIN={0x8, 0xb, 0x332}]}, 0x44}, 0x1, 0x0, 0x0, 0x48014}, 0x100) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)

480.04247ms ago: executing program 0 (id=1076):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x2, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r2, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x5e}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
sendmmsg$inet(r1, &(0x7f00000005c0)=[{{&(0x7f0000000100)={0x2, 0x4e20, @loopback}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)}], 0x1}}, {{&(0x7f00000001c0)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x2, 0x4000)
listen(r0, 0xfffffffd)
r3 = socket$netlink(0x10, 0x3, 0x4)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
r4 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r4, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4, 0x927c0})
r5 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_BEGIN_FF_ERASE(r7, 0xc00c55ca, &(0x7f0000000040)={0xa, 0x1000, 0x6a38})
r8 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r8, 0xc0205648, &(0x7f0000000000)={0x9f0000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
copy_file_range(r6, 0x0, r5, &(0x7f00000000c0)=0x8800003, 0x6, 0x0)
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0x8, 0x3})

400.828ms ago: executing program 2 (id=1077):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
syz_emit_ethernet(0x56, &(0x7f0000000880)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "01044a", 0x20, 0x3a, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, '\x00\x00\x00\x00\x00\x00'}]}}}}}}, 0x0)
r1 = semget$private(0x0, 0x4000000009, 0x38e)
semop(r1, &(0x7f0000000000)=[{0x2, 0x9}, {0x2, 0x11, 0x1000}, {0x1, 0xa394, 0x1000}], 0x3)
semctl$IPC_RMID(r1, 0x0, 0x0)
semctl$SEM_STAT_ANY(r1, 0x0, 0x14, &(0x7f0000000000)=""/153)
r2 = getuid()
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1fe, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000240)="c4e23da76db3360f01ca9a6cabf48a4400b3b320c035100000000f22c02ef20f2014f366df2e35200000000f22d8f080242500000000e10f225f66baf80cb822891a80ef66bafc0cecc7442400407b07c4c74424027f2bfb22c7442406000000000f011c24", 0x65}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x20, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x800)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {<r7=>0xee01, 0xee00}}, './file0\x00'})
getresgid(&(0x7f00000001c0), &(0x7f0000000200)=<r8=>0x0, &(0x7f0000000240))
semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000280)={{0x2, r2, r6, r7, r8, 0x40, 0xdc0}, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4})

209.778083ms ago: executing program 2 (id=1078):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='gadgetfs\x00', 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
syz_emit_ethernet(0x0, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x7, 0x28, 0x64, 0x0, 0x1, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x2, 0x0, 0xe83}}}}}}, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000080)='discard', &(0x7f0000000200)='\t', 0x1)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1000, 0x3})
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000240))

209.540551ms ago: executing program 2 (id=1079):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001e000100000000000000000007000000", @ANYRES32=0x0, @ANYBLOB='@\x00\x00\x00'], 0x1c}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000200)={'#! ', './file0', [], 0xa, "abf300c05c5c152550d5132caf0a3d156bb995a43640fe48cf51d40f170ad020a79b7c32abb7ded4607e72236619cdda10feead7ce8b09a33331696e7cac6de0ddf73f4fa34797a85c83d6f17ca6d79f154b200119191f02f87ed07facb9130f68ed0f58c25a4ffb70a94860f2358ccb8d8d2120b3961b3c7c289a8e3482e46a80201b1b941d6fb4f6421cbdeac4a37d622c80ee93be339f371b9dd6fc13193973f62e8e8b771ee4ca212533caa9"}, 0xb9)
write$UHID_CREATE2(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1d"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x2010, r1, 0x40863000) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x2010, r1, 0x40863000)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040)=<r2=>0x0)
bind$nfc_llcp(r1, &(0x7f0000000080)={0x27, r2, 0x1, 0x4, 0x0, 0x5d, "3dbd7043e8bc9174b969106daaa48f2c1dbc315acbc9512d2378624716305ed29272235f7c9187352a4addd5e377b4a23c8ae197e118c2515c6fcb49945e13", 0x24}, 0x60)

150.267813ms ago: executing program 2 (id=1080):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000005c0)={'vxcan1\x00', <r1=>0x0})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xffff, 0xb}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_EMATCHES={0x20, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0x9, 0x0, 0x1}, "01"}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0xa0000)
read$FUSE(r2, &(0x7f00000007c0)={0x2020}, 0x2020)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x498d02, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x2})
ioctl$TUNSETDEBUG(r7, 0x400454c9, 0xffffffffffffffff)
ioctl$TUNSETNOCSUM(r7, 0x400454c8, 0x1)
bind$can_raw(r0, &(0x7f0000000780)={0x1d, r1}, 0x10)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000140))
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0)

89.401367ms ago: executing program 2 (id=1081):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="04010000100001000000000000000000ffffffff0000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000002b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea900e5776c9b5bb915aeb5dc80000eaffffff000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000e0000000000000000000000000000000000000000000000000000000000000000000a000400420000000000000014000e00fc00000000ffe60000000000000000006cc80b540d0df0047bac5f61004dc1bae2cb92b34385a9fb5eae3e25664c6de7d956e5bdea50148e40c2db0efeb9cb8b00795ea45f6eb743649129632c740da161ff739ec516116a7074349dd80a90f6a34c332725a9152fe6db847b953afbd4955a3b541b38caf577fe6c6edfe5f1686a983ca2d1a168301655bf914ad69d3f930bd0252b887aef6ff988a5471bd0e11a056b780d22b0866897fe6e2ce62481aca5939fc313a22663111c33e8dc170e6f938d3af90e83e53b6ca88d6580d9289e8d333b8e634812eaf68b1b119fcf0663b539067aa70e5816fbc44f735000"/436], 0x104}}, 0x0)
r3 = eventfd2(0x8001, 0x0)
r4 = eventfd2(0xfffffffe, 0x1)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000200)={r3, 0xffff, 0x2, r4})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000c40)={0xffffffff})

10.628908ms ago: executing program 1 (id=1082):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setreuid(0xee01, 0xee01)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000007feffff720af0fff8ffffff71a4f0ff0000000061100000000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67"], &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

373.023µs ago: executing program 1 (id=1083):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80801)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) (async)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002040)={0xaa, 0x22c}) (async)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002040)={0xaa, 0x22c})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
r1 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$selinux_access(r1, &(0x7f0000000140)={'system_u:object_r:devicekit_exec_t:s0', 0x20, '/usr/lib/telepathy/mission-control-5', 0x20, 0x4}, 0x60) (async)
write$selinux_access(r1, &(0x7f0000000140)={'system_u:object_r:devicekit_exec_t:s0', 0x20, '/usr/lib/telepathy/mission-control-5', 0x20, 0x4}, 0x60)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000007feffff720af0fff8ffffff71a4f0ff0000000061100000000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67"], &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})

0s ago: executing program 2 (id=1084):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20, 0x0, 0xfe}, [@RTA_GATEWAY={0x14, 0x5, @loopback}]}, 0x30}, 0x1, 0x0, 0x0, 0x2400c0c1}, 0x8000)
r2 = socket$kcm(0x2, 0xa, 0x2)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0xaa}, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
ioctl$VIDIOC_S_CROP(r6, 0x4014563c, &(0x7f0000000040)={0x9, {0x2, 0x300, 0x2ff, 0x300}})
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = dup3(r7, r5, 0x0)
read$msr(r8, 0x0, 0x0)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_emit_ethernet(0x16, 0x0, 0x0)
syz_usb_control_io$hid(r9, 0x0, 0x0)
syz_usb_control_io$hid(r9, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0x8, "9e3ce079"}]}}, 0x0}, 0x0)
r10 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGFIELDINFO(r10, 0xc038480a, &(0x7f0000000080)={0x1, 0x200, 0x10ac, 0x4, 0x7, 0x82, 0x4, 0x5, 0x1, 0x6, 0x7, 0x3ff, 0x1, 0x54})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x1, 0xffffffff, {}, {}, {}, 0x1, @can={{0x2, 0x0, 0x1, 0x1}, 0x5, 0x2, 0x0, 0x0, "001bd300058edb7c"}}, 0x48}, 0x1, 0x0, 0x0, 0x881}, 0x0)
syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x94a, 0xffffdd86}}}}}}}, 0x3e)

kernel console output (not intermixed with test programs):

tered forwarding state
[   54.652269][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.655135][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.673464][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.676280][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.699287][ T5975] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   54.703603][ T5975] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.734551][ T5969] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.747085][   T40] audit: type=1400 audit(1758271842.049:89): avc:  denied  { sys_module } for  pid=5975 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   54.760866][ T5969] 8021q: adding VLAN 0 to HW filter on device team0
[   54.770061][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.772218][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.792918][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.795489][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.871242][ T5982] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.884930][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.922055][ T5982] veth0_vlan: entered promiscuous mode
[   54.946071][ T5982] veth1_vlan: entered promiscuous mode
[   54.957794][ T5975] veth0_vlan: entered promiscuous mode
[   54.971273][ T5968] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.976127][ T5975] veth1_vlan: entered promiscuous mode
[   55.006775][ T5982] veth0_macvtap: entered promiscuous mode
[   55.017100][ T5982] veth1_macvtap: entered promiscuous mode
[   55.032762][ T5969] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.044133][ T5975] veth0_macvtap: entered promiscuous mode
[   55.055577][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.061284][ T5975] veth1_macvtap: entered promiscuous mode
[   55.072223][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.088256][ T5968] veth0_vlan: entered promiscuous mode
[   55.096619][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.107756][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.118260][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.127965][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.132170][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.137108][ T5968] veth1_vlan: entered promiscuous mode
[   55.148385][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.171775][ T1146] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.175256][ T1146] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.195998][ T1146] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.199375][ T1146] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.202416][ T5969] veth0_vlan: entered promiscuous mode
[   55.216384][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.219427][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.235557][ T5968] veth0_macvtap: entered promiscuous mode
[   55.243411][ T5969] veth1_vlan: entered promiscuous mode
[   55.248855][ T5968] veth1_macvtap: entered promiscuous mode
[   55.272742][ T1229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.275591][ T1229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.276880][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.279985][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.281692][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.308723][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.323632][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.328653][   T61] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.329254][ T5982] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   55.333625][   T61] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.340177][   T61] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.345611][ T5969] veth0_macvtap: entered promiscuous mode
[   55.349517][ T1229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.353144][ T1229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.354509][ T5969] veth1_macvtap: entered promiscuous mode
[   55.387943][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.392252][ T6056] process 'syz.0.1' launched './file0' with NULL argv: empty string added
[   55.404666][ T5969] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.410129][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.412645][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.414369][   T94] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.420112][   T94] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.430450][   T94] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.433154][ T6058] usb usb9: usbfs: process 6058 (syz.1.2) did not claim interface 0 before use
[   55.443858][   T94] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.460844][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.464003][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.472349][ T6059] binder: 6055:6059 ioctl c0306201 200000000540 returned -22
[   55.508846][ T6062] 9pnet_virtio: no channels available for device À
[   55.523445][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.525914][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.555396][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.558624][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.653115][ T6074] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6074 comm=syz.2.3
[   55.658500][ T6074] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   55.747727][ T6078] QAT: failed to copy from user.
[   55.892291][ T6100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16'.
[   55.899507][ T6100] netlink: 'syz.2.16': attribute type 3 has an invalid length.
[   55.938558][ T6106] binder: 6097:6106 ioctl c0306201 200000000540 returned -22
[   56.030169][ T6112] Zero length message leads to an empty skb
[   56.032125][ T6110] netlink: 8 bytes leftover after parsing attributes in process `syz.2.19'.
[   56.098800][ T6123] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   56.160763][ T6128] Bluetooth: MGMT ver 1.23
[   56.272350][ T6135] could not allocate digest TFM handle cbcmac-aes-ce
[   56.293954][ T6142] warning: `syz.1.25' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   56.294014][ T5332] Bluetooth: hci0: command tx timeout
[   56.299948][   T63] Bluetooth: hci1: command tx timeout
[   56.299990][ T5983] Bluetooth: hci2: command tx timeout
[   56.300029][ T5974] Bluetooth: hci3: command tx timeout
[   56.317468][ T6143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.29'.
[   56.460878][ T6161] Bluetooth: MGMT ver 1.23
[   56.502156][ T6167] netlink: 'syz.2.36': attribute type 1 has an invalid length.
[   56.505448][ T6167] netlink: 224 bytes leftover after parsing attributes in process `syz.2.36'.
[   56.734603][ T6172] erofs (device loop2): cannot find valid erofs superblock
[   57.028182][ T6132] Bluetooth: hci0: Opcode 0x080f failed: -4
[   57.059798][   T40] kauditd_printk_skb: 118 callbacks suppressed
[   57.059815][   T40] audit: type=1400 audit(1758271844.369:208): avc:  denied  { create } for  pid=6177 comm="syz.3.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   57.065258][ T6178] input: syz0 as /devices/virtual/input/input6
[   57.071990][   T40] audit: type=1400 audit(1758271844.369:209): avc:  denied  { setopt } for  pid=6177 comm="syz.3.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   57.078624][   T40] audit: type=1400 audit(1758271844.369:210): avc:  denied  { append } for  pid=6177 comm="syz.3.40" name="comedi3" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.092206][   T40] audit: type=1400 audit(1758271844.379:211): avc:  denied  { read } for  pid=5367 comm="acpid" name="event4" dev="devtmpfs" ino=2839 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.100065][   T40] audit: type=1400 audit(1758271844.379:212): avc:  denied  { open } for  pid=5367 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2839 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.110295][ T6178] isofs_fill_super: bread failed, dev=sr0, iso_blknum=32, block=32
[   57.112075][   T40] audit: type=1400 audit(1758271844.379:213): avc:  denied  { ioctl } for  pid=5367 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2839 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   57.122388][   T40] audit: type=1400 audit(1758271844.399:214): avc:  denied  { connect } for  pid=6177 comm="syz.3.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   57.133419][   T40] audit: type=1400 audit(1758271844.399:215): avc:  denied  { mounton } for  pid=6177 comm="syz.3.40" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   57.142699][   T40] audit: type=1400 audit(1758271844.409:216): avc:  denied  { search } for  pid=6179 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   57.151208][   T40] audit: type=1400 audit(1758271844.409:217): avc:  denied  { search } for  pid=6179 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1897 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   57.258165][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.347481][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.365232][ T6192] FAT-fs (nullb0): bogus number of reserved sectors
[   57.367869][ T6192] FAT-fs (nullb0): Can't find a valid FAT filesystem
[   57.370642][ T6189] FAT-fs (nullb0): bogus number of reserved sectors
[   57.373054][ T6189] FAT-fs (nullb0): Can't find a valid FAT filesystem
[   57.383478][ T6205] netlink: 76 bytes leftover after parsing attributes in process `syz.1.45'.
[   57.567709][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   57.658042][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   57.741233][   T63] Bluetooth: hci1: Malformed Event: 0x2f
[   57.762379][ T6213] cifs: Unknown parameter '¡ó	h!ñRÅl'
[   57.826535][ T6248] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[   58.338224][ T6255] usb usb8: usbfs: process 6255 (syz.3.53) did not claim interface 0 before use
[   58.367714][   T63] Bluetooth: hci2: command tx timeout
[   58.377292][   T63] Bluetooth: hci3: command tx timeout
[   58.377409][ T5332] Bluetooth: hci1: command tx timeout
[   58.379611][   T63] Bluetooth: hci0: command 0x040f tx timeout
[   58.403739][ T6259] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   58.552607][ T6272] binder: 6270:6272 ioctl 4018620d 0 returned -22
[   58.561564][ T6275] =======================================================
[   58.561564][ T6275] WARNING: The mand mount option has been deprecated and
[   58.561564][ T6275]          and is ignored by this kernel. Remove the mand
[   58.561564][ T6275]          option from the mount to silence this warning.
[   58.561564][ T6275] =======================================================
[   58.581857][ T6275] option changes via remount are deprecated (pid=6274 comm=syz.2.59)
[   58.839791][ T6292] new mount options do not match the existing superblock, will be ignored
[   58.852085][ T6294] netlink: 56 bytes leftover after parsing attributes in process `syz.2.64'.
[   59.093088][ T6298] netlink: 24 bytes leftover after parsing attributes in process `syz.3.65'.
[   59.099025][ T6298] netlink: 72 bytes leftover after parsing attributes in process `syz.3.65'.
[   59.177312][ T6053] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[   59.179483][ T6053] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[   59.337851][ T6310] fuse: Bad value for 'fd'
[   59.377988][ T6313] binder_alloc: binder_alloc_mmap_handler: 6312 200000ffd000-200001000000 already mapped failed -16
[   59.379502][ T6314] binder_alloc: 6312: binder_alloc_buf, no vma
[   59.575602][ T6332] capability: warning: `syz.3.73' uses 32-bit capabilities (legacy support in use)
[   59.621979][ T6336] netlink: 'syz.3.77': attribute type 2 has an invalid length.
[   59.670007][ T6344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.672998][ T6344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.769632][ T6357] netlink: 'syz.3.84': attribute type 10 has an invalid length.
[   59.778386][ T6357] team0: Device hsr_slave_0 failed to register rx_handler
[   59.829616][ T6353] block device autoloading is deprecated and will be removed.
[   59.907289][  T840] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   60.064865][  T840] usb 6-1: Using ep0 maxpacket: 8
[   60.071883][  T840] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   60.075514][  T840] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   60.080132][  T840] usb 6-1: Product: syz
[   60.081516][  T840] usb 6-1: Manufacturer: syz
[   60.082991][  T840] usb 6-1: SerialNumber: syz
[   60.130710][ T6388] netlink: 12 bytes leftover after parsing attributes in process `syz.3.94'.
[   60.133891][ T6388] 8021q: VLANs not supported on gre0
[   60.137692][   T29] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   60.289202][   T29] usb 5-1: Using ep0 maxpacket: 8
[   60.294005][   T29] usb 5-1: config 0 interface 0 has no altsetting 0
[   60.298124][   T29] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   60.304406][  T840] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[   60.308622][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.326175][   T29] usb 5-1: config 0 descriptor??
[   60.387674][ T6394] loop7: detected capacity change from 0 to 7
[   60.391896][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.395182][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.397927][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.400978][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.404626][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.407235][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.409811][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.412867][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.416695][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.419570][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.422247][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.425154][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.427936][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.431090][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.434312][ T6394] ldm_validate_partition_table(): Disk read failed.
[   60.437256][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.440710][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.443714][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.446383][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.448114][   T63] Bluetooth: hci0: command 0x040f tx timeout
[   60.448141][ T5332] Bluetooth: hci2: command tx timeout
[   60.448918][ T5332] Bluetooth: hci3: command 0x0419 tx timeout
[   60.451803][ T6053] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   60.457531][ T6053] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[   60.488735][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   60.492306][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[   60.495703][ T6394] Dev loop7: unable to read RDB block 0
[   60.500176][ T6394]  loop7: unable to read partition table
[   60.502256][   T53] usb 6-1: USB disconnect, device number 2
[   60.502948][ T6394] loop7: partition table beyond EOD, truncated
[   60.508132][ T6394] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[   60.520608][   T53] usblp0: removed
[   60.877258][ T6415] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   60.881301][ T6415] block device autoloading is deprecated and will be removed.
[   60.949825][ T6424] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   60.969296][ T6427] 9pnet: Found fid 0 not clunked
[   60.999150][ T6431] 9pnet_fd: Insufficient options for proto=fd
[   61.001416][ T6431] netlink: 696 bytes leftover after parsing attributes in process `syz.2.109'.
[   61.010234][ T6427] netlink: 16 bytes leftover after parsing attributes in process `syz.3.107'.
[   61.050578][ T6431] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[   61.057054][ T6431] 9pnet_fd: Insufficient options for proto=fd
[   61.061474][ T6434] syz.1.110 uses obsolete (PF_INET,SOCK_PACKET)
[   61.142788][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.113'.
[   61.318808][ T6469] netlink: 20 bytes leftover after parsing attributes in process `syz.1.119'.
[   61.515008][ T6484] overlayfs: missing 'lowerdir'
[   62.435278][   T40] kauditd_printk_skb: 97 callbacks suppressed
[   62.435288][   T40] audit: type=1400 audit(1758271849.739:315): avc:  denied  { connect } for  pid=6506 comm="syz.0.130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   62.443656][   T40] audit: type=1400 audit(1758271849.749:316): avc:  denied  { accept } for  pid=6506 comm="syz.0.130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   62.527246][ T5332] Bluetooth: hci3: command 0x0419 tx timeout
[   62.528283][ T6053] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[   62.529874][ T5983] Bluetooth: hci3: Opcode 0x206a failed: -110
[   62.531084][ T6053] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[   62.537446][ T5983] Bluetooth: hci2: command 0x0c1a tx timeout
[   63.291238][ T6512] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[   63.294327][ T6512] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[   63.337686][ T6514] vlan2: entered promiscuous mode
[   63.339440][ T6514] vlan2: entered allmulticast mode
[   63.341066][ T6514] hsr_slave_1: entered allmulticast mode
[   63.433042][ T6517] netlink: 4 bytes leftover after parsing attributes in process `syz.0.133'.
[   64.607218][ T5983] Bluetooth: hci3: command 0x0419 tx timeout
[   64.609622][ T6053] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[   64.611548][ T6053] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[   64.696567][   T40] audit: type=1400 audit(1758271851.999:317): avc:  denied  { unmount } for  pid=5969 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[   64.714774][ T6523] netlink: 24 bytes leftover after parsing attributes in process `syz.3.136'.
[   64.778749][   T40] audit: type=1400 audit(1758271852.089:318): avc:  denied  { setopt } for  pid=6529 comm="syz.3.139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   64.801402][ T6536] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.142'.
[   64.807739][   T40] audit: type=1400 audit(1758271852.089:319): avc:  denied  { getopt } for  pid=6529 comm="syz.3.139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   64.814864][   T40] audit: type=1400 audit(1758271852.099:320): avc:  denied  { map } for  pid=6529 comm="syz.3.139" path="socket:[13475]" dev="sockfs" ino=13475 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   64.823793][   T40] audit: type=1400 audit(1758271852.099:321): avc:  denied  { read } for  pid=6529 comm="syz.3.139" path="socket:[13475]" dev="sockfs" ino=13475 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   64.841732][   T40] audit: type=1400 audit(1758271852.099:322): avc:  denied  { ioctl } for  pid=6529 comm="syz.3.139" path="socket:[13475]" dev="sockfs" ino=13475 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   64.850885][   T40] audit: type=1400 audit(1758271852.099:323): avc:  denied  { create } for  pid=6529 comm="syz.3.139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   64.851189][ T6543] PKCS8: Unsupported PKCS#8 version
[   64.856680][   T40] audit: type=1400 audit(1758271852.109:324): avc:  denied  { getopt } for  pid=6535 comm="syz.1.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   64.870373][ T6543] overlayfs: missing 'lowerdir'
[   64.875618][ T6544] overlayfs: missing 'lowerdir'
[   64.973751][ T6558] loop6: detected capacity change from 0 to 7
[   64.977577][ T6558]  loop6: [CUMANA/ADFS] p1 [ADFS] p1
[   64.979262][ T6558] loop6: partition table partially beyond EOD, truncated
[   64.982085][ T6558] loop6: p1 size 3162245604 extends beyond EOD, truncated
[   65.025818][ T6562] 9pnet: p9_errstr2errno: server reported unknown error ?ãØnª
[   65.025818][ T6562] k‡l
[   65.043062][ T5985] udevd[5985]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[   65.047715][ T6563] binder: 6557:6563 ioctl c0306201 200000000640 returned -22
[   65.052016][ T6563] binder: 6557:6563 ioctl 1 200000000080 returned -22
[   65.080169][ T6560] block nbd0: NBD_DISCONNECT
[   65.082026][ T6560] block nbd0: Disconnected due to user request.
[   65.084136][ T6560] block nbd0: shutting down sockets
[   65.171092][ T6568] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18385 sclass=netlink_route_socket pid=6568 comm=syz.3.153
[   65.728329][ T6053] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   65.809626][   T29] usbhid 5-1:0.0: can't add hid device: -32
[   65.812922][   T29] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[   65.897227][ T6053] usb 8-1: Using ep0 maxpacket: 16
[   65.908262][ T6053] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[   65.910890][ T6053] usb 8-1: config 0 has no interface number 0
[   65.914457][ T6053] usb 8-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[   65.917569][ T6053] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.920092][ T6053] usb 8-1: Product: syz
[   65.921490][ T6053] usb 8-1: Manufacturer: syz
[   65.923014][ T6053] usb 8-1: SerialNumber: syz
[   65.931899][ T6053] usb 8-1: config 0 descriptor??
[   65.944117][ T6053] hub 8-1:0.132: bad descriptor, ignoring hub
[   65.946157][ T6053] hub 8-1:0.132: probe with driver hub failed with error -5
[   65.952259][ T6053] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.132/input/input7
[   66.254773][ T6608] syzkaller1: entered promiscuous mode
[   66.256602][ T6608] syzkaller1: entered allmulticast mode
[   66.319779][ T6602] netlink: 720 bytes leftover after parsing attributes in process `syz.1.161'.
[   66.428463][ T6619] fanotify: failed to encode fid (type=0, len=0, err=-2)
[   66.496126][ T6628] netlink: 16 bytes leftover after parsing attributes in process `syz.2.169'.
[   66.711037][ T6642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.174'.
[   67.027292][ T6053] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   67.188929][ T6053] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   67.191705][ T6053] usb 7-1: config 1 has an invalid descriptor of length 237, skipping remainder of the config
[   67.194977][ T6053] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[   67.197998][ T6053] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[   67.201613][ T6053] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 46013, setting to 64
[   67.206880][ T6053] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   67.209909][ T6053] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   67.212413][ T6053] usb 7-1: Product: syz
[   67.213772][ T6053] usb 7-1: Manufacturer: syz
[   67.218573][ T6053] cdc_wdm 7-1:1.0: skipping garbage
[   67.220253][ T6053] cdc_wdm 7-1:1.0: skipping garbage
[   67.222063][ T6053] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[   67.336289][ T6673] netlink: 16 bytes leftover after parsing attributes in process `syz.0.181'.
[   67.340023][ T6673] netlink: 4 bytes leftover after parsing attributes in process `syz.0.181'.
[   67.375885][ T6677] netlink: 'syz.0.182': attribute type 2 has an invalid length.
[   67.378500][ T6677] netlink: 1184 bytes leftover after parsing attributes in process `syz.0.182'.
[   67.394332][ T6677] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   67.424199][   T24] usb 7-1: USB disconnect, device number 2
[   67.532286][   T40] kauditd_printk_skb: 34 callbacks suppressed
[   67.532298][   T40] audit: type=1400 audit(1758271854.839:359): avc:  denied  { bind } for  pid=6679 comm="syz.0.183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   67.665719][   T40] audit: type=1400 audit(1758271854.969:360): avc:  denied  { getopt } for  pid=6684 comm="syz.0.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   67.886071][ T6693] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[   67.954242][   T40] audit: type=1400 audit(1758271855.259:361): avc:  denied  { setopt } for  pid=6699 comm="syz.0.190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   67.976888][ T6705] netlink: 'syz.2.192': attribute type 1 has an invalid length.
[   68.005161][ T6705] 8021q: adding VLAN 0 to HW filter on device bond1
[   68.016362][ T6705] bond1: (slave geneve2): making interface the new active one
[   68.019723][ T6705] bond1: (slave geneve2): Enslaving as an active interface with an up link
[   68.025649][ T6705] bond1: entered promiscuous mode
[   68.027584][ T6705] geneve2: entered promiscuous mode
[   68.169283][   T40] audit: type=1400 audit(1758271855.479:362): avc:  denied  { map } for  pid=6711 comm="syz.2.194" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   68.263126][ T6722] ipvlan2: entered promiscuous mode
[   68.462230][   T40] audit: type=1400 audit(1758271855.769:363): avc:  denied  { read append } for  pid=6726 comm="syz.0.200" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   68.472299][   T40] audit: type=1400 audit(1758271855.769:364): avc:  denied  { open } for  pid=6726 comm="syz.0.200" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   68.483808][   T40] audit: type=1400 audit(1758271855.769:365): avc:  denied  { ioctl } for  pid=6726 comm="syz.0.200" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x560a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   68.511641][   T40] audit: type=1400 audit(1758271855.819:366): avc:  denied  { write } for  pid=6728 comm="syz.0.201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.520601][   T40] audit: type=1400 audit(1758271855.829:367): avc:  denied  { write } for  pid=6728 comm="syz.0.201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   68.528878][   T40] audit: type=1400 audit(1758271855.829:368): avc:  denied  { ioctl } for  pid=6728 comm="syz.0.201" path="socket:[13700]" dev="sockfs" ino=13700 ioctlcmd=0x2103 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   68.587780][ T6740] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[   68.620000][  T862] usb 8-1: USB disconnect, device number 2
[   68.767354][ T5332] Bluetooth: hci4: command 0x1003 tx timeout
[   68.769070][ T5983] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   68.798865][ T6764] vivid-000: =================  START STATUS  =================
[   68.805709][ T6764] vivid-000: Test Pattern: 75% Colorbar
[   68.808984][ T6764] vivid-000: Fill Percentage of Frame: 100
[   68.811492][ T6764] vivid-000: Horizontal Movement: No Movement
[   68.814135][ T6764] vivid-000: Vertical Movement: No Movement
[   68.816653][ T6764] vivid-000: OSD Text Mode: All
[   68.819827][ T6764] vivid-000: Show Border: false
[   68.821426][ T6764] vivid-000: Show Square: false
[   68.823098][ T6764] vivid-000: Sensor Flipped Horizontally: false
[   68.825075][ T6764] vivid-000: Sensor Flipped Vertically: false
[   68.826980][ T6764] vivid-000: Insert SAV Code in Image: false
[   68.830274][ T6764] vivid-000: Insert EAV Code in Image: false
[   68.832750][ T6764] vivid-000: Insert Video Guard Band: false
[   68.834691][ T6764] vivid-000: Reduced Framerate: false
[   68.836377][ T6764] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[   68.839128][ T6764] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[   68.841703][ T6764] vivid-000: Enable Capture Cropping: true
[   68.843726][ T6764] vivid-000: Enable Capture Composing: true
[   68.845671][ T6764] vivid-000: Enable Capture Scaler: false
[   68.848718][ T6764] vivid-000: Timestamp Source: End of Frame
[   68.851274][ T6764] vivid-000: Colorspace: sRGB
[   68.853349][ T6764] vivid-000: Transfer Function: Default
[   68.855218][ T6764] vivid-000: Y'CbCr Encoding: Default
[   68.857596][ T6764] vivid-000: HSV Encoding: Hue 0-179
[   68.859410][ T6764] vivid-000: Quantization: Limited Range
[   68.861281][ T6764] vivid-000: Apply Alpha To Red Only: false
[   68.861319][ T6766] netlink: 36 bytes leftover after parsing attributes in process `syz.2.210'.
[   68.863139][ T6764] vivid-000: Standard Aspect Ratio: 4x3
[   68.863164][ T6764] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[   68.863180][ T6764] vivid-000: DV Timings: 640x480p59 inactive
[   68.873164][ T6764] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[   68.875471][ T6764] vivid-000: Maximum EDID Blocks: 2
[   68.877887][ T6764] vivid-000: Limited RGB Range (16-235): false
[   68.879926][ T6764] vivid-000: Rx RGB Quantization Range: Automatic
[   68.882362][ T6764] vivid-000: Power Present: 0x00000001
[   68.884581][ T6764] tpg source WxH: 320x180 (Luma)
[   68.886598][ T6764] tpg field: 1
[   68.888075][ T6764] tpg crop: (0,0)/320x180
[   68.889826][ T6764] tpg compose: (0,0)/320x180
[   68.891696][ T6764] tpg colorspace: 8
[   68.893276][ T6764] tpg transfer function: 0/0
[   68.895146][ T6764] tpg quantization: 2/0
[   68.896838][ T6764] tpg RGB range: 0/2
[   68.899153][ T6764] vivid-000: ==================  END STATUS  ==================
[   69.123382][ T6797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.127061][ T6797] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.571024][ T6834] netlink: 108 bytes leftover after parsing attributes in process `syz.0.226'.
[   69.574285][ T6834] netlink: 108 bytes leftover after parsing attributes in process `syz.0.226'.
[   69.577829][ T6834] netlink: 108 bytes leftover after parsing attributes in process `syz.0.226'.
[   69.790376][ T6855] binder: 6854:6855 ioctl c00c620f 200000000140 returned -22
[   69.886413][ T6872] fuse: Bad value for 'fd'
[   69.912074][ T6874] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[   69.914596][ T6874] [U] J"—e:ÀÆ"


[   69.937655][ T6874] overlayfs: failed to resolve '/ÓJ©©¸ã.Añš}8Î�äÖÒK#œÏ»	5äÛ_Pɸëߎµ‚¹…u"ÞQ': -2
[   70.233325][ T6881] cgroup: subsys name conflicts with all
[   70.463118][ T6901] netlink: 'syz.0.249': attribute type 12 has an invalid length.
[   70.542578][ T6908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6908 comm=syz.0.252
[   70.546574][ T6908] netlink: 'syz.0.252': attribute type 17 has an invalid length.
[   70.549618][ T6908] netlink: 'syz.0.252': attribute type 27 has an invalid length.
[   70.575919][ T6908] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.579367][ T6908] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.595038][ T6911] use of bytesused == 0 is deprecated and will be removed in the future,
[   70.598081][ T6911] use the actual size instead.
[   70.598084][ T6914] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6914 comm=syz.0.252
[   70.605550][ T6915] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6915 comm=syz.0.252
[   70.658542][ T6908] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   70.665563][ T6908] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.742259][ T1150] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   70.746005][ T1150] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   70.749769][ T1150] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   70.753828][ T1150] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   76.372015][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[   81.508050][   T34] cfg80211: failed to load regulatory.db
[   85.942417][   T40] kauditd_printk_skb: 31 callbacks suppressed
[   85.942433][   T40] audit: type=1400 audit(5274815587.579:400): avc:  denied  { read } for  pid=6928 comm="syz.1.256" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[   85.956890][   T40] audit: type=1400 audit(5274815587.579:401): avc:  denied  { open } for  pid=6928 comm="syz.1.256" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[   85.972890][ T6938] macsec1: entered promiscuous mode
[   85.974543][ T6938] bridge0: entered promiscuous mode
[   85.974979][   T40] audit: type=1400 audit(5274815587.579:402): avc:  denied  { ioctl } for  pid=6928 comm="syz.1.256" path="/dev/ndctl0" dev="devtmpfs" ino=109 ioctlcmd=0x4600 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[   85.976489][ T6938] bridge0: port 3(macsec1) entered blocking state
[   85.990048][ T6938] bridge0: port 3(macsec1) entered disabled state
[   85.990196][ T6938] macsec1: entered allmulticast mode
[   85.990211][ T6938] bridge0: entered allmulticast mode
[   85.999065][ T6936] __nla_validate_parse: 35 callbacks suppressed
[   85.999076][ T6936] netlink: 256 bytes leftover after parsing attributes in process `syz.2.259'.
[   86.006082][ T6937] netlink: 256 bytes leftover after parsing attributes in process `syz.2.259'.
[   86.022589][ T6938] macsec1: left allmulticast mode
[   86.024595][ T6938] bridge0: left allmulticast mode
[   86.040739][ T6938] bridge0: left promiscuous mode
[   86.049428][ T6949] netlink: 64 bytes leftover after parsing attributes in process `syz.2.262'.
[   86.175534][   T40] audit: type=1400 audit(5274815587.809:403): avc:  denied  { map } for  pid=6954 comm="syz.1.264" path="socket:[13942]" dev="sockfs" ino=13942 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   86.220459][   T40] audit: type=1400 audit(5274815587.859:404): avc:  denied  { bind } for  pid=6958 comm="syz.0.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   86.267818][   T40] audit: type=1400 audit(5274815587.909:405): avc:  denied  { connect } for  pid=6964 comm="syz.0.269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   86.276869][ T6965] tipc: Started in network mode
[   86.279227][ T6965] tipc: Node identity fffffffa, cluster identity 4711
[   86.281361][ T6965] tipc: Node number set to 4294967290
[   86.320694][   T40] audit: type=1400 audit(5274815587.959:406): avc:  denied  { setopt } for  pid=6967 comm="syz.0.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   86.321076][ T6968] netlink: 20 bytes leftover after parsing attributes in process `syz.0.270'.
[   86.330939][ T6968] netem: invalid attributes len -22
[   86.334118][ T6968] netem: change failed
[   86.360598][ T6972] mkiss: ax0: crc mode is auto.
[   86.366226][   T40] audit: type=1400 audit(5274815587.999:407): avc:  denied  { read } for  pid=6971 comm="syz.2.271" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   86.367949][ T6972] input: syz0 as /devices/virtual/input/input11
[   86.376153][   T40] audit: type=1400 audit(5274815587.999:408): avc:  denied  { open } for  pid=6971 comm="syz.2.271" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   86.393747][ T6972] blk_print_req_error: 10 callbacks suppressed
[   86.393757][ T6972] I/O error, dev loop2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   86.399834][ T6972] qnx6: unable to read the first superblock
[   86.406010][ T6972] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   86.409686][ T6972] qnx6: unable to read the first superblock
[   86.411594][ T6972] qnx6: unable to read the first superblock
[   86.495367][ T6980] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[   86.497689][ T6034] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[   86.541172][ T6984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   86.544003][ T6984] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   86.558178][   T40] audit: type=1400 audit(5274815588.199:409): avc:  denied  { read } for  pid=6983 comm="syz.0.276" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[   86.649519][ T6034] usb 6-1: unable to get BOS descriptor or descriptor too short
[   86.652922][ T6034] usb 6-1: not running at top speed; connect to a high speed hub
[   86.658296][ T6034] usb 6-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   86.662992][ T6034] usb 6-1: config 1 interface 0 has no altsetting 0
[   86.666853][ T6034] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   86.669871][ T6034] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.673401][ T6034] usb 6-1: Product: syz
[   86.675108][ T6034] usb 6-1: Manufacturer: syz
[   86.676856][ T6034] usb 6-1: SerialNumber: syz
[   86.725267][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.728803][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.731759][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.734603][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x2
[   86.739148][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.742067][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.745124][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.748456][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.751343][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.754109][   T24] hid-generic 0003:000D:0001.0002: unknown main item tag 0x0
[   86.764819][   T24] hid-generic 0003:000D:0001.0002: hidraw1: USB HID v0.06 Device [syz0] on syz1
[   86.816723][ T6999] netlink: 'syz.3.280': attribute type 3 has an invalid length.
[   86.821596][ T6999] netlink: 'syz.3.280': attribute type 3 has an invalid length.
[   86.882637][ T7004] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[   86.893785][ T7004] VFS: Can't find a romfs filesystem on dev nullb0.
[   86.893785][ T7004] 
[   86.903375][ T6034] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[   86.912116][ T6034] usb 6-1: USB disconnect, device number 3
[   86.984872][ T7009] binder: BINDER_SET_CONTEXT_MGR already set
[   86.987070][ T7009] binder: 7008:7009 ioctl 4018620d 200000000180 returned -16
[   87.036415][ T7011] 9pnet_virtio: no channels available for device ./file0
[   87.152936][ T7014] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   87.961369][ T7066] program syz.1.300 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   87.965281][ T7066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.300'.
[   87.968648][ T7066] netlink: 4 bytes leftover after parsing attributes in process `syz.1.300'.
[   87.987094][ T7069] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   87.992753][ T7069] Malformed UNC in devname
[   87.992753][ T7069] 
[   87.995906][ T7069] CIFS: VFS: Malformed UNC in devname
[   88.049732][ T7075] 9p filesystem being mounted at /80/file0 supports timestamps until 2106-02-07 (0xffffffff)
[   88.276267][ T7097] program syz.3.310 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   88.280944][ T7097] ata1.00: invalid service action 31
[   88.335623][ T7105] ptrace attach of "/syz-executor exec"[5975] was attempted by "/syz-executor exec"[7105]
[   88.361038][ T7105] sg_write: process 177 (syz.1.312) changed security contexts after opening file descriptor, this is not allowed.
[   88.432587][ T7109] netlink: 20 bytes leftover after parsing attributes in process `syz.3.313'.
[   88.441068][ T7109] netlink: 12 bytes leftover after parsing attributes in process `syz.3.313'.
[   88.518308][ T7116] FAT-fs (sr0): bogus number of reserved sectors
[   88.520398][ T7116] FAT-fs (sr0): Can't find a valid FAT filesystem
[   88.572954][ T7118] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   88.576417][ T7118] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 1th superblock
[   88.580407][ T7118] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   88.583054][ T7118] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 2th superblock
[   88.702014][ T7123] overlay: ./file0 is not a directory
[   88.942804][ T7127] netlink: 'syz.3.319': attribute type 10 has an invalid length.
[   88.951367][ T7127] team0: Cannot enslave team device to itself
[   89.032905][ T7134] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   89.134547][ T7138] netlink: 'syz.2.324': attribute type 10 has an invalid length.
[   89.159993][ T7138] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   89.258239][ T7138] mmap: syz.2.324 (7138) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   89.418593][ T7165] netlink: 248 bytes leftover after parsing attributes in process `syz.3.333'.
[   89.503344][ T7174] netlink: 304 bytes leftover after parsing attributes in process `syz.2.335'.
[   89.518417][ T7167] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   89.659591][ T7199] ALSA: seq fatal error: cannot create timer (-22)
[   89.692227][ T7204] fuse: Bad value for 'fd'
[   89.791070][ T7220] netlink: 'syz.2.347': attribute type 1 has an invalid length.
[   89.793943][ T7220] netlink: 'syz.2.347': attribute type 4 has an invalid length.
[   89.797775][ T7220] netlink: 'syz.2.347': attribute type 1 has an invalid length.
[   89.800520][ T7220] netlink: 'syz.2.347': attribute type 4 has an invalid length.
[   89.803071][ T7220] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.805435][ T7220] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.815346][ T7220] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.820923][ T7220] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.864883][ T7228] netlink: 'syz.1.349': attribute type 1 has an invalid length.
[   89.942769][ T7235] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=69 sclass=netlink_route_socket pid=7235 comm=syz.1.349
[   89.947299][ T5977] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   90.097234][ T5977] usb 8-1: Using ep0 maxpacket: 8
[   90.104270][ T5977] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   90.108386][ T5977] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   90.111534][ T5977] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   90.115339][ T5977] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   90.120880][ T5977] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   90.124206][ T5977] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.137333][ T7249] ip6erspan0: entered promiscuous mode
[   90.340562][ T5977] usb 8-1: GET_CAPABILITIES returned 0
[   90.342767][ T5977] usbtmc 8-1:16.0: can't read capabilities
[   90.519074][ T7274] netlink: 'syz.0.361': attribute type 1 has an invalid length.
[   90.540995][ T7274] 8021q: adding VLAN 0 to HW filter on device bond1
[   90.558969][ T7278] bond1: (slave geneve2): making interface the new active one
[   90.562704][ T7278] bond1: (slave geneve2): Enslaving as an active interface with an up link
[   90.571048][ T6660] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.577120][ T6660] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.579964][ T7275] devpts: Bad value for 'max'
[   90.584090][ T7278] bond1: entered promiscuous mode
[   90.586043][ T7278] geneve2: entered promiscuous mode
[   90.588902][ T6660] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.591614][ T6660] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.645716][ T7281] capability: warning: `syz.1.362' uses deprecated v2 capabilities in a way that may be insecure
[   90.649986][ T6034] usb 8-1: USB disconnect, device number 3
[   90.754947][ T7286] all: renamed from lo
[   90.775638][ T7288] Bluetooth: hci4: Frame reassembly failed (-90)
[   90.779064][ T1150] Bluetooth: hci4: Frame reassembly failed (-84)
[   91.196637][   T40] kauditd_printk_skb: 56 callbacks suppressed
[   91.196651][   T40] audit: type=1400 audit(5274815592.829:466): avc:  denied  { append } for  pid=7303 comm="syz.3.370" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   91.239484][ T7310] JFS: charset not found
[   91.243873][ T7310] JFS: charset not found
[   91.307848][ T7315] "syz.3.370" (7315) uses obsolete ecb(arc4) skcipher
[   91.341672][   T40] audit: type=1400 audit(5274815592.979:467): avc:  denied  { read write } for  pid=7318 comm="syz.2.373" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[   91.350448][   T40] audit: type=1400 audit(5274815592.979:468): avc:  denied  { open } for  pid=7318 comm="syz.2.373" path="/92/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[   92.122394][ T7339] validate_nla: 4 callbacks suppressed
[   92.122408][ T7339] netlink: 'syz.3.377': attribute type 1 has an invalid length.
[   92.271121][   T40] audit: type=1400 audit(5274815593.909:469): avc:  denied  { setattr } for  pid=7356 comm="syz.2.381" name="rfkill" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:wireless_device_t tclass=chr_file permissive=1
[   92.346246][ T7360] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=60200 sclass=netlink_xfrm_socket pid=7360 comm=syz.3.382
[   92.443123][ T7370] netlink: 'syz.0.385': attribute type 1 has an invalid length.
[   92.474549][ T7370] bond2: (slave bridge1): making interface the new active one
[   92.479063][ T7370] bond2: (slave bridge1): Enslaving as an active interface with an up link
[   92.504276][ T7370] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   92.581938][   T40] audit: type=1400 audit(5274815594.219:470): avc:  denied  { lock } for  pid=7383 comm="syz.0.391" path="/dev/ubi_ctrl" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   92.592670][   T40] audit: type=1400 audit(5274815594.229:471): avc:  denied  { lock } for  pid=7383 comm="syz.0.391" path="socket:[18566]" dev="sockfs" ino=18566 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[   92.847298][ T5983] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   92.847877][ T5332] Bluetooth: hci4: command 0x1003 tx timeout
[   92.900305][   T40] audit: type=1326 audit(5274815594.539:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7410 comm="syz.1.397" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f328b58eba9 code=0x0
[   92.909282][   T40] audit: type=1326 audit(5274815594.539:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7410 comm="syz.1.397" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f328b58eba9 code=0x0
[   93.097633][   T40] audit: type=1400 audit(5274815594.739:474): avc:  denied  { mounton } for  pid=7415 comm="syz.1.398" path="/66/file0" dev="tmpfs" ino=371 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[   93.191545][ T7418] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   93.331072][   T40] audit: type=1400 audit(5274815594.969:475): avc:  denied  { create } for  pid=7421 comm="syz.1.401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[   93.724106][ T7444] geneve2: entered promiscuous mode
[   93.725828][ T7444] geneve2: entered allmulticast mode
[   93.745949][ T7449] __nla_validate_parse: 8 callbacks suppressed
[   93.745965][ T7449] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.408'.
[   93.775704][ T7452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.411'.
[   93.782043][ T7452] macvlan2: entered allmulticast mode
[   93.784043][ T7452] veth1_vlan: entered allmulticast mode
[   93.824547][ T7456] overlayfs: missing 'lowerdir'
[   94.017970][   T29] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   94.167229][   T29] usb 7-1: Using ep0 maxpacket: 8
[   94.172140][   T29] usb 7-1: config 2 interface 0 has no altsetting 0
[   94.178262][   T29] usb 7-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10
[   94.181992][   T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.185387][   T29] usb 7-1: Product: syz
[   94.187328][   T29] usb 7-1: Manufacturer: syz
[   94.189254][   T29] usb 7-1: SerialNumber: syz
[   94.198533][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.410938][ T7437] GUP no longer grows the stack in syz.2.407 (7437): 200000004000-20000000a000 (200000002000)
[   94.414445][ T7437] CPU: 1 UID: 0 PID: 7437 Comm: syz.2.407 Not tainted syzkaller #0 PREEMPT(full) 
[   94.414459][ T7437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   94.414466][ T7437] Call Trace:
[   94.414470][ T7437]  <TASK>
[   94.414474][ T7437]  dump_stack_lvl+0x16c/0x1f0
[   94.414509][ T7437]  gup_vma_lookup+0x1d2/0x220
[   94.414530][ T7437]  __get_user_pages+0x243/0x34a0
[   94.414561][ T7437]  ? find_held_lock+0x2b/0x80
[   94.414578][ T7437]  ? __pfx___get_user_pages+0x10/0x10
[   94.414598][ T7437]  get_user_pages_remote+0x243/0xab0
[   94.414614][ T7437]  ? mas_parent_gap+0x6f0/0x7b0
[   94.414629][ T7437]  ? __pfx_get_user_pages_remote+0x10/0x10
[   94.414645][ T7437]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   94.414661][ T7437]  __access_remote_vm+0x24d/0x850
[   94.414679][ T7437]  ? do_raw_spin_lock+0x12c/0x2b0
[   94.414691][ T7437]  ? __pfx___access_remote_vm+0x10/0x10
[   94.414710][ T7437]  proc_pid_cmdline_read+0x4de/0x8e0
[   94.414725][ T7437]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[   94.414739][ T7437]  ? rw_verify_area+0xcf/0x6c0
[   94.414756][ T7437]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[   94.414769][ T7437]  vfs_readv+0x5c1/0x8b0
[   94.414781][ T7437]  ? __pfx_vfs_readv+0x10/0x10
[   94.414792][ T7437]  ? kmem_cache_free+0x2d1/0x4d0
[   94.414811][ T7437]  ? __fget_files+0x20e/0x3c0
[   94.414826][ T7437]  ? do_preadv+0x1a6/0x270
[   94.414835][ T7437]  do_preadv+0x1a6/0x270
[   94.414844][ T7437]  ? __pfx_do_preadv+0x10/0x10
[   94.414858][ T7437]  do_syscall_64+0xcd/0x4e0
[   94.414880][ T7437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.414891][ T7437] RIP: 0033:0x7fe7bdd8eba9
[   94.414900][ T7437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.414915][ T7437] RSP: 002b:00007fe7bec78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   94.414930][ T7437] RAX: ffffffffffffffda RBX: 00007fe7bdfd5fa0 RCX: 00007fe7bdd8eba9
[   94.414937][ T7437] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 000000000000000b
[   94.414943][ T7437] RBP: 00007fe7bde11e19 R08: 0000000000000000 R09: 0000000000000000
[   94.414950][ T7437] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[   94.414956][ T7437] R13: 00007fe7bdfd6038 R14: 00007fe7bdfd5fa0 R15: 00007ffd60167c88
[   94.414971][ T7437]  </TASK>
[   94.500823][    C1] vkms_vblank_simulate: vblank timer overrun
[   94.557379][ T6034] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   94.720111][ T6034] usb 8-1: config 1 has an invalid interface number: 7 but max is 0
[   94.724816][ T6034] usb 8-1: config 1 has no interface number 0
[   94.729752][ T6034] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 16
[   94.738447][ T6034] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[   94.742499][ T6034] usb 8-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[   94.753346][ T6034] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[   94.762727][ T6034] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.767367][ T6034] usb 8-1: Product: syz
[   94.769155][ T6034] usb 8-1: Manufacturer: syz
[   94.772050][ T6034] usb 8-1: SerialNumber: syz
[   94.779856][ T7499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.784314][ T7481] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   94.785806][ T7499] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.786675][ T7481] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   94.791793][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.799483][ T6034] usb 8-1: Expected 3 endpoints, found: 2
[   94.888102][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.526637][ T7536] syz_tun: entered allmulticast mode
[   95.598094][ T7535] syz_tun: left allmulticast mode
[   95.691923][ T7542] veth0_to_team: entered promiscuous mode
[   95.800568][ T7547] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   95.857702][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.959896][ T7551] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2579 sclass=netlink_route_socket pid=7551 comm=syz.0.432
[   95.969740][ T7552] ttyprintk ttyprintk: ldisc open failed (-12), clearing slot 0
[   96.040264][ T7552] delete_channel: no stack
[   96.080685][ T7560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   96.082140][ T7558] loop6: detected capacity change from 0 to 63
[   96.085216][ T7560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   96.090889][ T7561] buffer_io_error: 10 callbacks suppressed
[   96.090902][ T7561] Buffer I/O error on dev loop6, logical block 2, async page read
[   96.101691][ T6922] Buffer I/O error on dev loop6, logical block 0, async page read
[   96.104885][ T6922] Buffer I/O error on dev loop6, logical block 0, async page read
[   96.108436][ T6922] Buffer I/O error on dev loop6, logical block 0, async page read
[   96.111204][ T6922] Buffer I/O error on dev loop6, logical block 0, async page read
[   96.113966][ T6922] Buffer I/O error on dev loop6, logical block 0, async page read
[   96.146309][ T7565] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.192476][ T7567] vim2m vim2m.0: vidioc_s_fmt queue busy
[   96.672653][   T29] usb 7-1: USB disconnect, device number 3
[   96.741240][ T7581] netlink: 68 bytes leftover after parsing attributes in process `syz.0.441'.
[   96.741893][ T7576] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.753813][ T7581] 9p filesystem being mounted at /141/file0 supports timestamps until 2106-02-07 (0xffffffff)
[   96.760643][ T7581] netlink: 700 bytes leftover after parsing attributes in process `syz.0.441'.
[   96.763821][ T7581] netlink: 24 bytes leftover after parsing attributes in process `syz.0.441'.
[   96.826661][ T7580] netlink: 'syz.2.439': attribute type 10 has an invalid length.
[   96.831178][ T7580] netlink: 'syz.2.439': attribute type 10 has an invalid length.
[   96.833654][ T7580] netlink: 40 bytes leftover after parsing attributes in process `syz.2.439'.
[   97.182826][ T7604] rdma_op ffff88802b8e79f0 conn xmit_rdma 0000000000000000
[   97.298430][   T24] usb 8-1: USB disconnect, device number 4
[   97.335400][ T7611] netlink: 24 bytes leftover after parsing attributes in process `syz.2.450'.
[   97.340516][ T7611] netlink: 264 bytes leftover after parsing attributes in process `syz.2.450'.
[   97.344138][ T7611] netlink: 56 bytes leftover after parsing attributes in process `syz.2.450'.
[   97.352180][ T7613] netlink: 20 bytes leftover after parsing attributes in process `syz.3.451'.
[   97.356325][ T7611] netlink: 'syz.2.450': attribute type 10 has an invalid length.
[   97.388988][   T40] kauditd_printk_skb: 12 callbacks suppressed
[   97.389003][   T40] audit: type=1400 audit(5274815599.029:488): avc:  denied  { bind } for  pid=7617 comm="syz.3.452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   97.389707][ T7618] sctp: [Deprecated]: syz.3.452 (pid 7618) Use of struct sctp_assoc_value in delayed_ack socket option.
[   97.389707][ T7618] Use struct sctp_sack_info instead
[   97.497992][   T40] audit: type=1400 audit(5274815599.129:489): avc:  denied  { append } for  pid=7622 comm="syz.2.455" name="pfkey" dev="proc" ino=4026533356 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   97.506701][   T40] audit: type=1400 audit(5274815599.139:490): avc:  denied  { map } for  pid=7622 comm="syz.2.455" path="/proc/358/net/pfkey" dev="proc" ino=4026533356 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   97.585838][ T7628] binder: 7627:7628 ioctl 5000943f 2000000034c0 returned -22
[   97.596580][ T7628] binder: 7627:7628 ioctl c4009420 200000002780 returned -22
[   97.764896][ T7638] kvm: pic: single mode not supported
[   97.764986][ T7638] kvm: pic: level sensitive irq not supported
[   97.767767][ T7638] kvm: pic: non byte read
[   97.772512][ T7638] kvm: pic: non byte read
[   97.774913][ T7638] kvm: pic: single mode not supported
[   97.774922][ T7638] kvm: pic: level sensitive irq not supported
[   97.778378][ T7638] kvm: pic: non byte read
[   97.783352][ T7638] kvm: pic: non byte read
[   97.786098][ T7638] kvm: pic: non byte read
[   97.789393][ T7638] kvm: pic: single mode not supported
[   97.789402][ T7638] kvm: pic: level sensitive irq not supported
[   97.791336][ T7638] kvm: pic: non byte read
[   97.796315][ T7638] kvm: pic: non byte read
[   97.799116][ T7638] kvm: pic: single mode not supported
[   97.799353][ T7638] kvm: pic: non byte read
[   97.803409][ T7638] kvm: pic: single mode not supported
[   97.803654][ T7638] kvm: pic: non byte read
[   97.942697][ T7645] netlink: 'syz.2.462': attribute type 1 has an invalid length.
[   97.946625][ T7645] netlink: 'syz.2.462': attribute type 2 has an invalid length.
[   97.949691][ T7645] netlink: 'syz.2.462': attribute type 2 has an invalid length.
[   97.952615][ T7645] netlink: 'syz.2.462': attribute type 2 has an invalid length.
[   97.955378][ T7645] netlink: 'syz.2.462': attribute type 1 has an invalid length.
[   97.961876][ T7643] vlan4: entered allmulticast mode
[   97.967335][ T7643] bond0: entered allmulticast mode
[   97.969197][ T7643] bond_slave_0: entered allmulticast mode
[   97.971171][ T7643] bond_slave_1: entered allmulticast mode
[   98.034022][ T7653] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[   98.039310][ T7652] evm: overlay not supported
[   98.115453][   T40] audit: type=1400 audit(5274815599.749:491): avc:  denied  { read } for  pid=7656 comm="syz.2.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[   98.187256][   T40] audit: type=1400 audit(5274815599.819:492): avc:  denied  { create } for  pid=7658 comm="syz.2.468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   98.195465][   T40] audit: type=1400 audit(5274815599.829:493): avc:  denied  { bind } for  pid=7658 comm="syz.2.468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   98.214037][ T7659] bridge0: port 3(syz_tun) entered blocking state
[   98.216270][ T7659] bridge0: port 3(syz_tun) entered disabled state
[   98.219738][ T7659] syz_tun: entered allmulticast mode
[   98.224596][ T7659] syz_tun: entered promiscuous mode
[   98.227619][ T7659] bridge0: port 3(syz_tun) entered blocking state
[   98.231191][ T7659] bridge0: port 3(syz_tun) entered forwarding state
[   98.327242][ T6034] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[   98.366157][   T40] audit: type=1326 audit(5274815599.999:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7674 comm="syz.0.473" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbf72d8eba9 code=0x7ffc0000
[   98.378556][   T40] audit: type=1326 audit(5274815599.999:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7674 comm="syz.0.473" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbf72d8eba9 code=0x7ffc0000
[   98.387809][   T40] audit: type=1326 audit(5274815599.999:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7674 comm="syz.0.473" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbf72d8eba9 code=0x7ffc0000
[   98.396839][   T40] audit: type=1326 audit(5274815600.009:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7674 comm="syz.0.473" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fbf72d8eba9 code=0x7ffc0000
[   98.478218][ T7686] CUSE: unknown device info ""
[   98.480321][ T7686] CUSE: zero length info key specified
[   98.488931][ T6034] usb 8-1: config index 0 descriptor too short (expected 164, got 72)
[   98.494435][ T6034] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   98.498184][ T6034] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.501462][ T6034] usb 8-1: Product: syz
[   98.503164][ T6034] usb 8-1: Manufacturer: syz
[   98.505129][ T6034] usb 8-1: SerialNumber: syz
[   98.514697][ T6034] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   98.550750][   T29] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   99.090674][ T7716] __nla_validate_parse: 5 callbacks suppressed
[   99.090684][ T7716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.485'.
[   99.103935][ T7716] bridge0: entered promiscuous mode
[   99.113650][ T7716] bridge0: port 4(macvlan2) entered blocking state
[   99.116600][ T7716] bridge0: port 4(macvlan2) entered disabled state
[   99.119607][ T7716] macvlan2: entered allmulticast mode
[   99.121965][ T7716] bridge0: entered allmulticast mode
[   99.127898][ T7716] macvlan2: left allmulticast mode
[   99.130131][ T7716] bridge0: left allmulticast mode
[   99.133480][ T7716] bridge0: left promiscuous mode
[   99.155130][ T7719] netlink: 20 bytes leftover after parsing attributes in process `syz.2.485'.
[   99.159532][ T7717] netlink: 20 bytes leftover after parsing attributes in process `syz.2.485'.
[   99.225630][ T7721] netlink: 8 bytes leftover after parsing attributes in process `syz.2.486'.
[   99.564939][ T7733] netlink: 'syz.0.490': attribute type 21 has an invalid length.
[   99.567917][   T29] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[   99.568661][ T7733] netlink: 156 bytes leftover after parsing attributes in process `syz.0.490'.
[   99.573206][   T29] ath9k_htc: Failed to initialize the device
[   99.600316][ T7733] netlink: 'syz.0.490': attribute type 10 has an invalid length.
[   99.603794][ T7733] bond0: (slave wlan1): Opening slave failed
[   99.606411][ T7732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   99.611253][   T29] usb 8-1: ath9k_htc: USB layer deinitialized
[   99.633135][ T7738] netlink: 'syz.2.492': attribute type 12 has an invalid length.
[   99.635720][ T7738] netlink: 120 bytes leftover after parsing attributes in process `syz.2.492'.
[   99.700153][ T7749] ufs: You didn't specify the type of your ufs filesystem
[   99.700153][ T7749] 
[   99.700153][ T7749] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[   99.700153][ T7749] 
[   99.700153][ T7749] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[   99.711696][ T7749] ufs: ufstype=old is supported read-only
[   99.715126][ T7749] block nbd2: Attempted send on invalid socket
[   99.718134][ T7749] I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   99.860670][ T7753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.496'.
[  100.261853][ T7762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.499'.
[  100.262112][ T7763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.499'.
[  100.324021][ T7771] netlink: 20 bytes leftover after parsing attributes in process `syz.1.502'.
[  100.328983][ T7771] netlink: 'syz.1.502': attribute type 10 has an invalid length.
[  100.331972][ T7771] bond0: (slave wlan1): Opening slave failed
[  100.366491][ T7772] overlayfs: failed to resolve './file1/file0': -2
[  100.476992][ T7779] md: md0 stopped.
[  100.482985][ T7781] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  100.853913][ T7801] fuse: Bad value for 'user_id'
[  100.855477][ T7801] fuse: Bad value for 'user_id'
[  101.059699][ T7813] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.101914][   T29] usb 8-1: USB disconnect, device number 5
[  101.110493][ T7816] /dev/sg0: Can't lookup blockdev
[  101.139203][ T7819] bridge0: entered promiscuous mode
[  101.141531][ T7819] macsec1: entered promiscuous mode
[  101.205901][ T7829] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (pcl812)
[  101.250377][ T7824] 8021q: adding VLAN 0 to HW filter on device bond2
[  101.292569][ T7842] input: syz1 as /devices/virtual/input/input12
[  101.349024][ T7845] Illegal XDP return value 2049 on prog  (id 69) dev syz_tun, expect packet loss!
[  101.352930][ T7841] fuse: Unknown parameter 'lmuLå÷…vJ5¦8f'
[  101.450782][ T7858] overlayfs: missing 'lowerdir'
[  101.576288][ T7875] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  101.692111][ T7887] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  101.696333][ T7887] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  101.780880][ T7900] futex_wake_op: syz.2.543 tries to shift op by 32; fix this program
[  101.785083][ T7900] veth1_to_hsr: entered promiscuous mode
[  101.795809][ T7900] bridge0: port 3(syz_tun) entered disabled state
[  101.806250][ T7899] veth1_to_hsr: left promiscuous mode
[  101.841662][ T7905] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0
[  101.947412][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  102.086646][ T7919] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  102.176141][ T7926] SELinux:  Context Ü is not valid (left unmapped).
[  102.220418][ T7924] kvm: pic: non byte write
[  102.383873][ T7936] usb 2-1: USB disconnect, device number 2
[  102.427966][ T7936] hub 2-0:1.0: USB hub found
[  102.430391][ T7936] hub 2-0:1.0: 6 ports detected
[  102.444384][ T7934] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  102.489866][ T7941] fuse: Unknown parameter 'fU²0x0000000000000004'
[  102.529111][ T7944] gfs2: Unknown parameter 'barrier%»å­`'
[  102.597858][   T29] usb 2-1: new high-speed USB device number 3 using ehci-pci
[  102.784603][   T29] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  102.787796][   T29] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  102.791051][   T29] usb 2-1: Product: QEMU USB Tablet
[  102.793104][   T29] usb 2-1: Manufacturer: QEMU
[  102.795070][   T29] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  102.818446][   T29] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0003/input/input13
[  102.867264][   T55] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  102.886428][   T29] hid-generic 0003:0627:0001.0003: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  103.022769][   T55] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  103.026628][   T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  103.030769][   T55] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  103.033820][   T55] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  103.038116][   T55] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  103.040988][   T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.045056][   T55] usb 7-1: config 0 descriptor??
[  103.084005][ T7968] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  103.086413][ T7968] UDF-fs: Scanning with blocksize 2048 failed
[  103.089713][ T7968] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  103.092799][ T7968] UDF-fs: Scanning with blocksize 4096 failed
[  103.099750][   T40] kauditd_printk_skb: 50 callbacks suppressed
[  103.099759][   T40] audit: type=1400 audit(5274815604.739:548): avc:  denied  { remount } for  pid=7970 comm="syz.3.568" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  103.278388][ T7990] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  103.453903][   T55] hid_parser_main: 197 callbacks suppressed
[  103.453916][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.459023][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.461434][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.463797][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.466330][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.469474][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.472033][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.474397][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.476736][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.479282][   T55] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  103.502575][   T55] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  103.534136][   T40] audit: type=1326 audit(5274815605.169:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8005 comm="syz.0.579" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x0
[  103.727103][   T40] audit: type=1400 audit(5274815605.359:550): avc:  denied  { connect } for  pid=8009 comm="syz.3.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  103.745887][   T29] usb 7-1: USB disconnect, device number 4
[  103.777112][   T40] audit: type=1400 audit(5274815605.409:551): avc:  denied  { write } for  pid=8009 comm="syz.3.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  104.144845][ T6053] IPVS: starting estimator thread 0...
[  104.247368][ T8033] IPVS: using max 42 ests per chain, 100800 per kthread
[  104.312014][   T40] audit: type=1400 audit(5274815605.949:552): avc:  denied  { bind } for  pid=8040 comm="syz.3.588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  104.343704][   T40] audit: type=1400 audit(5274815605.979:553): avc:  denied  { mount } for  pid=8043 comm="syz.3.589" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  104.351265][   T40] audit: type=1400 audit(5274815605.989:554): avc:  denied  { remount } for  pid=8043 comm="syz.3.589" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  104.384316][ T8047] __nla_validate_parse: 10 callbacks suppressed
[  104.384349][ T8047] netlink: 76 bytes leftover after parsing attributes in process `syz.2.590'.
[  104.857333][ T8070] afs: Unknown parameter ''
[  104.894913][ T8074] netlink: 32 bytes leftover after parsing attributes in process `syz.1.599'.
[  105.174544][ T8092] bridge0: entered allmulticast mode
[  105.176859][ T8092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.603'.
[  105.179901][ T8092] bridge_slave_1: left allmulticast mode
[  105.181702][   T40] audit: type=1400 audit(5274815606.819:555): avc:  denied  { unmount } for  pid=5968 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  105.188383][ T8092] bridge_slave_1: left promiscuous mode
[  105.190667][ T8092] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.196141][ T8092] bridge_slave_0: left allmulticast mode
[  105.198991][ T8092] bridge_slave_0: left promiscuous mode
[  105.200909][ T8092] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.211844][ T8092] bridge0 (unregistering): left allmulticast mode
[  105.229246][   T40] audit: type=1400 audit(5274815606.869:556): avc:  denied  { getopt } for  pid=8091 comm="syz.0.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  105.260343][ T6054] libceph: connect (1)[c::]:6789 error -101
[  105.262630][ T6054] libceph: mon0 (1)[c::]:6789 connect error
[  105.301362][ T8096] ceph: No mds server is up or the cluster is laggy
[  105.357852][ T8101] binder: BINDER_SET_CONTEXT_MGR already set
[  105.359835][ T8101] binder: 8099:8101 ioctl 4018620d 2000000000c0 returned -16
[  105.392932][ T8105] netlink: 4 bytes leftover after parsing attributes in process `syz.3.607'.
[  105.487331][   T24] usb 6-1: new low-speed USB device number 5 using dummy_hcd
[  105.606528][ T8111] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  105.609070][ T8111] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 1th superblock
[  105.612489][ T8111] F2FS-fs (nbd3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  105.614882][ T8111] F2FS-fs (nbd3): Can't find valid F2FS filesystem in 2th superblock
[  105.647360][   T24] usb 6-1: Invalid ep0 maxpacket: 64
[  105.650730][   T24] usb usb6-port1: attempt power cycle
[  105.874462][   T40] audit: type=1400 audit(5274815607.509:557): avc:  denied  { map } for  pid=8119 comm="syz.2.611" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  105.987681][   T24] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[  106.007779][   T24] usb 6-1: Invalid ep0 maxpacket: 64
[  106.137296][   T24] usb 6-1: new low-speed USB device number 7 using dummy_hcd
[  106.157671][   T24] usb 6-1: Invalid ep0 maxpacket: 64
[  106.160947][   T24] usb usb6-port1: unable to enumerate USB device
[  106.205509][ T8139] validate_nla: 3 callbacks suppressed
[  106.205520][ T8139] netlink: 'syz.2.618': attribute type 2 has an invalid length.
[  106.210342][ T8139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.618'.
[  106.213983][ T8139] netlink: 12 bytes leftover after parsing attributes in process `syz.2.618'.
[  106.311566][ T8141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.619'.
[  106.320793][ T1153] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  106.322866][ T8141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.619'.
[  106.328661][ T6660] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  106.331634][ T6660] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  106.334474][ T6660] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  106.400487][ T8147] overlayfs: missing 'lowerdir'
[  106.445126][ T8151] netlink: 20 bytes leftover after parsing attributes in process `syz.0.624'.
[  106.509636][ T8156] /dev/sg0: Can't lookup blockdev
[  106.765746][ T8177] SELinux: syz.0.632 (8177) set checkreqprot to 1. This is no longer supported.
[  106.817306][   T24] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  106.860892][ T8181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.864131][ T8181] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.871340][ T8181] netlink: 'syz.0.634': attribute type 3 has an invalid length.
[  106.873824][ T8181] netlink: 'syz.0.634': attribute type 1 has an invalid length.
[  106.876430][ T8181] netlink: 212 bytes leftover after parsing attributes in process `syz.0.634'.
[  106.967238][   T24] usb 8-1: Using ep0 maxpacket: 8
[  106.971356][   T24] usb 8-1: config 0 interface 0 has no altsetting 0
[  106.974425][   T24] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  106.978467][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.984105][   T24] usb 8-1: config 0 descriptor??
[  107.409194][   T24] mcp2221 0003:04D8:00DD.0005: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  107.604071][ T8166] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:0000 with DS=0x7
[  107.615798][ T6054] usb 8-1: USB disconnect, device number 6
[  122.403738][ T8206] netlink: 12 bytes leftover after parsing attributes in process `syz.3.640'.
[  122.405106][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  122.405118][   T40] audit: type=1400 audit(5274815880.037:562): avc:  denied  { remount } for  pid=8208 comm="syz.1.641" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  122.416842][ T8211] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  122.430270][ T8215] netlink: 'syz.2.642': attribute type 1 has an invalid length.
[  122.460207][ T8215] 8021q: adding VLAN 0 to HW filter on device bond2
[  122.471893][ T8218] 8021q: adding VLAN 0 to HW filter on device team0
[  122.475720][ T8218] bond2: (slave team0): making interface the new active one
[  122.480818][ T8218] bond2: (slave team0): Enslaving as an active interface with an up link
[  122.540878][ T8231] ipvlan1: entered promiscuous mode
[  122.544008][ T8231] 8021q: adding VLAN 0 to HW filter on device ipvlan1
[  122.546762][ T8231] bond0: (slave ipvlan1): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  122.632579][ T8237] kvm: kvm [8236]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  122.636086][ T8237] kvm: kvm [8236]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  122.788714][   T40] audit: type=1400 audit(5274815880.427:563): avc:  denied  { name_bind 0x1000000 } for  pid=8257 comm="syz.1.652" path="socket:[23556]" dev="sockfs" ino=23556 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  123.061149][   T40] audit: type=1400 audit(5274815880.697:564): avc:  denied  { remount } for  pid=8288 comm="syz.2.654" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  123.061336][ T8289] binder: Binderfs stats mode cannot be changed during a remount
[  123.130837][   T40] audit: type=1800 audit(5274815880.767:565): pid=8295 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.657" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  123.193153][ T8299] netlink: 16 bytes leftover after parsing attributes in process `syz.2.658'.
[  123.235797][ T8304] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  123.301400][   T40] audit: type=1400 audit(5274815880.937:566): avc:  denied  { accept } for  pid=8306 comm="syz.2.661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  123.405200][ T8318] netlink: 256 bytes leftover after parsing attributes in process `syz.0.663'.
[  123.409105][ T8318] unsupported nlmsg_type 40
[  123.453350][ T8320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.664'.
[  123.460306][   T40] audit: type=1400 audit(5274815881.097:567): avc:  denied  { listen } for  pid=8319 comm="syz.0.664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  123.508735][ T8320] loop3: detected capacity change from 0 to 7
[  123.512193][ T8257] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  123.513875][ T8320] Dev loop3: unable to read RDB block 7
[  123.516946][ T8320]  loop3: unable to read partition table
[  123.518956][ T8320] loop3: partition table beyond EOD, truncated
[  123.527407][ T8320] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  123.533485][ T8320] netlink: 4 bytes leftover after parsing attributes in process `syz.0.664'.
[  123.560887][   T40] audit: type=1400 audit(5274815881.197:568): avc:  denied  { bind } for  pid=8324 comm="syz.1.665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  124.062368][   T40] audit: type=1400 audit(5274815881.697:569): avc:  denied  { checkpoint_restore } for  pid=8341 comm="syz.3.671" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  124.074931][   T40] audit: type=1400 audit(5274815881.707:570): avc:  denied  { ioctl } for  pid=8341 comm="syz.3.671" path="socket:[24581]" dev="sockfs" ino=24581 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  124.161591][ T8356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.675'.
[  124.164377][ T8356] netlink: 'syz.2.675': attribute type 21 has an invalid length.
[  124.197694][   T40] audit: type=1800 audit(5274815881.827:571): pid=8358 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.676" name="file1" dev="overlay" ino=859 res=0 errno=0
[  124.212286][ T8358] netlink: 'syz.3.676': attribute type 10 has an invalid length.
[  124.230511][ T8358] hsr_slave_0: left promiscuous mode
[  124.232780][ T8358] hsr_slave_1: left promiscuous mode
[  124.313921][ T8366] overlayfs: failed to resolve './file1': -2
[  124.438033][ T8373] ./file3: Can't lookup blockdev
[  124.589651][ T8394] netlink: 12 bytes leftover after parsing attributes in process `syz.1.688'.
[  124.736709][ T8401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.689'.
[  124.739982][ T8401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.689'.
[  124.742763][ T8401] netlink: 'syz.1.689': attribute type 7 has an invalid length.
[  124.800825][ T1146] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.801298][ T8407] netlink: 'syz.1.691': attribute type 4 has an invalid length.
[  124.813211][ T8407] netlink: 'syz.1.691': attribute type 4 has an invalid length.
[  125.186227][ T8439] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  125.779147][ T8444] bridge0: Device is already in use.
[  125.812851][ T8448] loop0: detected capacity change from 0 to 2560
[  125.817006][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.821884][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.825143][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.828598][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.831483][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.834263][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.836879][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.840257][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.843535][ T8448] ldm_validate_partition_table(): Disk read failed.
[  125.846400][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.850275][ T8448] Buffer I/O error on dev loop0, logical block 0, async page read
[  125.853869][ T8448] Dev loop0: unable to read RDB block 0
[  125.856701][ T8448]  loop0: unable to read partition table
[  125.859364][ T8448] loop_reread_partitions: partition scan of loop0 (3Ÿ¾‚­®Ò$) failed (rc=-5)
[  125.887335][ T5332] Bluetooth: hci4: command 0x1003 tx timeout
[  125.887535][ T5983] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  126.007767][ T8464] syz.2.708 uses old SIOCAX25GETINFO
[  126.247842][ T8477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.713'.
[  127.334916][ T8513] cgroup: fork rejected by pids controller in /syz1
[  127.408923][   T40] kauditd_printk_skb: 6436 callbacks suppressed
[  127.408934][   T40] audit: type=1326 audit(5274815885.047:7008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.421025][   T40] audit: type=1326 audit(5274815885.047:7009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.430229][   T40] audit: type=1326 audit(5274815885.047:7010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.437677][   T40] audit: type=1326 audit(5274815885.047:7011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.444564][   T40] audit: type=1326 audit(5274815885.047:7012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.451656][   T40] audit: type=1326 audit(5274815885.047:7013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.458750][   T40] audit: type=1326 audit(5274815885.047:7014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.465839][   T40] audit: type=1326 audit(5274815885.047:7015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.473023][   T40] audit: type=1326 audit(5274815885.047:7016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.497392][   T40] audit: type=1326 audit(5274815885.047:7017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8478 comm="syz.0.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf72d8eba9 code=0x50000
[  127.976508][ T8622] sp0: Synchronizing with TNC
[  128.116731][ T8626] debugfs: 'ttyS3' already exists in 'caif_serial'
[  128.177433][ T8624] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  128.199145][ T8635] __nla_validate_parse: 1 callbacks suppressed
[  128.199156][ T8635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.739'.
[  128.244707][ T8635] syz_tun: entered allmulticast mode
[  128.252199][ T8635] sp0: Synchronizing with TNC
[  128.256868][ T8634] [U] è``
[  128.334621][ T8643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.741'.
[  128.350064][ T8634] syz_tun: left allmulticast mode
[  128.429393][ T8646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.742'.
[  128.467743][ T8662] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  128.543928][ T8668] fuse: Unknown parameter 'fϦ'
[  128.685746][ T8676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.750'.
[  128.737932][ T8678] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  129.323889][ T8686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.753'.
[  129.349783][ T8688] dlm: no local IP address has been set
[  129.351686][ T8688] dlm: cannot start dlm midcomms -107
[  129.427332][ T8701] netlink: 4 bytes leftover after parsing attributes in process `syz.0.758'.
[  129.439937][ T8693] netlink: 'syz.1.756': attribute type 1 has an invalid length.
[  129.494675][ T8705] tmpfs: Too few inodes for current use
[  129.537594][ T8711] 9pnet_fd: p9_fd_create_tcp (8711): problem binding to privport
[  129.544450][ T8712] 9pnet_fd: p9_fd_create_tcp (8712): problem connecting socket to 127.0.0.1
[  129.714266][ T8749] fuse: Bad value for 'user_id'
[  129.716399][ T8749] fuse: Bad value for 'user_id'
[  130.139731][ T8794] fuse: Unknown parameter 'g®o8_éd'
[  130.503675][ T8811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.511424][ T8811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.842734][ T8824] block nbd1: Attempted send on invalid socket
[  130.845885][ T8824] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  130.851439][ T8824] XFS (nbd1): SB validate failed with error -5.
[  131.072292][ T8848] netlink: 'syz.0.789': attribute type 1 has an invalid length.
[  131.075533][ T8847] netlink: 'syz.0.789': attribute type 1 has an invalid length.
[  131.246066][ T8863] tmpfs: Unknown parameter 'quota.grpquota_block_hardlimit'
[  131.325836][ T8871] netlink: 'syz.1.798': attribute type 2 has an invalid length.
[  131.393351][ T8879] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_tx_wq": -EINTR
[  131.558073][ T8899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.804'.
[  131.565548][ T8899] netlink: 'syz.0.804': attribute type 14 has an invalid length.
[  131.569366][ T8899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.804'.
[  131.573067][ T8899] netlink: 'syz.0.804': attribute type 14 has an invalid length.
[  131.653009][ T8909] overlayfs: conflicting options: nfs_export=on,index=off
[  131.949423][ T8936] netlink: 72 bytes leftover after parsing attributes in process `syz.2.815'.
[  131.956441][ T8936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.815'.
[  131.999043][ T8941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.003992][ T8941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.012251][ T8937] netlink: 'syz.2.815': attribute type 39 has an invalid length.
[  132.015691][ T8942] netlink: 'syz.2.815': attribute type 39 has an invalid length.
[  132.055528][ T8936] team0: Port device team_slave_0 removed
[  132.069505][ T8937] syz_tun (unregistering): left allmulticast mode
[  132.071923][ T8937] syz_tun (unregistering): left promiscuous mode
[  132.074062][ T8937] bridge0: port 3(syz_tun) entered disabled state
[  132.076135][ T8939] netlink: 'syz.1.817': attribute type 1 has an invalid length.
[  132.089365][ T8939] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  132.332023][ T8954] netlink: 'syz.3.821': attribute type 10 has an invalid length.
[  132.339698][ T8954] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.349899][ T8954] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  132.357653][ T8954] No control pipe specified
[  132.455247][ T8961] trusted_key: syz.1.825 sent an empty control message without MSG_MORE.
[  132.503232][ T5332] Bluetooth: hci4: sending frame failed (-49)
[  132.505937][ T5983] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  132.511814][ T8966] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.578968][   T40] kauditd_printk_skb: 16345 callbacks suppressed
[  132.578979][   T40] audit: type=1400 audit(5274815890.217:23363): avc:  denied  { listen } for  pid=8968 comm="syz.2.827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  132.696153][ T8984] CUSE: info not properly terminated
[  132.720490][ T8982] openvswitch: netlink: Flow key attribute not present in set flow.
[  132.746524][ T8982] jfs: Unknown parameter 'Ricarl'
[  132.838419][ T8996] IPVS: Error joining to the multicast group
[  132.945819][ T9017] /dev/sg0: Can't lookup blockdev
[  133.390063][ T9053] 9p filesystem being mounted at /248/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  133.394964][   T40] audit: type=1400 audit(5274815891.027:23364): avc:  denied  { write } for  pid=9052 comm="syz.0.853" dev="9p" ino=281474976645122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1
[  133.404483][   T40] audit: type=1400 audit(5274815891.027:23365): avc:  denied  { open } for  pid=9052 comm="syz.0.853" path="/248/file0" dev="9p" ino=281474976645122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1
[  133.975045][ T9058] __nla_validate_parse: 6 callbacks suppressed
[  133.975056][ T9058] netlink: 60 bytes leftover after parsing attributes in process `syz.1.855'.
[  134.599706][ T9099] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.865'.
[  134.603597][ T9099] netlink: zone id is out of range
[  134.605760][ T9099] netlink: get zone limit has 8 unknown bytes
[  134.614817][ T9099] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  134.618598][ T9099] overlayfs: missing 'lowerdir'
[  134.681344][   T40] audit: type=1326 audit(5274815892.317:23366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.2.866" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7bdd8eba9 code=0x7ffc0000
[  134.690876][   T40] audit: type=1326 audit(5274815892.317:23367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.2.866" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7bdd8eba9 code=0x7ffc0000
[  134.698662][   T40] audit: type=1326 audit(5274815892.317:23368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.2.866" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe7bdd8eba9 code=0x7ffc0000
[  134.705811][   T40] audit: type=1326 audit(5274815892.317:23369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.2.866" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7bdd8eba9 code=0x7ffc0000
[  134.718347][   T40] audit: type=1326 audit(5274815892.317:23370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.2.866" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7bdd8eba9 code=0x7ffc0000
[  134.728345][   T40] audit: type=1326 audit(5274815892.317:23371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.2.866" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe7bdd8eba9 code=0x7ffc0000
[  134.738162][   T40] audit: type=1326 audit(5274815892.317:23372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9101 comm="syz.2.866" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7bdd8eba9 code=0x7ffc0000
[  134.907703][ T9118] af_packet: tpacket_rcv: packet too big, clamped from 36 to 4294967272. macoff=96
[  134.930802][ T9121] netlink: 4 bytes leftover after parsing attributes in process `syz.0.872'.
[  136.107416][ T9147] erofs (device nbd0): cannot find valid erofs superblock
[  136.759768][ T9154] netlink: 12 bytes leftover after parsing attributes in process `syz.2.880'.
[  136.930049][ T9158] FAT-fs (sr0): bogus number of reserved sectors
[  136.932322][ T9158] FAT-fs (sr0): Can't find a valid FAT filesystem
[  137.105994][ T9170] Bluetooth: hci0: invalid len left 7, exp >= 17
[  137.499860][ T9187] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9187 comm=syz.1.889
[  137.625630][ T9194] dns_resolver: Unsupported server list version (0)
[  137.722697][   T40] kauditd_printk_skb: 16 callbacks suppressed
[  137.722715][   T40] audit: type=1400 audit(5274815895.357:23389): avc:  denied  { unmount } for  pid=5975 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  137.810239][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
�ˆÊÿÃ			ªªªªª3ªªªªª4ˆ¨�"ÜN©[  137.883920][   T40] audit: type=1400 audit(5274815895.517:23390): avc:  denied  { ioctl } for  pid=9207 comm="syz.1.897" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  138.428201][ T9217] sctp: [Deprecated]: syz.0.898 (pid 9217) Use of struct sctp_assoc_value in delayed_ack socket option.
[  138.428201][ T9217] Use struct sctp_sack_info instead
[  138.430647][   T40] audit: type=1400 audit(5274815896.067:23391): avc:  denied  { append } for  pid=9216 comm="syz.0.898" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  138.435204][ T9217] binder: BINDER_SET_CONTEXT_MGR already set
[  138.450626][ T9217] binder: 9216:9217 ioctl 4018620d 200000000040 returned -16
[  138.509827][ T9222] overlayfs: upper fs does not support file handles, falling back to index=off.
[  138.662960][   T40] audit: type=1400 audit(5274815896.297:23392): avc:  denied  { read } for  pid=9227 comm="syz.0.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  138.714445][   T40] audit: type=1400 audit(5274815896.347:23393): avc:  denied  { setopt } for  pid=9227 comm="syz.0.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  138.791286][   T40] audit: type=1400 audit(5274815896.427:23394): avc:  denied  { create } for  pid=9232 comm="syz.0.902" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  138.919005][ T9235] validate_nla: 2 callbacks suppressed
[  138.919021][ T9235] netlink: 'syz.0.903': attribute type 4 has an invalid length.
[  138.928803][ T9235] netlink: 'syz.0.903': attribute type 4 has an invalid length.
[  138.944185][ T9235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.903'.
[  139.022046][ T9235] team0: Port device team_slave_0 removed
[  139.136941][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803b720400: rx timeout, send abort
[  139.141008][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803b720400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  139.148803][   T40] audit: type=1400 audit(5274815896.787:23395): avc:  denied  { read } for  pid=5364 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  139.157203][   T40] audit: type=1400 audit(5274815896.787:23396): avc:  denied  { search } for  pid=5364 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  139.163897][   T40] audit: type=1400 audit(5274815896.787:23397): avc:  denied  { search } for  pid=5364 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  139.176414][   T40] audit: type=1400 audit(5274815896.787:23398): avc:  denied  { add_name } for  pid=5364 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  139.371714][ T9252] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pid=9252 comm=syz.0.909
[  139.371743][ T9251] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pid=9251 comm=syz.0.909
[  139.381089][ T9252] ip6tnl1: entered promiscuous mode
[  139.382737][ T9252] ip6tnl1: entered allmulticast mode
[  139.542253][ T9258] veth1_to_bond: entered allmulticast mode
[  139.546879][ T9258] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  139.551962][ T9257] veth1_to_bond: left allmulticast mode
[  139.580660][ T9260] rdma_op ffff8880368989f0 conn xmit_rdma 0000000000000000
[  139.592917][ T9260] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  139.595882][ T9260] FAT-fs (loop0): unable to read boot sector
[  139.989897][ T9274] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9274 comm=syz.0.917
[  140.128638][ T9289] netlink: 8 bytes leftover after parsing attributes in process `syz.0.922'.
[  140.131715][ T9289] netlink: 'syz.0.922': attribute type 1 has an invalid length.
[  140.134201][ T9289] netlink: 'syz.0.922': attribute type 2 has an invalid length.
[  140.173564][ T9296] netlink: 8 bytes leftover after parsing attributes in process `syz.0.922'.
[  140.176432][ T9296] netlink: 'syz.0.922': attribute type 1 has an invalid length.
[  140.179092][ T9296] netlink: 'syz.0.922': attribute type 2 has an invalid length.
[  140.349572][ T9302] comedi comedi4: comedi_config --init_data is deprecated
[  140.530148][ T6034] hid_parser_main: 10 callbacks suppressed
[  140.530165][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.539513][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.542768][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x2
[  140.549138][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.549193][ T9313] netlink: 152 bytes leftover after parsing attributes in process `syz.1.927'.
[  140.554789][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.559354][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.568552][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.573738][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.577266][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.582130][ T6034] hid-generic 00A0:0008:0003.0006: unknown main item tag 0x0
[  140.588940][ T6034] hid-generic 00A0:0008:0003.0006: hidraw1: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  141.166854][ T9366] lo speed is unknown, defaulting to 1000
[  141.169067][ T9366] lo speed is unknown, defaulting to 1000
[  141.172044][ T9366] lo speed is unknown, defaulting to 1000
[  141.178106][ T9366] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  141.185190][ T9366] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  141.203335][ T9366] lo speed is unknown, defaulting to 1000
[  141.206975][ T9366] lo speed is unknown, defaulting to 1000
[  141.221650][ T9366] lo speed is unknown, defaulting to 1000
[  141.225919][ T9366] lo speed is unknown, defaulting to 1000
[  141.297075][ T9374] tmpfs: Bad value for 'mpol'
[  141.300111][ T9375] tmpfs: Bad value for 'mpol'
[  141.366098][ T9379] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9379 comm=syz.2.948
[  141.458518][ T9386] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  141.575149][ T9392] 9p filesystem being mounted at /265/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  141.988357][ T6040] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  142.117280][ T6040] usb 7-1: device descriptor read/64, error -71
[  142.195178][ T9411] cgroup: Name too long
[  142.367274][ T6040] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  142.497437][ T6040] usb 7-1: device descriptor read/64, error -71
[  142.597260][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  142.607421][ T6040] usb usb7-port1: attempt power cycle
[  142.748469][   T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  142.752132][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  142.755560][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  142.759631][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  142.763679][   T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  142.766544][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.773096][   T10] usb 6-1: config 0 descriptor??
[  142.957221][ T6040] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  142.977696][ T6040] usb 7-1: device descriptor read/8, error -71
[  143.208626][   T10] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  143.217508][ T6040] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  143.240253][ T6040] usb 7-1: device descriptor read/8, error -71
[  143.293674][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  143.293684][   T40] audit: type=1400 audit(5274815900.927:23407): avc:  denied  { bind } for  pid=9422 comm="syz.0.960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  143.300173][ T9423] netlink: 4 bytes leftover after parsing attributes in process `syz.0.960'.
[  143.348573][ T6040] usb usb7-port1: unable to enumerate USB device
[  143.439206][ T9413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.442852][ T9413] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.449708][   T40] audit: type=1400 audit(5274815901.087:23408): avc:  denied  { bind } for  pid=9425 comm="syz.0.961" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  143.449872][ T6040] usb 6-1: USB disconnect, device number 8
[  143.450332][ T9426] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pid=9426 comm=syz.0.961
[  143.450632][ T9426] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  144.220378][   T40] audit: type=1400 audit(5274815901.857:23409): avc:  denied  { append } for  pid=9431 comm="syz.1.963" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  144.339438][ T9441] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9441 comm=syz.0.966
[  144.371412][ T9443] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[  144.511993][ T9451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.516960][ T9451] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.719815][ T9453] efs: device does not support 512 byte blocks
[  144.723076][ T9453] device does not support 512 byte blocks
[  144.723076][ T9453] 
[  144.754999][   T40] audit: type=1400 audit(5274815902.387:23410): avc:  denied  { write } for  pid=9454 comm="syz.2.970" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  144.812439][   T40] audit: type=1400 audit(5274815902.447:23411): avc:  denied  { ioctl } for  pid=9454 comm="syz.2.970" path="/dev/input/mice" dev="devtmpfs" ino=939 ioctlcmd=0x4509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  144.861814][   T40] audit: type=1400 audit(5274815902.497:23412): avc:  denied  { map } for  pid=9459 comm="syz.2.971" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  144.872426][   T40] audit: type=1400 audit(5274815902.497:23413): avc:  denied  { execute } for  pid=9459 comm="syz.2.971" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  144.899663][   T40] audit: type=1400 audit(5274815902.537:23414): avc:  denied  { read } for  pid=9461 comm="syz.2.972" path="socket:[29903]" dev="sockfs" ino=29903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  144.904648][ T9462] dvmrp17: entered allmulticast mode
[  144.912314][ T9462] dvmrp17: left allmulticast mode
[  144.965038][ T9463] netlink: 36 bytes leftover after parsing attributes in process `syz.2.972'.
[  145.016465][   T40] audit: type=1400 audit(5274815902.647:23415): avc:  denied  { nlmsg_write } for  pid=9464 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  146.080928][ T9497] program syz.1.983 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  146.087411][ T9497] program syz.1.983 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  146.557536][ T6034] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  146.707885][ T6034] usb 6-1: Using ep0 maxpacket: 8
[  146.718807][ T6034] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  146.722177][ T6034] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  146.724947][ T6034] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.731555][ T6034] usb 6-1: config 0 descriptor??
[  146.939918][ T6034] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  147.028235][   T40] audit: type=1400 audit(5274815904.667:23416): avc:  denied  { read } for  pid=9509 comm="syz.2.987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  147.033728][ T9510] netlink: 36 bytes leftover after parsing attributes in process `syz.2.987'.
[  147.194264][  T862] usb 6-1: USB disconnect, device number 9
[  147.196204][    C2] iowarrior 6-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  148.362190][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  148.362206][   T40] audit: type=1400 audit(5274815905.997:23418): avc:  denied  { execute } for  pid=9557 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  148.390215][ T9558] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  148.392459][ T9558] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  148.397229][   T40] audit: type=1400 audit(5274815905.997:23419): avc:  denied  { execute_no_trans } for  pid=9557 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  148.411991][ T9558] vhci_hcd vhci_hcd.0: Device attached
[  148.414523][ T9559] vhci_hcd: connection closed
[  148.417364][ T1153] vhci_hcd: stop threads
[  148.426868][ T1153] vhci_hcd: release socket
[  148.428625][ T1153] vhci_hcd: disconnect device
[  148.539434][ T5332] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  148.543172][ T5332] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  148.546341][ T5332] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  148.550628][ T5332] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  148.553309][ T5332] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  148.572897][ T5983] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  148.576269][ T5983] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  148.580011][ T5983] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  148.584432][ T5983] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  148.587878][ T5983] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  148.659454][ T9563] lo speed is unknown, defaulting to 1000
[  148.728869][ T9572] vlan2: entered promiscuous mode
[  148.730529][ T9572] bridge0: entered promiscuous mode
[  148.735146][ T9575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1009'.
[  148.767634][ T9578] bad cache= option: none

[  148.767634][ T9578] 
[  148.769876][ T9578] CIFS: VFS: bad cache= option: none

[  148.777831][ T9578] bad cache= option: none

[  148.777831][ T9578] 
[  148.781423][ T9578] CIFS: VFS: bad cache= option: none

[  148.851500][ T9563] chnl_net:caif_netlink_parms(): no params data found
[  148.945671][   T40] audit: type=1400 audit(5274815906.577:23420): avc:  denied  { mounton } for  pid=9598 comm="syz.0.1015" path="/316/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  148.988748][ T9599] 9p filesystem being mounted at /316/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  149.008570][ T9563] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.011055][ T9563] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.014498][ T9563] bridge_slave_0: entered allmulticast mode
[  149.019042][ T9563] bridge_slave_0: entered promiscuous mode
[  149.022120][ T9563] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.025173][ T9563] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.028734][ T9563] bridge_slave_1: entered allmulticast mode
[  149.040547][ T9563] bridge_slave_1: entered promiscuous mode
[  149.047397][   T40] audit: type=1400 audit(5274815906.677:23421): avc:  denied  { create } for  pid=9604 comm="syz.2.1019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  149.053785][   T40] audit: type=1400 audit(5274815906.677:23422): avc:  denied  { ioctl } for  pid=9604 comm="syz.2.1019" path="socket:[30880]" dev="sockfs" ino=30880 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  149.061455][   T40] audit: type=1400 audit(5274815906.677:23423): avc:  denied  { setopt } for  pid=9604 comm="syz.2.1019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  149.067751][   T40] audit: type=1400 audit(5274815906.687:23424): avc:  denied  { read } for  pid=9604 comm="syz.2.1019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  149.085054][ T9607] netlink: 'syz.1.1020': attribute type 1 has an invalid length.
[  149.101870][   T40] audit: type=1400 audit(5274815906.737:23425): avc:  denied  { write } for  pid=9604 comm="syz.2.1019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  149.193028][ T9563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.195197][ T9612] FAT-fs (nullb0): bogus number of reserved sectors
[  149.199817][ T9612] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  149.203974][ T9612] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9612 comm=syz.1.1020
[  149.206170][ T9563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.271636][ T9617] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  149.282507][ T9563] team0: Port device team_slave_0 added
[  149.289570][ T9563] team0: Port device team_slave_1 added
[  149.342371][ T9563] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.345206][ T9563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.372362][ T9563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.383374][ T9563] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.385861][ T9563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.395001][ T9563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.425926][   T40] audit: type=1400 audit(5274815907.057:23426): avc:  denied  { write } for  pid=9621 comm="syz.2.1024" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  149.487348][   T10] page_pool_release_retry() stalled pool shutdown: id 26, 1 inflight 60 sec
[  149.530916][ T9563] hsr_slave_0: entered promiscuous mode
[  149.533721][ T9563] hsr_slave_1: entered promiscuous mode
[  149.549641][ T9624] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9624 comm=syz.1.1025
[  149.709439][ T9563] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  149.716504][ T9563] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  149.722970][ T9563] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  149.749934][ T9563] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  149.756454][   T40] audit: type=1400 audit(5274815907.387:23427): avc:  denied  { write } for  pid=9648 comm="syz.2.1032" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  149.816063][ T9658] 9p filesystem being mounted at /293/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  149.820492][ T9563] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.834979][ T9563] 8021q: adding VLAN 0 to HW filter on device team0
[  149.843428][ T6659] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.845847][ T6659] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.854344][ T6658] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.856671][ T6658] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.019092][ T9563] 8021q: adding VLAN 0 to HW filter on device batadv0
[  150.086374][ T9671] "syz.0.1035" (9671) uses obsolete ecb(arc4) skcipher
[  150.170723][ T9563] veth0_vlan: entered promiscuous mode
[  150.175580][ T9563] veth1_vlan: entered promiscuous mode
[  150.192941][ T9563] veth0_macvtap: entered promiscuous mode
[  150.196789][ T9563] veth1_macvtap: entered promiscuous mode
[  150.207489][ T9563] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.215354][ T9563] batman_adv: batadv0: Interface activated: batadv_slave_1
[  150.221605][ T6658] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.224671][ T6658] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.228080][ T6659] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.231199][ T6659] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.274514][ T6658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.278315][ T6658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.293538][ T6658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.296156][ T6658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.306375][ T9685] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1038'.
[  150.345186][ T9687] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1039'.
[  150.355315][ T9691] loop2: detected capacity change from 0 to 2560
[  150.358855][ T9691] buffer_io_error: 11 callbacks suppressed
[  150.358864][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.363849][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.366349][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.375287][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.382601][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.385224][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.388302][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.390904][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.393478][ T9691] ldm_validate_partition_table(): Disk read failed.
[  150.395657][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.399249][ T9691] Buffer I/O error on dev loop2, logical block 0, async page read
[  150.401919][ T9691] Dev loop2: unable to read RDB block 0
[  150.404344][ T9691]  loop2: unable to read partition table
[  150.406252][ T9691] loop_reread_partitions: partition scan of loop2 (3Ÿ¾‚³˜) failed (rc=-5)
[  150.444832][   T24] hid_parser_main: 17 callbacks suppressed
[  150.444845][   T24] hid-generic 0006:03CA:0003.0008: unknown main item tag 0x0
[  150.463282][   T24] hid-generic 0006:03CA:0003.0008: hidraw1: VIRTUAL HID v0.04 Device [syz1] on syz1
[  150.551266][ T9700] fido_id[9700]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  150.617597][ T5983] Bluetooth: hci4: command tx timeout
[  150.741189][ T9724] 9pnet_virtio: no channels available for device syz
[  150.743674][ T9724] 9pnet_virtio: no channels available for device syz
[  150.746072][ T9724] 9pnet_virtio: no channels available for device syz
[  150.748560][ T9724] 9pnet_virtio: no channels available for device syz
[  150.750952][ T9724] 9pnet_virtio: no channels available for device syz
[  150.753812][ T9724] 9pnet_virtio: no channels available for device syz
[  150.756590][ T9724] 9pnet_virtio: no channels available for device syz
[  150.760458][ T9724] 9pnet_virtio: no channels available for device syz
[  150.763408][ T9724] 9pnet_virtio: no channels available for device syz
[  150.766586][ T9724] 9pnet_virtio: no channels available for device syz
[  150.770256][ T9724] 9pnet_virtio: no channels available for device syz
[  150.772518][ T9724] 9pnet_virtio: no channels available for device syz
[  150.775052][ T9724] 9pnet_virtio: no channels available for device syz
[  150.778281][ T9724] 9pnet_virtio: no channels available for device syz
[  150.781436][ T9724] 9pnet_virtio: no channels available for device syz
[  150.784721][ T9724] 9pnet_virtio: no channels available for device syz
[  150.791245][ T9724] 9pnet_virtio: no channels available for device syz
[  150.794493][ T9724] 9pnet_virtio: no channels available for device syz
[  150.798123][ T9724] 9pnet_virtio: no channels available for device À
[  150.982510][ T9742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.988982][ T9742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.304268][ T6658] Bluetooth: hci1: Frame reassembly failed (-84)
[  151.588141][ T9798] binder_alloc: 9789: binder_alloc_buf, no vma
[  151.591035][ T9798] netlink: 'syz.1.1069': attribute type 17 has an invalid length.
[  151.655481][ T9798] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.699002][ T9805] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1073'.
[  151.766732][ T9798] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  151.779064][ T9798] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  151.880746][ T1153] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  151.896697][ T1153] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  151.904074][ T1153] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  151.924457][ T9811] fuse: Bad value for 'fd'
[  151.973117][ T9813] trusted_key: encrypted_key: insufficient parameters specified
[  152.201452][ T9822] binder: 9821:9822 ioctl c018620c 200000000240 returned -22
[  152.340323][ T9831] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1081'.
[  152.521317][ T9842] ==================================================================
[  152.524399][ T9842] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.527064][ T9842] Write of size 2880 at addr ffffc90006511500 by task vivid-000-vid-c/9842
[  152.531283][ T9842] 
[  152.532075][ T9842] CPU: 3 UID: 0 PID: 9842 Comm: vivid-000-vid-c Not tainted syzkaller #0 PREEMPT(full) 
[  152.532096][ T9842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  152.532107][ T9842] Call Trace:
[  152.532114][ T9842]  <TASK>
[  152.532121][ T9842]  dump_stack_lvl+0x116/0x1f0
[  152.532148][ T9842]  print_report+0xcd/0x630
[  152.532179][ T9842]  ? __virt_addr_valid+0x81/0x610
[  152.532201][ T9842]  ? tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.532216][ T9842]  kasan_report+0xe0/0x110
[  152.532229][ T9842]  ? tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.532245][ T9842]  kasan_check_range+0x100/0x1b0
[  152.532260][ T9842]  __asan_memcpy+0x3c/0x60
[  152.532277][ T9842]  tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.532299][ T9842]  ? __pfx_tpg_fill_plane_buffer+0x10/0x10
[  152.532317][ T9842]  vivid_fillbuff+0x8d2/0x4250
[  152.532331][ T9842]  ? lock_acquire+0x179/0x350
[  152.532346][ T9842]  ? __pfx_vivid_fillbuff+0x10/0x10
[  152.532364][ T9842]  ? v4l2_ctrl_request_setup+0x45e/0xa60
[  152.532382][ T9842]  ? lockdep_hardirqs_on+0x7c/0x110
[  152.532404][ T9842]  ? vivid_thread_vid_cap_tick+0x814/0x15d0
[  152.532418][ T9842]  vivid_thread_vid_cap_tick+0x814/0x15d0
[  152.532434][ T9842]  vivid_thread_vid_cap+0x454/0xda0
[  152.532449][ T9842]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  152.532463][ T9842]  ? do_raw_spin_lock+0x12c/0x2b0
[  152.532475][ T9842]  ? find_held_lock+0x2b/0x80
[  152.532490][ T9842]  ? rcu_is_watching+0x12/0xc0
[  152.532503][ T9842]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  152.532516][ T9842]  ? lockdep_hardirqs_on+0x7c/0x110
[  152.532530][ T9842]  ? __kthread_parkme+0x19e/0x250
[  152.532546][ T9842]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  152.532560][ T9842]  kthread+0x3c2/0x780
[  152.532571][ T9842]  ? __pfx_kthread+0x10/0x10
[  152.532581][ T9842]  ? rcu_is_watching+0x12/0xc0
[  152.532595][ T9842]  ? __pfx_kthread+0x10/0x10
[  152.532605][ T9842]  ret_from_fork+0x56a/0x730
[  152.532615][ T9842]  ? __pfx_kthread+0x10/0x10
[  152.532629][ T9842]  ret_from_fork_asm+0x1a/0x30
[  152.532646][ T9842]  </TASK>
[  152.532650][ T9842] 
[  152.597706][ T9842] The buggy address belongs to a vmalloc virtual mapping
[  152.599989][ T9842] The buggy address belongs to the physical page:
[  152.602081][ T9842] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f593
[  152.604898][ T9842] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  152.607193][ T9842] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  152.610403][ T9842] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  152.613138][ T9842] page dumped because: kasan: bad access detected
[  152.615238][ T9842] page_owner tracks the page as allocated
[  152.617089][ T9842] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 9841, tgid 9840 (syz.1.1085), ts 152516291803, free_ts 152467591870
[  152.623211][ T9842]  post_alloc_hook+0x1c0/0x230
[  152.624773][ T9842]  get_page_from_freelist+0x132b/0x38e0
[  152.626526][ T9842]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  152.628766][ T9842]  alloc_pages_mpol+0x1fb/0x550
[  152.630437][ T9842]  alloc_pages_noprof+0x131/0x390
[  152.632075][ T9842]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  152.634054][ T9842]  vmalloc_user_noprof+0x9e/0xe0
[  152.635699][ T9842]  vb2_vmalloc_alloc+0x135/0x3f0
[  152.637385][ T9842]  __vb2_queue_alloc+0x8c9/0x1280
[  152.638998][ T9842]  vb2_core_reqbufs+0xa90/0xfe0
[  152.640619][ T9842]  __vb2_init_fileio+0x3f1/0x1100
[  152.642247][ T9842]  vb2_core_poll+0x5ec/0x700
[  152.643794][ T9842]  vb2_poll+0x33/0x150
[  152.645157][ T9842]  vb2_fop_poll+0x10f/0x2c0
[  152.646638][ T9842]  v4l2_poll+0x163/0x320
[  152.648249][ T9842]  do_sys_poll+0x55c/0xdf0
[  152.650011][ T9842] page last free pid 8217 tgid 8217 stack trace:
[  152.652050][ T9842]  __free_frozen_pages+0x7d5/0x10f0
[  152.654008][ T9842]  tlb_remove_table_rcu+0x116/0x1a0
[  152.655772][ T9842]  rcu_core+0x799/0x1530
[  152.657189][ T9842]  handle_softirqs+0x219/0x8e0
[  152.658777][ T9842]  __irq_exit_rcu+0x109/0x170
[  152.660377][ T9842]  irq_exit_rcu+0x9/0x30
[  152.661753][ T9842]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  152.663607][ T9842]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  152.665549][ T9842] 
[  152.666352][ T9842] Memory state around the buggy address:
[  152.668470][ T9842]  ffffc90006511f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  152.671337][ T9842]  ffffc90006511f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  152.673923][ T9842] >ffffc90006512000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  152.676569][ T9842]                    ^
[  152.677968][ T9842]  ffffc90006512080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  152.680523][ T9842]  ffffc90006512100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  152.683089][ T9842] ==================================================================
[  152.687250][ T5332] Bluetooth: hci4: command tx timeout
[  152.688345][ T9842] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  152.688360][ T9842] CPU: 3 UID: 0 PID: 9842 Comm: vivid-000-vid-c Not tainted syzkaller #0 PREEMPT(full) 
[  152.688381][ T9842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  152.688392][ T9842] Call Trace:
[  152.688398][ T9842]  <TASK>
[  152.688406][ T9842]  dump_stack_lvl+0x3d/0x1f0
[  152.688432][ T9842]  vpanic+0x6e8/0x7a0
[  152.688460][ T9842]  ? __pfx_vpanic+0x10/0x10
[  152.688490][ T9842]  ? tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.688513][ T9842]  panic+0xca/0xd0
[  152.688528][ T9842]  ? __pfx_panic+0x10/0x10
[  152.688554][ T9842]  ? tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.688578][ T9842]  ? preempt_schedule_common+0x44/0xc0
[  152.688600][ T9842]  ? preempt_schedule_thunk+0x16/0x30
[  152.688632][ T9842]  ? check_panic_on_warn+0x1f/0xb0
[  152.688650][ T9842]  check_panic_on_warn+0xab/0xb0
[  152.688667][ T9842]  end_report+0x107/0x170
[  152.688688][ T9842]  kasan_report+0xee/0x110
[  152.688708][ T9842]  ? tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.688734][ T9842]  kasan_check_range+0x100/0x1b0
[  152.688758][ T9842]  __asan_memcpy+0x3c/0x60
[  152.688784][ T9842]  tpg_fill_plane_buffer+0x2cb6/0x43c0
[  152.688821][ T9842]  ? __pfx_tpg_fill_plane_buffer+0x10/0x10
[  152.688849][ T9842]  vivid_fillbuff+0x8d2/0x4250
[  152.688872][ T9842]  ? lock_acquire+0x179/0x350
[  152.688897][ T9842]  ? __pfx_vivid_fillbuff+0x10/0x10
[  152.688929][ T9842]  ? v4l2_ctrl_request_setup+0x45e/0xa60
[  152.688957][ T9842]  ? lockdep_hardirqs_on+0x7c/0x110
[  152.688981][ T9842]  ? vivid_thread_vid_cap_tick+0x814/0x15d0
[  152.749149][ T9842]  vivid_thread_vid_cap_tick+0x814/0x15d0
[  152.750973][ T9842]  vivid_thread_vid_cap+0x454/0xda0
[  152.752612][ T9842]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  152.754381][ T9842]  ? do_raw_spin_lock+0x12c/0x2b0
[  152.755973][ T9842]  ? find_held_lock+0x2b/0x80
[  152.757715][ T9842]  ? rcu_is_watching+0x12/0xc0
[  152.759440][ T9842]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  152.761259][ T9842]  ? lockdep_hardirqs_on+0x7c/0x110
[  152.762882][ T9842]  ? __kthread_parkme+0x19e/0x250
[  152.764489][ T9842]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  152.766247][ T9842]  kthread+0x3c2/0x780
[  152.767524][ T9842]  ? __pfx_kthread+0x10/0x10
[  152.768969][ T9842]  ? rcu_is_watching+0x12/0xc0
[  152.770467][ T9842]  ? __pfx_kthread+0x10/0x10
[  152.771909][ T9842]  ret_from_fork+0x56a/0x730
[  152.773350][ T9842]  ? __pfx_kthread+0x10/0x10
[  152.774787][ T9842]  ret_from_fork_asm+0x1a/0x30
[  152.776289][ T9842]  </TASK>
[  152.777961][ T9842] Kernel Offset: disabled
[  152.779316][ T9842] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:52:19  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000111559 RBX=0000000000000000 RCX=ffffffff8b94cb49 RDX=0000000000000000
RSI=ffffffff8de52d31 RDI=ffffffff8c163380 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08
R8 =0000000000000001 R9 =ffffed100d486655 R10=ffff88806a4332ab R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab7490 R15=0000000000000000
RIP=ffffffff8b94b68f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d66b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f328b572960 CR3=000000005260f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=00000000fc000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe39831960 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe39831ae6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe39831ae6 00007ffe39831aec
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffffff8e5c15a0 RCX=ffffffff8b5c8374 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc9000161fa78
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffffff8b5c8070 R13=0000000000000202 R14=ffff88801eaba440 R15=ffff888053473a40
RIP=ffffffff8197d300 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d67b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffe6f035ec0 CR3=00000000396c3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000151000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055559539f5c0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555953a7a6b 00005555953a74a0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555953954a8
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055559539d39a 000055559539d1d0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8608000188030280 8084080001800300 08000e88030480c0 94c408000e800314
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffffffffff30807 80030380041885c2 d8a2080001000000 080606013dd00108
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1000010000020806 060107b002100007 8004040207b40073 666d617201ffffff
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0806060407b00010 000010000010000c 1000010000020806 0a0106cc14100000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffd7 0821800301000004 0806020105b60010 0002100001000002
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 01000400019db408 0021800401c70800 080149aa006c6163 6f6c2e73746e6576
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 652e79726f6d656d 01ffffffffffffff ffd7082180030100 00040806020105b6
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0010000210000100 00020806060407b0 0010000010000010 000c100001000002
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 08060a0106cc1410 0000100001000002 0806060107b00210 00078004040207b4
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffffffffffffffff RBX=00007fbf72fd5fa0 RCX=ffffffffffffffa8 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=00007fbf72e11e19 RSP=00007fbf73c83ff0
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000246
R12=0000000000000000 R13=00007fbf72fd6038 R14=00007fbf72fd5fa0 R15=00007ffe398315d8
RIP=00007fbf72c548f6 RFL=00000286 [--S--P-] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fbf73c846c0 ffffffff 00c00000
GS =0000 0000000000000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c3edd41 CR3=000000005648e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff800 Opmask01=0000000020080810 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf73c81f70 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe39831ae6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe39831ae6 00007ffe39831aec
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fbf72e12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000302e63 64755f796d6d7564
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff8564c1d0 RDI=ffffffff9b118160 RBP=ffffffff9b118120 RSP=ffffc900059df100
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=666f206574697257
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff362307e R15=dffffc0000000000
RIP=ffffffff8564c1f7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d69b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c2a1dec CR3=0000000032278000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff55bc86e6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff55bc86e6 00007fff55bc86ec
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1872412e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1872412e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1872412e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1872412e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1872412ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1872412fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f18725a74a8 00007f18725a74a0 00007f18725a7498 00007f18725a7470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f187310d100 00007f18725a7460 00007f18725a0004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f18725a74b8 00007f18725a74b0 00007f18725a74a8 00007f18725a74a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000