last executing test programs:

5m44.858004598s ago: executing program 32 (id=3061):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000815}, 0x850)

5m33.260221477s ago: executing program 33 (id=3234):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)={@val={0x0, 0x8035}, @void, @eth={@multicast, @random="1f00", @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "acca72", 0x10, 0x11, 0x0, @empty, @local, {[@fragment={0x1, 0x0, 0x80, 0x0, 0x0, 0x9, 0x64}], {0x4e21, 0x4e24, 0x8}}}}}}}, 0x4a)

4m43.176111975s ago: executing program 34 (id=3941):
r0 = socket$inet6(0xa, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

4m12.620586816s ago: executing program 2 (id=4366):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88bd9edace00000000000000002100000002ff02000000000000000000000000000104004e20004d03"], 0x0)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280), 0x45}, 0x0)

4m11.737796626s ago: executing program 2 (id=4387):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz0\x00', {}, 0x1000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa345, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0xd, 0x0, 0x4, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x3b6, 0x0, 0x2], [0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x54, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

4m11.609156297s ago: executing program 2 (id=4391):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r2 = dup(r1)
read$FUSE(r2, &(0x7f0000003780)={0x2020}, 0xffffff82)

4m11.469631646s ago: executing program 2 (id=4394):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x28a101e, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)

4m11.348367911s ago: executing program 2 (id=4397):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0dd8632"], 0x42)

4m10.456186531s ago: executing program 2 (id=4411):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0xc048aec8, &(0x7f0000000700)={0x500, 0x0, @ioapic={0x10000, 0x3, 0x1, 0x7, 0x0, [{0x6, 0x80}, {0xe7, 0x0, 0xfb, '\x00', 0x7f}, {0x0, 0x9, 0xc, '\x00', 0x92}, {0x2, 0xc6, 0xe, '\x00', 0xfa}, {0x0, 0x3, 0x7, '\x00', 0x9}, {0x5, 0x8, 0x6, '\x00', 0x1}, {0x16, 0x83, 0x6, '\x00', 0xcd}, {0x2, 0x4, 0x2, '\x00', 0x48}, {0x9, 0x3, 0x1a, '\x00', 0x7}, {0x5, 0x8, 0xdb, '\x00', 0x1}, {0x0, 0x7, 0x7, '\x00', 0x75}, {0x8, 0x0, 0xb, '\x00', 0xf}, {0x2, 0x0, 0x9, '\x00', 0xc3}, {0x9, 0x9, 0x6, '\x00', 0x85}, {0xfa, 0x81, 0x44, '\x00', 0x8}, {0x9, 0x9, 0x2, '\x00', 0x1}, {0x5c, 0xc2, 0x40, '\x00', 0x8}, {0x4a, 0x6, 0x8, '\x00', 0x6}, {0x8, 0x3, 0x2, '\x00', 0x14}, {0x6, 0x4, 0x80, '\x00', 0x46}, {0x7, 0x4, 0xf1, '\x00', 0x8}, {0x6, 0xf9, 0xf, '\x00', 0x10}, {0x8, 0x8, 0x81, '\x00', 0x3}, {0x0, 0x7f, 0x7, '\x00', 0x2}]}})

4m10.346426618s ago: executing program 35 (id=4411):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0xc048aec8, &(0x7f0000000700)={0x500, 0x0, @ioapic={0x10000, 0x3, 0x1, 0x7, 0x0, [{0x6, 0x80}, {0xe7, 0x0, 0xfb, '\x00', 0x7f}, {0x0, 0x9, 0xc, '\x00', 0x92}, {0x2, 0xc6, 0xe, '\x00', 0xfa}, {0x0, 0x3, 0x7, '\x00', 0x9}, {0x5, 0x8, 0x6, '\x00', 0x1}, {0x16, 0x83, 0x6, '\x00', 0xcd}, {0x2, 0x4, 0x2, '\x00', 0x48}, {0x9, 0x3, 0x1a, '\x00', 0x7}, {0x5, 0x8, 0xdb, '\x00', 0x1}, {0x0, 0x7, 0x7, '\x00', 0x75}, {0x8, 0x0, 0xb, '\x00', 0xf}, {0x2, 0x0, 0x9, '\x00', 0xc3}, {0x9, 0x9, 0x6, '\x00', 0x85}, {0xfa, 0x81, 0x44, '\x00', 0x8}, {0x9, 0x9, 0x2, '\x00', 0x1}, {0x5c, 0xc2, 0x40, '\x00', 0x8}, {0x4a, 0x6, 0x8, '\x00', 0x6}, {0x8, 0x3, 0x2, '\x00', 0x14}, {0x6, 0x4, 0x80, '\x00', 0x46}, {0x7, 0x4, 0xf1, '\x00', 0x8}, {0x6, 0xf9, 0xf, '\x00', 0x10}, {0x8, 0x8, 0x81, '\x00', 0x3}, {0x0, 0x7f, 0x7, '\x00', 0x2}]}})

2m39.189351355s ago: executing program 7 (id=6006):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x20, @empty}, 0x1c)
io_setup(0x6, &(0x7f0000000680)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x3000, 0x3, 0x1, 0x80, r0, 0x0}])

2m38.170171953s ago: executing program 7 (id=6018):
r0 = io_uring_setup(0x2e36, &(0x7f0000000900)={0x0, 0x4651, 0x100, 0x421})
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000080)={0x2})
close(r1)
close_range(r0, 0xffffffffffffffff, 0x0)

2m38.169603102s ago: executing program 7 (id=6019):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendto$inet6(r1, &(0x7f00000002c0)="eb4508312d07085f7e323d062284ed86de85be4ad52dcce2ba0744790ecda784ad610a6997cb34cc4cf8ab52df209010961a67343a4ed53fe797a054054f20c092573996b26a85a3f7512b7a0c0ac65c", 0x50, 0x4000, 0x0, 0x0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/70, 0x46}, {&(0x7f0000000080)=""/45, 0x2d}], 0x2}, 0x0)

2m38.071125147s ago: executing program 7 (id=6020):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x28a101e, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)

2m38.068952747s ago: executing program 7 (id=6022):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
lsm_get_self_attr(0x67, 0x0, 0x0, 0x0)

2m37.771121494s ago: executing program 7 (id=6030):
pipe2$watch_queue(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000400)=ANY=[@ANYBLOB="01"], 0x48, 0xffffffffffffffff)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r0, 0xa2)
r3 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r1, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r0, 0xffffffff)

2m37.708885849s ago: executing program 36 (id=6030):
pipe2$watch_queue(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000400)=ANY=[@ANYBLOB="01"], 0x48, 0xffffffffffffffff)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r0, 0xa2)
r3 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r1, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r0, 0xffffffff)

2m34.35510085s ago: executing program 5 (id=6056):
r0 = open(&(0x7f0000000280)='.\x00', 0x8000, 0x0)
fcntl$notify(r0, 0x402, 0x8000003d)
fcntl$setsig(r0, 0xa, 0x21)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x1800005, 0x810, r1, 0xa77ef000)

2m33.919054829s ago: executing program 5 (id=6058):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9})
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x1000001, 0x5069f481, 0xfffe, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)

2m33.790245892s ago: executing program 5 (id=6060):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x101c40, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa0}}, 0x0)
close_range(r0, r0, 0x2)

2m33.787116401s ago: executing program 5 (id=6061):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00')

2m33.739898537s ago: executing program 5 (id=6062):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7fe)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f00000000c0)={0x81, 0x0, 0x3})
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000200)={0xeeef0000, 0x0, 0x3e, 0x0, 0x136})

2m33.111408952s ago: executing program 5 (id=6071):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r0, 0x0)
accept4$tipc(r0, &(0x7f0000000200), &(0x7f0000000240)=0x10, 0x800)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2000c0a0}, 0x0)

2m33.001778525s ago: executing program 37 (id=6071):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r0, 0x0)
accept4$tipc(r0, &(0x7f0000000200), &(0x7f0000000240)=0x10, 0x800)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2000c0a0}, 0x0)

2m18.138604902s ago: executing program 9 (id=6282):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/bus/input/devices\x00', 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{}, 'syz1\x00', 0x3})
ioctl$UI_DEV_CREATE(r1, 0x5501)
pread64(r0, &(0x7f0000000280)=""/4096, 0x1000, 0x0)

2m18.03522976s ago: executing program 9 (id=6284):
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x8, 0x2)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, 0x0}, 0x58)
epoll_create(0x8001)

2m17.586318647s ago: executing program 9 (id=6286):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000001640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800)
recvmsg(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000280)=""/81, 0x51}], 0x1}, 0x1)

2m17.488853206s ago: executing program 9 (id=6287):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='ramfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='.\x00')

2m17.487845967s ago: executing program 9 (id=6288):
r0 = socket$inet(0x2, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

2m17.196040119s ago: executing program 9 (id=6290):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

2m17.141656008s ago: executing program 38 (id=6290):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

48.840701179s ago: executing program 6 (id=7662):
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000008000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='mm_khugepaged_scan_pmd\x00', r1}, 0x18)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)

48.789603292s ago: executing program 6 (id=7664):
r0 = io_uring_setup(0x3c8e, &(0x7f0000000500))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000400)="3f4e55f1", 0x4)
sendto$unix(r2, &(0x7f0000000080), 0xffffff9d, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

48.537125209s ago: executing program 6 (id=7670):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0xa8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000000000000850000006d00000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

48.532094994s ago: executing program 6 (id=7671):
syz_clone(0x20940200, 0x0, 0x9, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0x80049367, 0x0)

48.368047637s ago: executing program 6 (id=7674):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r0, 0x0, 0x0)

47.955950586s ago: executing program 6 (id=7680):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000002c0), 0x200004, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})

47.880604536s ago: executing program 39 (id=7680):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000002c0), 0x200004, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})

32.56582803s ago: executing program 1 (id=7806):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r1, &(0x7f0000001d80)='.\x00', 0x0, &(0x7f0000000000)={0xb}, 0x20)

32.478954459s ago: executing program 1 (id=7809):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x83c, 0x2c, 0xd27, 0x70bd26, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_bpf={{0x8}, {0x810, 0x2, [@TCA_BPF_NAME={0x80a, 0x7, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}]}}]}, 0x83c}}, 0x0)

32.362904507s ago: executing program 1 (id=7811):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r1)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000007640)=ANY=[], 0x3aa0}}, 0x0)

32.153417486s ago: executing program 1 (id=7813):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000200)='./file0\x00')

32.13818274s ago: executing program 1 (id=7816):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100))
r1 = syz_open_pts(r0, 0x0)
r2 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
dup3(r1, r0, 0x0)

31.509858773s ago: executing program 1 (id=7826):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000de080000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)

31.408921815s ago: executing program 40 (id=7826):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000de080000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)

2.414235731s ago: executing program 3 (id=8222):
r0 = syz_io_uring_setup(0x10a, &(0x7f0000000380)={0x0, 0x5f39, 0x0, 0x80, 0x1}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x2, 0x0, 0xffffffffffffffff, &(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)='./file0\x00'})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f00000000c0)='./bus\x00', 0x8001420, 0x0)
creat(&(0x7f0000000100)='./bus\x00', 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0)

2.265626575s ago: executing program 3 (id=8223):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r2 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={r2, 0x0, 0x0, 0x8000})
close_range(r0, 0xffffffffffffffff, 0x0)

2.208991322s ago: executing program 3 (id=8224):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0xa)
r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
open_by_handle_at(r4, &(0x7f0000000700)=ANY=[@ANYRES8=r1], 0x10441)

2.119885966s ago: executing program 3 (id=8225):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r2, 0xffffffffffffffff, 0x0)

2.048128815s ago: executing program 3 (id=8226):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1})
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0)

2.04231469s ago: executing program 3 (id=8228):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b5d090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f38306d090890e0879b0a0ac6e70a9b3348959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2, 0xfffffffd, 0x2})

1.46232886s ago: executing program 0 (id=8244):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r0, 0xa)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
accept4$unix(r0, 0x0, 0x0, 0x0)

1.391147225s ago: executing program 0 (id=8246):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x336, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000013c0)={0xffffffffffffffff, 0xe0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20875, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38)

1.316253902s ago: executing program 0 (id=8248):
mkdir(&(0x7f0000000280)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='hugetlbfs\x00', 0x10010, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1.301871758s ago: executing program 4 (id=8250):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r1, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x40000000000004a, 0x2, 0x0)
sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)

1.255037211s ago: executing program 0 (id=8251):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

1.126191197s ago: executing program 4 (id=8253):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r1 = socket$netlink(0x10, 0x3, 0x0)
preadv(r0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r2}, 0x10)

1.059763319s ago: executing program 0 (id=8254):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r1)
exit(0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)

900.009786ms ago: executing program 4 (id=8256):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

899.747452ms ago: executing program 8 (id=8257):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000340)='\x00', 0x1, 0x0, 0x0, 0x0)

840.058745ms ago: executing program 4 (id=8258):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @private2}}}, 0x108)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)

839.871965ms ago: executing program 8 (id=8259):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20"], 0xd6)

839.008966ms ago: executing program 4 (id=8260):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x0, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

730.007526ms ago: executing program 4 (id=8261):
r0 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r0)
syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
mount$9p_fd(0x0, &(0x7f0000000800)='./file0\x00', &(0x7f00000007c0), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)

694.371609ms ago: executing program 8 (id=8262):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000540)=@srh={0x2b, 0x6, 0x4, 0x3, 0x3, 0x0, 0x4, [@remote, @mcast1, @ipv4={'\x00', '\xff\xff', @empty}]}, 0x38)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x0, 0xc9}}}, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[], 0xf0}, 0x1, 0x0, 0x0, 0x2000c002}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000180)={0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="40235d0000005d0cc95f9f9cddac6446168596d09f3b29ae01b87b0ed64779e904e56508d69b52d9224aad798dfdab651ecbf6fe7c3a5e4d51d8f38515bfa60c6c940129ba2ffdffffffffffffffff6f323a3b866026fdc9d75f3391e8d6f9091ef5c90c5bc828422a40978549d858adedb8fe1d3873d3a3a7f0e83e53549cec86cd0b0208c4406de0c4dc34a3423676fcaf56df7a4b9b2d6fa62f5d2c26f139669f1a7ca063e8e286178af96f3f022437cad503b049279e7aa6372869562796460dcc2e76ab4f33805425c0b45dc531b52fe4bd3db9f942bafae8f0a30bac8826461d65309ad7c66b381926f18a31cb1d51f6ac26c0e49f5911ddcbf4afaa73a175e07d3f1bceab31c361e0b3f66c3cf3b76776d86cd5359bb4e26a0854482decf2461c588664"], &(0x7f0000000080)={0x0, 0x3, 0x3e, @string={0x3e, 0x3, "1c829b0eef96421896a5ddb195d149ca41e70654df276dbecfe2ee6d93d7604101f4f6fb2168a871d65981f5af86e040b137fa98678b1a616d55ba70"}}, &(0x7f0000000100)={0x0, 0x22, 0x21, {[@main=@item_4={0x3, 0x0, 0x0, "e3ce2ca5"}, @local=@item_4={0x3, 0x2, 0x3, "8181b10f"}, @global=@item_012={0x2, 0x1, 0x8, "b087"}, @global=@item_4={0x3, 0x1, 0x1, "000000fe"}, @main=@item_4={0x3, 0x0, 0xa, "9eeb58a9"}, @main=@item_4={0x3, 0x0, 0xc, "753f57be"}, @global=@item_4={0x3, 0x1, 0x6, "56507fe3"}]}}, &(0x7f0000000140)={0x0, 0x21, 0x9, {0x9, 0x21, 0x46, 0x80, 0x1, {0x22, 0x5b2}}}}, &(0x7f0000000380)={0x2c, &(0x7f00000001c0)={0x20, 0x18, 0x99, "50e6e80a4cad8fabae6aaf0802e4867fee0a9676c31ec23091ef1a2a0f787debcf62c6519c89f2b63589de5211e7db614a6d86861660825c1aac64c195a40ae54f460c791cb91020c858df5835041ac7736285d1aba0703eb0d024f71800caeaa09ff666b3a0976df5fe609b400a111c5d1d2bfe39357bfda308ca1b0f481537d7d82d0e65b2df9d65a976f0fa9cf21715720e66e71490fab8"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000300)={0x20, 0x1, 0xc, "9eaa812de2e77c827c710ca9"}, &(0x7f0000000340)={0x20, 0x3, 0x1, 0x6}})

189.284467ms ago: executing program 0 (id=8263):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x20000004)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

109.833655ms ago: executing program 8 (id=8264):
mkdir(&(0x7f0000000580)='./file0\x00', 0xd0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x65)
dup3(r1, r0, 0x0)
read(r0, 0x0, 0x0)

59.213354ms ago: executing program 8 (id=8265):
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000003d)
symlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000240)='./file1\x00')

0s ago: executing program 8 (id=8266):
r0 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x34f}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
socket$inet6(0xa, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

6660][   T36] libceph: mon0 (1)[c::]:6789 connect error
[  386.520623][T20403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.527157][T20403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.531330][T20403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.536329][T20403] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.543201][T20403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.547486][T20403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.551368][T20403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.556717][T20403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.560655][T20403] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.566231][T20403] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.571160][T20403] batman_adv: batadv0: Interface activated: batadv_slave_1
[  386.594756][T20403] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.598703][T20403] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.602319][T20403] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.606319][T20403] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.682963][ T6741] team0: left promiscuous mode
[  386.686475][ T6741] batadv_slave_1: left promiscuous mode
[  386.693383][ T6741] hsr_slave_0: left promiscuous mode
[  386.697128][ T6741] hsr_slave_1: left promiscuous mode
[  386.729814][ T6741] veth1_macvtap: left promiscuous mode
[  386.729926][  T833] libceph: connect (1)[c::]:6789 error -22
[  386.732027][ T6741] veth0_macvtap: left promiscuous mode
[  386.734504][  T833] libceph: mon0 (1)[c::]:6789 connect error
[  386.812337][   T36] libceph: connect (1)[c::]:6789 error -22
[  386.814796][   T36] libceph: mon0 (1)[c::]:6789 connect error
[  386.836848][   T68] Bluetooth: hci2: command tx timeout
[  387.251405][T15536] libceph: connect (1)[c::]:6789 error -22
[  387.254020][T15536] libceph: mon0 (1)[c::]:6789 connect error
[  387.283341][T20573] ceph: No mds server is up or the cluster is laggy
[  387.290412][T20576] ceph: No mds server is up or the cluster is laggy
[  387.397694][   T68] Bluetooth: hci0: command tx timeout
[  388.913950][   T68] Bluetooth: hci2: command tx timeout
[  389.464005][   T68] Bluetooth: hci0: command tx timeout
[  390.174587][ T6718] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.177074][ T6718] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.184289][T20505] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  390.210007][T20505] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  390.215241][T20505] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  390.241895][T20505] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  390.263331][ T6707] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.266310][ T6707] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.330239][T20505] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.371037][T20505] 8021q: adding VLAN 0 to HW filter on device team0
[  390.386056][ T6738] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.388647][ T6738] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.392876][ T6738] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.395613][ T6738] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.556696][T20505] 8021q: adding VLAN 0 to HW filter on device batadv0
[  390.642095][ T6741] IPVS: stop unused estimator thread 0...
[  390.653859][T20667] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6130'.
[  390.666298][T20667] 8021q: adding VLAN 0 to HW filter on device bond2
[  390.729172][T20505] veth0_vlan: entered promiscuous mode
[  390.738996][T20505] veth1_vlan: entered promiscuous mode
[  390.755962][T20505] veth0_macvtap: entered promiscuous mode
[  390.761873][T20505] veth1_macvtap: entered promiscuous mode
[  390.770955][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.776333][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.780112][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.783622][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.786493][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.789526][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.792403][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.795476][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.799078][T20505] batman_adv: batadv0: Interface activated: batadv_slave_0
[  390.806752][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.810335][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.813293][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.816602][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.819590][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.823301][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.826772][T20505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.829500][T20505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.832898][T20505] batman_adv: batadv0: Interface activated: batadv_slave_1
[  390.837686][T20505] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  390.840196][T20505] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  390.842845][T20505] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  390.845638][T20505] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  390.897681][ T6741] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.900343][ T6741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.913005][ T6741] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  390.917064][ T6741] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.923886][  T833] usb 13-1: new high-speed USB device number 2 using dummy_hcd
[  391.085295][  T833] usb 13-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  391.089426][  T833] usb 13-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  391.093163][  T833] usb 13-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  391.096408][  T833] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.100141][T20673] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  391.106780][  T833] usb 13-1: Quirk or no altset; falling back to MIDI 1.0
[  391.317938][  T833] usb 13-1: USB disconnect, device number 2
[  391.543894][   T68] Bluetooth: hci0: command tx timeout
[  391.676642][ T6021] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  391.831300][ T6021] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  391.835669][ T6021] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  391.841776][ T6021] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  391.852619][ T6021] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.856751][T20706] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  391.860523][ T6021] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  392.083874][ T6022] usb 5-1: USB disconnect, device number 27
[  393.623849][   T68] Bluetooth: hci0: command tx timeout
[  394.064883][T20812] loop6: detected capacity change from 0 to 63
[  394.322929][T20835] input: syz1 as /devices/virtual/input/input63
[  394.609208][ T6021] libceph: connect (1)[c::]:6789 error -101
[  394.611783][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  394.669191][ T6021] libceph: connect (1)[c::]:6789 error -101
[  394.672870][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  394.732547][T20864] Invalid ELF header len 8
[  394.884216][ T6021] libceph: connect (1)[c::]:6789 error -101
[  394.886845][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  394.945210][ T6021] libceph: connect (1)[c::]:6789 error -101
[  394.947988][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  395.394229][ T6021] libceph: connect (1)[c::]:6789 error -101
[  395.396794][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  395.429794][T20858] ceph: No mds server is up or the cluster is laggy
[  395.432509][T20854] ceph: No mds server is up or the cluster is laggy
[  395.477270][ T6021] libceph: connect (1)[c::]:6789 error -101
[  395.479925][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  396.253829][    C3] vkms_vblank_simulate: vblank timer overrun
[  396.967478][    C3] vkms_vblank_simulate: vblank timer overrun
[  397.264271][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  397.264287][   T40] audit: type=1326 audit(1742583165.480:6618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20934 comm="syz.6.6230" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x0
[  397.349636][T20937] batman_adv: batadv0: Adding interface: ip6gretap1
[  397.373866][T20937] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[  397.381522][T20937] batman_adv: batadv0: Interface activated: ip6gretap1
[  397.784068][T20957] ALSA: seq fatal error: cannot create timer (-16)
[  398.213991][T20982] tipc: Started in network mode
[  398.216226][T20982] tipc: Node identity ac1414aa, cluster identity 4711
[  398.218932][T20982] tipc: New replicast peer: 100.1.1.1
[  398.221374][T20982] tipc: Enabled bearer <udp:syz2>, priority 10
[  398.296602][T20986] netlink: 'syz.9.6251': attribute type 4 has an invalid length.
[  398.313026][T20986] netlink: 'syz.9.6251': attribute type 4 has an invalid length.
[  398.380588][T20992] netlink: 176 bytes leftover after parsing attributes in process `syz.0.6254'.
[  398.472633][T21003] ip6erspan0: entered promiscuous mode
[  398.581101][T21013] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6263'.
[  398.605366][T21015] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6264'.
[  398.614040][ T6021] usb 13-1: new high-speed USB device number 3 using dummy_hcd
[  398.670719][T21019] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input64
[  398.786976][ T6021] usb 13-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  398.791680][ T6021] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  398.800114][ T6021] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  398.810387][ T6021] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  398.818436][ T6021] usb 13-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  398.824374][ T6021] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.828489][ T6021] usb 13-1: config 0 descriptor??
[  398.832756][T20994] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  399.253321][ T6021] plantronics 0003:047F:FFFF.0026: unknown main item tag 0xd
[  399.257702][ T6021] plantronics 0003:047F:FFFF.0026: No inputs registered, leaving
[  399.262123][ T6021] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  399.343858][ T6021] tipc: Node number set to 2886997162
[  399.936307][T21064] Bluetooth: MGMT ver 1.23
[  400.001907][T21070] input: syz1 as /devices/virtual/input/input66
[  400.725121][T21087] geneve2: entered promiscuous mode
[  400.726815][T21087] geneve2: entered allmulticast mode
[  400.919978][ T6710] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  400.920124][T21072] Set syz1 is full, maxelem 65536 reached
[  401.044157][ T6710] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.137764][ T6710] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.166558][T21102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  401.171428][T21102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  401.179012][T21103] block nbd0: shutting down sockets
[  401.192175][   T68] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  401.199069][   T68] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  401.201597][   T68] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  401.208792][   T68] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  401.236346][ T6710] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.244660][ T6021] usb 13-1: USB disconnect, device number 3
[  401.434102][ T6710] bridge_slave_1: left allmulticast mode
[  401.436556][ T6710] bridge_slave_1: left promiscuous mode
[  401.439400][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.447018][ T6710] bridge_slave_0: left allmulticast mode
[  401.449390][ T6710] bridge_slave_0: left promiscuous mode
[  401.451842][ T6710] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.039866][ T6710] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  402.047864][ T6710] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  402.053951][ T6710] bond0 (unregistering): Released all slaves
[  402.060277][T21125] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6304'.
[  402.077532][T21100] chnl_net:caif_netlink_parms(): no params data found
[  402.151180][ T6710] tipc: Disabling bearer <udp:syz2>
[  402.154104][ T6710] tipc: Left network mode
[  402.223468][T21100] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.226458][T21100] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.229597][T21100] bridge_slave_0: entered allmulticast mode
[  402.232652][T21100] bridge_slave_0: entered promiscuous mode
[  402.236500][T21100] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.239381][T21100] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.242162][T21100] bridge_slave_1: entered allmulticast mode
[  402.248038][T21100] bridge_slave_1: entered promiscuous mode
[  402.337157][T21100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.340955][T21100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.410301][T21100] team0: Port device team_slave_0 added
[  402.428144][T21100] team0: Port device team_slave_1 added
[  402.438731][ T6710] hsr_slave_0: left promiscuous mode
[  402.440781][ T6710] hsr_slave_1: left promiscuous mode
[  402.445691][ T6710] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.447890][ T6710] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.450553][ T6710] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.453280][ T6710] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.494536][ T6710] veth1_macvtap: left promiscuous mode
[  402.496197][ T6710] veth0_macvtap: left promiscuous mode
[  402.497791][ T6710] veth1_vlan: left promiscuous mode
[  402.499398][ T6710] veth0_vlan: left promiscuous mode
[  402.913032][   T40] audit: type=1326 audit(1742583171.130:6619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21150 comm="syz.8.6312" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7fc00000
[  403.305752][ T5965] Bluetooth: hci0: command tx timeout
[  403.669662][   T40] audit: type=1326 audit(1742583171.890:6620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21150 comm="syz.8.6312" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73fe579 code=0x7fc00000
[  403.964031][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  404.113193][T21176] netlink: 52 bytes leftover after parsing attributes in process `syz.0.6322'.
[  404.458613][ T6710] team0 (unregistering): Port device team_slave_1 removed
[  404.716821][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  404.780351][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  404.954521][ T6710] team0 (unregistering): Port device team_slave_0 removed
[  405.247008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  405.384094][ T5965] Bluetooth: hci0: command tx timeout
[  406.746362][T21100] batman_adv: batadv0: Adding interface: batadv_slave_0
[  406.748873][T21100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  406.757065][T21100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  406.761973][T21100] batman_adv: batadv0: Adding interface: batadv_slave_1
[  406.765157][T21100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  406.777062][T21100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  407.109536][T21100] hsr_slave_0: entered promiscuous mode
[  407.122978][T21100] hsr_slave_1: entered promiscuous mode
[  407.316020][T21217] netlink: 14 bytes leftover after parsing attributes in process `syz.8.6339'.
[  407.476794][ T5965] Bluetooth: hci0: command tx timeout
[  407.642250][T21217] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  407.656964][T21217] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  407.664700][T21217] bond0 (unregistering): Released all slaves
[  407.759280][   T40] audit: type=1326 audit(1742583175.980:6621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21234 comm="syz.0.6343" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x0
[  408.013509][T21253] netlink: 'syz.8.6345': attribute type 4 has an invalid length.
[  408.037639][T21253] netlink: 'syz.8.6345': attribute type 4 has an invalid length.
[  408.095576][T21100] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  408.102610][T21100] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  408.119813][T21100] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  408.127004][T21100] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  408.199558][T21100] 8021q: adding VLAN 0 to HW filter on device bond0
[  408.213417][T21100] 8021q: adding VLAN 0 to HW filter on device team0
[  408.220955][   T47] bridge0: port 1(bridge_slave_0) entered blocking state
[  408.223078][   T47] bridge0: port 1(bridge_slave_0) entered forwarding state
[  408.254806][ T6707] bridge0: port 2(bridge_slave_1) entered blocking state
[  408.257654][ T6707] bridge0: port 2(bridge_slave_1) entered forwarding state
[  408.425609][T21100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  408.504859][T21100] veth0_vlan: entered promiscuous mode
[  408.516752][T21100] veth1_vlan: entered promiscuous mode
[  408.556307][T21100] veth0_macvtap: entered promiscuous mode
[  408.592695][T21100] veth1_macvtap: entered promiscuous mode
[  408.608968][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  408.612280][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.623783][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  408.627018][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.630384][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  408.633603][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.643860][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  408.647728][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.652212][T21100] batman_adv: batadv0: Interface activated: batadv_slave_0
[  408.662889][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  408.673886][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.677495][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  408.681282][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.686303][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  408.690336][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.696385][T21100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  408.700213][T21100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.717243][T21100] batman_adv: batadv0: Interface activated: batadv_slave_1
[  408.761343][T21100] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  408.774736][T21100] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  408.780274][T21100] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  408.793973][T21100] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  408.929212][ T6710] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  408.941390][ T6710] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  409.004950][ T6720] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  409.007637][ T6720] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  409.154861][T21335] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6291'.
[  409.158596][T21335] netem: unknown loss type 13
[  409.160851][T21335] netem: change failed
[  409.544515][ T5965] Bluetooth: hci0: command tx timeout
[  409.554920][T21374] block nbd1: shutting down sockets
[  409.683908][ T2294] usb 11-1: new high-speed USB device number 13 using dummy_hcd
[  409.843698][ T2294] usb 11-1: config index 0 descriptor too short (expected 45, got 36)
[  409.847461][ T2294] usb 11-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  409.851706][ T2294] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  409.883971][ T2294] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  409.888864][ T2294] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  409.893305][ T2294] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  409.905641][ T2294] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.916461][ T2294] usb 11-1: config 0 descriptor??
[  409.920053][T21364] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  410.210745][T21422] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6385'.
[  410.345408][ T2294] plantronics 0003:047F:FFFF.0027: unknown main item tag 0xd
[  410.349062][ T2294] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving
[  410.358101][ T2294] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  410.615583][   T31] usb 11-1: USB disconnect, device number 13
[  410.833262][T21474] netlink: 16 bytes leftover after parsing attributes in process `syz.8.6397'.
[  410.845314][T21474] batman_adv: batadv0: Adding interface: ipvlan2
[  410.848102][T21474] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active
[  411.659492][T21526] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  411.662649][T21526] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  411.958210][T21549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6425'.
[  411.964495][T21549] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6425'.
[  412.206139][T21564] dccp_invalid_packet: P.type (SYNC) not Data || [Data]Ack, while P.X == 0
[  412.320979][   T64] kernel write not supported for file [eventfd] (pid: 64 comm: kworker/3:1)
[  412.517590][ T6021] usb 13-1: new high-speed USB device number 4 using dummy_hcd
[  412.674477][ T6021] usb 13-1: Using ep0 maxpacket: 8
[  412.679205][ T6021] usb 13-1: config 0 has no interfaces?
[  412.685899][ T6021] usb 13-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  412.689735][ T6021] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.692979][ T6021] usb 13-1: Product: syz
[  412.697294][ T6021] usb 13-1: Manufacturer: syz
[  412.701790][ T6021] usb 13-1: SerialNumber: syz
[  412.706238][ T6021] usb 13-1: config 0 descriptor??
[  412.913589][ T6030] usb 13-1: USB disconnect, device number 4
[  413.211961][T21591] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6443'.
[  413.536398][T21613] netfs: Couldn't get user pages (rc=-14)
[  413.538755][T21613] netfs: Zero-sized read [R=2c]
[  413.789001][T21633] pim6reg1: entered promiscuous mode
[  413.791584][T21633] pim6reg1: entered allmulticast mode
[  413.896271][T21640] input: syz1 as /devices/virtual/input/input68
[  414.280858][T21666] KVM: debugfs: duplicate directory 21666-5
[  414.379374][T21672] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6482'.
[  414.487789][T21679] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6484'.
[  414.510563][T21679] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  414.514292][T21679] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  414.517895][T21679] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  414.521277][T21679] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  414.528723][T21679] vxlan0: entered promiscuous mode
[  414.999781][T21689] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  415.421751][ T6030] libceph: connect (1)[c::]:6789 error -101
[  415.424896][ T6030] libceph: mon0 (1)[c::]:6789 connect error
[  415.451344][ T6030] libceph: connect (1)[b::]:6789 error -101
[  415.457171][ T6030] libceph: mon0 (1)[b::]:6789 connect error
[  415.694146][ T6030] libceph: connect (1)[c::]:6789 error -101
[  415.696312][ T6030] libceph: mon0 (1)[c::]:6789 connect error
[  415.724218][ T6030] libceph: connect (1)[b::]:6789 error -101
[  415.726596][ T6030] libceph: mon0 (1)[b::]:6789 connect error
[  416.032454][T21713] netlink: 'syz.1.6496': attribute type 1 has an invalid length.
[  416.035707][T21713] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6496'.
[  416.197149][   T31] kernel read not supported for file /video9 (pid: 31 comm: kworker/1:0)
[  416.204274][ T6030] libceph: connect (1)[c::]:6789 error -101
[  416.207298][ T6030] libceph: mon0 (1)[c::]:6789 connect error
[  416.218803][T21702] ceph: No mds server is up or the cluster is laggy
[  416.221477][T21705] ceph: No mds server is up or the cluster is laggy
[  416.258229][ T6030] libceph: connect (1)[b::]:6789 error -101
[  416.260458][ T6030] libceph: mon0 (1)[b::]:6789 connect error
[  416.430714][T21741] syzkaller1: entered promiscuous mode
[  416.432888][T21741] syzkaller1: entered allmulticast mode
[  416.801790][T21771] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1558365176 (199470742528 ns) > initial count (55482769792 ns). Using initial count to start timer.
[  416.936468][T21778] syzkaller1: entered promiscuous mode
[  416.938235][T21778] syzkaller1: entered allmulticast mode
[  417.143049][T21788] syz.6.6526: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  417.148521][T21788] CPU: 3 UID: 0 PID: 21788 Comm: syz.6.6526 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[  417.148566][T21788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  417.148577][T21788] Call Trace:
[  417.148582][T21788]  <TASK>
[  417.148588][T21788]  dump_stack_lvl+0x16c/0x1f0
[  417.148616][T21788]  warn_alloc+0x24d/0x3a0
[  417.148641][T21788]  ? __pfx_warn_alloc+0x10/0x10
[  417.148662][T21788]  ? __pfx_stack_trace_save+0x10/0x10
[  417.148688][T21788]  ? kasan_save_stack+0x42/0x60
[  417.148710][T21788]  ? kasan_save_stack+0x33/0x60
[  417.148729][T21788]  ? kasan_save_track+0x14/0x30
[  417.148747][T21788]  ? __kasan_kmalloc+0xaa/0xb0
[  417.148765][T21788]  ? xskq_create+0x52/0x1d0
[  417.148781][T21788]  ? do_sock_setsockopt+0x222/0x480
[  417.148797][T21788]  ? __sys_setsockopt+0x1a0/0x230
[  417.148817][T21788]  ? __ia32_sys_setsockopt+0xbc/0x160
[  417.148843][T21788]  __vmalloc_node_range_noprof+0x10dc/0x1530
[  417.148870][T21788]  ? xskq_create+0xfb/0x1d0
[  417.148891][T21788]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  417.148918][T21788]  ? xskq_create+0xfb/0x1d0
[  417.148934][T21788]  vmalloc_user_noprof+0x6b/0x90
[  417.148953][T21788]  ? xskq_create+0xfb/0x1d0
[  417.148967][T21788]  xskq_create+0xfb/0x1d0
[  417.148983][T21788]  xsk_setsockopt+0x757/0xa10
[  417.148998][T21788]  ? __pfx_xsk_setsockopt+0x10/0x10
[  417.149017][T21788]  ? find_held_lock+0x2d/0x110
[  417.149036][T21788]  ? __pfx_xsk_setsockopt+0x10/0x10
[  417.149051][T21788]  do_sock_setsockopt+0x222/0x480
[  417.149068][T21788]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  417.149083][T21788]  ? lock_acquire+0x2f/0xb0
[  417.149115][T21788]  __sys_setsockopt+0x1a0/0x230
[  417.149139][T21788]  __ia32_sys_setsockopt+0xbc/0x160
[  417.149158][T21788]  ? lockdep_hardirqs_on+0x7c/0x110
[  417.149178][T21788]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  417.149198][T21788]  __do_fast_syscall_32+0x73/0x120
[  417.149217][T21788]  do_fast_syscall_32+0x32/0x80
[  417.149231][T21788]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  417.149247][T21788] RIP: 0023:0xf73de579
[  417.149256][T21788] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  417.149265][T21788] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  417.149275][T21788] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b
[  417.149281][T21788] RDX: 0000000000000002 RSI: 0000000080000900 RDI: 0000000000000004
[  417.149287][T21788] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  417.149292][T21788] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  417.149297][T21788] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  417.149309][T21788]  </TASK>
[  417.149351][T21788] Mem-Info:
[  417.252037][T21788] active_anon:40118 inactive_anon:38 isolated_anon:0
[  417.252037][T21788]  active_file:9308 inactive_file:17011 isolated_file:0
[  417.252037][T21788]  unevictable:1752 dirty:412 writeback:0
[  417.252037][T21788]  slab_reclaimable:6372 slab_unreclaimable:67408
[  417.252037][T21788]  mapped:23839 shmem:36593 pagetables:1231
[  417.252037][T21788]  sec_pagetables:307 bounce:0
[  417.252037][T21788]  kernel_misc_reclaimable:0
[  417.252037][T21788]  free:28132 free_pcp:2196 free_cma:0
[  417.268368][T21788] Node 0 active_anon:3528kB inactive_anon:4kB active_file:4kB inactive_file:108kB unevictable:3504kB isolated(anon):0kB isolated(file):0kB mapped:224kB dirty:16kB writeback:0kB shmem:10552kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9500kB pagetables:1268kB sec_pagetables:1144kB all_unreclaimable? yes
[  417.279991][T21788] Node 1 active_anon:156944kB inactive_anon:148kB active_file:37228kB inactive_file:67936kB unevictable:3504kB isolated(anon):0kB isolated(file):0kB mapped:95132kB dirty:1632kB writeback:0kB shmem:135820kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3528kB pagetables:3556kB sec_pagetables:84kB all_unreclaimable? no
[  417.292937][T21788] Node 0 DMA free:2892kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:36kB unevictable:0kB writepending:8kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:80kB local_pcp:24kB free_cma:0kB
[  417.303663][T21788] lowmem_reserve[]: 0 294 294 294 294
[  417.306015][T21788] Node 0 DMA32 free:19500kB boost:2048kB min:15608kB low:18996kB high:22384kB reserved_highatomic:4096KB active_anon:3540kB inactive_anon:4kB active_file:0kB inactive_file:72kB unevictable:3504kB writepending:8kB present:1032196kB managed:301724kB mlocked:0kB bounce:0kB free_pcp:884kB local_pcp:352kB free_cma:0kB
[  417.317283][T21788] lowmem_reserve[]: 0 0 0 0 0
[  417.319204][T21788] Node 1 DMA32 free:92032kB boost:2048kB min:49192kB low:60976kB high:72760kB reserved_highatomic:6144KB active_anon:156968kB inactive_anon:148kB active_file:37228kB inactive_file:67936kB unevictable:3504kB writepending:1632kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:7428kB local_pcp:5044kB free_cma:0kB
[  417.331113][T21788] lowmem_reserve[]: 0 0 0 0 0
[  417.332964][T21788] Node 0 DMA: 37*4kB (UE) 37*8kB (UE) 21*16kB (UE) 12*32kB (UE) 7*64kB (UE) 4*128kB (UE) 3*256kB (E) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2892kB
[  417.338358][T21788] Node 0 DMA32: 683*4kB (UMH) 236*8kB (UMEH) 87*16kB (UMH) 87*32kB (UMEH) 53*64kB (UMEH) 15*128kB (UME) 5*256kB (UME) 0*512kB 2*1024kB (UM) 1*2048kB (M) 0*4096kB = 19484kB
[  417.344542][T21788] Node 1 DMA32: 234*4kB (UMEH) 76*8kB (UEH) 120*16kB (UMEH) 35*32kB (UEH) 65*64kB (UEH) 37*128kB (UEH) 10*256kB (UEH) 8*512kB (UEH) 24*1024kB (UM) 5*2048kB (UMH) 9*4096kB (UM) = 91816kB
[  417.350974][T21788] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  417.354540][T21788] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  417.357960][T21788] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  417.361532][T21788] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  417.365397][T21788] 63184 total pagecache pages
[  417.367398][T21788] 266 pages in swap cache
[  417.369099][T21788] Free swap  = 119084kB
[  417.370736][T21788] Total swap = 124996kB
[  417.372363][T21788] 524155 pages RAM
[  417.373939][T21788] 0 pages HighMem/MovableOnly
[  417.375753][T21788] 207821 pages reserved
[  417.377375][T21788] 0 pages cma reserved
[  417.516684][T21797] vxcan0: tx drop: invalid sa for name 0x0000000000000001
[  420.227355][T21902] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1558365176 (199470742528 ns) > initial count (55482769792 ns). Using initial count to start timer.
[  420.445556][    C1] vkms_vblank_simulate: vblank timer overrun
[  421.043207][T21960] lo: entered promiscuous mode
[  421.046645][T21960] lo: entered allmulticast mode
[  421.053897][T21960] lo: left allmulticast mode
[  421.056014][T21960] lo: left promiscuous mode
[  421.910061][T21985] block device autoloading is deprecated and will be removed.
[  421.963684][   T40] audit: type=1326 audit(1742583190.180:6622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21989 comm="syz.0.6595" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x0
[  422.489619][ T6021] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  422.539007][T22011] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6600'.
[  422.547725][T22011] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  422.550858][T22011] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  422.554562][T22011] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  422.572002][T22011] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  422.575176][T22011] vxlan0: entered promiscuous mode
[  422.650485][ T6021] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.656210][ T6021] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  422.660300][ T6021] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  422.665369][ T6021] usb 13-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  422.684066][ T6021] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.697025][ T6021] usb 13-1: config 0 descriptor??
[  423.171952][ T6021] plantronics 0003:047F:FFFF.0028: No inputs registered, leaving
[  423.181567][ T6021] plantronics 0003:047F:FFFF.0028: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  424.928958][T22083] vcan0 speed is unknown, defaulting to 1000
[  424.935365][T22083] vcan0 speed is unknown, defaulting to 1000
[  424.938324][T22083] vcan0 speed is unknown, defaulting to 1000
[  425.052226][T22083] infiniband syz1: set active
[  425.055547][ T6021] vcan0 speed is unknown, defaulting to 1000
[  425.059734][T22083] infiniband syz1: added vcan0
[  425.109188][T22083] RDS/IB: syz1: added
[  425.111901][T22083] smc: adding ib device syz1 with port count 1
[  425.116911][T22083] smc:    ib device syz1 port 1 has pnetid SYZ0 (user defined)
[  425.120710][ T6021] vcan0 speed is unknown, defaulting to 1000
[  425.124344][T22083] vcan0 speed is unknown, defaulting to 1000
[  425.189267][T22096] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6634'.
[  425.237304][ T6030] usb 13-1: USB disconnect, device number 5
[  425.248874][T22083] vcan0 speed is unknown, defaulting to 1000
[  425.393820][T22102] lo: entered promiscuous mode
[  425.396552][T22102] lo: entered allmulticast mode
[  425.399302][T22102] lo: left allmulticast mode
[  425.404273][T22102] lo: left promiscuous mode
[  425.457199][T22083] vcan0 speed is unknown, defaulting to 1000
[  425.589744][T22083] vcan0 speed is unknown, defaulting to 1000
[  425.674264][T22083] vcan0 speed is unknown, defaulting to 1000
[  426.374009][ T6021] IPVS: starting estimator thread 0...
[  426.464187][T22150] IPVS: using max 38 ests per chain, 91200 per kthread
[  427.503841][T22175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6660'.
[  427.507312][T22175] netlink: 'syz.1.6660': attribute type 1 has an invalid length.
[  427.715898][T22187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6667'.
[  427.957350][T22187] hsr_slave_1 (unregistering): left promiscuous mode
[  428.049352][T22201] vcan0 speed is unknown, defaulting to 1000
[  428.534626][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  428.654824][   T66] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  428.805609][   T66] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  428.810180][   T66] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  428.815752][   T66] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  428.819086][   T66] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.824213][T22220] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  428.834182][   T66] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  428.912381][T22251] netlink: del zone limit has 4 unknown bytes
[  429.149839][ T2294] usb 5-1: USB disconnect, device number 28
[  429.409973][T22274] netlink: 80 bytes leftover after parsing attributes in process `syz.6.6704'.
[  429.424773][T22274] netlink: 80 bytes leftover after parsing attributes in process `syz.6.6704'.
[  429.627867][T22286] Bluetooth: MGMT ver 1.23
[  430.736278][T22329] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6728'.
[  431.586723][T22387] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6753'.
[  431.723834][   T64] usb 11-1: new high-speed USB device number 14 using dummy_hcd
[  431.793703][T22387] hsr_slave_1 (unregistering): left promiscuous mode
[  431.885323][   T64] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.888835][   T64] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.891859][   T64] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  431.895837][   T64] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  431.898489][   T64] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.902067][   T64] usb 11-1: config 0 descriptor??
[  432.232846][T22417] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6767'.
[  432.317385][   T64] plantronics 0003:047F:FFFF.0029: No inputs registered, leaving
[  432.322698][   T64] plantronics 0003:047F:FFFF.0029: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  432.587161][ T6021] usb 11-1: USB disconnect, device number 14
[  433.328307][T22458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6784'.
[  433.476769][   T40] audit: type=1326 audit(1742583201.700:6623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22431 comm="syz.0.6773" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7fc00000
[  433.704055][ T5996] usb 13-1: new high-speed USB device number 6 using dummy_hcd
[  433.853906][ T5996] usb 13-1: Using ep0 maxpacket: 16
[  433.857934][ T5996] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  433.862554][ T5996] usb 13-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  433.865912][ T5996] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.869995][ T5996] usb 13-1: config 0 descriptor??
[  433.876889][ T5996] input: bcm5974 as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/input/input70
[  434.129711][ T5346] bcm5974 13-1:0.0: could not read from device
[  434.129820][ T6021] usb 13-1: USB disconnect, device number 6
[  434.141967][T22476] bcm5974 13-1:0.0: could not read from device
[  434.152316][ T6022] libceph: connect (1)[c::]:6789 error -22
[  434.154518][ T6022] libceph: mon0 (1)[c::]:6789 connect error
[  434.283977][T22509] ceph: No mds server is up or the cluster is laggy
[  434.359524][T22515] netlink: 'syz.6.6804': attribute type 27 has an invalid length.
[  434.510300][T22515] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  434.526033][T22515] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  434.628788][T22515] veth1_macvtap: left allmulticast mode
[  434.645457][T22515] macsec0: left allmulticast mode
[  434.655174][T22515] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  434.658540][T22515] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  434.661273][T22515] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  434.663928][T22515] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  434.669365][T22515] netdevsim netdevsim6 netdevsim0: left promiscuous mode
[  434.691933][T22515] team1: left promiscuous mode
[  434.695608][T22515] vlan0: left allmulticast mode
[  434.708392][T22515] ip6erspan0: left promiscuous mode
[  434.719924][T22515] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  434.725294][T22515] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  434.728217][T22515] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  434.731019][T22515] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  434.740121][T22515] vxlan0: left promiscuous mode
[  434.769423][T22516] 8021q: adding VLAN 0 to HW filter on device bond0
[  434.772863][T22516] 8021q: adding VLAN 0 to HW filter on device team0
[  434.780975][T22516] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  434.903502][T22532] kvm: Disabled LAPIC found during irq injection
[  434.948283][   T40] audit: type=1326 audit(1742583203.170:6624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22537 comm="syz.8.6814" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x0
[  435.947770][T15536] libceph: connect (1)[c::]:6789 error -22
[  435.950288][T15536] libceph: mon0 (1)[c::]:6789 connect error
[  435.996494][ T5996] libceph: connect (1)[c::]:6789 error -22
[  435.998712][ T5996] libceph: mon0 (1)[c::]:6789 connect error
[  436.214284][T15536] libceph: connect (1)[c::]:6789 error -22
[  436.216630][T15536] libceph: mon0 (1)[c::]:6789 connect error
[  436.254161][ T5996] libceph: connect (1)[c::]:6789 error -22
[  436.255987][ T5996] libceph: mon0 (1)[c::]:6789 connect error
[  436.637584][T22628] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  436.724179][T15536] libceph: connect (1)[c::]:6789 error -22
[  436.726050][T15536] libceph: mon0 (1)[c::]:6789 connect error
[  436.764344][ T5996] libceph: connect (1)[c::]:6789 error -22
[  436.766142][ T5996] libceph: mon0 (1)[c::]:6789 connect error
[  436.777547][T22606] ceph: No mds server is up or the cluster is laggy
[  436.778472][T22601] ceph: No mds server is up or the cluster is laggy
[  436.962959][T22642] random: crng reseeded on system resumption
[  437.146936][T22652] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  437.329173][T22667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6868'.
[  437.678336][T22686] overlay: filesystem on ./bus not supported
[  437.833289][T22705] Invalid ELF header len 8
[  438.145538][T22728] loop2: detected capacity change from 0 to 7
[  438.148421][T22728] Dev loop2: unable to read RDB block 7
[  438.150623][T22728]  loop2: unable to read partition table
[  438.153216][T22728] loop2: partition table beyond EOD, truncated
[  438.155877][T22728] loop_reread_partitions: partition scan of loop2 (ţ被xü—źŃŕ– ) failed (rc=-5)
[  438.341549][T22738] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6898'.
[  438.392356][T22740] 8021q: adding VLAN 0 to HW filter on device bond2
[  438.454098][   T66] usb 11-1: new high-speed USB device number 15 using dummy_hcd
[  438.580962][T22740] bond2 (unregistering): Released all slaves
[  438.614007][   T66] usb 11-1: Using ep0 maxpacket: 8
[  438.616814][   T66] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  438.620410][   T66] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  438.623144][   T66] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  438.626909][   T66] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  438.630805][   T66] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  438.633504][   T66] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.850122][   T66] usb 11-1: usb_control_msg returned -32
[  438.852337][   T66] usbtmc 11-1:16.0: can't read capabilities
[  438.983823][   T31] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  439.153992][   T31] usb 5-1: Using ep0 maxpacket: 16
[  439.158123][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  439.162576][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  439.166927][   T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  439.176256][   T31] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  439.180377][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.185157][   T31] usb 5-1: config 0 descriptor??
[  439.443827][ T6020] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  439.473841][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  439.592781][   T31] shield 0003:0955:7214.002A: unknown main item tag 0x0
[  439.593859][ T6020] usb 6-1: Using ep0 maxpacket: 8
[  439.595602][   T31] shield 0003:0955:7214.002A: unknown main item tag 0x0
[  439.598360][ T6020] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  439.599849][   T31] shield 0003:0955:7214.002A: unknown main item tag 0x0
[  439.602292][ T6020] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  439.605250][   T31] shield 0003:0955:7214.002A: unknown main item tag 0x0
[  439.605303][   T31] shield 0003:0955:7214.002A: unknown main item tag 0x0
[  439.606760][   T31] input: HID 0955:7214 Haptics as /devices/virtual/input/input71
[  439.610647][ T6020] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  439.618464][   T31] shield 0003:0955:7214.002A: Registered Thunderstrike controller
[  439.620190][ T6020] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  439.628841][ T6020] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  439.630526][   T31] shield 0003:0955:7214.002A: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  439.638010][ T6020] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  439.638037][ T6020] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.790901][T22746] random: crng reseeded on system resumption
[  439.806806][ T6022] shield 0003:0955:7214.002A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  439.807082][T15536] usb 5-1: USB disconnect, device number 29
[  439.811143][ T6022] shield 0003:0955:7214.002A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  439.811185][ T6022] shield 0003:0955:7214.002A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  439.811219][ T6022] shield 0003:0955:7214.002A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  439.859699][ T6020] usb 6-1: GET_CAPABILITIES returned 0
[  439.861763][ T6020] usbtmc 6-1:16.0: can't read capabilities
[  440.054952][   T36] usb 6-1: USB disconnect, device number 12
[  441.206382][T22788] netlink: 'syz.1.6918': attribute type 1 has an invalid length.
[  441.209571][T22788] netlink: 'syz.1.6918': attribute type 4 has an invalid length.
[  441.212626][T22788] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.6918'.
[  441.239640][ T2294] usb 11-1: USB disconnect, device number 15
[  441.404801][T22806] netlink: 188 bytes leftover after parsing attributes in process `syz.0.6927'.
[  441.408346][T22806] netlink: 'syz.0.6927': attribute type 1 has an invalid length.
[  441.421630][T22806] netlink: 188 bytes leftover after parsing attributes in process `syz.0.6927'.
[  441.425248][T22806] netlink: 'syz.0.6927': attribute type 1 has an invalid length.
[  441.466260][   T40] audit: type=1326 audit(1742583209.690:6625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.472475][   T40] audit: type=1326 audit(1742583209.690:6626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.479403][   T40] audit: type=1326 audit(1742583209.700:6627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.487083][   T40] audit: type=1326 audit(1742583209.700:6628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.493342][   T40] audit: type=1326 audit(1742583209.700:6629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.500962][   T40] audit: type=1326 audit(1742583209.710:6630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.523866][   T40] audit: type=1326 audit(1742583209.710:6631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.543215][   T40] audit: type=1326 audit(1742583209.710:6632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.560955][   T40] audit: type=1326 audit(1742583209.720:6633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.570307][   T40] audit: type=1326 audit(1742583209.720:6634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22813 comm="syz.0.6930" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  441.740224][T22828] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.743420][T22828] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.828190][T22828] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  441.839748][T22828] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.919544][T22828] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.923000][T22828] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.928022][T22828] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.931513][T22828] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  441.970914][T22828] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  442.266796][T22862] input: syz0 as /devices/virtual/input/input72
[  442.740555][T22913] Invalid ELF header len 8
[  443.938456][ T5965] Bluetooth: hci0: Malformed LE Event: 0x0d
[  444.813190][T22942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6964'.
[  445.318656][T22971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6977'.
[  445.510840][T22979] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  446.248503][T22991] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  446.251018][T22991] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  446.254345][T22991] vhci_hcd vhci_hcd.0: Device attached
[  446.261690][T22993] vhci_hcd: connection closed
[  446.262131][ T6738] vhci_hcd: stop threads
[  446.265711][ T6738] vhci_hcd: release socket
[  446.267169][ T6738] vhci_hcd: disconnect device
[  446.743991][   T31] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  446.893885][   T31] usb 6-1: Using ep0 maxpacket: 16
[  446.898355][   T31] usb 6-1: config 0 has no interfaces?
[  446.901067][   T31] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  446.905712][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.910254][   T31] usb 6-1: config 0 descriptor??
[  447.197448][ T6020] usb 6-1: USB disconnect, device number 13
[  447.811271][   T40] kauditd_printk_skb: 25 callbacks suppressed
[  447.811287][   T40] audit: type=1326 audit(1742583216.030:6660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  447.836588][   T40] audit: type=1326 audit(1742583216.030:6661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  447.863342][   T40] audit: type=1326 audit(1742583216.040:6662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  447.895446][   T40] audit: type=1326 audit(1742583216.040:6663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  447.914056][   T40] audit: type=1326 audit(1742583216.040:6664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  447.923644][   T40] audit: type=1326 audit(1742583216.060:6665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  447.935324][   T40] audit: type=1326 audit(1742583216.060:6666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  447.947333][   T40] audit: type=1326 audit(1742583216.060:6667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23066 comm="syz.1.7006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  448.151558][T23079] Invalid source name
[  448.154309][T23079] UBIFS error (pid: 23079): cannot open "./file0", error -22
[  448.202336][T23089] netlink: 1032 bytes leftover after parsing attributes in process `syz.6.7016'.
[  448.547669][T23120] netlink: 'syz.1.7029': attribute type 1 has an invalid length.
[  448.550670][T23120] netlink: 16179 bytes leftover after parsing attributes in process `syz.1.7029'.
[  448.617869][T23126] all: renamed from bridge_slave_0 (while UP)
[  449.233907][   T66] usb 11-1: new high-speed USB device number 16 using dummy_hcd
[  449.244039][   T36] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  449.393887][   T66] usb 11-1: Using ep0 maxpacket: 16
[  449.396836][   T36] usb 5-1: config 0 has no interfaces?
[  449.397913][   T66] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  449.400439][   T36] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  449.403022][   T66] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  449.406370][   T36] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  449.410088][   T66] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  449.412548][   T36] usb 5-1: Product: syz
[  449.418639][   T66] usb 11-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  449.418664][   T66] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.420045][   T66] usb 11-1: config 0 descriptor??
[  449.424188][   T36] usb 5-1: Manufacturer: syz
[  449.424200][   T36] usb 5-1: SerialNumber: syz
[  449.425122][   T36] usb 5-1: config 0 descriptor??
[  449.600816][T23167] netlink: 'syz.1.7051': attribute type 3 has an invalid length.
[  449.605498][T23167] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7051'.
[  449.643592][   T36] usb 5-1: USB disconnect, device number 30
[  449.841382][   T66] shield 0003:0955:7214.002B: unknown main item tag 0x0
[  449.844434][   T66] shield 0003:0955:7214.002B: unknown main item tag 0x0
[  449.847250][   T66] shield 0003:0955:7214.002B: unknown main item tag 0x0
[  449.849998][   T66] shield 0003:0955:7214.002B: unknown main item tag 0x0
[  449.852751][   T66] shield 0003:0955:7214.002B: unknown main item tag 0x0
[  449.856611][   T66] input: HID 0955:7214 Haptics as /devices/virtual/input/input73
[  449.864683][   T66] shield 0003:0955:7214.002B: Registered Thunderstrike controller
[  449.867869][   T66] shield 0003:0955:7214.002B: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0
[  450.045255][T23149] random: crng reseeded on system resumption
[  450.052737][ T6022] shield 0003:0955:7214.002B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  450.052829][ T6030] usb 11-1: USB disconnect, device number 16
[  450.057264][ T6022] shield 0003:0955:7214.002B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  450.057306][ T6022] shield 0003:0955:7214.002B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  450.068644][ T6022] shield 0003:0955:7214.002B: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  450.189986][   T40] audit: type=1804 audit(1742583218.410:6668): pid=23181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.7058" name="/newroot/1755/file0" dev="tmpfs" ino=9067 res=1 errno=0
[  450.377312][T23186] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7060'.
[  450.941629][T23215] ptrace attach of "/syz-executor exec"[23216] was attempted by "/syz-executor exec"[23215]
[  451.263043][T23234] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7081'.
[  451.408517][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  451.428910][T23243] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7085'.
[  451.682711][T23252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7088'.
[  451.820467][ T5965] Bluetooth: hci0: Dropping invalid advertising data
[  451.823086][ T5965] Bluetooth: hci0: Malformed LE Event: 0x02
[  451.928590][T23252] veth1_vlan (unregistering): left allmulticast mode
[  451.950740][T23252] macvlan0 (unregistering): left allmulticast mode
[  452.340902][T23283] vcan0 speed is unknown, defaulting to 1000
[  452.796388][T23322] vcan0 speed is unknown, defaulting to 1000
[  453.024278][T23345] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7128'.
[  453.082058][T23347] netfs: Couldn't get user pages (rc=-14)
[  453.350795][T23368] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7138'.
[  453.398975][T23372] netlink: 'syz.8.7139': attribute type 7 has an invalid length.
[  453.402118][T23372] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7139'.
[  453.484550][T23378] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  453.493389][T23378] hsr_slave_0: left promiscuous mode
[  453.759631][T23394] netfs: Couldn't get user pages (rc=-14)
[  453.896335][T23400] RDS: rds_bind could not find a transport for ::ffff:172.20.20.27, load rds_tcp or rds_rdma?
[  454.303796][  T833] usb 13-1: new high-speed USB device number 7 using dummy_hcd
[  454.444026][ T6020] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  454.476776][  T833] usb 13-1: Using ep0 maxpacket: 16
[  454.481951][  T833] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  454.486700][  T833] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  454.491112][  T833] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  454.497015][  T833] usb 13-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  454.500725][  T833] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.505229][  T833] usb 13-1: config 0 descriptor??
[  454.524975][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.528507][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.533033][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.538188][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.541105][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.544241][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.547259][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.551900][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.555771][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.559601][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.563465][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.567643][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.572121][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.576228][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.580311][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.583800][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.587021][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.590576][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.594594][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.598106][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.601405][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.603964][ T6020] usb 5-1: Using ep0 maxpacket: 8
[  454.604483][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.610089][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.615751][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.615764][ T6020] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  454.619899][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.619926][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.619944][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.628361][ T6020] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  454.631785][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.631810][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.631830][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.636565][ T6020] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.639060][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.639082][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.639100][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.639119][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.639137][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.657233][ T6020] usb 5-1: config 0 descriptor??
[  454.660031][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.660063][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.685642][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.688628][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.691799][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.695699][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.699246][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.703251][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: unknown main item tag 0x0
[  454.713305][ T6030] hid-generic 0000:007F:FFFFFFFE.002C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  454.889115][ T6020] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  454.933683][  T833] shield 0003:0955:7214.002D: unknown main item tag 0x0
[  454.936197][  T833] shield 0003:0955:7214.002D: unknown main item tag 0x0
[  454.938755][  T833] shield 0003:0955:7214.002D: unknown main item tag 0x0
[  454.941291][  T833] shield 0003:0955:7214.002D: unknown main item tag 0x0
[  454.944615][  T833] shield 0003:0955:7214.002D: unknown main item tag 0x0
[  454.948535][  T833] input: HID 0955:7214 Haptics as /devices/virtual/input/input74
[  454.955768][  T833] shield 0003:0955:7214.002D: Registered Thunderstrike controller
[  454.959121][  T833] shield 0003:0955:7214.002D: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.8-1/input0
[  455.089190][ T6020] usb 5-1: USB disconnect, device number 31
[  455.137723][ T6021] usb 13-1: USB disconnect, device number 7
[  455.140206][  T833] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  455.147478][  T833] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  455.156895][  T833] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  455.162311][  T833] shield 0003:0955:7214.002D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  455.821325][   T40] audit: type=1326 audit(1742583224.040:6669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.843819][   T40] audit: type=1326 audit(1742583224.040:6670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.858774][   T40] audit: type=1326 audit(1742583224.040:6671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.880270][   T40] audit: type=1326 audit(1742583224.040:6672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.903831][   T40] audit: type=1326 audit(1742583224.040:6673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.912071][   T40] audit: type=1326 audit(1742583224.040:6674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=75 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.922608][   T40] audit: type=1326 audit(1742583224.040:6675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.931551][   T40] audit: type=1326 audit(1742583224.040:6676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[  455.945234][   T40] audit: type=1326 audit(1742583224.040:6677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=181 compat=1 ip=0xf73de579 code=0x7ffc0000
[  456.068262][   T40] audit: type=1326 audit(1742583224.290:6678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23454 comm="syz.6.7176" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7ffc0000
[  456.322084][T23475] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1926430720 (3852861440 ns) > initial count (2369312970 ns). Using initial count to start timer.
[  456.331338][T23475] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4234274794 (67748396704 ns) > initial count (26801589552 ns). Using initial count to start timer.
[  456.713804][ T6030] usb 11-1: new high-speed USB device number 17 using dummy_hcd
[  456.874503][ T6030] usb 11-1: Using ep0 maxpacket: 16
[  456.879006][ T6030] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.883134][ T6030] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  456.893987][ T6030] usb 11-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  456.897385][ T6030] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.904573][ T6030] usb 11-1: config 0 descriptor??
[  457.320275][ T6030] kye 0003:0458:5016.002E: control desc unexpectedly large
[  457.328061][ T6030] input: HID 0458:5016 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5016.002E/input/input75
[  457.334817][ T6030] input: HID 0458:5016 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5016.002E/input/input76
[  457.391845][ T6030] kye 0003:0458:5016.002E: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.6-1/input0
[  457.423871][   T31] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  457.526950][ T6022] usb 11-1: USB disconnect, device number 17
[  457.593904][   T31] usb 6-1: Using ep0 maxpacket: 32
[  457.598756][   T31] usb 6-1: config 0 interface 0 has no altsetting 0
[  457.605722][   T31] usb 6-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=39.2b
[  457.610202][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.614303][   T31] usb 6-1: Product: syz
[  457.617032][   T31] usb 6-1: Manufacturer: syz
[  457.619131][   T31] usb 6-1: SerialNumber: syz
[  457.623970][   T31] usb 6-1: config 0 descriptor??
[  457.637733][   T31] usb 6-1: Direct firmware load for BCM2033-MD.hex failed with error -2
[  457.641435][   T31] usb 6-1: Falling back to sysfs fallback for: BCM2033-MD.hex
[  458.403016][T23547] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7216'.
[  458.413957][ T6022] libceph: connect (1)[c::]:6789 error -101
[  458.416461][ T6022] libceph: mon0 (1)[c::]:6789 connect error
[  458.444022][T23544] ceph: No mds server is up or the cluster is laggy
[  458.676698][T23561] netlink: 'syz.1.7222': attribute type 7 has an invalid length.
[  458.679328][T23561] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7222'.
[  459.372298][T23596] netlink: 'syz.6.7237': attribute type 1 has an invalid length.
[  459.379721][T23596] netlink: 'syz.6.7237': attribute type 4 has an invalid length.
[  459.383102][T23596] netlink: 15363 bytes leftover after parsing attributes in process `syz.6.7237'.
[  459.454835][T23598] netlink: 'syz.6.7238': attribute type 4 has an invalid length.
[  459.468231][T23598] netlink: 'syz.6.7238': attribute type 4 has an invalid length.
[  459.695290][T23605] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7241'.
[  460.373673][T23625] netlink: 'syz.1.7250': attribute type 1 has an invalid length.
[  460.382721][T23629] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  460.388066][T23629] batman_adv: batadv0: Adding interface: ip6gretap1
[  460.391156][T23629] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  460.419503][T23629] batman_adv: batadv0: Interface activated: ip6gretap1
[  460.437177][T23630] netlink: 'syz.1.7250': attribute type 1 has an invalid length.
[  460.477372][T23628] netfs: Couldn't get user pages (rc=-14)
[  461.152270][T23669] Invalid ELF header magic: != ELF
[  462.516174][T23702] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7282'.
[  462.525733][T23702] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  462.529047][T23702] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  462.532421][T23702] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  462.536616][T23702] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  462.553547][T23702] netdevsim netdevsim8 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  462.557462][T23702] netdevsim netdevsim8 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  462.561038][T23702] netdevsim netdevsim8 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  462.564416][T23702] netdevsim netdevsim8 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  462.892440][T23716] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7288'.
[  462.938761][T23720] netlink: 'syz.8.7290': attribute type 1 has an invalid length.
[  462.955458][T23720] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.979346][T23720] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.982390][T23720] bond0: (slave vcan1): The slave device specified does not support setting the MAC address
[  462.987980][T23720] bond0: (slave vcan1): Error -95 calling set_mac_address
[  463.321802][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  463.321821][   T40] audit: type=1326 audit(1742583231.540:6683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23724 comm="syz.8.7292" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7fc00000
[  463.473169][    C3] vkms_vblank_simulate: vblank timer overrun
[  463.608109][    C3] vkms_vblank_simulate: vblank timer overrun
[  464.042180][   T40] audit: type=1326 audit(1742583232.250:6684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23724 comm="syz.8.7292" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73fe579 code=0x7fc00000
[  464.397549][T23750] 9pnet: p9_errstr2errno: server reported unknown error ¤ŃĹl0î„&IŘü0‚Ń(|9Ę’ĺ0%cŢ»ŘŢż˘
[  464.438857][   T40] audit: type=1326 audit(1742583232.660:6685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23751 comm="syz.6.7304" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73de579 code=0x0
[  464.766489][T23761] netlink: 'syz.0.7307': attribute type 1 has an invalid length.
[  464.783954][T23761] 8021q: adding VLAN 0 to HW filter on device bond2
[  464.811244][T23761] 8021q: adding VLAN 0 to HW filter on device bond2
[  464.816191][T23761] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  464.822641][T23761] bond2: (slave vcan1): Error -95 calling set_mac_address
[  465.207682][T23774] vcan0 speed is unknown, defaulting to 1000
[  465.329180][    C3] vkms_vblank_simulate: vblank timer overrun
[  465.353502][  T833] hid-generic 0000:0003:0000.002F: unknown main item tag 0x0
[  465.359260][  T833] hid-generic 0000:0003:0000.002F: unknown main item tag 0x0
[  465.363249][  T833] hid-generic 0000:0003:0000.002F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  465.861706][T23802] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  466.034442][T23810] vcan0 speed is unknown, defaulting to 1000
[  466.294443][   T40] audit: type=1326 audit(1742583234.520:6686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23816 comm="syz.6.7331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x7fc00000
[  466.946146][   T40] audit: type=1326 audit(1742583235.160:6687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23816 comm="syz.6.7331" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73de579 code=0x7fc00000
[  467.212123][T23847] vcan0 speed is unknown, defaulting to 1000
[  467.217136][   T40] audit: type=1800 audit(1742583235.440:6688): pid=23854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.7345" name="file1" dev="overlay" ino=1687 res=0 errno=0
[  467.314119][ T5965] Bluetooth: hci2: command tx timeout
[  467.452652][T23859] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7347'.
[  467.847398][   T40] audit: type=1326 audit(1742583236.070:6689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23868 comm="syz.0.7352" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7fc00000
[  468.566029][   T40] audit: type=1326 audit(1742583236.790:6690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23868 comm="syz.0.7352" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf743e579 code=0x7fc00000
[  468.657477][T23900] netlink: 20 bytes leftover after parsing attributes in process `syz.8.7364'.
[  469.078911][T23931] netlink: 'syz.8.7378': attribute type 4 has an invalid length.
[  469.530485][T23961] 9pnet: p9_errstr2errno: server reported unknown error `©Ó>+&ë
[  470.014925][T23979] netfs: Couldn't get user pages (rc=-14)
[  470.161312][T23985] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7400'.
[  470.164562][   T36] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  470.170968][T23985] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  470.173683][T23985] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  470.177165][T23985] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  470.181018][T23985] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  470.188794][T23985] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  470.194444][T23985] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  470.199948][T23985] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  470.205148][T23985] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  470.333894][   T36] usb 5-1: Using ep0 maxpacket: 8
[  470.337601][   T36] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  470.342219][   T36] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  470.346674][   T36] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  470.350789][   T36] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  470.357841][   T36] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  470.362753][   T36] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  470.367485][   T36] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.402943][T23989] netfs: Couldn't get user pages (rc=-14)
[  470.468842][  T833] hid-generic 0000:0003:0000.0030: unknown main item tag 0x0
[  470.471450][  T833] hid-generic 0000:0003:0000.0030: unknown main item tag 0x0
[  470.484707][  T833] hid-generic 0000:0003:0000.0030: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  470.586335][   T36] usb 5-1: GET_CAPABILITIES returned 0
[  470.589254][   T36] usbtmc 5-1:16.0: can't read capabilities
[  470.800475][  T833] usb 5-1: USB disconnect, device number 32
[  471.268560][   T40] audit: type=1800 audit(1742583239.490:6691): pid=24008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.7404" name="file1" dev="overlay" ino=4603 res=0 errno=0
[  471.435502][T24017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7408'.
[  471.560888][T24022] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  472.174038][ T5831] usb 13-1: new high-speed USB device number 8 using dummy_hcd
[  472.324020][ T5831] usb 13-1: Using ep0 maxpacket: 8
[  472.327686][ T5831] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  472.331010][ T5831] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  472.334953][ T5831] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  472.338179][ T5831] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  472.341850][ T5831] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  472.346770][ T5831] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  472.350806][ T5831] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.566684][ T5831] usb 13-1: GET_CAPABILITIES returned 0
[  472.569161][ T5831] usbtmc 13-1:16.0: can't read capabilities
[  472.770368][ T5831] usb 13-1: USB disconnect, device number 8
[  473.323065][T24079] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7439'.
[  473.375882][T24082] netlink: 96 bytes leftover after parsing attributes in process `syz.0.7441'.
[  473.528851][T24092] netlink: 'syz.6.7447': attribute type 3 has an invalid length.
[  473.531931][T24092] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.7447'.
[  473.539467][T24092] tc_dump_action: action bad kind
[  473.612647][T24095] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7448'.
[  475.975021][T24147] syzkaller0: entered promiscuous mode
[  475.977264][T24147] syzkaller0: entered allmulticast mode
[  477.434987][T24160] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1926430720 (3852861440 ns) > initial count (2369312970 ns). Using initial count to start timer.
[  477.443048][T24160] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4234274794 (67748396704 ns) > initial count (26801589552 ns). Using initial count to start timer.
[  480.433506][T24216] netlink: 96 bytes leftover after parsing attributes in process `syz.6.7497'.
[  480.773443][T24238] "syz.8.7507" (24238) uses obsolete ecb(arc4) skcipher
[  480.816244][   T40] audit: type=1326 audit(1742583249.040:6692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24246 comm="syz.6.7508" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73de579 code=0x0
[  481.261237][   T66] usb 13-1: new high-speed USB device number 9 using dummy_hcd
[  481.425246][   T66] usb 13-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  481.431441][   T66] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  481.436179][   T66] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  481.442077][   T66] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  481.447794][   T66] usb 13-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  481.451258][   T66] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.455678][   T66] usb 13-1: config 0 descriptor??
[  481.459602][T24256] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  481.809857][ T6021] kernel write not supported for file [eventfd] (pid: 6021 comm: kworker/0:4)
[  481.880357][   T66] plantronics 0003:047F:FFFF.0031: unknown main item tag 0xd
[  481.884789][   T66] plantronics 0003:047F:FFFF.0031: No inputs registered, leaving
[  481.889785][   T66] plantronics 0003:047F:FFFF.0031: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  482.135714][ T6021] usb 13-1: USB disconnect, device number 9
[  482.514024][  T833] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  482.673953][  T833] usb 5-1: Using ep0 maxpacket: 16
[  482.681545][  T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  482.685725][  T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.689413][  T833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  482.693827][  T833] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  482.696651][  T833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.699864][  T833] usb 5-1: config 0 descriptor??
[  483.116304][  T833] shield 0003:0955:7214.0032: unknown main item tag 0x0
[  483.119127][  T833] shield 0003:0955:7214.0032: unknown main item tag 0x0
[  483.122066][  T833] shield 0003:0955:7214.0032: unknown main item tag 0x0
[  483.125179][  T833] shield 0003:0955:7214.0032: unknown main item tag 0x0
[  483.127988][  T833] shield 0003:0955:7214.0032: unknown main item tag 0x0
[  483.132852][  T833] input: HID 0955:7214 Haptics as /devices/virtual/input/input78
[  483.140359][  T833] shield 0003:0955:7214.0032: Registered Thunderstrike controller
[  483.143530][  T833] shield 0003:0955:7214.0032: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  483.325679][   T36] usb 5-1: USB disconnect, device number 33
[  483.334071][  T833] shield 0003:0955:7214.0032: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  483.340430][  T833] shield 0003:0955:7214.0032: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  483.348321][  T833] shield 0003:0955:7214.0032: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  483.352673][  T833] shield 0003:0955:7214.0032: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  483.524060][T24325] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7544'.
[  483.944773][T24340] netlink: 'syz.6.7551': attribute type 1 has an invalid length.
[  484.854154][   T66] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  485.045794][   T66] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  485.049414][   T66] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  485.052455][   T66] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.060375][   T66] usb 5-1: config 0 descriptor??
[  485.064593][   T66] ldusb 5-1:0.0: Interrupt in endpoint not found
[  485.146819][T24377] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7567'.
[  485.277841][   T36] usb 5-1: USB disconnect, device number 34
[  485.670416][T24401] GUP no longer grows the stack in syz.6.7578 (24401): 80004000-8000a000 (80002000)
[  485.678310][T24401] CPU: 3 UID: 0 PID: 24401 Comm: syz.6.7578 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[  485.678334][T24401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  485.678346][T24401] Call Trace:
[  485.678351][T24401]  <TASK>
[  485.678359][T24401]  dump_stack_lvl+0x16c/0x1f0
[  485.678460][T24401]  gup_vma_lookup+0x1d2/0x220
[  485.678485][T24401]  __get_user_pages+0x236/0x36f0
[  485.678569][T24401]  ? find_held_lock+0x2d/0x110
[  485.678592][T24401]  ? mtree_load+0x30a/0xa40
[  485.678661][T24401]  ? __pfx_lock_release+0x10/0x10
[  485.678686][T24401]  ? __pfx___get_user_pages+0x10/0x10
[  485.678721][T24401]  get_user_pages_remote+0x25e/0xb30
[  485.678751][T24401]  ? __pfx_get_user_pages_remote+0x10/0x10
[  485.678782][T24401]  __access_remote_vm+0x235/0x7a0
[  485.678803][T24401]  ? __pfx___access_remote_vm+0x10/0x10
[  485.678820][T24401]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  485.678842][T24401]  proc_pid_cmdline_read+0x4f5/0x900
[  485.678866][T24401]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  485.678887][T24401]  ? rw_verify_area+0xcf/0x680
[  485.678905][T24401]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  485.678923][T24401]  vfs_readv+0x6c2/0x8a0
[  485.678940][T24401]  ? __pfx___lock_acquire+0x10/0x10
[  485.678967][T24401]  ? __pfx_vfs_readv+0x10/0x10
[  485.678991][T24401]  ? __fget_files+0x1fc/0x3a0
[  485.679013][T24401]  ? __pfx_lock_release+0x10/0x10
[  485.679043][T24401]  ? __fget_files+0x206/0x3a0
[  485.679070][T24401]  ? do_preadv+0x1b1/0x270
[  485.679087][T24401]  do_preadv+0x1b1/0x270
[  485.679106][T24401]  ? __pfx_do_preadv+0x10/0x10
[  485.679130][T24401]  __do_fast_syscall_32+0x73/0x120
[  485.679155][T24401]  do_fast_syscall_32+0x32/0x80
[  485.679178][T24401]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  485.679202][T24401] RIP: 0023:0xf73de579
[  485.679217][T24401] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  485.679233][T24401] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 000000000000014d
[  485.679252][T24401] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  485.679263][T24401] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000
[  485.679273][T24401] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  485.679282][T24401] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  485.679291][T24401] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  485.679311][T24401]  </TASK>
[  486.219281][T24431] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  486.222415][T24431] overlayfs: failed to set xattr on upper
[  486.227537][T24431] overlayfs: ...falling back to redirect_dir=nofollow.
[  486.230609][T24431] overlayfs: ...falling back to index=off.
[  486.251401][T24431] overlayfs: ...falling back to uuid=null.
[  486.253911][T24431] overlayfs: ...falling back to xino=off.
[  486.317651][T24436] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  486.325114][T24436] batman_adv: batadv0: Adding interface: ip6gretap2
[  486.327489][T24436] batman_adv: batadv0: Interface activated: ip6gretap2
[  486.475155][T24452] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7602'.
[  486.592979][T24468] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  486.598041][T24468] batman_adv: batadv0: Adding interface: ip6gretap1
[  486.600410][T24468] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  486.611994][T24468] batman_adv: batadv0: Interface activated: ip6gretap1
[  486.812485][T24484] bio_check_eod: 14 callbacks suppressed
[  486.812501][T24484] syz.8.7613: attempt to access beyond end of device
[  486.812501][T24484] loop17: rw=0, sector=0, nr_sectors = 1 limit=0
[  486.822563][T24484] FAT-fs (loop17): unable to read boot sector
[  487.876084][T24533] netlink: 'syz.1.7633': attribute type 1 has an invalid length.
[  487.879231][T24533] netlink: 'syz.1.7633': attribute type 4 has an invalid length.
[  487.883179][T24533] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.7633'.
[  488.716316][T24595] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7654'.
[  489.534177][T24628] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  489.536850][T24628] overlayfs: failed to set xattr on upper
[  489.539042][T24628] overlayfs: ...falling back to redirect_dir=nofollow.
[  489.541784][T24628] overlayfs: ...falling back to index=off.
[  489.544083][T24628] overlayfs: ...falling back to uuid=null.
[  490.042668][T21859] syz_tun (unregistering): left allmulticast mode
[  490.457384][   T68] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  490.473979][   T68] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  490.479582][   T68] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  490.484245][   T68] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  490.487093][   T68] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  490.492691][   T68] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  490.586246][T24657] vcan0 speed is unknown, defaulting to 1000
[  490.743521][T24657] chnl_net:caif_netlink_parms(): no params data found
[  490.837703][T24657] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.840224][T24657] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.842982][T24657] bridge_slave_0: entered allmulticast mode
[  490.846339][T24657] bridge_slave_0: entered promiscuous mode
[  490.852373][T24657] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.856164][T24657] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.859088][T24657] bridge_slave_1: entered allmulticast mode
[  490.862996][T24657] bridge_slave_1: entered promiscuous mode
[  490.917503][T24657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  490.925203][T24657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  490.944034][ T6022] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  490.959972][T24657] team0: Port device team_slave_0 added
[  490.963533][T24657] team0: Port device team_slave_1 added
[  490.996226][T24657] batman_adv: batadv0: Adding interface: batadv_slave_0
[  490.998740][T24657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  491.009049][T24657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  491.014111][T24657] batman_adv: batadv0: Adding interface: batadv_slave_1
[  491.016757][T24657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  491.028933][T24657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  491.069044][T24657] hsr_slave_0: entered promiscuous mode
[  491.072469][T24657] hsr_slave_1: entered promiscuous mode
[  491.075471][T24657] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  491.078232][T24657] Cannot create hsr debugfs directory
[  491.114007][ T6022] usb 5-1: Using ep0 maxpacket: 16
[  491.132830][ T6022] usb 5-1: config 0 has no interfaces?
[  491.139252][ T6022] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  491.142686][ T6022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.149369][ T6022] usb 5-1: config 0 descriptor??
[  491.449250][ T6022] usb 5-1: USB disconnect, device number 35
[  491.692382][T24680] overlayfs: statfs failed on './file0'
[  491.882181][T24657] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  491.888478][T24657] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  491.893953][T24657] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  491.912674][T24657] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  491.982065][T24657] 8021q: adding VLAN 0 to HW filter on device bond0
[  491.994321][T24657] 8021q: adding VLAN 0 to HW filter on device team0
[  492.001118][   T47] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.003370][   T47] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.019462][ T6707] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.022450][ T6707] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.068021][T24657] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  492.073251][T24657] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  492.243080][T24657] 8021q: adding VLAN 0 to HW filter on device batadv0
[  492.290371][T24657] veth0_vlan: entered promiscuous mode
[  492.301562][T24657] veth1_vlan: entered promiscuous mode
[  492.317750][T24657] veth0_macvtap: entered promiscuous mode
[  492.325861][T24657] veth1_macvtap: entered promiscuous mode
[  492.346668][T24657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.350751][T24657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.365482][T24657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.369294][T24657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.373363][T24657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.383772][T24657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.388397][T24657] batman_adv: batadv0: Interface activated: batadv_slave_0
[  492.402522][T24657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.413848][T24657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.423802][T24657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.427306][T24657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.439597][T24657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  492.449362][T24657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.457380][T24657] batman_adv: batadv0: Interface activated: batadv_slave_1
[  492.465657][T24657] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  492.469205][T24657] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  492.472827][T24657] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  492.476910][T24657] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  492.563122][ T6741] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.570608][ T6741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.583958][ T5965] Bluetooth: hci1: command tx timeout
[  492.593922][ T6710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.597088][ T6710] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.908516][T24785] ax25_connect(): syz.0.7711 uses autobind, please contact jreuter@yaina.de
[  493.009842][T24789] erofs (device loop1): cannot find valid erofs superblock
[  493.061813][T24796] "syz.0.7714" (24796) uses obsolete ecb(arc4) skcipher
[  493.513903][   T40] audit: type=1326 audit(1742583261.730:6693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24825 comm="syz.8.7719" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73fe579 code=0x0
[  494.328171][T24865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7721'.
[  494.664081][ T5965] Bluetooth: hci1: command tx timeout
[  494.983993][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  495.003923][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  495.351732][T24914] vcan0 speed is unknown, defaulting to 1000
[  496.063985][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  496.204005][   T40] audit: type=1326 audit(1742583264.420:6694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24952 comm="syz.8.7749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7fc00000
[  496.304109][   T40] audit: type=1326 audit(1742583264.520:6695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24952 comm="syz.8.7749" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf73fe579 code=0x7fc00000
[  496.312020][   T40] audit: type=1326 audit(1742583264.520:6696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24952 comm="syz.8.7749" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf73fe5a7 code=0x7fc00000
[  496.333973][   T40] audit: type=1326 audit(1742583264.520:6697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24952 comm="syz.8.7749" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf73fe579 code=0x7fc00000
[  496.743848][ T5965] Bluetooth: hci1: command tx timeout
[  497.373921][T24982] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7761'.
[  497.794799][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  498.629685][T25013] netlink: 'syz.0.7771': attribute type 4 has an invalid length.
[  498.641044][   T40] audit: type=1326 audit(1742583266.860:6698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25008 comm="syz.1.7772" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f75579 code=0x0
[  498.823909][ T5965] Bluetooth: hci1: command tx timeout
[  500.038796][T25051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7787'.
[  500.042731][T25051] veth0_to_hsr: entered promiscuous mode
[  500.045196][T25051] veth0_to_hsr: entered allmulticast mode
[  500.920038][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  502.992897][   T68] Bluetooth: hci2: command 0x0406 tx timeout
[  503.953405][T25093] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7802'.
[  505.515190][T25098] fuse: root generation should be zero
[  505.599072][   T40] audit: type=1326 audit(1742583273.810:6699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25104 comm="syz.3.7807" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7fc00000
[  505.653359][   T40] audit: type=1326 audit(1742583273.870:6700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25104 comm="syz.3.7807" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf742e579 code=0x7fc00000
[  505.663772][   T40] audit: type=1326 audit(1742583273.870:6701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25104 comm="syz.3.7807" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf742e5a7 code=0x7fc00000
[  505.674425][   T40] audit: type=1326 audit(1742583273.870:6702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25104 comm="syz.3.7807" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf742e579 code=0x7fc00000
[  505.989828][T25125] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  506.921025][   T68] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  506.927474][   T68] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  506.932153][   T68] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  506.946040][   T68] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  506.955445][   T68] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  506.960283][   T68] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  507.073355][   T40] audit: type=1326 audit(1742583275.290:6703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25169 comm="syz.0.7836" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7fc00000
[  507.086331][T25160] vcan0 speed is unknown, defaulting to 1000
[  507.129232][   T40] audit: type=1326 audit(1742583275.340:6704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25169 comm="syz.0.7836" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf743e579 code=0x7fc00000
[  507.144648][   T40] audit: type=1326 audit(1742583275.340:6705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25169 comm="syz.0.7836" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf743e5a7 code=0x7fc00000
[  507.193865][   T40] audit: type=1326 audit(1742583275.340:6706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25169 comm="syz.0.7836" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf743e579 code=0x7fc00000
[  507.309754][T25160] chnl_net:caif_netlink_parms(): no params data found
[  507.551720][T25160] bridge0: port 1(bridge_slave_0) entered blocking state
[  507.555609][T25160] bridge0: port 1(bridge_slave_0) entered disabled state
[  507.558431][T25160] bridge_slave_0: entered allmulticast mode
[  507.569284][T25160] bridge_slave_0: entered promiscuous mode
[  507.575789][T25160] bridge0: port 2(bridge_slave_1) entered blocking state
[  507.578562][T25160] bridge0: port 2(bridge_slave_1) entered disabled state
[  507.581348][T25160] bridge_slave_1: entered allmulticast mode
[  507.584103][T25160] bridge_slave_1: entered promiscuous mode
[  507.621972][T25160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  507.630728][T25160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  507.641040][ T6022] kernel write not supported for file [eventfd] (pid: 6022 comm: kworker/1:4)
[  507.712517][T25160] team0: Port device team_slave_0 added
[  507.744635][T25160] team0: Port device team_slave_1 added
[  507.786705][T25160] batman_adv: batadv0: Adding interface: batadv_slave_0
[  507.789783][T25160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.800781][T25160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  507.807836][T25160] batman_adv: batadv0: Adding interface: batadv_slave_1
[  507.814703][T25160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.824261][T25160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  507.891351][T25160] hsr_slave_0: entered promiscuous mode
[  507.904615][T25160] hsr_slave_1: entered promiscuous mode
[  507.907840][T25160] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  507.910741][T25160] Cannot create hsr debugfs directory
[  507.912948][T25198] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  507.979224][   T40] audit: type=1800 audit(1742583276.200:6707): pid=25205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7850" name="bus" dev="9p" ino=36831287 res=0 errno=0
[  508.136381][T25160] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.239237][T25160] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.343034][T25160] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.432989][T25160] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.554416][T25160] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  508.572109][T25160] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  508.577459][T25160] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  508.581937][T25160] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  508.638246][T25160] 8021q: adding VLAN 0 to HW filter on device bond0
[  508.672171][T25160] 8021q: adding VLAN 0 to HW filter on device team0
[  508.680601][ T6710] bridge0: port 1(bridge_slave_0) entered blocking state
[  508.683555][ T6710] bridge0: port 1(bridge_slave_0) entered forwarding state
[  508.691003][   T47] bridge0: port 2(bridge_slave_1) entered blocking state
[  508.693889][   T47] bridge0: port 2(bridge_slave_1) entered forwarding state
[  508.826157][T25160] 8021q: adding VLAN 0 to HW filter on device batadv0
[  509.031287][T25160] veth0_vlan: entered promiscuous mode
[  509.037707][T25160] veth1_vlan: entered promiscuous mode
[  509.054768][T25160] veth0_macvtap: entered promiscuous mode
[  509.068439][T25160] veth1_macvtap: entered promiscuous mode
[  509.074316][T21102] Bluetooth: hci0: command tx timeout
[  509.081476][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  509.087492][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.093775][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  509.097598][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.101148][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  509.113790][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.116362][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  509.119698][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.124858][T25160] batman_adv: batadv0: Interface activated: batadv_slave_0
[  509.131054][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  509.134397][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.137143][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  509.140053][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.143756][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  509.147837][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.151137][T25160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  509.155054][T25160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  509.160290][T25160] batman_adv: batadv0: Interface activated: batadv_slave_1
[  509.166025][T25160] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  509.169023][T25160] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  509.172353][T25160] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  509.176556][T25160] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  509.181299][T25236] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  509.281563][ T6741] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.287684][ T6741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.305096][   T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.308141][   T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.926207][T25264] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[  510.216047][T25278] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7873'.
[  510.513972][ T1467] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  510.599278][T25296] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[  510.673904][ T1467] usb 9-1: Using ep0 maxpacket: 16
[  510.677801][ T1467] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  510.682765][ T1467] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  510.687263][ T1467] usb 9-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  510.690535][ T1467] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.712324][ T1467] usb 9-1: config 0 descriptor??
[  510.926046][T25305] netlink: 'syz.8.7888': attribute type 1 has an invalid length.
[  510.934416][ T1467] usb 9-1: USB disconnect, device number 4
[  511.144969][T21102] Bluetooth: hci0: command tx timeout
[  511.249997][T25317] netlink: 'syz.8.7891': attribute type 4 has an invalid length.
[  512.286439][   T40] audit: type=1800 audit(1742583280.510:6708): pid=25350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.7904" name="bus" dev="9p" ino=36831287 res=0 errno=0
[  512.463848][T25237] usb 13-1: new high-speed USB device number 10 using dummy_hcd
[  512.623799][T25237] usb 13-1: Using ep0 maxpacket: 16
[  512.627749][T25237] usb 13-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  512.631377][T25237] usb 13-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  512.634663][T25237] usb 13-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  512.637758][T25237] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.644247][T25237] usb 13-1: config 0 descriptor??
[  512.855059][ T6013] usb 13-1: USB disconnect, device number 10
[  513.032294][T25355] 9pnet_virtio: no channels available for device syz
[  513.225287][T21102] Bluetooth: hci0: command tx timeout
[  513.262380][T25369] netlink: 'syz.3.7910': attribute type 4 has an invalid length.
[  514.693872][T25382] Set syz1 is full, maxelem 65536 reached
[  514.798334][   T40] audit: type=1800 audit(1742583283.020:6709): pid=25406 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7927" name="bus" dev="9p" ino=36831287 res=0 errno=0
[  515.304287][T21102] Bluetooth: hci0: command tx timeout
[  517.516720][T25433] gtp1: entered promiscuous mode
[  518.858461][T25429] Set syz1 is full, maxelem 65536 reached
[  518.978314][T25467] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7950'.
[  518.986571][T25467] bridge0: port 2(bridge_slave_1) entered disabled state
[  519.194350][T25467] bridge_slave_1 (unregistering): left allmulticast mode
[  519.200776][T25467] bridge_slave_1 (unregistering): left promiscuous mode
[  519.203613][T25467] bridge0: port 2(bridge_slave_1) entered disabled state
[  519.312226][T25469] gtp0: entered promiscuous mode
[  519.997995][T25507] gtp0: entered promiscuous mode
[  520.332883][T25519] Bluetooth: MGMT ver 1.23
[  520.915852][T25546] netlink: 1032 bytes leftover after parsing attributes in process `syz.8.7982'.
[  521.392123][   T31] Bluetooth: Mini driver request failed
[  521.431120][   T31] bcm203x 6-1:0.0: probe with driver bcm203x failed with error -5
[  521.435398][   T31] usb 6-1: USB disconnect, device number 14
[  522.490470][T25611] Set syz1 is full, maxelem 65536 reached
[  523.333218][T25610] overlayfs: statfs failed on './file0'
[  524.212824][T25659] ip6erspan0: entered allmulticast mode
[  524.630609][T25663] netlink: 'syz.4.8032': attribute type 1 has an invalid length.
[  524.668643][T25663] 8021q: adding VLAN 0 to HW filter on device bond1
[  524.686526][T25663] bond1: (slave ip6gretap1): making interface the new active one
[  524.690969][T25663] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  524.803812][T25675] »»»»»»aaaaaaaaa: renamed from lo
[  524.878877][T25673] netlink: 'syz.8.8034': attribute type 1 has an invalid length.
[  524.883261][T25673] netlink: 208292 bytes leftover after parsing attributes in process `syz.8.8034'.
[  524.891941][T25673] netlink: 'syz.8.8034': attribute type 2 has an invalid length.
[  524.897728][T25673] netlink: 'syz.8.8034': attribute type 1 has an invalid length.
[  524.989226][T25684] Invalid ELF header magic: != ELF
[  525.308618][T25696] vcan0 speed is unknown, defaulting to 1000
[  525.531897][T25696] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8045'.
[  525.543114][T25709] Invalid ELF header magic: != ELF
[  525.866128][T25725] Invalid ELF header magic: != ELF
[  526.359659][T25748] Invalid ELF header magic: != ELF
[  526.945253][   T40] audit: type=1326 audit(1742583295.170:6710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25767 comm="syz.8.8083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7fc00000
[  526.955188][   T40] audit: type=1326 audit(1742583295.170:6711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25767 comm="syz.8.8083" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73fe579 code=0x7fc00000
[  527.077827][T25774] netlink: 'syz.4.8077': attribute type 1 has an invalid length.
[  527.080944][T25774] netlink: 208292 bytes leftover after parsing attributes in process `syz.4.8077'.
[  527.085374][T25774] netlink: 'syz.4.8077': attribute type 2 has an invalid length.
[  527.088776][T25774] netlink: 'syz.4.8077': attribute type 1 has an invalid length.
[  527.621530][   T40] audit: type=1326 audit(1742583295.840:6712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25767 comm="syz.8.8083" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x7fc00000
[  527.677104][T25789] netlink: 'syz.8.8085': attribute type 1 has an invalid length.
[  527.734819][T25789] 8021q: adding VLAN 0 to HW filter on device bond2
[  527.741859][T25792] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  527.756667][T25793] bond2: (slave ip6gretap3): making interface the new active one
[  527.760859][T25793] bond2: (slave ip6gretap3): Enslaving as an active interface with an up link
[  527.787581][T25753] Set syz1 is full, maxelem 65536 reached
[  528.228935][T25827] Invalid ELF header magic: != ELF
[  528.557755][T25856] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  528.818477][T25880] netlink: 96 bytes leftover after parsing attributes in process `syz.0.8127'.
[  528.968499][   T40] audit: type=1326 audit(1742583297.190:6713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25892 comm="syz.0.8133" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  528.978834][   T40] audit: type=1326 audit(1742583297.190:6714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25892 comm="syz.0.8133" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  528.989099][   T40] audit: type=1326 audit(1742583297.190:6715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25892 comm="syz.0.8133" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf743e579 code=0x7ffc0000
[  528.997652][   T40] audit: type=1326 audit(1742583297.190:6716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25892 comm="syz.0.8133" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  529.006754][   T40] audit: type=1326 audit(1742583297.190:6717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25892 comm="syz.0.8133" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  529.017472][   T40] audit: type=1326 audit(1742583297.190:6718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25892 comm="syz.0.8133" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf743e579 code=0x7ffc0000
[  529.032531][   T40] audit: type=1326 audit(1742583297.200:6719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25892 comm="syz.0.8133" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7ffc0000
[  529.120849][T25903] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  529.236850][T25914] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  529.290679][T25919] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  529.296522][T25919] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  529.590641][T25937] Invalid option length (1025206) for dns_resolver key
[  529.921757][T25955] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input79
[  530.504121][T24746] usb 13-1: new high-speed USB device number 11 using dummy_hcd
[  530.664072][T24746] usb 13-1: Using ep0 maxpacket: 8
[  530.682103][T24746] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  530.690480][T24746] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  530.699234][T24746] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  530.707437][T24746] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  530.710983][T24746] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  530.718695][T24746] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  530.726245][T24746] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.747212][T25989] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  530.962444][T24746] usb 13-1: GET_CAPABILITIES returned 0
[  530.965264][T24746] usbtmc 13-1:16.0: can't read capabilities
[  532.183941][   T68] Bluetooth: hci0: command 0x0405 tx timeout
[  533.275805][ T6020] usb 13-1: USB disconnect, device number 11
[  533.466752][T26001] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  533.470621][T21102] Bluetooth: hci2: command 0x0406 tx timeout
[  533.473460][T26001] Bluetooth: hci2: Opcode 0x0406 failed: -110
[  534.275326][T26001] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  534.278474][T26001] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  534.281764][T26001] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  534.289129][T26001] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  534.291653][T26001] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  534.326824][T26001] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  535.543935][   T68] Bluetooth: hci1: command 0x0c1a tx timeout
[  535.546774][   T68] Bluetooth: hci2: command 0x0406 tx timeout
[  536.343981][T21102] Bluetooth: hci0: command 0x0405 tx timeout
[  536.515047][T21102] Bluetooth: hci0: unexpected event for opcode 0x2035
[  536.803614][T26159] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  536.809051][T26159] overlayfs: failed to set xattr on upper
[  536.811519][T26159] overlayfs: ...falling back to redirect_dir=nofollow.
[  536.814608][T26159] overlayfs: ...falling back to index=off.
[  536.817809][T26159] overlayfs: ...falling back to uuid=null.
[  536.821196][T26159] overlayfs: maximum fs stacking depth exceeded
[  537.624627][T21102] Bluetooth: hci1: command 0x0c1a tx timeout
[  537.980170][   T40] kauditd_printk_skb: 33 callbacks suppressed
[  537.980183][   T40] audit: type=1804 audit(1742583306.200:6753): pid=26197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.8264" name="/newroot/560/file0/bus" dev="ramfs" ino=127891 res=1 errno=0
[  538.123426][T26201] ------------[ cut here ]------------
[  538.127003][T26201] refcount_t: underflow; use-after-free.
[  538.130519][T26201] WARNING: CPU: 3 PID: 26201 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  538.137103][T26201] Modules linked in:
[  538.140552][T26201] CPU: 3 UID: 0 PID: 26201 Comm: syz.8.8266 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[  538.145020][T26201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  538.151735][T26201] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  538.154581][T26201] Code: ff 89 de e8 e8 34 f7 fc 84 db 0f 85 66 ff ff ff e8 3b 3a f7 fc c6 05 ef 62 88 0b 01 90 48 c7 c7 e0 06 d3 8b e8 27 6b b7 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 18 3a f7 fc 0f b6 1d ca 62 88 0b 31
[  538.165538][T26201] RSP: 0018:ffffc90007db79b8 EFLAGS: 00010282
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  538.168832][T26201] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9002beec000
[  538.184393][T26201] RDX: 0000000000080000 RSI: ffffffff817a2276 RDI: 0000000000000001
[  538.187454][T26201] RBP: ffff88806204f2d0 R08: 0000000000000001 R09: 0000000000000000
[  538.190613][T26201] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[  538.193590][T26201] R13: 0000000000000000 R14: ffff88806204f2d0 R15: ffff88801ec16000
[  538.196928][T26201] FS:  0000000000000000(0000) GS:ffff88802b700000(0063) knlGS:00000000f5086b40
[  538.201147][T26201] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  538.203622][T26201] CR2: 000000000c2d6b1e CR3: 000000005d538000 CR4: 0000000000352ef0
[  538.206729][T26201] DR0: 0000000000000003 DR1: 0000000000000002 DR2: 0000000000000008
[  538.209963][T26201] DR3: 1000000100000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  538.213156][T26201] Call Trace:
[  538.214543][T26201]  <TASK>
[  538.215704][T26201]  ? __warn+0xea/0x3c0
[  538.217489][T26201]  ? __pfx_vprintk_emit+0x10/0x10
[  538.219200][T26201]  ? refcount_warn_saturate+0x14a/0x210
[  538.221273][T26201]  ? report_bug+0x3c0/0x580
[  538.223053][T26201]  ? handle_bug+0x54/0xa0
[  538.225623][T26201]  ? exc_invalid_op+0x17/0x50
[  538.232677][T26201]  ? asm_exc_invalid_op+0x1a/0x20
[  538.235620][T26201]  ? __warn_printk+0x1a6/0x350
[  538.238893][T26201]  ? refcount_warn_saturate+0x14a/0x210
[  538.241264][T26201]  ? refcount_warn_saturate+0x149/0x210
[  538.243632][T26201]  io_tx_ubuf_complete+0x236/0x280
[  538.247353][T26201]  ? __io_submit_flush_completions+0xb85/0x1df0
[  538.250075][T26201]  io_send_zc_cleanup+0x8a/0x1c0
[  538.252095][T26201]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[  538.254631][T26201]  __io_submit_flush_completions+0xcb3/0x1df0
[  538.257161][T26201]  ctx_flush_and_put.constprop.0+0x9a/0x410
[  538.259463][T26201]  io_handle_tw_list+0x3df/0x540
[  538.261432][T26201]  ? __pfx_io_handle_tw_list+0x10/0x10
[  538.263471][T26201]  ? lock_acquire.part.0+0x11b/0x380
[  538.265613][T26201]  ? find_held_lock+0x2d/0x110
[  538.267560][T26201]  tctx_task_work_run+0xac/0x390
[  538.269955][T26201]  tctx_task_work+0x7b/0xd0
[  538.272068][T26201]  ? __pfx_tctx_task_work+0x10/0x10
[  538.274318][T26201]  ? _raw_spin_unlock_irq+0x23/0x50
[  538.276329][T26201]  ? lockdep_hardirqs_on+0x7c/0x110
[  538.278114][T26201]  task_work_run+0x14e/0x250
[  538.279698][T26201]  ? __pfx_task_work_run+0x10/0x10
[  538.281479][T26201]  get_signal+0x1d3/0x26c0
[  538.283039][T26201]  ? __pfx_get_signal+0x10/0x10
[  538.285003][T26201]  ? fput+0x67/0x440
[  538.286553][T26201]  ? __do_sys_io_uring_enter+0x60f/0x1670
[  538.288780][T26201]  arch_do_signal_or_restart+0x90/0x7e0
[  538.291127][T26201]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  538.293941][T26201]  ? rcu_is_watching+0x12/0xc0
[  538.295830][T26201]  syscall_exit_to_user_mode+0x150/0x2a0
[  538.297923][T26201]  __do_fast_syscall_32+0x80/0x120
[  538.299861][T26201]  do_fast_syscall_32+0x32/0x80
[  538.301784][T26201]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  538.304174][T26201] RIP: 0023:0xf73fe579
[  538.305746][T26201] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  538.313682][T26201] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  538.317242][T26201] RAX: 0000000000000800 RBX: 0000000000000003 RCX: 00000000000047bc
[  538.320625][T26201] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  538.323685][T26201] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  538.327018][T26201] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  538.329975][T26201] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  538.333526][T26201]  </TASK>
[  538.335108][T26201] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  538.338101][T26201] CPU: 3 UID: 0 PID: 26201 Comm: syz.8.8266 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[  538.342975][T26201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  538.348150][T26201] Call Trace:
[  538.349816][T26201]  <TASK>
[  538.350914][T26201]  dump_stack_lvl+0x3d/0x1f0
[  538.352703][T26201]  panic+0x71d/0x800
[  538.354238][T26201]  ? __pfx_panic+0x10/0x10
[  538.356058][T26201]  ? show_trace_log_lvl+0x29d/0x3d0
[  538.358469][T26201]  ? refcount_warn_saturate+0x14a/0x210
[  538.361365][T26201]  check_panic_on_warn+0xab/0xb0
[  538.363337][T26201]  __warn+0xf6/0x3c0
[  538.365048][T26201]  ? __pfx_vprintk_emit+0x10/0x10
[  538.367074][T26201]  ? refcount_warn_saturate+0x14a/0x210
[  538.369231][T26201]  report_bug+0x3c0/0x580
[  538.371038][T26201]  handle_bug+0x54/0xa0
[  538.372668][T26201]  exc_invalid_op+0x17/0x50
[  538.374635][T26201]  asm_exc_invalid_op+0x1a/0x20
[  538.376524][T26201] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  538.379035][T26201] Code: ff 89 de e8 e8 34 f7 fc 84 db 0f 85 66 ff ff ff e8 3b 3a f7 fc c6 05 ef 62 88 0b 01 90 48 c7 c7 e0 06 d3 8b e8 27 6b b7 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 18 3a f7 fc 0f b6 1d ca 62 88 0b 31
[  538.386250][T26201] RSP: 0018:ffffc90007db79b8 EFLAGS: 00010282
[  538.388916][T26201] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9002beec000
[  538.392646][T26201] RDX: 0000000000080000 RSI: ffffffff817a2276 RDI: 0000000000000001
[  538.396742][T26201] RBP: ffff88806204f2d0 R08: 0000000000000001 R09: 0000000000000000
[  538.400678][T26201] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[  538.404549][T26201] R13: 0000000000000000 R14: ffff88806204f2d0 R15: ffff88801ec16000
[  538.407282][T26201]  ? __warn_printk+0x1a6/0x350
[  538.408952][T26201]  ? refcount_warn_saturate+0x149/0x210
[  538.410871][T26201]  io_tx_ubuf_complete+0x236/0x280
[  538.412660][T26201]  ? __io_submit_flush_completions+0xb85/0x1df0
[  538.414954][T26201]  io_send_zc_cleanup+0x8a/0x1c0
[  538.416822][T26201]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[  538.418977][T26201]  __io_submit_flush_completions+0xcb3/0x1df0
[  538.421051][T26201]  ctx_flush_and_put.constprop.0+0x9a/0x410
[  538.423188][T26201]  io_handle_tw_list+0x3df/0x540
[  538.424954][T26201]  ? __pfx_io_handle_tw_list+0x10/0x10
[  538.427000][T26201]  ? lock_acquire.part.0+0x11b/0x380
[  538.429232][T26201]  ? find_held_lock+0x2d/0x110
[  538.430902][T26201]  tctx_task_work_run+0xac/0x390
[  538.432698][T26201]  tctx_task_work+0x7b/0xd0
[  538.434649][T26201]  ? __pfx_tctx_task_work+0x10/0x10
[  538.436549][T26201]  ? _raw_spin_unlock_irq+0x23/0x50
[  538.438378][T26201]  ? lockdep_hardirqs_on+0x7c/0x110
[  538.439918][T26201]  task_work_run+0x14e/0x250
[  538.442061][T26201]  ? __pfx_task_work_run+0x10/0x10
[  538.443780][T26201]  get_signal+0x1d3/0x26c0
[  538.445455][T26201]  ? __pfx_get_signal+0x10/0x10
[  538.447164][T26201]  ? fput+0x67/0x440
[  538.448492][T26201]  ? __do_sys_io_uring_enter+0x60f/0x1670
[  538.450507][T26201]  arch_do_signal_or_restart+0x90/0x7e0
[  538.452546][T26201]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  538.454867][T26201]  ? rcu_is_watching+0x12/0xc0
[  538.456814][T26201]  syscall_exit_to_user_mode+0x150/0x2a0
[  538.458963][T26201]  __do_fast_syscall_32+0x80/0x120
[  538.460822][T26201]  do_fast_syscall_32+0x32/0x80
[  538.462498][T26201]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  538.464855][T26201] RIP: 0023:0xf73fe579
[  538.466317][T26201] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  538.474349][T26201] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  538.476770][T26201] RAX: 0000000000000800 RBX: 0000000000000003 RCX: 00000000000047bc
[  538.479208][T26201] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  538.482086][T26201] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  538.484972][T26201] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  538.490864][T26201] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  538.493830][T26201]  </TASK>
[  538.495485][T26201] Kernel Offset: disabled
[  538.497086][T26201] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:46:33  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=ffff88802b42c680 RCX=0000000000000100 RDX=0000000000000001
RSI=0000000000000004 RDI=ffff88802b42c682 RBP=dffffc0000000000 RSP=ffffffff8de079f8
R8 =0000000000000001 R9 =ffffed10056858d0 R10=ffff88802b42c683 R11=0000000000000000
R12=0000000000000000 R13=0000000000007b19 R14=ffff88802b43fc80 R15=ffffed10056858d0
RIP=ffffffff8b580d5a RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3d485a CR3=000000002368a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004c00000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffffffff9062c114 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff8b6cff80 RDI=ffffffff8bd359e0 RBP=ffffc9000c797c28 RSP=ffffc9000c797a68
R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff90628e17 R11=ffff88802b528abc
R12=ffff888053522440 R13=0000000000000001 R14=00000000ffffffff R15=0000000000000000
RIP=ffffffff8b5566ac RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f733d194 CR3=000000005d538000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000097 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000497ee5 RBX=0000000000000002 RCX=ffffffff8b557469 RDX=0000000000000000
RSI=ffffffff8b6cfc80 RDI=ffffffff8bd359e0 RBP=ffffed100376d488 RSP=ffffc9000049fe08
R8 =0000000000000001 R9 =ffffed10056c6f85 R10=ffff88802b637c2b R11=0000000000000000
R12=0000000000000002 R13=ffff88801bb6a440 R14=ffffffff90628e10 R15=0000000000000000
RIP=ffffffff8b55884f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000056d794c0 CR3=00000000505f2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000097 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff853ea9b5 RDI=ffffffff9ab72ea0 RBP=ffffffff9ab72e60 RSP=ffffc90007db7368
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005
R12=0000000000000000 R13=0000000000000061 R14=ffffffff9ab72e60 R15=0000000000000000
RIP=ffffffff853ea9df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2d6b1e CR3=000000005d538000 CR4=00352ef0
DR0=0000000000000003 DR1=0000000000000002 DR2=0000000000000008 DR3=1000000100000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000