last executing test programs:

45.820585027s ago: executing program 2 (id=189):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x7, 0x18103)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11011, r0, 0x2000)

45.750762881s ago: executing program 2 (id=191):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2002, 0x0)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000040)=[{0x40, 0x0, 0x0, 0x3334}, {0x20, 0x1, 0x0, 0xfffff038}, {0x6, 0x6, 0x0, 0x5}]}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_open_dev$sg(0x0, 0x0, 0x401)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=r5, @ANYBLOB="17590300000000001c001a8018000a8014000700fe"], 0x3c}}, 0x0)
write$binfmt_aout(r2, &(0x7f0000000000)=ANY=[], 0x9ffc)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r1, 0x0, 0x10000008ebc, 0x0)
splice(r0, 0x0, r7, 0x0, 0x25a5, 0x0)

45.750486238s ago: executing program 2 (id=192):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
r1 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14, 0x800)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000080)={r1, 0x80000001, 0x7f, "2b3b8065cd22c61457015630a24ae1c1841644ca53017836dc1572af4a77426f8669ee9ac20c1db2bdb1293c9cd20fe0fe88ab7be9027286a0d9a02cef8876d176928ae5942cc96451f4241bf1dadb2f188316d5c3c191c6d4e29253a361262f1ebd4ab5cb53f7434d4e1c69a11bef2ac174d735acb2f63fa943e4042543422c7c98c85fb32fd0f388c63405ffd45db37f70484cd0adb36b92b7b3de8dafeb6b38a092ed0fbbb7659c902ed931ed5d3576f1f8951c62713b718a1e62ed91b124c862cd89470f4900a3ea0ac3cd94739522ff1fb0859e354a11bcda31b6"})
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000180)=0x4) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f00000001c0)={0x9948, <r2=>r0, 0x80000})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000200)=0x42, 0x4) (async)
r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNDEL(r3, 0x400442c9, &(0x7f0000000240)={0xfd4, @multicast}) (async)
ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000280)={0x10, 0x7, 0x4e})
r4 = socket$qrtr(0x2a, 0x2, 0x0)
getsockopt$IP_SET_OP_VERSION(r4, 0x1, 0x53, &(0x7f00000002c0), &(0x7f0000000300)=0x8) (async)
ioctl$KVM_RUN(r0, 0xae80, 0x0) (async)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000009, 0x4000010, r1, 0x27860000) (async)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000340)={r1, 0x2, 0x1, "65e84b58ea91e99688a3d0835b28"}) (async)
ioctl$SIOCAX25DELFWD(r2, 0x89eb, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f00000003c0)=0x7fffffff) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000740)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f00000004c0)={0x224, r5, 0x200, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME={0x23, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @initial, {0xa, 0x2}, @value=@ver_80211n={0x0, 0xd, 0x1, 0x2, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, @smps={0x7, 0x1, {0x0, 0x1}}}}, @NL80211_ATTR_FRAME={0x1c3, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x3}, @device_b, @device_a, @from_mac, {0x4, 0xf80}}, 0x801, 0x8, @device_a, {0x0, 0x6, @default_ap_ssid}, @void, @void, [{0xdd, 0xf2, "61e9401863db0066ad571969a465ed7cbcfdb7fd474413dca093d2345f7dbebdd8bd025024d4e6e6070708f0ad51bcfb8f71131e2c4085b818f92ed2c2dff09108a3d06b7cb236e5a10c0410f54d3fc1e7b3d5aa5532708844928062bfd4955a7e5cb04bc15c2db01b1996e0a7021b5d7cc5a5de685d6433bcf5b1538d6659f7ad8213d09a586eeb2aa130b73fb1d000a1f20f336220ab26ebaf91d56182b5149cd9de34722e7c0d64b4858b61bf2dfb908b317cf32317fb190c0a48fbb2b42a9e9601df04a6ad8c3caa3a40b9a3ab836bd07d93ac47922d2c2bab3e71debcc435063f8d9d43de8cc89e453f625b777fe30b"}, {0xdd, 0x21, "df51a0b440069fc1e575c446290aa71b16f53869233b6042dc988195949883e718"}, {0xdd, 0x49, "c26cef5532ace88a178d0a62bde6149fbeb96b776c6b070b76bf960399349f7f7d261c982c4724c4ebeeac605fd07da8e8ef7f42924efef6f0ee28560d9ccc6d44dc886b1d66db52b4"}, {0xdd, 0x29, "7d06af6335a5ae04130b386da4bf105a71b782c2cb1da4b79f6c492e6e744c9ac1c32e909b30c90e19"}, {0xdd, 0x6, "657f56bf3229"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x11f5}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2a1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}]]}, 0x224}, 0x1, 0x0, 0x0, 0x40}, 0x880) (async)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000780)=0x1000, 0x4)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f00000007c0)={0x4000, 0x8000}) (async)
socket$xdp(0x2c, 0x3, 0x0) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000800)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, <r8=>0x0}) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000a00)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r3, 0xc0c89425, &(0x7f0000000c00)={"e40ae1d82d140318e1d82b77f6a1611c", r8, r9, {0x6}, {0xfff}, 0x8f, [0x100000000, 0x9, 0x6, 0x3, 0xd0d, 0x5, 0x7, 0x9, 0x9, 0x3, 0x4, 0x80000000, 0x1ff, 0x0, 0x0, 0x1]}) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r10, &(0x7f0000000e00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x24, r5, 0x20, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xccf5}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40)

45.680379973s ago: executing program 2 (id=193):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) (async)
ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, &(0x7f00000003c0)={0x8, "c1230a1fdb08b5a30c727efadcf6b3b24d9f5e684ffc4ead6f8ab309747321b2", 0x1000, 0xfffffffa, 0x2, 0x4, 0x5}) (async)
unshare(0x60400)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) (async)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x4e02, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000480)={0x1380, r0}, 0x0) (async)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) (async)
clock_gettime(0x0, &(0x7f0000005c00))
recvmmsg(r0, &(0x7f0000005e40)=[{{&(0x7f00000004c0)=@phonet, 0x80, &(0x7f0000003080)=[{&(0x7f0000000680)=""/180, 0xb4}, {&(0x7f0000000540)=""/76, 0x4c}, {&(0x7f0000000740)=""/190, 0xbe}, {&(0x7f0000000600)=""/37, 0x25}, {&(0x7f0000000800)=""/4096, 0x1000}], 0x5, &(0x7f0000001880)=""/177, 0xb1}, 0x8}, {{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001940)=""/169, 0xa9}, {&(0x7f0000001a00)=""/16, 0x10}, {&(0x7f0000001a40)=""/194, 0xc2}, {&(0x7f0000001b40)=""/178, 0xb2}], 0x4, &(0x7f0000001c40)=""/219, 0xdb}, 0x7}, {{&(0x7f0000001d40)=@nfc_llcp, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001dc0)=""/55, 0x37}], 0x1, &(0x7f0000001e40)=""/32, 0x20}}, {{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000001e80)=""/6, 0x6}, {&(0x7f0000001ec0)=""/70, 0x46}, {&(0x7f0000001f40)=""/129, 0x81}, {&(0x7f0000002000)=""/4096, 0x1000}, {&(0x7f0000003000)=""/74, 0x4a}, {&(0x7f00000060c0)=""/250, 0xfa}, {&(0x7f0000003180)=""/110, 0x6e}], 0x7}, 0xfffffff9}, {{&(0x7f0000003280)=@un=@abs, 0x80, &(0x7f0000004640)=[{&(0x7f0000003300)=""/87, 0x57}, {&(0x7f0000003380)=""/155, 0x9b}, {&(0x7f0000003440)=""/124, 0x7c}, {&(0x7f00000034c0)=""/99, 0x63}, {&(0x7f0000003540)=""/169, 0xa9}, {&(0x7f0000003600)=""/4096, 0x1000}, {&(0x7f0000004600)=""/43, 0x2b}], 0x7}, 0x3}, {{&(0x7f00000046c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f00000049c0)=[{&(0x7f0000004740)=""/79, 0x4f}, {&(0x7f00000047c0)=""/180, 0xb4}, {&(0x7f0000004880)=""/40, 0x28}, {&(0x7f00000048c0)=""/99, 0x63}, {&(0x7f0000004940)=""/77, 0x4d}], 0x5, &(0x7f0000004a40)=""/73, 0x49}, 0x4}, {{&(0x7f0000004ac0)=@x25={0x9, @remote}, 0x80, &(0x7f0000004c00)=[{&(0x7f0000004b40)=""/142, 0x8e}], 0x1, &(0x7f0000004c40)=""/117, 0x75}, 0xfffffffe}, {{&(0x7f0000004cc0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000005280)=[{&(0x7f0000004d40)=""/213, 0xd5}, {&(0x7f0000004e40)=""/80, 0x50}, {&(0x7f0000004ec0)=""/164, 0xa4}, {&(0x7f0000004f80)=""/245, 0xf5}, {&(0x7f0000005080)=""/220, 0xdc}, {&(0x7f0000005180)=""/203, 0xcb}], 0x6, &(0x7f0000005300)=""/185, 0xb9}, 0x1ff}, {{&(0x7f00000053c0)=@nfc, 0x80, &(0x7f0000005540)=[{&(0x7f0000005440)=""/204, 0xcc}], 0x1, &(0x7f0000005580)=""/104, 0x68}, 0x7fff}, {{&(0x7f0000005600)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000005d00)=[{&(0x7f0000005680)=""/41, 0x29}, {&(0x7f00000056c0)=""/121, 0x79}, {&(0x7f0000005740)=""/242, 0xf2}, {&(0x7f0000005840)=""/214, 0xd6}, {&(0x7f0000005940)=""/183, 0xb7}, {&(0x7f0000005a00)=""/47, 0x2f}, {&(0x7f0000005a40)=""/106, 0x6a}, {&(0x7f0000005ac0)=""/243, 0xf3}, {&(0x7f0000005bc0)=""/2, 0x2}, {&(0x7f0000005c40)=""/192, 0xc0}], 0xa, &(0x7f0000005dc0)=""/84, 0x54}, 0x2}], 0xa, 0x0, &(0x7f0000000380)={0x77359400}) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x1000000000000f, &(0x7f0000000180)=0x57bb, 0x3c) (async)
setsockopt$sock_attach_bpf(r2, 0x1, 0x34, &(0x7f00000000c0), 0x4) (async)
r3 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) (async)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000240)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x9, 0x0, 0x2, 0x0, 'syz1\x00', &(0x7f0000000080)=['-\x00', ''], 0x2})
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r3, 0x0, 0xf) (async)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) (async)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) (async)
ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f0000000200)=@userptr={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b1cc37e0"}, 0x0, 0x2, {0x0}})
ioctl$vim2m_VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x100004, 0x0, {0x0, 0xea60}, {0x0, 0xc, 0x0, 0x0, 0x0, 0x3, "37bb54f0"}, 0x80})

45.679003541s ago: executing program 2 (id=194):
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=<r0=>0x0)
connect$nfc_llcp(0xffffffffffffffff, &(0x7f00000000c0)={0x27, r0, 0x1, 0x5, 0xfe, 0x1, "8470ce75289006bf60282132140473afaf67c087a9b0bae38a0cc7b7b4ef7bf679be703aef372caa64112b79f88a8ac41daa4886477e93af304b7448618d65", 0x18}, 0x60)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "a7751a", 0x0, 0x3a, 0x30d66df472e0f96c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2}}}}, 0x0)

45.490631797s ago: executing program 2 (id=200):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x4c, 0x12, 0x1, 0x800, 0x25dfdbfc, {0xa, 0x0, 0x26, 0x0, {0x0, 0x4e20, [0x6], [0x0, 0x0, 0x7eb, 0xd], 0x0, [0x21]}, 0x0, 0x100000}}, 0x4c}}, 0x0)

45.40983845s ago: executing program 32 (id=200):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x4c, 0x12, 0x1, 0x800, 0x25dfdbfc, {0xa, 0x0, 0x26, 0x0, {0x0, 0x4e20, [0x6], [0x0, 0x0, 0x7eb, 0xd], 0x0, [0x21]}, 0x0, 0x100000}}, 0x4c}}, 0x0)

35.669015341s ago: executing program 3 (id=319):
syz_open_dev$evdev(0x0, 0x20000, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
r5 = syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205647, &(0x7f0000000100)={0xf010004, 0xc5, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90d, 0x9, '\x00', @p_u32=0x0}})
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)
sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r6, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x5c, r8, 0x4, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40880}, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r7, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0)

33.720655328s ago: executing program 3 (id=331):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x121001, 0x0)
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r0, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, 0x0, 0x0, 0x1004000, 0x0, 0x0})

33.720145289s ago: executing program 3 (id=333):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"])
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0x0, 0xc}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x6}]}]}]}}]}, 0x4c}}, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1})
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040))
r3 = syz_open_dev$video4linux(&(0x7f0000001380), 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r3, 0xc040563d, &(0x7f0000000000)={0x0, 0x0, 0x2})
syz_emit_ethernet(0xff97, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x4, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "ffffffffff60000000000000"}]}}}}}}, 0x0)

33.570187196s ago: executing program 3 (id=336):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r0, 0x0}, 0x20) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) (async)
r2 = eventfd2(0x0, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000240)={0x1, r2}) (async)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0) (async)
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$cgroup_int(r4, &(0x7f0000000540)=0x10004, 0x12)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) (async)
syz_io_uring_setup(0x5d05, &(0x7f0000000500)={0x0, 0x86fa, 0x10101}, &(0x7f0000002000), 0x0) (async)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0) (async)
mbind(&(0x7f000044a000/0x2000)=nil, 0x2000, 0x8000, &(0x7f0000000080), 0x8, 0x2) (async)
r6 = getpgid(0x0)
getpriority(0x0, r6)
r7 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r7, &(0x7f0000006480)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000014c0)=""/4093, 0xffd}, {&(0x7f0000000280)=""/88, 0x58}, {&(0x7f00000004c0)=""/216, 0xd8}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f0000000300)=""/113, 0x71}, {&(0x7f00000003c0)=""/229, 0xe5}, {&(0x7f00000001c0)=""/66, 0x42}, {&(0x7f0000000000)=""/60, 0x3c}], 0x8}, 0x0) (async)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0xfffffffffffffc80, &(0x7f0000000380)=[{&(0x7f0000000240)="1c0000005e007f029ea69801d76a90a272a2a788bab6c95f79e8f0e5", 0x1c}], 0x1}, 0x0) (async)
getpid() (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000140)={'wg0\x00'})

33.500479966s ago: executing program 3 (id=338):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x2, 0x1}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000440)={'syztnl2\x00', &(0x7f0000000540)={'syztnl1\x00', 0x0, 0x7800, 0x7, 0x3, 0x6f, {{0x1b, 0x4, 0x1, 0x1d, 0x6c, 0x68, 0x0, 0x0, 0x29, 0x0, @loopback, @empty, {[@noop, @timestamp_addr={0x44, 0x54, 0x12, 0x1, 0x1, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@private=0xa010100, 0x1}, {@loopback, 0x7fff}, {@rand_addr=0x64010100, 0x1ff}, {@private=0xa010100, 0x7fffffff}, {@local, 0x1}, {@remote, 0x7fffffff}, {@empty, 0x9}, {@empty, 0xc9c}, {@remote, 0x1}]}]}}}}})
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r3, 0x0, 0x8, &(0x7f0000000300)=0x2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x68, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xc, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x8, @loopback, @loopback}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x28, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x7}]}]}, 0x28}}, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r8, &(0x7f0000000340)="18000000010003", 0x7)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x13, 0x0, &(0x7f0000000000))
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x2, 0x0, 0x0, 0x300}, 0x20)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x40)
ioctl$FS_IOC_FSSETXATTR(r10, 0x401c5820, &(0x7f0000000080)={0x8})
bind$bt_l2cap(r9, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r9, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4)
listen(r9, 0x1)

33.359941964s ago: executing program 3 (id=343):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) (async)
ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x400c4808, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000018000900000000"], 0x30}}, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x12d8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x56185c2d, 0x0, 0x8a}, 0x9c) (async)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0xffffffff, 0x0, 0x54}, 0x9c)

18.279889505s ago: executing program 33 (id=343):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) (async)
ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x400c4808, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000018000900000000"], 0x30}}, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x12d8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x56185c2d, 0x0, 0x8a}, 0x9c) (async)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0xffffffff, 0x0, 0x54}, 0x9c)

2.34980116s ago: executing program 4 (id=798):
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = io_uring_setup(0x7c41, &(0x7f0000000300)={0x0, 0x0, 0x40})
io_uring_register$IORING_REGISTER_RING_FDS(r2, 0x14, &(0x7f0000001780), 0x1)
r3 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x4000800)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[], 0x180}, 0x1, 0x0, 0x0, 0x81}, 0x50)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="00a50200000000001c0012800b001d0001000000"], 0x3c}}, 0x0)
socket$alg(0x26, 0x5, 0x0) (async)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) (async)
close_range(r1, 0xffffffffffffffff, 0x0) (async)
io_uring_setup(0x7c41, &(0x7f0000000300)={0x0, 0x0, 0x40}) (async)
io_uring_register$IORING_REGISTER_RING_FDS(r2, 0x14, &(0x7f0000001780), 0x1) (async)
accept4(r0, 0x0, 0x0, 0x0) (async)
sendmmsg$alg(r3, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x4000800) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[], 0x180}, 0x1, 0x0, 0x0, 0x81}, 0x50) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="00a50200000000001c0012800b001d0001000000"], 0x3c}}, 0x0) (async)

2.199850036s ago: executing program 4 (id=799):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000040)={@my=0x1})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, &(0x7f0000000980)={&(0x7f0000000100)={{@my=0x1, 0x1}, {@local, 0x3}, 0x10fe8, "7cf567a7e975111301ef7694cbddaef9fbe7d4f87939ca13eba8a3aae9d5eda5544e8400dfa29e7c81ac1f8136236b57b1b5478c723955e5f1bbf6616a5a198a4a408f1fb8ca2f8f310e4ebbd83857ab9d6f5cc9dcc02ef7d487f4c28c7e233e126c2f8baa705fefa4f91b537c0fc0f28ca040c8ee82212a5395e6367becc447fbbb7a43bb94c561ca2773d97c57ddd036b1992a55579fddd8bdf45462dd3bfc96ca8693fb8eaca2e0fe360d0a895837f4d36563cf0c1424c2f0c12d560bf05253d834e4762816bfd1031414b8ce624d2e0b54fed3f7258055bd9cbbacabfbfbb2d0584a8eb6fc2075248b518570061d305342c661889f9f9d0a3cc1fa5bedb0b9888d9597f00908d078955100ab4d982aa88df95a3baa4e9b5f585b8a4be1e7b8919f0af72aa1fe06fc8ba147b151829745be47b2435967509f66f548432a91f97eeff0369fb377c5e2ff1fe020f76577cdfaf63f50d466597571360c2a11a2264ae1c3d03ddcaa76adf705fbe7195d712d1fd1101236772fc2e85564f9c8de7a49d59088f36e993a24d9e713edc05bdf1abc39f88bb617fa7adca03aeb7bb8a591f28c977f542ab52d9af4e1ec6f339bee8959da73f730b144f615e5afa54be262e4da32c0b7e4924149ca17f79bad3030f71bb71706f59088c78c56a2ebc8e06c1069043a81599309744524ffc6fcac93642b81e3263028704268875b856f5dad57837dffd97e44076c9d24b04c2d985fb82a6b92c93008919db3a301a4b861216f895e083d8b2c69a72f55a9786c9e1ed46f650f583ab78cb68a792eea2ff822c918c926fc960a18556c3e6878cc0b165714cc3047603e2b71370ae48c745ade75e36b5064d555d0093c14ba230c8afa425afc9b51c7521958e0dbe88c6eacf52dff74ae8eb8234e431f79d0507993c1d648caddd86055318644412d780b9c6f3a7403271be7254835b5d991961927015bce4cc67728b2aaf02772042b819fca7a33c939629c29cd987324a5a232eb232bd25c53ea0a797878c4b7db3f9769ab73b2af7d78d11c046243e33472217a799666c0a3185a16875dd6225ffc5dc732275fba2e85062e5e7d4cf2df937a43c210279091249b6e0534c3a91502a006cc432f5282519b341ca65682054fd3c3b51f438083899349c82554db50a42a3df66963266130ce5e43dd3bfa7f4c1b833be82aa168c69aa047da50c72b18325499abef04d63817d8d47c71e3587db71de7d7d01f159fff35ae2b9388f5a2db9e2a053a859e9a57c3debb9f912c6a23b36a3de043ce16de578a448c63a3614af783b20de87d549d43555066643993efd997657ac5d78e745d977f41dfea34bd6409c42c0c2870eed6a9b0eb0e8c629dafbf9c8a4500b1915e1223fd6ced831c7cc1b3b3c5cbed252f535f8bb278371eb125e46c3e6694734bf8a49c2f5fec18"}, 0x314, 0xfffffffd})
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0)
ioctl$I2C_PEC(r3, 0x708, 0x40)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x4, &(0x7f00000000c0)={0x0, "af5405a7b1818f4a097d9a9f2996a3177cef40e38b874823e38090260074bf2cb6"}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x20, 0x1410, 0x1, 0x70bd2f, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x2404c8a6}, 0xc094)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r8 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r9=>0x0})
connect$can_bcm(r8, &(0x7f00000000c0)={0x1d, r9}, 0x10)
sendmsg$can_bcm(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x240, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x3, 0x922, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x2, 0x0, 0x0, 0x0, "5c91440132bb112240fcbcc3fa9d0431575f8614d3538ce09c50eecd6ac579e8e83b944b666113f3afed71231e6653a13532f17b33515bdd7e1be14f53b9fc9b"}}, 0x80}}, 0x0)
r10 = accept4(r6, 0x0, 0x0, 0x0)
read$alg(r10, &(0x7f0000000000)=""/20, 0x14)
accept$alg(r6, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.670052631s ago: executing program 1 (id=803):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="30000000100001aa4684fdf8080000000000000013849c0f6219232f3b9a51d01539ffa986268bd4d0453fb20c0b88ebeff3f899eb57e37c0a3252ad3b896687bf5045aed0f02f3485900995aee33b4deb96f86a8468edd9fbbb6a0d0f974710a562206cd41868e52e26c82df8892891930ae6d4ccc47eae809aa8ca57903b690b73597d8dc881e0e1d43d6106c70ba8750b6d3e90b8c59c86046f01643b281d2a046d3566a75a249ab147d59d8ab00c619394caf9b20ec2745996f1b96fcb37365a08cd", @ANYRES32=0x0, @ANYBLOB="c30001000000000008001b00000000000500100005000000"], 0x30}, 0x1, 0xffffa888}, 0x0)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x41}, 0x2}}, 0x15)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
r3 = socket(0x22, 0x3, 0x0)
bind$inet(r3, &(0x7f0000000340)={0x22, 0x4e20, @loopback}, 0x57)
sendmsg$tipc(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc005}, 0x20000027)
setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000000), 0x4)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$int_in(r4, 0x5452, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000300))
r5 = dup(r4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x90}, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000000)={0x0, r5})
r10 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r10, 0x5421, &(0x7f0000000100)=0x100000001)
setsockopt$inet_tcp_TCP_REPAIR(r10, 0x6, 0x13, &(0x7f0000000240)=0x1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
write(r10, 0x0, 0x0)
r11 = dup3(r0, r2, 0x0)
write$qrtrtun(r11, 0x0, 0x0)

1.573515995s ago: executing program 1 (id=806):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x49, &(0x7f00000000c0)})
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000040)=ANY=[], 0x6)
r1 = epoll_create1(0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00660000007f00000001"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000b00), &(0x7f0000000580), 0x7, r2}, 0x38)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r3}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r2, &(0x7f0000001600), &(0x7f0000000840)=""/227}, 0x20)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000001c0)={'wpan1\x00', <r6=>0x0})
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r7, 0x29, 0xcf, &(0x7f0000000080)=0xf87f, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
fstat(r8, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setresuid(0xffffffffffffffff, r9, 0xffffffffffffffff)
syz_clone(0x11200000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r6, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
dup(r1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r11 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r11, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
newfstatat(0xffffffffffffff9c, &(0x7f0000000840)='./file0/../file0/file0\x00', 0x0, 0x6000)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000440)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x40, 0x0, 0x1, 0x5, 0x0, 0x0, {0x1, 0x0, 0x9}, [@CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_SYNPROXY_TSOFF={0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xcc}, @CTA_SYNPROXY_ISN={0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x200000c0}, 0x10)

1.419460936s ago: executing program 1 (id=811):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x10, &(0x7f0000000040), 0x4)
sendmsg$inet(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r2, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x8004)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x41f9}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000080}, 0x20000010)

1.359236192s ago: executing program 1 (id=814):
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100, 0x103)
prctl$PR_GET_IO_FLUSHER(0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x132)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v2={0x2000000, [{0x80, 0x401}, {0x6, 0x10000000}]}, 0xffffffffffffff92, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
syz_emit_ethernet(0x22, &(0x7f00000002c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x89, 0x0, @empty, @broadcast}}}}}, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000003c0)={[&(0x7f0000000400)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=@known='trusted.overlay.metacopy\x00', &(0x7f00000002c0)=""/212, 0xd4)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000040)={'nat\x00', 0x0, [0xfffffff2, 0xfffffffb, 0x100, 0x4007, 0x3]}, &(0x7f0000000000)=0x54)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
getsockopt$inet6_buf(r3, 0x29, 0x14, &(0x7f0000000500)=""/96, &(0x7f0000000240)=0x60)
read$FUSE(r3, &(0x7f0000000640)={0x2020}, 0x2020)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'})
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

1.293898636s ago: executing program 4 (id=816):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000000c0)=ANY=[])
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, <r4=>0x0}, &(0x7f0000000280)=0xc)
read$FUSE(r3, &(0x7f0000001a40)={0x2020, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
stat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x0)
setresuid(0x0, r7, 0x0)
mount$fuseblk(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x800000, &(0x7f0000000380)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x200}}, {@blksize}], [{@subj_role={'subj_role', 0x3d, ')\xa6.'}}, {@fsname={'fsname', 0x3d, '/dev/nbd'}}, {@euid_eq={'euid', 0x3d, r6}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/kvm\x00'}}, {@obj_type={'obj_type', 0x3d, '\x00'}}, {@hash}, {@dont_appraise}, {@uid_eq={'uid', 0x3d, r7}}, {@dont_appraise}]}})
r8 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x400)
name_to_handle_at(r3, &(0x7f0000000600)='./file1\x00', &(0x7f0000000640)=@orangefs_parent={0x28, 0x2, {{"a4e2499e01162208ec0c302067e8487d", 0x2f2c809}, {"41a3b3054665e67251899f73d1eb3bab", 0x80000000}}}, &(0x7f0000000680), 0x1200)
ioctl$NBD_CLEAR_SOCK(r8, 0xab04)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r9, &(0x7f0000000c00)=[{&(0x7f0000000500)=""/234, 0xea}], 0x1, 0x4f, 0x5dd073cf)

1.293469195s ago: executing program 0 (id=817):
r0 = accept4$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @bcast}, [@rose, @default, @remote, @rose, @bcast, @default, @remote, @bcast]}, &(0x7f0000000040)=0x48, 0x0)
ioctl$SIOCAX25GETUID(r0, 0x89e0, &(0x7f0000000140)={0x3, @default, 0xee00})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000080)='./file0\x00')
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x800, 0x182)
fdatasync(r1)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="ad43000000000000000072761406602e600d000000"], 0x14}}, 0x0)

1.218709929s ago: executing program 1 (id=818):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x3, 0x10}, 0xc)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x2, @loopback, 0x7}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001f40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x93bc, @loopback, 0xb0}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)='~', 0x1}], 0x1}}], 0x1, 0x4005)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f00000026c0)=0x4, 0x4)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.21844344s ago: executing program 0 (id=819):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async, rerun: 32)
r0 = socket$inet6(0xa, 0x80003, 0x6) (rerun: 32)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async, rerun: 64)
r1 = socket$packet(0x11, 0x3, 0x300) (rerun: 64)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) (async)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x4c}, {0x6}]}, 0x10) (async, rerun: 32)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) (async, rerun: 32)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000440), 0x4200, 0x0)

979.833271ms ago: executing program 4 (id=823):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x30, r1, 0x505, 0x10000, 0x25dfdbfd, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast1}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040}, 0x10)
getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000000), &(0x7f00000000c0)=0x28)

979.563255ms ago: executing program 5 (id=824):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x2, 0xc, 0x8, 0x0, 0x1b, 0x0, 0x70bd2a, 0x25dfdbfb, [@sadb_x_kmaddress={0x5, 0x19, 0x0, @in={0x2, 0x4e23, @remote}, @in={0x2, 0x4e21, @broadcast}}, @sadb_x_sec_ctx={0xc, 0x18, 0x6, 0x6, 0x54, "c0a09cb35c7ba78df753ea878c49e2fb912ff27ad308e02d4c1d98b648634a5255c1544ad342d63bf63421a82f315c2c7416f0fafd435b80be91774e55c6b375151af351d8fd14fd0ac81c48581e51577c7e300a"}, @sadb_x_policy={0x8, 0x12, 0x3, 0x4, 0x0, 0x6e6bb2, 0x8, {0x6, 0x3c, 0x6, 0x5, 0x0, 0x1000, 0x0, @in6=@private1, @in=@private=0xa010100}}]}, 0xd8}}, 0x24008011)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
ftruncate(r1, 0xc17a)
read$FUSE(r1, 0x0, 0x0)

919.995017ms ago: executing program 4 (id=825):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000040)={@my=0x1})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, &(0x7f0000000980)={&(0x7f0000000100)={{@my=0x1, 0x1}, {@local, 0x3}, 0x10fe8, "7cf567a7e975111301ef7694cbddaef9fbe7d4f87939ca13eba8a3aae9d5eda5544e8400dfa29e7c81ac1f8136236b57b1b5478c723955e5f1bbf6616a5a198a4a408f1fb8ca2f8f310e4ebbd83857ab9d6f5cc9dcc02ef7d487f4c28c7e233e126c2f8baa705fefa4f91b537c0fc0f28ca040c8ee82212a5395e6367becc447fbbb7a43bb94c561ca2773d97c57ddd036b1992a55579fddd8bdf45462dd3bfc96ca8693fb8eaca2e0fe360d0a895837f4d36563cf0c1424c2f0c12d560bf05253d834e4762816bfd1031414b8ce624d2e0b54fed3f7258055bd9cbbacabfbfbb2d0584a8eb6fc2075248b518570061d305342c661889f9f9d0a3cc1fa5bedb0b9888d9597f00908d078955100ab4d982aa88df95a3baa4e9b5f585b8a4be1e7b8919f0af72aa1fe06fc8ba147b151829745be47b2435967509f66f548432a91f97eeff0369fb377c5e2ff1fe020f76577cdfaf63f50d466597571360c2a11a2264ae1c3d03ddcaa76adf705fbe7195d712d1fd1101236772fc2e85564f9c8de7a49d59088f36e993a24d9e713edc05bdf1abc39f88bb617fa7adca03aeb7bb8a591f28c977f542ab52d9af4e1ec6f339bee8959da73f730b144f615e5afa54be262e4da32c0b7e4924149ca17f79bad3030f71bb71706f59088c78c56a2ebc8e06c1069043a81599309744524ffc6fcac93642b81e3263028704268875b856f5dad57837dffd97e44076c9d24b04c2d985fb82a6b92c93008919db3a301a4b861216f895e083d8b2c69a72f55a9786c9e1ed46f650f583ab78cb68a792eea2ff822c918c926fc960a18556c3e6878cc0b165714cc3047603e2b71370ae48c745ade75e36b5064d555d0093c14ba230c8afa425afc9b51c7521958e0dbe88c6eacf52dff74ae8eb8234e431f79d0507993c1d648caddd86055318644412d780b9c6f3a7403271be7254835b5d991961927015bce4cc67728b2aaf02772042b819fca7a33c939629c29cd987324a5a232eb232bd25c53ea0a797878c4b7db3f9769ab73b2af7d78d11c046243e33472217a799666c0a3185a16875dd6225ffc5dc732275fba2e85062e5e7d4cf2df937a43c210279091249b6e0534c3a91502a006cc432f5282519b341ca65682054fd3c3b51f438083899349c82554db50a42a3df66963266130ce5e43dd3bfa7f4c1b833be82aa168c69aa047da50c72b18325499abef04d63817d8d47c71e3587db71de7d7d01f159fff35ae2b9388f5a2db9e2a053a859e9a57c3debb9f912c6a23b36a3de043ce16de578a448c63a3614af783b20de87d549d43555066643993efd997657ac5d78e745d977f41dfea34bd6409c42c0c2870eed6a9b0eb0e8c629dafbf9c8a4500b1915e1223fd6ced831c7cc1b3b3c5cbed252f535f8bb278371eb125e46c3e6694734bf8a49c2f5fec18"}, 0x314, 0xfffffffd})
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x0)
ioctl$I2C_PEC(r3, 0x708, 0x40)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x4, &(0x7f00000000c0)={0x0, "af5405a7b1818f4a097d9a9f2996a3177cef40e38b874823e38090260074bf2cb6"}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x20, 0x1410, 0x1, 0x70bd2f, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x2404c8a6}, 0xc094)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r8 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r9=>0x0})
connect$can_bcm(r8, &(0x7f00000000c0)={0x1d, r9}, 0x10)
sendmsg$can_bcm(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x240, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x3, 0x922, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x2, 0x0, 0x0, 0x0, "5c91440132bb112240fcbcc3fa9d0431575f8614d3538ce09c50eecd6ac579e8e83b944b666113f3afed71231e6653a13532f17b33515bdd7e1be14f53b9fc9b"}}, 0x80}}, 0x0)
r10 = accept4(r6, 0x0, 0x0, 0x0)
read$alg(r10, &(0x7f0000000000)=""/20, 0x14)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

919.729137ms ago: executing program 5 (id=826):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000480)={{r0}, 0x0, 0x0}, 0x20)
socket$kcm(0x10, 0x2, 0x0)

848.928ms ago: executing program 5 (id=827):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5202)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r1, @ANYRES8=r0], 0x1f4}}, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x0) (async)
r3 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x42, 0x0)
ioprio_set$pid(0x1, 0x0, 0x6003) (async)
ioprio_set$pid(0x1, 0x0, 0x6003)
sendfile(r3, r3, 0x0, 0x8) (async)
sendfile(r3, r3, 0x0, 0x8)
ioctl$KDGKBSENT(r2, 0x4b48, &(0x7f0000000440)={0x6, "d70afb30fae02616090ffe2cd97f878484fdc281c57dd83ada8c1b38b030023b1f9c973f2ebba43b1271c9b1b04008abffd68f7450bacafa3882ecd1e42fec5d5f5d1591c1d5bf515d20b7863cc815e16b8149558e4ff6d60cbf9d4bb70529bd7300b32d22b782bed7d75de24040960e805b196c3eebe15fc48f157b4b50b1c46ec1a87b90ed31877a0673643141dc57dbc9c45e5484fa2a80a97df6719d2e767243d3713eb856630396990c811fbf54352f5aae7e0adb78e651717b333c542c6b574af9c57c7eef1a9947798f3408fd03ed7d7979f5848344f5e0c25be91dfd4b37589f66ddc3c84ff2c365483745fd3c592e5fce6b970c6c62876a7131954fb68641dbfa633976370019584e4899de17c89db1260ebfe6a0c3b5d1873152a573de23830f5b71a3975e71d56a9b7d8e7728deffe6ceda27f35f3689628d664009c0fa772a9139e790e9fd9859b3cabad33d4df471d71f5f39385dc623990f19fedc7022a10239c8330adbc841ad8cb9b885579999ee80f3c28de525a9e9ed34fdb333d0bb23a8b2e507b8609ccd5ef3471b28263638a0c7341d1efa72c0e83cbf9090f47fb6e6db52020016285cbe9d2c23f89a0a7f42c9a4f6185045dd3c3cb755a083397f73b4f536d41be8d4b168cb3e843c53c02d906f870e5aa92bbedcc22327d66a62cb51fc7e08a6f76d00f5c655e8dff78b5d3fcb31124434750998"})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001708000640ffffff000800034000000038740000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000480003804400008008000340000000023800028034000280080001"], 0x108}}, 0x0)

750.144402ms ago: executing program 5 (id=828):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002520702500000000690000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095000000000000002d55710c64e30cd8655910b3eb2d1451a6bf4b04dc0ab703f4c87963ba8fd1c024815f140290fbdcd50b6dc8d41d9568a55e58cc6514e272e53a081168e74d7189f0e655f66e08d4e108968d80ea3cac636aa60bea166d6e252599ca89adacf4e13a2013988c420dd7cf1fce0cb888b55ee528de49f84820012fd6f16b20de6f1ea6691dcee8e86fa2109aa7898fe1f7ff973463c482db5da9926d158ee55592221796e273ccf22a8ce8dd3674739087015098b80e9842e82aa484ccc259f6a617aab5788a07051113ce3e8af8eeb0247773b358f0235bba5950707984fb201d101bfd1f78b0ba9a72d422d94b5a34491cf3f671af9dacdf409ce0c10d85de714c000000000000b0a6d2a53c038dbed0fcb200b0fb7bede81da9c88da8b9a70a284aaf45f2e060094dba48ff73b83fbc6a63cfd881ffaba8ac0c054ec789c7d6e1398dc45489158b6a9034670e74097d80cd019975b4b526bc822729629a2f84bbbe355931beb802e33ebad79cf5b9bff5527d36626aa77eac0a3a6f94648ddb20f78d83328cf8cca7c23369d2c7e99d645edc8f3cc95cd09dc0fc00000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x44)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r0}, 0x10)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0x8, 0x1, 0x0, 0x40})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x9, 0x0, 0x0, 0x0, 0x61, 0x11, 0x10}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)

749.991081ms ago: executing program 0 (id=829):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = semget$private(0x0, 0x6, 0x0)
semtimedop(r1, &(0x7f0000000200)=[{0x2, 0xf000, 0x800}], 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8982, &(0x7f0000000000)={0x8, 'vlan1\x00', {'geneve1\x00'}, 0x5})
r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x201, 0x10, 0x25}, 0x18)
fchmodat(r2, &(0x7f00000000c0)='./file0\x00', 0x4)

749.724719ms ago: executing program 5 (id=830):
r0 = syz_io_uring_setup(0x3332, &(0x7f0000000080)={0x0, 0x967f, 0x10100, 0x5, 0x298}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x18, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80002101}) (async)
io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0xa, 0x3, 0x3a)
sendmmsg$alg(r3, &(0x7f0000000000), 0x0, 0x4050)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000240)={'macvlan0\x00', <r4=>0x0})
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000080)={0x1, 0x0, 0x0, r4, 0x267a4e37}, 0xc) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) (async)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
recvmmsg(r6, &(0x7f0000001d80)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2002, 0x0) (async, rerun: 32)
r7 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r4], 0x20}, 0x1, 0x0, 0x0, 0x24008050}, 0x20008000)

749.463832ms ago: executing program 0 (id=831):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @multicast1}, 0x10)
r2 = socket$inet(0x2, 0x80000, 0x4)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r2, &(0x7f0000e15000)={0x2, 0x4e20, @multicast1}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0)

630.077774ms ago: executing program 0 (id=832):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000001e000000611000000000000062000b000000000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x5, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
dup(r2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd601200080043adea9d80000000000000000000"], 0x0)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040055}, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xda02})
ioctl$TUNSETVNETBE(r7, 0x400454de, &(0x7f0000000080)=0x1)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r8, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r8, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r8, &(0x7f0000000240)="04", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x10, @empty, 0xffffcd92}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000140)='htcp\x00', 0x5)
unshare(0x26020480)
shutdown(r8, 0x1)
write$tun(r7, &(0x7f0000000040)=ANY=[], 0x44)

629.511385ms ago: executing program 5 (id=833):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}}, 0x0)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x10200, 0x0, 0x80a0000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x44) (async)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x44)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r4, 0x0) (async)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r4, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000000)=@tipc=@name, 0x80, &(0x7f0000000200)=[{&(0x7f0000000080)=""/57, 0x39}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f00000001c0)=""/63, 0x3f}], 0x3}, 0x40002000) (async)
recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000000)=@tipc=@name, 0x80, &(0x7f0000000200)=[{&(0x7f0000000080)=""/57, 0x39}, {&(0x7f0000000100)=""/75, 0x4b}, {&(0x7f00000001c0)=""/63, 0x3f}], 0x3}, 0x40002000)

339.94795ms ago: executing program 1 (id=834):
syz_emit_ethernet(0x80, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @val={@val={0x88a8, 0x0, 0x0, 0x3}, {0x8100, 0x6, 0x1, 0x3}}, {@ipv4={0x800, @igmp={{0x6, 0x4, 0x2, 0x9, 0x6a, 0x67, 0x0, 0x8, 0x2, 0x0, @private=0xa010102, @empty, {[@ra={0x94, 0x4, 0x1}]}}, {0x17, 0x6, 0x0, @remote, "288a182f5fbef1b540571cc187eda3938660f8c9ad4f25ff917974a824435c7dbb3008791aa2d7725303d1ce1538febbcfee0737b29dd1fbf84bb2e1b22d637cc38ee69309d0c9af97d4"}}}}}, 0x0)
syz_emit_ethernet(0xb5, &(0x7f0000000080)={@empty, @broadcast, @val={@void, {0x8100, 0x1, 0x1}}, {@generic={0xa00, "f71c7289796be31f23b84c6d388b6bd1f15a09232e6c38c35c1e65fb320f954ad752929598411b0c270fc78f52a1bcb7e62bd2c899fe36b892322f9a03d5279687d8e2458f42caef92d932aa50dd5bba64c8ce36b3d9981df169aa31fe61ff773c2ef7879cb6e6fb7eb17b2af5462e08e12f8b0a480826922c60d968e9832f4ca5ca75f2ebe59aadaac1c6fa456c5a7ab81189904e0f800196d7d9c024313087dc7071"}}}, &(0x7f0000000140)={0x0, 0x1, [0xfb0, 0xdad, 0xa53, 0xe9c]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0x3, 0x0, 0x9}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x4}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0xfffffff8}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x44)
connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e24, @broadcast}, 0x10)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='tcp_probe\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x149000, 0x0)
write$tun(r2, &(0x7f00000003c0)={@void, @val={0x1, 0x3, 0x3, 0xfff8, 0x2}, @ipv4=@udp={{0x35, 0x4, 0x0, 0x5, 0x170, 0x67, 0x0, 0x7, 0x11, 0x0, @loopback, @rand_addr=0x64010100, {[@ssrr={0x89, 0xb, 0xb9, [@remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @rr={0x7, 0x1f, 0x95, [@private=0xa010102, @rand_addr=0x64010100, @rand_addr=0x64010102, @broadcast, @remote, @loopback, @loopback]}, @cipso={0x86, 0x6d, 0x3, [{0x7, 0x8, "394d1c6eeffb"}, {0x1d01c61168637ff4, 0x10, "c60abad72f5c2bf3829346d53873"}, {0x2, 0x8, "f42ba632a22f"}, {0x82453f58fab9777, 0x2}, {0x5, 0xf, "14b87c0291958bcbda9aa6dddd"}, {0x1, 0x11, "ef4c472371f6373740c96a90ee1863"}, {0x1, 0x6, "44b17285"}, {0x2, 0xd, "c8342f6bdc18cc8c09c0e1"}, {0x7, 0xd, "cd4e34a0aa89193d056ecb"}, {0x2, 0x5, "4f6399"}]}, @timestamp_prespec={0x44, 0x1c, 0xe6, 0x3, 0x2, [{@local, 0x3}, {@rand_addr=0x64010102, 0xfff}, {@remote, 0x105}]}, @rr={0x7, 0xb, 0x92, [@remote, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}, {0x4e22, 0x4e22, 0x9c, 0x0, @wg=@initiation={0x1, 0x3, "ba2d71afcb88cf56b94a0e3cb8188d6934629d0c80592b72962491992a37a4d1", "62f0cb901dedd45b18fe6e3fc9ad6b683d351b3a3109151d699eeb33f8630a3e9b43f427475baf47657bc7c528fb86fb", "69fceeed1de1381a44d8e2f887e3db01fd4aafaf9dce64199fb70fcc", {"4e0d7a115b64797c0ed08d9e3aa5f25b", "960b799bf4ab7ac6a65edd7aecf6fbc1"}}}}}, 0x17a)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r3, 0x29, 0x37, &(0x7f0000000540)={0x3a, 0x8, '\x00', [@enc_lim={0x4, 0x1, 0xa}, @jumbo={0xc2, 0x4, 0x1}, @enc_lim={0x4, 0x1, 0x9}, @hao={0xc9, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}}, @enc_lim={0x4, 0x1, 0x3}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0x21}}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @pad1]}, 0x50)
r4 = syz_open_dev$vcsu(&(0x7f00000005c0), 0x1, 0x648082)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0, <r5=>0x0}, 0x2020)
sendmsg$nl_xfrm(r4, &(0x7f0000002740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000002700)={&(0x7f0000002680)=@getpolicy={0x5c, 0x15, 0x2, 0x70bd27, 0x25dfdbfd, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@private2, 0x4e23, 0x0, 0x4e22, 0x6, 0xa, 0x0, 0x20, 0x62, 0x0, r5}, 0x6e6bbb, 0x2}, [@lastused={0xc, 0xf, 0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x5}, 0x10)
setsockopt$inet6_opts(r4, 0x29, 0x36, &(0x7f0000002780)=@hopopts={0x84, 0xa, '\x00', [@ra={0x5, 0x2, 0x9}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x40, {0x0, 0xe, 0x8a, 0x2, [0x1, 0x7, 0x2, 0x9, 0x1d, 0xffff, 0x137]}}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x1, [0x0]}]}, 0x60)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r0, 0x8983, &(0x7f0000002800))
socket$tipc(0x1e, 0x2, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0xf)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000002840)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r9 = openat$cgroup_ro(r8, &(0x7f0000002880)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r9, 0x3, r1, &(0x7f00000028c0)={0x30000000})
socket$xdp(0x2c, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r9, 0xc018937c, &(0x7f0000002940)={{0x1, 0x1, 0x18, <r10=>r7}, './file0\x00'})
syz_genetlink_get_family_id$team(&(0x7f0000002900), r10)
recvmsg(r6, &(0x7f0000002c40)={&(0x7f0000002980)=@phonet, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002a00)=""/87, 0x57}, {&(0x7f0000002a80)=""/247, 0xf7}], 0x2, &(0x7f0000002bc0)=""/114, 0x72}, 0x2)
bind$netlink(r7, &(0x7f0000002c80)={0x10, 0x0, 0x25dfdbfc, 0x20}, 0xc)
close(r2)
ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000002cc0)=0x3f2)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000002d00)={0x0, 0x9, 0x8, 0x1})

270.40899ms ago: executing program 0 (id=835):
mkdir(&(0x7f0000000140)='./file0\x00', 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r3, &(0x7f0000000200)={0xc0000009})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000280)="0f22c23e66640f0666b9b400004066b8965a000066ba000000000f306766c7442400000000006766c7442402f33f00006766c744240600000000670f011c240f0d8e0090f2f02803642ed9fb6766c74424000c0000006766c74424020c0000006766c744240600000000670f0114240f326467cf", 0x74}], 0x1, 0x1b, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000001180)=0x2000001)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r4, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x5008, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000080))
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}], [{@smackfsdef}]})

0s ago: executing program 4 (id=836):
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000040)={0x56, 0x4008, 0xb, {0xc, 0x6}, {0x4007, 0xc}, @cond=[{0x1, 0x1, 0x9, 0x7, 0xcd2}, {0x3, 0x9, 0x5, 0x8, 0x7ff, 0x4}]})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x20000000009)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x810c52, &(0x7f0000000180)={'trans=virtio,', {[{@dfltgid={'dfltgid', 0x3d, 0xee00}}]}})

kernel console output (not intermixed with test programs):

BSS using preconfigured BSSID 50:50:50:50:50:50
[   46.909844][ T5953] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   46.910160][  T386] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.912757][ T5953] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   46.921772][ T5953] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   46.925000][ T5953] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.930038][ T5950] veth1_macvtap: entered promiscuous mode
[   46.951075][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   46.955294][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   46.959065][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   46.962084][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   46.967788][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0
[   46.977998][ T5944] veth0_macvtap: entered promiscuous mode
[   46.982488][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   46.985856][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   46.988887][ T5950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   46.991906][ T5950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   46.995848][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.005306][ T5948] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   47.005787][ T5944] veth1_macvtap: entered promiscuous mode
[   47.014282][ T5950] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.016857][ T5950] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.019366][ T5950] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.021869][ T5950] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.040495][ T1225] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.044805][ T1225] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.070362][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   47.072066][ T6011] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=785 sclass=netlink_route_socket pid=6011 comm=syz.3.4
[   47.073832][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.080036][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   47.083144][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.086801][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   47.089815][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.093556][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.096150][ T1245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.098509][ T1245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.105366][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   47.108512][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.111361][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   47.115224][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.118092][ T5944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   47.121169][ T5944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.124840][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.139328][ T5944] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.142109][ T5944] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.145088][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.147667][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.160039][ T1245] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.163448][ T1245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.193928][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.196263][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.224874][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.227519][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.248639][ T1245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.251712][ T1245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.290488][ T6031] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET)
[   47.330756][ T6037] mkiss: ax0: crc mode is auto.
[   47.353107][ T6044] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   47.395650][ T6044] trusted_key: syz.0.1 sent an empty control message without MSG_MORE.
[   47.459927][ T6053] netlink: 'syz.0.1': attribute type 4 has an invalid length.
[   47.462414][ T6053] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1'.
[   47.476639][ T6028] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54765 sclass=netlink_route_socket pid=6028 comm=syz.3.7
[   47.891579][ T6055] warning: `syz.2.9' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   48.358391][ T6078] overlayfs: cannot append lower layer
[   48.374267][ T6080] netlink: 'syz.3.18': attribute type 9 has an invalid length.
[   48.376792][ T6080] netlink: 244 bytes leftover after parsing attributes in process `syz.3.18'.
[   48.393185][   T66] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   48.415180][ T6084] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6084 comm=syz.3.20
[   48.430417][ T6084] VFS: could not find a valid V7 on sr0.
[   48.436384][ T6085] VFS: could not find a valid V7 on sr0.
[   48.439033][ T6084] netlink: 16 bytes leftover after parsing attributes in process `syz.3.20'.
[   48.477669][ T6088] PKCS7: Unknown OID: [4] 5.25.43204.122
[   48.479475][ T6088] PKCS7: Only support pkcs7_signedData type
[   48.528034][ T6092] Illegal XDP return value 6092 on prog  (id 3) dev N/A, expect packet loss!
[   48.545675][   T66] usb 7-1: Using ep0 maxpacket: 8
[   48.547019][ T6092] netlink: 24 bytes leftover after parsing attributes in process `syz.0.23'.
[   48.550841][   T66] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[   48.557248][   T66] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   48.561787][   T66] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   48.565395][   T66] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   48.565412][   T66] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   48.565435][   T66] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   48.565447][   T66] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   48.600969][ T6095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23'.
[   48.781316][   T66] usb 7-1: usb_control_msg returned -32
[   48.783482][   T66] usbtmc 7-1:16.0: can't read capabilities
[   48.803782][ T5294] Bluetooth: hci3: command tx timeout
[   48.815212][ T5294] Bluetooth: hci0: command tx timeout
[   48.817407][ T5294] Bluetooth: hci1: command tx timeout
[   48.893342][ T5294] Bluetooth: hci2: command tx timeout
[   48.916289][ T6106] program syz.3.27 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   48.975569][ T6114] IPv6: NLM_F_CREATE should be specified when creating new route
[   50.332921][ T6123] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[   50.336604][ T6123] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   50.340939][   T39] kauditd_printk_skb: 118 callbacks suppressed
[   50.340954][   T39] audit: type=1400 audit(1740450355.037:233): avc:  denied  { ioctl } for  pid=6122 comm="syz.0.32" path="socket:[8849]" dev="sockfs" ino=8849 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   50.341847][ T6123] dlm: non-version read from control device 0
[   50.488333][   T39] audit: type=1400 audit(1740450355.187:234): avc:  denied  { create } for  pid=6129 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   50.552952][   T39] audit: type=1400 audit(1740450355.247:235): avc:  denied  { ioctl } for  pid=6129 comm="syz.0.35" path="socket:[8854]" dev="sockfs" ino=8854 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   50.582745][   T39] audit: type=1400 audit(1740450355.277:236): avc:  denied  { create } for  pid=6135 comm="syz.0.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   50.588540][   T39] audit: type=1400 audit(1740450355.287:237): avc:  denied  { ioctl } for  pid=6135 comm="syz.0.36" path="socket:[10396]" dev="sockfs" ino=10396 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   50.595687][   T39] audit: type=1400 audit(1740450355.287:238): avc:  denied  { getopt } for  pid=6135 comm="syz.0.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   50.601455][   T39] audit: type=1400 audit(1740450355.287:239): avc:  denied  { read } for  pid=6137 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1770 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   50.609162][   T39] audit: type=1400 audit(1740450355.287:240): avc:  denied  { open } for  pid=6137 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1770 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   50.618310][   T39] audit: type=1400 audit(1740450355.287:241): avc:  denied  { getattr } for  pid=6137 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1770 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   50.622634][ T6140] team0: No ports can be present during mode change
[   50.625935][   T39] audit: type=1400 audit(1740450355.297:242): avc:  denied  { write } for  pid=6134 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1769 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   50.695376][ T6140] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   50.883126][ T5294] Bluetooth: hci1: command tx timeout
[   50.883486][ T5946] Bluetooth: hci0: command tx timeout
[   50.883528][ T5956] Bluetooth: hci3: command tx timeout
[   50.971472][ T6168] =======================================================
[   50.971472][ T6168] WARNING: The mand mount option has been deprecated and
[   50.971472][ T6168]          and is ignored by this kernel. Remove the mand
[   50.971472][ T6168]          option from the mount to silence this warning.
[   50.971472][ T6168] =======================================================
[   50.973086][ T5946] Bluetooth: hci2: command tx timeout
[   50.984325][ T6168] hugetlbfs: Bad value 'e' for mount option 'size'
[   50.984325][ T6168] 
[   51.150809][ T6175] netlink: 12 bytes leftover after parsing attributes in process `syz.0.42'.
[   51.157914][ T6069] usb 7-1: USB disconnect, device number 2
[   51.205228][ T6180] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   51.330334][ T6193] PKCS7: Unknown OID: [4] 5.25.43204.122
[   51.332555][ T6193] PKCS7: Only support pkcs7_signedData type
[   51.354328][ T6192] netlink: 24 bytes leftover after parsing attributes in process `syz.0.47'.
[   51.826406][ T6211] tipc: Started in network mode
[   51.828003][ T6211] tipc: Node identity aaaaaaaaaa34, cluster identity 4711
[   51.830238][ T6211] tipc: Enabled bearer <eth:macvlan0>, priority 10
[   51.900955][ T6219] 9pnet_virtio: no channels available for device syz
[   51.988967][ T6225] fuse: Bad value for 'fd'
[   52.131756][ T6227] PKCS7: Unknown OID: [4] 5.25.43204.122
[   52.135088][ T6227] PKCS7: Only support pkcs7_signedData type
[   52.387426][ T6206] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   52.389675][ T6206] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   52.398591][ T6206] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   52.399121][ T6209] syz.2.52 (6209) used greatest stack depth: 21040 bytes left
[   52.407781][ T6206] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   52.409771][ T6206] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   52.413152][ T6206] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   52.416809][ T6206] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   52.418795][ T6206] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   52.422273][ T6206] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   52.427701][ T6206] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   52.429642][ T6206] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   52.432609][ T6206] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   52.475772][ T6234] netlink: 5 bytes leftover after parsing attributes in process `syz.0.59'.
[   52.479492][ T6234] 0ŞXıĤD: renamed from macvtap0 (while UP)
[   52.486852][ T6234] 0ŞXıĤD: entered allmulticast mode
[   52.488516][ T6234] veth0_macvtap: entered allmulticast mode
[   52.490653][ T6234] A link change request failed with some changes committed already. Interface 
30ŞXıĤD may have been left with an inconsistent configuration, please check.
[   52.497279][ T6234] netlink: 12 bytes leftover after parsing attributes in process `syz.0.59'.
[   52.521003][ T5946] Bluetooth: hci3: unexpected subevent 0x19 length: 67 > 28
[   52.525684][ T5946] Bluetooth: hci3: Unable to find connection with handle 0x00c9
[   52.539051][ T6238] sp0: Synchronizing with TNC
[   52.773839][ T6258] netlink: 'syz.0.68': attribute type 4 has an invalid length.
[   52.803083][  T834] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   52.828779][ T6269] cgroup2: Unknown parameter 'euid'
[   52.830850][ T6269] netlink: 'syz.0.68': attribute type 39 has an invalid length.
[   52.854745][ T5987] tipc: Node number set to 10398378
[   52.969690][  T834] usb 7-1: Using ep0 maxpacket: 8
[   52.977151][  T834] usb 7-1: config 7 has an invalid interface number: 157 but max is 3
[   52.986442][  T834] usb 7-1: config 7 has an invalid descriptor of length 1, skipping remainder of the config
[   52.989411][  T834] usb 7-1: config 7 has 1 interface, different from the descriptor's value: 4
[   52.992001][  T834] usb 7-1: config 7 has no interface number 0
[   52.994725][  T834] usb 7-1: config 7 interface 157 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 1024
[   52.998194][  T834] usb 7-1: config 7 interface 157 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   53.002828][  T834] usb 7-1: config 7 interface 157 has no altsetting 0
[   53.010376][  T834] usb 7-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=91.01
[   53.014219][  T834] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   53.017321][  T834] usb 7-1: Product: ᆭëıŠìİ‡çš é¤Ż�‹“篪ì�½âŒĞ䝰ìĤ˜àĴí“£é§ĵâ€§ê´ï€œë–żìáħµäš�䣽鐠áĵ£âĤꎂĉĦîĵ­á³á¸ĥᖖà�­ĉšë‚ŞáıŒċŽĥစĉ³Ĵè�°â¤¨ċ ı秗цâħ—çĞğċŠğ麯çг䘝색ċµë�•â°¤á·ê‚‘ä²›â�ĥìğ¸ï°™ä…›àĦ•àĦ§á•Žċ…İêĵ·â”µç„³ĉ†½é°šä‘‘ċħ¤�œ„ċ‘´�œ è·‘ë•ƒè·‘ä˜™çä… ç’Šé™•é“Œâ”żäˆŞċ²“éŸŻëş‚ä‡Žë½„��³ċ †í‚ƒĉ‚˜ĉżˆĉĤ—á·ı�–ˆê•™ç•ˆáî´¸îĤïŠ²�€ħìĞħêŞ—â‹ŻàĴı샌䭒ë°ĤċŠ·èƒŽ
[   53.028820][  T834] usb 7-1: Manufacturer: â‡§í›şç•°ëŽ°è— ì„–ïŒ‚éˆ ċ¨żîħ­êğ­é…à˘²ċ¨¤ê¤żċ¤´à³­ì—™ç˘ë”šá›ê§·îœğìĥî¤ıᎿèĥħꞵ鑚�‹�봊굏á´Ħî�젉�œ§ċޣ֘갗äı�áĴµċ€…ċŒˆĉŽşĉ£�î„á”Ÿïœ¸à£‚ä²żçĤ§ïş�èğí“˜àħ·é”ˆä�Ö¤
[   53.036515][  T834] usb 7-1: SerialNumber: àħž
[   53.046192][ T6245] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   53.295975][  T834] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[   53.298817][  T834] sonixb 7-1:7.157: Error reading register 00: -71
[   53.308337][  T834] usb 7-1: USB disconnect, device number 3
[   53.764403][ T5946] Bluetooth: hci0: command 0x0c1a tx timeout
[   54.092751][ T6306] IPVS: Unknown mcast interface: dvmrp1
[   54.181032][ T6315] xt_hashlimit: size too large, truncated to 1048576
[   54.217763][  T834] IPVS: starting estimator thread 0...
[   54.305750][ T6318] IPVS: using max 36 ests per chain, 86400 per kthread
[   54.389192][ T6322] netlink: 28 bytes leftover after parsing attributes in process `syz.2.86'.
[   54.394007][ T6322] netlink: 28 bytes leftover after parsing attributes in process `syz.2.86'.
[   54.456179][ T6333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.88'.
[   54.493443][ T5956] Bluetooth: hci2: command 0x0c1a tx timeout
[   54.493693][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout
[   54.495911][ T5946] Bluetooth: hci3: command 0x0405 tx timeout
[   54.635944][ T5946] Bluetooth: hci2: unexpected subevent 0x19 length: 67 > 28
[   54.637779][ T6352] netlink: 'syz.2.93': attribute type 12 has an invalid length.
[   54.638935][ T5946] Bluetooth: hci2: Unable to find connection with handle 0x00c9
[   54.641942][ T6352] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   54.711253][ T6360] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   54.789908][ T6360] IPVS: You probably need to specify IP address on multicast interface.
[   54.792647][ T6360] IPVS: Error connecting to the multicast addr
[   55.061345][ T6389] netlink: 20 bytes leftover after parsing attributes in process `syz.1.103'.
[   55.153826][ T6069] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   55.221227][ T6394] netlink: 'syz.1.105': attribute type 64 has an invalid length.
[   55.224648][ T6394] netlink: 'syz.1.105': attribute type 4 has an invalid length.
[   55.227774][ T6394] netlink: 152 bytes leftover after parsing attributes in process `syz.1.105'.
[   55.313102][ T6069] usb 8-1: Using ep0 maxpacket: 8
[   55.317931][ T6069] usb 8-1: config 8 has an invalid interface number: 225 but max is 3
[   55.321362][ T6069] usb 8-1: config 8 has an invalid interface number: 132 but max is 3
[   55.325475][ T6069] usb 8-1: config 8 has an invalid interface number: 236 but max is 3
[   55.328752][ T6069] usb 8-1: config 8 has an invalid interface number: 115 but max is 3
[   55.331993][ T6069] usb 8-1: config 8 has no interface number 0
[   55.334663][ T6069] usb 8-1: config 8 has no interface number 1
[   55.337169][ T6069] usb 8-1: config 8 has no interface number 2
[   55.339587][ T6069] usb 8-1: config 8 has no interface number 3
[   55.342039][ T6069] usb 8-1: config 8 interface 225 altsetting 181 has an invalid descriptor for endpoint zero, skipping
[   55.346574][ T6069] usb 8-1: config 8 interface 225 altsetting 181 bulk endpoint 0x5 has invalid maxpacket 32
[   55.350629][ T6069] usb 8-1: config 8 interface 225 altsetting 181 has a duplicate endpoint with address 0x5, skipping
[   55.355097][ T6069] usb 8-1: config 8 interface 225 altsetting 181 has an invalid descriptor for endpoint zero, skipping
[   55.359501][ T6069] usb 8-1: config 8 interface 225 altsetting 181 has an invalid descriptor for endpoint zero, skipping
[   55.365190][ T6069] usb 8-1: config 8 interface 225 altsetting 181 bulk endpoint 0x9 has invalid maxpacket 16
[   55.369329][ T6069] usb 8-1: config 8 interface 225 altsetting 181 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[   55.374601][ T6069] usb 8-1: config 8 interface 132 altsetting 13 endpoint 0xF has invalid maxpacket 2047, setting to 1024
[   55.378060][ T6069] usb 8-1: config 8 interface 132 altsetting 13 has a duplicate endpoint with address 0x9, skipping
[   55.381554][ T6069] usb 8-1: config 8 interface 132 altsetting 13 has a duplicate endpoint with address 0x3, skipping
[   55.385451][ T6069] usb 8-1: config 8 interface 115 altsetting 0 endpoint 0x2 has an invalid bInterval 252, changing to 11
[   55.388803][ T6069] usb 8-1: config 8 interface 115 altsetting 0 endpoint 0x2 has invalid maxpacket 2047, setting to 1024
[   55.392576][ T6069] usb 8-1: config 8 interface 115 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[   55.396831][ T6069] usb 8-1: config 8 interface 115 altsetting 0 endpoint 0xA has an invalid bInterval 18, changing to 8
[   55.400152][ T6069] usb 8-1: config 8 interface 115 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   55.403956][ T6069] usb 8-1: config 8 interface 115 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[   55.407191][ T6069] usb 8-1: config 8 interface 225 has no altsetting 0
[   55.409207][ T6069] usb 8-1: config 8 interface 132 has no altsetting 0
[   55.411478][ T6069] usb 8-1: config 8 interface 236 has no altsetting 0
[   55.415656][ T6069] usb 8-1: New USB device found, idVendor=0499, idProduct=1006, bcdDevice=89.d7
[   55.418385][ T6069] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.420850][ T6069] usb 8-1: Product: 䉄鞳☞ä”ĤèŸ‰ê¸Żè´âˆï½“�µ€ê·…탌é‚ĵíšżê¨´ážĤàŞıĉ½Şâ›ĥ쵆�›‚êŒĤë˘“çŽ£êŒ�해ċ—�Œ‘ꝃçĦĦകéĤ¸ì°´ĉŞ€àħœá‰Œá¤µç Žâğĥ텋⧠ċİ˘âŠħ瓙縐�’™êœĉ’Ġĵï€ĥèğéœ³è‰¤ì‹¸éĤşàİżĉ—˜ë“„Ꮞàĵ›ï™àĴˆĉ­³ĉ·ë ›Äşäşĥ頄끗éĦ˘âš½çıí’°è‹Ĵĉ´ä½ĉ‘€ċ–‚ïеë�蔂ï�¤ç•ħ鷉엀ì”ĵꀒĉ¨™íŸĥċƒçŒ‚á·„é’‡âĤĤ腤ċ™İꐙċşäžħîĦì–ŠêŞ˘ċ‚·àŞ’�²á˜”ê�™éƒá�§
[   55.431919][ T6069] usb 8-1: Manufacturer: ĉ½ŻÌéĴ–à½˜á€–è•Ş�ŞŸîĵ�ç§ğàĞ�ĉ�ƒé޳ċ¸‰è³¨é½¨ĉĵ âŽ¨áŽ£ìşĴ鐲䎵ċŠċŞĦéˆĥç�ˆà�·í•Šâğï°‹îğŽäżŞä·•ç˘‹ê§žê³ğâœĵêıżê™ˆéƒ�˘‰ìıĥ卵ၚᚆ秴끘⠔á‡ħ곋ĉ´žé²ƒéĦèıĥ훇í�îĤĴê˜˘èŽ°ì²ħ텣�‰ıìˆĥç£Şê¤Ğ앀á݈쀒
[   55.438663][ T6069] usb 8-1: SerialNumber: syz
[   55.444113][ T6361] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   55.446704][ T6361] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   55.666369][ T6069] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   55.670219][ T6069] snd-usb-audio 8-1:8.225: probe with driver snd-usb-audio failed with error -2
[   55.676936][ T6069] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   55.679241][ T6069] snd-usb-audio 8-1:8.132: probe with driver snd-usb-audio failed with error -2
[   55.685721][ T6069] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   55.688012][ T6069] snd-usb-audio 8-1:8.236: probe with driver snd-usb-audio failed with error -2
[   55.696531][ T6069] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   55.746855][ T6069] snd-usb-audio 8-1:8.115: probe with driver snd-usb-audio failed with error -2
[   55.751279][ T6069] usb 8-1: USB disconnect, device number 2
[   55.853070][ T5946] Bluetooth: hci0: command 0x0c1a tx timeout
[   55.879735][ T6406] ALSA: mixer_oss: invalid OSS volume ''
[   55.910022][   T39] kauditd_printk_skb: 103 callbacks suppressed
[   55.910035][   T39] audit: type=1400 audit(1740450360.607:346): avc:  denied  { read } for  pid=6408 comm="syz.2.109" path="socket:[10015]" dev="sockfs" ino=10015 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   55.935480][ T5961] udevd[5961]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:8.115/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   56.005424][   T39] audit: type=1400 audit(1740450360.707:347): avc:  denied  { unmount } for  pid=5953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   56.015419][ T6417] netlink: 'syz.0.112': attribute type 1 has an invalid length.
[   56.017779][ T6417] netlink: 'syz.0.112': attribute type 1 has an invalid length.
[   56.020018][ T6417] netlink: 'syz.0.112': attribute type 2 has an invalid length.
[   56.024927][ T6417] netlink: 'syz.0.112': attribute type 2 has an invalid length.
[   56.067045][   T39] audit: type=1400 audit(1740450360.767:348): avc:  denied  { map } for  pid=6419 comm="syz.1.113" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   56.230854][ T6422] netlink: 8 bytes leftover after parsing attributes in process `syz.0.114'.
[   56.242221][ T6425] netlink: 8 bytes leftover after parsing attributes in process `syz.2.115'.
[   56.250784][ T6425] macsec0: entered promiscuous mode
[   56.308303][   T39] audit: type=1400 audit(1740450361.007:349): avc:  denied  { sqpoll } for  pid=6432 comm="syz.2.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   56.346247][   T39] audit: type=1400 audit(1740450361.047:350): avc:  denied  { create } for  pid=6432 comm="syz.2.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   56.463034][   T39] audit: type=1400 audit(1740450361.157:351): avc:  denied  { create } for  pid=6432 comm="syz.2.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   56.540974][   T39] audit: type=1400 audit(1740450361.237:352): avc:  denied  { setattr } for  pid=6445 comm="syz.3.123" path="/proc/88/task/89/attr/sockcreate" dev="proc" ino=11620 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[   56.554966][   T39] audit: type=1400 audit(1740450361.237:353): avc:  denied  { append } for  pid=6445 comm="syz.3.123" name="dlm_plock" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   56.564986][ T5946] Bluetooth: hci3: command 0x0405 tx timeout
[   56.565324][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout
[   56.573642][ T5294] Bluetooth: hci2: command 0x0c1a tx timeout
[   56.642301][ T6458] PKCS7: Unknown OID: [4] 5.25.43204.122
[   56.644935][ T6458] PKCS7: Only support pkcs7_signedData type
[   56.666363][ T6460] syzkaller1: entered promiscuous mode
[   56.668604][ T6460] syzkaller1: entered allmulticast mode
[   56.897645][   T39] audit: type=1400 audit(1740450361.597:354): avc:  denied  { execute } for  pid=6466 comm="syz.0.129" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=10038 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[   57.076155][   T39] audit: type=1400 audit(1740450361.777:355): avc:  denied  { append } for  pid=6479 comm="syz.2.132" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   57.076185][ T6480] random: crng reseeded on system resumption
[   57.137919][ T6483] netlink: 12 bytes leftover after parsing attributes in process `syz.0.133'.
[   57.156363][ T6483] netlink: 'syz.0.133': attribute type 3 has an invalid length.
[   57.209524][ T6486] xt_time: unknown flags 0xc
[   57.300225][ T6494] syz_tun: entered promiscuous mode
[   57.314000][ T6494] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[   57.490961][ T6503] __nla_validate_parse: 3 callbacks suppressed
[   57.490982][ T6503] netlink: 224 bytes leftover after parsing attributes in process `syz.3.140'.
[   57.510024][ T6503] Bluetooth: (null): Too short H5 packet
[   57.513093][ T6503] netlink: 6 bytes leftover after parsing attributes in process `syz.3.140'.
[   57.517462][ T6503] bridge: RTM_NEWNEIGH with invalid ether address
[   57.522689][ T6503] netlink: 6 bytes leftover after parsing attributes in process `syz.3.140'.
[   57.526102][ T6503] bridge: RTM_NEWNEIGH with invalid ether address
[   57.541549][ T6503] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6503 comm=syz.3.140
[   57.719779][ T6513] random: crng reseeded on system resumption
[   57.747864][ T6515] could not allocate digest TFM handle cryptd(blake2b-160)
[   57.807878][ T6526] process 'syz.3.147' launched './file1' with NULL argv: empty string added
[   57.853838][ T6529] PKCS7: Unknown OID: [4] 5.25.43204.122
[   57.856155][ T6529] PKCS7: Only support pkcs7_signedData type
[   57.923091][ T5294] Bluetooth: hci0: command 0x0c1a tx timeout
[   57.928563][ T6531] Bluetooth: MGMT ver 1.23
[   58.130913][ T6542] validate_nla: 4 callbacks suppressed
[   58.130932][ T6542] netlink: 'syz.0.154': attribute type 2 has an invalid length.
[   58.136916][ T6542] netlink: 'syz.0.154': attribute type 1 has an invalid length.
[   58.218031][ T5294] Bluetooth: hci0: unexpected event for opcode 0x0c47
[   58.243074][  T835] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   58.396512][  T835] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   58.400383][  T835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.404335][  T835] usb 6-1: Product: syz
[   58.407946][  T835] usb 6-1: Manufacturer: syz
[   58.410036][  T835] usb 6-1: SerialNumber: syz
[   58.434797][  T835] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   58.470304][    T9] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   58.545135][ T6564] netlink: 12 bytes leftover after parsing attributes in process `syz.0.161'.
[   58.551006][ T6564] bridge0: port 3(syz_tun) entered blocking state
[   58.555247][ T6564] bridge0: port 3(syz_tun) entered disabled state
[   58.558108][ T6564] syz_tun: entered allmulticast mode
[   58.562202][ T6564] syz_tun: entered promiscuous mode
[   58.565930][ T6564] bridge0: port 3(syz_tun) entered blocking state
[   58.569189][ T6564] bridge0: port 3(syz_tun) entered forwarding state
[   58.645558][ T5294] Bluetooth: hci2: command 0x0c1a tx timeout
[   58.645669][ T5946] Bluetooth: hci3: command 0x0405 tx timeout
[   58.645772][ T5956] Bluetooth: hci1: command 0x0c1a tx timeout
[   58.951306][ T6590] netlink: 'syz.3.167': attribute type 1 has an invalid length.
[   58.955675][ T6590] nbd: couldn't find a device at index 20
[   59.012481][ T6596] fuse: Bad value for 'fd'
[   59.016529][ T6597] fuse: Bad value for 'fd'
[   59.044245][ T6600] PKCS7: Unknown OID: [4] 5.25.43204.122
[   59.045934][ T6600] PKCS7: Only support pkcs7_signedData type
[   59.117849][ T6607] PKCS7: Unknown OID: [4] 5.25.43204.122
[   59.119616][ T6607] PKCS7: Only support pkcs7_signedData type
[   59.435076][ T6626] netlink: 'syz.2.178': attribute type 4 has an invalid length.
[   59.438042][ T6626] netlink: 152 bytes leftover after parsing attributes in process `syz.2.178'.
[   59.531443][    T9] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[   59.534285][    T9] ath9k_htc: Failed to initialize the device
[   59.570282][    T9] usb 6-1: ath9k_htc: USB layer deinitialized
[   59.752514][ T6659] ip6gre0: entered promiscuous mode
[   59.786577][  T834] usb 6-1: USB disconnect, device number 2
[   59.980507][ T6680] Zero length message leads to an empty skb
[   60.061272][  T386] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.137876][  T386] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.209429][  T386] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.247592][ T5294] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   60.251333][ T5294] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   60.256546][ T5294] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   60.271103][  T386] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.274574][ T5294] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   60.278688][ T5294] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   60.282370][ T5294] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.294364][ T6698] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   60.351558][ T6698] program syz.0.203 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   60.372806][ T6705] FAULT_INJECTION: forcing a failure.
[   60.372806][ T6705] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   60.377612][ T6705] CPU: 1 UID: 0 PID: 6705 Comm: syz.1.205 Not tainted 6.14.0-rc4-syzkaller #0
[   60.377632][ T6705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.377642][ T6705] Call Trace:
[   60.377672][ T6705]  <TASK>
[   60.377679][ T6705]  dump_stack_lvl+0x16c/0x1f0
[   60.377822][ T6705]  should_fail_ex+0x50a/0x650
[   60.377892][ T6705]  _copy_from_user+0x2e/0xd0
[   60.377910][ T6705]  kstrtouint_from_user+0xd7/0x1c0
[   60.377930][ T6705]  ? __pfx_kstrtouint_from_user+0x10/0x10
[   60.377957][ T6705]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   60.377983][ T6705]  proc_fail_nth_write+0x84/0x250
[   60.378006][ T6705]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   60.378025][ T6705]  ? ksys_write+0x12b/0x250
[   60.378054][ T6705]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   60.378074][ T6705]  vfs_write+0x24c/0x1150
[   60.378098][ T6705]  ? __fget_files+0x1fc/0x3a0
[   60.378113][ T6705]  ? __pfx___mutex_lock+0x10/0x10
[   60.378133][ T6705]  ? __pfx_vfs_write+0x10/0x10
[   60.378162][ T6705]  ? __fget_files+0x206/0x3a0
[   60.378183][ T6705]  ksys_write+0x12b/0x250
[   60.378206][ T6705]  ? __pfx_ksys_write+0x10/0x10
[   60.378235][ T6705]  do_syscall_64+0xcd/0x250
[   60.378255][ T6705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.378277][ T6705] RIP: 0033:0x7f03e218bc1f
[   60.378291][ T6705] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   60.378306][ T6705] RSP: 002b:00007f03e30a1030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   60.378344][ T6705] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f03e218bc1f
[   60.378354][ T6705] RDX: 0000000000000001 RSI: 00007f03e30a10a0 RDI: 0000000000000003
[   60.378362][ T6705] RBP: 00007f03e30a1090 R08: 0000000000000000 R09: 0000000000000000
[   60.378371][ T6705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   60.378381][ T6705] R13: 0000000000000000 R14: 00007f03e23a5fa0 R15: 00007ffee4fe3338
[   60.378402][ T6705]  </TASK>
[   60.438319][ T6695] chnl_net:caif_netlink_parms(): no params data found
[   60.446548][ T6707] SELinux:  policydb version 266 does not match my version range 15-34
[   60.454606][ T6707] SELinux: failed to load policy
[   60.467222][  T386] bridge_slave_1: left allmulticast mode
[   60.469425][  T386] bridge_slave_1: left promiscuous mode
[   60.472775][  T386] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.480866][  T386] bridge_slave_0: left allmulticast mode
[   60.482707][  T386] bridge_slave_0: left promiscuous mode
[   60.487253][  T386] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.726667][ T5294] Bluetooth: hci3: command 0x0405 tx timeout
[   60.814801][  T386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   60.824858][  T386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   60.835249][  T386] bond0 (unregistering): Released all slaves
[   60.884840][ T6695] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.887975][ T6695] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.893087][ T6695] bridge_slave_0: entered allmulticast mode
[   60.896094][ T6695] bridge_slave_0: entered promiscuous mode
[   60.899586][ T6695] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.901700][ T6695] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.904556][ T6695] bridge_slave_1: entered allmulticast mode
[   60.906946][ T6695] bridge_slave_1: entered promiscuous mode
[   60.969393][ T6695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.976195][ T6695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.029433][ T6695] team0: Port device team_slave_0 added
[   61.052407][ T6695] team0: Port device team_slave_1 added
[   61.083665][ T6695] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.086225][ T6695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.095063][ T6695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.100242][ T6695] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.102603][ T6695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.112226][ T6695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.122500][  T386] hsr_slave_0: left promiscuous mode
[   61.125947][  T386] hsr_slave_1: left promiscuous mode
[   61.128454][  T386] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   61.130760][  T386] batman_adv: batadv0: Removing interface: batadv_slave_0
[   61.134678][  T386] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   61.136938][  T386] batman_adv: batadv0: Removing interface: batadv_slave_1
[   61.145259][   T39] kauditd_printk_skb: 171 callbacks suppressed
[   61.145269][   T39] audit: type=1400 audit(1740450365.847:527): avc:  denied  { unmount } for  pid=5944 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   61.148152][  T834] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   61.158354][  T386] veth1_macvtap: left promiscuous mode
[   61.161019][  T386] veth0_macvtap: left promiscuous mode
[   61.164895][  T386] veth1_vlan: left promiscuous mode
[   61.172840][  T386] veth0_vlan: left promiscuous mode
[   61.325596][  T834] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   61.329604][  T834] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   61.332642][  T834] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   61.336763][  T834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.343364][ T6725] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   61.348969][  T834] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   61.545777][   T39] audit: type=1400 audit(1740450366.247:528): avc:  denied  { mounton } for  pid=6736 comm="syz.1.211" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   61.568690][ T6737] affs: No valid root block on device nullb0
[   61.626447][ T6741] netlink: 24 bytes leftover after parsing attributes in process `syz.1.212'.
[   61.630052][   T39] audit: type=1400 audit(1740450366.327:529): avc:  denied  { setopt } for  pid=6720 comm="syz.3.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   61.637564][   T39] audit: type=1400 audit(1740450366.337:530): avc:  denied  { write } for  pid=6720 comm="syz.3.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   61.920947][  T386] team0 (unregistering): Port device team_slave_1 removed
[   61.986940][  T386] team0 (unregistering): Port device team_slave_0 removed
[   62.245023][ T5294] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[   62.247995][ T5294] Bluetooth: hci0: Injecting HCI hardware error event
[   62.257707][ T5294] Bluetooth: hci0: hardware error 0x00
[   62.323033][ T5946] Bluetooth: hci2: command tx timeout
[   62.534832][ T6745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.213'.
[   62.542519][ T6747] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[   62.546613][ T6747] SELinux: failed to load policy
[   62.561843][ T6745] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53 sclass=netlink_route_socket pid=6745 comm=syz.0.213
[   62.566117][   T39] audit: type=1400 audit(1740450367.267:531): avc:  denied  { read } for  pid=6746 comm="syz.1.214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   62.606918][ T6695] hsr_slave_0: entered promiscuous mode
[   62.609890][ T6695] hsr_slave_1: entered promiscuous mode
[   62.612389][ T6695] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   62.615732][ T6695] Cannot create hsr debugfs directory
[   62.618748][ T6747] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.214'.
[   62.667473][   T39] audit: type=1400 audit(1740450367.367:532): avc:  denied  { shutdown } for  pid=6751 comm="syz.1.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   62.694996][   T39] audit: type=1400 audit(1740450367.397:533): avc:  denied  { connect } for  pid=6755 comm="syz.1.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   62.710147][   T39] audit: type=1400 audit(1740450367.397:534): avc:  denied  { shutdown } for  pid=6755 comm="syz.1.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   62.744976][ T5946] Bluetooth: hci3: adv larger than maximum supported
[   62.744998][ T5946] Bluetooth: hci3: Malformed LE Event: 0x0d
[   62.749292][ T6756] 9pnet: Unknown protocol version 9p2000.u_´
[   62.762727][   T39] audit: type=1400 audit(1740450367.457:535): avc:  denied  { create } for  pid=6759 comm="syz.0.217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   62.781467][   T39] audit: type=1400 audit(1740450367.477:536): avc:  denied  { bind } for  pid=6759 comm="syz.0.217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   62.864914][ T6695] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   62.871386][ T6695] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   62.876162][ T6695] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   62.897457][ T6695] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   62.965209][ T6695] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.978691][ T6695] 8021q: adding VLAN 0 to HW filter on device team0
[   62.983550][ T1225] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.985575][ T1225] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.990568][  T386] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.992730][  T386] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.094686][ T6695] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.230741][ T6695] veth0_vlan: entered promiscuous mode
[   63.237669][ T6695] veth1_vlan: entered promiscuous mode
[   63.258200][ T6695] veth0_macvtap: entered promiscuous mode
[   63.263627][ T6695] veth1_macvtap: entered promiscuous mode
[   63.274750][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.279917][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.283137][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.287969][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.290960][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.294122][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.297964][ T6695] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.312191][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.316409][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.320134][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.324139][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.327808][ T6695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.331241][ T6695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.336606][ T6695] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.349072][ T6695] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.351820][ T6695] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.354609][ T6695] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.357358][ T6695] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.404910][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.407229][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.425832][ T6815] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   63.442777][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.448359][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.654965][ T5946] Bluetooth: hci3: unexpected event for opcode 0x0c25
[   63.837363][  T835] usb 8-1: USB disconnect, device number 3
[   63.842076][ T6859] netlink: 344 bytes leftover after parsing attributes in process `syz.0.231'.
[   63.898114][ T6861] qnx4: no qnx4 filesystem (no root dir).
[   64.084863][ T6880] mmap: syz.4.235 (6880) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   64.323181][ T5294] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[   64.403194][ T5294] Bluetooth: hci2: command tx timeout
[   64.745222][ T6913] bridge: RTM_NEWNEIGH with invalid state 0x1
[   64.805734][ T6918] ufs: You didn't specify the type of your ufs filesystem
[   64.805734][ T6918] 
[   64.805734][ T6918] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[   64.805734][ T6918] 
[   64.805734][ T6918] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[   64.817337][ T6918] ufs: failed to set blocksize
[   64.849170][ T6918] ufs: You didn't specify the type of your ufs filesystem
[   64.849170][ T6918] 
[   64.849170][ T6918] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[   64.849170][ T6918] 
[   64.849170][ T6918] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[   64.862159][ T6918] ufs: failed to set blocksize
[   65.150572][ T6941] netlink: 'syz.4.255': attribute type 64 has an invalid length.
[   65.153043][ T6941] netlink: 'syz.4.255': attribute type 4 has an invalid length.
[   65.155341][ T6941] netlink: 152 bytes leftover after parsing attributes in process `syz.4.255'.
[   65.258951][ T6946] xt_hashlimit: size too large, truncated to 1048576
[   65.342962][ T6069] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   65.513068][ T6069] usb 8-1: Using ep0 maxpacket: 32
[   65.516279][ T6069] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   65.520946][ T6069] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   65.525203][ T6069] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   65.527985][ T6069] usb 8-1: Product: syz
[   65.529384][ T6069] usb 8-1: Manufacturer: syz
[   65.531125][ T6069] usb 8-1: SerialNumber: syz
[   65.535264][ T6069] usb 8-1: config 0 descriptor??
[   65.538159][ T6936] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   65.539144][ T6069] hub 8-1:0.0: bad descriptor, ignoring hub
[   65.539162][ T6069] hub 8-1:0.0: probe with driver hub failed with error -5
[   65.690532][ T6962] tmpfs: Bad value for 'mpol'
[   66.004127][   T45] wlan1: Trigger new scan to find an IBSS to join
[   66.087874][ T6978] netlink: 28 bytes leftover after parsing attributes in process `syz.0.264'.
[   66.090472][ T6978] netlink: 'syz.0.264': attribute type 7 has an invalid length.
[   66.092748][ T6978] netlink: 'syz.0.264': attribute type 8 has an invalid length.
[   66.095137][ T6978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'.
[   66.130920][ T6982] PKCS7: Unknown OID: [4] 5.25.43204.122
[   66.133301][ T6982] PKCS7: Only support pkcs7_signedData type
[   66.137116][ T6982] overlayfs: failed to resolve './file1': -2
[   66.162007][ T6984] capability: warning: `syz.4.266' uses deprecated v2 capabilities in a way that may be insecure
[   66.483037][ T5294] Bluetooth: hci2: command tx timeout
[   66.485957][ T6936] usb 8-1: reset high-speed USB device number 4 using dummy_hcd
[   66.649070][ T6936] usb 8-1: device firmware changed
[   66.652980][ T5949] usb 8-1: USB disconnect, device number 4
[   66.713615][ T6989] JFS: charset not found
[   66.718016][ T6989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.267'.
[   66.721991][ T6989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.267'.
[   66.793172][ T5949] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[   66.870129][ T6999] NILFS (nullb0): couldn't find nilfs on the device
[   66.943465][ T5949] usb 8-1: Using ep0 maxpacket: 32
[   66.949616][ T5949] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   66.964022][ T5949] usb 8-1: string descriptor 0 read error: -22
[   66.971229][ T5949] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   66.978663][ T5949] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   66.986222][ T5949] usb 8-1: config 0 descriptor??
[   66.992626][ T6969] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   66.996586][ T5949] hub 8-1:0.0: bad descriptor, ignoring hub
[   66.998397][ T5949] hub 8-1:0.0: probe with driver hub failed with error -5
[   67.031147][   T39] kauditd_printk_skb: 46 callbacks suppressed
[   67.031160][   T39] audit: type=1400 audit(1740450371.727:583): avc:  denied  { getopt } for  pid=7014 comm="syz.4.274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   67.043413][   T39] audit: type=1400 audit(1740450371.747:584): avc:  denied  { lock } for  pid=7009 comm="syz.1.272" path="/dev/dri/card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   67.050428][   T39] audit: type=1400 audit(1740450371.747:585): avc:  denied  { lock } for  pid=7009 comm="syz.1.272" path="/dev/vmci" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   67.063224][   T39] audit: type=1400 audit(1740450371.757:586): avc:  denied  { write } for  pid=7017 comm="syz.0.275" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   67.072068][   T39] audit: type=1400 audit(1740450371.767:587): avc:  denied  { create } for  pid=7017 comm="syz.0.275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   67.079637][   T39] audit: type=1400 audit(1740450371.777:588): avc:  denied  { ioctl } for  pid=7017 comm="syz.0.275" path="socket:[15476]" dev="sockfs" ino=15476 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   67.092732][ T7019] syzkaller1: entered promiscuous mode
[   67.096251][ T7019] syzkaller1: entered allmulticast mode
[   67.182195][   T39] audit: type=1400 audit(1740450371.877:589): avc:  denied  { append } for  pid=7023 comm="syz.4.277" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   67.201863][ T6936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.254'.
[   67.207441][ T7024] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.277' sets config #1
[   67.313313][   T30] usb 8-1: USB disconnect, device number 5
[   67.320264][   T39] audit: type=1400 audit(1740450372.017:590): avc:  denied  { create } for  pid=7030 comm="syz.1.278" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   67.327248][ T7036] netlink: 4 bytes leftover after parsing attributes in process `syz.4.280'.
[   67.396978][ T7044] PKCS7: Unknown OID: [4] 5.25.43204.122
[   67.398740][ T7044] PKCS7: Only support pkcs7_signedData type
[   67.409203][   T39] audit: type=1400 audit(1740450372.107:591): avc:  denied  { unlink } for  pid=7043 comm="syz.4.282" name="#9" dev="tmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   67.422975][   T39] audit: type=1400 audit(1740450372.107:592): avc:  denied  { mount } for  pid=7043 comm="syz.4.282" name="/" dev="overlay" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   67.461106][ T7047] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1548 sclass=netlink_route_socket pid=7047 comm=syz.4.283
[   67.549112][ T7049] usb 2-1: USB disconnect, device number 2
[   67.796455][ T7059] syz.3.287: attempt to access beyond end of device
[   67.796455][ T7059] loop3: rw=6144, sector=128, nr_sectors = 8 limit=0
[   67.800474][ T7059] gfs2: error -5 reading superblock
[   67.850733][ T7063] netlink: 4 bytes leftover after parsing attributes in process `syz.4.289'.
[   67.854062][ T7063] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   67.857168][ T7063] batman_adv: batadv0: Removing interface: batadv_slave_0
[   67.861279][ T7063] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.865389][ T7063] batman_adv: batadv0: Removing interface: batadv_slave_1
[   67.905689][ T7065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.290'.
[   67.908497][ T7065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.290'.
[   68.016674][ T7071] netlink: 16 bytes leftover after parsing attributes in process `syz.4.292'.
[   68.066782][ T7079] netlink: 'syz.0.293': attribute type 32 has an invalid length.
[   68.193996][ T7084] program syz.3.294 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   68.503289][   T66] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   68.573047][ T5294] Bluetooth: hci2: command tx timeout
[   68.653032][   T66] usb 6-1: Using ep0 maxpacket: 8
[   68.659522][   T66] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   68.663909][   T66] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   68.667547][   T66] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   68.671383][   T66] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   68.676706][   T66] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   68.680211][   T66] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.890734][   T66] usb 6-1: GET_CAPABILITIES returned 0
[   68.892386][   T66] usbtmc 6-1:16.0: can't read capabilities
[   68.958924][ T7100] netlink: 48 bytes leftover after parsing attributes in process `syz.4.298'.
[   68.986832][ T7102] netlink: 28 bytes leftover after parsing attributes in process `syz.0.299'.
[   68.992154][ T1245] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.044616][   T65] wlan1: Trigger new scan to find an IBSS to join
[   69.098893][    C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[   69.105771][ T7086] loop2: detected capacity change from 0 to 524287999
[   69.117922][ T5949] usb 6-1: USB disconnect, device number 3
[   69.190921][ T7120] netlink: 24 bytes leftover after parsing attributes in process `syz.0.303'.
[   69.195675][ T7120] (unnamed net_device) (uninitialized): peer notification delay (512) is not a multiple of miimon (100), value rounded to 500 ms
[   69.239951][ T7123] netlink: 12 bytes leftover after parsing attributes in process `syz.4.305'.
[   69.243737][ T7123] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[   69.288541][ T7126] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7126 comm=syz.4.306
[   69.292159][ T7127] netlink: 'syz.4.306': attribute type 1 has an invalid length.
[   69.600590][ T7143] netlink: 4 bytes leftover after parsing attributes in process `syz.3.311'.
[   69.704064][ T7151] xt_hashlimit: size too large, truncated to 1048576
[   69.884680][ T7168] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   70.025071][ T6008] IPVS: starting estimator thread 0...
[   70.027544][ T7179] netlink: zone id is out of range
[   70.029108][ T7179] netlink: zone id is out of range
[   70.030625][ T7179] netlink: zone id is out of range
[   70.032161][ T7179] netlink: zone id is out of range
[   70.035722][ T7179] netlink: zone id is out of range
[   70.037381][ T7179] netlink: zone id is out of range
[   70.038916][ T7179] netlink: zone id is out of range
[   70.040424][ T7179] netlink: zone id is out of range
[   70.041952][ T7179] netlink: zone id is out of range
[   70.045573][ T7179] netlink: zone id is out of range
[   70.133076][ T7181] IPVS: using max 36 ests per chain, 86400 per kthread
[   70.573228][ T1453] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   70.744016][ T1453] usb 6-1: Using ep0 maxpacket: 16
[   70.747171][ T1453] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[   70.750168][ T1453] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 219, changing to 11
[   70.755838][ T1453] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 16652, setting to 1024
[   70.759491][ T1453] usb 6-1: config 0 interface 0 has no altsetting 0
[   70.763148][ T1453] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[   70.765855][ T1453] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.768355][ T1453] usb 6-1: Product: syz
[   70.770466][ T1453] usb 6-1: Manufacturer: syz
[   70.771986][ T1453] usb 6-1: SerialNumber: syz
[   70.775918][ T1453] usb 6-1: config 0 descriptor??
[   71.002080][ T1453] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input6
[   71.232202][ T1453] usb 6-1: USB disconnect, device number 4
[   71.532554][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[   71.536270][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[   71.780283][ T7222] overlayfs: conflicting options: userxattr,redirect_dir=on
[   71.956375][ T7231] input input7: cannot allocate more than FF_MAX_EFFECTS effects
[   72.003175][   T65] wlan1: Trigger new scan to find an IBSS to join
[   72.028993][ T7241] netlink: 'syz.0.339': attribute type 1 has an invalid length.
[   72.033815][ T7241] block nbd0: not configured, cannot reconfigure
[   72.044363][   T39] kauditd_printk_skb: 63 callbacks suppressed
[   72.044377][   T39] audit: type=1326 audit(1740450376.747:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7225 comm="syz.1.334" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03e218cd6b code=0x7ffc0000
[   72.079162][   T39] audit: type=1326 audit(1740450376.777:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7243 comm="syz.4.340" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f549d78d169 code=0x0
[   72.103034][  T835] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   72.106288][   T39] audit: type=1326 audit(1740450376.807:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7225 comm="syz.1.334" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03e218cd6b code=0x7ffc0000
[   72.117309][   T39] audit: type=1326 audit(1740450376.817:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7225 comm="syz.1.334" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03e218cd6b code=0x7ffc0000
[   72.126735][   T39] audit: type=1326 audit(1740450376.817:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7225 comm="syz.1.334" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03e218cd6b code=0x7ffc0000
[   72.137715][   T39] audit: type=1400 audit(1740450376.837:661): avc:  denied  { map } for  pid=7251 comm="syz.0.342" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   72.149386][   T39] audit: type=1400 audit(1740450376.837:662): avc:  denied  { execute } for  pid=7251 comm="syz.0.342" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   72.183281][   T39] audit: type=1326 audit(1740450376.887:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7225 comm="syz.1.334" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03e218cd6b code=0x7ffc0000
[   72.226230][   T39] audit: type=1400 audit(1740450376.927:664): avc:  denied  { ioctl } for  pid=7251 comm="syz.0.342" path="/dev/vhost-net" dev="devtmpfs" ino=1300 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   72.270936][ T7257] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[   72.274002][ T7257] UDF-fs: Scanning with blocksize 2048 failed
[   72.274715][   T39] audit: type=1326 audit(1740450376.977:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7225 comm="syz.1.334" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f03e218cd6b code=0x7ffc0000
[   72.289599][  T835] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   72.292650][ T7257] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[   72.293040][  T835] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   72.295280][ T7257] UDF-fs: Scanning with blocksize 4096 failed
[   72.298011][  T835] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   72.302827][  T835] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.314543][ T7226] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   72.326599][  T835] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[   72.522528][  T835] usb 6-1: USB disconnect, device number 5
[   72.775720][ T7227] trusted_key: encrypted_key: insufficient parameters specified
[   72.789390][ T7227] overlay: Unknown parameter 'fowner<00000000000000000000'
[   72.845983][ T7313] 9pnet_virtio: no channels available for device syz
[   72.850452][ T7313] overlayfs: overlapping lowerdir path
[   72.907152][ T7316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.356'.
[   72.944232][ T6904] wlan1: Creating new IBSS network, BSSID 7a:bf:6f:1b:8d:78
[   73.088407][ T7327] program syz.0.360 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   73.093974][ T7327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.360'.
[   73.097107][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.360'.
[   73.099846][ T7327] netlink: 'syz.0.360': attribute type 10 has an invalid length.
[   73.102354][ T7328] netlink: 'syz.0.360': attribute type 10 has an invalid length.
[   73.202022][ T7344] netlink: 12 bytes leftover after parsing attributes in process `syz.0.362'.
[   73.206000][ T7344] netlink: 52 bytes leftover after parsing attributes in process `syz.0.362'.
[   73.241691][ T7348] program syz.0.364 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   73.421536][ T7354] netlink: 4 bytes leftover after parsing attributes in process `syz.4.366'.
[   73.602067][ T7367] block nbd1: NBD_DISCONNECT
[   73.690843][ T7372] 9p: Unknown access argument 00000000004294967295: -22
[   74.105435][ T7403] netlink: 8 bytes leftover after parsing attributes in process `syz.0.377'.
[   74.111084][ T7403] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   74.117178][ T7403] gretap1: entered promiscuous mode
[   74.118756][ T7403] gretap1: entered allmulticast mode
[   74.503040][  T835] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[   74.623049][  T834] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   74.664682][  T835] usb 9-1: config 0 has an invalid interface number: 50 but max is 0
[   74.667661][  T835] usb 9-1: config 0 has no interface number 0
[   74.669538][  T835] usb 9-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   74.675008][  T835] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[   74.677589][  T835] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.679934][  T835] usb 9-1: Product: syz
[   74.681170][  T835] usb 9-1: Manufacturer: syz
[   74.682549][  T835] usb 9-1: SerialNumber: syz
[   74.686230][  T835] usb 9-1: config 0 descriptor??
[   74.692395][  T835] yurex 9-1:0.50: USB YUREX device now attached to Yurex #0
[   74.772993][  T834] usb 5-1: Using ep0 maxpacket: 8
[   74.776654][  T834] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   74.780759][  T834] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[   74.784531][  T834] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[   74.788997][  T834] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[   74.793640][  T834] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[   74.797244][  T834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.807226][  T834] hub 5-1:1.0: bad descriptor, ignoring hub
[   74.809621][  T834] hub 5-1:1.0: probe with driver hub failed with error -5
[   74.812843][  T834] cdc_wdm 5-1:1.0: skipping garbage
[   74.815646][  T834] cdc_wdm 5-1:1.0: skipping garbage
[   74.819597][  T834] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device
[   74.822003][  T834] cdc_wdm 5-1:1.0: Unknown control protocol
[   74.844239][ T5949] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[   74.895780][  T835] usb 9-1: USB disconnect, device number 2
[   74.898694][  T835] yurex 9-1:0.50: USB YUREX #0 now disconnected
[   74.973279][ T5949] usb 6-1: device descriptor read/64, error -71
[   75.173540][  T835] usb 5-1: USB disconnect, device number 2
[   75.213260][ T5949] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[   75.343180][ T5949] usb 6-1: device descriptor read/64, error -71
[   75.464935][ T5949] usb usb6-port1: attempt power cycle
[   75.823370][ T5949] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[   75.856346][ T5949] usb 6-1: device descriptor read/8, error -71
[   76.093545][ T5949] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[   76.113611][ T5949] usb 6-1: device descriptor read/8, error -71
[   76.223255][ T5949] usb usb6-port1: unable to enumerate USB device
[   76.563970][ T7494] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   76.576526][ T7492] overlay: Unknown parameter 'obj_role'
[   76.847037][ T7509] xt_hashlimit: size too large, truncated to 1048576
[   77.078188][ T7522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.403'.
[   77.090023][ T7522] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   77.092859][ T7522] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   77.095707][ T7522] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   77.098930][ T7522] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   77.104746][ T7522] vxlan0: entered promiscuous mode
[   77.193086][ T6008] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   77.363114][ T6008] usb 5-1: Using ep0 maxpacket: 8
[   77.367865][ T6008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   77.372502][ T6008] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   77.376896][ T6008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.385426][ T6008] usb 5-1: config 0 descriptor??
[   77.598403][ T6008] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   77.668755][ T7525] mkiss: ax0: crc mode is auto.
[   77.929764][ T7545] netlink: 16 bytes leftover after parsing attributes in process `syz.4.407'.
[   77.940296][ T7545] netlink: 32 bytes leftover after parsing attributes in process `syz.4.407'.
[   77.944563][ T7545] netlink: 32 bytes leftover after parsing attributes in process `syz.4.407'.
[   78.047100][ T7518] 9pnet: p9_errstr2errno: server reported unknown error ¤ÑĊl0îƒ&IĜü0‚Ñ(|9QûÂMÍ-t�tÈÎÇVıKr-j"ž‰ž:²a)ĦËtGŻëò,üŸ‘Ù�ümĊŬu4W¨
[   78.062828][ T7552] netlink: 12 bytes leftover after parsing attributes in process `syz.4.410'.
[   78.076920][   T39] kauditd_printk_skb: 99 callbacks suppressed
[   78.076930][   T39] audit: type=1400 audit(1740450382.777:765): avc:  denied  { bind } for  pid=7551 comm="syz.4.410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   78.080033][  T834] usb 5-1: USB disconnect, device number 3
[   78.153316][ T7559] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   78.217479][ T7560] 9pnet_virtio: no channels available for device syz
[   78.217479][   T39] audit: type=1400 audit(1740450382.917:766): avc:  denied  { mounton } for  pid=7558 comm="syz.4.412" path="/76/bus/file0" dev="overlay" ino=43909191 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   78.359187][ T7566] netlink: 12 bytes leftover after parsing attributes in process `syz.4.414'.
[   78.402399][ T7570] netlink: 165 bytes leftover after parsing attributes in process `syz.4.415'.
[   78.476376][   T39] audit: type=1400 audit(1740450383.177:767): avc:  denied  { mount } for  pid=7573 comm="syz.4.416" name="/" dev="hugetlbfs" ino=16233 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[   78.484286][ T7574] overlayfs: missing 'lowerdir'
[   78.500262][   T39] audit: type=1400 audit(1740450383.197:768): avc:  denied  { unmount } for  pid=6695 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[   78.572076][ T7578] netlink: 24 bytes leftover after parsing attributes in process `syz.4.418'.
[   78.661703][ T7585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   78.666870][ T7585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   78.678303][   T39] audit: type=1400 audit(1740450383.377:769): avc:  denied  { listen } for  pid=7580 comm="syz.4.419" lport=59642 faddr=172.30.0.5 fport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   78.864958][   T39] audit: type=1400 audit(1740450383.567:770): avc:  denied  { getopt } for  pid=7592 comm="syz.1.423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[   78.872659][ T7594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.423'.
[   78.893861][ T6008] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   78.936425][   T39] audit: type=1400 audit(1740450383.637:771): avc:  denied  { create } for  pid=7600 comm="syz.1.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   78.942285][   T39] audit: type=1400 audit(1740450383.637:772): avc:  denied  { connect } for  pid=7600 comm="syz.1.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   78.950342][   T39] audit: type=1400 audit(1740450383.637:773): avc:  denied  { getopt } for  pid=7600 comm="syz.1.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   78.960228][   T39] audit: type=1400 audit(1740450383.637:774): avc:  denied  { ioctl } for  pid=7600 comm="syz.1.425" path="socket:[18785]" dev="sockfs" ino=18785 ioctlcmd=0x8905 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   78.994410][ T7611] xt_l2tp: v2 tid > 0xffff: 150994944
[   79.004501][ T7614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.007141][ T7614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.043906][ T6008] usb 5-1: Using ep0 maxpacket: 16
[   79.047837][ T6008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[   79.054544][ T6008] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[   79.057996][ T6008] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.062414][ T6008] usb 5-1: Product: syz
[   79.064002][ T6008] usb 5-1: Manufacturer: syz
[   79.065644][ T6008] usb 5-1: SerialNumber: syz
[   79.068562][ T6008] usb 5-1: config 0 descriptor??
[   79.089120][ T6008] hub 5-1:0.0: bad descriptor, ignoring hub
[   79.091648][ T6008] hub 5-1:0.0: probe with driver hub failed with error -5
[   79.097869][ T6008] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input9
[   79.236031][ T7614] bond0: (slave syz_tun): Releasing backup interface
[   79.253238][  T834] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[   79.465520][ T5949] usb 5-1: USB disconnect, device number 4
[   79.473667][ T7643] QAT: Invalid ioctl -2110754303
[   79.609167][ T7659] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   79.702115][ T7663] netlink: 'syz.4.441': attribute type 30 has an invalid length.
[   79.739767][ T7667] netlink: 132 bytes leftover after parsing attributes in process `syz.4.442'.
[   79.812592][ T7674] tmpfs: Bad value for 'mpol'
[   79.934328][ T5949] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   80.000911][ T7686] No control pipe specified
[   80.004737][ T7686] netlink: 'syz.1.448': attribute type 16 has an invalid length.
[   80.007839][ T7686] netlink: 'syz.1.448': attribute type 3 has an invalid length.
[   80.010519][ T7686] netlink: 'syz.1.448': attribute type 1 has an invalid length.
[   80.012992][ T7686] netlink: 'syz.1.448': attribute type 2 has an invalid length.
[   80.015570][ T7686] netlink: 64022 bytes leftover after parsing attributes in process `syz.1.448'.
[   80.092957][ T5949] usb 5-1: Using ep0 maxpacket: 16
[   80.101400][ T5949] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   80.106657][ T5949] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   80.109946][ T5949] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   80.114320][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.118959][ T5949] usb 5-1: config 0 descriptor??
[   80.550930][ T5949] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   80.553460][ T5949] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   80.555581][ T5949] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   80.557642][ T5949] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   80.559755][ T5949] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   80.564150][ T5949] appleir 0003:05AC:8241.0002: No inputs registered, leaving
[   80.571615][ T5949] appleir 0003:05AC:8241.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0
[   80.817931][ T7708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.820718][ T7708] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.870518][ T7713] fuse: Bad value for 'group_id'
[   80.872539][ T7713] fuse: Bad value for 'group_id'
[   80.876968][ T5949] usb 5-1: USB disconnect, device number 5
[   80.937099][ T1245] Bluetooth: hci4: Frame reassembly failed (-84)
[   81.041458][ T7734] netlink: 'syz.0.463': attribute type 2 has an invalid length.
[   81.742694][   T12] bridge0: port 3(syz_tun) entered disabled state
[   81.772784][   T25] cfg80211: failed to load regulatory.db
[   81.867537][ T7755] isofs_fill_super: bread failed, dev=sr0, iso_blknum=32, block=32
[   81.875980][ T7755] netlink: 'syz.0.470': attribute type 1 has an invalid length.
[   81.879060][ T7755] netlink: 'syz.0.470': attribute type 3 has an invalid length.
[   81.954790][ T7767] rtc_cmos 00:05: Alarms can be up to one day in the future
[   82.003706][ T7772] netlink: 'syz.0.475': attribute type 13 has an invalid length.
[   82.126639][ T7791] loop9: detected capacity change from 0 to 8
[   82.131196][ T7791]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[   82.133571][ T7791] loop9: partition table partially beyond EOD, truncated
[   82.136454][ T7791] loop9: p1 size 4245934988 extends beyond EOD, truncated
[   82.520879][ T7804] netlink: 'syz.0.486': attribute type 13 has an invalid length.
[   82.963040][ T5294] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   82.963077][ T5946] Bluetooth: hci4: command 0x1003 tx timeout
[   83.122539][ T7831] xt_hashlimit: size too large, truncated to 1048576
[   83.204927][ T5294] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   83.207890][ T5294] Bluetooth: hci2: Injecting HCI hardware error event
[   83.212627][ T5946] Bluetooth: hci2: hardware error 0x00
[   83.256629][ T7837] __nla_validate_parse: 7 callbacks suppressed
[   83.256641][ T7837] netlink: 12 bytes leftover after parsing attributes in process `syz.4.494'.
[   83.298035][ T7845] net_ratelimit: 1 callbacks suppressed
[   83.298052][ T7845] openvswitch: netlink: IP tunnel dst address not specified
[   83.302803][   T39] kauditd_printk_skb: 30 callbacks suppressed
[   83.302812][   T39] audit: type=1400 audit(1740450387.997:805): avc:  denied  { bind } for  pid=7844 comm="syz.4.496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   83.317780][ T7845] IPv4: Oversized IP packet from 127.202.26.0
[   83.320810][   T39] audit: type=1400 audit(1740450388.007:806): avc:  denied  { name_bind } for  pid=7844 comm="syz.4.496" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   83.327589][   T39] audit: type=1400 audit(1740450388.007:807): avc:  denied  { node_bind } for  pid=7844 comm="syz.4.496" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   83.353811][   T39] audit: type=1400 audit(1740450388.057:808): avc:  denied  { connect } for  pid=7848 comm="syz.1.498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   83.586674][ T7859] input: syz0 as /devices/virtual/input/input12
[   83.596860][   T39] audit: type=1400 audit(1740450388.297:809): avc:  denied  { read write } for  pid=7853 comm="syz.4.500" name="file0" dev="9p" ino=43909191 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   83.601854][ T7859] syzkaller1: entered promiscuous mode
[   83.609670][ T7859] syzkaller1: entered allmulticast mode
[   83.850087][   T39] audit: type=1400 audit(1740450388.547:810): avc:  denied  { read } for  pid=7867 comm="syz.0.504" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   83.904730][ T7871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.504'.
[   83.918137][   T39] audit: type=1400 audit(1740450388.617:811): avc:  denied  { ioctl } for  pid=7869 comm="syz.4.505" path="socket:[18212]" dev="sockfs" ino=18212 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   83.931436][ T7870] Bluetooth: hci0: Opcode 0x080f failed: -4
[   84.231395][ T7881] cgroup: Need name or subsystem set
[   84.253345][ T7887] iso9660: Unknown parameter '':'
[   84.255814][ T7887] fuse: blksize only supported for fuseblk
[   84.286468][ T7889] 9pnet_fd: Insufficient options for proto=fd
[   84.290392][   T39] audit: type=1400 audit(1740450388.987:812): avc:  denied  { setopt } for  pid=7888 comm="syz.0.511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[   84.365259][   T39] audit: type=1400 audit(1740450389.067:813): avc:  denied  { write } for  pid=7891 comm="syz.0.512" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   84.378597][ T7894] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[   84.381665][ T7894] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   84.441684][ T7896] netlink: 20 bytes leftover after parsing attributes in process `syz.0.514'.
[   84.622358][ T7911] netlink: 20 bytes leftover after parsing attributes in process `syz.1.518'.
[   84.625983][   T39] audit: type=1400 audit(1740450389.317:814): avc:  denied  { ioctl } for  pid=7906 comm="syz.1.518" path="cgroup:[4026532901]" dev="nsfs" ino=4026532901 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   84.643504][ T7907] netlink: 8 bytes leftover after parsing attributes in process `syz.1.518'.
[   84.659981][ T7915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.519'.
[   84.895722][ T7934] openvswitch: netlink: IPv6 tunnel dst address is zero
[   85.078346][ T7942] team0: No ports can be present during mode change
[   85.146005][ T7949] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[   85.150519][ T7949] qnx6: wrong signature (magic) in superblock #1.
[   85.154330][ T7949] qnx6: unable to read the first superblock
[   85.209815][ T7950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.527'.
[   85.219385][ T7951] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[   85.224277][ T7951] qnx6: wrong signature (magic) in superblock #1.
[   85.227037][ T7951] qnx6: unable to read the first superblock
[   85.293792][ T5946] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   85.306823][  T386] tipc: Resetting bearer <eth:macvlan0>
[   85.358169][ T7960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'.
[   85.635336][ T7985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.538'.
[   85.639080][ T7985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.538'.
[   85.642779][ T7985] netlink: 'syz.0.538': attribute type 12 has an invalid length.
[   85.677789][ T7987] input: syz0 as /devices/virtual/input/input13
[   85.725147][ T7991] atomic_op ffff888035fb5998 conn xmit_atomic 0000000000000000
[   85.783435][ T7998] bond0: (slave vlan1): Opening slave failed
[   85.846065][ T8000] tipc: Failed to obtain node identity
[   85.847766][ T8000] tipc: Enabling of bearer <ib:veth0_to_batadv> rejected, failed to enable media
[   86.261861][ T8010] hfsplus: unable to find HFS+ superblock
[   86.372831][ T8020] netlink: 'syz.0.551': attribute type 39 has an invalid length.
[   86.419037][ T5946] Bluetooth: hci3: SCO packet for unknown connection handle 200
[   87.228459][ T8062] SELinux:  policydb version 1402900228 does not match my version range 15-34
[   87.235487][ T8062] SELinux: failed to load policy
[   87.354393][ T8070] macsec0: entered promiscuous mode
[   87.418272][ T8080] CIFS: iocharset name too long
[   87.455654][ T5294] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   87.472085][ T5294] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   87.480378][ T5294] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   87.487283][ T5294] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   87.489801][ T5294] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   87.492220][ T5294] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   87.646180][ T8081] chnl_net:caif_netlink_parms(): no params data found
[   87.718499][  T386] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.733834][   T25] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[   87.781848][  T386] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.788929][ T8081] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.791053][ T8081] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.793941][ T8081] bridge_slave_0: entered allmulticast mode
[   87.796412][ T8081] bridge_slave_0: entered promiscuous mode
[   87.799194][ T8081] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.801312][ T8081] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.805801][ T8081] bridge_slave_1: entered allmulticast mode
[   87.808408][ T8081] bridge_slave_1: entered promiscuous mode
[   87.839033][ T8081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.843396][ T8081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.892072][  T386] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.901326][ T8081] team0: Port device team_slave_0 added
[   87.904371][   T25] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   87.904390][   T25] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   87.904402][   T25] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   87.904420][   T25] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   87.904431][   T25] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.905878][   T25] usb 9-1: config 0 descriptor??
[   87.910410][ T8081] team0: Port device team_slave_1 added
[   87.949965][ T8081] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.949978][ T8081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.949993][ T8081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.951575][ T8081] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.971332][ T8081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.971351][ T8081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.989156][  T386] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.030702][ T8081] hsr_slave_0: entered promiscuous mode
[   88.031040][ T8081] hsr_slave_1: entered promiscuous mode
[   88.031249][ T8081] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.031336][ T8081] Cannot create hsr debugfs directory
[   88.041759][ T8117] xt_hashlimit: size too large, truncated to 1048576
[   88.147576][  T386] bridge_slave_1: left allmulticast mode
[   88.147682][  T386] bridge_slave_1: left promiscuous mode
[   88.147898][  T386] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.149979][   T25] usbhid 9-1:0.0: can't add hid device: -71
[   88.150069][   T25] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[   88.151748][   T25] usb 9-1: USB disconnect, device number 3
[   88.158681][  T386] bridge_slave_0: left allmulticast mode
[   88.172143][  T386] bridge_slave_0: left promiscuous mode
[   88.172305][  T386] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.319599][ T8128] __nla_validate_parse: 39 callbacks suppressed
[   88.319613][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.324812][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.327531][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.343742][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.346452][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.349100][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.382575][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.385535][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.388549][ T8128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.581'.
[   88.456553][  T386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   88.464889][  T386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   88.476154][  T386] bond0 (unregistering): Released all slaves
[   88.522371][ T8081] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   88.532375][ T8081] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   88.540196][ T8081] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   88.547813][ T8081] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   88.646763][   T39] kauditd_printk_skb: 13 callbacks suppressed
[   88.646776][   T39] audit: type=1400 audit(1740450393.347:828): avc:  denied  { mount } for  pid=8147 comm="syz.0.586" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   88.661554][ T8081] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.672809][ T8081] 8021q: adding VLAN 0 to HW filter on device team0
[   88.678452][ T1225] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.680569][ T1225] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.691301][ T1225] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.693695][ T1225] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.701155][ T8153] netlink: 16 bytes leftover after parsing attributes in process `syz.1.587'.
[   88.711994][   T39] audit: type=1400 audit(1740450393.407:829): avc:  denied  { setopt } for  pid=8156 comm="syz.4.589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   88.850084][  T386] hsr_slave_0: left promiscuous mode
[   88.856314][  T386] hsr_slave_1: left promiscuous mode
[   88.859124][  T386] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.862090][  T386] batman_adv: batadv0: Removing interface: batadv_slave_0
[   88.874798][  T386] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.876979][  T386] batman_adv: batadv0: Removing interface: batadv_slave_1
[   88.899031][  T386] veth1_macvtap: left promiscuous mode
[   88.900359][ T8175] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   88.900772][  T386] veth0_macvtap: left promiscuous mode
[   88.906163][  T386] veth1_vlan: left promiscuous mode
[   88.907894][  T386] veth0_vlan: left promiscuous mode
[   88.910350][   T39] audit: type=1326 audit(1740450393.607:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8171 comm="syz.4.593" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f549d78d169 code=0x7ffc0000
[   88.919438][   T39] audit: type=1326 audit(1740450393.607:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8171 comm="syz.4.593" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f549d78d169 code=0x7ffc0000
[   89.524865][ T5294] Bluetooth: hci4: command tx timeout
[   89.663269][  T386] team0 (unregistering): Port device team_slave_1 removed
[   89.746579][  T386] team0 (unregistering): Port device team_slave_0 removed
[   90.367867][ T8184] vlan2: entered allmulticast mode
[   90.369507][ T8184] veth0_virt_wifi: entered allmulticast mode
[   90.395251][ T8081] 8021q: adding VLAN 0 to HW filter on device batadv0
[   90.529510][ T8081] veth0_vlan: entered promiscuous mode
[   90.539564][ T8081] veth1_vlan: entered promiscuous mode
[   90.554220][ T8081] veth0_macvtap: entered promiscuous mode
[   90.559530][ T8081] veth1_macvtap: entered promiscuous mode
[   90.570676][ T8081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.574337][ T8081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.577664][ T8081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.581808][ T8081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.585671][ T8081] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.590688][ T8081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.594279][ T8081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.597630][ T8081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.600737][ T8081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.604898][ T8081] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.611376][ T8081] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.615622][ T8081] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.619298][ T8081] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.622763][ T8081] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.663493][ T8210] kvm: kvm [8209]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[   90.700127][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.702536][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.718401][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.720876][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.763169][ T6069] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[   90.791368][  T386] IPVS: stop unused estimator thread 0...
[   90.923094][ T6069] usb 9-1: Using ep0 maxpacket: 8
[   90.925601][   T35] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   90.929850][ T6069] usb 9-1: config index 0 descriptor too short (expected 5924, got 36)
[   90.935778][ T6069] usb 9-1: config 250 has an invalid interface number: 228 but max is -1
[   90.938961][ T6069] usb 9-1: config 250 has 1 interface, different from the descriptor's value: 0
[   90.942485][ T6069] usb 9-1: config 250 has no interface number 0
[   90.945199][ T6069] usb 9-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[   90.949751][ T6069] usb 9-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[   90.954158][ T6069] usb 9-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[   90.957221][ T6069] usb 9-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[   90.960619][ T6069] usb 9-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[   90.966144][ T6069] usb 9-1: config 250 interface 228 has no altsetting 0
[   90.970536][ T6069] usb 9-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[   90.974528][ T6069] usb 9-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[   90.977601][ T6069] usb 9-1: Product: syz
[   90.979331][ T6069] usb 9-1: SerialNumber: syz
[   90.986657][ T6069] hub 9-1:250.228: bad descriptor, ignoring hub
[   90.988512][ T6069] hub 9-1:250.228: probe with driver hub failed with error -5
[   91.043179][ T6955] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[   91.072952][   T35] usb 5-1: Using ep0 maxpacket: 16
[   91.077690][   T35] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[   91.080950][   T35] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[   91.084560][   T35] usb 5-1: Product: syz
[   91.086374][   T35] usb 5-1: Manufacturer: syz
[   91.088408][   T35] usb 5-1: SerialNumber: syz
[   91.093178][   T35] usb 5-1: config 0 descriptor??
[   91.192603][ T8212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.195402][ T8212] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.198993][ T6069] usblp 9-1:250.228: usblp0: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[   91.204247][ T6955] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[   91.207992][ T6955] usb 10-1: config 0 interface 0 has no altsetting 0
[   91.211747][ T6955] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   91.214741][ T6955] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.217840][ T6955] usb 10-1: Product: syz
[   91.219303][ T6955] usb 10-1: Manufacturer: syz
[   91.220752][ T6955] usb 10-1: SerialNumber: syz
[   91.223862][ T6955] usb 10-1: config 0 descriptor??
[   91.228950][ T6955] usb 10-1: selecting invalid altsetting 0
[   91.309021][ T6069] usb 5-1: USB disconnect, device number 7
[   91.402681][ T8212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.406306][ T8212] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.439506][ T6955] usb 10-1: USB disconnect, device number 2
[   91.516490][ T6069] usb 9-1: USB disconnect, device number 4
[   91.518895][ T6069] usblp0: removed
[   91.603044][ T5294] Bluetooth: hci4: command tx timeout
[   91.875709][   T39] audit: type=1400 audit(1740450396.577:832): avc:  denied  { create } for  pid=8302 comm="syz.1.608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[   91.923288][   T39] audit: type=1400 audit(1740450396.627:833): avc:  denied  { write } for  pid=8305 comm="syz.1.609" name="/" dev="9p" ino=43909177 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   91.932019][   T39] audit: type=1400 audit(1740450396.627:834): avc:  denied  { add_name } for  pid=8305 comm="syz.1.609" name="blkio.bfq.io_serviced" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   91.940655][   T39] audit: type=1400 audit(1740450396.627:835): avc:  denied  { create } for  pid=8305 comm="syz.1.609" name="blkio.bfq.io_serviced" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   91.951855][   T39] audit: type=1400 audit(1740450396.627:836): avc:  denied  { associate } for  pid=8305 comm="syz.1.609" name="blkio.bfq.io_serviced" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   91.971614][   T39] audit: type=1400 audit(1740450396.667:837): avc:  denied  { append open } for  pid=8305 comm="syz.1.609" path="/148/file0/blkio.bfq.io_serviced" dev="9p" ino=43909238 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   91.991156][ T8306] netlink: 'syz.1.609': attribute type 1 has an invalid length.
[   91.997802][ T8317] 9pnet_virtio: no channels available for device syz
[   92.154982][ T8326] openvswitch: netlink: Key 6 has unexpected len 0 expected 2
[   92.284390][ T8347] ipt_rpfilter: unknown options
[   92.321194][ T8352] 9pnet_fd: Insufficient options for proto=fd
[   92.443827][ T8364] capability: warning: `syz.0.627' uses 32-bit capabilities (legacy support in use)
[   92.682291][ T8392] netlink: 'syz.1.634': attribute type 18 has an invalid length.
[   92.697318][ T8392] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   92.738278][ T8396] Bluetooth: MGMT ver 1.23
[   93.397571][ T8405] __nla_validate_parse: 6 callbacks suppressed
[   93.397588][ T8405] netlink: 168 bytes leftover after parsing attributes in process `syz.4.639'.
[   93.493003][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.498506][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.501192][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.504983][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.508600][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.512002][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.515486][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.519008][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.522237][ T8412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.641'.
[   93.662416][   T39] kauditd_printk_skb: 8 callbacks suppressed
[   93.662434][   T39] audit: type=1400 audit(1740450398.357:846): avc:  denied  { bind } for  pid=8420 comm="syz.1.644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   93.676952][   T39] audit: type=1400 audit(1740450398.367:847): avc:  denied  { node_bind } for  pid=8420 comm="syz.1.644" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[   93.692114][   T39] audit: type=1400 audit(1740450398.377:848): avc:  denied  { connect } for  pid=8420 comm="syz.1.644" laddr=172.20.20.170 lport=46149 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   93.693059][ T5294] Bluetooth: hci4: command tx timeout
[   93.701773][   T39] audit: type=1400 audit(1740450398.377:849): avc:  denied  { name_connect } for  pid=8420 comm="syz.1.644" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[   93.751770][   T39] audit: type=1400 audit(1740450398.447:850): avc:  denied  { append } for  pid=8426 comm="syz.4.646" name="btrfs-control" dev="devtmpfs" ino=1337 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[   94.056402][ T8460] ref_ctr_offset mismatch. inode: 0x35d offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[   95.237170][ T8498] netlink: 'syz.1.665': attribute type 9 has an invalid length.
[   95.239732][ T8498] tipc: Resetting bearer <eth:macvlan0>
[   95.547675][ T8514] vlan3: entered allmulticast mode
[   95.666324][ T8521] gfs2: path_lookup on ™6(ï+‰d‹QÌnB´!eU‚çVè!š`:Ñ 8×DSEíÄ��ÄèÎ	Áy|YT˘�{-€í
ê°”,mb/ returned error -2
[   95.773288][ T5294] Bluetooth: hci4: command tx timeout
[   95.841494][ T8545] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   95.845984][ T8545] xt_CHECKSUM: unsupported CHECKSUM operation f4
[   96.014598][ T8563] CUSE: zero length info key specified
[   96.048299][   T39] audit: type=1400 audit(1740450400.747:851): avc:  denied  { getopt } for  pid=8564 comm="syz.0.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   96.083010][   T39] audit: type=1400 audit(1740450400.777:852): avc:  denied  { map } for  pid=8568 comm="syz.5.685" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   96.091503][   T39] audit: type=1400 audit(1740450400.787:853): avc:  denied  { watch } for  pid=8568 comm="syz.5.685" path="/12" dev="tmpfs" ino=76 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   96.148463][   T39] audit: type=1326 audit(1740450400.847:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8572 comm="syz.1.686" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03e218d169 code=0x7ffc0000
[   96.155559][   T39] audit: type=1326 audit(1740450400.847:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8572 comm="syz.1.686" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03e218d169 code=0x7ffc0000
[   96.179147][ T8575] netlink: 'syz.0.687': attribute type 2 has an invalid length.
[   96.183725][ T8575] netlink: 'syz.0.687': attribute type 2 has an invalid length.
[   96.223905][ T8582] xt_l2tp: v2 doesn't support IP mode
[   96.376748][ T8604] random: crng reseeded on system resumption
[   96.545592][ T8604] Restarting kernel threads ... done.
[   96.622037][ T8616] use of bytesused == 0 is deprecated and will be removed in the future,
[   96.625592][ T8616] use the actual size instead.
[   96.776240][ T8622] hub 2-0:1.0: USB hub found
[   96.778158][ T8622] hub 2-0:1.0: 6 ports detected
[   96.944996][ T6955] usb 2-1: new high-speed USB device number 3 using ehci-pci
[   97.096887][ T8638] lo: entered allmulticast mode
[   97.100016][ T8638] tunl0: entered allmulticast mode
[   97.102692][ T8638] gre0: entered allmulticast mode
[   97.117812][ T8636] overlayfs: statfs failed on './file0'
[   97.123592][ T8638] gretap0: entered allmulticast mode
[   97.128366][ T8638] erspan0: entered allmulticast mode
[   97.129355][ T6955] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[   97.134547][ T8638] ip_vti0: entered allmulticast mode
[   97.137263][ T8638] ip6_vti0: entered allmulticast mode
[   97.140035][ T6955] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[   97.142494][ T6955] usb 2-1: Product: QEMU USB Tablet
[   97.144160][ T6955] usb 2-1: Manufacturer: QEMU
[   97.145050][ T8638] sit0: entered allmulticast mode
[   97.145640][ T6955] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[   97.153764][ T8638] ip6tnl0: entered allmulticast mode
[   97.157008][ T8638] ip6gre0: entered allmulticast mode
[   97.162710][ T8638] ip6gretap0: entered allmulticast mode
[   97.169291][ T8638] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.173669][ T8638] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.174742][ T6955] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0003/input/input16
[   97.176879][ T8638] bridge0: entered allmulticast mode
[   97.185305][ T8638] vcan0: entered allmulticast mode
[   97.191679][ T8638] bond0: entered allmulticast mode
[   97.194601][ T8638] bond_slave_0: entered allmulticast mode
[   97.196846][ T8638] bond_slave_1: entered allmulticast mode
[   97.201987][ T8638] team0: entered allmulticast mode
[   97.204257][ T8638] team_slave_0: entered allmulticast mode
[   97.206246][ T8638] team_slave_1: entered allmulticast mode
[   97.210906][ T8638] dummy0: entered allmulticast mode
[   97.213809][ T8641] nfs4: Unknown parameter '
PL'
[   97.219453][ T8638] nlmon0: entered allmulticast mode
[   97.221655][ T8638] caif0: entered allmulticast mode
[   97.224567][ T8638] batadv0: entered allmulticast mode
[   97.228308][ T8638] vxcan0: entered allmulticast mode
[   97.231142][ T8638] vxcan1: entered allmulticast mode
[   97.234067][ T8638] veth0: entered allmulticast mode
[   97.239139][ T8638] veth1: entered allmulticast mode
[   97.246020][ T8638] wg0: entered allmulticast mode
[   97.250075][ T8638] wg1: entered allmulticast mode
[   97.258136][ T6955] hid-generic 0003:0627:0001.0003: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[   97.264080][ T8638] wg2: entered allmulticast mode
[   97.268175][ T8638] veth0_to_bridge: entered allmulticast mode
[   97.272836][ T8638] veth1_to_bridge: entered allmulticast mode
[   97.278889][ T8638] veth0_to_bond: entered allmulticast mode
[   97.284852][ T8638] veth1_to_bond: entered allmulticast mode
[   97.288874][ T8638] veth0_to_team: entered allmulticast mode
[   97.295171][ T8638] veth1_to_team: entered allmulticast mode
[   97.303587][ T8638] veth0_to_batadv: entered allmulticast mode
[   97.306736][ T8638] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.310663][ T8638] batadv_slave_0: entered allmulticast mode
[   97.316276][ T8638] veth1_to_batadv: entered allmulticast mode
[   97.320416][ T8638] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.324819][ T8638] batadv_slave_1: entered allmulticast mode
[   97.329018][ T8638] xfrm0: entered allmulticast mode
[   97.334202][ T8638] veth0_to_hsr: entered allmulticast mode
[   97.337327][ T8638] hsr_slave_0: entered allmulticast mode
[   97.340371][ T8638] veth1_to_hsr: entered allmulticast mode
[   97.343061][ T8638] hsr_slave_1: entered allmulticast mode
[   97.346358][ T8638] hsr0: entered allmulticast mode
[   97.349730][ T8638] veth1_virt_wifi: entered allmulticast mode
[   97.357028][ T8638] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[   97.360343][ T8638] veth1_vlan: entered allmulticast mode
[   97.364055][ T8638] veth0_vlan: entered allmulticast mode
[   97.366467][ T8638] vlan0: entered allmulticast mode
[   97.368557][ T8638] vlan1: entered allmulticast mode
[   97.370659][ T8638] macvlan0: entered allmulticast mode
[   97.374201][ T8638] macvlan1: entered allmulticast mode
[   97.377847][ T8638] ipvlan0: entered allmulticast mode
[   97.379826][ T8638] ipvlan1: entered allmulticast mode
[   97.382381][ T8638] veth1_macvtap: entered allmulticast mode
[   97.390947][ T8638] veth0_macvtap: entered allmulticast mode
[   97.399249][ T8638] macvtap0: entered allmulticast mode
[   97.403562][ T8638] macsec0: entered allmulticast mode
[   97.409806][ T8638] geneve0: entered allmulticast mode
[   97.414620][ T8638] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.417986][ T8638] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.421430][ T8638] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.425627][ T8638] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.429325][ T8638] geneve1: entered allmulticast mode
[   97.434172][ T8638] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   97.437779][ T8638] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[   97.441280][ T8638] netdevsim netdevsim1 netdevsim2: entered allmulticast mode
[   97.445994][ T8638] netdevsim netdevsim1 netdevsim3: entered allmulticast mode
[   97.460034][ T8638] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[   97.472561][ T8638] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[   97.477542][ T8638] bridge1: entered allmulticast mode
[   97.481183][ T8638] bridge2: entered allmulticast mode
[   97.483725][ T8638] veth2: entered allmulticast mode
[   97.485705][ T8638] veth3: entered allmulticast mode
[   97.487853][ T8638] vxlan0: entered allmulticast mode
[   97.489901][ T8638] syztnl2: entered allmulticast mode
[   97.548211][ T8664] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   97.652969][ T5988] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   97.797618][ T8676] IPv6: Can't replace route, no match found
[   97.966373][ T5988] usb 5-1: device descriptor read/64, error -71
[   98.223066][ T5988] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   98.373017][ T5988] usb 5-1: device descriptor read/64, error -71
[   98.483249][ T5988] usb usb5-port1: attempt power cycle
[   98.523573][ T8688] cgroup: Unknown subsys name 'cpuset'
[   98.716946][ T8709] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   98.727496][ T8709] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8709 comm=syz.4.724
[   98.728677][ T8711] __nla_validate_parse: 28 callbacks suppressed
[   98.728691][ T8711] netlink: 140 bytes leftover after parsing attributes in process `syz.1.725'.
[   98.771565][   T39] kauditd_printk_skb: 32 callbacks suppressed
[   98.771586][   T39] audit: type=1400 audit(1740450403.467:888): avc:  denied  { validate_trans } for  pid=8714 comm="syz.4.727" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   98.817683][  T835] hid-generic 0005:07C0:06E6.0004: item fetching failed at offset 0/1
[   98.819969][   T39] audit: type=1400 audit(1740450403.517:889): avc:  denied  { getopt } for  pid=8722 comm="syz.4.729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   98.820990][  T835] hid-generic 0005:07C0:06E6.0004: probe with driver hid-generic failed with error -22
[   98.823083][ T5988] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[   98.843515][ T5988] usb 5-1: device descriptor read/8, error -71
[   98.883202][ T6955] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[   98.949977][ T8736] netlink: 12 bytes leftover after parsing attributes in process `syz.1.733'.
[   99.036871][ T8742] ufs: You didn't specify the type of your ufs filesystem
[   99.036871][ T8742] 
[   99.036871][ T8742] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[   99.036871][ T8742] 
[   99.036871][ T8742] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[   99.043085][ T6955] usb 10-1: Using ep0 maxpacket: 16
[   99.049135][ T8742] ufs: failed to set blocksize
[   99.051982][ T6955] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   99.054782][   T39] audit: type=1400 audit(1740450403.757:890): avc:  denied  { watch_mount } for  pid=8741 comm="syz.1.736" path="/188" dev="tmpfs" ino=1011 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   99.056973][ T6955] usb 10-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[   99.068494][ T6955] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.074321][ T6955] usb 10-1: config 0 descriptor??
[   99.089100][ T5988] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[   99.092122][ T6955] input: bcm5974 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input17
[   99.119504][ T5988] usb 5-1: device descriptor read/8, error -71
[   99.223168][ T5949] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[   99.223609][ T5988] usb usb5-port1: unable to enumerate USB device
[   99.295417][ T6955] bcm5974 10-1:0.0: could not read from device
[   99.306618][ T5340] bcm5974 10-1:0.0: could not read from device
[   99.310454][ T6955] input: failed to attach handler mousedev to device input17, error: -5
[   99.315890][ T6955] usb 10-1: USB disconnect, device number 3
[   99.317334][ T5340] bcm5974 10-1:0.0: could not read from device
[   99.338879][ T8751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.739'.
[   99.383089][ T5949] usb 9-1: Using ep0 maxpacket: 16
[   99.386735][ T5949] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[   99.390105][ T5949] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[   99.395161][ T5949] usb 9-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[   99.398775][ T5949] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.401804][ T5949] usb 9-1: Product: syz
[   99.403569][ T5949] usb 9-1: Manufacturer: syz
[   99.405402][ T5949] usb 9-1: SerialNumber: syz
[   99.410087][ T5949] usb 9-1: config 0 descriptor??
[   99.673192][ T5949] appledisplay 9-1:0.0: Error while getting initial brightness: -110
[   99.678282][ T5949] appledisplay 9-1:0.0: probe with driver appledisplay failed with error -110
[   99.867514][ T8755] xt_NFQUEUE: number of total queues is 0
[  100.056343][ T8768] netlink: 12 bytes leftover after parsing attributes in process `syz.5.745'.
[  100.060071][ T8768] smc: net device bond0 applied user defined pnetid S
[  100.196660][ T8772] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  100.240437][    C3] hrtimer: interrupt took 14580 ns
[  100.306441][ T8776] ocfs2: Unknown parameter 'usrquota˙O
'
[  100.552333][   T39] audit: type=1400 audit(1740450405.247:891): avc:  denied  { mount } for  pid=8793 comm="syz.0.754" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  100.555753][ T8792] kvm: pic: single mode not supported
[  100.563328][ T8792] kvm: pic: level sensitive irq not supported
[  100.565214][   T39] audit: type=1400 audit(1740450405.257:892): avc:  denied  { read } for  pid=8793 comm="syz.0.754" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  100.570475][ T8792] kvm: pic: level sensitive irq not supported
[  100.574697][   T39] audit: type=1400 audit(1740450405.257:893): avc:  denied  { open } for  pid=8793 comm="syz.0.754" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  100.574723][   T39] audit: type=1400 audit(1740450405.257:894): avc:  denied  { ioctl } for  pid=8793 comm="syz.0.754" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  100.591741][   T39] audit: type=1400 audit(1740450405.287:895): avc:  denied  { unmount } for  pid=5944 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  100.597322][ T8792] kvm: pic: single mode not supported
[  100.606097][ T8792] kvm: pic: non byte write
[  100.610634][ T8792] kvm: pic: non byte write
[  100.614302][ T8792] kvm: pic: non byte write
[  100.616806][ T8792] kvm: pic: non byte write
[  100.619215][ T8792] kvm: pic: non byte write
[  100.626361][ T8792] kvm: pic: non byte write
[  100.629462][ T8792] kvm: pic: non byte write
[  100.631930][ T8792] kvm: pic: non byte write
[  100.635157][ T8792] kvm: pic: non byte write
[  100.637892][ T8792] kvm: pic: non byte write
[  100.811902][   T39] audit: type=1400 audit(1740450405.507:896): avc:  denied  { write } for  pid=8801 comm="syz.0.757" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  100.861114][ T8804] syzkaller1: entered promiscuous mode
[  100.863592][ T8804] syzkaller1: entered allmulticast mode
[  101.024665][   T39] audit: type=1400 audit(1740450405.727:897): avc:  denied  { getopt } for  pid=8807 comm="syz.0.760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  101.078806][ T8812] netlink: 4 bytes leftover after parsing attributes in process `syz.1.761'.
[  101.382112][ T8825] block device autoloading is deprecated and will be removed.
[  101.421159][ T8827] 9pnet_fd: Insufficient options for proto=fd
[  101.528857][ T8838] sock: sock_timestamping_bind_phc: sock not bind to device
[  101.972387][ T8872] dccp_v6_rcv: dropped packet with invalid checksum
[  102.003558][ T5988] usb 9-1: USB disconnect, device number 5
[  102.106551][ T8881] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8881 comm=syz.5.783
[  102.164439][ T8887] netlink: 'syz.5.785': attribute type 10 has an invalid length.
[  102.175329][ T8887] 8021q: adding VLAN 0 to HW filter on device team0
[  102.182059][ T8890] ieee802154 phy0 wpan0: encryption failed: -22
[  102.182563][ T8887] bond0: (slave team0): Enslaving as an active interface with an up link
[  102.238932][ T8896] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  102.246197][ T8896] Error validating options; rc = [-22]
[  102.683090][   T35] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  102.843024][   T35] usb 10-1: Using ep0 maxpacket: 32
[  102.849292][   T35] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[  102.852261][   T35] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  102.855631][   T35] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[  102.858471][   T35] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  102.861394][   T35] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  102.865066][   T35] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  102.869041][   T35] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  102.871712][   T35] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.876449][   T35] usb 10-1: config 0 descriptor??
[  102.959160][ T8918] overlayfs: missing 'lowerdir'
[  103.026705][   T65] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  103.081497][   T35] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  103.082745][ T8901] tmpfs: Unknown parameter 'userxattr'
[  103.094826][ T5988] usb 10-1: USB disconnect, device number 4
[  103.100333][ T5988] usblp0: removed
[  103.113973][ T8892] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  103.232657][ T8931] netlink: 12 bytes leftover after parsing attributes in process `syz.4.798'.
[  103.739017][ T8942] ip6gre1: entered promiscuous mode
[  103.794110][   T39] kauditd_printk_skb: 13 callbacks suppressed
[  103.794129][   T39] audit: type=1400 audit(1740450408.497:911): avc:  denied  { mounton } for  pid=8943 comm="syz.5.802" path="/47/bus" dev="tmpfs" ino=272 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  103.794334][ T8944] ./bus: Can't lookup blockdev
[  103.828399][ T8946] netlink: 16 bytes leftover after parsing attributes in process `syz.1.803'.
[  103.833082][   T39] audit: type=1400 audit(1740450408.537:912): avc:  denied  { bind } for  pid=8945 comm="syz.1.803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  103.844999][   T39] audit: type=1400 audit(1740450408.537:913): avc:  denied  { write } for  pid=8945 comm="syz.1.803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  103.853498][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.854760][ T8948] input: syz1 as /devices/virtual/input/input18
[  103.860485][   T39] audit: type=1400 audit(1740450408.557:914): avc:  denied  { write } for  pid=8945 comm="syz.1.803" path="socket:[25334]" dev="sockfs" ino=25334 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  104.197392][ T8972] syz.0.813: attempt to access beyond end of device
[  104.197392][ T8972] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  104.202491][ T8972] SQUASHFS error: Failed to read block 0x0: -5
[  104.205043][ T8972] unable to read squashfs_super_block
[  104.253077][    T9] libceph: connect (1)[c::]:6789 error -101
[  104.256142][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  104.273117][ T8984] syz.4.816: attempt to access beyond end of device
[  104.273117][ T8984] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  104.278287][ T8984] syz.4.816: attempt to access beyond end of device
[  104.278287][ T8984] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  104.283254][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  104.287394][ T8984] syz.4.816: attempt to access beyond end of device
[  104.287394][ T8984] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  104.292371][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  104.296700][ T8984] syz.4.816: attempt to access beyond end of device
[  104.296700][ T8984] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  104.297148][ T6955] libceph: connect (1)[c::]:6789 error -101
[  104.301654][ T8984] syz.4.816: attempt to access beyond end of device
[  104.301654][ T8984] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  104.305598][ T6955] libceph: mon0 (1)[c::]:6789 connect error
[  104.309301][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  104.316960][ T8984] syz.4.816: attempt to access beyond end of device
[  104.316960][ T8984] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  104.318344][ T6955] libceph: connect (1)[c::]:6789 error -101
[  104.322186][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  104.325130][ T8990] fuseblk: Unknown parameter 'subj_role'
[  104.325451][ T6955] libceph: mon0 (1)[c::]:6789 connect error
[  104.326370][ T8978] ceph: No mds server is up or the cluster is laggy
[  104.330966][ T8985] ceph: No mds server is up or the cluster is laggy
[  104.337226][ T8984] syz.4.816: attempt to access beyond end of device
[  104.337226][ T8984] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  104.349359][ T8984] syz.4.816: attempt to access beyond end of device
[  104.349359][ T8984] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  104.359157][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  104.362155][ T8984] syz.4.816: attempt to access beyond end of device
[  104.362155][ T8984] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  104.366032][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  104.375422][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  104.378219][ T8984] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  104.381005][ T8984] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  104.476250][   T39] audit: type=1400 audit(1740450409.177:915): avc:  denied  { ioctl } for  pid=9001 comm="syz.5.821" path="socket:[24570]" dev="sockfs" ino=24570 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  104.485733][ T9002] ISOFS: Unable to identify CD-ROM format.
[  104.541661][   T39] audit: type=1400 audit(1740450409.237:916): avc:  denied  { getopt } for  pid=9005 comm="syz.4.823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  104.721604][ T9016] netlink: 40 bytes leftover after parsing attributes in process `syz.5.827'.
[  104.801268][ T9025] macvlan0: entered allmulticast mode
[  104.804773][ T9025] veth1_vlan: entered allmulticast mode
[  104.810335][ T9025] veth1_vlan: left allmulticast mode
[  104.825475][ T9025] macvlan0 (unregistering): left allmulticast mode
[  104.838711][ T9024] netlink: 'syz.0.831': attribute type 10 has an invalid length.
[  104.935132][ T9033] wireguard0: entered promiscuous mode
[  105.290761][ T9042] overlay: Unknown parameter 'smackfsdef'
[  105.755608][ T9032] uprobe: syz.5.833:9032 failed to unregister, leaking uprobe
[  105.806645][ T1167] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
[  105.810623][ T1167] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 1167, name: kworker/0:1H
[  105.816946][ T1167] preempt_count: 0, expected: 0
[  105.818856][ T1167] RCU nest depth: 0, expected: 0
[  105.820737][ T1167] 2 locks held by kworker/0:1H/1167:
[  105.822856][ T1167]  #0: ffff88801b089148 ((wq_completion)events_highpri){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  105.827488][ T1167]  #1: ffffc900061f7d18 ((work_completion)(&timer->task_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  105.831049][ T1167] irq event stamp: 1044
[  105.832732][ T1167] hardirqs last  enabled at (1043): [<ffffffff8b59c523>] _raw_spin_unlock_irq+0x23/0x50
[  105.836521][ T1167] hardirqs last disabled at (1044): [<ffffffff8b59c2c2>] _raw_spin_lock_irqsave+0x52/0x60
[  105.840365][ T1167] softirqs last  enabled at (204): [<ffffffff817c131b>] handle_softirqs+0x5bb/0x8f0
[  105.844097][ T1167] softirqs last disabled at (183): [<ffffffff817c17e9>] __irq_exit_rcu+0x109/0x170
[  105.848542][ T1167] CPU: 0 UID: 0 PID: 1167 Comm: kworker/0:1H Not tainted 6.14.0-rc4-syzkaller #0
[  105.848562][ T1167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.848573][ T1167] Workqueue: events_highpri snd_timer_work
[  105.848719][ T1167] Call Trace:
[  105.848746][ T1167]  <TASK>
[  105.848754][ T1167]  dump_stack_lvl+0x116/0x1f0
[  105.848777][ T1167]  __might_resched+0x3c0/0x5e0
[  105.848802][ T1167]  ? __pfx___might_resched+0x10/0x10
[  105.848830][ T1167]  __mutex_lock+0x108/0xb10
[  105.848852][ T1167]  ? snd_card_locked+0x1b/0x60
[  105.848873][ T1167]  ? __pfx___mutex_lock+0x10/0x10
[  105.848891][ T1167]  ? find_held_lock+0x2d/0x110
[  105.848914][ T1167]  ? __pfx_lock_release+0x10/0x10
[  105.848947][ T1167]  ? snd_card_locked+0x1b/0x60
[  105.848965][ T1167]  snd_card_locked+0x1b/0x60
[  105.848983][ T1167]  snd_request_card+0x14/0x70
[  105.849009][ T1167]  snd_seq_client_use_ptr+0x375/0x3c0
[  105.849036][ T1167]  snd_seq_deliver_single_event+0xdb/0x6e0
[  105.849063][ T1167]  ? __pfx_snd_seq_deliver_single_event+0x10/0x10
[  105.849091][ T1167]  ? lock_acquire+0x2f/0xb0
[  105.849111][ T1167]  ? snd_seq_client_use_ptr+0x3e/0x3c0
[  105.849138][ T1167]  snd_seq_deliver_event+0x291/0x4b0
[  105.849152][ T1167]  ? snd_seq_client_use_ptr+0x7b/0x3c0
[  105.849178][ T1167]  snd_seq_dispatch_event+0x117/0x580
[  105.849196][ T1167]  ? __pfx_snd_seq_dispatch_event+0x10/0x10
[  105.849213][ T1167]  ? do_raw_spin_unlock+0x172/0x230
[  105.849230][ T1167]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  105.849247][ T1167]  ? snd_seq_prioq_cell_out+0x1e4/0x360
[  105.849271][ T1167]  snd_seq_check_queue+0x248/0x510
[  105.849293][ T1167]  ? snd_seq_timer_interrupt+0x2cf/0x390
[  105.849315][ T1167]  ? __pfx_snd_seq_check_queue+0x10/0x10
[  105.849334][ T1167]  ? snd_seq_timer_interrupt+0x2b9/0x390
[  105.849363][ T1167]  snd_seq_timer_interrupt+0x2e3/0x390
[  105.849387][ T1167]  snd_timer_process_callbacks+0x217/0x2e0
[  105.849404][ T1167]  ? __pfx_snd_seq_timer_interrupt+0x10/0x10
[  105.849426][ T1167]  snd_timer_work+0xa9/0x100
[  105.849442][ T1167]  process_one_work+0x9c5/0x1ba0
[  105.849471][ T1167]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  105.849501][ T1167]  ? __pfx_process_one_work+0x10/0x10
[  105.849525][ T1167]  ? assign_work+0x1a0/0x250
[  105.849545][ T1167]  worker_thread+0x6c8/0xf00
[  105.849570][ T1167]  ? __kthread_parkme+0x148/0x220
[  105.849586][ T1167]  ? __pfx_worker_thread+0x10/0x10
[  105.849606][ T1167]  kthread+0x3af/0x750
[  105.849623][ T1167]  ? __pfx_kthread+0x10/0x10
[  105.849640][ T1167]  ? lock_acquire+0x2f/0xb0
[  105.849662][ T1167]  ? __pfx_kthread+0x10/0x10
[  105.849678][ T1167]  ret_from_fork+0x45/0x80
[  105.849722][ T1167]  ? __pfx_kthread+0x10/0x10
[  105.849740][ T1167]  ret_from_fork_asm+0x1a/0x30
[  105.849769][ T1167]  </TASK>
[  105.957226][ T1167] 
[  105.957970][ T1167] ================================
[  105.959485][ T1167] WARNING: inconsistent lock state
[  105.960991][ T1167] 6.14.0-rc4-syzkaller #0 Tainted: G        W         
[  105.963015][ T1167] --------------------------------
[  105.964510][ T1167] inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage.
[  105.966489][ T1167] kworker/0:1H/1167 [HC0[0]:SC0[0]:HE1:SE1] takes:
[  105.968368][ T1167] ffff8880236dc148 (&timer->lock){?.-.}-{3:3}, at: snd_timer_process_callbacks+0x227/0x2e0
[  105.971261][ T1167] {IN-HARDIRQ-W} state was registered at:
[  105.972909][ T1167]   lock_acquire.part.0+0x11b/0x380
[  105.974442][ T1167]   _raw_spin_lock+0x2e/0x40
[  105.975812][ T1167]   snd_hrtimer_callback+0x53/0x400
[  105.977333][ T1167]   __hrtimer_run_queues+0x20a/0xae0
[  105.979761][ T1167]   hrtimer_interrupt+0x392/0x8e0
[  105.981239][ T1167]   __sysvec_apic_timer_interrupt+0x10f/0x400
[  105.983052][ T1167]   sysvec_apic_timer_interrupt+0x9f/0xc0
[  105.984717][ T1167]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  105.986461][ T1167]   _raw_spin_unlock_irqrestore+0x31/0x80
[  105.988128][ T1167]   try_to_wake_up+0x949/0x1490
[  105.989591][ T1167]   wake_up_q+0x9c/0x160
[  105.990852][ T1167]   __mutex_unlock_slowpath+0x231/0x6a0
[  105.992467][ T1167]   hub_event+0xc5f/0x4e10
[  105.993901][ T1167]   process_one_work+0x9c5/0x1ba0
[  105.995389][ T1167]   worker_thread+0x6c8/0xf00
[  105.996786][ T1167]   kthread+0x3af/0x750
[  105.998014][ T1167]   ret_from_fork+0x45/0x80
[  105.999361][ T1167]   ret_from_fork_asm+0x1a/0x30
[  106.000802][ T1167] irq event stamp: 1197
[  106.002024][ T1167] hardirqs last  enabled at (1197): [<ffffffff8b59c5b2>] _raw_spin_unlock_irqrestore+0x52/0x80
[  106.005004][ T1167] hardirqs last disabled at (1196): [<ffffffff8b59c2c2>] _raw_spin_lock_irqsave+0x52/0x60
[  106.007792][ T1167] softirqs last  enabled at (1156): [<ffffffff817c131b>] handle_softirqs+0x5bb/0x8f0
[  106.010525][ T1167] softirqs last disabled at (1047): [<ffffffff817c17e9>] __irq_exit_rcu+0x109/0x170
[  106.013234][ T1167] 
[  106.013234][ T1167] other info that might help us debug this:
[  106.015576][ T1167]  Possible unsafe locking scenario:
[  106.015576][ T1167] 
[  106.017718][ T1167]        CPU0
[  106.018669][ T1167]        ----
[  106.019623][ T1167]   lock(&timer->lock);
[  106.020854][ T1167]   <Interrupt>
[  106.021896][ T1167]     lock(&timer->lock);
[  106.023209][ T1167] 
[  106.023209][ T1167]  *** DEADLOCK ***
[  106.023209][ T1167] 
[  106.025546][ T1167] 2 locks held by kworker/0:1H/1167:
[  106.027090][ T1167]  #0: ffff88801b089148 ((wq_completion)events_highpri){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  106.030283][ T1167]  #1: ffffc900061f7d18 ((work_completion)(&timer->task_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  106.033692][ T1167] 
[  106.033692][ T1167] stack backtrace:
[  106.035433][ T1167] CPU: 0 UID: 0 PID: 1167 Comm: kworker/0:1H Tainted: G        W          6.14.0-rc4-syzkaller #0
[  106.035449][ T1167] Tainted: [W]=WARN
[  106.035452][ T1167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.035461][ T1167] Workqueue: events_highpri snd_timer_work
[  106.035474][ T1167] Call Trace:
[  106.035483][ T1167]  <TASK>
[  106.035487][ T1167]  dump_stack_lvl+0x116/0x1f0
[  106.035505][ T1167]  print_usage_bug.part.0+0x3fb/0x680
[  106.035524][ T1167]  mark_lock+0x92d/0xc60
[  106.035537][ T1167]  ? __pfx_mark_lock+0x10/0x10
[  106.035551][ T1167]  ? hlock_class+0x4e/0x130
[  106.035562][ T1167]  ? mark_lock+0xb5/0xc60
[  106.035575][ T1167]  ? __pfx___lock_acquire+0x10/0x10
[  106.035589][ T1167]  ? __pfx_mark_lock+0x10/0x10
[  106.035604][ T1167]  __lock_acquire+0x98e/0x3c40
[  106.035619][ T1167]  ? mark_held_locks+0x9f/0xe0
[  106.035633][ T1167]  ? __pfx___lock_acquire+0x10/0x10
[  106.035646][ T1167]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  106.035657][ T1167]  ? lockdep_hardirqs_on+0x7c/0x110
[  106.035669][ T1167]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  106.035680][ T1167]  lock_acquire.part.0+0x11b/0x380
[  106.035694][ T1167]  ? snd_timer_process_callbacks+0x227/0x2e0
[  106.035705][ T1167]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  106.035720][ T1167]  ? rcu_is_watching+0x12/0xc0
[  106.035731][ T1167]  ? trace_lock_acquire+0x14e/0x1f0
[  106.035742][ T1167]  ? snd_timer_process_callbacks+0x227/0x2e0
[  106.035752][ T1167]  ? lock_acquire+0x2f/0xb0
[  106.035765][ T1167]  ? snd_timer_process_callbacks+0x227/0x2e0
[  106.035776][ T1167]  _raw_spin_lock+0x2e/0x40
[  106.035784][ T1167]  ? snd_timer_process_callbacks+0x227/0x2e0
[  106.035794][ T1167]  snd_timer_process_callbacks+0x227/0x2e0
[  106.035805][ T1167]  ? __pfx_snd_seq_timer_interrupt+0x10/0x10
[  106.035820][ T1167]  snd_timer_work+0xa9/0x100
[  106.035830][ T1167]  process_one_work+0x9c5/0x1ba0
[  106.035845][ T1167]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  106.035859][ T1167]  ? __pfx_process_one_work+0x10/0x10
[  106.035874][ T1167]  ? assign_work+0x1a0/0x250
[  106.035887][ T1167]  worker_thread+0x6c8/0xf00
[  106.035902][ T1167]  ? __kthread_parkme+0x148/0x220
[  106.035912][ T1167]  ? __pfx_worker_thread+0x10/0x10
[  106.035926][ T1167]  kthread+0x3af/0x750
[  106.035938][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.035950][ T1167]  ? lock_acquire+0x2f/0xb0
[  106.035965][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.035977][ T1167]  ret_from_fork+0x45/0x80
[  106.035992][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.036003][ T1167]  ret_from_fork_asm+0x1a/0x30
[  106.036018][ T1167]  </TASK>
[  106.110316][ T1167] ------------[ cut here ]------------
[  106.111935][ T1167] raw_local_irq_restore() called with IRQs enabled
[  106.113994][ T1167] WARNING: CPU: 0 PID: 1167 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x29/0x30
[  106.117041][ T1167] Modules linked in:
[  106.118194][ T1167] CPU: 0 UID: 0 PID: 1167 Comm: kworker/0:1H Tainted: G        W          6.14.0-rc4-syzkaller #0
[  106.121231][ T1167] Tainted: [W]=WARN
[  106.122359][ T1167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.125511][ T1167] Workqueue: events_highpri snd_timer_work
[  106.127225][ T1167] RIP: 0010:warn_bogus_irq_restore+0x29/0x30
[  106.128974][ T1167] Code: 90 f3 0f 1e fa 90 80 3d f9 a7 f3 04 00 74 06 90 c3 cc cc cc cc c6 05 ea a7 f3 04 01 90 48 c7 c7 c0 e6 6c 8b e8 58 df 22 f6 90 <0f> 0b 90 90 eb df 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  106.134484][ T1167] RSP: 0018:ffffc900061f7c18 EFLAGS: 00010282
[  106.136263][ T1167] RAX: 0000000000000000 RBX: ffff8880236dc130 RCX: ffffffff817a1229
[  106.138503][ T1167] RDX: ffff888028238000 RSI: ffffffff817a1236 RDI: 0000000000000001
[  106.140785][ T1167] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000000
[  106.143107][ T1167] R10: 0000000000000000 R11: 61636f6c5f776172 R12: ffff8880236dc000
[  106.145375][ T1167] R13: ffff8880236dc1b0 R14: 0000000000000000 R15: ffff88801b09d800
[  106.147661][ T1167] FS:  0000000000000000(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
[  106.150221][ T1167] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  106.152146][ T1167] CR2: 00007fecdd000218 CR3: 0000000031f9c000 CR4: 0000000000352ef0
[  106.154527][ T1167] DR0: 0000000000000002 DR1: fffffffffffffffb DR2: 0000000000010001
[  106.156752][ T1167] DR3: 0000000000000004 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  106.158994][ T1167] Call Trace:
[  106.159961][ T1167]  <TASK>
[  106.160817][ T1167]  ? __warn+0xea/0x3c0
[  106.162002][ T1167]  ? __pfx_vprintk_emit+0x10/0x10
[  106.163556][ T1167]  ? warn_bogus_irq_restore+0x29/0x30
[  106.165147][ T1167]  ? report_bug+0x3c0/0x580
[  106.166504][ T1167]  ? handle_bug+0x54/0xa0
[  106.167777][ T1167]  ? exc_invalid_op+0x17/0x50
[  106.169164][ T1167]  ? asm_exc_invalid_op+0x1a/0x20
[  106.170658][ T1167]  ? __warn_printk+0x199/0x350
[  106.172067][ T1167]  ? __warn_printk+0x1a6/0x350
[  106.174441][ T1167]  ? warn_bogus_irq_restore+0x29/0x30
[  106.176065][ T1167]  ? warn_bogus_irq_restore+0x28/0x30
[  106.177657][ T1167]  _raw_spin_unlock_irqrestore+0x74/0x80
[  106.179316][ T1167]  snd_timer_work+0xbe/0x100
[  106.180700][ T1167]  process_one_work+0x9c5/0x1ba0
[  106.182173][ T1167]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  106.184075][ T1167]  ? __pfx_process_one_work+0x10/0x10
[  106.185700][ T1167]  ? assign_work+0x1a0/0x250
[  106.187102][ T1167]  worker_thread+0x6c8/0xf00
[  106.188478][ T1167]  ? __kthread_parkme+0x148/0x220
[  106.189976][ T1167]  ? __pfx_worker_thread+0x10/0x10
[  106.191557][ T1167]  kthread+0x3af/0x750
[  106.192795][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.194253][ T1167]  ? lock_acquire+0x2f/0xb0
[  106.195622][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.196994][ T1167]  ret_from_fork+0x45/0x80
[  106.198321][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.199682][ T1167]  ret_from_fork_asm+0x1a/0x30
[  106.201181][ T1167]  </TASK>
[  106.202118][ T1167] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  106.204259][ T1167] CPU: 0 UID: 0 PID: 1167 Comm: kworker/0:1H Tainted: G        W          6.14.0-rc4-syzkaller #0
[  106.207271][ T1167] Tainted: [W]=WARN
[  106.208389][ T1167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  106.211486][ T1167] Workqueue: events_highpri snd_timer_work
[  106.213231][ T1167] Call Trace:
[  106.214223][ T1167]  <TASK>
[  106.215120][ T1167]  dump_stack_lvl+0x3d/0x1f0
[  106.216480][ T1167]  panic+0x71d/0x800
[  106.217600][ T1167]  ? __pfx_panic+0x10/0x10
[  106.218869][ T1167]  ? show_trace_log_lvl+0x29d/0x3d0
[  106.220397][ T1167]  ? check_panic_on_warn+0x1f/0xb0
[  106.221868][ T1167]  ? warn_bogus_irq_restore+0x29/0x30
[  106.223399][ T1167]  check_panic_on_warn+0xab/0xb0
[  106.224782][ T1167]  __warn+0xf6/0x3c0
[  106.225909][ T1167]  ? __pfx_vprintk_emit+0x10/0x10
[  106.227427][ T1167]  ? warn_bogus_irq_restore+0x29/0x30
[  106.229141][ T1167]  report_bug+0x3c0/0x580
[  106.230375][ T1167]  handle_bug+0x54/0xa0
[  106.231611][ T1167]  exc_invalid_op+0x17/0x50
[  106.232968][ T1167]  asm_exc_invalid_op+0x1a/0x20
[  106.234426][ T1167] RIP: 0010:warn_bogus_irq_restore+0x29/0x30
[  106.236212][ T1167] Code: 90 f3 0f 1e fa 90 80 3d f9 a7 f3 04 00 74 06 90 c3 cc cc cc cc c6 05 ea a7 f3 04 01 90 48 c7 c7 c0 e6 6c 8b e8 58 df 22 f6 90 <0f> 0b 90 90 eb df 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  106.242722][ T1167] RSP: 0018:ffffc900061f7c18 EFLAGS: 00010282
[  106.244442][ T1167] RAX: 0000000000000000 RBX: ffff8880236dc130 RCX: ffffffff817a1229
[  106.246760][ T1167] RDX: ffff888028238000 RSI: ffffffff817a1236 RDI: 0000000000000001
[  106.249058][ T1167] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000000
[  106.251322][ T1167] R10: 0000000000000000 R11: 61636f6c5f776172 R12: ffff8880236dc000
[  106.253658][ T1167] R13: ffff8880236dc1b0 R14: 0000000000000000 R15: ffff88801b09d800
[  106.255967][ T1167]  ? __warn_printk+0x199/0x350
[  106.257580][ T1167]  ? __warn_printk+0x1a6/0x350
[  106.259077][ T1167]  ? warn_bogus_irq_restore+0x28/0x30
[  106.260688][ T1167]  _raw_spin_unlock_irqrestore+0x74/0x80
[  106.262274][ T1167]  snd_timer_work+0xbe/0x100
[  106.263673][ T1167]  process_one_work+0x9c5/0x1ba0
[  106.265123][ T1167]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  106.266818][ T1167]  ? __pfx_process_one_work+0x10/0x10
[  106.268404][ T1167]  ? assign_work+0x1a0/0x250
[  106.269790][ T1167]  worker_thread+0x6c8/0xf00
[  106.271197][ T1167]  ? __kthread_parkme+0x148/0x220
[  106.272696][ T1167]  ? __pfx_worker_thread+0x10/0x10
[  106.274249][ T1167]  kthread+0x3af/0x750
[  106.275487][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.276862][ T1167]  ? lock_acquire+0x2f/0xb0
[  106.278191][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.279533][ T1167]  ret_from_fork+0x45/0x80
[  106.280864][ T1167]  ? __pfx_kthread+0x10/0x10
[  106.282239][ T1167]  ret_from_fork_asm+0x1a/0x30
[  106.283693][ T1167]  </TASK>
[  106.285160][ T1167] Kernel Offset: disabled
[  106.286466][ T1167] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:26:50  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85407335 RDI=ffffffff9ab80780 RBP=ffffffff9ab80740 RSP=ffffc900061f71d8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000006
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ab80740 R15=0000000000000000
RIP=ffffffff8540735f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fecdd000218 CR3=0000000031f9c000 CR4=00352ef0
DR0=0000000000000002 DR1=fffffffffffffffb DR2=0000000000010001 DR3=0000000000000004 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000000e6081 RBX=0000000000000001 RCX=ffffffff8b574469 RDX=0000000000000000
RSI=ffffffff8b6cec80 RDI=ffffffff8bd35640 RBP=ffffed1003b52910 RSP=ffffc90000187e08
R8 =0000000000000001 R9 =ffffed100d4e6f85 R10=ffff88806a737c2b R11=0000000000000000
R12=0000000000000001 R13=ffff88801da94880 R14=ffffffff90625610 R15=0000000000000000
RIP=ffffffff8b57584f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f549e5bef70 CR3=0000000032efa000 CR4=00352ef0
DR0=0000000000000009 DR1=000000000000000b DR2=0000000000000002 DR3=0000000000000009 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555ebbacce 000055555ebba9d0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555eb424a8
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555eb512ed 000055555eb51100
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 662f2e01ffffffff ffffffffef080003 0210000610003e10 0006017086001000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 01ffffffffffffff fff7080180030010 00000401c7080006 013e9c0031656c69
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fff9080380030031 656c69662f2e01ff ffffffffffffffef 08028003007a7973
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 763d736e61727401 ffffffffffffffff e508068003007039 01ffffffffffffff
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010680040888b1a4 1000038004028004 0180040a013fa200 020006d003580200
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 06ce0307b8800ca4 0006aa037a020006 a803646967746c66 6401ffffffffffff
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffff108069a032c 6f69747269763d73 6e61727401ffffff ffffffffffe50806
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 800300703901ffff fffffffffffff908 0380030031656c69 662f2e01ffffffff
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000000bc051 RBX=0000000000000002 RCX=ffffffff8b574469 RDX=0000000000000000
RSI=ffffffff8b6cec80 RDI=ffffffff8bd35640 RBP=ffffed1003b55000 RSP=ffffc90000197e08
R8 =0000000000000001 R9 =ffffed100d506f85 R10=ffff88806a837c2b R11=0000000000000000
R12=0000000000000002 R13=ffff88801daa8000 R14=ffffffff90625610 R15=0000000000000000
RIP=ffffffff8b57584f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f549e5a0d58 CR3=0000000031f9c000 CR4=00352ef0
DR0=0000000000000009 DR1=000000000000000b DR2=0000000000000002 DR3=0000000000000009 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f03e220f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000000d43e3 RBX=0000000000000003 RCX=ffffffff8b574469 RDX=0000000000000000
RSI=ffffffff8b6cec80 RDI=ffffffff8bd35640 RBP=ffffed1003b55488 RSP=ffffc900001a7e08
R8 =0000000000000001 R9 =ffffed100d526f85 R10=ffff88806a937c2b R11=0000000000000000
R12=0000000000000003 R13=ffff88801daaa440 R14=ffffffff90625610 R15=0000000000000000
RIP=ffffffff8b57584f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000400000001000 CR3=000000004097a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd0dd32170 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f549d80f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f549d80f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f549d80f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f549d80f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f549d80f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f549d80f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e776f6e6b6e7500 6f6c6c3332302500 657a697320740004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b524a4b4e4b5000 4a49491617150000 405f4c560551464a 5751560541444700
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000