last executing test programs:

5.243637003s ago: executing program 1 (id=734):
r0 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000100)="6cd00ad9f547265a31f7d344d48ed30299fa5fd73b19d1f8a9f626397c910e91fb3a98c88d0987820a26c1c4e55e683f1753436a41b8bf78fc6f5f169d163656ccfdee8c9bcba4fba85466571b28291fc14ab0fecb9f2851be69cc058d4d09287245d21d95e0f5205e354fbe11826e82a3a1c702f312809b512887c12553de7db249c5fc32c6b683fbf69f29b4b5fed579374c6c268803e0e243f08527f785885efd2723ed864b84a190d3f86d5e76d252311bcf8a418489771c4fef", 0xbc}, {&(0x7f00000001c0)="16fd5ac6041186eef5d43ee1688cb6bce5c4e531c42c3f06d36b8d094024bedd54e972553ffa378f78da3e8833b8fe7543b3965118397eebf12583b0e7aa29acaef29022c9ee289eba53bc538cb65da9550256577f198a0be1b31e319cb22caa352546babd6b4029ea679ce3ecd6476a4ac011dd9f3219df219929f9effb", 0x7e}, {&(0x7f0000001180)="8e01d0aa846ccf3d26e71c54161768a5c07eec0a33c7ccdd8f113cabc3392827fb3bfbbd14c1d49186c6c7bd84ce3ef36fece20be3be0d01b76271952864da83fb4161482cbdc99b4c80c7843091d1175343f129d74b0346ec4d891366272d4aaa8011a57f6c29b690aa1f8fb50625eb58ddf29b2d8d5f0085117a610790f194ce23b1b00eeccb0cf52f42097d8e017be35114aeb6cdc794f050d02d01c1d023a9621323f28254da712f9d2d66c581ffa5395da085b28d3715db5254469b1ea34be74168b16d0d920c57447ede95ddd5055c3b191a7349d5418c978308fc927da60e48099af88ec6b20bc5c3bcae69e6e64520f4ad424b9988e9c94bac64a67ba63572f0b282bacb8948482040e960055d9b3833963a5ca8e4fd8e531203d3d575cb58e2525921fdd462551139973cc1225a1236d7e6ba7e88acff444f935f392e08b46f146a411828782656f490a4f2d73faba200ec35c60aab97649b67e79e1441cf8df57c46ab9b53a4a43b9047ee955b7fdc45a8bde8205db0addcbf2e97302bfa887c23adbe36d4cf8ce3751394369525a4c38e871c347cf0685d5c0cb3c4a94d46746d51c28b907985e200974a5bf5ce3aacf662361e61b5c525eb4ee0fccc5d4a27d0372fc8e9d3c0b3bc6e71d566b7ccaa36f784ae5b46ccd35dabda2fcc604c9f08681d1423f5243ac4e25762d7d27449a1cbf954bc4bea82990253583b841b2b3cbb26d8101d824a22a75911f84dab6f9e74e04e3a2ff349ec9853957f64275b35f5b065388944b1bb58d62bcd4b726d5d3bd51b05ff083de4cd6108dc177e7700d0221a6c99d58bb9de204b0ba7e789f38cda41216822bd32dc33f4a8e9300fcf295cad27ffae7c040ca71d014b0255c159d6bdd8fe67de63b8422a9119949e193a43afe71a347c1bb39e831336dd4789246420a76af8f1bef90ed697dd52618c2ad39dfb0121f92f735ff7b6d3249177b33e1014a3e0ac104b41cb6c9b4ea6d6adf3e13df16acb4bd7a6bdee678ad786d0bc40434bdb51a5513d948717c5b87542ecb4f165c45bd5d88f2b437a161a679d596de550f7e50ae88bb976fbc5f69e7c3d28f1eab1af0398a78cb5dc0acdb874d1012a65631d69c5f2405261fe197c31803893b90e8927c29dafd1997e9aa50a373cfcbb91414438fee474d7e56afb23eee0e1c9bbb6a7cab3a629d1c5c0c39a580ce4b8453a31348555bdfc5a6a44bf15228a42a90b1d3739ce2cdb806a6b780e593b7a11b150d9827375e49d5c77be2e3813e938fe1a25da9c3cc8f07a5997c3efae2b6ac8dc55e1a738834a4888a14cdd47fe5e8996b1d14d813ade3e9753347f35609d88e1cd88a0c644c8a1d8234e91b4b9de70f3fee09c4b49e0f664bfcd5091ebce2afae207d1b877e3ad8544069010d02e50643a87d2ba2bda543f917669a55ac22067899c397989ee836c2a28e9e66a33f87d55438188b1a8bb59d49a9fddb6109dfde49473ea0004db04e73cbad5eb19208cda9b59f71e0b341001e0dc7e608d6b3501f16a101d388603c21f5a3221f555249b9bd6b6e9218636f577aa2bcb4b55b8fa23ef2b44fc017be9726929660267e18a467da3686bf9de250e4f527e8b96a470cdb9335337b5601bdd46e2802ccd0a26054fbee751fa974cd934381b271ccb7b2eb6b4ba3ff14b7bb22f8984b723a6fda0ed4f200c3ed463e36e4569bb9065c9a57937b149ad68f3005b7ee3dca19588eb8aecc99989fbaee1278f1c984228362871b6dfe8fa31a76eb56bc668e9dd99661b0795be6dd1ea65aefa08c2ed4a73101eb00d8c677e132e716bc753f194c780530c9e1b6537aa3a3d8cc6174343be21b01dd7577f684db6d89048825b74a4a183db74d78aacc0288006b03cbe71c96f2271bdd78076fdb6d14143bb6243c42d34e426389f245c2f04ab2906003daf5511d27ce0bf03741d6994dc7b4fee6087d9cc3512b5764deb9dcf8d846c2dd4cb98dea282e82a5f5da1096007b35842209e52b1eedcc09758da0173c27005080b7927a3524d1e852cbbfdf4d2cee77f215787797b028ba48796e7cebee8582b535de9a98a51fdea866eb0ee74d9c89f98d255b71cb426764c3cd690942d7b17fc606f8a25104829e6f410c71bb26702d26539a6594191f4971de0d58e443fbe409f9e52de470e1ec7acad5892589e1bc192588e4c24bab29263d2095034bf1d684697d43ff389863ceef76a360b42245b6cfafdcdbc3e369d48c35f737d3e7c7559fbbf215dcfb25139503401a1f9f89c2a4e4b111712ed675b2c036423ebe0fda6bed3aaa4c94c46166fdf2183568131dec27b373a949d13fb20a47a793383d371d9d010179db207c188e8ad1046c92ec2b7e9d692ea0b3bdb0196cb3cb449ac30bc8b38f19fdff28afbf7c9e60ca0dfc263482a8942962f578749498ac80b6f4c9c847bf7ecfd0db0fcea36a0729ea8f6c655a368760c3ad8ec3c85194a9558cc268d6c7dd004bd2fbc025d9e538067ba48c184bd5c215d1f1037e4e72d95b986207997a5bd442320a297f83541dfab8fbfaa90b2aaf28c0d1668e9f7224395f843a23cb417bb0e1147afabe5bdaaa7540f315e3aa16aadcb0b8fad5f416b95124ce2f8ff63aceb090e2b495016a4977defba2cf34735614b4112214c1409174d37dab3902a415fd3227ff5f8ea6c330a45da38e24f048ad2dd8623644277314eb51afaa0874a75a443a2ffee1ed507afe5b15bbcd8c5330e71c5a71fdab5ec9f808e6a4d90a0dd7c1fbcf80f01e27d9057f42a5c4ecfe49db302f8069661b2b13e43072efd60ffc434039937eb50e43b82ae39f144d89bdc3e805664753e378798483ecec8d3ad4339f4efdd5b6a33ab7d14692c1528debfa27e7363a75efa8f5e9b0ea34389dd5b13e206cb664fec41ff9c7c224944db0bef60805060953d953949fb8e9d31603dfb8b42b197bb16ebaf6056622b64f7e4a2dcdc26fdb90b17de3541a663885fbe932641146213d1cfb8a6248af3fbcaccde9d70880f574435cfce013b110ee10ea4d36bc068d59c70dc83ff6d43bda431dc72b4b41652b3cadf84cdc2698bf3823d149266899ee42b4c83d738d725923803b61f3d6a932f026e070e2b6f29fe83427366a01876e03aeb91a67c3bf7fb098083e0e4efff893c630299f4a994e5537dd5864e87c73f752c757e9bcb115b1f68ae7cccbbbfc1be0c93c6d6a44c9924c5eb919d2ea300ee716fdb28d903afafd90530a426079bef36b605090c07b2dab66b657f0386205ed78925513972e164a45c6dced6d69c89c57b93682056f5d7f62601f3ef098b03eadcb2729ad7094d7a81a48c46ef873c781cdd2666e893b4e7007a2fa7657354d863f39ec8c1a86ff6770e6faa1b9af249504be2ce171b6c64d7d2b268bbe603e06081ac2d9e1cf8778dcb8d04fecddf121838172951cfece08758715ebea7c3fb3dbf6f2c1657fe11ea73d3d11fb0300e44823ae5c32ea1644c0736e202111fbd9bfb5660d174409664c07aaa2fc317159e22d0bd9aca1e88757cca502209ce169ce5e8f93467c2daa039c9c5b916f490271605e640b59ec2689d9ba2c26ea77067509e9cd75a0be96c0b6b531a43817ddbbd6bc8b680ce6cd1143287a498f3e4611354d8f0a566dcae72fbe0b5385ea2dfb723b1383715673d94581ebb111e37ff6cd840bc3333584d8b76312691244c29ab7a45481a4341695efff77a9b0550e249f34f45a736325a63228ea2f4d2efe6063627a51cbb52fc4375be965c998ec5739426a9220acde4283347a551204ddbef1edd8edc1883b93f62481ae97d40697b637c203671c8bcae552b69d586f93de423f88bd4ea2553ffd5e7a3ee69d633ce7535af8f0d3ed5d4178d2637e0edbfd70d6542e019140124285046a09f9b140c658e62cca6913d29921d04ede853e45f4e74ecb6a4d66c06c368a9e56278675fee2b7879b855e2a6072ed1c5ddaf7f92c0c79b5b9d7f500d23e233542f132357f863c4c000514cb6033110e0fcf57d56bce8be44223b63fcfac3202a65d4207b82340c589fc4e40a5017e07a1db2fed61024d9e0f91feaeab91a321502942751847ef4f7f448720e84079269d2bb56eb55fa01205ea298d966a9af00cc5b153740a9080ac017c0ca194b5a202215222d93eb1b811831ced7173dd3a93cfd004d89f5e7db569927468652d056619a1e8fe24c0fd41e7243ec56bb9fbdade9ecdcace4a0fbca6233c3a9f0819537b921159c8c511cf3e411883dd2742a17416e6c05ac813a57a6e08f28261d26b2b8d32b35b75d4eac2ee9af8750c4c7e92612548b64ccebc78f4a3fd8e218daf3a6faa145b1591ade055d19880940f08379aad5f3913cdcf2013fcbb753a54b69ce35f415932de24975cd1607263adff799da664ff04f811ec2752cc2b4d914ba8ceb2661c2eaab1b08617fac128687ea85029c73e87fe5ca662a553dd35eb393de5193193bfec363c55da49529a0854d34ceaac346a068fc0c1593ba1ce10ea2ab1238e978e01e71feac18e9d55c79582181fa6e501e4fda65bc45093ecef7f665a87b93d2102b1dc0f7273d00eed5a743e311df28f3460778d5657bf8af71ad94f0220452005b4dc6a5a981404d1b23fd2cb63c46af5ce9d80d44cfe3249478f3308c4a938899bd11e642d8430f9b661b3337a856eecf1769dd3fdaf1264ac0260a364d1739b7101b8e1f277bd182b0277570d7f5406658b3da74a6af4120de4250b73a357155f0f426671bfdf345e67eda9b83775fd474869e60340b132333dbf828db3ca6f4588ac938946c993c8d21ecd951da3ca301fdae69ae7ed863366917c2640e441c641b734e3771288ec6b6364af6defbfe14b07c61d5a60a9c7bcb8b8b93818ac2a360090f56da4747e3c327946cf6d180e25609fc30c94f7a2b56f7921f4830186fc45075603b53d18c1db62dfa88ca04748fce7c2ed069c091fd2e390ce04851e8a0523c0f2af97cccc2cc30cb0d5cc1730d91bff4dc606f30452ac0a158c7c78db7b02482a38c60917941b982316fdf32e5576c95a899713584ab1683b72b0c415a5633fb7aafd434ac03b71aed12041944de3810a810083bd23c12fd2911344b693b17471ada59614cae5563bb70c9fcd0834f8e3923a6febaaa1052e1c60c035d3526b1f9d3fd4a462f848da7276e84a2caa11aad468de287c3318babf41aa85e163773ee6f5bdce03e0b54a1ea361ea3e62aa2ddbd925cfbab4bdd23c14474e2c68387108601365631da7ce303a985188ccbc330ef01d3cee9885757a1ec8844d5b60fb6513aff2ef26a7b9e2dfb7e991a8e49bfeee6afddb0d068f84b2ecad13463a5ce55b7f45fa7f280ac48445efd330c58f1389c27dffab5a9ab2bcec020267b955156b890b23f9910c0a7a12d49fdb962519b82c539f5d48c925d8d9f290c956c837e40b419958a3e77fd338517c0d12cabeb5c6824ce070a1b4960cbbfee60785ec3330668897958ac85fa0c58ae0bfa6bae534c91d8f8e9ec552edbe2135c929dd48ac232f2526741b0dd75e09d1018d7449424547c7d9bc65f388a13c2f11ceb2ff7b458f89b26cb114dcd82d2bde7b40f4d9d2d987941c5f7db2a450b01289623a41037962ec23cf835cb1343fb8f9b34b9dc2f7f0d1722d75b334f5121375d6c7c23c0a83a6393faa3ea36ad8434e71a88a317f15779bfbb9116f1e852ff714db49de627a6ae64f75fde46320a0ab06bd1837fea3b740b6feca5670d8ae6a0381b5f4f7467ab7b2b0e25c91c5745e4cb82", 0x1000}], 0x3, 0x8)
ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000380)={0x3, 0x5})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r1, &(0x7f0000000300)='1\x00', 0xffffff4a)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
fchdir(r2)
r3 = eventfd2(0x0, 0x801)
readv(r3, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/55, 0x37}], 0x1)
r4 = syz_clone(0x88200, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
pidfd_getfd(r5, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2)

4.865194586s ago: executing program 1 (id=737):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10)
sendmsg$inet(r2, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000980)="b9", 0x1}], 0x1}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg$unix(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)=""/229, 0xec1}], 0x1}, 0x0) (fail_nth: 3)

4.693384862s ago: executing program 1 (id=738):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x1f, 0x2020}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="900000001000210100"/20, @ANYRES32=0x0, @ANYBLOB="001000000002040071001880040001806000018b140005001bd93258109a805690d8ac8f04dab31414000400c6bfeb49a2b9d11b8d12fe81c75bffe114000500d8ddcef789d5993fa539c858bdc1c03307000200fd96e5ac08000100020000000500060000000000080001000700000008001b0000000000"], 0x90}}, 0x0)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="02c80010000c000100030508000000000004fc000061b71808419bd7b9166299d65da957dfa518f797dc651316c182f93a2563ffb1ad684c557aef73142c3508ae9b84dfc88ea0bfcdc86d86eec53f9fdb9a001165a5b4c540d8e9862867f80f14551240c05a"], 0x15)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="04310600eeff000000"], 0x9)
r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0)
preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/81, 0x51}, {&(0x7f00000000c0)=""/231, 0xe7}, {&(0x7f0000000200)=""/73, 0x49}, {&(0x7f0000000280)=""/25, 0x19}], 0x4, 0x337070cc, 0x9)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="045c0500c9000200"], 0x8)
r1 = socket(0xa, 0x6, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x14, &(0x7f0000000040), 0x50)
listen(0xffffffffffffffff, 0x0)
accept$inet6(r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2c, 0x7, 0xa, 0x301, 0x0, 0x0, {}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)={0x220, 0x0, 0x4, 0x0, 0x25dfdbfb, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x8}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x44, 0xc5, "bf72ebb928a61e707b9b713c0900dc24c0461b4512d21e4c5a67a2e7ae6c9df3f750361ee18dde99ee534082ef25106d02dd35489551a820948406a2199f126a"}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x80}, @NL80211_ATTR_VENDOR_DATA={0xaf, 0xc5, "6db7db648e1c8c5c15c3818582acda504b38fc75b9f8b96032474d280aaa2af8a359afd28f366e7d7ba3e3e2a6eee4cba1a566c2f82e6ab80005d8c05fc05a55f3544af7e19884f05c83b6581b00f58b6fcd2144cab142b997f6c5f1e263ba3853a29b8394d55aff9e256adeb3a65f6aabc34174a4eb23bcf3917a2e4ee3d0992fcc239df1c7d1b7d8242eb029654d8daf332f5445f5e2be73c6a0400c723f1ae251f87e3f8c700d30dbaa"}, @NL80211_ATTR_VENDOR_DATA={0xf0, 0xc5, "2cf63e876057421211e5dea968676e1380e149becd172604d623eb0cb7c8821e91fb541f9e8fc38f31b1a50058f2036cf058667956e2e182a1e70a8e17849decf6b6cf3e5f510f5b2d7db664e6fd684a5f5ba41cad65dcfd904597b183305ca572e7c9a96f8f7c57626a52d786568609fc06a753ec050ba364bcf82c4a36b37a296e26ffefbd18e14a285b729b781a9104ae02200edcd26dba5c2872d87ddb08d57997f70cc2247fcc0e86e2fea9ea2eb36f0ebc1328bfc996661cbec24c6351e78201c694140b429ace4d6dd2532e4cd29845c3d4c452642c94f0e5d2fa46c21a511da11d62dba92e5d337c"}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x8}]}, 0x220}, 0x1, 0x0, 0x0, 0x400}, 0x4040014)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1a, 0x0, 0x0, 0x8}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r5 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53)
ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, &(0x7f0000000280))

4.219323628s ago: executing program 3 (id=745):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x20, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES16, @ANYRESDEC])

4.090943997s ago: executing program 3 (id=746):
r0 = socket$nl_route(0x10, 0x3, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
r2 = io_uring_setup(0x4d63, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
getpid()
openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000500)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={<r8=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r8, 0x3, r6, 0x5})
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="92001fdb", @ANYRES16=r3, @ANYBLOB="270e00000000fcffffff04070200"], 0x14}, 0x1, 0x40030000000000}, 0x0)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
openat$vnet(0xffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)
chdir(0x0)

3.543489307s ago: executing program 0 (id=751):
socket$kcm(0x10, 0x3, 0x10)
syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x29aa}, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r4, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000002540)={'filter\x00', 0x5, "42de391533"}, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x8, &(0x7f0000000380)=0x3f, 0x4)
recvmmsg(r4, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186, 0xba}, {0xffffffffffffffff}], 0x2, &(0x7f0000000280)=""/239, 0xef}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18, 0x12}, {&(0x7f00000004c0)=""/165, 0xa5}, {&(0x7f0000001540)=""/4096, 0x1000}, {&(0x7f0000000580)=""/245, 0xf5}], 0x4, &(0x7f0000000700)=""/27, 0x1b}}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180, 0xb4}}], 0x4, 0x10162, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
read$msr(r2, &(0x7f0000000240)=""/45, 0x2d)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="1b0b00000000000000001fffffff200001801c0002006261746164765f736c6176655f31"], 0x34}}, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[], 0x1c}}, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096})
chdir(&(0x7f00000002c0)='\x00')

2.933512486s ago: executing program 2 (id=756):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0xfffe, @remote}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
lstat(0x0, 0x0)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b400000000000000791090000000000061000000000000009500000000000000a45c8b106d45385a1964b904e462de529745a4cd61a7a0d25ddfd38b8b9a36c14ae1ee5ae29051b28b53a4182deb5ae03bc2644f3f168925ab06dcde9fe4ee40405e10326cb901765f30c1d039e73af80f39ba982e44fe40c17211db9c82e6da61712f41775115599d65c29cfcd0bffdff01000000000000d375c71938d9faa1df3117a99ecbddbfee7f7abeba22c29a9cb001001079a87ed5790000000b8fc3b5fd11e6ca750a6dc5dba2b8b8cd1d9fed1fb63bafef7d7bdd5bad81e40379623de90000000000"], &(0x7f0000000080)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x15, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x2}, 0x49)
socket$packet(0x11, 0x2, 0x300)
write$binfmt_elf64(r1, &(0x7f00000028c0)=ANY=[@ANYBLOB="7f454c46f9c0940e08000000000000000300000006000000c40300000000000040000000000000002a00000000000000060000005b0038000100f200ff7f040005000000ffffffff0a5b000000000000010000000100000005000000000000000500000000000000080000000000000000000080000000000000007007000000ff0f00000000000000000000010000000100000000000000eede7739000000000900000000000000dfef0000000000005e7b2c12959dd422641fb63cfec7319cb9d2f3edc08e494719f3e0ff0ed6a816d8d6c026f69f29b49fe3f5e467490b12323ab581569f21ee30be8669bc93c25230f86c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d051b08cd07f3841a6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffa76b7a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000085c473af50917b3490b9679d8f5006c9d050b46bcd5c0d080653791d5a5c5d593bbb783dc83a10d9611781c1cd420700308a6acb763b245ed53ef842b2c940a48f180d0bd543624dd86b518eb35139a32db77d3cca7b2e5439009f53fa312ebc1b1faacc14e8fe1bb70dd639e9f8c4968f0ab9a769d68cc2cd8eb5810e5ba9c000c82e55697dd25f41abfb3e8dafb741e51ad70b590895f5b0a78890dfb1fd4e7ff3c880d7278f4c3dfbd445487a3041"], 0x9f3)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0x1}, 0x4)
syz_emit_ethernet(0x126e, &(0x7f0000001640)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000081002a0086dd658f240312342ffffc000000000000000000000000000000fe8000000000000000000000000000bb6c0c040601180000fe8000000000000000000000000000aafe800000000000000000000000000014fe880000000000000000000000000101ff020000000000000000000000000001fe8000000000000000000000000000bbfc0100000000000000000000000000010421880b005100020fd62bb7ee76e187b5b002de6dd1bf3d565fe4513683e41cd56e51ddcfe7f47df405524657086baa5af5888045bd70292d08fb6e195fc5b655f6d30d60e4b1c9d0f4059d63cfb658de0e0ce9840a9dfbf1e14608000800870eb7a5f7deed8ec3fff75a7e4f80eb6b8b476f1f19cf7a3d2e561568e0c6b6a24dc47a898d53e58343f1da180550d97f7bed2a53ad91c2507b85e2f2c4463690874b6b73cedb6dc2e4de80972e1215a7e7906bd8f3acf4a3314137ad21ec1b8acf6e7c9bac081363c451961c95baada1facb898a3c84994b32426b776b9c4c2d9849a410ed7d9c5ae728372985ccb2b2b782f6a3128d4d8d6857851543f67055f9c93bd0db5e02eff6d40c221f3b02650ff437e7c3992f11f393a7db60430a43ebca9d856afa921a44ebf279cf3ae0cd8ead21e43df303b02ff18e79a54ceaf7e5112d5ab726aee4c66e33b951ffaf346c628e96298addc00cf028cb067d22f5765a0225f12231df3488b549d55d9c12a94508661d28405ac24297a431ad44d668ff3260405934803ca42a2d82fbeb97631b9a589ca16e15a61b77994880c551b896e667a8ecba2127619e50ae1166d1743ef1776565929f7f2136dc56f8e5a16d37abe24f173222bf01e508018d690dec640656d0517d803552f833c97ea8c695b782378a107069c8407c58ddfc1eb0f34aa53434f0812b64add0213ba2ae686d11baebb0fc3b54c9b8a30ee73849a3fbdff2a03d5db72d46259b5b7781c2361ee461f8acdac747ec1aa2009fdba0535d6134dfecf0cebc9bcd6b9a7ef7e3cb7cbb0132f7b6ce86fb0b0b651903b074adc1a9f1d6f17e8be8a3bf5f713f7691bb21139075965b9cfe62500c1c3c0107124bc85402c10a255c298e078f2d6508bd043b90e663e6b083f04a93134b0d0a8dbef5066da13ee6490d9930cbe6caa1ef4229a74221ab0c1098fcbd4431487faf8f99656caffc8783882002279c9974891935cf65f4299296daa0855c416470e8dc56c4b1c9546178d46ac6ceb730b7d266ed94a9b5d5c172106afe83a3fd24b4c00b30c84c60eceeaa33409e148ca6fb5fbe740fa2b26509e544ff34504995f9d9e9ad98a59f6c960066c5fa03c21811777b9fa950c17c7edd4131152523bc02a86e9e7c4625fa8a58910e9cec09399c0272215d894ab536dd80204f5c8958a93ee991854fd9e17560f5c6df9a73a58585f209d629a4a84f30a53db0502780ecd2b0d0324e94db4e114fa25d426ffaf4b5dee87884ea1416a1126aefe0fd42f31bba18ad2c1c8504547dc6ea307a1a36047dd8523120e2b8fc3963023b6627bed9b1b48a879d8e301038d2f65fc4af42ba917f53f8a54eecd42e7fd133a118cd6f1a3d971ee6499106a302ecc1ba4f94d36dbf893518cb7bdce9aab37f49f4b5ba9b27b41c836e884d8dfbe15205e500e4edd724daa141328740c19af719f1b7cca4bc38c5cbc85e6d7b0967536411ae7d17ce4bf126d1f6ce77100aafbdecb87485dff9aeedafee3b06b16e0bba9cfd834236a611deb5af62b5f43193149917ac085f0f10fb9a0def818e0887a52c5389308acee30706279afb503e605daac46ae7ebb6b0f1ec9569d3a5dd8cf17ade4e0690bd221c51761b7de92055253a77afb711e02e53700f21ad7783f29072efb4c5acee9faba76ea814dd382aa60bd557170e4ee98dbce01a4c46803f3c6e3a0aa205b64b91c3eb5a9e406223c5cd6c47f52266b6df56d2dc1fc1921c41aba58b6520aa385ccc939e9fd3cdd28b5b3ed6fc1401aae124dc13d9a7eee4c7c8a34554009463180af2116e8f237deb7a6f1a19bc3c180333d80d27c51ddc5b89d99423696d02192d4033d741d71f841be4156aac7701c6e74307397594aeace2a0797fb5a8460fd99e986e4750839761985c42b64548c443bf94a7b42981dda992f195b5f8b5af67300e5546880c4abe3ecb04d0331fa4848504db2c6663841aac6cd98567fcd6ec76eefae142c9952a17e0c028ed476dd2354a116e5051ffc088eb0ecbd125728a4d9042fdd40c4b3ab0d9464bfcc8802007646ef378abd02c91c860ed38f392dced8558fd97a7bf2940eadbd4544b27dfd53bfcfc82d11eb9834b2f6da750caf5f8e4460ea2905e34c760a3124cc7be612111658a0348ecc260bbaf4f45218c99211677dbe3550c86a255f9df8732f2491a2ae365efe82d2e3401996cb5e267ef08068cf9f9bff528f9f3d1bb87534cab33e335c402916e18ee51d4f4e28fcc42c42db1edf5dda3629d3ca133d22bb497272b944f995668984585346690e78af7cbff5542ac4272957637adce7bc37d0ed5ab17bd9aec1ef93b55994fc159f19b53fd15e6db234f3d8f314cd23455abc4277d9f69ecfd6593ae5917673acbfd1c35eb3e420264ea176c904b1ddbccbf7f79cf1e4b8579399fc3e163142e04cfa7ba03b5ad54d655949678b3179e29df2745c02b358a89229d77477b99f7719c9dfb52241d52a70c95693a5c109cfac0da16a55cca0132024ee88c0d92b2f86f2c0936ee9db5aa54c21a78cafe39d3de6cb46d5cf71a20c44690445bb02b19f6dea4b96a4688b5b599752923ff23943839cb27c81e163a6a9bb45e137cf3e420df4ad3b603978eedadefeb65d59ec3b4a8559dd5a0d1bca647a8f13c3596eb35a6a996bbb7cd84d0d7b25e42707f941b6204f2c4731f08cc4b299aa01bd194f1bd42adedeedd1e08020ea5021150874134a38d73aa948806f0b60ee7f418432e4a5d95c5f0ec845efdf0f0105cafff0fbcb0dda068c4e00e7c09024643d38b34f08ecf16a757cf38776ac7b19634d38954ac962f1b10d9f001016ffe1b137515561540a26dff1fb3397e387068e16544d2e80cc1746e5268948177062d350e850e6a59a330d74d6cb2282ed70a5b32187790782a664985d6e58a7b6602f1cbafcbf20c6bf49fda4a05316c19affc52f9cb19a0b6ed17a76e39e4a597cb50ee89301e12366aae756e31fc57716043b14542f1af5eba4b84514e689f3babf72b5dd5becd79b9f5de43499ca2d0c467893550d18dfbab9ffab204d84ccbf752e683236990ecbd321431c53ffb55286f1d4025a17771f0804c37f753e399e4a11dc90561557a688838eba32c5741b91fcddb5676f1e55e46551da3832457a1443af6dabb061f4caa367685b3b6d1c10751990a9ca58db09475c973cd041772f0256edc51c27c0a3f60167f334d423270bf393dd4b5a98f6a65b36293959fab34de8279be274fc4d9586ad525cc95e2faf58efede88a428aa10ec2f938b43060e2adad37a46257f3c9e1a6d5e3d92042cd0f3f58c1d42f57dc178c14cac05102199f0f41e3ebe0894243cd87441b533c511c8a0d67adc389db0c357be09ea2358b2de4e79e04d13659f466bc6329d757ed59811431bc494d9ba24d38df752fcdd5d67d90a3cd383605494282efc4bef8b8b204f4a31af02f79cb0e5235377490d90fd8af8587b087f6ef926e3b9b938a856c61fa337f54c252f7f9394688cd8a4557485ec31a8b2e3162dcf02c594d6365f9cfbcd7f793f557682a01f54d1a256f80edbb789946ace9c78d719cf1668fa325a126ac56d11924551cc8e1a425b759f0997d299a69614c962a353a4f24faa439a33575e8f13a5e7d573d86b0f686d2fe51ccef430fcf7e28857f7452278d9987e8769a96136582da01cdd5c58a57a412709362f8b421531fbf6fabd15e676656cd800dfb22c5bfdb9be4f7a6feb424a1f32fa79abb3850963ec869513455671296fc7a34796993b85d0e72d358f412ea18b1eaf0f646e23bf563fa6a74f4ed629817ac029eb2bcf8e79cdc5c79cdd15bb3e61809c5e7866ceac3d94b3bbfb52d2ee3a5712c68cd0bc62c61f64b064052b84ec1cf0eb2a68781c35652df462d9a64612e7dc48ad951b061bcebce7bcb983058cb93dac53863bc29b757d41c0961daf53297a14b70594cbbbb3b4b785c438bc67e42df54a7ee87d23cfd3612851f58088b8f7eceb316ce5c7aa463689a11e553976ab394a1b6c892aa92c17b9063981c25ba4c472c156555c0eb8139e4874d04ae6b3a1966eadd36a208ec964b37ffbbfe0bff5a7c8948e8b99684ac4f8df2aff50a48c85c5d2de8ae45c6ae1d049fdbb9ea155c47239f777ca9c226f3044a3b5ec228335b4a9e30e7932616034242da861a48d25e6e50b0345b7c9e83ecb47bf38c9be1067a702ba82f88dada5b692b93eb8390f3cbd8cb528b80c6dd9a14bcf876b7866d33c83956394e385fd176fa0b1b0c9a54f3b051488610a52cab2b083e66b3d9c41be490267bd4872dc09cd373bbc3549046c5f1513bf8ad1bd201608ce31f982b02c778574ec5d0d4be4dbf35d305224c9117de6afa878b79dd6e1b1316ada0318016faa5c807c96259decd5b3b600b0cdbb8cdefc4c8210c8e2f10b56c67261ea9970257276b345f85adf95b7f846e6e83a3beeac7b04686e4b51946576d4be096ce7337ee9138e5f2b36888e6449735a38aa4a9a4cc999c6ed18f1eb9a99384cc9303d9a4275baeeb8ae4c17237ab1d5d0873f671faca2873d5a5d33a3babe20dddfc9192b2d2e5417cc27726524bbc925f67c296e3ad8ccd8b00b64f23e4372284422c96d0e7d974868ef161e04b3eba323b0caf2d5122788361eb0161fed64a57bacbcd7b0e17b4b2d71acd1960c2bba8b0eca039a5e2e1b6a4ed39a349b17b0aaf4c9cebadda3ac5a6d1b95beca3f12f296e925506339d0d0f8e3485bba9ce546e313a40a515de3e8c88e7917701e1f1d3e67443c35192b29a5125f0a87ec9057025b3d0d182d78351a856b7d78f5b65423da2afc777db4c2c3c3ac42c4cf655d0bc20ea4555eeed3098c5262052bef339179b472b4acb465ad34c8af65e0e4625477b106d0d348af7496b00c5a8ea2263ff5ade0be2fbf029500b8bae85fa93ba7ce30835f2182fc3a1d294a8352af69793163f0250d7e161ccbfeeaea8ea8b0dad9934f0b22ca934facb9b6b07c6a9f0ebeecdd3fc23bfe55119a53b95dceb29de22b520936553197c23d3b06d370a8c16385c0efacc20b653b6be2feb32d740e0758b04014c1d4a9070ca97059a466d2acd53c947eef7be1d993fb9207c2a7562acdab4e7aa87082a8adeeaaf6a2face451ef6d5040d66cf33cb16582e682285fbafb7193ee762656248a90ef44ba56ac1e60ecb394480044c7fed2ea56d3bc90f3737475b58a81ff415d10cd54d4c0db43ac5412b3fa0057466557b079b9a9011f54b9851998a196334797c216dc25fa1f9c1ceb2c454063b0912f7f3fec898b6a8f2d9190e55b98e479fa2229b97e722d299f2ab731762b1f1e854ef3ae2e76244f14f514307a5811571452238f34a27a32d16f93bbc7fe946f1027aada7395133a7ccf7718716788b4b298ae40e19bc8eceda4791b2653b7dfc5ce3b339c2ec90b3140678e97dca5f27ab23a9a99e7c42317d18c5cc389b454f1b989dc63040bb52d3dde7de9200de47e7352b72714900dfd2d6b1c62098c79b5350724eb6a5f6ff7120317f13a0cad74113ba77ec88960de634a93636ff97e3c0be9f406e397cc3b27893b29b990b4a2c41970425ee609a71182c508c6850d06df21c3160b1bf8b222514082f7f8cd7749a24d901d44e2b65c47b3e9c796dbc650d786f1d9cae12ef47e8dfda71b98108ad4822a2c2b2206f8edbd21866d00b6f0880a759f5c628f7e17e7da3b413f6144423cb5c9cd5f99e04b6f03b6e307a5229858c6afc2d73015fa9af5230f6a080a5a0ed9de632f2d78bf90688cf3273abd3c58bdd4a40eef05d44cccf8f86004f0c4d2c6b25ddb6c0931d94b47bb44ab554d4848332cc4d5448ac1479f251f5cc8638ac841c1efa150fdb3df02c5497a4b6e8c80c0086dd00020028c87f4539d622a709533d43a8083d642571ed43751042a2f4758b2e959d51eee9ee2ef299ae151989aef93a56fac70feceb767ea79490308ce33cfa96e506ddbca9d5b18b67694c26e0a1e4227bb1b1b2e33103aa794c33c7ec2b5a5fe72775e91132dafafa7bc836fac62e37dde1bd548d5b94bb0754378184f20a098efeb0dfb3dc51e86d4a378e080088be00000002116ad7040100000000000007080022eb000000002902a28e02000000000004670000241808006558000000019649ed2a81867569757dd37c615b372fd16c85c6e0aa47c1d5aa4b395da2916c7e18b5c1b0a08406d2d7f8c054a9326cbf719c13825de038c8e33a50f1211dadc75df1dfe5628636a48b29be790eff92756c12a719c26317ffa5cffdeeb53e1b1fde2d693fb0037ee17e29238ae1882a7c4d31c5762b49c12d4dba142f0980dc77ad430ea58e21a3de4a9bdca110"], &(0x7f0000000940)={0x1, 0x3, [0x8f2, 0xf1f, 0x794, 0xb36]})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000440)={'syztnl1\x00', 0x0, 0x2f, 0xf5, 0x7f, 0x7, 0x29, @private0, @private0, 0x10, 0x1}})
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x0, 0x0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/tcp_cdg', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000000100)='./file2\x00', 0x6000, 0x0)
mknodat$loop(r2, &(0x7f00000001c0)='./file2\x00', 0x2000, 0x0)
syz_io_uring_setup(0x3a6b, &(0x7f0000000280), &(0x7f0000000040), &(0x7f00000005c0))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700a3fcf070d1ff"], 0xffdd)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001300)=[{{0x0, 0xe, 0x0}}], 0x300, 0x0)

2.612511345s ago: executing program 0 (id=757):
setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_script(r1, 0x0, 0xb)
splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0)
splice(r0, 0x0, r4, 0x0, 0x80, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4b564d01, 0x0, 0xaf}]})
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000300)={'#! ', '', [{0x20, 'cpuacct.usage_sys\x00'}, {}], 0xa, "744519e0e6740369edd4a809d950b12ede8a542ead518a987fc43b316baa1bbdfb1da1d666e8a30739c51b4674e5031b4eb38c3ac756e07e10ab72db35ed8ea5384f2001667906f378117868f9fd8d7615a957559f1dc89a61ccec671ee697eac5f40b34a1d35a3c2aeed0b34ca793511973f98236a02797e0b5765ba70b24de28a2923c5442614968b24b89da231b987a6f45f5fc9849"}, 0xaf)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r8, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
fcntl$setpipe(r4, 0x407, 0x0)
write(r2, 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, 0x0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_io_uring_setup(0x1475, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x359, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$fb(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000004, 0x4010, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil)

2.313333545s ago: executing program 0 (id=758):
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="340000001000000000000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00d744b9402cbd0089ac3f4f00000000000000140012800b000100627269646765000004000280"], 0x34}}, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x80000}, 0x20)
pselect6(0x40, &(0x7f0000000240)={0x3f}, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x23, 0x5, 0x5)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000000)='./file2/file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file2\x00')
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f0000000180))
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RELDISP(r2, 0x5605)
prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffb000/0x2000)=nil)
r3 = socket$inet(0x2, 0x3, 0x0)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000200)=ANY=[], 0x10)
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r8=>0x0})
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019340)=ANY=[@ANYBLOB="380000005500e501000000000000000007000000", @ANYRES32=r6, @ANYBLOB="00f5c67ca6f881db795b8a02fb2e6851000000", @ANYRES32=r8, @ANYRES16=r5], 0x38}}, 0x0)

1.921954834s ago: executing program 2 (id=759):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0x541b, 0x0)
getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
timer_create(0x0, 0x0, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x1c9c380}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='ext4_lazy_itable_init\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480))
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000b00)=@newqdisc={0x110, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_STAB={0xd0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x42, 0x0, 0x0, 0x2, 0x0, 0x0, 0x25e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3}}, {0xa, 0x2, [0xffff, 0x6, 0x1]}}, {{0x1c, 0x1, {0x0, 0x80, 0xf9c, 0x0, 0x0, 0x6, 0x8758}}, {0x4}}, {{0x1c, 0x1, {0x6d, 0x3f, 0x9, 0x8001, 0x2, 0xb, 0x1}}, {0x4}}, {{0x1c, 0x1, {0x68, 0x0, 0x0, 0x0, 0x0, 0x6}}, {0x4}}, {{0x1c, 0x1, {0x6, 0x9, 0x8, 0x3, 0x2, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}]}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x110}}, 0x0)
r6 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
ioctl$SIOCAX25ADDFWD(r6, 0x89ea, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r8=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001840)={0xffffffffffffffff, r8, 0x25, 0x0, @val=@netfilter}, 0x40)
syz_emit_ethernet(0xfdef, &(0x7f00000000c0)=ANY=[@ANYBLOB="000000000400aaaaaaaaaabb88a80000810000008848"], 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})

1.746547643s ago: executing program 0 (id=760):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000080))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$CDROMREADAUDIO(r4, 0x530e, 0x0)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x190}, 0x0)
r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x4, 0xfffffffa, 0xfffffffd, 0x0, 0x202, 0x1, 0xd, '\x00', r7, 0xffffffffffffffff, 0x4, 0x0, 0x1}, 0x48)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@ptr={0x7}]}, {0x0, [0x5f, 0x0]}}, &(0x7f00000004c0)=""/69, 0x28, 0x45, 0x0, 0x2}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x1b, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x8}, @ldst={0x0, 0x0, 0x2, 0xb, 0x6, 0x40, 0xfffffffffffffffc}, @map_val={0x18, 0x5, 0x2, 0x0, r9, 0x0, 0x0, 0x0, 0x8000}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @exit, @call={0x85, 0x0, 0x0, 0x27}, @initr0={0x18, 0x0, 0x0, 0x0, 0xc53, 0x0, 0x0, 0x0, 0x3a}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x87}}}, &(0x7f0000000040)='GPL\x00', 0x1, 0xf3, &(0x7f0000000380)=""/243, 0x40f00, 0x68, '\x00', r7, 0x25, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x2, 0xc, 0x0, 0x5}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000006c0)=[{0x4, 0x5, 0x7, 0x7}], 0x10, 0x5}, 0x90)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)

1.223609541s ago: executing program 1 (id=761):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r3 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
r4 = shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
madvise(&(0x7f00001ad000/0x4000)=nil, 0x4000, 0xe)
mlock(&(0x7f0000c0f000/0x3000)=nil, 0x3000)
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f00000001c0)=0xb2)
dup2(r2, 0xffffffffffffffff)
sendmsg$alg(0xffffffffffffffff, 0x0, 0x20840)
read(r1, &(0x7f0000000240)=""/201, 0xc9)
r6 = userfaultfd(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@index_off}, {@redirect_dir={'redirect_dir', 0x3d, './file1'}}, {@default_permissions}]})
chdir(&(0x7f0000000140)='./bus\x00')
r7 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
r8 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r7, &(0x7f0000000100)=ANY=[], 0xfe3c)
r9 = dup2(r8, r7)
setxattr$security_ima(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYRESHEX=r9, @ANYRES16=r4], 0x2, 0x0)
finit_module(r8, 0x0, 0x0)
statx(r8, 0x0, 0x2000, 0x200, &(0x7f0000000540))
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000))
userfaultfd(0x38890b15878e7189)

1.187440676s ago: executing program 1 (id=762):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
splice(r3, 0x0, r2, 0x0, 0x7f, 0xe)
write(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000540)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, r6, 0x0)
futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0)
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000040))
close_range(r7, 0xffffffffffffffff, 0x0)
fcntl$setsig(r7, 0xa, 0x30)

1.168830621s ago: executing program 3 (id=763):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})
close_range(r3, 0xffffffffffffffff, 0x0)

1.073618821s ago: executing program 3 (id=764):
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x20, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRES16, @ANYRESDEC])

1.073111036s ago: executing program 2 (id=765):
socket$kcm(0x10, 0x3, 0x10)
syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x29aa}, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r4, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000002540)={'filter\x00', 0x5, "42de391533"}, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x8, &(0x7f0000000380)=0x3f, 0x4)
recvmmsg(r4, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186, 0xba}, {0xffffffffffffffff}], 0x2, &(0x7f0000000280)=""/239, 0xef}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18, 0x12}, {0x0}, {&(0x7f00000004c0)=""/165, 0xa5}, {&(0x7f0000001540)=""/4096, 0x1000}, {&(0x7f0000000580)=""/245, 0xf5}], 0x5, &(0x7f0000000700)=""/27, 0x1b}}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180, 0xb4}}], 0x4, 0x10162, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
read$msr(r2, &(0x7f0000000240)=""/45, 0x2d)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="1b0b00000000000000001fffffff200001801c0002006261746164765f736c6176655f31"], 0x34}}, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[], 0x1c}}, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096})
chdir(&(0x7f00000002c0)='\x00')

1.008947508s ago: executing program 3 (id=766):
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = io_uring_setup(0x497c, &(0x7f00000001c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
syz_emit_ethernet(0x3bb, &(0x7f00000030c0)={@local, @multicast, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "0ea57c", 0x385, 0x21, 0x0, @private1, @remote, {[@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @routing={0x0, 0x0, 0x0, 0x4}], {{0x0, 0x0, 0x4, 0x1, 0x9, 0x0, 0x0, 0x19d108a2f2edac0, 0x0, '#BO', 0x6, "c65925"}, "971bf68a12a60a6c278344e12451b35e4bb22f79ec643677d56c25df230f11d58af80ef2621fa5284f3ac998fafda9b0b7572bb51200e513ed07af2eeee71aabad19874f43014e2e8e35b80e3125e62a3b8932169bd13a28e929d3862187d8220e8bb4cd5726a04db30172249562d11bcc507b01f596fd206389a919e243ba120023925110e807d7a9325a3dc55fc7bd1e84c3c4e664b5d2ccaaea9e1896bffdf86e6ed2c9969ea6db628ce339da443aef5ec1ee647de3c79f28561f563cf96dcacd09ab6dbfb687ad7d76578671847f9960569a7ff5f7a6ce019f292ce57112ea831200307b31f1baeef796626399d119cfe1b87199c69fdd79086a321487c8512d2e52749d773125bba7cf30bd38f69edc2974f12d16338c3e96fec4637aeaea870446dedd328c889cbefce546d4758ce5ebc2a8bd79de122bc24fd6077425bce95f1afe1ba0b28fe8b57a9f4a5875a1451f955fa3c8646342550ab1394acba86ed501ecad1a0514a68e777fbac2b3fb4ec42784b8aa35815c3c044aa5a224ce6b877911b7ff2a72f3fb9e14e757b07ebbfc55084c6499bb5ea0eae6e0e0aded9b6e16adebfe810cfb4aac4a562d65db1fd3644988edd9b137b309eb47dcb1763c5062d4660421f6ba43643546b0c33d83063f37cb1013ee98cbcd1a616dda366b9073bf0eeb6fa148c581209cb630ecd0b084d56c7df5dfd52dac78dbc92f94f999436584f3d1fa55f11356565012668403926ddc0bea3e554f69af1f8c2fa01a29dbc8f82276e07020e76d5adb11e25bca6a2c692c9657f5ab92c8e177f9926bb134d7335b14b9c74acaaf35d6b248ff38a21e8f7607895dae0ea0ba11ef9197cf323b6a0ff0e7a824795c6597957dd8e8c2652324f0713a85b28791904cab0940274629e1f96f4af53702f355597cf9219a79f6caed322221ea862e9204c9060a4056577af2ce746cd10fcc0b1c371fb10ae7e714e7aadf816b3422793cf090ed2a8bead5a0da245b496cbd62a902f13d46f9d28667ab9fd326a8f059b1e7d0d417273fa3ba4549d5902de21f8c5ef92f77d874e0b71a8be6de17df99af9e5aa3791b731358586bb86787bc15b88d56e7fec0484c92fa507448504fc41be06f3070512463b968b4acd5da349f268ff7b4a8d0c09ef078809a4dccde6dc694f55cfae55d5be7844f8c0df662b390c8732323ce"}}}}}}, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r2, &(0x7f0000000980)={0x23b, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf6\x99\xfa\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xf6\xc6\x9ai\xd0\x17\xce\xc4Y\x06\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1a'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23b)
socket$netlink(0x10, 0x3, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f00000001c0)={0x0, 0x0, 0x0})
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0})
shutdown(0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f00000003c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000080)=@framed={{}, [@snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r5}, 0xc)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)

712.388124ms ago: executing program 0 (id=767):
socket(0xa, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x9, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xa0}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000100)=0xfffffffffffffdbc)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}]}, 0x70}, 0x1, 0x7}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x30}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="380000001000050700bbc0000000010007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001800120008000100736974000c0002000800020006"], 0x38}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast2}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}]}}}]}, 0x40}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

653.747764ms ago: executing program 1 (id=768):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
pipe2$9p(0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x3f, &(0x7f0000000040)=0x3, 0xffffffffffffffe9)
bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
recvmmsg(r2, &(0x7f0000000440), 0x3fffffffffffe21, 0x0, 0x0)
write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[], 0xc63b9e35)
sched_setscheduler(0x0, 0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f00000000c0)={@multicast2, @loopback, 0x0, 0x1, [@loopback]}, 0x14)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGREPORT(0xffffffffffffffff, 0x400c4807, &(0x7f00000000c0)={0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

513.438558ms ago: executing program 0 (id=769):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], &(0x7f0000000840)=""/262, 0x37, 0x106, 0x1}, 0x20)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x20040000)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_CT_DREG={0x8, 0x4, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r2}, 0x38)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00')
r4 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
writev(r4, &(0x7f00000000c0), 0x0)
socket$netlink(0x10, 0x3, 0x12)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000000140)={0x0, "42b6fba4a1a5b905ae121bd94f07083671c2469ac2e166ba03d02ba2992c3d76"})
r7 = syz_open_dev$video4linux(&(0x7f0000000040), 0x200030007, 0x0)
ioctl$VIDIOC_QUERYMENU(r7, 0xc040564a, &(0x7f0000000140)={0x0, 0x0, @value})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000000200000014030000", @ANYRES32=r10, @ANYBLOB="0800020003000000"], 0x24}, 0x1, 0x6c00}, 0x0)
preadv(r3, &(0x7f00000031c0)=[{&(0x7f0000005e40)=""/4102, 0x1006}], 0x1, 0x0, 0x0)

113.539961ms ago: executing program 2 (id=770):
sendto$inet_nvme_of_msg(0xffffffffffffffff, &(0x7f0000000180)={@icreq, @val=&(0x7f0000000300)="e1d45f79906f4e8132590e71ba5490dda6c1e0d531d29f689c8866bd11b939d1b30795bc29da4c201d322df3f1b4d05ada80096429571bbcb4dd4497b30e0c826d88f971a7fd1eaa85bf079768a58cad7b46c770ac5de53e0e13909bb9f2cb8ae6406eb761cc9d8629a71e27d090c2fb3e6faef6f1be03495bc37419e1d9ddbc7da313f9a20ef118053e0ee013135233791a5188581f283b9f473d5bef37bd50126574fc8b4a3cc78cb7940346c40c9b0c5866ba68e92e1ffcbbdb0a280020a0034e46fd01a2ca05dc5b6cda6c8f690bace6dfbaf201e679f297ca32353ced40943b33d8b270cd0a5e489236c2ad9dc6d441bb573f5bfb9462327a9eb17344405c2f9e6ea6853dd1fc55ed315b097de88338ea8af479496301ad56c7dcffd994319716d926aa943eb88b12caba6c0b"}, 0x88, 0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a280000000c0a010200000000000000000100000008000440000000000900020073797a3100000000c8000000020a01"], 0x190}}, 0x0)

90.674498ms ago: executing program 2 (id=771):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r3 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
r4 = shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
madvise(&(0x7f00001ad000/0x4000)=nil, 0x4000, 0xe)
mlock(&(0x7f0000c0f000/0x3000)=nil, 0x3000)
r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f00000001c0)=0xb2)
dup2(r2, 0xffffffffffffffff)
sendmsg$alg(0xffffffffffffffff, 0x0, 0x20840)
read(r1, &(0x7f0000000240)=""/201, 0xc9)
r6 = userfaultfd(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@index_off}, {@redirect_dir={'redirect_dir', 0x3d, './file1'}}, {@default_permissions}]})
chdir(&(0x7f0000000140)='./bus\x00')
r7 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
r8 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r7, &(0x7f0000000100)=ANY=[], 0xfe3c)
r9 = dup2(r8, r7)
setxattr$security_ima(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYRESHEX=r9, @ANYRES16=r4], 0x2, 0x0)
finit_module(r8, 0x0, 0x0)
statx(r8, 0x0, 0x2000, 0x200, &(0x7f0000000540))
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000))
userfaultfd(0x38890b15878e7189)

42.717156ms ago: executing program 3 (id=772):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=773):
r0 = socket$nl_route(0x10, 0x3, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0)
r2 = io_uring_setup(0x4d63, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
getpid()
openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote}, 0x20)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000500)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000180)={r7})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000480)={<r8=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x40182103, &(0x7f0000000080)={r8, 0x3, r6, 0x5})
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="92001fdb", @ANYRES16=r3, @ANYBLOB="270e00000000fcffffff04070200"], 0x14}, 0x1, 0x40030000000000}, 0x0)
ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, 0x0)
openat$vnet(0xffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)
chdir(0x0)

kernel console output (not intermixed with test programs):

eated IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.360961][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.395384][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.397240][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.399895][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.402024][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.405892][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.413779][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.418894][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.423221][ T5337] veth1_vlan: entered promiscuous mode
[   59.434354][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.434429][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.439140][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.441920][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.445630][ T5336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.453119][ T5336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.457420][ T5336] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.464466][ T5336] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.467526][ T5336] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.470990][ T5336] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.474309][ T5336] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.493140][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.496588][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.541856][ T5337] veth0_macvtap: entered promiscuous mode
[   59.555459][ T5337] veth1_macvtap: entered promiscuous mode
[   59.592262][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.595211][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.609312][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.613764][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.618228][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.622567][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.627313][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.633695][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.639979][ T5337] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.645959][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.651323][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.655922][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.660012][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.663409][ T5337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.666891][ T5337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.673568][ T5337] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.699879][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.701441][ T5337] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.703261][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.706780][ T5337] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.714539][ T5337] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.717671][ T5337] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.808873][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.812358][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.832228][ T5401] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   59.852292][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.855543][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.928244][   T66] Bluetooth: hci3: command tx timeout
[   59.929422][ T5342] Bluetooth: hci0: command tx timeout
[   59.929682][ T5335] Bluetooth: hci2: command tx timeout
[   59.929715][ T5335] Bluetooth: hci1: command tx timeout
[   59.955645][ T5411] netlink: 'syz.0.1': attribute type 2 has an invalid length.
[   59.959734][ T5411] netlink: 'syz.0.1': attribute type 1 has an invalid length.
[   59.962570][ T5411] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.1'.
[   60.029006][ T5416] 9pnet_fd: Insufficient options for proto=fd
[   60.710029][   T39] kauditd_printk_skb: 53 callbacks suppressed
[   60.710039][   T39] audit: type=1400 audit(1722528557.385:169): avc:  denied  { write } for  pid=5442 comm="syz.1.11" name="rt_acct" dev="proc" ino=4026532989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   60.724558][ T5443] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   60.724558][ T5443]    program syz.1.11 not setting count and/or reply_len properly
[   60.735382][   T39] audit: type=1400 audit(1722528557.405:170): avc:  denied  { read } for  pid=5442 comm="syz.1.11" dev="nsfs" ino=4026532965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   60.744070][   T39] audit: type=1400 audit(1722528557.405:171): avc:  denied  { open } for  pid=5442 comm="syz.1.11" path="net:[4026532965]" dev="nsfs" ino=4026532965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   60.756017][   T39] audit: type=1400 audit(1722528557.405:172): avc:  denied  { bind } for  pid=5442 comm="syz.1.11" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   60.833885][   T39] audit: type=1400 audit(1722528557.505:173): avc:  denied  { read } for  pid=5452 comm="syz.2.14" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   60.847200][   T39] audit: type=1400 audit(1722528557.505:174): avc:  denied  { open } for  pid=5452 comm="syz.2.14" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   60.907927][   T39] audit: type=1400 audit(1722528557.575:175): avc:  denied  { map_create } for  pid=5452 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   60.925703][   T39] audit: type=1400 audit(1722528557.575:176): avc:  denied  { map_read map_write } for  pid=5452 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   61.385673][   T39] audit: type=1400 audit(1722528558.055:177): avc:  denied  { ioctl } for  pid=5454 comm="syz.0.15" path="socket:[8462]" dev="sockfs" ino=8462 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   61.421425][    T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!!
[   61.424904][    T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!!
[   61.498143][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!!
[   61.600269][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   61.600688][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   61.648567][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!!
[   61.651462][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!!
[   61.653996][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!!
[   61.657290][    T0] NOHZ tick-stop error: local softirq work is pending, handler #2c8!!!
[   61.667709][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   61.906553][   T39] audit: type=1400 audit(1722528558.575:178): avc:  denied  { ioctl } for  pid=5475 comm="syz.0.19" path="socket:[10295]" dev="sockfs" ino=10295 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   62.008179][ T5342] Bluetooth: hci0: command tx timeout
[   62.008196][   T66] Bluetooth: hci3: command tx timeout
[   62.017889][   T66] Bluetooth: hci1: command tx timeout
[   62.019336][ T5342] Bluetooth: hci2: command tx timeout
[   62.296673][ T5494] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   62.296673][ T5494]    program syz.1.24 not setting count and/or reply_len properly
[   62.820342][ T5506] 9pnet_fd: Insufficient options for proto=fd
[   62.985211][ T5518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.31'.
[   63.625849][ T5541] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   63.625849][ T5541]    program syz.0.36 not setting count and/or reply_len properly
[   64.088462][ T5342] Bluetooth: hci1: command tx timeout
[   64.088611][ T5341] Bluetooth: hci0: command tx timeout
[   64.091945][   T66] Bluetooth: hci3: command tx timeout
[   64.100289][   T66] Bluetooth: hci2: command tx timeout
[   65.226296][ T5572] netlink: 'syz.1.44': attribute type 2 has an invalid length.
[   65.230588][ T5572] netlink: 'syz.1.44': attribute type 1 has an invalid length.
[   65.233231][ T5572] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.44'.
[   65.681866][ T5594] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   65.681866][ T5594]    program syz.0.49 not setting count and/or reply_len properly
[   65.797555][ T5597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.51'.
[   66.375954][ T5617] netlink: 'syz.0.55': attribute type 2 has an invalid length.
[   66.379566][ T5617] netlink: 'syz.0.55': attribute type 1 has an invalid length.
[   66.382423][ T5617] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.55'.
[   66.935258][ T5640] netlink: 4 bytes leftover after parsing attributes in process `syz.2.60'.
[   67.144323][ T5659] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   67.144323][ T5659]    program syz.2.63 not setting count and/or reply_len properly
[   67.496906][ T5664] netlink: 'syz.1.65': attribute type 2 has an invalid length.
[   67.500329][ T5664] netlink: 'syz.1.65': attribute type 1 has an invalid length.
[   67.503362][ T5664] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.65'.
[   67.823536][ T5670] netlink: 'syz.2.67': attribute type 2 has an invalid length.
[   67.826221][ T5670] netlink: 'syz.2.67': attribute type 1 has an invalid length.
[   67.829376][ T5670] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.67'.
[   68.269371][ T5694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.72'.
[   68.327927][ T5335] Bluetooth: hci0: command 0x0406 tx timeout
[   68.366657][ T5706] netlink: 4 bytes leftover after parsing attributes in process `syz.2.74'.
[   68.476714][ T5717] netlink: 'syz.0.76': attribute type 2 has an invalid length.
[   68.479620][ T5717] netlink: 'syz.0.76': attribute type 1 has an invalid length.
[   68.482320][ T5717] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.76'.
[   68.487401][ T5712] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   68.487401][ T5712]    program syz.1.75 not setting count and/or reply_len properly
[   68.497892][ T5341] Bluetooth: hci2: command 0x0406 tx timeout
[   68.565068][ T5725] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.78'.
[   69.462467][ T5750] 9pnet_fd: Insufficient options for proto=fd
[   69.609187][ T5341] Bluetooth: hci3: command 0x0406 tx timeout
[   70.108410][ T5777] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   70.108410][ T5777]    program syz.0.92 not setting count and/or reply_len properly
[   70.449887][ T5788] 9pnet_fd: Insufficient options for proto=fd
[   70.679009][ T5799] __nla_validate_parse: 2 callbacks suppressed
[   70.679025][ T5799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.96'.
[   71.059163][ T5810] validate_nla: 4 callbacks suppressed
[   71.059179][ T5810] netlink: 'syz.3.99': attribute type 2 has an invalid length.
[   71.066667][ T5810] netlink: 'syz.3.99': attribute type 1 has an invalid length.
[   71.079951][ T5810] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.99'.
[   71.794088][ T5834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.106'.
[   72.195053][ T5851] 9pnet_fd: Insufficient options for proto=fd
[   72.452618][ T5855] netlink: 'syz.1.110': attribute type 2 has an invalid length.
[   72.469508][ T5855] netlink: 'syz.1.110': attribute type 1 has an invalid length.
[   72.472840][ T5855] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.110'.
[   73.337180][ T5876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.117'.
[   73.840894][ T5889] netlink: 'syz.3.119': attribute type 2 has an invalid length.
[   73.844062][ T5889] netlink: 'syz.3.119': attribute type 1 has an invalid length.
[   73.847055][ T5889] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.119'.
[   74.361678][ T5911] netlink: 4 bytes leftover after parsing attributes in process `syz.3.126'.
[   74.651838][ T5920] netlink: 'syz.3.128': attribute type 2 has an invalid length.
[   74.655611][ T5920] netlink: 'syz.3.128': attribute type 1 has an invalid length.
[   74.659359][ T5920] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.128'.
[   75.983251][ T5956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.136'.
[   76.309539][ T5969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.140'.
[   76.442235][ T5977] netlink: 'syz.1.139': attribute type 2 has an invalid length.
[   76.445642][ T5977] netlink: 'syz.1.139': attribute type 1 has an invalid length.
[   76.450025][ T5977] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.139'.
[   77.072962][ T1379] ieee802154 phy0 wpan0: encryption failed: -22
[   77.076624][ T1379] ieee802154 phy1 wpan1: encryption failed: -22
[   77.810477][   T39] kauditd_printk_skb: 11 callbacks suppressed
[   77.810491][   T39] audit: type=1400 audit(1722528574.485:190): avc:  denied  { read write } for  pid=6007 comm="syz.3.150" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   77.824774][   T39] audit: type=1400 audit(1722528574.485:191): avc:  denied  { open } for  pid=6007 comm="syz.3.150" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   77.834718][   T39] audit: type=1400 audit(1722528574.485:192): avc:  denied  { mounton } for  pid=6007 comm="syz.3.150" path="/32/file0" dev="tmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   77.979186][ T6012] afs: Bad value for 'flock'
[   77.980258][   T39] audit: type=1400 audit(1722528574.655:193): avc:  denied  { mounton } for  pid=6007 comm="syz.3.150" path="/32/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[   78.141261][ T6014] netlink: 'syz.0.151': attribute type 2 has an invalid length.
[   78.144275][ T6014] netlink: 'syz.0.151': attribute type 1 has an invalid length.
[   78.147194][ T6014] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.151'.
[   78.640224][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.2.156'.
[   78.645149][   T39] audit: type=1400 audit(1722528575.315:194): avc:  denied  { unmount } for  pid=5332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   78.865127][   T39] audit: type=1400 audit(1722528575.535:195): avc:  denied  { bind } for  pid=6038 comm="syz.2.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   78.875934][   T39] audit: type=1400 audit(1722528575.545:196): avc:  denied  { listen } for  pid=6038 comm="syz.2.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   78.884217][   T39] audit: type=1400 audit(1722528575.555:197): avc:  denied  { accept } for  pid=6038 comm="syz.2.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   78.942592][ T6046] Zero length message leads to an empty skb
[   79.011965][ T6048] netlink: 'syz.0.160': attribute type 2 has an invalid length.
[   79.015267][ T6048] netlink: 'syz.0.160': attribute type 1 has an invalid length.
[   79.018723][ T6048] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.160'.
[   79.238474][   T57] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   79.427914][   T57] usb 7-1: Using ep0 maxpacket: 8
[   79.435288][   T57] usb 7-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   79.440942][   T57] usb 7-1: config 1 interface 0 has no altsetting 0
[   79.448706][   T57] usb 7-1: New USB device found, idVendor=24b8, idProduct=0020, bcdDevice= 0.40
[   79.452699][   T57] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.455728][   T57] usb 7-1: Product: syz
[   79.457361][   T57] usb 7-1: Manufacturer: syz
[   79.460122][   T57] usb 7-1: SerialNumber: syz
[   79.665106][ T6061] netlink: 'syz.3.163': attribute type 29 has an invalid length.
[   79.668505][ T6061] netlink: 'syz.3.163': attribute type 37 has an invalid length.
[   79.679149][   T39] audit: type=1400 audit(1722528576.345:198): avc:  denied  { bind } for  pid=6060 comm="syz.3.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   79.696848][   T39] audit: type=1400 audit(1722528576.365:199): avc:  denied  { write } for  pid=6060 comm="syz.3.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   80.427976][   T35] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   80.639688][   T35] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   80.643323][   T35] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.645945][   T35] usb 8-1: Product: syz
[   80.650307][   T35] usb 8-1: Manufacturer: syz
[   80.651885][   T35] usb 8-1: SerialNumber: syz
[   80.655562][   T35] usb 8-1: config 0 descriptor??
[   81.062684][ T6069] netlink: 'syz.3.166': attribute type 5 has an invalid length.
[   81.086722][ T5386] usb 8-1: USB disconnect, device number 2
[   81.148295][   T35] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   81.343962][   T35] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   81.348260][   T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.351921][   T35] usb 5-1: Product: syz
[   81.353825][   T35] usb 5-1: Manufacturer: syz
[   81.355940][   T35] usb 5-1: SerialNumber: syz
[   81.360450][   T35] usb 5-1: config 0 descriptor??
[   81.575855][   T35] usb 5-1: USB disconnect, device number 2
[   81.607286][ T6080] netlink: 'syz.1.169': attribute type 2 has an invalid length.
[   81.610766][ T6080] netlink: 'syz.1.169': attribute type 1 has an invalid length.
[   81.613484][ T6080] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.169'.
[   81.776105][   T57] usbhid 7-1:1.0: can't add hid device: -71
[   81.779514][   T57] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[   81.787646][   T57] usb 7-1: USB disconnect, device number 2
[   81.871631][ T6088] syz.3.172 uses obsolete (PF_INET,SOCK_PACKET)
[   82.184908][ T1290] cfg80211: failed to load regulatory.db
[   84.615308][ T6131] netlink: 'syz.0.184': attribute type 2 has an invalid length.
[   84.620625][ T6131] netlink: 'syz.0.184': attribute type 1 has an invalid length.
[   84.623825][ T6131] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.184'.
[   84.676211][ T6134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.185'.
[   84.756119][ T6137] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   84.756119][ T6137]    program syz.0.186 not setting count and/or reply_len properly
[   84.847020][ T6145] netlink: 'syz.1.187': attribute type 2 has an invalid length.
[   84.850505][ T6145] netlink: 'syz.1.187': attribute type 1 has an invalid length.
[   84.854429][ T6145] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.187'.
[   85.237213][ T6159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.192'.
[   85.381341][ T6169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.195'.
[   86.062295][ T6194] 9pnet_fd: Insufficient options for proto=fd
[   86.130526][   T39] kauditd_printk_skb: 1 callbacks suppressed
[   86.130541][   T39] audit: type=1400 audit(1722528582.805:201): avc:  denied  { create } for  pid=6193 comm="syz.0.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   86.152508][   T39] audit: type=1400 audit(1722528582.825:202): avc:  denied  { connect } for  pid=6193 comm="syz.0.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   86.256459][ T6196] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   86.343031][ T6207] netlink: 'syz.3.203': attribute type 2 has an invalid length.
[   86.346402][ T6207] netlink: 'syz.3.203': attribute type 1 has an invalid length.
[   86.350281][ T6207] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.203'.
[   86.424364][ T6210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.204'.
[   87.080188][ T6246] netlink: 'syz.3.213': attribute type 2 has an invalid length.
[   87.083200][ T6246] netlink: 'syz.3.213': attribute type 1 has an invalid length.
[   87.086254][ T6246] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.213'.
[   87.129484][ T6250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.214'.
[   87.838107][ T5371] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   88.066003][ T5371] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   88.069881][ T5371] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.072663][ T5371] usb 6-1: Product: syz
[   88.074496][ T5371] usb 6-1: Manufacturer: syz
[   88.076228][ T5371] usb 6-1: SerialNumber: syz
[   88.089607][ T5371] usb 6-1: config 0 descriptor??
[   88.513470][ T6272] netlink: 'syz.1.217': attribute type 5 has an invalid length.
[   88.542358][ T5375] usb 6-1: USB disconnect, device number 2
[   89.231675][ T6294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.223'.
[   89.231763][ T6291] netlink: 'syz.3.222': attribute type 2 has an invalid length.
[   89.241064][ T6291] netlink: 'syz.3.222': attribute type 1 has an invalid length.
[   89.244499][ T6291] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.222'.
[   89.307012][ T6300] netlink: 28 bytes leftover after parsing attributes in process `syz.2.224'.
[   89.375493][   T39] audit: type=1400 audit(1722528586.045:203): avc:  denied  { write } for  pid=6293 comm="syz.2.224" path="socket:[10060]" dev="sockfs" ino=10060 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   89.517943][ T6308] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   89.517943][ T6308]    program syz.0.226 not setting count and/or reply_len properly
[   90.207946][ T5375] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   90.394304][ T5375] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   90.405122][ T5375] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.408328][ T5375] usb 8-1: Product: syz
[   90.409964][ T5375] usb 8-1: Manufacturer: syz
[   90.412522][ T5375] usb 8-1: SerialNumber: syz
[   90.416738][ T5375] usb 8-1: config 0 descriptor??
[   90.844052][ T6326] netlink: 'syz.3.230': attribute type 5 has an invalid length.
[   90.860503][   T35] usb 8-1: USB disconnect, device number 3
[   90.976784][ T6344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.234'.
[   91.847684][ T6371] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   91.847684][ T6371]    program syz.3.239 not setting count and/or reply_len properly
[   92.003352][ T6378] netlink: 'syz.0.240': attribute type 2 has an invalid length.
[   92.007127][ T6378] netlink: 'syz.0.240': attribute type 1 has an invalid length.
[   92.010705][ T6378] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.240'.
[   92.094474][ T6386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.243'.
[   93.486587][ T6428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.253'.
[   93.675544][ T6438] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in;
[   93.675544][ T6438]    program syz.1.254 not setting count and/or reply_len properly
[   95.178125][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.0.262'.
[   95.227178][ T6475] netlink: 'syz.2.263': attribute type 2 has an invalid length.
[   95.230730][ T6475] netlink: 'syz.2.263': attribute type 1 has an invalid length.
[   95.234158][ T6475] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.263'.
[   95.345642][   T39] audit: type=1400 audit(1722528592.015:204): avc:  denied  { execute } for  pid=6482 comm="syz.0.265" path="/70/blkio.bfq.io_serviced_recursive" dev="tmpfs" ino=396 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   95.356453][   T39] audit: type=1400 audit(1722528592.025:205): avc:  denied  { create } for  pid=6482 comm="syz.0.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   95.374387][   T39] audit: type=1400 audit(1722528592.045:206): avc:  denied  { create } for  pid=6482 comm="syz.0.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   95.674611][ T6514] FAULT_INJECTION: forcing a failure.
[   95.674611][ T6514] name failslab, interval 1, probability 0, space 0, times 1
[   95.680704][ T6514] CPU: 3 UID: 0 PID: 6514 Comm: syz.2.271 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[   95.685345][ T6514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.690025][ T6514] Call Trace:
[   95.691521][ T6514]  <TASK>
[   95.692864][ T6514]  dump_stack_lvl+0x16c/0x1f0
[   95.694990][ T6514]  should_fail_ex+0x497/0x5b0
[   95.697036][ T6514]  ? fs_reclaim_acquire+0xae/0x160
[   95.698494][   T39] audit: type=1400 audit(1722528592.375:207): avc:  denied  { read } for  pid=6517 comm="syz.3.272" name="fb1" dev="devtmpfs" ino=642 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   95.699275][ T6514]  should_failslab+0xc2/0x120
[   95.699349][ T6514]  kmem_cache_alloc_lru_noprof+0x72/0x2f0
[   95.699373][ T6514]  ? __d_alloc+0x31/0xaa0
[   95.699391][ T6514]  __d_alloc+0x31/0xaa0
[   95.699409][ T6514]  ? __pfx_mark_lock+0x10/0x10
[   95.699430][ T6514]  d_alloc+0x4a/0x1e0
[   95.699450][ T6514]  d_alloc_parallel+0xe9/0x12b0
[   95.699476][ T6514]  ? __pfx_d_alloc_parallel+0x10/0x10
[   95.708041][ T6518] netlink: 20 bytes leftover after parsing attributes in process `syz.3.272'.
[   95.712316][   T39] audit: type=1400 audit(1722528592.375:208): avc:  denied  { open } for  pid=6517 comm="syz.3.272" path="/dev/fb1" dev="devtmpfs" ino=642 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   95.714380][ T6514]  ? lockdep_init_map_type+0x16d/0x7d0
[   95.716188][   T39] audit: type=1400 audit(1722528592.375:209): avc:  denied  { create } for  pid=6517 comm="syz.3.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   95.717943][ T6514]  ? lockdep_init_map_type+0x16d/0x7d0
[   95.717972][ T6514]  __lookup_slow+0x194/0x460
[   95.717996][ T6514]  ? __pfx___lookup_slow+0x10/0x10
[   95.718019][ T6514]  ? __pfx_lock_release+0x10/0x10
[   95.718040][ T6514]  ? __startup_64+0x120/0x2a0
[   95.718064][ T6514]  ? __startup_64+0x120/0x2a0
[   95.718086][ T6514]  ? d_lookup+0xe9/0x180
[   95.720102][   T39] audit: type=1400 audit(1722528592.385:210): avc:  denied  { ioctl } for  pid=6517 comm="syz.3.272" path="/dev/fb1" dev="devtmpfs" ino=642 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   95.721790][ T6514]  lookup_one_len+0x181/0x1b0
[   95.769155][ T6514]  ? __pfx_lookup_one_len+0x10/0x10
[   95.769188][ T6514]  ? mntput+0x10/0x90
[   95.769212][ T6514]  start_creating.part.0+0x12f/0x3a0
[   95.769245][ T6514]  __debugfs_create_file+0xa5/0x660
[   95.769273][ T6514]  debugfs_create_x8+0x70/0xa0
[   95.769298][ T6514]  ldisc_open+0x34e/0x910
[   95.769321][ T6514]  ? __pfx_ldisc_open+0x10/0x10
[   95.769343][ T6514]  ? down_write+0x14e/0x200
[   95.769364][ T6514]  ? __pfx_ldisc_open+0x10/0x10
[   95.769386][ T6514]  tty_ldisc_open+0x9c/0x120
[   95.769409][ T6514]  tty_set_ldisc+0x318/0x720
[   95.769432][ T6514]  tty_ioctl+0xbdc/0x15f0
[   95.769457][ T6514]  ? __pfx_tty_ioctl+0x10/0x10
[   95.769480][ T6514]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   95.769509][ T6514]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   95.769531][ T6514]  ? selinux_file_ioctl+0x180/0x270
[   95.769556][ T6514]  ? selinux_file_ioctl+0xb4/0x270
[   95.769581][ T6514]  ? __pfx_tty_ioctl+0x10/0x10
[   95.769604][ T6514]  __x64_sys_ioctl+0x193/0x220
[   95.769630][ T6514]  do_syscall_64+0xcd/0x250
[   95.769649][ T6514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.769672][ T6514] RIP: 0033:0x7fe95ad773b9
[   95.769686][ T6514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.769704][ T6514] RSP: 002b:00007fe95bba8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   95.769723][ T6514] RAX: ffffffffffffffda RBX: 00007fe95af05f80 RCX: 00007fe95ad773b9
[   95.769736][ T6514] RDX: 0000000020000040 RSI: 0000000000005423 RDI: 0000000000000004
[   95.769747][ T6514] RBP: 00007fe95bba80a0 R08: 0000000000000000 R09: 0000000000000000
[   95.769759][ T6514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   95.769770][ T6514] R13: 000000000000000b R14: 00007fe95af05f80 R15: 00007fff7f7f93a8
[   95.769784][ T6514]  </TASK>
[   95.830209][ T6521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.273'.
[   97.295319][   T39] audit: type=1400 audit(1722528593.965:211): avc:  denied  { name_bind } for  pid=6556 comm="syz.2.281" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   97.296707][ T6557] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   97.304762][   T39] audit: type=1400 audit(1722528593.965:212): avc:  denied  { node_bind } for  pid=6556 comm="syz.2.281" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   97.415674][ T6563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.284'.
[   97.574492][ T6574] netlink: 'syz.0.285': attribute type 2 has an invalid length.
[   97.578056][ T6574] netlink: 'syz.0.285': attribute type 1 has an invalid length.
[   97.581481][ T6574] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.285'.
[   97.629553][   T39] audit: type=1400 audit(1722528594.295:213): avc:  denied  { read } for  pid=6579 comm="syz.3.287" name="card1" dev="devtmpfs" ino=638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   97.777224][ T6590] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   97.872847][ T6594] sctp: [Deprecated]: syz.2.292 (pid 6594) Use of struct sctp_assoc_value in delayed_ack socket option.
[   97.872847][ T6594] Use struct sctp_sack_info instead
[   98.136917][ T6606] netlink: 4 bytes leftover after parsing attributes in process `syz.0.295'.
[   98.717226][ T6616] netlink: 'syz.1.297': attribute type 2 has an invalid length.
[   98.717245][ T6616] netlink: 'syz.1.297': attribute type 1 has an invalid length.
[   98.717254][ T6616] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.297'.
[   98.900639][ T6624] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   99.081397][ T6633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.304'.
[   99.342587][ T6653] vivid-000: disconnect
[   99.345666][ T6653] FAULT_INJECTION: forcing a failure.
[   99.345666][ T6653] name failslab, interval 1, probability 0, space 0, times 0
[   99.350793][ T6653] CPU: 0 UID: 0 PID: 6653 Comm: syz.3.310 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[   99.355071][ T6653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   99.359717][ T6653] Call Trace:
[   99.361197][ T6653]  <TASK>
[   99.362511][ T6653]  dump_stack_lvl+0x16c/0x1f0
[   99.364279][ T6653]  should_fail_ex+0x497/0x5b0
[   99.366029][ T6653]  ? fs_reclaim_acquire+0xae/0x160
[   99.367741][ T6653]  should_failslab+0xc2/0x120
[   99.369835][ T6653]  __kmalloc_noprof+0xcb/0x400
[   99.371839][ T6653]  tomoyo_encode2+0x100/0x3e0
[   99.373672][ T6653]  tomoyo_encode+0x29/0x50
[   99.375238][ T6653]  tomoyo_realpath_from_path+0x19d/0x720
[   99.377695][ T6653]  tomoyo_check_open_permission+0x2a7/0x3b0
[   99.379754][ T6653]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[   99.382316][ T6653]  ? __pfx___lock_acquire+0x10/0x10
[   99.384425][ T6653]  ? __pfx_hook_file_open+0x10/0x10
[   99.386440][ T6653]  ? path_get+0x61/0x80
[   99.388216][ T6653]  tomoyo_file_open+0x71/0x90
[   99.390216][ T6653]  security_file_open+0x78/0x8b0
[   99.392434][ T6653]  do_dentry_open+0x5c7/0x15f0
[   99.394521][ T6653]  ? inode_permission+0xdd/0x5f0
[   99.396709][ T6653]  vfs_open+0x82/0x3f0
[   99.398503][ T6653]  ? may_open+0x1f2/0x400
[   99.400305][ T6653]  path_openat+0x2141/0x2d20
[   99.402149][ T6653]  ? __pfx_path_openat+0x10/0x10
[   99.404264][ T6653]  ? __pfx___lock_acquire+0x10/0x10
[   99.406194][ T6653]  ? find_held_lock+0x2d/0x110
[   99.408203][ T6653]  do_filp_open+0x1dc/0x430
[   99.410178][ T6653]  ? __pfx_do_filp_open+0x10/0x10
[   99.412406][ T6653]  ? find_held_lock+0x2d/0x110
[   99.414382][ T6653]  ? _raw_spin_unlock+0x28/0x50
[   99.416382][ T6653]  ? alloc_fd+0x2d7/0x6c0
[   99.418122][ T6653]  do_sys_openat2+0x17a/0x1e0
[   99.420181][ T6653]  ? __pfx_do_sys_openat2+0x10/0x10
[   99.422444][ T6653]  __x64_sys_openat+0x175/0x210
[   99.424676][ T6653]  ? __pfx___x64_sys_openat+0x10/0x10
[   99.427050][ T6653]  ? ksys_write+0x1ab/0x260
[   99.428999][ T6653]  do_syscall_64+0xcd/0x250
[   99.430597][ T6653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.433220][ T6653] RIP: 0033:0x7f3917575d50
[   99.434760][ T6653] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8e 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8e 02 00 8b 44
[   99.441672][ T6653] RSP: 002b:00007f39183bbb80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[   99.445108][ T6653] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f3917575d50
[   99.448525][ T6653] RDX: 0000000000000002 RSI: 00007f39183bbc20 RDI: 00000000ffffff9c
[   99.451941][ T6653] RBP: 00007f39183bbc20 R08: 0000000000000000 R09: 00236f656469762f
[   99.455386][ T6653] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   99.458782][ T6653] R13: 000000000000000b R14: 00007f3917705f80 R15: 00007ffdd9e19d08
[   99.462123][ T6653]  </TASK>
[   99.465800][ T6653] ERROR: Out of memory at tomoyo_realpath_from_path.
[   99.469740][ T6652] vivid-000: reconnect
[   99.536456][ T6656] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   99.848710][ T6674] netlink: 28 bytes leftover after parsing attributes in process `syz.3.319'.
[   99.951792][ T6676] FAULT_INJECTION: forcing a failure.
[   99.951792][ T6676] name failslab, interval 1, probability 0, space 0, times 0
[   99.960815][ T6676] CPU: 2 UID: 0 PID: 6676 Comm: syz.3.320 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[   99.965153][ T6676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   99.969390][ T6676] Call Trace:
[   99.970750][ T6676]  <TASK>
[   99.971964][ T6676]  dump_stack_lvl+0x16c/0x1f0
[   99.973934][ T6676]  should_fail_ex+0x497/0x5b0
[   99.975841][ T6676]  ? fs_reclaim_acquire+0xae/0x160
[   99.977884][ T6676]  should_failslab+0xc2/0x120
[   99.979966][ T6676]  __kmalloc_cache_noprof+0x6b/0x300
[   99.982162][ T6676]  ? ip_set_create+0x33f/0x14d0
[   99.984151][ T6676]  ip_set_create+0x33f/0x14d0
[   99.985848][ T6676]  ? __pfx_ip_set_create+0x10/0x10
[   99.987684][ T6676]  nfnetlink_rcv_msg+0x9c3/0x11e0
[   99.989483][ T6676]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   99.991525][ T6676]  ? find_held_lock+0x2d/0x110
[   99.993402][ T6676]  ? avc_has_perm_noaudit+0x143/0x3a0
[   99.995580][ T6676]  netlink_rcv_skb+0x16b/0x440
[   99.997321][ T6676]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   99.999558][ T6676]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  100.001436][ T6676]  ? security_capable+0x98/0xd0
[  100.003028][ T6676]  ? ns_capable+0xd7/0x110
[  100.004690][ T6676]  nfnetlink_rcv+0x1b4/0x430
[  100.006366][ T6676]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  100.008209][ T6676]  ? netlink_deliver_tap+0x1ae/0xd90
[  100.010019][ T6676]  netlink_unicast+0x544/0x830
[  100.011607][ T6676]  ? __pfx_netlink_unicast+0x10/0x10
[  100.013401][ T6676]  netlink_sendmsg+0x8b8/0xd70
[  100.015112][ T6676]  ? __pfx_netlink_sendmsg+0x10/0x10
[  100.017267][ T6676]  ? __import_iovec+0x1fd/0x6e0
[  100.019282][ T6676]  ____sys_sendmsg+0xab5/0xc90
[  100.021244][ T6676]  ? copy_msghdr_from_user+0x10b/0x160
[  100.023474][ T6676]  ? __pfx_____sys_sendmsg+0x10/0x10
[  100.025658][ T6676]  ? find_held_lock+0x2d/0x110
[  100.027680][ T6676]  ? __pfx___lock_acquire+0x10/0x10
[  100.029683][ T6676]  ___sys_sendmsg+0x135/0x1e0
[  100.031581][ T6676]  ? __pfx____sys_sendmsg+0x10/0x10
[  100.033728][ T6676]  ? ksys_write+0x21c/0x260
[  100.035568][ T6676]  ? __fget_light+0x173/0x210
[  100.037581][ T6676]  __sys_sendmsg+0x117/0x1f0
[  100.039496][ T6676]  ? __pfx___sys_sendmsg+0x10/0x10
[  100.041637][ T6676]  do_syscall_64+0xcd/0x250
[  100.043527][ T6676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.046010][ T6676] RIP: 0033:0x7f39175773b9
[  100.047902][ T6676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.055924][ T6676] RSP: 002b:00007f39183bc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  100.059319][ T6676] RAX: ffffffffffffffda RBX: 00007f3917705f80 RCX: 00007f39175773b9
[  100.062592][ T6676] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  100.065830][ T6676] RBP: 00007f39183bc0a0 R08: 0000000000000000 R09: 0000000000000000
[  100.069081][ T6676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  100.072334][ T6676] R13: 000000000000000b R14: 00007f3917705f80 R15: 00007ffdd9e19d08
[  100.075542][ T6676]  </TASK>
[  100.077063][    C2] vkms_vblank_simulate: vblank timer overrun
[  100.207393][ T6678] program syz.3.321 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  100.258182][ T6681] netlink: 32 bytes leftover after parsing attributes in process `syz.2.323'.
[  100.552322][ T6690] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  101.015065][   T39] kauditd_printk_skb: 10 callbacks suppressed
[  101.015075][   T39] audit: type=1400 audit(1722528597.685:224): avc:  denied  { create } for  pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  101.179263][   T39] audit: type=1400 audit(1722528597.855:225): avc:  denied  { create } for  pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  101.186466][   T39] audit: type=1400 audit(1722528597.855:226): avc:  denied  { connect } for  pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  101.248683][   T39] audit: type=1400 audit(1722528597.925:227): avc:  denied  { read } for  pid=6703 comm="syz.1.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  101.312698][   T39] audit: type=1400 audit(1722528597.985:228): avc:  denied  { write } for  pid=6703 comm="syz.1.331" path="socket:[13306]" dev="sockfs" ino=13306 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  102.041865][ T6728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.335'.
[  102.317947][   T39] audit: type=1400 audit(1722528598.975:229): avc:  denied  { mounton } for  pid=6737 comm="syz.1.337" path="/proc/274/task" dev="proc" ino=15577 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  103.510413][ T6768] program syz.2.344 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  103.511070][ T6772] netlink: 'syz.0.345': attribute type 2 has an invalid length.
[  103.518381][ T6772] netlink: 'syz.0.345': attribute type 1 has an invalid length.
[  103.521751][ T6772] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.345'.
[  103.578550][ T6775] netlink: 4 bytes leftover after parsing attributes in process `syz.0.346'.
[  103.747687][ T6789] netlink: 32 bytes leftover after parsing attributes in process `syz.1.349'.
[  103.900964][   T39] audit: type=1400 audit(1722528600.575:230): avc:  denied  { shutdown } for  pid=6798 comm="syz.0.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  103.912249][   T39] audit: type=1400 audit(1722528600.585:231): avc:  denied  { read } for  pid=6798 comm="syz.0.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  103.989025][   T39] audit: type=1400 audit(1722528600.655:232): avc:  denied  { ioctl } for  pid=6798 comm="syz.0.352" path="socket:[16489]" dev="sockfs" ino=16489 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  104.093977][   T39] audit: type=1400 audit(1722528600.765:233): avc:  denied  { read } for  pid=6806 comm="syz.3.354" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  104.166449][ T6812] mkiss: ax0: crc mode is auto.
[  104.208468][ T6812] netlink: 'syz.3.354': attribute type 4 has an invalid length.
[  104.216268][ T6812] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.354'.
[  105.225027][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.1.359'.
[  106.649044][ T6868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.369'.
[  106.679189][   T39] kauditd_printk_skb: 7 callbacks suppressed
[  106.679203][   T39] audit: type=1400 audit(1722528603.355:241): avc:  denied  { sys_module } for  pid=6867 comm="syz.2.369" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  108.078217][ T6926] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'.
[  108.344765][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.384'.
[  108.356025][   T39] audit: type=1400 audit(1722528605.025:242): avc:  denied  { read write } for  pid=6936 comm="syz.1.384" dev="sockfs" ino=15688 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  108.365131][   T39] audit: type=1400 audit(1722528605.025:243): avc:  denied  { mount } for  pid=6936 comm="syz.1.384" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  108.375939][   T39] audit: type=1400 audit(1722528605.055:244): avc:  denied  { unlink } for  pid=6936 comm="syz.1.384" name="#1" dev="tmpfs" ino=534 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  108.376925][ T6938] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  108.391558][ T6938] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  108.400555][   T39] audit: type=1400 audit(1722528605.075:245): avc:  denied  { mount } for  pid=6936 comm="syz.1.384" name="/" dev="overlay" ino=528 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  108.523555][   T39] audit: type=1400 audit(1722528605.195:246): avc:  denied  { unmount } for  pid=5328 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  108.671676][ T6956] netlink: 36 bytes leftover after parsing attributes in process `syz.3.389'.
[  108.725655][ T6960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.391'.
[  109.730216][ T6996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.401'.
[  109.826735][ T7002] Bluetooth: MGMT ver 1.23
[  109.898159][   T39] audit: type=1400 audit(1722528606.575:247): avc:  denied  { connect } for  pid=7004 comm="syz.1.403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  110.088612][ T7024] sg_write: data in/out 830110031/238 bytes for SCSI command 0x0-- guessing data in;
[  110.088612][ T7024]    program syz.2.408 not setting count and/or reply_len properly
[  110.278323][ T7027] netlink: 'syz.0.409': attribute type 2 has an invalid length.
[  110.281495][ T7027] netlink: 'syz.0.409': attribute type 1 has an invalid length.
[  110.284857][ T7027] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.409'.
[  110.370255][ T7030] program syz.0.410 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  110.469064][   T39] audit: type=1400 audit(1722528607.145:248): avc:  denied  { mounton } for  pid=7029 comm="syz.0.410" path="/111/file0" dev="tmpfs" ino=615 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  111.283631][   T39] audit: type=1400 audit(1722528607.955:249): avc:  denied  { setopt } for  pid=7037 comm="syz.3.413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  111.849225][ T7042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.414'.
[  112.043936][ T7053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.417'.
[  112.085478][ T7053] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  112.091985][ T7053] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  112.223211][ T7058] netlink: 'syz.1.418': attribute type 2 has an invalid length.
[  112.226753][ T7058] netlink: 'syz.1.418': attribute type 1 has an invalid length.
[  112.230844][ T7058] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.418'.
[  112.342611][ T7067] sg_write: data in/out 830110031/238 bytes for SCSI command 0x0-- guessing data in;
[  112.342611][ T7067]    program syz.1.419 not setting count and/or reply_len properly
[  112.987231][   T39] audit: type=1400 audit(1722528609.655:250): avc:  denied  { create } for  pid=7072 comm="syz.1.422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  113.006020][   T39] audit: type=1400 audit(1722528609.675:251): avc:  denied  { write } for  pid=7072 comm="syz.1.422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  113.394131][ T7082] 9pnet_fd: Insufficient options for proto=fd
[  113.871953][ T7096] netlink: 'syz.0.428': attribute type 2 has an invalid length.
[  113.875419][ T7096] netlink: 'syz.0.428': attribute type 1 has an invalid length.
[  113.878995][ T7096] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.428'.
[  113.938764][   T39] audit: type=1400 audit(1722528610.605:252): avc:  denied  { setopt } for  pid=7098 comm="syz.0.429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  113.951441][   T39] audit: type=1400 audit(1722528610.615:253): avc:  denied  { write } for  pid=7098 comm="syz.0.429" name="/" dev="configfs" ino=3085 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  113.961568][ T1290] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[  113.966461][   T39] audit: type=1400 audit(1722528610.615:254): avc:  denied  { add_name } for  pid=7098 comm="syz.0.429" name=".pending_reads" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  113.974891][   T39] audit: type=1400 audit(1722528610.615:255): avc:  denied  { create } for  pid=7098 comm="syz.0.429" name=".pending_reads" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:configfs_t tclass=file permissive=1
[  113.983120][   T39] audit: type=1400 audit(1722528610.615:256): avc:  denied  { mount } for  pid=7098 comm="syz.0.429" name="/" dev="ramfs" ino=18437 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  114.159386][ T1290] usb 7-1: Invalid ep0 maxpacket: 64
[  114.317852][ T1290] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[  114.510378][ T1290] usb 7-1: Invalid ep0 maxpacket: 64
[  114.512377][ T1290] usb usb7-port1: attempt power cycle
[  114.904436][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.435'.
[  114.927872][ T1290] usb 7-1: new low-speed USB device number 5 using dummy_hcd
[  114.929326][ T7118] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  114.935297][ T7118] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  114.969777][ T1290] usb 7-1: Invalid ep0 maxpacket: 64
[  114.986012][ T7120] netlink: 4 bytes leftover after parsing attributes in process `syz.3.436'.
[  115.136729][   T39] audit: type=1400 audit(1722528611.805:257): avc:  denied  { mount } for  pid=7129 comm="syz.3.439" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  115.145927][ T1290] usb 7-1: new low-speed USB device number 6 using dummy_hcd
[  115.188474][ T1290] usb 7-1: Invalid ep0 maxpacket: 64
[  115.188841][ T1290] usb usb7-port1: unable to enumerate USB device
[  115.209880][   T39] audit: type=1400 audit(1722528611.885:258): avc:  denied  { unmount } for  pid=5332 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  115.409084][ T7140] futex_wake_op: syz.3.440 tries to shift op by -1; fix this program
[  115.529275][ T7148] netlink: 'syz.3.443': attribute type 2 has an invalid length.
[  115.532367][ T7148] netlink: 'syz.3.443': attribute type 1 has an invalid length.
[  115.535561][ T7148] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.443'.
[  115.806934][ T7164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.447'.
[  115.962631][   T39] audit: type=1400 audit(1722528612.635:259): avc:  denied  { ioctl } for  pid=7171 comm="syz.0.449" path="/dev/sg0" dev="devtmpfs" ino=707 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  116.073938][ T7178] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in;
[  116.073938][ T7178]    program syz.1.452 not setting count and/or reply_len properly
[  116.552587][ T7182] netlink: 'syz.3.453': attribute type 2 has an invalid length.
[  116.556069][ T7182] netlink: 'syz.3.453': attribute type 1 has an invalid length.
[  116.560048][ T7182] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.453'.
[  116.661514][ T7190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.456'.
[  116.706365][ T7187] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in;
[  116.706365][ T7187]    program syz.1.455 not setting count and/or reply_len properly
[  117.350477][ T7206] 9pnet_fd: Insufficient options for proto=fd
[  117.611724][ T7209] fuse: Bad value for 'fd'
[  117.835484][ T7218] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in;
[  117.835484][ T7218]    program syz.2.464 not setting count and/or reply_len properly
[  118.325689][ T7226] netlink: 'syz.1.465': attribute type 2 has an invalid length.
[  118.328833][ T7226] netlink: 'syz.1.465': attribute type 1 has an invalid length.
[  118.332119][ T7226] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.465'.
[  118.393626][ T7229] netlink: 4 bytes leftover after parsing attributes in process `syz.1.466'.
[  118.404208][ T7232] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.408364][ T7232] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.415062][ T7232] bridge0: entered allmulticast mode
[  118.430935][   T39] kauditd_printk_skb: 10 callbacks suppressed
[  118.430949][   T39] audit: type=1400 audit(1722528615.105:270): avc:  denied  { name_bind } for  pid=7230 comm="syz.2.467" src=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  118.482962][ T7235] ptm ptm29: ldisc open failed (-12), clearing slot 29
[  118.547873][   T39] audit: type=1400 audit(1722528615.215:271): avc:  denied  { read } for  pid=7240 comm="syz.1.468" name="ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  118.555451][   T39] audit: type=1400 audit(1722528615.215:272): avc:  denied  { open } for  pid=7240 comm="syz.1.468" path="/dev/ppp" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  118.565912][   T39] audit: type=1400 audit(1722528615.225:273): avc:  denied  { read } for  pid=7240 comm="syz.1.468" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  118.574635][   T39] audit: type=1400 audit(1722528615.225:274): avc:  denied  { open } for  pid=7240 comm="syz.1.468" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  119.695541][   T39] audit: type=1400 audit(1722528616.365:275): avc:  denied  { read } for  pid=7252 comm="syz.2.471" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  119.708086][   T39] audit: type=1400 audit(1722528616.375:276): avc:  denied  { open } for  pid=7252 comm="syz.2.471" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  119.708353][ T7253] binder: BC_ACQUIRE_RESULT not supported
[  119.718281][   T39] audit: type=1400 audit(1722528616.385:277): avc:  denied  { ioctl } for  pid=7252 comm="syz.2.471" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  119.720963][ T7253] binder: 7252:7253 ioctl c0306201 20000640 returned -22
[  119.860922][ T7259] netlink: 'syz.2.474': attribute type 2 has an invalid length.
[  119.864477][ T7259] netlink: 'syz.2.474': attribute type 1 has an invalid length.
[  119.868225][ T7259] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.474'.
[  119.985274][ T7264] netlink: 'syz.2.475': attribute type 2 has an invalid length.
[  119.988873][ T7264] netlink: 'syz.2.475': attribute type 1 has an invalid length.
[  119.992247][ T7264] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.475'.
[  120.000562][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.476'.
[  120.057002][   T39] audit: type=1400 audit(1722528616.725:278): avc:  denied  { getopt } for  pid=7271 comm="syz.2.477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  120.222961][ T7289] sg_write: data in/out 830110031/305 bytes for SCSI command 0x0-- guessing data in;
[  120.222961][ T7289]    program syz.0.479 not setting count and/or reply_len properly
[  121.154373][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.488'.
[  121.281289][ T7323] sg_write: data in/out 830110031/338 bytes for SCSI command 0x0-- guessing data in;
[  121.281289][ T7323]    program syz.1.489 not setting count and/or reply_len properly
[  121.312547][   T39] audit: type=1400 audit(1722528617.985:279): avc:  denied  { write } for  pid=7324 comm="syz.2.490" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  121.560663][ T7329] warning: `syz.2.492' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  121.952463][ T7345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.498'.
[  121.973234][ T7342] 9pnet_fd: Insufficient options for proto=fd
[  122.401252][ T7376] netlink: 'syz.3.505': attribute type 2 has an invalid length.
[  122.404343][ T7376] netlink: 'syz.3.505': attribute type 1 has an invalid length.
[  122.406957][ T7376] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.505'.
[  122.502011][ T7382] sg_write: data in/out 830110031/338 bytes for SCSI command 0x0-- guessing data in;
[  122.502011][ T7382]    program syz.3.506 not setting count and/or reply_len properly
[  123.414350][ T7408] netlink: 'syz.3.514': attribute type 2 has an invalid length.
[  123.417179][ T7408] netlink: 'syz.3.514': attribute type 1 has an invalid length.
[  123.425512][ T7408] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.514'.
[  123.560860][ T7415] FAULT_INJECTION: forcing a failure.
[  123.560860][ T7415] name failslab, interval 1, probability 0, space 0, times 0
[  123.566969][ T7415] CPU: 3 UID: 0 PID: 7415 Comm: syz.2.516 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  123.571844][ T7415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  123.576911][ T7415] Call Trace:
[  123.578460][ T7415]  <TASK>
[  123.579840][ T7415]  dump_stack_lvl+0x16c/0x1f0
[  123.582075][ T7415]  should_fail_ex+0x497/0x5b0
[  123.584220][ T7415]  should_failslab+0xc2/0x120
[  123.586329][ T7415]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  123.588793][ T7415]  ? skb_clone+0x190/0x3f0
[  123.590951][ T7415]  skb_clone+0x190/0x3f0
[  123.592964][ T7415]  dev_queue_xmit_nit+0x38f/0xba0
[  123.595427][ T7415]  dev_hard_start_xmit+0x56/0x790
[  123.597789][ T7415]  ? __kasan_slab_alloc+0x89/0x90
[  123.600196][ T7415]  __dev_queue_xmit+0x7c7/0x4300
[  123.602517][ T7415]  ? __pfx___dev_queue_xmit+0x10/0x10
[  123.605026][ T7415]  ? __asan_memcpy+0x3c/0x60
[  123.607289][ T7415]  ? __asan_memcpy+0x3c/0x60
[  123.609583][ T7415]  ? __skb_clone+0x570/0x760
[  123.611738][ T7415]  netlink_deliver_tap+0xa7d/0xd90
[  123.614058][ T7415]  netlink_unicast+0x606/0x830
[  123.616385][ T7415]  ? __pfx_netlink_unicast+0x10/0x10
[  123.618842][ T7415]  netlink_sendmsg+0x8b8/0xd70
[  123.621202][ T7415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  123.623690][ T7415]  ? __import_iovec+0x1fd/0x6e0
[  123.625950][ T7415]  ____sys_sendmsg+0xab5/0xc90
[  123.628180][ T7415]  ? copy_msghdr_from_user+0x10b/0x160
[  123.630731][ T7415]  ? __pfx_____sys_sendmsg+0x10/0x10
[  123.633108][ T7415]  ? __lock_acquire+0x1620/0x3cb0
[  123.635313][ T7415]  ___sys_sendmsg+0x135/0x1e0
[  123.637487][ T7415]  ? __pfx____sys_sendmsg+0x10/0x10
[  123.639977][ T7415]  ? __pfx___might_resched+0x10/0x10
[  123.642420][ T7415]  ? __might_fault+0xe3/0x190
[  123.644728][ T7415]  __sys_sendmmsg+0x1a1/0x450
[  123.646995][ T7415]  ? __pfx___sys_sendmmsg+0x10/0x10
[  123.649170][ T7415]  ? vfs_write+0x14d/0x1140
[  123.650818][ T7415]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  123.653582][ T7415]  ? fput+0x32/0x390
[  123.655389][ T7415]  ? ksys_write+0x1ab/0x260
[  123.657716][ T7415]  ? __pfx_ksys_write+0x10/0x10
[  123.659990][ T7415]  __x64_sys_sendmmsg+0x9c/0x100
[  123.662367][ T7415]  ? lockdep_hardirqs_on+0x7c/0x110
[  123.664852][ T7415]  do_syscall_64+0xcd/0x250
[  123.667027][ T7415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.669992][ T7415] RIP: 0033:0x7fe95ad773b9
[  123.672053][ T7415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.680990][ T7415] RSP: 002b:00007fe95bba8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  123.684744][ T7415] RAX: ffffffffffffffda RBX: 00007fe95af05f80 RCX: 00007fe95ad773b9
[  123.688559][ T7415] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  123.692206][ T7415] RBP: 00007fe95bba80a0 R08: 0000000000000000 R09: 0000000000000000
[  123.695778][ T7415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  123.699402][ T7415] R13: 000000000000000b R14: 00007fe95af05f80 R15: 00007fff7f7f93a8
[  123.702957][ T7415]  </TASK>
[  124.046635][ T7435] netlink: 'syz.0.523': attribute type 2 has an invalid length.
[  124.049757][ T7435] netlink: 'syz.0.523': attribute type 1 has an invalid length.
[  124.052943][ T7435] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.523'.
[  124.103620][ T7438] netlink: 4 bytes leftover after parsing attributes in process `syz.0.524'.
[  124.704630][   T39] kauditd_printk_skb: 4 callbacks suppressed
[  124.704644][   T39] audit: type=1400 audit(1722528621.375:284): avc:  denied  { read } for  pid=7457 comm="syz.2.528" name="mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  124.721778][   T39] audit: type=1400 audit(1722528621.385:285): avc:  denied  { open } for  pid=7457 comm="syz.2.528" path="/dev/input/mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  125.021442][ T7474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.533'.
[  125.597863][   T35] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  125.778023][   T35] usb 5-1: Using ep0 maxpacket: 16
[  125.782379][   T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  125.787094][   T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  125.792255][   T35] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[  125.796079][   T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.801816][   T35] usb 5-1: config 0 descriptor??
[  125.806911][ T7494] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  126.222786][   T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0
[  126.226016][   T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0
[  126.232939][   T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0
[  126.235983][   T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0
[  126.239846][   T35] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0
[  126.254944][   T35] cp2112 0003:10C4:EA90.0002: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[  126.430694][   T35] cp2112 0003:10C4:EA90.0002: error requesting version
[  126.444730][   T35] cp2112 0003:10C4:EA90.0002: probe with driver cp2112 failed with error -5
[  126.634910][ T7494] fuse: Unknown parameter 'ÿ'
[  126.637320][ T7495] fuse: Unknown parameter 'ÿ'
[  126.646819][   T39] audit: type=1400 audit(1722528623.315:286): avc:  denied  { write } for  pid=7492 comm="syz.0.538" path="socket:[18086]" dev="sockfs" ino=18086 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  126.666222][   T39] audit: type=1400 audit(1722528623.315:287): avc:  denied  { nlmsg_read } for  pid=7492 comm="syz.0.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  126.805535][   T35] usb 5-1: USB disconnect, device number 3
[  127.278889][ T7526] sg_write: data in/out 830110031/355 bytes for SCSI command 0x0-- guessing data in;
[  127.278889][ T7526]    program syz.2.548 not setting count and/or reply_len properly
[  127.843672][   T39] audit: type=1400 audit(1722528624.515:288): avc:  denied  { write } for  pid=7544 comm="syz.2.553" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  128.987967][   T57] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  129.187904][   T57] usb 6-1: Using ep0 maxpacket: 32
[  129.192076][   T57] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  129.194900][   T57] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  129.209587][   T57] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  129.212574][   T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  129.215753][   T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  129.221019][   T57] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  129.226346][   T57] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  129.242765][   T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.251500][   T57] usb 6-1: config 0 descriptor??
[  129.267879][   T39] audit: type=1400 audit(1722528625.935:289): avc:  denied  { rename } for  pid=4807 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  129.275339][   T39] audit: type=1400 audit(1722528625.935:290): avc:  denied  { unlink } for  pid=4807 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  129.285623][   T39] audit: type=1400 audit(1722528625.935:291): avc:  denied  { create } for  pid=4807 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  129.421420][ T7573] sg_write: data in/out 830110031/363 bytes for SCSI command 0x0-- guessing data in;
[  129.421420][ T7573]    program syz.3.562 not setting count and/or reply_len properly
[  129.480116][   T57] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  129.498742][   T57] usb 6-1: USB disconnect, device number 3
[  129.518854][ T5329] udevd[5329]: setting owner of /dev/usb/lp0 to uid=0, gid=7 failed: No such file or directory
[  129.518974][   T57] usblp0: removed
[  129.796475][ T7585] netlink: 'syz.0.565': attribute type 2 has an invalid length.
[  129.799505][ T7585] netlink: 'syz.0.565': attribute type 1 has an invalid length.
[  129.802301][ T7585] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.565'.
[  129.813149][ T7588] netlink: 4 bytes leftover after parsing attributes in process `syz.2.566'.
[  130.057931][   T57] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  130.248013][   T57] usb 6-1: Using ep0 maxpacket: 32
[  130.251754][   T57] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  130.254598][   T57] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  130.257461][   T57] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  130.260512][   T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  130.263715][   T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  130.266987][   T57] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  130.271925][   T57] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  130.274954][   T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.279367][   T57] usb 6-1: config 0 descriptor??
[  130.489673][   T57] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  130.704438][   T39] audit: type=1400 audit(1722528627.375:292): avc:  denied  { read write } for  pid=7560 comm="syz.1.559" name="lp0" dev="devtmpfs" ino=2451 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  130.712422][   T39] audit: type=1400 audit(1722528627.375:293): avc:  denied  { open } for  pid=7560 comm="syz.1.559" path="/dev/usb/lp0" dev="devtmpfs" ino=2451 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  130.957429][   T39] audit: type=1400 audit(1722528627.625:294): avc:  denied  { listen } for  pid=7609 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  130.964118][   T39] audit: type=1400 audit(1722528627.625:295): avc:  denied  { read } for  pid=7609 comm="syz.3.571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  130.970812][ T7561] netlink: 28 bytes leftover after parsing attributes in process `syz.1.559'.
[  130.973422][ T7561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.559'.
[  130.981173][ T5375] usb 6-1: USB disconnect, device number 4
[  130.987415][ T5375] usblp0: removed
[  131.025077][   T39] audit: type=1400 audit(1722528627.695:296): avc:  denied  { block_suspend } for  pid=7609 comm="syz.3.571" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  131.205674][ T7625] netlink: 'syz.0.575': attribute type 2 has an invalid length.
[  131.209483][ T7625] netlink: 'syz.0.575': attribute type 1 has an invalid length.
[  131.213187][ T7625] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.575'.
[  131.253738][ T7628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.576'.
[  131.292997][ T7630] sg_write: data in/out 830110031/363 bytes for SCSI command 0x0-- guessing data in;
[  131.292997][ T7630]    program syz.0.577 not setting count and/or reply_len properly
[  131.378922][   T39] audit: type=1400 audit(1722528628.055:297): avc:  denied  { create } for  pid=7638 comm="syz.2.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  131.409246][ T7639] xt_policy: output policy not valid in PREROUTING and INPUT
[  132.521804][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'.
[  132.585950][ T7673] netlink: 'syz.3.588': attribute type 2 has an invalid length.
[  132.589434][ T7673] netlink: 'syz.3.588': attribute type 1 has an invalid length.
[  132.592044][ T7673] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.588'.
[  132.741389][ T7682] sg_write: data in/out 830110031/363 bytes for SCSI command 0x0-- guessing data in;
[  132.741389][ T7682]    program syz.1.591 not setting count and/or reply_len properly
[  133.179633][ T7695] FAULT_INJECTION: forcing a failure.
[  133.179633][ T7695] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  133.184986][ T7695] CPU: 0 UID: 0 PID: 7695 Comm: syz.0.594 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  133.188811][ T7695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  133.193085][ T7695] Call Trace:
[  133.194419][ T7695]  <TASK>
[  133.194529][ T7691] kvm: pic: non byte write
[  133.195588][ T7695]  dump_stack_lvl+0x16c/0x1f0
[  133.199482][ T7695]  should_fail_ex+0x497/0x5b0
[  133.201322][ T7695]  _copy_to_user+0x30/0xc0
[  133.203069][ T7695]  vivid_radio_rx_read+0x7db/0xba0
[  133.205083][ T7695]  ? __pfx_vivid_radio_rx_read+0x10/0x10
[  133.207279][ T7695]  ? inode_security+0x101/0x130
[  133.209191][ T7695]  ? avc_policy_seqno+0x9/0x20
[  133.211054][ T7695]  vivid_radio_read+0x86/0xc0
[  133.212911][ T7695]  v4l2_read+0x22c/0x360
[  133.214564][ T7695]  ? __pfx_v4l2_read+0x10/0x10
[  133.216434][ T7695]  vfs_read+0x1d4/0xbd0
[  133.218104][ T7695]  ? __pfx_vfs_read+0x10/0x10
[  133.219968][ T7695]  ? __fget_files+0x256/0x400
[  133.221811][ T7695]  ? __fget_light+0x173/0x210
[  133.223667][ T7695]  ksys_read+0x12f/0x260
[  133.225317][ T7695]  ? __pfx_ksys_read+0x10/0x10
[  133.227174][ T7695]  do_syscall_64+0xcd/0x250
[  133.229001][ T7695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.231301][ T7695] RIP: 0033:0x7f01b03773b9
[  133.233082][ T7695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.240478][ T7695] RSP: 002b:00007f01b11e1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  133.243708][ T7695] RAX: ffffffffffffffda RBX: 00007f01b0505f80 RCX: 00007f01b03773b9
[  133.246752][ T7695] RDX: 0000000000002020 RSI: 00000000200003c0 RDI: 0000000000000003
[  133.249820][ T7695] RBP: 00007f01b11e10a0 R08: 0000000000000000 R09: 0000000000000000
[  133.252903][ T7695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  133.255955][ T7695] R13: 000000000000000b R14: 00007f01b0505f80 R15: 00007ffef4ed9a98
[  133.259010][ T7695]  </TASK>
[  133.421880][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.597'.
[  133.433742][ T7706] netlink: 12 bytes leftover after parsing attributes in process `syz.0.597'.
[  133.484646][ T5342] Bluetooth: hci2: unexpected event for opcode 0x2024
[  133.514756][ T7711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.599'.
[  133.639196][   T39] audit: type=1400 audit(1722528630.305:298): avc:  denied  { connect } for  pid=7725 comm="syz.3.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  133.646616][   T39] audit: type=1400 audit(1722528630.315:299): avc:  denied  { create } for  pid=7725 comm="syz.3.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  133.682494][   T39] audit: type=1400 audit(1722528630.355:300): avc:  denied  { connect } for  pid=7728 comm="syz.3.604" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  133.784028][ T7729] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  134.059654][ T7734] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in;
[  134.059654][ T7734]    program syz.1.605 not setting count and/or reply_len properly
[  134.545402][   T39] audit: type=1400 audit(1722528631.215:301): avc:  denied  { execute } for  pid=7742 comm="syz.3.608" name="file1" dev="tmpfs" ino=860 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  134.545490][ T7743] process 'syz.3.608' launched './file1' with NULL argv: empty string added
[  135.036532][ T7770] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in;
[  135.036532][ T7770]    program syz.1.617 not setting count and/or reply_len properly
[  135.049318][ T7774] FAULT_INJECTION: forcing a failure.
[  135.049318][ T7774] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.054134][ T7774] CPU: 1 UID: 0 PID: 7774 Comm: syz.3.618 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  135.057879][ T7774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  135.062586][ T7774] Call Trace:
[  135.063742][ T7774]  <TASK>
[  135.064769][ T7774]  dump_stack_lvl+0x16c/0x1f0
[  135.066512][ T7774]  should_fail_ex+0x497/0x5b0
[  135.068363][ T7774]  _copy_from_user+0x30/0xf0
[  135.069918][ T7774]  io_uring_setup+0xa2/0x36c0
[  135.071512][ T7774]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  135.073528][ T7774]  ? __pfx_io_uring_setup+0x10/0x10
[  135.075305][ T7774]  ? ksys_write+0x1ab/0x260
[  135.076840][ T7774]  ? __pfx_ksys_write+0x10/0x10
[  135.078528][ T7774]  __x64_sys_io_uring_setup+0x98/0x140
[  135.080681][ T7774]  do_syscall_64+0xcd/0x250
[  135.082471][ T7774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.084614][ T7774] RIP: 0033:0x7f39175773b9
[  135.086143][ T7774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.093181][ T7774] RSP: 002b:00007f39183bc048 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  135.096042][ T7774] RAX: ffffffffffffffda RBX: 00007f3917705f80 RCX: 00007f39175773b9
[  135.098767][ T7774] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 00000000000021b6
[  135.101617][ T7774] RBP: 00007f39183bc0a0 R08: 0000000000000000 R09: 0000000000000000
[  135.104382][ T7774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.107120][ T7774] R13: 000000000000000b R14: 00007f3917705f80 R15: 00007ffdd9e19d08
[  135.110454][ T7774]  </TASK>
[  136.080117][   T39] kauditd_printk_skb: 4 callbacks suppressed
[  136.080132][   T39] audit: type=1400 audit(1722528632.755:306): avc:  denied  { create } for  pid=7809 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  136.089522][   T39] audit: type=1400 audit(1722528632.755:307): avc:  denied  { getopt } for  pid=7809 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  136.106145][   T39] audit: type=1400 audit(1722528632.775:308): avc:  denied  { create } for  pid=7809 comm="syz.1.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  136.717930][ T5375] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  136.897983][ T5375] usb 7-1: Using ep0 maxpacket: 32
[  136.908348][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  136.912002][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  136.915878][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  136.920062][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  136.927910][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  136.931264][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  136.935593][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  136.943657][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.948642][ T5375] usb 7-1: config 0 descriptor??
[  137.164862][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  137.178426][ T5375] usb 7-1: USB disconnect, device number 7
[  137.186016][ T5375] usblp0: removed
[  137.464523][ T7828] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in;
[  137.464523][ T7828]    program syz.1.633 not setting count and/or reply_len properly
[  137.532110][ T5342] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  137.535955][ T5342] Bluetooth: hci2: Injecting HCI hardware error event
[  137.539143][ T5342] Bluetooth: hci2: hardware error 0x00
[  137.737924][ T5375] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  137.790863][   T39] audit: type=1400 audit(1722528634.465:309): avc:  denied  { watch_reads } for  pid=7831 comm="syz.0.634" path="/163" dev="tmpfs" ino=897 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  137.918105][ T5375] usb 7-1: Using ep0 maxpacket: 32
[  137.921177][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  137.923709][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  137.926229][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  137.929078][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  137.931965][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  137.934816][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  137.938680][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  137.941326][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.945264][ T5375] usb 7-1: config 0 descriptor??
[  138.158448][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  138.257854][   T57] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  138.369492][   T39] audit: type=1400 audit(1722528635.045:310): avc:  denied  { listen } for  pid=7842 comm="syz.3.638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  138.438005][   T57] usb 5-1: Using ep0 maxpacket: 8
[  138.442257][   T57] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  138.445890][   T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  138.450307][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  138.454660][   T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  138.459353][   T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  138.464968][   T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  138.469114][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.490400][ T1379] ieee802154 phy0 wpan0: encryption failed: -22
[  138.493146][ T1379] ieee802154 phy1 wpan1: encryption failed: -22
[  138.619793][ T7823] netlink: 28 bytes leftover after parsing attributes in process `syz.2.631'.
[  138.623700][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.631'.
[  138.636787][  T830] usb 7-1: USB disconnect, device number 8
[  138.642446][  T830] usblp0: removed
[  138.690238][   T39] audit: type=1400 audit(1722528635.365:311): avc:  denied  { wake_alarm } for  pid=7834 comm="syz.0.635" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  138.703654][   T57] usb 5-1: usb_control_msg returned -32
[  138.705550][   T57] usbtmc 5-1:16.0: can't read capabilities
[  138.707930][   T39] audit: type=1400 audit(1722528635.365:312): avc:  denied  { read write } for  pid=7849 comm="syz.1.640" name="uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  138.717427][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  138.721414][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  138.724298][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  138.727133][ T5386] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  138.727821][   T39] audit: type=1400 audit(1722528635.365:313): avc:  denied  { open } for  pid=7849 comm="syz.1.640" path="/dev/uhid" dev="devtmpfs" ino=1113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  138.735869][ T5386] hid-generic 0000:0000:0000.0003: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  139.260494][   T57] usb 5-1: USB disconnect, device number 4
[  139.608207][ T5342] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  139.800803][ T7864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.802627][   T39] audit: type=1400 audit(1722528636.465:314): avc:  denied  { ioctl } for  pid=7863 comm="syz.0.644" path="/dev/uinput" dev="devtmpfs" ino=866 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  139.804719][ T7864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.822131][   T39] audit: type=1400 audit(1722528636.465:315): avc:  denied  { ioctl } for  pid=7863 comm="syz.0.644" path="/dev/uinput" dev="devtmpfs" ino=866 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  139.890910][ T7868] sg_write: data in/out 830110031/369 bytes for SCSI command 0x0-- guessing data in;
[  139.890910][ T7868]    program syz.1.645 not setting count and/or reply_len properly
[  140.067947][   T57] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  140.247855][   T57] usb 5-1: Using ep0 maxpacket: 32
[  140.254119][   T57] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  140.257343][   T57] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  140.260898][   T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  140.264305][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  140.270230][   T57] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  140.274330][   T57] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  140.280127][   T57] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  140.283632][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.289489][   T57] usb 5-1: config 0 descriptor??
[  140.505538][   T57] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  140.531748][   T57] usb 5-1: USB disconnect, device number 5
[  140.556981][   T57] usblp0: removed
[  140.878626][ T5372] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  141.067830][ T5372] usb 6-1: Using ep0 maxpacket: 32
[  141.067849][   T57] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  141.073732][ T5372] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  141.076793][ T5372] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  141.080445][ T5372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  141.084396][ T5372] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  141.088672][ T5372] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  141.092090][ T5372] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  141.097494][ T5372] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  141.100862][ T5372] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.105049][ T5372] usb 6-1: config 0 descriptor??
[  141.257847][   T57] usb 5-1: Using ep0 maxpacket: 32
[  141.270574][   T57] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  141.274388][   T57] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  141.279120][   T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  141.283676][   T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  141.289170][   T57] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  141.293477][   T57] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  141.299153][   T57] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  141.302788][   T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.314871][   T57] usb 5-1: config 0 descriptor??
[  141.329947][ T5372] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  141.357857][ T5372] usb 6-1: USB disconnect, device number 5
[  141.387822][ T5372] usblp0: removed
[  141.623827][   T57] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  141.841638][   T57] usb 5-1: USB disconnect, device number 6
[  141.849779][   T57] usblp0: removed
[  141.943988][   T39] kauditd_printk_skb: 1 callbacks suppressed
[  141.944224][   T39] audit: type=1400 audit(1722528638.615:317): avc:  denied  { remount } for  pid=7900 comm="syz.0.655" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  141.955234][ T5372] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  142.104473][   T39] audit: type=1400 audit(1722528638.775:318): avc:  denied  { read } for  pid=7894 comm="syz.2.654" name="ptp0" dev="devtmpfs" ino=715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  142.113963][   T39] audit: type=1400 audit(1722528638.775:319): avc:  denied  { open } for  pid=7894 comm="syz.2.654" path="/dev/ptp0" dev="devtmpfs" ino=715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  142.148004][ T7913] FAULT_INJECTION: forcing a failure.
[  142.148004][ T7913] name failslab, interval 1, probability 0, space 0, times 0
[  142.153830][ T7913] CPU: 2 UID: 0 PID: 7913 Comm: syz.0.657 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  142.158482][ T7913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.163197][ T7913] Call Trace:
[  142.164700][ T7913]  <TASK>
[  142.166027][ T7913]  dump_stack_lvl+0x16c/0x1f0
[  142.168190][ T7913]  should_fail_ex+0x497/0x5b0
[  142.170587][ T7913]  ? fs_reclaim_acquire+0xae/0x160
[  142.172869][ T7913]  should_failslab+0xc2/0x120
[  142.174958][ T7913]  __kmalloc_noprof+0xcb/0x400
[  142.177080][ T7913]  tomoyo_encode2+0x100/0x3e0
[  142.179159][ T7913]  tomoyo_encode+0x29/0x50
[  142.181167][ T7913]  tomoyo_realpath_from_path+0x19d/0x720
[  142.183721][ T7913]  tomoyo_check_open_permission+0x2a7/0x3b0
[  142.186345][ T7913]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  142.189134][ T7913]  ? __pfx___lock_acquire+0x10/0x10
[  142.191448][ T7913]  ? __pfx_hook_file_open+0x10/0x10
[  142.193763][ T7913]  ? path_get+0x61/0x80
[  142.195618][ T7913]  tomoyo_file_open+0x71/0x90
[  142.197687][ T7913]  security_file_open+0x78/0x8b0
[  142.199875][ T7913]  do_dentry_open+0x5c7/0x15f0
[  142.200919][ T5372] usb 6-1: Using ep0 maxpacket: 32
[  142.202029][ T7913]  ? inode_permission+0xdd/0x5f0
[  142.202078][ T7913]  vfs_open+0x82/0x3f0
[  142.208236][ T7913]  ? may_open+0x1f2/0x400
[  142.210146][ T7913]  path_openat+0x2141/0x2d20
[  142.212245][ T7913]  ? __pfx_path_openat+0x10/0x10
[  142.212725][ T5372] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  142.214468][ T7913]  ? __pfx___lock_acquire+0x10/0x10
[  142.214491][ T7913]  ? find_held_lock+0x2d/0x110
[  142.214520][ T7913]  do_filp_open+0x1dc/0x430
[  142.214536][ T7913]  ? __pfx_do_filp_open+0x10/0x10
[  142.221709][ T5372] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  142.222407][ T7913]  ? find_held_lock+0x2d/0x110
[  142.222441][ T7913]  ? _raw_spin_unlock+0x28/0x50
[  142.224325][ T5372] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  142.226506][ T7913]  ? alloc_fd+0x2d7/0x6c0
[  142.226535][ T7913]  do_sys_openat2+0x17a/0x1e0
[  142.226559][ T7913]  ? __pfx_do_sys_openat2+0x10/0x10
[  142.226584][ T7913]  __x64_sys_openat+0x175/0x210
[  142.230584][ T5372] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  142.232128][ T7913]  ? __pfx___x64_sys_openat+0x10/0x10
[  142.232154][ T7913]  ? ksys_write+0x1ab/0x260
[  142.237825][ T5372] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  142.239358][ T7913]  do_syscall_64+0xcd/0x250
[  142.239382][ T7913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.239405][ T7913] RIP: 0033:0x7f01b03773b9
[  142.241112][ T5372] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  142.243359][ T7913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.243380][ T7913] RSP: 002b:00007f01b11e1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  142.243400][ T7913] RAX: ffffffffffffffda RBX: 00007f01b0505f80 RCX: 00007f01b03773b9
[  142.245231][ T5372] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  142.249336][ T7913] RDX: 0000000000000002 RSI: 0000000020000180 RDI: ffffffffffffff9c
[  142.249352][ T7913] RBP: 00007f01b11e10a0 R08: 0000000000000000 R09: 0000000000000000
[  142.249363][ T7913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  142.249374][ T7913] R13: 000000000000000b R14: 00007f01b0505f80 R15: 00007ffef4ed9a98
[  142.249389][ T7913]  </TASK>
[  142.257004][ T7913] ERROR: Out of memory at tomoyo_realpath_from_path.
[  142.258045][ T5372] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.361097][ T5372] usb 6-1: config 0 descriptor??
[  142.533949][ T7920] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in;
[  142.533949][ T7920]    program syz.0.659 not setting count and/or reply_len properly
[  142.544372][ T5342] Bluetooth: hci1: SCO packet for unknown connection handle 1
[  142.579877][ T5372] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  142.812406][   T39] audit: type=1400 audit(1722528639.485:320): avc:  denied  { read } for  pid=7926 comm="syz.3.661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  143.036730][ T7890] netlink: 28 bytes leftover after parsing attributes in process `syz.1.652'.
[  143.040698][ T7890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.652'.
[  143.052194][   T25] usb 6-1: USB disconnect, device number 6
[  143.056905][   T25] usblp0: removed
[  143.799252][ T7943] netlink: 'syz.0.665': attribute type 4 has an invalid length.
[  143.894970][ T7944] netlink: 'syz.0.665': attribute type 4 has an invalid length.
[  144.038091][   T39] audit: type=1400 audit(1722528640.695:321): avc:  denied  { create } for  pid=7947 comm="syz.3.667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  144.217522][ T7944] syz.0.665 (7944) used greatest stack depth: 21280 bytes left
[  144.262217][ T7964] FAULT_INJECTION: forcing a failure.
[  144.262217][ T7964] name failslab, interval 1, probability 0, space 0, times 0
[  144.277099][ T7964] CPU: 3 UID: 0 PID: 7964 Comm: syz.3.669 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  144.281258][ T7964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.285661][ T7964] Call Trace:
[  144.287162][ T7964]  <TASK>
[  144.288456][ T7964]  dump_stack_lvl+0x16c/0x1f0
[  144.290383][ T7964]  should_fail_ex+0x497/0x5b0
[  144.292475][ T7964]  ? fs_reclaim_acquire+0xae/0x160
[  144.294586][ T7964]  should_failslab+0xc2/0x120
[  144.296740][ T7964]  kmem_cache_alloc_bulk_noprof+0xa7/0x930
[  144.299332][ T7964]  ? rcu_is_watching+0x12/0xc0
[  144.301450][ T7964]  ? trace_kmem_cache_alloc+0x2d/0xe0
[  144.303709][ T7964]  ? kmem_cache_alloc_noprof+0x174/0x2f0
[  144.305882][ T7964]  ? mas_alloc_nodes+0x39b/0x860
[  144.307556][ T7964]  mas_alloc_nodes+0x39b/0x860
[  144.309642][ T7964]  mas_node_count_gfp+0x105/0x130
[  144.311908][ T7964]  mas_preallocate+0x3bb/0x1020
[  144.314116][ T7964]  ? __pfx_mas_preallocate+0x10/0x10
[  144.316482][ T7964]  ? anon_vma_name+0x75/0x100
[  144.318575][ T7964]  __split_vma+0x474/0x11c0
[  144.320607][ T7964]  ? __pfx___split_vma+0x10/0x10
[  144.322802][ T7964]  vma_modify+0x2b9/0x360
[  144.324668][ T7964]  mlock_fixup+0x2ef/0x1080
[  144.326582][ T7964]  apply_vma_lock_flags+0x24e/0x370
[  144.328806][ T7964]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  144.331229][ T7964]  ? vfs_write+0x14d/0x1140
[  144.333288][ T7964]  ? __pfx_down_write_killable+0x10/0x10
[  144.335800][ T7964]  do_mlock+0x25e/0x7c0
[  144.337675][ T7964]  ? __pfx_do_mlock+0x10/0x10
[  144.339997][ T7964]  ? fput+0x32/0x390
[  144.341733][ T7964]  ? ksys_write+0x1ab/0x260
[  144.343669][ T7964]  ? __pfx_ksys_write+0x10/0x10
[  144.345769][ T7964]  __x64_sys_mlock+0x59/0x80
[  144.347567][ T7964]  do_syscall_64+0xcd/0x250
[  144.349552][ T7964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.352189][ T7964] RIP: 0033:0x7f39175773b9
[  144.354158][ T7964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.361466][ T7964] RSP: 002b:00007f391839b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  144.365150][ T7964] RAX: ffffffffffffffda RBX: 00007f3917706058 RCX: 00007f39175773b9
[  144.368658][ T7964] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020000000
[  144.372144][ T7964] RBP: 00007f391839b0a0 R08: 0000000000000000 R09: 0000000000000000
[  144.375656][ T7964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.379129][ T7964] R13: 000000000000006e R14: 00007f3917706058 R15: 00007ffdd9e19d08
[  144.382620][ T7964]  </TASK>
[  144.541117][ T7971] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in;
[  144.541117][ T7971]    program syz.2.672 not setting count and/or reply_len properly
[  145.427887][ T5375] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  145.617858][ T5375] usb 7-1: Using ep0 maxpacket: 32
[  145.630637][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  145.637890][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  145.641185][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  145.645741][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  145.656026][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  145.664812][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  145.675894][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  145.681677][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.691736][ T5375] usb 7-1: config 0 descriptor??
[  145.934073][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  145.941294][ T5375] usb 7-1: USB disconnect, device number 9
[  145.946782][ T5375] usblp0: removed
[  146.527938][ T5375] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  146.731504][ T5375] usb 7-1: Using ep0 maxpacket: 32
[  146.735419][ T5375] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  146.738863][ T5375] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  146.742415][ T5375] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  146.745864][ T5375] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  146.751393][ T5375] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  146.755368][ T5375] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  146.762151][ T5375] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  146.766132][ T5375] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.774180][ T5375] usb 7-1: config 0 descriptor??
[  146.789399][ T7998] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  146.878402][ T8003] 9pnet_fd: Insufficient options for proto=fd
[  146.997540][ T5375] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  147.167923][   T39] audit: type=1400 audit(1722528643.835:322): avc:  denied  { ioctl } for  pid=8007 comm="syz.0.682" path="/dev/usb/lp0" dev="devtmpfs" ino=2495 ioctlcmd=0xc002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  147.178155][ T8008] sg_write: data in/out 830110031/367 bytes for SCSI command 0x0-- guessing data in;
[  147.178155][ T8008]    program syz.0.682 not setting count and/or reply_len properly
[  147.390665][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'.
[  147.456614][ T7982] netlink: 28 bytes leftover after parsing attributes in process `syz.2.675'.
[  147.460797][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.675'.
[  147.468752][ T5371] usb 7-1: USB disconnect, device number 10
[  147.473101][ T5371] usblp0: removed
[  147.536320][   T39] audit: type=1400 audit(1722528644.205:323): avc:  denied  { bind } for  pid=8019 comm="syz.1.684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  147.543604][   T39] audit: type=1400 audit(1722528644.205:324): avc:  denied  { name_bind } for  pid=8019 comm="syz.1.684" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  147.552997][   T39] audit: type=1400 audit(1722528644.205:325): avc:  denied  { node_bind } for  pid=8019 comm="syz.1.684" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  147.570888][ T5342] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  147.572450][   T39] audit: type=1400 audit(1722528644.245:326): avc:  denied  { create } for  pid=8019 comm="syz.1.684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  147.579981][ T8020] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  147.584278][ T5342] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  147.733071][ T8027] netlink: 'syz.0.686': attribute type 2 has an invalid length.
[  147.735913][ T8027] netlink: 'syz.0.686': attribute type 1 has an invalid length.
[  147.741090][ T8027] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.686'.
[  147.857323][ T8033] netlink: 'syz.0.688': attribute type 1 has an invalid length.
[  148.292908][   T39] audit: type=1400 audit(1722528644.965:327): avc:  denied  { write } for  pid=8044 comm="syz.0.691" name="loop-control" dev="devtmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  148.303602][  T830] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  148.307073][   T39] audit: type=1400 audit(1722528644.965:328): avc:  denied  { open } for  pid=8044 comm="syz.0.691" path="/dev/loop-control" dev="devtmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  148.316717][   T39] audit: type=1400 audit(1722528644.975:329): avc:  denied  { mount } for  pid=8044 comm="syz.0.691" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  148.326513][   T39] audit: type=1400 audit(1722528644.975:330): avc:  denied  { mounton } for  pid=8044 comm="syz.0.691" path="/181/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  148.336952][   T39] audit: type=1400 audit(1722528644.975:331): avc:  denied  { ioctl } for  pid=8044 comm="syz.0.691" path="/newroot/dev/loop-control" dev="devtmpfs" ino=659 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  148.478463][  T830] usb 7-1: Using ep0 maxpacket: 8
[  148.482049][  T830] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  148.485904][  T830] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  148.495218][  T830] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  148.499890][  T830] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  148.504001][  T830] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  148.510026][  T830] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  148.513956][  T830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.645011][ T1103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.776871][  T830] usb 7-1: usb_control_msg returned -32
[  148.780927][  T830] usbtmc 7-1:16.0: can't read capabilities
[  148.788395][ T1103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.792936][ T5342] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  148.802374][ T8058] netlink: 12 bytes leftover after parsing attributes in process `syz.3.697'.
[  148.803748][   T35] usb 7-1: USB disconnect, device number 11
[  148.873789][ T1103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.950572][ T5341] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  148.954807][ T5341] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  148.959149][ T5341] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  148.965850][ T5341] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  148.975575][ T5341] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  148.978948][ T5341] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  148.979713][ T1103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.990334][ T8063] netlink: 16 bytes leftover after parsing attributes in process `syz.3.698'.
[  149.161144][ T1103] bridge_slave_1: left allmulticast mode
[  149.163295][ T1103] bridge_slave_1: left promiscuous mode
[  149.166084][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.175821][ T1103] bridge_slave_0: left allmulticast mode
[  149.179322][ T1103] bridge_slave_0: left promiscuous mode
[  149.181625][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.574494][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  149.589272][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  149.596285][ T1103] bond0 (unregistering): Released all slaves
[  149.647668][ T8061] chnl_net:caif_netlink_parms(): no params data found
[  149.822958][ T8061] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.826847][ T8061] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.832315][ T8061] bridge_slave_0: entered allmulticast mode
[  149.835277][ T8061] bridge_slave_0: entered promiscuous mode
[  149.840401][ T8061] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.843667][ T8061] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.846763][ T8061] bridge_slave_1: entered allmulticast mode
[  149.852021][ T8061] bridge_slave_1: entered promiscuous mode
[  149.973512][ T8061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.988984][ T8061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  150.099172][ T8109] 9pnet_fd: Insufficient options for proto=fd
[  150.131329][ T8110] 9pnet_fd: Insufficient options for proto=fd
[  150.142192][ T8061] team0: Port device team_slave_0 added
[  150.148470][ T8103] 9pnet_fd: Insufficient options for proto=fd
[  150.148986][ T8061] team0: Port device team_slave_1 added
[  150.215750][ T8061] batman_adv: batadv0: Adding interface: batadv_slave_0
[  150.222835][ T8061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.245113][ T8061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  150.267586][ T1103] hsr_slave_0: left promiscuous mode
[  150.271653][ T1103] hsr_slave_1: left promiscuous mode
[  150.275265][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  150.279653][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0
[  150.285408][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  150.288950][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1
[  150.350840][ T1103] veth1_macvtap: left promiscuous mode
[  150.362043][ T1103] veth0_macvtap: left promiscuous mode
[  150.364602][ T1103] veth1_vlan: left promiscuous mode
[  150.366727][ T1103] veth0_vlan: left promiscuous mode
[  151.047957][ T5341] Bluetooth: hci3: command tx timeout
[  151.333832][ T1103] team0 (unregistering): Port device team_slave_1 removed
[  151.413213][ T1103] team0 (unregistering): Port device team_slave_0 removed
[  152.126229][ T8061] batman_adv: batadv0: Adding interface: batadv_slave_1
[  152.130098][ T8061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  152.146693][ T8061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  152.197332][ T8126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.706'.
[  152.274547][ T8061] hsr_slave_0: entered promiscuous mode
[  152.295316][ T8061] hsr_slave_1: entered promiscuous mode
[  152.302944][ T8061] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  152.306356][ T8061] Cannot create hsr debugfs directory
[  152.972212][ T8182] 9pnet_fd: Insufficient options for proto=fd
[  153.009006][ T8061] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  153.016506][ T8061] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  153.027147][ T8061] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  153.033433][ T8061] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  153.126899][ T8061] 8021q: adding VLAN 0 to HW filter on device bond0
[  153.127897][ T5341] Bluetooth: hci3: command tx timeout
[  153.151468][ T8061] 8021q: adding VLAN 0 to HW filter on device team0
[  153.162161][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.164949][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.180274][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.183140][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.370944][ T8061] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.430560][ T8061] veth0_vlan: entered promiscuous mode
[  153.443392][ T8061] veth1_vlan: entered promiscuous mode
[  153.485038][ T8061] veth0_macvtap: entered promiscuous mode
[  153.493695][ T8061] veth1_macvtap: entered promiscuous mode
[  153.533931][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  153.540310][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.545319][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  153.550364][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.554670][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  153.560161][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.566123][ T8061] batman_adv: batadv0: Interface activated: batadv_slave_0
[  153.584395][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  153.588979][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.592908][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  153.597268][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.601225][ T8061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  153.607501][ T8061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.614497][ T8061] batman_adv: batadv0: Interface activated: batadv_slave_1
[  153.620741][ T8061] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  153.624519][ T8061] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  153.628182][ T8061] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  153.632299][ T8061] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  153.700381][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.707550][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.733085][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.737131][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  154.542989][ T8232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.719'.
[  154.546737][ T8232] (unnamed net_device) (uninitialized): (slave veth1): Device is not bonding slave
[  154.551016][ T8232] (unnamed net_device) (uninitialized): option active_slave: invalid value (veth1)
[  154.582450][   T39] kauditd_printk_skb: 20 callbacks suppressed
[  154.582460][   T39] audit: type=1400 audit(1722528651.255:352): avc:  denied  { create } for  pid=8231 comm="syz.2.719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  154.598715][   T39] audit: type=1400 audit(1722528651.275:353): avc:  denied  { ioctl } for  pid=8231 comm="syz.2.719" path="socket:[23143]" dev="sockfs" ino=23143 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  155.208048][ T5341] Bluetooth: hci3: command tx timeout
[  155.213030][   T39] audit: type=1400 audit(1722528651.885:354): avc:  denied  { ioctl } for  pid=8250 comm="syz.0.724" path="/dev/nullb0" dev="devtmpfs" ino=693 ioctlcmd=0x1267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  155.803891][ T8257] bond0: option arp_interval: invalid value (18446744073709551615)
[  155.807543][ T8257] bond0: option arp_interval: allowed values 0 - 2147483647
[  155.832052][ T8259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.727'.
[  155.863653][   T39] audit: type=1400 audit(1722528652.535:355): avc:  denied  { setattr } for  pid=8261 comm="syz.2.728" path="socket:[22343]" dev="sockfs" ino=22343 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  155.874800][   T39] audit: type=1400 audit(1722528652.535:356): avc:  denied  { bind } for  pid=8261 comm="syz.2.728" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  155.883847][   T39] audit: type=1400 audit(1722528652.535:357): avc:  denied  { read } for  pid=8261 comm="syz.2.728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  155.913707][   T39] audit: type=1400 audit(1722528652.585:358): avc:  denied  { setopt } for  pid=8270 comm="syz.2.729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  156.205406][ T8287] netlink: 'syz.0.735': attribute type 3 has an invalid length.
[  156.210024][ T8287] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.735'.
[  156.222479][   T39] audit: type=1400 audit(1722528652.895:359): avc:  denied  { write } for  pid=8288 comm="syz.1.734" name="net" dev="proc" ino=21315 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  156.228484][ T8283] ptrace attach of "/syz-executor exec"[8288] was attempted by "/syz-executor exec"[8283]
[  156.238009][   T39] audit: type=1400 audit(1722528652.905:360): avc:  denied  { add_name } for  pid=8288 comm="syz.1.734" name="core" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  156.259483][   T39] audit: type=1400 audit(1722528652.905:361): avc:  denied  { create } for  pid=8288 comm="syz.1.734" name="core" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  156.526773][ T8293] FAULT_INJECTION: forcing a failure.
[  156.526773][ T8293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.534861][ T8293] CPU: 2 UID: 0 PID: 8293 Comm: syz.1.737 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  156.539181][ T8293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  156.543673][ T8293] Call Trace:
[  156.545131][ T8293]  <TASK>
[  156.546468][ T8293]  dump_stack_lvl+0x16c/0x1f0
[  156.548627][ T8293]  should_fail_ex+0x497/0x5b0
[  156.550563][ T8293]  _copy_to_user+0x30/0xc0
[  156.552477][ T8293]  simple_read_from_buffer+0xd0/0x160
[  156.554880][ T8293]  proc_fail_nth_read+0x1b0/0x290
[  156.557118][ T8293]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  156.559310][ T8293]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  156.561499][ T8293]  vfs_read+0x1d4/0xbd0
[  156.563024][ T8293]  ? __fdget_pos+0xeb/0x180
[  156.564631][ T8293]  ? __pfx_vfs_read+0x10/0x10
[  156.566435][ T8293]  ? __pfx___mutex_lock+0x10/0x10
[  156.568225][ T8293]  ? __fget_files+0x256/0x400
[  156.570453][ T8293]  ksys_read+0x12f/0x260
[  156.572178][ T8293]  ? __pfx_ksys_read+0x10/0x10
[  156.573879][ T8293]  do_syscall_64+0xcd/0x250
[  156.575872][ T8293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.577926][ T8293] RIP: 0033:0x7fa43a775dfc
[  156.579599][ T8293] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  156.587075][ T8293] RSP: 002b:00007fa43b478040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  156.590208][ T8293] RAX: ffffffffffffffda RBX: 00007fa43a905f80 RCX: 00007fa43a775dfc
[  156.593441][ T8293] RDX: 000000000000000f RSI: 00007fa43b4780b0 RDI: 0000000000000008
[  156.596522][ T8293] RBP: 00007fa43b4780a0 R08: 0000000000000000 R09: 0000000000000000
[  156.599653][ T8293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.602741][ T8293] R13: 000000000000000b R14: 00007fa43a905f80 R15: 00007ffcc9f43598
[  156.605733][ T8293]  </TASK>
[  156.831288][ T8303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.740'.
[  157.287933][ T5341] Bluetooth: hci3: command tx timeout
[  157.806089][ T8337] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  159.102654][ T8364] vivid-000: =================  START STATUS  =================
[  159.105791][ T8364] vivid-000: Test Pattern: 75% Colorbar
[  159.110429][ T8364] vivid-000: Fill Percentage of Frame: 100
[  159.112849][ T8364] vivid-000: Horizontal Movement: No Movement
[  159.115315][ T8364] vivid-000: Vertical Movement: No Movement
[  159.119241][ T8364] vivid-000: OSD Text Mode: All
[  159.121446][ T8364] vivid-000: Show Border: false
[  159.123506][ T8364] vivid-000: Show Square: false
[  159.125525][ T8364] vivid-000: Sensor Flipped Horizontally: false
[  159.128178][ T8364] vivid-000: Sensor Flipped Vertically: false
[  159.130791][ T8364] vivid-000: Insert SAV Code in Image: false
[  159.135658][ T8364] vivid-000: Insert EAV Code in Image: false
[  159.140252][ T8364] vivid-000: Insert Video Guard Band: false
[  159.142729][ T8364] vivid-000: Reduced Framerate: false
[  159.145030][ T8364] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  159.148286][ T8364] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  159.151484][ T8364] vivid-000: Enable Capture Cropping: true grabbed
[  159.156443][ T8364] vivid-000: Enable Capture Composing: true grabbed
[  159.160399][ T8364] vivid-000: Enable Capture Scaler: true grabbed
[  159.162662][ T8364] vivid-000: Timestamp Source: End of Frame
[  159.165024][ T8364] vivid-000: Colorspace: sRGB
[  159.167430][ T8364] vivid-000: Transfer Function: Default
[  159.171927][ T8364] vivid-000: Y'CbCr Encoding: Default
[  159.174323][ T8364] vivid-000: HSV Encoding: Hue 0-179
[  159.176507][ T8364] vivid-000: Quantization: Default
[  159.180338][ T8364] vivid-000: Apply Alpha To Red Only: false
[  159.182656][ T8364] vivid-000: Standard Aspect Ratio: 4x3
[  159.184921][ T8364] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  159.189697][ T8364] vivid-000: DV Timings: 640x480p59 inactive
[  159.191997][ T8364] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  159.194655][ T8364] vivid-000: Maximum EDID Blocks: 2
[  159.196474][ T8364] vivid-000: Limited RGB Range (16-235): false
[  159.202676][ T8364] vivid-000: Rx RGB Quantization Range: Automatic
[  159.205293][ T8364] vivid-000: Power Present: 0x00000001
[  159.207203][ T8364] tpg source WxH: 640x360 (Y'CbCr)
[  159.210086][ T8364] tpg field: 1
[  159.211373][ T8364] tpg crop: 640x360@0x0
[  159.212913][ T8364] tpg compose: 640x360@0x0
[  159.214413][ T8364] tpg colorspace: 8
[  159.215773][ T8364] tpg transfer function: 0/2
[  159.217370][ T8364] tpg Y'CbCr encoding: 0/1
[  159.223764][ T8364] tpg quantization: 0/2
[  159.225553][ T8364] tpg RGB range: 0/2
[  159.227105][ T8364] vivid-000: ==================  END STATUS  ==================
[  159.349330][ T8364] vivid-000: =================  START STATUS  =================
[  159.352195][ T8364] vivid-000: Test Pattern: 75% Colorbar
[  159.354642][ T8364] vivid-000: Fill Percentage of Frame: 100
[  159.357252][ T8364] vivid-000: Horizontal Movement: No Movement
[  159.360639][ T8364] vivid-000: Vertical Movement: No Movement
[  159.371611][ T8364] vivid-000: OSD Text Mode: All
[  159.373778][ T8364] vivid-000: Show Border: false
[  159.375875][ T8364] vivid-000: Show Square: false
[  159.382788][ T8364] vivid-000: Sensor Flipped Horizontally: false
[  159.385463][ T8364] vivid-000: Sensor Flipped Vertically: false
[  159.389738][ T8364] vivid-000: Insert SAV Code in Image: false
[  159.395076][ T8364] vivid-000: Insert EAV Code in Image: false
[  159.397649][ T8364] vivid-000: Insert Video Guard Band: false
[  159.403352][ T8364] vivid-000: Reduced Framerate: false
[  159.406878][ T8364] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  159.415142][ T8364] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  159.422296][ T8364] vivid-000: Enable Capture Cropping: true grabbed
[  159.427037][ T8364] vivid-000: Enable Capture Composing: true grabbed
[  159.434909][ T8364] vivid-000: Enable Capture Scaler: true grabbed
[  159.446756][ T8364] vivid-000: Timestamp Source: End of Frame
[  159.452376][ T8364] vivid-000: Colorspace: sRGB
[  159.454531][ T8364] vivid-000: Transfer Function: Default
[  159.457014][ T8364] vivid-000: Y'CbCr Encoding: Default
[  159.462789][ T8364] vivid-000: HSV Encoding: Hue 0-179
[  159.463511][ T8366] netlink: 32 bytes leftover after parsing attributes in process `syz.0.758'.
[  159.467940][ T8364] vivid-000: Quantization: Default
[  159.471386][ T8364] vivid-000: Apply Alpha To Red Only: false
[  159.473989][ T8364] vivid-000: Standard Aspect Ratio: 4x3
[  159.476412][ T8364] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  159.483101][ T8364] vivid-000: DV Timings: 640x480p59 inactive
[  159.485766][ T8364] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  159.489464][ T8364] vivid-000: Maximum EDID Blocks: 2
[  159.492077][ T8364] vivid-000: Limited RGB Range (16-235): false
[  159.497023][ T8364] vivid-000: Rx RGB Quantization Range: Automatic
[  159.503229][ T8364] vivid-000: Power Present: 0x00000001
[  159.507879][ T8364] tpg source WxH: 640x360 (Y'CbCr)
[  159.510161][ T8364] tpg field: 1
[  159.513319][ T8364] tpg crop: 640x360@0x0
[  159.515749][ T8364] tpg compose: 640x360@0x0
[  159.521740][ T8364] tpg colorspace: 8
[  159.524312][ T8364] tpg transfer function: 0/2
[  159.526905][ T8364] tpg Y'CbCr encoding: 0/1
[  159.531254][ T8364] tpg quantization: 0/2
[  159.533782][ T8364] tpg RGB range: 0/2
[  159.536078][ T8364] vivid-000: ==================  END STATUS  ==================
[  160.136943][   T39] kauditd_printk_skb: 8 callbacks suppressed
[  160.136954][   T39] audit: type=1800 audit(1722528656.805:370): pid=8379 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.761" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  160.564455][   T39] audit: type=1400 audit(1722528657.235:371): avc:  denied  { mounton } for  pid=8391 comm="syz.3.766" path="/syzcgroup/unified/syz3/cgroup.procs" dev="cgroup2" ino=72 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  160.575133][   T39] audit: type=1400 audit(1722528657.235:372): avc:  denied  { mount } for  pid=8391 comm="syz.3.766" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  160.936424][ T8410] netlink: 16 bytes leftover after parsing attributes in process `syz.0.769'.
[  160.941163][ T8409] netlink: 'syz.1.768': attribute type 4 has an invalid length.
[  160.993442][ T8409] netlink: 'syz.1.768': attribute type 4 has an invalid length.
[  161.239053][ T8412] netlink: 180 bytes leftover after parsing attributes in process `syz.2.770'.
[  161.303491][   T39] audit: type=1800 audit(1722528657.975:373): pid=8414 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.771" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  161.378621][    C1] ==================================================================
[  161.382156][    C1] BUG: KASAN: stack-out-of-bounds in bq_xmit_all+0xbd8/0xdd0
[  161.385376][    C1] Read of size 8 at addr ffffc9000351fae0 by task syz.3.772/8416
[  161.390889][    C1] 
[  161.392133][    C1] CPU: 1 UID: 0 PID: 8416 Comm: syz.3.772 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  161.397129][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.401719][    C1] Call Trace:
[  161.403094][    C1]  <IRQ>
[  161.404234][    C1]  dump_stack_lvl+0x116/0x1f0
[  161.406088][    C1]  print_report+0xc3/0x620
[  161.407995][    C1]  ? __virt_addr_valid+0x5e/0x590
[  161.410469][    C1]  kasan_report+0xd9/0x110
[  161.412629][    C1]  ? bq_xmit_all+0xbd8/0xdd0
[  161.414843][    C1]  ? bq_xmit_all+0xbd8/0xdd0
[  161.416973][    C1]  bq_xmit_all+0xbd8/0xdd0
[  161.419311][    C1]  ? __pfx_napi_complete_done+0x10/0x10
[  161.422401][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  161.425083][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  161.427694][    C1]  ? e1000_clean+0x1141/0x2690
[  161.429856][    C1]  ? __pfx_bq_xmit_all+0x10/0x10
[  161.432137][    C1]  ? __pfx_mark_lock+0x10/0x10
[  161.434327][    C1]  __dev_flush+0x85/0x1e0
[  161.436187][    C1]  xdp_do_check_flushed+0x40a/0x4e0
[  161.438915][    C1]  __napi_poll.constprop.0+0xd1/0x550
[  161.441288][    C1]  net_rx_action+0xa92/0x1010
[  161.443322][    C1]  ? tmigr_handle_remote+0x153/0xdd0
[  161.445576][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  161.447816][    C1]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  161.450207][    C1]  ? run_timer_base+0x119/0x190
[  161.452334][    C1]  ? run_timer_base+0x11e/0x190
[  161.454446][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  161.456759][    C1]  handle_softirqs+0x216/0x8f0
[  161.458879][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  161.461290][    C1]  irq_exit_rcu+0xbb/0x120
[  161.463257][    C1]  common_interrupt+0xb0/0xd0
[  161.465346][    C1]  </IRQ>
[  161.466661][    C1]  <TASK>
[  161.467985][    C1]  asm_common_interrupt+0x26/0x40
[  161.470111][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0xc/0x60
[  161.472774][    C1] Code: c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 15 c4 5f 79 7e <65> 8b 05 c5 5f 79 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74
[  161.481167][    C1] RSP: 0018:ffffc9000351f9d8 EFLAGS: 00000293
[  161.483794][    C1] RAX: 0000000000000000 RBX: ffff88804a575800 RCX: ffffffff8b000aee
[  161.487189][    C1] RDX: ffff88802af44880 RSI: ffffffff8b000f41 RDI: 0000000000000005
[  161.490458][    C1] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000003
[  161.493805][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804a575880
[  161.497217][    C1] R13: 00007f3916601fff R14: ffffc9000351fb40 R15: ffffc9000351fb7d
[  161.500729][    C1]  ? mas_next_slot+0x36e/0x21d0
[  161.502858][    C1]  ? mas_next_slot+0x7c1/0x21d0
[  161.504499][    C1]  mas_next_slot+0x390/0x21d0
[  161.506060][    C1]  mas_find+0x2c6/0x530
[  161.507458][    C1]  acct_collect+0x671/0x8e0
[  161.509205][    C1]  ? __pfx_acct_collect+0x10/0x10
[  161.511496][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  161.513826][    C1]  ? exit_itimers+0x407/0x560
[  161.515951][    C1]  ? acct_update_integrals+0x2d6/0x4b0
[  161.518368][    C1]  ? hrtimer_active+0x1d8/0x250
[  161.520010][    C1]  ? hrtimer_try_to_cancel+0x3a/0x500
[  161.521798][    C1]  do_exit+0x1a20/0x2bb0
[  161.523232][    C1]  ? get_signal+0x8f2/0x2770
[  161.524868][    C1]  ? __pfx_do_exit+0x10/0x10
[  161.526821][    C1]  ? do_raw_spin_lock+0x12d/0x2c0
[  161.529014][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  161.531156][    C1]  do_group_exit+0xd3/0x2a0
[  161.533007][    C1]  get_signal+0x25fd/0x2770
[  161.534830][    C1]  ? lock_acquire+0x1b1/0x560
[  161.536662][    C1]  ? __pfx_get_signal+0x10/0x10
[  161.538446][    C1]  ? __pfx_do_futex+0x10/0x10
[  161.540397][    C1]  arch_do_signal_or_restart+0x90/0x7e0
[  161.542699][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  161.545296][    C1]  syscall_exit_to_user_mode+0x150/0x2a0
[  161.547342][    C1]  do_syscall_64+0xda/0x250
[  161.549195][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.551440][    C1] RIP: 0033:0x7f39175773b9
[  161.553347][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.561323][    C1] RSP: 002b:00007f39183bc0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  161.564834][    C1] RAX: fffffffffffffe00 RBX: 00007f3917705f88 RCX: 00007f39175773b9
[  161.568123][    C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3917705f88
[  161.570911][    C1] RBP: 00007f3917705f80 R08: 00007f39183bc6c0 R09: 00007f39183bc6c0
[  161.574049][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3917705f8c
[  161.577354][    C1] R13: 000000000000000b R14: 00007ffdd9e19c20 R15: 00007ffdd9e19d08
[  161.580400][    C1]  </TASK>
[  161.581527][    C1] 
[  161.582451][    C1] The buggy address belongs to stack of task syz.3.772/8416
[  161.585740][    C1]  and is located at offset 0 in frame:
[  161.588086][    C1]  acct_collect+0x0/0x8e0
[  161.590304][    C1] 
[  161.591392][    C1] This frame has 3 objects:
[  161.593385][    C1]  [32, 40) 'utime'
[  161.593397][    C1]  [64, 72) 'stime'
[  161.594991][    C1]  [96, 160) 'vmi'
[  161.596674][    C1] 
[  161.599327][    C1] The buggy address belongs to the virtual mapping at
[  161.599327][    C1]  [ffffc90003518000, ffffc90003521000) created by:
[  161.599327][    C1]  kernel_clone+0xfd/0x980
[  161.606138][    C1] 
[  161.607139][    C1] The buggy address belongs to the physical page:
[  161.609907][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888012e838b8 pfn:0x12e83
[  161.614194][    C1] memcg:ffff888044da1682
[  161.615833][    C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  161.618839][    C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  161.622451][    C1] raw: ffff888012e838b8 0000000000000000 00000001ffffffff ffff888044da1682
[  161.625824][    C1] page dumped because: kasan: bad access detected
[  161.628066][    C1] page_owner tracks the page as allocated
[  161.630186][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 8415, tgid 8415 (syz.3.772), ts 161352592631, free_ts 161312476348
[  161.637593][    C1]  post_alloc_hook+0x2d1/0x350
[  161.639625][    C1]  get_page_from_freelist+0x1351/0x2e50
[  161.642001][    C1]  __alloc_pages_noprof+0x22b/0x2460
[  161.644200][    C1]  alloc_pages_mpol_noprof+0x275/0x610
[  161.646479][    C1]  __vmalloc_node_range_noprof+0xa6a/0x1520
[  161.648860][    C1]  copy_process+0x2f3b/0x8de0
[  161.650465][    C1]  kernel_clone+0xfd/0x980
[  161.651982][    C1]  __do_sys_clone3+0x1f5/0x270
[  161.653621][    C1]  do_syscall_64+0xcd/0x250
[  161.655174][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.657202][    C1] page last free pid 39 tgid 39 stack trace:
[  161.659246][    C1]  free_unref_page+0x64a/0xe40
[  161.660943][    C1]  __folio_put+0x31c/0x3e0
[  161.662422][    C1]  free_page_and_swap_cache+0x249/0x2c0
[  161.664274][    C1]  tlb_remove_table_rcu+0x89/0xe0
[  161.665961][    C1]  rcu_core+0x828/0x16b0
[  161.667400][    C1]  handle_softirqs+0x216/0x8f0
[  161.669124][    C1]  irq_exit_rcu+0xbb/0x120
[  161.671009][    C1]  sysvec_apic_timer_interrupt+0x95/0xb0
[  161.673359][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  161.675852][    C1] 
[  161.676852][    C1] Memory state around the buggy address:
[  161.679167][    C1]  ffffc9000351f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  161.682091][    C1]  ffffc9000351fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  161.685459][    C1] >ffffc9000351fa80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[  161.688774][    C1]                                                        ^
[  161.691780][    C1]  ffffc9000351fb00: 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
[  161.695128][    C1]  ffffc9000351fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[  161.698430][    C1] ==================================================================
[  161.701949][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  161.704924][    C1] CPU: 1 UID: 0 PID: 8416 Comm: syz.3.772 Not tainted 6.11.0-rc1-syzkaller-00063-g21b136cc63d2 #0
[  161.709219][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.712788][    C1] Call Trace:
[  161.713928][    C1]  <IRQ>
[  161.714899][    C1]  dump_stack_lvl+0x3d/0x1f0
[  161.716478][    C1]  panic+0x6f5/0x7a0
[  161.717790][    C1]  ? mark_held_locks+0x9f/0xe0
[  161.719494][    C1]  ? __pfx_panic+0x10/0x10
[  161.721130][    C1]  ? irqentry_exit+0x3b/0x90
[  161.722715][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  161.724469][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  161.726176][    C1]  check_panic_on_warn+0xab/0xb0
[  161.727849][    C1]  end_report+0x117/0x180
[  161.729399][    C1]  kasan_report+0xe9/0x110
[  161.731260][    C1]  ? bq_xmit_all+0xbd8/0xdd0
[  161.733086][    C1]  ? bq_xmit_all+0xbd8/0xdd0
[  161.734634][    C1]  bq_xmit_all+0xbd8/0xdd0
[  161.736148][    C1]  ? __pfx_napi_complete_done+0x10/0x10
[  161.738000][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  161.739978][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  161.741960][    C1]  ? e1000_clean+0x1141/0x2690
[  161.743832][    C1]  ? __pfx_bq_xmit_all+0x10/0x10
[  161.745854][    C1]  ? __pfx_mark_lock+0x10/0x10
[  161.747864][    C1]  __dev_flush+0x85/0x1e0
[  161.749367][    C1]  xdp_do_check_flushed+0x40a/0x4e0
[  161.751263][    C1]  __napi_poll.constprop.0+0xd1/0x550
[  161.753459][    C1]  net_rx_action+0xa92/0x1010
[  161.755361][    C1]  ? tmigr_handle_remote+0x153/0xdd0
[  161.757231][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  161.759145][    C1]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  161.761471][    C1]  ? run_timer_base+0x119/0x190
[  161.763383][    C1]  ? run_timer_base+0x11e/0x190
[  161.765010][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  161.766910][    C1]  handle_softirqs+0x216/0x8f0
[  161.768906][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  161.770734][    C1]  irq_exit_rcu+0xbb/0x120
[  161.772258][    C1]  common_interrupt+0xb0/0xd0
[  161.773847][    C1]  </IRQ>
[  161.774844][    C1]  <TASK>
[  161.775838][    C1]  asm_common_interrupt+0x26/0x40
[  161.777502][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0xc/0x60
[  161.779536][    C1] Code: c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 15 c4 5f 79 7e <65> 8b 05 c5 5f 79 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74
[  161.785946][    C1] RSP: 0018:ffffc9000351f9d8 EFLAGS: 00000293
[  161.787954][    C1] RAX: 0000000000000000 RBX: ffff88804a575800 RCX: ffffffff8b000aee
[  161.790617][    C1] RDX: ffff88802af44880 RSI: ffffffff8b000f41 RDI: 0000000000000005
[  161.793516][    C1] RBP: 0000000000000008 R08: 0000000000000005 R09: 0000000000000003
[  161.796959][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804a575880
[  161.800374][    C1] R13: 00007f3916601fff R14: ffffc9000351fb40 R15: ffffc9000351fb7d
[  161.803590][    C1]  ? mas_next_slot+0x36e/0x21d0
[  161.805509][    C1]  ? mas_next_slot+0x7c1/0x21d0
[  161.807461][    C1]  mas_next_slot+0x390/0x21d0
[  161.809547][    C1]  mas_find+0x2c6/0x530
[  161.811372][    C1]  acct_collect+0x671/0x8e0
[  161.813383][    C1]  ? __pfx_acct_collect+0x10/0x10
[  161.815612][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  161.817413][    C1]  ? exit_itimers+0x407/0x560
[  161.818998][    C1]  ? acct_update_integrals+0x2d6/0x4b0
[  161.820824][    C1]  ? hrtimer_active+0x1d8/0x250
[  161.822447][    C1]  ? hrtimer_try_to_cancel+0x3a/0x500
[  161.824492][    C1]  do_exit+0x1a20/0x2bb0
[  161.826303][    C1]  ? get_signal+0x8f2/0x2770
[  161.828034][    C1]  ? __pfx_do_exit+0x10/0x10
[  161.829779][    C1]  ? do_raw_spin_lock+0x12d/0x2c0
[  161.831478][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  161.833412][    C1]  do_group_exit+0xd3/0x2a0
[  161.835353][    C1]  get_signal+0x25fd/0x2770
[  161.837184][    C1]  ? lock_acquire+0x1b1/0x560
[  161.839046][    C1]  ? __pfx_get_signal+0x10/0x10
[  161.841012][    C1]  ? __pfx_do_futex+0x10/0x10
[  161.842914][    C1]  arch_do_signal_or_restart+0x90/0x7e0
[  161.845103][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  161.847534][    C1]  syscall_exit_to_user_mode+0x150/0x2a0
[  161.849867][    C1]  do_syscall_64+0xda/0x250
[  161.851642][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.854055][    C1] RIP: 0033:0x7f39175773b9
[  161.855967][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.863516][    C1] RSP: 002b:00007f39183bc0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  161.867060][    C1] RAX: fffffffffffffe00 RBX: 00007f3917705f88 RCX: 00007f39175773b9
[  161.870386][    C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3917705f88
[  161.873776][    C1] RBP: 00007f3917705f80 R08: 00007f39183bc6c0 R09: 00007f39183bc6c0
[  161.877142][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3917705f8c
[  161.880522][    C1] R13: 000000000000000b R14: 00007ffdd9e19c20 R15: 00007ffdd9e19d08
[  161.883770][    C1]  </TASK>
[  161.885591][    C1] Kernel Offset: disabled
[  161.887151][    C1] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:10:58  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000571363 RBX=0000000000000000 RCX=ffffffff8b11a529 RDX=0000000000000000
RSI=ffffffff8b4cc580 RDI=ffffffff8bb08480 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20
R8 =0000000000000001 R9 =ffffed100d606fd9 R10=ffff88806b037ecb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff9012b0d8 R15=0000000000000000
RIP=ffffffff8b11b91f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020058000 CR3=000000001bd3a000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd9e1a090 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56c5
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56d2
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56cc
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56e0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5766
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5844
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000062 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fe2745 RDI=ffffffff9519a720 RBP=ffffffff9519a6e0 RSP=ffffc900008b05a0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000062 R14=ffffffff84fe26e0 R15=0000000000000000
RIP=ffffffff84fe276f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f39183bc6c0 ffffffff 00c00000
GS =0000 ffff88806b100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b30edeff8 CR3=00000000326cc000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813075fd ffffffff81307633
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307633 ffffffff813075fd
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff813075fd
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56c5
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56d2
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56cc
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e56e0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e5766
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa43a7e5844
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff819b3f18 ffffffff819b3ea2 ffffffff819b3e67 ffffffff819b1010
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff819c3fb1 ffffffff819c3f45 ffffffff00040008 0000000f0010000c
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff819b3e67 ffffffff819b1010 ffffffff819b0fdc ffffffff819b0faf
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000001000008fd RBX=ffff888024680000 RCX=0000000000000830 RDX=0000000000000001
RSI=00000000000000fd RDI=0000000000000001 RBP=0000000000000000 RSP=ffffc90000858c18
R8 =0000000000000000 R9 =fffffbfff202561b R10=ffffffff9012b0df R11=ffff88806b028a40
R12=1ffff9200010b184 R13=ffffc90000858c40 R14=ffffffff8d7a1ee8 R15=ffffffff9012e1b8
RIP=ffffffff813b8108 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555571f3a500 ffffffff 00c00000
GS =0000 ffff88806b200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b30a20000 CR3=00000000463ee000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffefff0 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff7f7f9730 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56c5
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56d2
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56cc
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade56e0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade5766
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe95ade5844
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2e006a64615f65 726f63735f6d6f6f 2f666c65732f636f 72702f0030303031
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0b004f41445f40 574a46565f484a4a 0a434940560a464a 57550a0015151514
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000015c2dd RBX=0000000000000003 RCX=ffffffff8b11a529 RDX=0000000000000000
RSI=ffffffff8b4cc580 RDI=ffffffff8bb08480 RBP=ffffed10030db488 RSP=ffffc900001a7e08
R8 =0000000000000001 R9 =ffffed100d666fd9 R10=ffff88806b337ecb R11=0000000000000000
R12=0000000000000003 R13=ffff8880186da440 R14=ffffffff9012b0d8 R15=0000000000000000
RIP=ffffffff8b11b91f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555571f3a808 CR3=000000004424c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd9e1a090 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56c5
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56d2
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56cc
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e56e0
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5766
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f39175e5844
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000