last executing test programs:

14.624499638s ago: executing program 1 (id=1476):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r2, 0x10c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@bridge_delvlan={0x24, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r6}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x2, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5}}]}, 0x24}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$clear(0x11, 0xfffffffffffffffd)
r7 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_G_FREQUENCY(r7, 0xc02c5638, &(0x7f00000000c0)={0x105})
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r8, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

13.386442237s ago: executing program 1 (id=1479):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESDEC=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000840)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket(0x23, 0x5, 0x0)
r6 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_G_FREQUENCY(r6, 0xc02c5638, &(0x7f00000000c0)={0x1})
r7 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(0xffffffffffffffff, &(0x7f0000000880)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000d40)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @local}, 0xffffffffffffffff, 0xfffffffd}}, 0x48)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0xfc}}, 0x0)
write$6lowpan_control(r7, &(0x7f0000000000)='disconnect aa:aa:aa:aa:aa:11 2', 0x1e)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c00000020000103000000000000000002140000000000030000000008000b0001000100080001000a01018100f4683d21656c9e93a8580dac87246bebd78dca427e4e5713e34421c6c4ca36a6493991340600c8577ba11e"], 0x2c}}, 0x4010004)

11.79112289s ago: executing program 1 (id=1483):
socket$inet(0x2, 0x4000000000000001, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0xfffffe5d)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x5)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r3)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
syz_open_procfs(r4, &(0x7f0000000040)='net/igmp\x00')
ioctl$TCFLSH(r2, 0x40204706, 0x2)
r5 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x103382)
r6 = memfd_create(&(0x7f0000000ac0)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN?\x830\xaa>\x928\xd3\x8e\xd3\xc6\x86\x93\xc3\xfd\xe1\x93G\';\x1fz\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9[TJ\x98\x0e\xea;k\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1', 0x5)
ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6)
ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r6)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r7, <r8=>0xffffffffffffffff}, 0x4)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000b6000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

9.44956527s ago: executing program 1 (id=1489):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0xfffffffc, 'rr\x00', 0x0, 0x1, 0x62}, 0x2c)
socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
recvmmsg(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001400)=""/94, 0x5e}], 0x1}}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x2703, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000100), &(0x7f0000001440))
sendto(r1, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r4, 0x1)
ioctl$int_in(r4, 0x5452, &(0x7f0000000180))
listen(r4, 0x0)
shutdown(r4, 0x0)

8.116898852s ago: executing program 1 (id=1493):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000140)={0x2, 'hsr0\x00'}, 0x18)
syz_emit_ethernet(0x56, &(0x7f00000001c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x10, 0x4, 0x1, 0x31, 0x48, 0x65, 0x0, 0xa6, 0x1, 0x0, @remote, @multicast1, {[@generic={0x86, 0xa, "33702852bb1a6ed6"}, @end, @timestamp_addr={0x44, 0xc, 0xe4, 0x1, 0x0, [{@broadcast, 0x800}]}, @cipso={0x86, 0x15, 0x3, [{0x5, 0xf, "664ddc12d62b15f3df1f1b89fe"}]}]}}, @address_reply={0x12, 0x0, 0x0, 0x8}}}}}, &(0x7f0000000240)={0x1, 0x1, [0x953, 0xa2f, 0x624, 0x620]})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000170000/0x3000)=nil, 0x3000}, 0x5})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000380))
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000180))
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
close(0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}]}, 0x34}}, 0x0)

6.50684763s ago: executing program 2 (id=1497):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, &(0x7f00000003c0))
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000018c0)={r0, 0xe0, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000580)=[0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0], <r1=>0x0, 0x12, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f0000001700), 0x0, 0x0, 0xc, 0x8, 0x0, 0x0}}, 0x10)
r2 = socket$inet(0x2, 0x2, 0x0)
r3 = dup(r2)
bpf$PROG_LOAD(0x5, &(0x7f0000001980)={0xd, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x563e22ec7dfea742, '\x00', 0x0, @sock_ops, r3, 0x8, &(0x7f00000004c0)={0x7}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x0, 0xc, 0x3}, 0x10, r1, r0, 0x0, &(0x7f0000001900), 0x0, 0x10, 0x3, @void, @value}, 0x90)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x100000000001, 0x0, 0x2, 0x0)
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz0\x00', 0x200002, 0x0)
fchdir(r7)
syz_emit_ethernet(0xb4, &(0x7f00000000c0)={@local, @random="36e8a070c9db", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x7e, 0x2b, 0x0, @private2, @local, {[@hopopts={0x0, 0x4, '\x00', [@ra, @pad1, @hao={0xc9, 0x10, @mcast1}, @ra, @pad1]}], {0x0, 0x0, 0x56, 0x0, @gue={{0x2, 0x0, 0x1, 0x81, 0x0, @val=0x80}, "c13aa682c21e47a9a1f8d47a60f7000d2e17d823954ec6f31f7d75502e8f627b91e58d967cbefcd7a250cce71741316b0f1fb44d370dae0aebc3125a6f2da2001d949bb6a365"}}}}}}}, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9afe)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r9)
sendmsg$NLBL_CALIPSO_C_REMOVE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, r10, 0x1, 0x0, 0x0, {}, [@NLBL_CALIPSO_A_DOI={0x8}]}, 0x1c}}, 0x0)

6.270218304s ago: executing program 3 (id=1498):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0x0, &(0x7f0000000240))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
setrlimit(0x0, &(0x7f0000000280)={0x89c})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000840)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40842, 0x0)
syz_io_uring_setup(0x186b, &(0x7f00000003c0), &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(0xffffffffffffffff, 0x184c, 0x0, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz1\x00', {}, 0x23, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}, 0x45c)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, &(0x7f00000021c0)=ANY=[@ANYBLOB="b700000060000000bca3000000000000240300001afeffff620af0fff8ffffff69a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000a61140800000000001d430000000000007a0a00fe0000001f6114040000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19b0161e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba3a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652db036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700e89a56fe8e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a033a2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d54abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c940000002b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23541320d8579c5ab42bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de01fdee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b2584e6c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f386c4dd317e11c1e89fac1fa9bceb50fad686ffbb5f7d79565271add99821c3601653bf6d4091ce8e0af3ab3a82a2735abb21d675d21f0a65caeb3213db39c9d55a35c1d588a732ee0b3d3a09c7786bc50b014802027d1da4a2a0fde4672d8dccd9fa000000000000697d1f90ddf1f320292d9fa4d81dc97f9fd7088d29edb2473b5284227936edf9f00b6deddc45841b6c54cd3741c95fe628f31ae0bf7619817735688fa26ce52c368e5ac02bdd46f10eae05da628e8d"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

5.858903327s ago: executing program 0 (id=1500):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f0000001080)=0x1006)
r1 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000380)={0x1ff, 0x2, 0x2000, 0x2000, &(0x7f0000feb000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r6}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = getpid()
process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r8, 0x800452d2, &(0x7f0000000100))
r9 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r9, 0x5412, 0x0)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000000200)="650f09dc6a8166b81e018ee88fc978c7c966b822008ee8b8010000000f01d9f266f30f2295b97f0800000f32b9370200000f320f35", 0x35}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10)
process_mrelease(r1, 0x0)

5.494726892s ago: executing program 2 (id=1501):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = socket$isdn(0x22, 0x3, 0x0)
bind$isdn(r3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
ioctl$SNDCTL_DSP_GETISPACE(0xffffffffffffffff, 0x8010500d, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448e3, 0x0)
process_vm_writev(r2, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/30, 0x1e}, {&(0x7f0000000400)=""/50, 0x32}], 0x2, &(0x7f0000000840), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="680000000714010025bd7000ffdbdf25080001000100000008000100000000000900020073797a32000000000900020073797a3000000000050042000100000008000100010000000900020073797a30000000000900020073797a3000000000080001"], 0x68}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r6, 0xc0bc5310, &(0x7f0000000040)={0x0, @time, 0x0, {0xd}, 0x6, 0x0, 0x1})
ioctl$UI_SET_PHYS(r5, 0x4008556c, &(0x7f0000000000)='syz0\x00')
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_dccp(0x2, 0x6, 0x0)

4.675403011s ago: executing program 2 (id=1502):
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x8, 0xe, &(0x7f00000017c0)=ANY=[@ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGKEY(r2, 0x80404518, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x28, 0x24, 0x0, 0x0, 0x0, {}, [@TCA_STAB={0x4}]}, 0x28}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000380), 0x200104a, &(0x7f0000000580)=ANY=[@ANYRESOCT=r0, @ANYRES16, @ANYRESHEX=r3, @ANYBLOB="8ba40174fcf6ae9759e0ddc7e5eac9a9a3b1747f4888c4ed6ae5c428cce98fb71dfb95c814152d30d14c0a7a18b335b25a083bf7d83cf564b95ac3dbf759be94b2d64c9ffecd1e4577282417d3d3e2ba23c616b5a666d1d9c396a47abd114a3c5b9eae133e70efd9"])
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000240)=ANY=[])
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x25, &(0x7f0000000000)={0x1})

4.511121381s ago: executing program 0 (id=1503):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r2, 0x10c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@bridge_delvlan={0x24, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r6}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x2, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5}}]}, 0x24}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$clear(0x11, 0xfffffffffffffffd)
r7 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_G_FREQUENCY(r7, 0xc02c5638, &(0x7f00000000c0)={0x105})
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r8, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

4.3912203s ago: executing program 3 (id=1504):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
syz_io_uring_setup(0x6291, &(0x7f0000000340)={0x0, 0x722f, 0x400, 0x2}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, 0x0, 0x0, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
syz_emit_ethernet(0x11e, &(0x7f00000003c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0xe8, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, [{}, {}, {0x0, 0xe, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b03452dccf81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e2718"}, {0x21, 0x5, "b8a3e100908f61640000006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d9"}, {0x0, 0x4, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a"}, {0x0, 0x1, "d5170000dce9674a36da018dff"}]}}}}}}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_SET_KEY(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000580)={0x84, r6, 0x400, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x1c}}}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "95c80b8f60239e3698f17e55c2"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x28, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x8080}, 0x80d2)
setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f00000000c0), 0x4)
socket(0x10, 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r8, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
writev(r8, &(0x7f0000000540)=[{&(0x7f0000000500)='y', 0x1}], 0x1)

3.259277623s ago: executing program 1 (id=1505):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_getoverrun(0x0)
set_mempolicy(0x1, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000400)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @timestamp={0xd, 0x0, 0x0, 0x7, 0x80, 0x7, 0x80000000, 0x7}}}}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x1000000000000160)
r2 = socket$inet6(0xa, 0x1, 0x2)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)=[{}], 0x1}, 0x0)
writev(r2, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0xa, 0x0, 0x0)
memfd_create(&(0x7f0000000340)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b', 0x0)
r5 = dup3(r4, r3, 0x0)
fchdir(r5)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

3.258951503s ago: executing program 2 (id=1506):
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_setup(0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$l2tp6(0xa, 0x2, 0x73)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000040850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r4}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x27, 0x0, 0x120, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000040)=0x3)
syz_io_uring_setup(0x7ab7, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0)
r5 = syz_io_uring_setup(0x57ae, &(0x7f0000000080)={0x0, 0x0, 0x13291, 0x2, 0x311}, &(0x7f0000000100), &(0x7f0000000600))
io_uring_enter(r5, 0x0, 0x0, 0x1, 0x0, 0x0)
syz_open_dev$video(&(0x7f00000000c0), 0x9, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0585605, &(0x7f0000000080)={0x3, 0x1, @raw_data=[0x0, 0x0, 0x100b]})

3.25527067s ago: executing program 0 (id=1513):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4020801)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2000, 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='squashfs\x00', 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0xd, 0x1, 0x200, &(0x7f0000000cc0)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714b5e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2903d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000600000000000000000000f80000000000000000000000000000000000000000005593e85f00"})
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f0000000180)='./file1\x00', 0x4)
renameat2(r3, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/217, 0xd9}], 0x1, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r5 = gettid()
process_vm_writev(r5, &(0x7f0000000240)=[{&(0x7f00008f9f09)=""/247, 0xf7}, {&(0x7f0000000340)=""/121, 0x79}], 0x2, &(0x7f0000121000)=[{&(0x7f0000000500)=""/234, 0xea}], 0x1, 0x0)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)

3.056204754s ago: executing program 3 (id=1507):
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001380)=<r0=>0x0)
read$FUSE(0xffffffffffffffff, &(0x7f000000e400)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001480)=[{{&(0x7f0000000640)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000800)="c06bdace4eebe9f33b870939df33595c33c55149ff6f5f622621561ebbb48a6b54e9f0e2ffbb4630807d8b2f8dcbdad7e168ac7530f267d35d34a7315c0e62800cddca54a3b670a96a48425a4f0624621b6472d3e33e638fa59363106a912ca813215f65367bbc81d46ea564e29ef177ad29d0c4b32700b74ec106783da699f50af4b08dd1d4197a937c63e29806d9817d72fc38f9786faf5578cf76144a126b7d7413f812c73c77cc809a1105ccefc1308c37694f2a113f48bdec83c1458a8f60da4f742d6d5de48c3414564276207fa19bc33cadbc61393a7a1d887847ec6b23ff65", 0xe3}, {&(0x7f0000000540)="e0a2903067d65ce06fef445d3f3e0d57f7c87c144ffb4f713d426b1ff1692c271091e52e0a3aa79de3de32ed4e75606496fefd58be", 0x35}, {&(0x7f00000006c0)}], 0x3, 0x0, 0x0, 0x1}}, {{&(0x7f0000000900)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000f00)=[{&(0x7f0000000a40)="12d81b6410405a5e90e3b2cce282f2420815eed351816a09517a07cf890d0d66142334ee28c0f091e7abf664d93155d2bdfc6a611277ded6ac6246be1011c84e50c06b5c6dab79ce97a03bda7b92d15ddf8713ea72b7a6c9066bb7b1db5dd36fef21a7be377fff443eee7c993a44b823aa42d0210248a003d82af698f13740c3ad51cec446d20e3d456f407d29baa5d5ed4a24e24f96e4e1e7bc677560ff4b2a5c30", 0xa2}, {&(0x7f0000000740)="68c5b250c2ac5988e08f53b8fbacffc9dd035d0dc2eceb6bd83aaf", 0x1b}, {&(0x7f0000000b00)="d4706d6f280e7cfc9f506669b686f4e256a61c6b985cda0e4eeda57427cd58224e8af6768a9b4caf291b2aec571e5678ec2224546de28561f8cc4561ffd01c78778e0bbcb30f8b12866e68d7f2f83193cfee7b94444f73e26e13120270cd38a3baad2962d3b6c6abfa365c6b410e457f4250a9cccd5c3c4eacd4839c9e14184b718574924249804684219fb65bb2602bfc8816bf9b2dfdd7b697fc664003446ab2dcea65d099ca1edfb192ab9576675e4e572d8af4f4cbbf51b3b4d735868ddbd7fb84c6130011236f08a18db992246618d6b15083513d8108b9a0862570ff50f1d111c6", 0xe4}, {&(0x7f0000000c80)="0c9287a0470917dff1011babc9a001c4f019b76c6cc4670f3d2320487e9f204a70a84ca513b4cca6da2bc0db906e8d70df317ff3f6991e5d51c3c59660c8d89be86646b6218977c8a8948bcd62967b0479", 0x51}, {&(0x7f0000000d00)="101b6158fd16cf005642bb57e6c68fcb43babdefa9a98436378b632d23f3cc481f8015b5298f5e19db0bb0b90bd09f44203272746dc4926eda2cb21438b55680895333300fc0d752b084e0691fa0d24d4a7f36594dfafa7331d456608f4b36f242c934cdc43b3ce375507ee0cab939893e6f55f117bb3346f4b64ba19aa8edbff9bfb8aa55870e47be719fea30998209869431f1eeed4ed95b727546d03480d0efdd79fe81d4c4507fe7238d", 0xac}, {&(0x7f0000000dc0)="8afe66ad84eac3a878dbcddcd003e8f05b10372abe9e29801bef088e7e5e2a5d6f9016073730406bc04c57c917e261e08c69c0069b6a21fece19d6deceed08eb24c9e4e4423fa159aa7848854010486591e17db9325ac3fd507fb258285e01b7c9ffc8160e58c7f3d35e6304a742519ec97a611ca2c31917f35f45075fcc735a35fea574f80bcfabc9b138e6bf08f875136ced8b95c3f8bb08f9", 0x9a}, {&(0x7f0000000e80)="3d53e043d7a7a9ac1c31e42bbf93094162ebe6334c1b9bafd0dc06b627405f69e6feb30ee43bfbc79cb3b7d027c4c3604edecc3bfa0ca7f8abc4e49619aa7df79bd0045800080538eda630db151badee97041d1ea89bac7d627461e11ba4f2bbcb", 0x61}, {&(0x7f0000000980)="2ca13ea4fa0aea83ebade5fa44aff901ca01aa1736c6ad0e497498fbb0b57b9bf0869e890cf5560b10e3d44ecf11de34a516a4e20f2bc5", 0x37}], 0x8, &(0x7f00000013c0)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000005000000000100000002000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0x98, 0x40}}], 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r2=>0x0)
waitid(0x1, r2, &(0x7f0000000380), 0x4, 0x0)
accept4$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000040)=0x1c, 0x0)
r3 = fsopen(&(0x7f0000000040)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
gettid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x6, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r5}, 0x10)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f0000000f00)={'filter\x00', 0x4, 0x4, 0x3e8, 0x110, 0x110, 0x1f8, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@broadcast, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@random="81944f208b5e"}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'team_slave_0\x00'}, 0xc0, 0x110, 0x0, {0x3ed}}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@multicast, @multicast2, @local}}}, {{@arp={@rand_addr, @loopback, 0x0, 0x0, 0x0, 0x0, {@mac}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge_slave_0\x00', 'bridge_slave_0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_bridge\x00', 'lo\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x2}}}}, 0x438)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000200)=0x9, 0x8, 0x0)
mmap(&(0x7f0000543000/0x1000)=nil, 0x1000, 0x656d41e355e32d09, 0x2031, 0xffffffffffffffff, 0xcc4c6000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x2000, 0x0)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDSETKEYCODE(r7, 0x4b4d, &(0x7f0000000000)={0x1, 0x7fffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000020850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0)

2.825785207s ago: executing program 3 (id=1508):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000500)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket(0x2, 0x2, 0x0)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x44000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x81, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$SNDCTL_DSP_GETISPACE(0xffffffffffffffff, 0x8010500d, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="15a8fdfd9a9e2789304535316873b885cf367c28d05b5096c34237f56fd288d2a805004072de36de6221dfacde28d9428f76e2"])
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r7 = socket$unix(0x1, 0x5, 0x0)
r8 = dup2(r7, r6)
close_range(r8, 0xffffffffffffffff, 0x0)

2.442475479s ago: executing program 0 (id=1509):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000380))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x1, "11010000001400000100b64c0000005c4b7c1500"})
socket(0x0, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000440)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r2, 0x40045431, 0x0)
r6 = syz_open_pts(r2, 0x0)
ioctl$TCFLSH(r6, 0x540b, 0x2)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
syz_socket_connect_nvme_tcp()
ioctl$FS_IOC_READ_VERITY_METADATA(0xffffffffffffffff, 0xc0286687, &(0x7f0000000180)={0x2, 0x7, 0xc3, &(0x7f0000000340)=""/195})
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1000})

1.47447575s ago: executing program 2 (id=1510):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a00000000000000000000000000000900010073797a300000000014000000020a00000000000000000000000000007c000000090a00"/88], 0xd8}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042)
write$binfmt_aout(r2, 0x0, 0x66)
ioctl$SG_IO(r2, 0x2285, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
syz_io_uring_setup(0x5169, 0x0, &(0x7f0000000200), 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='net/snmp6\x00')
preadv(r3, &(0x7f0000000080), 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x200)
creat(&(0x7f0000002200)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
mount$afs(&(0x7f0000000540)=ANY=[@ANYBLOB='#syz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_tcp_buf(r4, 0x11e, 0x0, 0x0, &(0x7f0000000100))

1.278385962s ago: executing program 0 (id=1511):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
io_setup(0x20, &(0x7f0000000000)=<r1=>0x0)
io_submit(r1, 0x0, 0x0)
unshare(0x6a040000)
setsockopt$netrom_NETROM_T1(0xffffffffffffffff, 0x103, 0x1, &(0x7f0000000140)=0x98, 0x4)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000440)='binder\x00', 0x810481, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$midi(0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
io_submit(0x0, 0x0, &(0x7f0000000740))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(0x0, 0x0)
mkdir(0x0, 0x0)
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
chdir(0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
lseek(r2, 0x100000000000080, 0x1)

1.111206967s ago: executing program 3 (id=1512):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f0000001080)=0x1006)
r1 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000380)={0x1ff, 0x2, 0x2000, 0x2000, &(0x7f0000feb000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r6}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = getpid()
process_vm_readv(r7, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r8, 0x800452d2, &(0x7f0000000100))
r9 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r9, 0x5412, 0x0)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000000200)="650f09dc6a8166b81e018ee88fc978c7c966b822008ee8b8010000000f01d9f266f30f2295b97f0800000f32b9370200000f320f35", 0x35}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10)
process_mrelease(r1, 0x0)

1.100631052s ago: executing program 2 (id=1514):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r1)
timerfd_create(0x0, 0x800)
syz_fuse_handle_req(r1, &(0x7f00000083c0)="61ddaf21c1282a5a6352f350c2f614ede5b0c406f5488574ed6fcb609ce20f648ee274c8dfeaa625b1fd332f70f776ae0b6e3f959c24f3876756c20e05c82079387520764f2446820d53242898a90e51c5b68297e39b7fcf558b450e9608326c3dc6704a054216a8c6f0d689e5eb6b8564854376910eff147682d2378b9c5b95a626493ce628b1bb6b524ed7e90ebe6eb0246399eac6d624dcf4e824be2de9c1d5d06eab13f2770577304eb676106fd9868a030192067ac009482e03a817f1abd909a94702479fe30b2594ca60b4acc37148cf04e8c0e76dd69e29d243596f8174129ac6ab9dbb79ace8f0fae14234845725102a027d4163f97f3971d207500defeaa2c7318f7e82e591701f9d3f78592ea7ec28806a53278a35a20251eeb2735fa9f37bf0045b5e6faf5f751c7ad31d8426be7b09027b2092f49247159a33b580d2691ebf00797962168bdc368f57282ce5b8526eacb80952ffba771626c0016b8a010546f0b4daf470814cee0ea418b76331c34616cea0459dbd1f196364c99e4a47bcdd64b518ef51833e6f8041fbbbe86e808bdbade7009885f2c4d7ffd76a0e7dc7d542bdee1d136d2096dfa997f98ac83c6341b306a3a8cf81642566d7777480d4dc61b0182f0d418ce95d74c9aadb182326d6671412a1f0c62c93a0ba873ff5daa4ece4b2fc73ed5b02b60890374acc0cd25cbf1707016a542fafd6af098f9737304c726712c8243dcd5eb15c0996e9e03dd741d519cb3e86ea214e20408c2cc5ea607585f1bfd268ba3084ffa69425512571d263fd1ae49b488b2964bd3e78943122006489cc22191dec2900a7fdf798c9f683461f2a7b940f4112b805dc077a7b99071b5b454f7c6d2b13a6b23091f74ecc65a24ac0d11e2ffd7332fb2b2b11aeec3c809d78cc2e168f126f38dddfe3e1d0ec1c6fb25f880690f97a70dc5fbea5d25dba3b24c01d9bd228c58deca660625511127a62220429c94be65d6ad4ce7e79e97af67931b46ccfabca5dbaea11e2dc76279b0244cc2845f31beff418fe4bd892d3676079d9d4eb0251dfead9e0a07a11c0a7e597ac89ec77de60a5f6e0ff4a62374856b8e1659e885d3a0d90293daa0c7bb041cbcd54bf098b66b2ddec28dcba4cfbad969e3b97e4bf680f901485d1cd4b231a9115c22ab2f911415ad0efe0eb7f4bee15c6de7d0f818acd687a117286f9e3c33df5206df918ea4ac52927487968d88f4a18d4889a4060f20487e4cec19250fe48a16b1f9f7250a6ab81fbaa2ad451a936ee98021bf859b9a635132a0dcf7530c0e2c84a459241a1fc9fe45b4a4f32fa8e95185db92660292ece6b5ddbb0b9f69bd7435cd4944f8ff2ed51172f0683fbae1013cde202498f2e1be54d1a2e17b3984b17d1994915a477c87697f465781e41b44c6a40ae035e75a4d9f9c0926bec533db0d4c26d605cb1ae225e692ed315062e8c3283716929e25a22b25105e018d81c07cb7600d1bae16d8beec33c88f1cdb52ac988b4677ed604c28ff1cdeeeb74c332dc526cff5ee935016984cabf117694cccabae944de4d2d2daff8f281b6434475b52c1910210598c684da99c108000a53d2ca03afd42b0200691d92341616353a22a8dacd8cb7eee85953b251236603d2ef1e450675f8d0f3cd0e28ef36457f79c267d836d14ed758148e979b9749ddcef14aec903939c69567a1697aae8f9ed72a16be0267a3a967727937f609720802570287c4e08641b9b7b979c6541add0e8600dd2d75a1dc0822ceb7a7e4e1afda2940d127f488589963b46417d7a7474545e5b08a621c1a7637b3fcb62b0aee10d999505907bd14033370e391f6192ff7d718e1db3ef861d30b2d477f11cd45ecb296d4babcccc34901165e3fcdbef6fa1ee478a97f7d21dc5562582d67c448ae352d3157d83e8ab0122a2bb056bdff8043a91b8f3abe4d788fe741483997a8e3fe126626a14b4243d3ff8ada8dd555c95d5e30b68cc053dfbbb61940cbb552cc1fe211ea5ea13cbfb6a577cde339282d84e92f866145e7b1de4d5a1705fc24fc8843f1a69f4c604adf0d715ad88c6a4ac80a35375662610e0ed07af9c4c76326716a77b106ef87782804ca353eaade28a1ca522d706282ebe48c0b23fd42b2e0297f5997d3aab40615f143e868c6aaf920bc827224946db3e3b3e65ea66dbfa5fe6c45dab930877852e86df251024e4ae46ee8e04cf40f2b3239f4df40062cfddada61700959deaeed3a44fb185ce51685fcab793184435b3e668e7d80820a613acde8d61e24571b9de7ce4581a4751d70a28e8d098660e81941fe40b6844a3204b512457194e100c995c75921569f735afee321080ed6310610887ca842001f5112c5af8c9083e3d088a404b48ee82e1e8be16fd493a2a643816488447706f3e86d2d0ed48f7397aad0cf105a4a71d928a15413ab3813e42478cf7a5be2e03d15ccb90a625863cb2ca1059110f90186cf4c370469f4d7e1ccda56ed9c427cce46e7d1c82641554ffa0c7c42697cbc754702b62be5ab03c995ac8cda3145959c440c4dbcacea29d4554d2d95ed4444e9bcbd6ead7d6398faf189de77645a05a54d6c33c9678daec6e5ac0048f91e15b2fdb808d712e662007da5e228ddc7370f575723a0018a1da70fa27e6624c8c75047eb584bf3399a8fce999df94f6fb54fb6c1fc954b1d899459fcd2f459e57c214ae590513ed268ed2d1114d8276642510a2eb99feecb58d8476550553a9f3d1f04c9bb442dae6dd84628b60cc9fd3c1e5c4fe3b9ad5f43b5d06e31ba4644f7499c03fd68cd2207027eeb1908a8022d70eb8fc8f55fee7be7e3af525d4fb1ab3e9b458246cbb5371e8145e1d04762c62068e03795a5a6b48d8643a83927c47000b7766e320e0ef2339d5423813e8d7845b939a9567745f6e2d6070764669c905ea77943a31f0df838a5d046f25d516bb654336f759c05dcc0febbbf1d214382a76fa09aa32be9799252f1d0fd8bacfe3f32574fdc82c6ed77f1c08d4aef88c157cbdac947346e3e015af60125d3e36ec6bd8dc5127c7ab1ed773c8beffc9dba99bd9fa1498a5a49bcce4ddb13fb85e256fcac569aab1c815527710d2c350c7cc84db5a7eb243227973fd5e2d1d8450077ececa0d96884c90ac0146d37b13f1aacc1eaddec3f0d475df6ceafe73f9076fcfeaf496efcae22d09745453a5e4776876ecfb1d004361f82f76b2bfba050d0fd5060f50fd74f9908a62649955e2f90e4ac4a4f0b29484cf80eebcbecb12db8586ee58443c181a59c046c657ecbb067a1e70d4c548e8b291a5aa681624747d9a52a6184a5fc82d824d9ab6156ec5fd73a038b38d86974e7a89b55a95b609e12c98f4168c0e48139749fce33397948224641e9823588858f82247d9abf8f84250564189676325e43944e888cef6918cd2b842b3a42751475a37656b3f04a02430705f16908d638212f69cf96d5311038e00e048468810d1cfefb0a9aeaf46d1bd31f7156a97542d9373abd3c069aa096486244389312031398a35e0ebca6668ed06dbe80290ac9a2a15ac9c208cdbcb2c1e18f008741649b4fe2ac1e6ca0a19980b6276fa09c5c0e67e748c1669add6fd4c70ba522be4428df305c3313929a4eec348f03fc6a6dfd1d6740a61230a977555b6b4d5165c98323871d750e80f9205231af03ab430a720dcaad03d113f38574ebada74f5b34a05a6abb7ba9b8b280401a3a21dd7e1e026deb438ed020d09fc93ffd7376ced7b5d6c9c35072c7f28ddb7fea3ffa7b7e6766892be2015c20e2cc7fa8bcb5832b97e964947ae940d5ce215ff3a0d74851d5735f3573d533cca9b3a89f9494f150cb732139cc2282304f6a375ee1062f6f850ebf89548973b6c5e7aee8b98b18b443332d3be20fea086653d52756b40ec4f08ad52f4d0a5a61004c700f070b83548670ef36dcbd8daf13ae6d382aaba3c3bac3c1efd953781d69e7365e1393d2c3f34d3dc91999ab9a545bc167e50ea6874fe8f49e93e452ad4710d7127c430ab2caf3ec1627e6a2a6a57604a5da490087991b68cd58d456f6818f22e38007e1628c6a78f6a8a321e3f0d5d5e1bc7f9ef53c4780b451dad949962c8a6a464b25cb161159b72f40fed8280daec34135f77373b9432f411b232e9374e9cb3fcd85a599c20d0b8e294835c60c2e034eb8385c507095c6eb6748180fd1ad97cb0a4b2ffa70c90891d373459538f4106078162bc46b425572466aa4769153b994698bbff1a98b5948e40d98bb2900445eebe95c4892bcb92b4c28b734ea7e106accc9836767e0881f970c9d69063dd918de44a484ef3f860b0dcec58f22b3f1a0abb9c0c2b6cd5bdacdc194f188588c0888d6abfa2d0b79d0b33a41e3b6a0f9fbf811ba20f346025b3a4be17eb5ce583b860cad5424bcaf1ef4a255678706052c1cae9cd77cc78639f975f07737b791831c64f0c974b23a5c428091b8b8e17a037ac3c6d56da4b4c7e4752736cbbc8d67b1b823e87d51ffc95fe9752e8479fc15a6fe7b96fbd7b93dc2144381c424ec7782d7f8b2637010dca11ccdaab1bad652a9ecd8b6ba2c116fa419c8582a0ccf754a294d9de5b457d9b1a4120fd53667862e50cb028e2f92c73a38f77ff57c93b410e7f3257bd56e5aa504f0643bd2bcfae2168046ad2737a36b21f6d993de1fe7b31e9ef7c79d545e5364b65011a6d26e0a2f1018a5280ca88d3d1e30c68195f8cf1a3ece813f22e44d83867c9f711218203d1adf2869ed89babca094b8def7ae0abd0245f522930db59c4b2eeec4d564bfdb931d435a986daba4b604d5bf30b1cfdf6960986ba0dab216dfd7ad95ca2555e0573d073dccd407ddd5ed7920c788aa0213aec90b38981a91bc370ede38d171648316d59478e66c068eec33295345162e9896ffc82f8d94b995d3a3a7a4f459e564632b5918b4fd850da380937655f19e2820376e7deb48edb0f5e295521a9a153f5ef69de397d88acc20be99779d7ea2c38445bd70aeeb68cc6c68c1bc603ab580b632866497a3dbcbfd933e2074323f66f1db73129eec8331c8872aa92a33e2180fc0cf2e28d198faef4421064b8435f37b5bfb9b531332b3b0838015fe848f0ce859db8706f2e53fb07ce4d0fd017d85ac9ce2943ab172f08b13c948c3778d2469257d412b1a5305526cc8dcb4a8645f825cca66a63b7134d8b7c760db6a8fa21f2df3456e9b460867303a9d53fb01db8548800d800e49c08c8d731bbf9a642206f4cc6673e4fc0f7106661abfde1eb8a8d384b26d88c16d15f238556ff4b205145d860228038430cd8a342bc15849afd81666b55b358e3ec584fa96f119b77495c4ec36616070237bb170fc04d3befebdaff66643814eb8519abaaf1e9bf939bf5bfefa33c32fe9909055393e383268e426436305b370867db76991ca600bf6211dece3b6b7b4dc5cd4569ff4538080fec318a9e0cce4a8cf26aca8359b503781aaedc2d58b0bb1a82c163425e678b488bdc7362d0be24a7a8238deb31482c332d4d385005ca84c836933b0fce21685ec067adb9490d1a416f83e36e6e3b87d05ab6973f4e359a1fb5a4dbf2ff6a85d235e50d893f222c2a7d84252be9015e104ee3609c83cafdd796a8422257c9ca9172888d91c0f2f2afe36dccada9a713cfc026cf25e113fc543d522e9254f5e129d7ffd61b43ee25bdd63545a81a2b086b616e23abd380a7bb8e54b8341f42c663da1fc8451f21da7315aea416e6856d4d45128dcd34a0f3aeb7aed00c54c348f38888b8c8fec59028d38344a92249c95943d3ff8608bc11406102ebe8269892b2e909bd82ba467aabef127713a0993df779ba7b0816a990566699e4926d75fd47c3f1b9cae3e58771a6ae8776fdb672ee70f215fd908d6dfddb8a2ad10f27b749fa6e67171848d70d3ae135ee3defb2546bb35a3ad2d8ac0e838ff8abb1cd733d80047bc8626960a257b704b43bf0390b7fee656ca7831d23e8ba940533c16c17de68270bb3b2d3bf142b34899b3a106cf9569b4f46f148297c61390733ff9f399c669122dd045187d0a35fe54b4f17e4090c56cfcfa47498b1701a855827d35cf3624624906f997092b010b1da616325a090770694d028fae9874a91f8d21fea85804956594b8252c24d05df5775148ecbf8ab38f131c268cc263f6a2dcd375acfbf39a2defc9869801a720d83add1ff01ac7fc389bc7e35c2eee2b44f808508e6e02ea31cf23ea9f2118bce520101e307b394e5fdd28e90870a327b0a1444b552b7227134a8e5397474a6c0e1ce89d918c899d292660ea44294e07b1645ff9e85f65156f92d55ae795e134250b5359dec6c31d4892d83f363cb09632bb738c4e7f351361adc3ab54776a5c55d6ff4895516c82cc6387b1a424f3af2bb0398d0d4a71fe44c5132b7ad5fdfa732bbcff9f02395df587714072caca65f5fc1215dc9068585e1fbcee22cd69c0386a6482230540ec9ff8e373018e4e2788b9502e5be3e3247f997800c68a634e4490c91d01144a63a7a55afbfa4f0ef5ad538aeec8ea203ef2716ff989e11ce4985263898b8e36b0d3386b816ce484e81404a01ac0ed9f18ef5643f93d46705c949acddca2b74ad53441090f658d22dd081aaf49a7bb07c93ab8dfb5213cba354b4d37d9899423d3b3d45e9463c506ccd69747162d2d64b54291d11fdc6c9b89114543d6948f10e68008973cc485df080b84e0d098f962715ba009f2aa1fb41f7199ea5b9b70df0e1c378da164f7257b4ed04a9fee7cc2de065ad35a60b882d78e26d5804942ed1f2bcf85fc63795fb9164a5f94ffe6bfbf838c9197bce2160d24f88dca14c3e733d18ff1fb7acb0ebdfc4e2ce268a676fb27cc34d4b6b5d7e8db29c020c4c498d793931b0fc7d91ad68d3d8463e36a267833edbdd7062f4d62aa9fd1cb7f8e561d3939bbfa118b897167168832c0aff17fb6cdcf75ad6ef0a18e2b37fb24c85d0866f2e5f191b2ef8fe9b5997635a74cb06aec67363435eb175559629c09316f96dc56de6c7785335d121fc2e4d47c2f50c37c5bf7950ae5de07b3b73830f4299d5009742d4eca98df821a95d244967a42b5a4f3375edc41c5281ca3104bd247c14e838912634d4764c1b6e440860d98f258aa8a24e8af643497366edc2b781aec0567451884aec0343ced1fbddfae585db1012a6d9245ad85c56aa33d5bc30307515bccc8d36d7848c99884db4a49d748e1953b4673e4286393fc97c233d529435faf7ed9f9aa64029814b7cd6a36c3dd9ca7be95e5c4d48e024a3d23651cc81c00a52e2fa2d094435ebdb4ae5be8e6b53cf628ddc87a4bc2dccc98ac38019c91789a40d103fb95785bde5992de08ecdca1dff2ab7cf5013420b3d29b8a7f0af455c4e86285422b986bdf482b87297061084b50684e936acbb075a84e720a2d03892efec7dc1af2fae2a7ce7725cf0d19f39403b273be262c7a4ff638898f6caf84bfb358c580ba4adfd8664bcc539b82792e39ab4f1d8393b1f98f6dd5aae14bc6b73feeeaef7c3accde4d9b098f2d5c7ed68621851f37d27980c4b44df095d865493eeef2724db90aa53a3c37bd345ea75b4e76e8878deae1b4f3204c2957f3806e36a03e995f7633de9b863ff6b3309d330ade917c82f3286d9500105755efac22a4220f457debd861df3c0925dc4ba8913cea12b8deb93cec87c972421bb8442ef2a2a9d638471108ae0152aefdc45eac6ff786dae370a21bfe1e5777df8070bcefba8596cb8f71a516b505b1f83de1129cee91d3a4d6383daac7b9de46a99bc34661f3d805d2e138a769fd6489e4d058a3ab35ccbc81251aa2f23f83d7740bd8869465634e10e114c62bdfd640d69cebf6e78eb0970fa442746f7c3bea77d8589ab131827a95b274dd63ea04fba4c822aed4f8d0cd83ed83177d90332c7e66f103d4eb1dffb9ec0f52094bc7324a7c59819dca343776d6adb6850e7e7e83e2316db1c32feb4ea1c6f47a2ee41bb09d0a931f4fa3cdf7ada2bac7fe5ae2b997e24b8f8c52b0bee1482b74af68b407f0d78f3767bdcb42557c9f3aff0c2c2ea7745a0f588b00a751c1c8d2124a8bfd4d7f756587d239cc43a8cae1d67cf15c73dc8569a1ebdd7b8559e969541a547c272e52d57e5924ced9afc87cd2cdcdf8e30f423ebe26170393ecec06afa093839fc3a10fdc3f9ae19e79e4df6a9af6027e1129a7a6cb4517607eac80fa2b5f7853fe84028a66976ec4b4af50abe9ca959b844d7b2ab94903efec6dfc99ed9df2c329c0e8449b4d2a0a5bc2506d170884d2c6ea8aefebcaaf2abbfa3c4d9e4d201369a47792124a7909e247dc98b777b60a30b1461d857f164e3df983d9a900f8b11bddbdcf47c29d483033c9250f30e268ddf97e0ecbdd99d6fb3dc4562bb75f8f1e03d1aec424293fa5fc786444411a512fc582a9b577d5e88fb9d6f7346bd489f6eb4296e576e25c45e114fb6a3d0b6b831fb4ffe7486daadf2f0ad78aad8f8f7eba17e524de06e81a5af9c1aa09019fcc51611afc45fd30b8ecd2a2ae19758a1ffa55f79cdf53ef1bb55e49cb58d8b291664be61586ace94c7b378d685e54aeee09af828a3ce7335f9d03f8daabcf3543b8099956f60913db6ab401a427aca83772df4fce9081409ab426dae09739b50a8ab4c04a6d2e63b2c4c0b5f7fbd9dc76722057ab6cefc9ccae3abf251259f999fe09dbe1232b8ecf0e26b3d88d13a1001840f6b5942359c3ac75bfc321d9504bcc0e3f4add741125941ece20b4f90416b1f14edb4ecb1ced79cef883aa1d5193f3efeeae7e103891ae4840978fbe74d2cc90b7e02b4d839f15c75576b74e05f7a8af71823317a851bf0ff9171bdb16ffa36f57ccdef61065a62d64ba434571db0d476995e2bf4f148f0a6276b2fad82f03b91fe53f9a7acff3ecdfcedcc1eae42e52e1f7443114b8edc8a9d5c8a55727f7ee1d20e1ca55b42e51b47fc4d2313458ab9a5f05c1411dc8f11e4c57d3fe87183763bd24cfb8dc583c82ce9c0abbeb76310666d2236e2ca164c66e6336fd571967f35b2b0ba847922f5aabf97aea061d19eb9cc3cd6e764da9651f9e66577d9c8870734fe8e03d20ba107e6e2997ef7c42f940b88410c6bf46635cb5e402113411a98c75e8cfd3760235d7a486bfeea1a1dc188b7886172ac66d45a4bd87f60b8502382888f3806e47ffb74d9aef2519e91536f7798b7c22ee70566e686ae2b577f6341f7c47dc1ae41f2af983b80f7db23a3466b4f14e2afd591b19d36375acbc0c8ebf21654c8cf44ea49103299eb1ac6e96bb282a33a6ea204aa266b7d627c53757daa176f6cde932e7e0342977dbf7d5668e8ba984bf05dc610e5450eb4c3dcf7965eedc9b168a9c274ef6a050e93234a9bb5488a5aefaea9c442729b5416dcee6bac23f238bea2f1f4615c863a3ff7c7a081558237f2097b9ffa869f4b69fa32784f62c0b7a458411efd3a9108735de667c63c34af2225e382a17600acecc118ac1f81ec5ed9a26fa966bee8dc6f55c17bbd89a94932bf930b081fd310ef94c490855453551e9eb809e9d568500e6662564b65701a721208dcbef9a07650f9faa5a503d37f2e1b1912fbfb437f1f4c2d4a830a2dcfae905d323fe9a6a01cc8d88ff82a26a1c228103396b6756659b6a8a9ff8b31494cd8bde6205d6f62e698d9ae43ec740fafc60d798a85e5f8598486b6e82f23506c6004ec2f733cde633c3b45d9ef14fb223c020a67f305e33b5d3b239b5026ca679004e212725a4090818734435247b918dc9c65d2f0c580722651217ce7a2dec34c0f8c49e3dc051c01f5d445dca8675339f5c8b30ddc19f51ffa9e9c513f5fc9892dbe5ee5bc148ebf3033635401c8675f0fb43e503d73cd432e3ae2f25bf29b4088a3193c208f5ba51882364202dc3eed6f3ab9a871b4afa960f1776cc92deb7098ae6f61af30e715ab60d44f378bbb79f8fb663de164a5f4f582e6a17fd7e553e677632d1e8489a8138bc780418de30c0a95ae3ec3b0cdee51901869acc318a6725c0c06273dc67d393129278225b9384d978512befdf449f85146fbbe92e6b52cf40028b13d77ccc68e7b65e0c1a25f1f9d17b06b17f216729684fec1b4c0c3fdaf40af5dd1a3f4492d49e018f60f41d91524bc5d750789fd39b6e69cb66b1d86b2c1405331e3e793fb38dc447161f1ba02cee1519b72727aee9ede2898c5195adb0dc1c29fe6eca6598c5612a7f98bfe0d1853e44f47c94ae57bfdaee16711135226c9b44440abbeca5ed53b0aa58d34fa0faf766087135599d7b88a04d5ba7d69c148f3ebaee211a06438146d762c9f85d9007a228edd7d71ad18fe69a1af0caa6176eade25bea11504c2f0498a450d4d265bf97dea5b23c10560c9844d761702a5814fb355827ed6f46bcebb61d0a06c21746625a438c38496a941f447c2150c9125990ff7feef9d551a7adcbe0fd828ef4397c0799507599899259f61ff914f76be6077d0daa67ac0ab9093ecd0f78455b605a7885cae38a88b2955cecd37f972841f440de12831263ae64c7c78970138a738bcc66aae8c1a5c3ca0e166dde9860bbfc4c7bdb854cdb3d94ad4c723b2de03a50dfd120041a9b3107a480e7e108f729484d0df0d8e47c3a6b7ce0376e642ec5a267a91dd2bb1f1b3fe56a5097edddba482627cf79b66801fdd4ecb733067ad52e8fb9970be01a397ede6a3eaee6b8524f8e1cf00e0c5aed165b8b1533afaaeeaa82153f9840760b58b8a12e8168956db4522f2dd5a13183cf861acb0c0bb2735ff5cb683f633bd99ba2bfa7f1fcdd0a54d3b4fa9a7d3de250d7e40bd7b3a829a4f04fd71c64ed4f2503094773b45fdd821688d10ced9da17089b7c954f7e4a7f3e56226abee46d7eb93a6f3d039a7cf3dc14c18dd7502aa0e29e1c54bd1c2182138e06326f3cd4cddcf1997c9739f9e4a0899ce919f20b2def0ff103e5a9e123a1db4a544d438f789a0ed26664523bd55902364f4a21b2a92fcc111392dcdcf7ac0ece18c474d47a11d544b64836a62e3e1e0e9d15f8066315f000b7d8603f772704ed5b96798f28e4f699a671023a4d49c5a1e30d14145b9179e4b0f3424fd46cc22ca48cde74904876cc037a04aee32b53d02e4869427b6b18bf0ce7b5ffb75268788ca5029d2d12b2df068219af12d4e17e56f83e581b0fd6cb7048204803342ab8b146b0c237d6ac7aeb2ee21550c00da60286994f1e7ca53de19d874f7bb27c8c5e263fa35e548ea28f4ac0cdfdc4c0d5096f2ab328d089dacb5e87f0a29814e8461470a22ee8a4a318f5e2b5317a027da39789b7b17bdcc9b26bdad1ba5e4580f671a3179a9fde91408aa41a68f47c71c524f8e413557b0656cc2a67e36da5a07ee7c55b0877ecf41a8616ec20f59d370f3eff6b10e68a6c55feff6f52f498bc9ab77224a7548ccdfa3de41ff44ee4bd32295a42d9fdac1a4c8484a7383a6bd5e39cb0249e939fe7f53075d6d4a54bcfbaec50853c5e4bfda256665ed56dcd20fbd04a1d40c200223ddac36a7229df6003f335227a6bde261f7e2f7c980e7e522c68abc63601b3b1a9ebdd4530e4f33b9986f5823", 0x2000, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x0, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r2 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r2, 0x0)
ftruncate(r2, 0x51a9497)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r3, &(0x7f0000000000)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default]}, 0x48)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, &(0x7f0000000000)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast]}, 0x48)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
tee(r4, r5, 0x6, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)

58.161263ms ago: executing program 0 (id=1515):
r0 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4051}, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, &(0x7f0000000040)=0x1, 0x4)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f00000000c0)=0x9, 0x4)
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0x80045530, &(0x7f0000000080)=0xfffffdfd)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000001200)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmmsg$inet_sctp(r7, &(0x7f0000000840)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="f2", 0x1}], 0x1}], 0x1, 0x20008001)
sendmsg$TIPC_NL_BEARER_ADD(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000080), 0xffffff1b)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r2, &(0x7f0000000000)={0xa0000001})
epoll_create1(0x0)

0s ago: executing program 3 (id=1516):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x4)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioperm(0x0, 0x4, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x3f7, 0x4, 0x70bd28, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1004}, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000002c0)={'veth0_virt_wifi\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}})
sendfile(r3, r4, &(0x7f0000000100), 0x10001)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0xfc, @time={0x1, 0x81}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xfffffff9, 0x1005}, {}, {}, @addr={0xa, 0xe}}, {0x9, 0x3f, 0x0, 0x0, @time={0x4, 0x2}, {0x10}, {}, @time}, {0x0, 0x0, 0x0, 0x10, @time={0xbf9e}, {}, {}, @queue={0xbe, {0x3, 0x8}}}, {0x0, 0x3, 0x0, 0xfe, @time, {0x0, 0x1f}, {}, @connect={{0x3}, {0x4, 0x3}}}], 0x8c)
bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0x1, 0x3}, 0x6)
ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000018c0))
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000e8ffffff00000000000000008500000036000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r5, 0x27, 0x0, 0x0, 0x0, 0x0, 0x8ff, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xa6)

kernel console output (not intermixed with test programs):

ID 50:50:50:50:50:50
[  338.151267][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  338.153864][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.241425][   T39] audit: type=1400 audit(1726605616.809:638): avc:  denied  { ioctl } for  pid=9044 comm="syz.2.887" path="/dev/ptyq9" dev="devtmpfs" ino=138 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  338.263365][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.266673][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.283341][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.298930][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.303030][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.313764][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.316340][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.318344][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.320350][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.324043][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.326348][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.330396][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.332423][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.334422][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.336397][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.338331][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.344313][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.345447][ T9045] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  338.353267][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.355781][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.357809][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.359921][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.362242][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.372900][ T9045] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  338.374271][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.378178][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.380228][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.382530][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.385115][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.388096][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.391433][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.394270][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.396973][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.399214][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.402627][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.405153][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.407517][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.410366][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.412602][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.414502][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.417144][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.421949][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.423944][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.426840][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.428855][ T1996] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  338.461187][ T1996] hid-generic 0000:0000:0000.0006: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  338.544818][ T5402] hid-generic 0000:0000:0000.0007: item fetching failed at offset 0/1
[  338.547551][ T5402] hid-generic 0000:0000:0000.0007: probe with driver hid-generic failed with error -22
[  338.573911][ T9059] input: syz1 as /devices/virtual/input/input23
[  339.324263][ T5350] Bluetooth: hci5: command tx timeout
[  340.958323][ T9092] netlink: 'syz.2.881': attribute type 12 has an invalid length.
[  341.043724][ T9094] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  341.055827][ T9093] input: syz0 as /devices/virtual/input/input24
[  341.404247][ T5350] Bluetooth: hci5: command tx timeout
[  341.962763][ T9102] netlink: 'syz.0.888': attribute type 4 has an invalid length.
[  342.054715][ T9104] overlayfs: failed to get inode (-116)
[  342.061207][ T9102] bond0: left promiscuous mode
[  342.062714][ T9102] bond_slave_0: left promiscuous mode
[  342.067428][ T9102] bond_slave_1: left promiscuous mode
[  343.728988][ T9134] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  343.803621][ T9134] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  343.805416][ T9134] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  343.848997][ T9134] vhci_hcd vhci_hcd.0: Device attached
[  344.044760][ T5384] vhci_hcd: vhci_device speed not set
[  344.114235][ T5384] usb 19-1: new full-speed USB device number 3 using vhci_hcd
[  344.147381][ T9137] vhci_hcd: connection reset by peer
[  344.154286][   T11] vhci_hcd: stop threads
[  344.155504][   T11] vhci_hcd: release socket
[  344.159128][   T11] vhci_hcd: disconnect device
[  344.263581][   T39] audit: type=1400 audit(1726605622.829:639): avc:  denied  { write } for  pid=9139 comm="syz.0.897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  344.391929][ T9148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  344.393958][ T9148] batman_adv: batadv0: Removing interface: batadv_slave_0
[  344.397217][ T9148] netlink: 24 bytes leftover after parsing attributes in process `syz.2.898'.
[  344.410591][ T9149] netlink: 'syz.0.899': attribute type 12 has an invalid length.
[  344.501339][ T9151] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  344.576356][ T5350] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  345.345633][ T9155] netlink: 'syz.2.901': attribute type 9 has an invalid length.
[  345.357154][ T9163] netlink: 'syz.0.903': attribute type 32 has an invalid length.
[  345.362232][ T9155] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.901'.
[  345.564442][   T39] audit: type=1400 audit(1726605624.119:640): avc:  denied  { sqpoll } for  pid=9154 comm="syz.2.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  346.167963][   T39] audit: type=1400 audit(1726605624.739:641): avc:  denied  { map } for  pid=9166 comm="syz.0.904" path="socket:[27361]" dev="sockfs" ino=27361 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  346.196840][ T9167] warning: `syz.0.904' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  346.381243][ T9173] lo speed is unknown, defaulting to 1000
[  346.414899][ T9175] netlink: 'syz.0.907': attribute type 11 has an invalid length.
[  346.566042][ T9179] netlink: 'syz.0.907': attribute type 11 has an invalid length.
[  346.568353][ T9179] netlink: 1300 bytes leftover after parsing attributes in process `syz.0.907'.
[  346.734308][   T65] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  346.802173][ T9184] netlink: 24 bytes leftover after parsing attributes in process `syz.3.909'.
[  346.830917][   T39] audit: type=1400 audit(1726605625.389:642): avc:  denied  { accept } for  pid=9183 comm="syz.3.909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  346.924424][   T65] usb 6-1: Using ep0 maxpacket: 8
[  346.931190][   T65] usb 6-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  346.939897][   T65] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.942737][   T65] usb 6-1: Product: syz
[  346.951144][   T65] usb 6-1: Manufacturer: syz
[  346.952839][   T65] usb 6-1: SerialNumber: syz
[  346.965815][   T65] usb 6-1: config 0 descriptor??
[  346.978379][ T9176] netlink: 12 bytes leftover after parsing attributes in process `syz.2.906'.
[  346.981525][   T65] option 6-1:0.0: GSM modem (1-port) converter detected
[  347.005262][ T9176] input: syz0 as /devices/virtual/input/input25
[  348.304488][ T5376] usb 6-1: USB disconnect, device number 4
[  348.307000][ T5376] option 6-1:0.0: device disconnected
[  348.414020][ T5350] Bluetooth: Wrong link type (-71)
[  348.560235][ T9206] lo speed is unknown, defaulting to 1000
[  348.834705][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.915'.
[  349.002033][ T9207] lo speed is unknown, defaulting to 1000
[  349.571707][ T5384] vhci_hcd: vhci_device speed not set
[  350.134343][ T1166] wlan1: Trigger new scan to find an IBSS to join
[  350.159082][ T9225] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  350.163108][ T9225] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  350.165230][ T9225] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  350.180699][ T9225] vhci_hcd vhci_hcd.0: Device attached
[  350.374345][ T5401] vhci_hcd: vhci_device speed not set
[  350.470000][ T5401] usb 17-1: new full-speed USB device number 3 using vhci_hcd
[  350.748349][ T9236] input: syz1 as /devices/virtual/input/input26
[  351.274207][ T9229] vhci_hcd: connection reset by peer
[  351.297857][ T1104] vhci_hcd: stop threads
[  351.299538][ T1104] vhci_hcd: release socket
[  351.314780][ T1104] vhci_hcd: disconnect device
[  351.598266][ T9247] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  351.602017][ T9247] batman_adv: batadv0: Removing interface: batadv_slave_0
[  351.609340][ T9247] netlink: 24 bytes leftover after parsing attributes in process `syz.0.930'.
[  352.446464][ T9253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.925'.
[  353.746666][ T9264] overlayfs: failed to get inode (-116)
[  354.043753][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.051185][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.055080][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.057601][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.059577][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.061431][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.063455][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.065571][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.067557][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.069475][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.071412][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.073346][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.075624][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.077675][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.079849][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.082239][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.086918][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.088999][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.091146][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.091783][ T9270] lo speed is unknown, defaulting to 1000
[  354.093318][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.099443][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.101456][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.103448][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.106943][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.109066][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.111088][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.113213][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.115506][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.117475][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.119604][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.121684][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.123781][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.125916][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.127821][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.129873][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.131859][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.133793][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.134334][   T45] wlan1: Trigger new scan to find an IBSS to join
[  354.135845][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.139166][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.142356][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.144877][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.146875][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.148881][ T5385] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  354.166167][ T5385] hid-generic 0000:0000:0000.0008: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  354.179991][ T5385] hid-generic 0000:0000:0000.0009: item fetching failed at offset 0/1
[  354.187951][ T5385] hid-generic 0000:0000:0000.0009: probe with driver hid-generic failed with error -22
[  355.179725][ T1166] wlan1: Creating new IBSS network, BSSID d2:fb:c2:9c:e1:59
[  355.594349][ T5398] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  356.452719][ T5401] vhci_hcd: vhci_device speed not set
[  356.461564][   T11] wlan1: Trigger new scan to find an IBSS to join
[  356.500416][ T9282] input: syz1 as /devices/virtual/input/input28
[  356.697922][ T9296] vivid-001: disconnect
[  357.025763][ T9297] can: request_module (can-proto-4) failed.
[  357.554989][ T9291] vivid-001: reconnect
[  358.336806][   T39] audit: type=1400 audit(1726605636.900:643): avc:  denied  { bind } for  pid=9322 comm="syz.2.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  358.354827][ T9323] netlink: 'syz.2.943': attribute type 11 has an invalid length.
[  358.394932][ T9323] netlink: 'syz.2.943': attribute type 11 has an invalid length.
[  358.404595][ T9323] debugfs: Directory 'netdev:' with parent 'phy11' already present!
[  358.589729][ T9327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.944'.
[  359.074223][   T65] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  359.404343][   T65] usb 7-1: Using ep0 maxpacket: 8
[  359.426677][   T65] usb 7-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  359.429640][   T65] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.432395][   T65] usb 7-1: Product: syz
[  359.433969][   T65] usb 7-1: Manufacturer: syz
[  359.454288][   T65] usb 7-1: SerialNumber: syz
[  359.464833][   T65] usb 7-1: config 0 descriptor??
[  359.470125][   T65] option 7-1:0.0: GSM modem (1-port) converter detected
[  360.125467][   T11] wlan1: Trigger new scan to find an IBSS to join
[  360.158707][ T5376] usb 7-1: USB disconnect, device number 11
[  360.160881][ T5376] option 7-1:0.0: device disconnected
[  360.300139][ T9349] netlink: 24 bytes leftover after parsing attributes in process `syz.3.948'.
[  360.320678][   T39] audit: type=1400 audit(1726605638.880:644): avc:  denied  { append } for  pid=9340 comm="syz.0.949" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  361.026692][ T9368] netlink: 'syz.3.951': attribute type 4 has an invalid length.
[  361.180142][ T5402] libceph: connect (1)[c::]:6789 error -101
[  361.183372][ T5402] libceph: mon0 (1)[c::]:6789 connect error
[  361.198902][ T5402] libceph: connect (1)[c::]:6789 error -101
[  361.200601][ T5402] libceph: mon0 (1)[c::]:6789 connect error
[  361.415817][   T45] wlan1: Creating new IBSS network, BSSID fe:bc:52:7a:cf:ed
[  361.480551][ T5402] libceph: connect (1)[c::]:6789 error -101
[  361.484715][ T5402] libceph: mon0 (1)[c::]:6789 connect error
[  361.789961][ T9370] ceph: No mds server is up or the cluster is laggy
[  362.020164][ T9383] mac80211_hwsim hwsim11 ÿÿÿÿÿÿ: renamed from wlan1 (while UP)
[  365.463938][ T9414] pim6reg1: entered promiscuous mode
[  365.466980][ T9414] pim6reg1: entered allmulticast mode
[  366.614541][ T9421] netlink: 24 bytes leftover after parsing attributes in process `syz.1.960'.
[  366.658392][ T9424] netlink: 'syz.2.962': attribute type 11 has an invalid length.
[  366.827900][ T9428] netlink: 'syz.2.962': attribute type 11 has an invalid length.
[  366.830768][ T9428] netlink: 1300 bytes leftover after parsing attributes in process `syz.2.962'.
[  367.074730][   T39] audit: type=1800 audit(1726605645.633:645): pid=9429 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.973" name="bus" dev="overlay" ino=1403 res=0 errno=0
[  367.613345][   T39] audit: type=1400 audit(1726605646.173:646): avc:  denied  { link } for  pid=9433 comm="syz.2.964" name="#3b" dev="tmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  368.354047][ T9448] futex_wake_op: syz.2.969 tries to shift op by 32; fix this program
[  368.884585][ T9458] vivid-003: disconnect
[  368.930368][ T5350] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  368.933634][ T5350] Bluetooth: hci5: Injecting HCI hardware error event
[  368.939080][ T4770] Bluetooth: hci5: hardware error 0x00
[  369.438586][ T9463] mac80211_hwsim hwsim19 ÿÿÿÿÿÿ: renamed from wlan1 (while UP)
[  369.506249][ T9450] vivid-003: reconnect
[  369.581490][ T9464] netlink: 'syz.2.975': attribute type 12 has an invalid length.
[  369.658517][ T9465] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  370.500312][ T9473] netlink: 24 bytes leftover after parsing attributes in process `syz.2.976'.
[  370.856750][ T9481] input: syz1 as /devices/virtual/input/input29
[  371.004443][ T4770] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  371.677592][ T9488] netlink: 4 bytes leftover after parsing attributes in process `syz.2.981'.
[  371.740838][   T39] audit: type=1400 audit(1726605650.303:647): avc:  denied  { accept } for  pid=9484 comm="syz.3.982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  371.767084][ T9491] misc userio: No port type given on /dev/userio
[  375.091477][   T39] audit: type=1400 audit(1726605653.653:648): avc:  denied  { write } for  pid=9500 comm="syz.0.993" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  375.286788][   T39] audit: type=1800 audit(1726605653.853:649): pid=9506 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.995" name="bus" dev="overlay" ino=151 res=0 errno=0
[  375.438375][ T9515] mac80211_hwsim hwsim13 ÿÿÿÿÿÿ: renamed from wlan1 (while UP)
[  375.934325][   T39] audit: type=1400 audit(1726605654.473:650): avc:  denied  { write } for  pid=9516 comm="syz.3.987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  376.055011][   T39] audit: type=1400 audit(1726605654.623:651): avc:  denied  { listen } for  pid=9519 comm="syz.3.988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  376.347707][   T39] audit: type=1400 audit(1726605654.903:652): avc:  denied  { mounton } for  pid=9521 comm="syz.2.989" path="/245/file1/file1" dev="autofs" ino=25338 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  377.558195][ T9545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.992'.
[  377.569592][ T9545] netlink: 32 bytes leftover after parsing attributes in process `syz.3.992'.
[  377.755333][   T57] IPVS: starting estimator thread 0...
[  377.854238][ T9546] IPVS: using max 36 ests per chain, 86400 per kthread
[  377.974261][   T39] audit: type=1400 audit(1726605656.533:653): avc:  denied  { name_bind } for  pid=9550 comm="syz.0.997" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  378.381782][ T9563] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  378.889085][   T39] audit: type=1400 audit(1726605657.453:654): avc:  denied  { unmount } for  pid=5787 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  378.935290][ T1381] ieee802154 phy1 wpan1: encryption failed: -22
[  379.681100][ T9571] netlink: 4096 bytes leftover after parsing attributes in process `syz.1.999'.
[  379.683947][ T9571] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  381.677639][   T39] audit: type=1400 audit(1726605660.243:655): avc:  denied  { write } for  pid=9599 comm="syz.3.1009" name="usbmon0" dev="devtmpfs" ino=723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  382.455351][ T9607] futex_wake_op: syz.3.1011 tries to shift op by 32; fix this program
[  382.630677][ T9609] mac80211_hwsim hwsim15 ÿÿÿÿÿÿ: renamed from wlan1 (while UP)
[  385.089269][ T9627] input: syz1 as /devices/virtual/input/input30
[  385.203740][   T11] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  385.534631][ T5402] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  385.635390][ T9632] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1018'.
[  385.659099][   T39] audit: type=1400 audit(1726605664.223:656): avc:  denied  { mount } for  pid=9631 comm="syz.3.1018" name="/" dev="ramfs" ino=28754 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  385.678147][ T9632] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1018'.
[  385.714326][ T5402] usb 6-1: Using ep0 maxpacket: 32
[  385.718811][ T5402] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  385.728325][ T5402] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  385.732564][ T5402] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  385.736774][ T5402] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  385.741469][ T5402] usb 6-1: config 0 interface 0 has no altsetting 0
[  385.747304][ T5402] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  385.750590][ T5402] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  385.752967][ T5402] usb 6-1: Product: syz
[  385.755363][ T5402] usb 6-1: Manufacturer: syz
[  385.756730][ T5402] usb 6-1: SerialNumber: syz
[  385.759783][ T5402] usb 6-1: config 0 descriptor??
[  385.762885][ T5402] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  385.771154][ T5402] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  385.791050][   T39] audit: type=1400 audit(1726605664.353:657): avc:  denied  { unmount } for  pid=8988 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  386.077129][ T5402] usb 6-1: USB disconnect, device number 6
[  386.078713][    C0] ldusb 6-1:0.0: usb_submit_urb failed (-19)
[  386.086316][ T5402] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  386.318198][ T9629] bridge0: port 3(syz_tun) entered blocking state
[  386.334394][ T9629] bridge0: port 3(syz_tun) entered disabled state
[  386.336748][ T9629] syz_tun: entered allmulticast mode
[  386.341546][ T9629] syz_tun: entered promiscuous mode
[  386.366224][ T9629] bridge0: port 3(syz_tun) entered blocking state
[  386.368997][ T9629] bridge0: port 3(syz_tun) entered listening state
[  387.232534][ T9640] lo speed is unknown, defaulting to 1000
[  387.504264][ T9642] lo speed is unknown, defaulting to 1000
[  388.454262][ T4770] Bluetooth: hci4: Malformed Event: 0x13
[  388.564786][   T39] audit: type=1400 audit(1726605667.133:658): avc:  denied  { mounton } for  pid=9651 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  388.577045][ T5350] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  388.582057][ T5350] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  388.587095][ T5350] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  388.594613][ T5350] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  388.597676][ T5350] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  388.600503][ T5350] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  388.699104][ T9651] lo speed is unknown, defaulting to 1000
[  389.053024][ T9651] chnl_net:caif_netlink_parms(): no params data found
[  389.355048][ T9651] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.357178][ T9651] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.359717][ T9651] bridge_slave_0: entered allmulticast mode
[  389.362642][ T9651] bridge_slave_0: entered promiscuous mode
[  389.375299][ T9651] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.378313][ T9651] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.381164][ T9651] bridge_slave_1: entered allmulticast mode
[  389.383929][ T9651] bridge_slave_1: entered promiscuous mode
[  389.473507][ T9651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  389.482112][ T9651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  389.569566][ T9651] team0: Port device team_slave_0 added
[  389.577516][ T9651] team0: Port device team_slave_1 added
[  389.983958][ T9651] batman_adv: batadv0: Adding interface: batadv_slave_0
[  389.986836][ T9651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  389.995585][ T9651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  390.000398][ T9651] batman_adv: batadv0: Adding interface: batadv_slave_1
[  390.002729][ T9651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.011485][ T9651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  390.181411][ T9651] hsr_slave_0: entered promiscuous mode
[  390.185113][ T9651] hsr_slave_1: entered promiscuous mode
[  390.188136][ T9651] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  390.190226][ T9651] Cannot create hsr debugfs directory
[  390.526531][ T9651] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.657863][ T9651] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.677936][ T9671] netlink: 'syz.1.1026': attribute type 1 has an invalid length.
[  390.680174][ T9671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1026'.
[  390.685594][ T4770] Bluetooth: hci2: command tx timeout
[  390.759387][ T9651] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.792996][ T9671] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1026'.
[  390.849594][ T9651] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  391.066432][ T9651] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  391.070439][ T9651] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  391.087510][ T9651] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  391.093516][ T9651] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  391.230771][ T9651] 8021q: adding VLAN 0 to HW filter on device bond0
[  391.267823][ T9651] 8021q: adding VLAN 0 to HW filter on device team0
[  391.284785][ T1166] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.286910][ T1166] bridge0: port 1(bridge_slave_0) entered forwarding state
[  391.302885][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.305638][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  391.628425][ T5350] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  391.633430][ T5350] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  391.636920][ T5350] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  391.648562][ T5350] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  391.652301][ T5350] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  391.656496][ T5350] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  391.658065][ T9651] 8021q: adding VLAN 0 to HW filter on device batadv0
[  391.875655][ T9651] veth0_vlan: entered promiscuous mode
[  391.905322][ T9651] veth1_vlan: entered promiscuous mode
[  391.975331][ T9651] veth0_macvtap: entered promiscuous mode
[  391.987979][ T9651] veth1_macvtap: entered promiscuous mode
[  392.006700][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  392.010347][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.013729][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  392.024249][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.034655][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  392.044724][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.056536][ T9651] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.094630][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  392.104261][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.114256][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  392.124875][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.134265][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  392.139956][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.144241][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  392.150003][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.153511][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  392.164252][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.168181][ T9651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  392.171769][ T9651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  392.185945][ T9651] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.207187][ T9651] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.214256][ T9651] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  392.217696][ T9651] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  392.224244][ T9651] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  392.388161][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  392.390951][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  392.397277][ T9688] futex_wake_op: syz.1.1030 tries to shift op by 32; fix this program
[  392.486582][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  392.488317][ T9680] lo speed is unknown, defaulting to 1000
[  392.489220][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  392.784277][ T5350] Bluetooth: hci2: command tx timeout
[  393.252935][ T9680] chnl_net:caif_netlink_parms(): no params data found
[  393.398933][ T9694] mac80211_hwsim hwsim21 ÿÿÿÿÿÿ: renamed from wlan1 (while UP)
[  393.490014][ T9680] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.491986][ T9680] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.493946][ T9680] bridge_slave_0: entered allmulticast mode
[  393.497687][ T9680] bridge_slave_0: entered promiscuous mode
[  393.506532][ T9680] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.508869][ T9680] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.511274][ T9680] bridge_slave_1: entered allmulticast mode
[  393.513623][ T9680] bridge_slave_1: entered promiscuous mode
[  393.575471][ T9680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  393.580382][ T9680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  393.643643][ T9703] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1031'.
[  393.673384][ T9680] team0: Port device team_slave_0 added
[  393.688555][ T9680] team0: Port device team_slave_1 added
[  393.734383][ T5350] Bluetooth: hci1: command tx timeout
[  393.741774][ T9680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  393.744305][ T9680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  393.751094][ T9680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  393.795639][ T9680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  393.798061][ T9680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  393.807621][ T9680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  393.880714][ T9680] hsr_slave_0: entered promiscuous mode
[  393.886207][ T9680] hsr_slave_1: entered promiscuous mode
[  393.889365][ T9680] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  393.892213][ T9680] Cannot create hsr debugfs directory
[  394.052113][ T9680] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.172483][ T9680] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.231599][ T9680] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.294622][ T1103] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  394.312617][ T9680] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.600635][ T9680] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  394.609924][ T9680] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  394.617511][ T9680] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  394.641560][ T9680] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  394.823461][ T9680] 8021q: adding VLAN 0 to HW filter on device bond0
[  394.844316][ T5350] Bluetooth: hci2: command tx timeout
[  394.853877][ T9680] 8021q: adding VLAN 0 to HW filter on device team0
[  394.862531][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.864699][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.897283][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.899220][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.926504][   T39] audit: type=1400 audit(1726605673.493:659): avc:  denied  { append } for  pid=9707 comm="syz.2.1033" name="ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  395.159358][ T9680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  395.242519][ T9680] veth0_vlan: entered promiscuous mode
[  395.256458][ T9680] veth1_vlan: entered promiscuous mode
[  395.308645][ T9680] veth0_macvtap: entered promiscuous mode
[  395.319409][ T9680] veth1_macvtap: entered promiscuous mode
[  395.342459][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  395.346689][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.350130][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  395.354456][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.358045][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  395.361735][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.367043][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  395.375179][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.381482][ T9680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  395.388415][ T9717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1034'.
[  395.400049][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.402791][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.406505][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.409781][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.412477][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.415684][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.418515][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.421471][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.424197][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.427098][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.429902][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.433364][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.438190][ T9680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  395.441829][ T9680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  395.446413][ T9680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  395.455480][ T9680] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.457829][ T9680] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  395.460257][ T9680] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  395.462757][ T9680] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  395.547447][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  395.549493][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.568800][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  395.570885][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.804759][ T5350] Bluetooth: hci1: command tx timeout
[  396.032804][ T9727] netlink: 'syz.0.1035': attribute type 9 has an invalid length.
[  396.035073][ T9727] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1035'.
[  396.036126][ T9728] fuse: Unknown parameter '0x0000000000000003'
[  396.926119][ T5350] Bluetooth: hci2: command tx timeout
[  397.884329][ T5350] Bluetooth: hci1: command tx timeout
[  397.976095][   T39] audit: type=1800 audit(1726605676.543:660): pid=9742 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1039" name="bus" dev="overlay" ino=40 res=0 errno=0
[  398.129714][ T9748] 9pnet_fd: Insufficient options for proto=fd
[  398.643211][ T9752] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  398.658056][ T9752] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  398.659817][ T9752] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  398.679099][ T9752] vhci_hcd vhci_hcd.0: Device attached
[  398.894341][ T1996] vhci_hcd: vhci_device speed not set
[  398.974567][ T1996] usb 17-1: new full-speed USB device number 4 using vhci_hcd
[  399.012765][ T9767] futex_wake_op: syz.0.1045 tries to shift op by 32; fix this program
[  399.016102][ T9766] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1044'.
[  399.612940][ T9759] vhci_hcd: connection reset by peer
[  399.616759][   T11] vhci_hcd: stop threads
[  399.619516][   T11] vhci_hcd: release socket
[  399.621443][   T11] vhci_hcd: disconnect device
[  399.768922][ T9773] netlink: 'syz.1.1046': attribute type 9 has an invalid length.
[  399.771002][ T9773] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.1046'.
[  399.974683][ T5350] Bluetooth: hci1: command tx timeout
[  400.734587][   T39] audit: type=1326 audit(1726605679.303:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9783 comm="syz.1.1048" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x0
[  400.859000][ T9789] mmap: syz.1.1048 (9789): VmData 37609472 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  401.085626][ T4770] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  401.091289][ T4770] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  401.098715][ T4770] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  401.101757][ T4770] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  401.105897][ T4770] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  401.109341][ T4770] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  401.258335][ T9790] lo speed is unknown, defaulting to 1000
[  401.489482][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.731515][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.762982][ T9798] Process accounting resumed
[  401.766979][ T9802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1052'.
[  401.842034][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.869096][ T9790] chnl_net:caif_netlink_parms(): no params data found
[  401.889164][   T39] audit: type=1800 audit(1726605680.453:662): pid=9794 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1051" name="bus" dev="overlay" ino=1450 res=0 errno=0
[  401.963341][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.966962][    C3] bridge0: port 3(syz_tun) entered learning state
[  401.990397][ T9798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1058'.
[  401.993233][ T9798] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1058'.
[  402.107921][ T9790] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.110340][ T9790] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.113153][ T9790] bridge_slave_0: entered allmulticast mode
[  402.118566][ T9790] bridge_slave_0: entered promiscuous mode
[  402.151945][ T9790] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.153935][ T9790] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.164629][ T9790] bridge_slave_1: entered allmulticast mode
[  402.169712][ T9790] bridge_slave_1: entered promiscuous mode
[  402.401566][   T39] audit: type=1400 audit(1726605680.963:663): avc:  denied  { getopt } for  pid=9812 comm="syz.1.1054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  402.449433][ T9814] input: syz1 as /devices/virtual/input/input31
[  402.732363][ T9790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.771324][ T9790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.894779][   T11] bridge_slave_1: left allmulticast mode
[  402.896307][   T11] bridge_slave_1: left promiscuous mode
[  402.898328][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.905553][   T11] bridge_slave_0: left allmulticast mode
[  402.907338][   T11] bridge_slave_0: left promiscuous mode
[  402.910209][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.156291][ T9821] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1056'.
[  403.166168][ T5350] Bluetooth: hci6: command tx timeout
[  403.890122][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  403.906488][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  403.913829][   T11] bond0 (unregistering): Released all slaves
[  403.963916][ T9790] team0: Port device team_slave_0 added
[  403.968272][ T9790] team0: Port device team_slave_1 added
[  403.970091][ T9821] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1056'.
[  404.120250][ T9790] batman_adv: batadv0: Adding interface: batadv_slave_0
[  404.122127][ T9790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.126425][ T1996] vhci_hcd: vhci_device speed not set
[  404.132090][ T9790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  404.178226][ T9790] batman_adv: batadv0: Adding interface: batadv_slave_1
[  404.180441][ T9790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.204734][ T9790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  404.379045][ T9790] hsr_slave_0: entered promiscuous mode
[  404.393993][ T9790] hsr_slave_1: entered promiscuous mode
[  404.399028][ T9790] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  404.401027][ T9790] Cannot create hsr debugfs directory
[  404.703351][   T11] hsr_slave_0: left promiscuous mode
[  404.733507][   T11] hsr_slave_1: left promiscuous mode
[  404.745631][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  404.748373][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  404.764570][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  404.767377][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  404.893685][   T11] veth1_macvtap: left promiscuous mode
[  404.904331][   T11] veth0_macvtap: left promiscuous mode
[  404.906584][   T11] veth1_vlan: left promiscuous mode
[  404.908602][   T11] veth0_vlan: left promiscuous mode
[  405.244232][ T5350] Bluetooth: hci6: command tx timeout
[  406.736878][   T11] team0 (unregistering): Port device team_slave_1 removed
[  406.946177][   T11] team0 (unregistering): Port device team_slave_0 removed
[  407.324313][ T5350] Bluetooth: hci6: command tx timeout
[  409.022988][   T11] IPVS: stop unused estimator thread 0...
[  409.223943][ T9790] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  409.255124][ T9790] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  409.275699][ T9790] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  409.305552][ T9790] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  409.404729][ T5350] Bluetooth: hci6: command tx timeout
[  409.490360][ T9790] 8021q: adding VLAN 0 to HW filter on device bond0
[  409.503866][ T9790] 8021q: adding VLAN 0 to HW filter on device team0
[  409.516996][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.519517][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  409.529475][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  409.531945][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  409.815089][ T9790] 8021q: adding VLAN 0 to HW filter on device batadv0
[  409.870407][ T9790] veth0_vlan: entered promiscuous mode
[  409.888412][ T9790] veth1_vlan: entered promiscuous mode
[  409.915992][ T9790] veth0_macvtap: entered promiscuous mode
[  409.921696][ T9790] veth1_macvtap: entered promiscuous mode
[  409.936064][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  409.939883][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  409.943466][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  409.947611][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  409.951228][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  409.954963][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  409.957531][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  409.960273][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  409.966640][ T9790] batman_adv: batadv0: Interface activated: batadv_slave_0
[  409.976104][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  409.978822][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  409.982189][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  410.003889][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  410.007633][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  410.010883][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  410.014664][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  410.017415][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  410.021048][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  410.024909][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  410.027458][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  410.030538][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  410.034194][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  410.038028][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  410.044955][ T9790] batman_adv: batadv0: Interface activated: batadv_slave_1
[  410.056823][ T9790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  410.059286][ T9790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  410.062447][ T9790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  410.065796][ T9790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  410.165964][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  410.168687][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  410.198677][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  410.200976][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.557294][   T39] audit: type=1400 audit(1726605690.043:664): avc:  denied  { listen } for  pid=9856 comm="syz.3.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  411.986790][ T9879] netlink: 'syz.3.1057': attribute type 9 has an invalid length.
[  411.989446][ T9879] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1057'.
[  413.202936][ T9890] vivid-007: =================  START STATUS  =================
[  413.207500][ T9890] vivid-007: Enable Output Cropping: true grabbed
[  413.217078][ T9890] vivid-007: Enable Output Composing: true grabbed
[  413.270224][ T9890] vivid-007: Enable Output Scaler: true grabbed
[  413.271831][ T9890] vivid-007: Tx RGB Quantization Range: Automatic grabbed
[  413.279867][ T9890] vivid-007: Transmit Mode: HDMI grabbed
[  413.282701][ T9890] vivid-007: Hotplug Present: 0x00000000
[  413.294306][ T9890] vivid-007: RxSense Present: 0x00000000
[  413.295970][ T9890] vivid-007: EDID Present: 0x00000000
[  413.297577][ T9890] vivid-007: ==================  END STATUS  ==================
[  414.171447][   T39] audit: type=1400 audit(1726605692.733:665): avc:  denied  { append } for  pid=9896 comm="syz.1.1062" name="usbmon6" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  414.347165][ T5350] Bluetooth: hci1: Malformed Event: 0x13
[  414.479908][ T1996] IPVS: starting estimator thread 0...
[  414.584289][ T9911] IPVS: using max 37 ests per chain, 88800 per kthread
[  414.909625][ T9912] can: request_module (can-proto-4) failed.
[  415.421331][ T9917] macvlan0: entered allmulticast mode
[  415.422809][ T9917] veth1_vlan: entered allmulticast mode
[  415.428304][ T9924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1071'.
[  415.468835][ T9928] netlink: 'syz.0.1072': attribute type 9 has an invalid length.
[  415.470717][ T9928] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.1072'.
[  415.745707][ T9920] macvlan0: left allmulticast mode
[  415.747524][ T9920] veth1_vlan: left allmulticast mode
[  416.178717][ T9925] vivid-007: =================  START STATUS  =================
[  416.180978][ T9925] vivid-007: Enable Output Cropping: true grabbed
[  416.182911][ T9925] vivid-007: Enable Output Composing: true grabbed
[  416.185084][ T9925] vivid-007: Enable Output Scaler: true grabbed
[  416.187318][ T9925] vivid-007: Tx RGB Quantization Range: Automatic grabbed
[  416.189879][ T9925] vivid-007: Transmit Mode: HDMI grabbed
[  416.191644][ T9925] vivid-007: Hotplug Present: 0x00000000
[  416.193324][ T9925] vivid-007: RxSense Present: 0x00000000
[  416.194952][ T9925] vivid-007: EDID Present: 0x00000000
[  416.197179][ T9925] vivid-007: ==================  END STATUS  ==================
[  416.235874][ T1103] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  416.812284][   T39] audit: type=1800 audit(1726605695.373:666): pid=9945 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1076" name="/" dev="fuse" ino=1 res=0 errno=0
[  417.326051][    C3] bridge0: port 3(syz_tun) entered forwarding state
[  417.328797][    C3] bridge0: topology change detected, propagating
[  417.889483][ T9955] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1077'.
[  418.100217][ T9959] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1078'.
[  418.119509][ T9959] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1078'.
[  418.954330][   T39] audit: type=1326 audit(1726605697.503:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  418.962779][   T39] audit: type=1326 audit(1726605697.503:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  418.969332][   T39] audit: type=1326 audit(1726605697.513:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  418.976044][   T39] audit: type=1326 audit(1726605697.513:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  418.983115][   T39] audit: type=1326 audit(1726605697.513:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  418.991199][   T39] audit: type=1326 audit(1726605697.513:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  418.999179][   T39] audit: type=1326 audit(1726605697.513:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  419.010407][   T39] audit: type=1326 audit(1726605697.513:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  419.018290][   T39] audit: type=1326 audit(1726605697.513:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9964 comm="syz.1.1080" exe="/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f3dfdb7def9 code=0x7ffc0000
[  419.060473][ T9966] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1080'.
[  419.851953][ T5350] Bluetooth: hci6: Malformed Event: 0x13
[  420.030571][ T9978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1086'.
[  420.048847][ T9979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1084'.
[  420.064633][ T9978] syzkaller1: entered promiscuous mode
[  420.066109][ T9978] syzkaller1: entered allmulticast mode
[  420.093734][ T9978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1086'.
[  420.335480][ T9983] usb usb8: usbfs: process 9983 (syz.3.1087) did not claim interface 0 before use
[  420.433207][ T9985] netlink: 'syz.2.1088': attribute type 2 has an invalid length.
[  422.016128][   T39] kauditd_printk_skb: 2240 callbacks suppressed
[  422.016143][   T39] audit: type=1400 audit(1726605700.583:2916): avc:  denied  { checkpoint_restore } for  pid=10001 comm="syz.0.1093" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  424.912504][ T5385] IPVS: starting estimator thread 0...
[  425.015104][T10044] IPVS: using max 36 ests per chain, 86400 per kthread
[  425.674296][   T30] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  425.862150][   T30] usb 7-1: Using ep0 maxpacket: 16
[  425.866055][   T30] usb 7-1: config 4 has an invalid interface number: 170 but max is 2
[  425.868213][   T30] usb 7-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  425.870475][   T30] usb 7-1: config 4 has an invalid interface number: 39 but max is 2
[  425.872553][   T30] usb 7-1: config 4 has an invalid interface number: 143 but max is 2
[  425.875012][   T30] usb 7-1: config 4 has an invalid interface number: 178 but max is 2
[  425.877270][   T30] usb 7-1: config 4 has 5 interfaces, different from the descriptor's value: 3
[  425.879665][   T30] usb 7-1: config 4 has no interface number 1
[  425.881300][   T30] usb 7-1: config 4 has no interface number 2
[  425.883475][   T30] usb 7-1: config 4 has no interface number 3
[  425.892825][   T30] usb 7-1: config 4 has no interface number 4
[  425.894686][   T30] usb 7-1: config 4 interface 170 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  425.897673][   T30] usb 7-1: config 4 interface 170 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  425.900452][   T30] usb 7-1: config 4 interface 170 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  425.903559][   T30] usb 7-1: config 4 interface 170 altsetting 0 has an endpoint descriptor with address 0x23, changing to 0x3
[  425.906766][   T30] usb 7-1: config 4 interface 170 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  425.909349][   T30] usb 7-1: config 4 interface 170 altsetting 0 has an endpoint descriptor with address 0x32, changing to 0x2
[  425.912782][   T30] usb 7-1: config 4 interface 170 altsetting 0 endpoint 0x2 has invalid maxpacket 48987, setting to 1024
[  425.917184][   T30] usb 7-1: config 4 interface 170 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  425.921284][   T30] usb 7-1: config 4 interface 170 altsetting 0 has an endpoint descriptor with address 0x3A, changing to 0xA
[  425.924825][   T30] usb 7-1: config 4 interface 170 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  425.927686][   T30] usb 7-1: config 4 interface 170 altsetting 0 endpoint 0xA has invalid maxpacket 32899, setting to 1024
[  425.930660][   T30] usb 7-1: config 4 interface 170 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  425.933571][   T30] usb 7-1: config 4 interface 170 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  425.936445][   T30] usb 7-1: config 4 interface 170 altsetting 0 has a duplicate endpoint with address 0xF, skipping
[  425.939566][   T30] usb 7-1: config 4 interface 170 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  425.943396][   T30] usb 7-1: config 4 interface 170 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  425.947811][   T30] usb 7-1: config 4 interface 170 altsetting 0 endpoint 0xE has invalid maxpacket 512, setting to 64
[  425.952078][   T30] usb 7-1: config 4 interface 170 altsetting 0 has 15 endpoint descriptors, different from the interface descriptor's value: 12
[  425.955921][   T30] usb 7-1: config 4 interface 0 altsetting 129 has a duplicate endpoint with address 0xE, skipping
[  425.959362][   T30] usb 7-1: config 4 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  425.962975][   T30] usb 7-1: too many endpoints for config 4 interface 39 altsetting 208: 233, using maximum allowed: 30
[  425.966286][   T30] usb 7-1: config 4 interface 39 altsetting 208 has an invalid descriptor for endpoint zero, skipping
[  425.969264][   T30] usb 7-1: config 4 interface 39 altsetting 208 has a duplicate endpoint with address 0xB, skipping
[  425.972159][   T30] usb 7-1: config 4 interface 39 altsetting 208 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  425.976389][   T30] usb 7-1: config 4 interface 39 altsetting 208 has 4 endpoint descriptors, different from the interface descriptor's value: 233
[  425.985296][   T30] usb 7-1: config 4 interface 143 altsetting 247 has an invalid descriptor for endpoint zero, skipping
[  425.988169][   T30] usb 7-1: config 4 interface 178 altsetting 106 has a duplicate endpoint with address 0x7, skipping
[  425.991022][   T30] usb 7-1: config 4 interface 178 altsetting 106 has a duplicate endpoint with address 0x1, skipping
[  425.993859][   T30] usb 7-1: config 4 interface 178 altsetting 106 has a duplicate endpoint with address 0x1, skipping
[  425.996679][   T30] usb 7-1: config 4 interface 0 has no altsetting 0
[  425.998281][   T30] usb 7-1: config 4 interface 39 has no altsetting 0
[  425.999962][   T30] usb 7-1: config 4 interface 143 has no altsetting 0
[  426.001719][   T30] usb 7-1: config 4 interface 178 has no altsetting 0
[  426.009476][   T30] usb 7-1: New USB device found, idVendor=045e, idProduct=0475, bcdDevice=23.a6
[  426.012596][   T30] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.020481][   T30] usb 7-1: Product: ä°Š
[  426.026135][   T30] usb 7-1: Manufacturer: ᠹ�⣚���䣊낅♅┷盧ㆬ��嚒蟺䷋㥲듯н矣㑒뼼녵쒑�ᢚ歜凖�壧剻�㧔�š鮇쑣䴜옣�鸳マஈ湌㳖葇컮�蚅ⳓ㖾⻤裎��ꆩ୉ճ᫃쓬퇂슔峲㾬ꇢ䀲
[  426.033344][   T30] usb 7-1: SerialNumber: Ð’
[  426.057485][T10050] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  426.060523][T10050] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  426.063826][T10050] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  426.284852][   T45] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  426.468843][   T39] audit: type=1400 audit(1726605705.033:2917): avc:  denied  { getopt } for  pid=10061 comm="syz.1.1105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  427.202551][   T39] audit: type=1326 audit(1726605705.763:2918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.209997][   T39] audit: type=1326 audit(1726605705.763:2919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.216681][   T39] audit: type=1326 audit(1726605705.773:2920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.227722][   T39] audit: type=1326 audit(1726605705.773:2921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.234467][   T39] audit: type=1326 audit(1726605705.773:2922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.242522][   T39] audit: type=1326 audit(1726605705.773:2923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.248678][   T39] audit: type=1326 audit(1726605705.773:2924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.256378][   T39] audit: type=1326 audit(1726605705.773:2925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.262905][   T39] audit: type=1326 audit(1726605705.773:2926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.271686][   T39] audit: type=1326 audit(1726605705.773:2927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10079 comm="syz.0.1106" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95937def9 code=0x7ffc0000
[  427.283242][T10083] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1106'.
[  428.124290][T10091] netlink: 'syz.0.1109': attribute type 9 has an invalid length.
[  428.127134][T10091] netlink: 'syz.0.1109': attribute type 7 has an invalid length.
[  428.129472][T10091] netlink: 'syz.0.1109': attribute type 8 has an invalid length.
[  428.138982][T10091] ax25_connect(): syz.0.1109 uses autobind, please contact jreuter@yaina.de
[  428.454061][   T30] usb 7-1: USB disconnect, device number 12
[  428.927072][T10100] input: syz1 as /devices/virtual/input/input33
[  431.167392][ T5350] Bluetooth: hci2: Malformed Event: 0x13
[  431.641951][T10126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'.
[  431.653392][T10126] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1114'.
[  431.997925][ T6892] IPVS: starting estimator thread 0...
[  432.184354][T10127] IPVS: using max 21 ests per chain, 50400 per kthread
[  432.279279][   T39] kauditd_printk_skb: 1832 callbacks suppressed
[  432.279292][   T39] audit: type=1400 audit(1726605710.843:4760): avc:  denied  { read } for  pid=10128 comm="syz.0.1115" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  432.308009][T10129] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1115'.
[  433.782662][T10148] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1118'.
[  433.904994][   T39] audit: type=1326 audit(1726605712.273:4761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.929320][   T39] audit: type=1326 audit(1726605712.273:4762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.938320][   T39] audit: type=1326 audit(1726605712.273:4763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.947000][   T39] audit: type=1326 audit(1726605712.273:4764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.955775][   T39] audit: type=1326 audit(1726605712.273:4765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.965918][   T39] audit: type=1326 audit(1726605712.273:4766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.977246][   T39] audit: type=1326 audit(1726605712.273:4767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.986645][   T39] audit: type=1326 audit(1726605712.273:4768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  433.994536][   T39] audit: type=1326 audit(1726605712.273:4769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10142 comm="syz.2.1118" exe="/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7faf3ff7def9 code=0x7ffc0000
[  435.713679][T10171] input: syz1 as /devices/virtual/input/input34
[  436.960097][T10183] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  436.997023][T10183] x_tables: duplicate underflow at hook 1
[  437.547536][ T5350] Bluetooth: hci2: Malformed Event: 0x13
[  438.894104][T10204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1138'.
[  438.927851][T10204] syzkaller1: entered promiscuous mode
[  438.931567][T10204] syzkaller1: entered allmulticast mode
[  438.947032][T10204] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1138'.
[  439.353568][T10212] input: syz1 as /devices/virtual/input/input35
[  440.370920][ T1381] ieee802154 phy1 wpan1: encryption failed: -22
[  440.838066][T10226] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1142'.
[  440.859959][T10226] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1142'.
[  441.380290][   T39] kauditd_printk_skb: 964 callbacks suppressed
[  441.380306][   T39] audit: type=1400 audit(1726605719.943:5734): avc:  denied  { create } for  pid=10230 comm="syz.2.1143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  441.421645][   T39] audit: type=1400 audit(1726605719.963:5735): avc:  denied  { write } for  pid=10230 comm="syz.2.1143" path="socket:[33892]" dev="sockfs" ino=33892 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  442.903911][   T39] audit: type=1400 audit(1726605721.463:5736): avc:  denied  { connect } for  pid=10248 comm="syz.1.1150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  443.073129][T10250] syz.3.1148: attempt to access beyond end of device
[  443.073129][T10250] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  443.077579][T10250] SQUASHFS error: Failed to read block 0x0: -5
[  443.079422][T10250] unable to read squashfs_super_block
[  446.838106][   T39] audit: type=1400 audit(1726605725.403:5737): avc:  denied  { write } for  pid=10296 comm="syz.0.1170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  446.929789][   T39] audit: type=1400 audit(1726605725.493:5738): avc:  denied  { module_load } for  pid=10296 comm="syz.0.1170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  446.936265][T10300] Invalid ELF header magic: != ELF
[  447.452681][ T1104] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  447.984461][T10308] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1161'.
[  449.453301][T10314] qrtr: Invalid version 47
[  449.472742][T10314] No such timeout policy "syz0"
[  450.024297][ T9824] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  450.215091][ T9824] usb 5-1: Using ep0 maxpacket: 8
[  450.246562][ T9824] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  450.249211][ T9824] usb 5-1: config 16 has 0 interfaces, different from the descriptor's value: 1
[  450.252039][ T9824] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  450.275964][ T9824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.756255][T10330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1167'.
[  450.839841][T10330] mac80211_hwsim hwsim23 wlan1: entered promiscuous mode
[  452.694479][ T5350] Bluetooth: hci3: command 0x0406 tx timeout
[  452.694600][T10322] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  452.729911][T10322] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  452.732202][T10322] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  452.744379][T10322] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  452.750094][T10322] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  452.775476][T10322] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  452.779740][T10322] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  452.783652][T10322] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  452.797948][T10322] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  452.799664][T10322] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  452.803856][T10322] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  452.822571][  T831] usb 5-1: USB disconnect, device number 10
[  453.050294][   T39] audit: type=1400 audit(1726605731.603:5739): avc:  denied  { setopt } for  pid=10341 comm="syz.2.1173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  453.056587][T10352] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1173'.
[  453.065594][T10342] mac80211_hwsim hwsim24 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  453.105763][T10351] lo speed is unknown, defaulting to 1000
[  454.299299][T10368] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  454.301131][T10368] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  454.303322][T10368] vhci_hcd vhci_hcd.0: Device attached
[  454.319557][   T39] audit: type=1400 audit(1726605732.883:5740): avc:  denied  { bind } for  pid=10367 comm="syz.3.1177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  454.384565][T10371] netlink: 260 bytes leftover after parsing attributes in process `syz.2.1176'.
[  454.453322][T10371] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1176'.
[  454.474541][T10371] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1176'.
[  454.594548][  T831] usb 19-1: new high-speed USB device number 4 using vhci_hcd
[  454.774398][ T4770] Bluetooth: hci4: command 0x0405 tx timeout
[  454.776726][ T5350] Bluetooth: hci2: command 0x0c1a tx timeout
[  454.864912][ T5350] Bluetooth: hci6: command 0x0c1a tx timeout
[  454.866892][ T5350] Bluetooth: hci1: command 0x0c1a tx timeout
[  455.085753][ T1107] wlan0: Trigger new scan to find an IBSS to join
[  455.175452][T10369] vhci_hcd: connection reset by peer
[  455.177298][   T76] vhci_hcd: stop threads
[  455.178927][   T76] vhci_hcd: release socket
[  455.180751][   T76] vhci_hcd: disconnect device
[  456.400001][T10417] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  456.844540][ T4770] Bluetooth: hci2: command 0x0c1a tx timeout
[  456.924332][ T4770] Bluetooth: hci1: command 0x0c1a tx timeout
[  456.926539][ T4770] Bluetooth: hci6: command 0x0c1a tx timeout
[  457.007407][T10425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1187'.
[  457.193685][T10425] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1187'.
[  457.644575][   T76] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  457.688265][T10429] "syz.2.1188" (10429) uses obsolete ecb(arc4) skcipher
[  458.216531][ T1137] wlan0: Trigger new scan to find an IBSS to join
[  458.924698][ T5350] Bluetooth: hci2: command 0x0c1a tx timeout
[  459.004525][ T5350] Bluetooth: hci1: command 0x0c1a tx timeout
[  459.006814][ T4770] Bluetooth: hci6: command 0x0c1a tx timeout
[  459.734703][  T831] vhci_hcd: vhci_device speed not set
[  461.084577][ T1166] wlan0: Creating new IBSS network, BSSID 4e:36:18:81:5b:ef
[  461.784462][T10489] overlay: Unknown parameter 'y^\@\+\'
[  462.041087][   T39] audit: type=1400 audit(1726605740.603:5741): avc:  denied  { connect } for  pid=10496 comm="syz.3.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  462.366430][T10501] netlink: 'syz.3.1199': attribute type 2 has an invalid length.
[  462.408929][T10501] : entered promiscuous mode
[  463.540574][T10506] netlink: 'syz.0.1201': attribute type 1 has an invalid length.
[  463.543456][T10506] netlink: 9348 bytes leftover after parsing attributes in process `syz.0.1201'.
[  463.548806][T10506] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1201'.
[  463.818581][T10512] Sensor A: =================  START STATUS  =================
[  463.820915][T10512] Sensor A: Test Pattern: 75% Colorbar
[  463.824537][T10512] Sensor A: Show Information: All
[  463.833673][T10512] Sensor A: Vertical Flip: false
[  463.850181][T10512] Sensor A: Horizontal Flip: false
[  463.861410][T10512] Sensor A: Brightness: 128
[  463.869743][T10512] Sensor A: Contrast: 128
[  463.875629][T10512] Sensor A: Hue: 0
[  463.881159][T10512] Sensor A: Saturation: 128
[  463.882615][T10512] Sensor A: ==================  END STATUS  ==================
[  464.904414][T10518] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1205'.
[  465.366490][   T39] audit: type=1400 audit(1726605743.933:5742): avc:  denied  { mount } for  pid=10524 comm="syz.1.1207" name="/" dev="gadgetfs" ino=34154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  466.043794][   T39] audit: type=1400 audit(1726605744.603:5743): avc:  denied  { unmount } for  pid=5787 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  466.193505][   T39] audit: type=1400 audit(1726605744.753:5744): avc:  denied  { ioctl } for  pid=10532 comm="syz.3.1210" path="socket:[33501]" dev="sockfs" ino=33501 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  473.839226][   T39] audit: type=1400 audit(1726605752.403:5745): avc:  denied  { create } for  pid=10554 comm="syz.2.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  473.854216][   T39] audit: type=1400 audit(1726605752.403:5746): avc:  denied  { setopt } for  pid=10554 comm="syz.2.1216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  474.023844][ T5350] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  474.031267][ T5350] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  474.036390][ T5350] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  474.041432][ T5350] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  474.045308][ T5350] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  474.048181][ T5350] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  474.093380][T10566] lo speed is unknown, defaulting to 1000
[  474.156787][   T39] audit: type=1400 audit(1726605752.713:5747): avc:  denied  { connect } for  pid=10558 comm="syz.1.1215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  474.318398][T10569] lo speed is unknown, defaulting to 1000
[  474.507459][T10566] chnl_net:caif_netlink_parms(): no params data found
[  474.939902][T10566] bridge0: port 1(bridge_slave_0) entered blocking state
[  474.943154][T10566] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.951842][T10566] bridge_slave_0: entered allmulticast mode
[  474.966749][T10566] bridge_slave_0: entered promiscuous mode
[  475.042361][T10566] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.048893][T10566] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.051084][T10566] bridge_slave_1: entered allmulticast mode
[  475.067283][T10566] bridge_slave_1: entered promiscuous mode
[  475.289637][T10566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  475.296132][T10566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  475.451940][T10566] team0: Port device team_slave_0 added
[  475.462468][T10566] team0: Port device team_slave_1 added
[  475.560386][T10566] batman_adv: batadv0: Adding interface: batadv_slave_0
[  475.562473][T10566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  475.570206][T10566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  475.575302][T10566] batman_adv: batadv0: Adding interface: batadv_slave_1
[  475.577154][T10566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  475.583876][T10566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  475.668981][T10566] hsr_slave_0: entered promiscuous mode
[  475.672160][T10566] hsr_slave_1: entered promiscuous mode
[  475.675592][T10566] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  475.677895][T10566] Cannot create hsr debugfs directory
[  475.851813][T10566] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.025596][T10566] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.072884][T10591] siw: device registration error -23
[  476.124434][ T4770] Bluetooth: hci5: command tx timeout
[  476.234532][T10566] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.254433][T10592] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1222'.
[  476.324397][   T39] audit: type=1400 audit(1726605754.893:5748): avc:  denied  { write } for  pid=10593 comm="syz.1.1223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  476.395145][T10566] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.700321][T10566] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  476.707713][T10566] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  476.725023][T10566] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  476.731837][T10566] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  476.894502][T10566] 8021q: adding VLAN 0 to HW filter on device bond0
[  476.921592][T10566] 8021q: adding VLAN 0 to HW filter on device team0
[  476.955137][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.957062][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  476.966457][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.968576][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  477.320952][T10566] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  477.332709][T10566] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  477.657589][   T39] audit: type=1400 audit(1726605756.213:5749): avc:  denied  { listen } for  pid=10600 comm="syz.2.1225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  477.824470][T10566] 8021q: adding VLAN 0 to HW filter on device batadv0
[  477.884201][T10627] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1226'.
[  478.214337][ T5350] Bluetooth: hci5: command tx timeout
[  478.532733][T10566] veth0_vlan: entered promiscuous mode
[  478.592474][ T1137] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  478.621687][T10566] veth1_vlan: entered promiscuous mode
[  478.755700][T10628] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  478.757941][T10628] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  478.761127][T10628] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  478.763247][T10628] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  478.767275][T10628] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  478.781958][T10566] veth0_macvtap: entered promiscuous mode
[  478.796724][T10566] veth1_macvtap: entered promiscuous mode
[  478.820387][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  478.823316][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  478.827670][T10628] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  478.829807][T10628] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  478.920286][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  478.987456][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  478.991140][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  478.997591][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.001197][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  479.022529][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.031502][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  479.050783][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.059242][T10566] batman_adv: batadv0: Interface activated: batadv_slave_0
[  479.081602][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.085605][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.088277][T10628] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  479.122841][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.125715][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.128770][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.131798][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.135040][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.138580][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.141471][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.144366][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.149627][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.153358][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.155905][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.159641][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.162821][T10566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  479.165843][T10566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  479.170900][T10566] batman_adv: batadv0: Interface activated: batadv_slave_1
[  479.196468][T10566] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  479.199777][T10566] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  479.203091][T10566] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  479.213239][T10566] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  479.329758][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  479.334956][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  479.377195][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  479.381534][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  480.310621][T10653] lo speed is unknown, defaulting to 1000
[  480.604642][ T4770] Bluetooth: hci3: command 0x0406 tx timeout
[  480.764276][ T4770] Bluetooth: hci4: command 0x0405 tx timeout
[  480.844608][T10638] Bluetooth: hci6: command 0x0c1a tx timeout
[  480.848152][T10638] Bluetooth: hci1: command 0x0c1a tx timeout
[  480.848587][ T5341] Bluetooth: hci2: command 0x0c1a tx timeout
[  480.850312][ T4770] Bluetooth: hci5: command 0x040f tx timeout
[  480.952072][T10666] syz.1.1239 (10666): drop_caches: 2
[  482.924557][ T5350] Bluetooth: hci5: command 0x040f tx timeout
[  485.004658][ T5350] Bluetooth: hci5: command 0x040f tx timeout
[  485.125345][T10706] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1245'.
[  485.167927][T10713] lo speed is unknown, defaulting to 1000
[  485.169467][T10710] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  485.174983][T10710] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  485.476686][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  485.683957][T10723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1248'.
[  485.684828][T10719] EXT4-fs (sda1): resizing filesystem from 262144 to 2 blocks
[  485.726216][T10719] EXT4-fs warning (device sda1): ext4_resize_fs:2041: can't shrink FS - resize aborted
[  485.817739][T10727] netlink: 'syz.2.1248': attribute type 4 has an invalid length.
[  486.000784][ T5350] Bluetooth: hci2: unexpected event for opcode 0x0c7a
[  486.071106][T10729] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10729 comm=syz.3.1249
[  486.514886][T10740] syz.1.1251: attempt to access beyond end of device
[  486.514886][T10740] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  486.520284][T10740] SQUASHFS error: Failed to read block 0x0: -5
[  486.522556][T10740] unable to read squashfs_super_block
[  486.736025][T10744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1252'.
[  486.764419][T10744] openvswitch: netlink: Flow actions attr not present in new flow.
[  487.084608][ T5350] Bluetooth: hci5: command 0x040f tx timeout
[  487.243008][T10754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.309250][T10754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.369493][T10761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  488.494020][T10770] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1257'.
[  488.516345][   T30] IPVS: starting estimator thread 0...
[  488.614434][T10771] IPVS: using max 37 ests per chain, 88800 per kthread
[  489.153093][T10782] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  489.164586][ T5350] Bluetooth: hci5: command 0x040f tx timeout
[  489.192221][T10778] lo speed is unknown, defaulting to 1000
[  489.336643][   T13] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  489.654775][ T1103] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  491.115338][T10809] 9pnet: Unknown protocol version 9p2000.Ú´>;1èögË�ÓŸ?öu
[  491.120688][T10809] cgroup: Unknown subsys name 'euid>00000000000000000000'
[  492.855629][ T5350] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  494.587687][   T39] audit: type=1326 audit(1726605773.143:5750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10848 comm="syz.0.1283" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff25017def9 code=0x0
[  496.373034][T10874] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1280'.
[  497.195500][T10877] Invalid option length (1031570) for dns_resolver key
[  497.568619][T10882] input: syz0 as /devices/virtual/input/input36
[  497.785960][ T5350] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  498.977328][   T39] audit: type=1400 audit(1726605777.523:5751): avc:  denied  { getopt } for  pid=10889 comm="syz.3.1286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  499.824355][   T57] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  500.006416][   T57] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  500.009053][   T57] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  500.014216][   T57] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  500.020410][   T57] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  500.034334][   T57] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  500.066103][   T57] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  500.068741][   T57] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  500.070760][   T57] usb 7-1: Product: syz
[  500.071882][   T57] usb 7-1: Manufacturer: syz
[  500.099698][   T57] cdc_wdm 7-1:1.0: skipping garbage
[  500.101549][   T57] cdc_wdm 7-1:1.0: skipping garbage
[  500.114556][   T57] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  500.116619][   T57] cdc_wdm 7-1:1.0: Unknown control protocol
[  500.536976][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.539325][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.541781][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.544203][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.546652][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.548724][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.550500][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.552510][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.554335][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.556061][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.557894][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.560313][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.563029][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.565639][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.568115][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.570809][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.573502][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.575767][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.578190][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  500.579898][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  500.585640][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  500.589316][  T831] usb 7-1: USB disconnect, device number 13
[  501.813458][ T1381] ieee802154 phy1 wpan1: encryption failed: -22
[  502.277809][T10918] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1291'.
[  502.657223][   T76] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.180592][T10922] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  503.182775][T10922] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  503.188525][T10922] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  503.190241][T10922] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  503.191898][T10922] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  503.193590][T10922] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  504.207338][T10951] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1299'.
[  504.516668][   T39] audit: type=1326 audit(1726605783.083:5752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10955 comm="syz.0.1300" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff25017def9 code=0x0
[  504.642994][   T39] audit: type=1400 audit(1726605783.203:5753): avc:  denied  { read } for  pid=10955 comm="syz.0.1300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  504.764375][ T5350] Bluetooth: hci3: command 0x0406 tx timeout
[  505.247910][ T5341] Bluetooth: hci6: command 0x0c1a tx timeout
[  505.250342][ T5341] Bluetooth: hci2: command 0x0c1a tx timeout
[  505.252765][ T5350] Bluetooth: hci1: command 0x0c1a tx timeout
[  505.255352][ T4770] Bluetooth: hci5: command 0x040f tx timeout
[  505.255369][ T5341] Bluetooth: hci4: command 0x0405 tx timeout
[  505.361929][T10965] overlayfs: failed to resolve './file0': -2
[  506.289728][   T39] audit: type=1400 audit(1726605784.853:5754): avc:  denied  { bind } for  pid=10966 comm="syz.0.1303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  506.610315][T10974] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1305'.
[  507.095146][   T39] audit: type=1326 audit(1726605785.663:5755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10976 comm="syz.3.1304" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x0
[  507.285326][T10981] syz_tun: entered promiscuous mode
[  507.311438][T10981] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1304'.
[  507.318078][T10981] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1304'.
[  507.858446][T10976] syz_tun: left promiscuous mode
[  509.074350][T10997] syz.0.1309: attempt to access beyond end of device
[  509.074350][T10997] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  509.078942][T10997] SQUASHFS error: Failed to read block 0x0: -5
[  509.081326][T10997] unable to read squashfs_super_block
[  509.261660][T11003] syz.2.1313 (11003): drop_caches: 2
[  509.722361][ T1166] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  510.494099][T11013] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1316'.
[  511.347566][   T39] audit: type=1326 audit(1726605789.903:5756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11026 comm="syz.0.1318" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff25017def9 code=0x0
[  511.466972][T11031] syz_tun: entered promiscuous mode
[  511.574000][T11031] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1318'.
[  511.585759][T11031] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1318'.
[  511.712709][   T39] audit: type=1326 audit(1726605790.223:5757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11033 comm="syz.1.1321" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x0
[  512.147395][T11026] syz_tun: left promiscuous mode
[  513.790006][T11048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  514.074106][T11055] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[  514.733126][T11062] fuse: Unknown parameter '0x0000000000000009'
[  515.105922][T11067] netlink: 'syz.2.1330': attribute type 2 has an invalid length.
[  515.108332][T11067] netlink: 'syz.2.1330': attribute type 1 has an invalid length.
[  515.417089][   T39] audit: type=1400 audit(1726605793.983:5758): avc:  denied  { bind } for  pid=11069 comm="syz.2.1331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  515.528661][T11068] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1329'.
[  515.624592][T11071] mkiss: ax0: crc mode is auto.
[  515.644438][   T39] audit: type=1400 audit(1726605794.203:5759): avc:  denied  { mount } for  pid=11075 comm="syz.1.1340" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  515.814201][   T39] audit: type=1326 audit(1726605794.373:5760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.3.1332" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x0
[  517.563141][ T5350] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  519.110807][   T39] audit: type=1400 audit(1726605797.673:5761): avc:  denied  { create } for  pid=11104 comm="syz.1.1338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  519.126045][T11114] xt_time: invalid argument - start or stop time greater than 23:59:59
[  520.441775][ T1104] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  521.588633][   T39] audit: type=1326 audit(1726605800.153:5762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11131 comm="syz.2.1345" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x0
[  521.644409][T10396] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  521.692067][T11138] syz.3.1344 (11138): drop_caches: 2
[  522.838503][ T5350] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  522.999042][T11154] fuse: Unknown parameter '0x0000000000000009'
[  523.776062][   T39] audit: type=1400 audit(1726605802.333:5763): avc:  denied  { ioctl } for  pid=11156 comm="syz.1.1350" path="socket:[35689]" dev="sockfs" ino=35689 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  523.980985][T11165] zonefs (nullb0) ERROR: Not a zoned block device
[  524.099661][T11165] nftables ruleset with unbound set
[  524.744794][   T39] audit: type=1400 audit(1726605803.313:5764): avc:  denied  { setopt } for  pid=11176 comm="syz.3.1356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  526.124509][    T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  526.342847][    T8] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  526.345431][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  526.358984][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  526.362302][    T8] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  526.381490][    T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  526.420500][    T8] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  526.424564][    T8] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  526.428376][    T8] usb 5-1: Product: syz
[  526.455611][    T8] usb 5-1: Manufacturer: syz
[  526.504772][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  526.507287][    T8] cdc_wdm 5-1:1.0: skipping garbage
[  526.511330][    T8] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  526.513539][    T8] cdc_wdm 5-1:1.0: Unknown control protocol
[  526.945407][    C0] wdm_int_callback: 25 callbacks suppressed
[  526.945438][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.949414][    C0] wdm_int_callback: 25 callbacks suppressed
[  526.949422][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.952763][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.954522][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.956269][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.958158][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.959941][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.961651][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.963423][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.966080][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.968684][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.971093][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.972900][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.974800][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.976614][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.978904][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.981594][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.984333][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.987024][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  526.988928][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  526.998248][ T5376] usb 5-1: USB disconnect, device number 11
[  527.850491][   T39] audit: type=1326 audit(1726605806.413:5765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11193 comm="syz.1.1358" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3dfdb7def9 code=0x0
[  527.872803][T11200] syz.0.1357 (11200): drop_caches: 2
[  528.298132][T11196] netlink: 'syz.2.1366': attribute type 7 has an invalid length.
[  528.339913][T11196] serio: Serial port ttynull
[  528.418092][   T39] audit: type=1400 audit(1726605806.983:5766): avc:  denied  { getopt } for  pid=11195 comm="syz.2.1366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  528.842275][T11211] usb usb8: usbfs: process 11211 (syz.2.1360) did not claim interface 0 before use
[  529.146197][   T39] audit: type=1400 audit(1726605807.713:5767): avc:  denied  { connect } for  pid=11216 comm="syz.3.1364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  529.925242][T11228] input: syz1 as /devices/virtual/input/input38
[  532.032741][T11254] syz.1.1372 (11254): drop_caches: 2
[  532.134528][   T39] audit: type=1400 audit(1726605810.523:5768): avc:  denied  { create } for  pid=11250 comm="syz.1.1372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  532.352083][T11260] fuse: Bad value for 'fd'
[  533.029782][T11267] Invalid option length (1031570) for dns_resolver key
[  533.149676][T11271] overlayfs: failed to resolve './file0': -2
[  533.527425][ T5350] Bluetooth: hci5: unexpected cc 0x0402 length: 65 > 1
[  533.531588][ T5350] Bluetooth: hci5: unexpected event for opcode 0x0402
[  534.022728][T11278] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1379'.
[  534.031171][   T39] audit: type=1400 audit(1726605812.593:5769): avc:  denied  { map } for  pid=11279 comm="syz.3.1381" path="socket:[37386]" dev="sockfs" ino=37386 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  534.065857][   T39] audit: type=1400 audit(1726605812.593:5770): avc:  denied  { read } for  pid=11279 comm="syz.3.1381" path="socket:[37386]" dev="sockfs" ino=37386 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  534.317315][T11286] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1383'.
[  534.474374][ T5398] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  534.533307][T11288] netlink: 'syz.1.1382': attribute type 7 has an invalid length.
[  534.629156][T11291] serio: Serial port ttynull
[  534.666311][ T5398] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.669346][ T5398] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  534.673183][ T5398] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  534.677034][ T5398] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  534.679802][ T5398] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.745716][ T5398] usb 5-1: config 0 descriptor??
[  535.220608][ T5398] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  535.223019][ T5398] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  535.229460][ T5398] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  535.400984][T11301] syz.1.1385 (11301): drop_caches: 2
[  535.484694][T11284] siw: device registration error -23
[  535.716829][T11305] input: syz0 as /devices/virtual/input/input39
[  536.388240][T11308] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1388'.
[  536.664626][ T5402] usb 5-1: reset high-speed USB device number 12 using dummy_hcd
[  537.239702][T11313] lo speed is unknown, defaulting to 1000
[  537.575985][ T5350] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  537.580000][ T5350] Bluetooth: hci5: Injecting HCI hardware error event
[  537.586605][ T5350] Bluetooth: hci5: hardware error 0x00
[  537.850968][   T39] audit: type=1400 audit(1726605816.413:5771): avc:  denied  { setopt } for  pid=11315 comm="syz.3.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  537.856116][ T5376] usb 5-1: USB disconnect, device number 12
[  537.870769][T11317] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1390'.
[  537.874312][   T39] audit: type=1400 audit(1726605816.433:5772): avc:  denied  { write } for  pid=11315 comm="syz.3.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  537.885270][   T39] audit: type=1400 audit(1726605816.433:5773): avc:  denied  { nlmsg_write } for  pid=11315 comm="syz.3.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  538.203010][T11322] Invalid option length (1031570) for dns_resolver key
[  539.654322][ T5350] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  540.789161][   T39] audit: type=1400 audit(1726605819.353:5774): avc:  denied  { map } for  pid=11345 comm="syz.1.1398" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  540.855720][ T1137] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  540.990938][   T39] audit: type=1400 audit(1726605819.543:5775): avc:  denied  { call } for  pid=11345 comm="syz.1.1398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  541.018429][T11351] lo speed is unknown, defaulting to 1000
[  543.249574][T11375] Invalid option length (1031570) for dns_resolver key
[  544.584945][T11391] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1408'.
[  545.468091][T11408] fuse: Unknown parameter '0x0000000000000009'
[  549.028055][T11450] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  549.038087][T11450] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1420'.
[  549.078579][T11449] dccp_close: ABORT with 214 bytes unread
[  549.248937][T11454] misc userio: Can't change port type on an already running userio instance
[  549.784962][T11460] usb usb8: usbfs: process 11460 (syz.1.1422) did not claim interface 0 before use
[  550.128443][   T39] audit: type=1400 audit(1726605828.693:5776): avc:  denied  { bind } for  pid=11452 comm="syz.3.1424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  551.569335][   T76] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  552.138279][T11496] xt_time: invalid argument - start or stop time greater than 23:59:59
[  552.736127][T11492] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  552.738124][T11492] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  552.739854][T11492] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  552.741647][T11492] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  552.743386][T11492] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  553.812477][   T11] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  554.114997][   T39] audit: type=1326 audit(1726605832.663:5777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.122693][   T39] audit: type=1326 audit(1726605832.663:5778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.144905][ T5350] Bluetooth: hci3: command 0x0406 tx timeout
[  554.150486][   T39] audit: type=1326 audit(1726605832.673:5779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.160649][   T39] audit: type=1326 audit(1726605832.683:5780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.171668][   T39] audit: type=1326 audit(1726605832.683:5781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.177868][   T39] audit: type=1326 audit(1726605832.703:5782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.184326][   T39] audit: type=1326 audit(1726605832.703:5783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.191418][   T39] audit: type=1326 audit(1726605832.703:5784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.199460][   T39] audit: type=1326 audit(1726605832.703:5785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11507 comm="syz.3.1433" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2cda57def9 code=0x7ffc0000
[  554.324453][T11513] fuse: Unknown parameter '0x0000000000000009'
[  554.490751][T11511] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  554.493519][T11511] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  554.530455][T11511] vhci_hcd vhci_hcd.0: Device attached
[  554.694011][T11515] vhci_hcd: connection closed
[  554.697275][   T76] vhci_hcd: stop threads
[  554.700624][   T76] vhci_hcd: release socket
[  554.713084][   T76] vhci_hcd: disconnect device
[  554.723198][    T8] vhci_hcd: vhci_device speed not set
[  554.763057][ T5350] Bluetooth: hci6: command 0x0c1a tx timeout
[  554.763097][ T4770] Bluetooth: hci1: command 0x0c1a tx timeout
[  554.767201][ T5350] Bluetooth: hci2: command 0x0c1a tx timeout
[  554.768087][ T4770] Bluetooth: hci4: command 0x0405 tx timeout
[  555.021691][T11519] bridge0: port 3(syz_tun) entered blocking state
[  555.023997][T11519] bridge0: port 3(syz_tun) entered disabled state
[  555.026344][T11519] syz_tun: entered allmulticast mode
[  555.032020][T11519] syz_tun: entered promiscuous mode
[  555.037145][T11519] bridge0: port 3(syz_tun) entered blocking state
[  555.039669][T11519] bridge0: port 3(syz_tun) entered forwarding state
[  555.286699][   T39] kauditd_printk_skb: 35 callbacks suppressed
[  555.286722][   T39] audit: type=1326 audit(1726605833.850:5821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11524 comm="syz.2.1439" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf3ff7def9 code=0x0
[  555.398228][   T39] audit: type=1400 audit(1726605833.971:5822): avc:  denied  { listen } for  pid=11530 comm="syz.0.1441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  555.486226][T11535] misc userio: Begin command sent, but we're already running
[  556.422074][T11546] netlink: 'syz.0.1445': attribute type 5 has an invalid length.
[  556.538149][   T39] audit: type=1400 audit(1726605835.109:5823): avc:  denied  { create } for  pid=11547 comm="syz.3.1446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  556.557670][   T39] audit: type=1400 audit(1726605835.140:5824): avc:  denied  { bind } for  pid=11547 comm="syz.3.1446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  556.627653][   T39] audit: type=1400 audit(1726605835.200:5825): avc:  denied  { ioctl } for  pid=11556 comm="syz.2.1449" path="socket:[37734]" dev="sockfs" ino=37734 ioctlcmd=0x8919 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  556.651386][   T39] audit: type=1400 audit(1726605835.220:5826): avc:  denied  { write } for  pid=11556 comm="syz.2.1449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  556.718698][T11548] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1446'.
[  556.731444][T11553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  556.823303][   T39] audit: type=1400 audit(1726605835.402:5827): avc:  denied  { create } for  pid=11552 comm="syz.0.1447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  556.838032][T11517] Bluetooth: hci6: command 0x0c1a tx timeout
[  556.941137][T11558] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  557.033720][T11561] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  557.800598][T11567] lo speed is unknown, defaulting to 1000
[  560.855288][T11607] 9pnet_fd: Insufficient options for proto=fd
[  561.279664][T11604] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  561.346268][T11604] kvm: pic: non byte read
[  561.357417][T11604] kvm: pic: non byte read
[  561.368858][T11604] kvm: pic: non byte read
[  561.372232][T11604] kvm: pic: non byte read
[  561.385932][T11604] kvm: pic: non byte read
[  561.389292][T11604] kvm: pic: non byte read
[  561.393722][T11604] kvm: pic: non byte read
[  562.017490][T11627] lo speed is unknown, defaulting to 1000
[  563.191834][ T1381] ieee802154 phy1 wpan1: encryption failed: -22
[  563.776252][ T6892] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  563.975162][ T6892] usb 6-1: Using ep0 maxpacket: 8
[  563.982538][T11646] sg_write: data in/out 655360/1 bytes for SCSI command 0xf2-- guessing data in;
[  563.982538][T11646]    program syz.3.1468 not setting count and/or reply_len properly
[  563.988491][ T6892] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  563.991376][ T6892] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  563.994129][ T6892] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  563.999119][ T6892] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  564.009408][ T6892] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  564.016773][ T6892] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.284661][ T6892] usb 6-1: usb_control_msg returned -32
[  564.286162][ T6892] usbtmc 6-1:16.0: can't read capabilities
[  564.302889][T11517] Bluetooth: hci4: unexpected event for opcode 0x0c5a
[  564.315881][ T5376] usb 6-1: USB disconnect, device number 7
[  564.613867][T11659] input: syz0 as /devices/virtual/input/input41
[  565.267052][   T39] audit: type=1400 audit(1726605843.912:5828): avc:  denied  { bind } for  pid=11664 comm="syz.0.1473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  566.726701][   T39] audit: type=1400 audit(1726605845.371:5829): avc:  denied  { view } for  pid=11677 comm="syz.1.1476" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  568.346288][T11517] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  568.348920][T11517] Bluetooth: hci4: Injecting HCI hardware error event
[  568.354085][T11517] Bluetooth: hci4: hardware error 0x00
[  570.259537][T11720] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1485'.
[  570.413648][T11517] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  570.623393][T11728] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1486'.
[  570.627933][T11728] futex_wake_op: syz.3.1486 tries to shift op by -1; fix this program
[  570.637138][   T39] audit: type=1400 audit(1726605849.316:5830): avc:  denied  { setopt } for  pid=11724 comm="syz.3.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  571.122105][T11730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  571.549223][T11731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  571.758568][T11739] zonefs (nullb0) ERROR: Not a zoned block device
[  571.963246][   T45] ÿÿÿÿÿÿ: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  572.957302][T11763] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0
[  573.292650][   T39] audit: type=1400 audit(1726605851.982:5831): avc:  denied  { ioctl } for  pid=11754 comm="syz.2.1492" path="socket:[38397]" dev="sockfs" ino=38397 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  573.377988][T11771] ipvlan1: left promiscuous mode
[  573.415723][T11771] batman_adv: batadv0: Interface activated: ipvlan1
[  574.166352][T11775] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1494'.
[  574.350801][T11781] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  574.435135][T11786] 9pnet_fd: Insufficient options for proto=fd
[  577.661731][   T39] audit: type=1400 audit(1726605856.376:5832): avc:  denied  { unmount } for  pid=5787 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  577.743301][T11816] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  578.391199][T11831] 9pnet_fd: Insufficient options for proto=fd
[  579.619163][T11841] lo speed is unknown, defaulting to 1000
[  579.981901][   T39] audit: type=1400 audit(1726605858.719:5833): avc:  denied  { bind } for  pid=11846 comm="syz.2.1514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  581.132821][   T39] audit: type=1400 audit(1726605859.855:5834): avc:  denied  { read append } for  pid=11855 comm="syz.3.1516" name="cgroup.controllers" dev="9p" ino=36575713 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  581.139107][   T39] audit: type=1400 audit(1726605859.865:5835): avc:  denied  { open } for  pid=11855 comm="syz.3.1516" path="/111/file0/cgroup.controllers" dev="9p" ino=36575713 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  581.152790][   T39] audit: type=1400 audit(1726605859.865:5836): avc:  denied  { write } for  pid=11855 comm="syz.3.1516" name="cgroup.controllers" dev="9p" ino=36575713 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  582.427175][T11855] ==================================================================
[  582.429442][T11855] BUG: KASAN: use-after-free in _copy_from_iter+0xd44/0x1550
[  582.431365][T11855] Read of size 16 at addr ffff88801a808000 by task syz.3.1516/11855
[  582.434748][T11855] 
[  582.435963][T11855] CPU: 3 UID: 0 PID: 11855 Comm: syz.3.1516 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  582.438910][T11855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  582.441714][T11855] Call Trace:
[  582.442857][T11855]  <TASK>
[  582.443659][T11855]  dump_stack_lvl+0x116/0x1f0
[  582.444917][T11855]  print_report+0xc3/0x620
[  582.446127][T11855]  ? __virt_addr_valid+0x5e/0x590
[  582.447477][T11855]  ? __phys_addr+0xc6/0x150
[  582.448665][T11855]  kasan_report+0xd9/0x110
[  582.449858][T11855]  ? _copy_from_iter+0xd44/0x1550
[  582.451175][T11855]  ? _copy_from_iter+0xd44/0x1550
[  582.452501][T11855]  kasan_check_range+0xef/0x1a0
[  582.453735][T11855]  __asan_memcpy+0x23/0x60
[  582.454750][T11855]  _copy_from_iter+0xd44/0x1550
[  582.456018][T11855]  ? __pfx__copy_from_iter+0x10/0x10
[  582.457425][T11855]  ? __virt_addr_valid+0x5e/0x590
[  582.458752][T11855]  ? __phys_addr_symbol+0x30/0x80
[  582.460068][T11855]  ? __check_object_size+0x497/0x720
[  582.461473][T11855]  p9pdu_vwritef+0x2d0/0x1cf0
[  582.462726][T11855]  ? p9pdu_writef+0xc4/0x100
[  582.463950][T11855]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  582.465319][T11855]  ? __pfx_p9_tag_alloc+0x10/0x10
[  582.466689][T11855]  ? debug_check_no_obj_freed+0x328/0x600
[  582.468169][T11855]  p9_client_prepare_req+0x244/0x4d0
[  582.469560][T11855]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  582.471085][T11855]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  582.472617][T11855]  ? debug_check_no_obj_freed+0x328/0x600
[  582.474121][T11855]  ? find_held_lock+0x2d/0x110
[  582.475370][T11855]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  582.476883][T11855]  p9_client_rpc+0x1c3/0xc10
[  582.478148][T11855]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  582.479745][T11855]  ? __pfx_p9_client_rpc+0x10/0x10
[  582.481089][T11855]  ? mark_held_locks+0x9f/0xe0
[  582.482351][T11855]  ? kasan_quarantine_put+0x10a/0x240
[  582.483748][T11855]  ? lockdep_hardirqs_on+0x7c/0x110
[  582.485118][T11855]  ? kmem_cache_free+0x12f/0x3a0
[  582.486540][T11855]  ? p9_req_put+0x1c6/0x250
[  582.488169][T11855]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  582.490039][T11855]  p9_client_write+0x31f/0x680
[  582.491294][T11855]  ? __pfx_p9_client_write+0x10/0x10
[  582.492715][T11855]  ? mark_held_locks+0x9f/0xe0
[  582.493988][T11855]  v9fs_issue_write+0xe2/0x180
[  582.495234][T11855]  ? __pfx_v9fs_issue_write+0x10/0x10
[  582.496735][T11855]  ? rcu_is_watching+0x12/0xc0
[  582.497993][T11855]  ? trace_netfs_sreq+0x193/0x220
[  582.499303][T11855]  netfs_do_issue_write+0x92/0x110
[  582.500671][T11855]  netfs_advance_write+0x384/0xbd0
[  582.502035][T11855]  ? netfs_buffer_append_folio+0x569/0x750
[  582.503564][T11855]  netfs_write_folio+0xc44/0x18f0
[  582.504894][T11855]  netfs_writepages+0x2ba/0xb90
[  582.506230][T11855]  ? __pfx_netfs_writepages+0x10/0x10
[  582.508147][T11855]  ? do_raw_spin_lock+0x12d/0x2c0
[  582.509977][T11855]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  582.511914][T11855]  ? __pfx_netfs_writepages+0x10/0x10
[  582.513877][T11855]  do_writepages+0x1a3/0x7f0
[  582.515558][T11855]  ? __pfx_do_writepages+0x10/0x10
[  582.517434][T11855]  ? __pfx_lock_acquire+0x10/0x10
[  582.519273][T11855]  ? do_raw_spin_lock+0x12d/0x2c0
[  582.521117][T11855]  ? do_raw_spin_unlock+0x172/0x230
[  582.523016][T11855]  ? _raw_spin_unlock+0x28/0x50
[  582.524712][T11855]  ? wbc_attach_and_unlock_inode+0x597/0x940
[  582.526803][T11855]  filemap_fdatawrite_wbc+0x148/0x1c0
[  582.528753][T11855]  ? trace_contention_end+0xea/0x140
[  582.530596][T11855]  __filemap_fdatawrite_range+0xba/0x100
[  582.532569][T11855]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  582.534856][T11855]  v9fs_dir_release+0x429/0x590
[  582.536579][T11855]  ? __pfx_v9fs_dir_release+0x10/0x10
[  582.538531][T11855]  ? __pfx_v9fs_dir_release+0x10/0x10
[  582.540473][T11855]  __fput+0x3f6/0xb60
[  582.541951][T11855]  ? _raw_spin_unlock_irq+0x23/0x50
[  582.543846][T11855]  task_work_run+0x14e/0x250
[  582.545536][T11855]  ? __pfx_task_work_run+0x10/0x10
[  582.547367][T11855]  ? __pfx___lock_acquire+0x10/0x10
[  582.549266][T11855]  get_signal+0x1ca/0x2770
[  582.550896][T11855]  ? lock_acquire+0x1b1/0x560
[  582.552609][T11855]  ? find_held_lock+0x2d/0x110
[  582.554379][T11855]  ? __pfx_get_signal+0x10/0x10
[  582.556141][T11855]  ? __pfx_lock_release+0x10/0x10
[  582.557978][T11855]  ? do_raw_spin_lock+0x12d/0x2c0
[  582.559800][T11855]  arch_do_signal_or_restart+0x90/0x7e0
[  582.561815][T11855]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  582.564056][T11855]  ? __do_sys_rt_sigreturn+0x167/0x230
[  582.566047][T11855]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  582.568148][T11855]  syscall_exit_to_user_mode+0x150/0x2a0
[  582.570205][T11855]  do_syscall_64+0xda/0x250
[  582.571861][T11855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.574043][T11855] RIP: 0033:0x7f2cda57def9
[  582.575665][T11855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.582569][T11855] RSP: 002b:00007ffcf58e21c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  582.585417][T11855] RAX: 0000000000000000 RBX: 000000000008dda3 RCX: 00007f2cda57def9
[  582.588215][T11855] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  582.590929][T11855] RBP: 00007f2cda737a80 R08: 0000000000000001 R09: 00007ffcf58e24bf
[  582.593655][T11855] R10: 00007f2cda400000 R11: 0000000000000246 R12: 000000000008e355
[  582.596360][T11855] R13: 00007ffcf58e22d0 R14: 0000000000000032 R15: ffffffffffffffff
[  582.599076][T11855]  </TASK>
[  582.600137][T11855] 
[  582.600971][T11855] The buggy address belongs to the physical page:
[  582.603159][T11855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x203ef pfn:0x1a808
[  582.606228][T11855] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  582.608608][T11855] page_type: 0xbfffffff(buddy)
[  582.610253][T11855] raw: 00fff00000000000 ffffea0000de3e08 ffffea0000df7208 0000000000000000
[  582.613167][T11855] raw: 00000000000203ef 0000000000000003 00000000bfffffff 0000000000000000
[  582.616051][T11855] page dumped because: kasan: bad access detected
[  582.618248][T11855] page_owner tracks the page as freed
[  582.620066][T11855] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 11857, tgid 11853 (syz.0.1515), ts 582079166989, free_ts 582139576036
[  582.626397][T11855]  post_alloc_hook+0x2d1/0x350
[  582.628027][T11855]  get_page_from_freelist+0x1351/0x2e50
[  582.629920][T11855]  __alloc_pages_noprof+0x22b/0x2460
[  582.631821][T11855]  alloc_pages_mpol_noprof+0x275/0x610
[  582.633690][T11855]  folio_alloc_mpol_noprof+0x36/0xd0
[  582.635486][T11855]  vma_alloc_folio_noprof+0xee/0x1b0
[  582.637304][T11855]  do_wp_page+0xfd7/0x3430
[  582.638836][T11855]  __handle_mm_fault+0x2474/0x5650
[  582.640572][T11855]  handle_mm_fault+0x498/0xa60
[  582.642212][T11855]  do_user_addr_fault+0x7a3/0x13f0
[  582.643968][T11855]  exc_page_fault+0x5c/0xc0
[  582.645539][T11855]  asm_exc_page_fault+0x26/0x30
[  582.646877][T11855] page last free pid 11857 tgid 11853 stack trace:
[  582.648784][T11855]  free_unref_folios+0x9e9/0x1390
[  582.650500][T11855]  folios_put_refs+0x560/0x760
[  582.652133][T11855]  free_pages_and_swap_cache+0x36d/0x510
[  582.654056][T11855]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  582.656086][T11855]  tlb_flush_mmu+0xe9/0x590
[  582.657622][T11855]  unmap_page_range+0x1d20/0x3d30
[  582.659339][T11855]  unmap_single_vma+0x194/0x2b0
[  582.661007][T11855]  unmap_vmas+0x22f/0x490
[  582.662476][T11855]  exit_mmap+0x1b8/0xb20
[  582.663931][T11855]  __mmput+0x12a/0x480
[  582.665323][T11855]  mmput+0x62/0x70
[  582.666576][T11855]  do_exit+0x9bf/0x2bb0
[  582.668008][T11855]  do_group_exit+0xd3/0x2a0
[  582.669585][T11855]  get_signal+0x25fb/0x2770
[  582.671139][T11855]  arch_do_signal_or_restart+0x90/0x7e0
[  582.673123][T11855]  syscall_exit_to_user_mode+0x150/0x2a0
[  582.675051][T11855] 
[  582.675877][T11855] Memory state around the buggy address:
[  582.677882][T11855]  ffff88801a807f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  582.680578][T11855]  ffff88801a807f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  582.683295][T11855] >ffff88801a808000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  582.686017][T11855]                    ^
[  582.687425][T11855]  ffff88801a808080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  582.690151][T11855]  ffff88801a808100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  582.692889][T11855] ==================================================================
[  582.739699][T11855] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  582.741994][T11855] CPU: 3 UID: 0 PID: 11855 Comm: syz.3.1516 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0
[  582.745383][T11855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  582.748864][T11855] Call Trace:
[  582.750054][T11855]  <TASK>
[  582.751094][T11855]  dump_stack_lvl+0x3d/0x1f0
[  582.752617][T11855]  panic+0x6dc/0x7c0
[  582.753729][T11855]  ? __pfx_panic+0x10/0x10
[  582.755302][T11855]  ? preempt_schedule_thunk+0x1a/0x30
[  582.757154][T11855]  ? preempt_schedule_common+0x44/0xc0
[  582.758857][T11855]  ? check_panic_on_warn+0x1f/0xb0
[  582.760667][T11855]  check_panic_on_warn+0xab/0xb0
[  582.762127][T11855]  end_report+0x117/0x180
[  582.763293][T11855]  kasan_report+0xe9/0x110
[  582.764482][T11855]  ? _copy_from_iter+0xd44/0x1550
[  582.765834][T11855]  ? _copy_from_iter+0xd44/0x1550
[  582.767173][T11855]  kasan_check_range+0xef/0x1a0
[  582.768468][T11855]  __asan_memcpy+0x23/0x60
[  582.769672][T11855]  _copy_from_iter+0xd44/0x1550
[  582.770964][T11855]  ? __pfx__copy_from_iter+0x10/0x10
[  582.772616][T11855]  ? __virt_addr_valid+0x5e/0x590
[  582.774403][T11855]  ? __phys_addr_symbol+0x30/0x80
[  582.775938][T11855]  ? __check_object_size+0x497/0x720
[  582.777356][T11855]  p9pdu_vwritef+0x2d0/0x1cf0
[  582.778617][T11855]  ? p9pdu_writef+0xc4/0x100
[  582.779840][T11855]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  582.781209][T11855]  ? __pfx_p9_tag_alloc+0x10/0x10
[  582.782533][T11855]  ? debug_check_no_obj_freed+0x328/0x600
[  582.784034][T11855]  p9_client_prepare_req+0x244/0x4d0
[  582.785439][T11855]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  582.787123][T11855]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  582.789165][T11855]  ? debug_check_no_obj_freed+0x328/0x600
[  582.791156][T11855]  ? find_held_lock+0x2d/0x110
[  582.792844][T11855]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  582.794488][T11855]  p9_client_rpc+0x1c3/0xc10
[  582.795759][T11855]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  582.797440][T11855]  ? __pfx_p9_client_rpc+0x10/0x10
[  582.798806][T11855]  ? mark_held_locks+0x9f/0xe0
[  582.800345][T11855]  ? kasan_quarantine_put+0x10a/0x240
[  582.802162][T11855]  ? lockdep_hardirqs_on+0x7c/0x110
[  582.803986][T11855]  ? kmem_cache_free+0x12f/0x3a0
[  582.805910][T11855]  ? p9_req_put+0x1c6/0x250
[  582.807504][T11855]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  582.809401][T11855]  p9_client_write+0x31f/0x680
[  582.811073][T11855]  ? __pfx_p9_client_write+0x10/0x10
[  582.812719][T11855]  ? mark_held_locks+0x9f/0xe0
[  582.814398][T11855]  v9fs_issue_write+0xe2/0x180
[  582.816062][T11855]  ? __pfx_v9fs_issue_write+0x10/0x10
[  582.817930][T11855]  ? rcu_is_watching+0x12/0xc0
[  582.819409][T11855]  ? trace_netfs_sreq+0x193/0x220
[  582.820722][T11855]  netfs_do_issue_write+0x92/0x110
[  582.822097][T11855]  netfs_advance_write+0x384/0xbd0
[  582.823438][T11855]  ? netfs_buffer_append_folio+0x569/0x750
[  582.824957][T11855]  netfs_write_folio+0xc44/0x18f0
[  582.826313][T11855]  netfs_writepages+0x2ba/0xb90
[  582.827620][T11855]  ? __pfx_netfs_writepages+0x10/0x10
[  582.829028][T11855]  ? do_raw_spin_lock+0x12d/0x2c0
[  582.830349][T11855]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  582.831756][T11855]  ? __pfx_netfs_writepages+0x10/0x10
[  582.833294][T11855]  do_writepages+0x1a3/0x7f0
[  582.834589][T11855]  ? __pfx_do_writepages+0x10/0x10
[  582.835995][T11855]  ? __pfx_lock_acquire+0x10/0x10
[  582.837489][T11855]  ? do_raw_spin_lock+0x12d/0x2c0
[  582.839232][T11855]  ? do_raw_spin_unlock+0x172/0x230
[  582.840684][T11855]  ? _raw_spin_unlock+0x28/0x50
[  582.842130][T11855]  ? wbc_attach_and_unlock_inode+0x597/0x940
[  582.843771][T11855]  filemap_fdatawrite_wbc+0x148/0x1c0
[  582.845277][T11855]  ? trace_contention_end+0xea/0x140
[  582.846689][T11855]  __filemap_fdatawrite_range+0xba/0x100
[  582.848515][T11855]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  582.850169][T11855]  v9fs_dir_release+0x429/0x590
[  582.851451][T11855]  ? __pfx_v9fs_dir_release+0x10/0x10
[  582.852864][T11855]  ? __pfx_v9fs_dir_release+0x10/0x10
[  582.854284][T11855]  __fput+0x3f6/0xb60
[  582.855344][T11855]  ? _raw_spin_unlock_irq+0x23/0x50
[  582.856726][T11855]  task_work_run+0x14e/0x250
[  582.858013][T11855]  ? __pfx_task_work_run+0x10/0x10
[  582.859722][T11855]  ? __pfx___lock_acquire+0x10/0x10
[  582.861337][T11855]  get_signal+0x1ca/0x2770
[  582.862510][T11855]  ? lock_acquire+0x1b1/0x560
[  582.863755][T11855]  ? find_held_lock+0x2d/0x110
[  582.865032][T11855]  ? __pfx_get_signal+0x10/0x10
[  582.866327][T11855]  ? __pfx_lock_release+0x10/0x10
[  582.867667][T11855]  ? do_raw_spin_lock+0x12d/0x2c0
[  582.869018][T11855]  arch_do_signal_or_restart+0x90/0x7e0
[  582.870472][T11855]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  582.872086][T11855]  ? __do_sys_rt_sigreturn+0x167/0x230
[  582.873532][T11855]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  582.875072][T11855]  syscall_exit_to_user_mode+0x150/0x2a0
[  582.876657][T11855]  do_syscall_64+0xda/0x250
[  582.878222][T11855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.880237][T11855] RIP: 0033:0x7f2cda57def9
[  582.881791][T11855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.888341][T11855] RSP: 002b:00007ffcf58e21c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  582.890524][T11855] RAX: 0000000000000000 RBX: 000000000008dda3 RCX: 00007f2cda57def9
[  582.892815][T11855] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  582.895060][T11855] RBP: 00007f2cda737a80 R08: 0000000000000001 R09: 00007ffcf58e24bf
[  582.897133][T11855] R10: 00007f2cda400000 R11: 0000000000000246 R12: 000000000008e355
[  582.899179][T11855] R13: 00007ffcf58e22d0 R14: 0000000000000032 R15: ffffffffffffffff
[  582.901333][T11855]  </TASK>
[  582.902811][T11855] Kernel Offset: disabled
[  582.904240][T11855] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:28:16  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=1ffff920006e2f91 RCX=0000000000000001 RDX=0000000000000000
RSI=00000000ffffffff RDI=ffffffff8ddba640 RBP=0000000000000000 RSP=ffffc90003717c38
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=ffff88805c02c880 R13=00000000ffffffff R14=dffffc0000000000 R15=0000000000000000
RIP=ffffffff8b180af5 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f2cdb2f06c0 ffffffff 00c00000
GS =0000 ffff88806a600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002000e0c1 CR3=000000005a1ca000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda5f199a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda5f19a7
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda5f19a1
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda5f19b5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda5f1a3b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda5f1b19
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda70b488 00007f2cda70b480 00007f2cda70b478 00007f2cda70b450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cdb26d100 00007f2cda70b440 00007f2cda70b458 00007f2cda70b4a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cda70b498 00007f2cda70b490 00007f2cda70b488 00007f2cda70b480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000238bced RBX=0000000000000001 RCX=ffffffff8b181979 RDX=0000000000000000
RSI=ffffffff8b4cdac0 RDI=ffffffff8bb118a0 RBP=ffffed1003ad8910 RSP=ffffc90000187e08
R8 =0000000000000001 R9 =ffffed100d4e6fd9 R10=ffff88806a737ecb R11=0000000000000000
R12=0000000000000001 R13=ffff88801d6c4880 R14=ffffffff901d9998 R15=0000000000000000
RIP=ffffffff8b182d5f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002002b000 CR3=0000000031bd6000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000020000 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 abccc4f4c79949c5 591d6eb399c8a481
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8ea6e23de1028b96 c5bb037fad446574
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d03f1fc7bfc16fd9 d3d6b8b33a0d5f2a
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 19c2a65fc5413457 277a1e72aca4c6cb
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000005c0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c0e08d450000031e 4b7e0000d9fd0000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 473aff48016186d3 fc4efddda5befd5d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01617d5a15990000 7314e6a477367079
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9e530000a7647575 0000009821750000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cf00663bdde62184 9d2a0cdda20525cb
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e109cc42e54bffe 630381ab8a02b8f2
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000000 RCX=1ffff1100490715b RDX=ffffffff96a40fa8
RSI=1ffff92000796f33 RDI=ffff88804d6a23e0 RBP=0000000000000001 RSP=ffffc90003cb7908
R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff901d999f R11=0000000000000000
R12=ffff88804d6a23d8 R13=0000000000000000 R14=0000000000000000 R15=ffff888024838000
RIP=ffffffff8169892b RFL=00000802 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 00007f8b7bab86c0 ffffffff 00c00000
GS =0000 ffff88806a800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f5aa4853cf1 CR3=0000000041fe4000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000017 000000000001df8a
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555879041ec 00005555879041e0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555878f94a0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555878fe844 00005555878fe5d0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555878ff838 00005555878ff810
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000037313335 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0398032008000390 0303ffffffff0403 800303ffffffff04 02f00300080002e8
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100000a08060380 0302a01000018004 0a10000400000000 00080007000e0008
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff0403b00303ffff ffff0403a0030008 0003980300080003 90034e0800038803
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080003d803000800 03d0031eaffffffe 080003c80323fe08 0003c00303ffffff
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0102cc1000038004 141000060101ee00 0800049003000800 0488030408000480
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0303ffffffff0403 f00303ffffffff04 03e00300080003d8 0300080003d0031e
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 affffffe080003c8 0323fe080003c003 03ffffffff0403b0 0303ffffffff0403
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 a003000800039803 0008000390034e08 000388030100000a 080603800302a010
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000000005d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8503b9e5 RDI=ffffffff9a687d80 RBP=ffffffff9a687d40 RSP=ffffc90003156978
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3130383838666652
R12=0000000000000000 R13=000000000000005d R14=ffffffff8503b980 R15=0000000000000000
RIP=ffffffff8503ba0f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555589182500 ffffffff 00c00000
GS =0000 ffff88806a900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020155030 CR3=000000005a1ca000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000ffffff00 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fcd381bbe0ce9d02 8e15906f6d5c0341
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 07df4b22fb6f8776 8e136338f42f78a8
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b3a02b505cfef0eb 13c866e257f67d50
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fcdb7f3a56d13833 d2a0ddee150b3a13
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000600
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0161bea9000001a8 1f04000001000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000011800161d9d9 482de01f01000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0161c0cf65000000 c4cc0000ca370000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0161d9d905ad0080 aa1a0080b3382f1f
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 abccc4f4c79949c5 591d6eb399c8a481
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8ea6e23de1028b96 c5bb037fad446574
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3067732f7665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1344500c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000