last executing test programs:

1m48.983446918s ago: executing program 3 (id=21):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x4e22, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async)
listen(r0, 0x8) (async, rerun: 64)
ioctl$NILFS_IOCTL_GET_SUSTAT(0xffffffffffffffff, 0x80306e85, &(0x7f0000000100)) (async, rerun: 64)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x1}, 0x8) (async)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000040)='w', 0x1}], 0x1) (async, rerun: 32)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x4}, 0x8) (rerun: 32)
r2 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r3 = socket(0x2, 0x80805, 0x0)
setsockopt$sock_int(r3, 0x1, 0x2b, &(0x7f0000000380)=0xbf9f, 0x4) (async)
ioctl$XFS_IOC_DIOINFO(r2, 0x800c581e, &(0x7f00000000c0)) (async)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0x2, 0x0, r2}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r5, 0x0, 0x0}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
r7 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x400000}, 0x48) (async)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r4, @ANYRES32=0x0, @ANYBLOB="c1900000815c00001800128008000100677470000c00028008000200", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x40}}, 0x48010) (async, rerun: 32)
read$FUSE(r4, &(0x7f0000002a80)={0x2020, 0x0, <r8=>0x0, <r9=>0x0}, 0x2020) (rerun: 32)
write$FUSE_ATTR(r4, &(0x7f0000000240)={0x78, 0x0, r8, {0x2000000007, 0x0, 0x0, {0x0, 0x0, 0xd4, 0xfffffffffffffffa, 0x0, 0xa, 0x5, 0x0, 0x200, 0xa000, 0x0, r9}}}, 0x78)

1m48.980979559s ago: executing program 3 (id=22):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x78, 0x78, 0x2, [@var={0x0, 0x21}, @enum={0x2, 0x3, 0x0, 0x6, 0x4, [{0x10, 0x8}, {0xf}, {0xf, 0xffff}]}, @volatile={0xf, 0x0, 0x0, 0x9, 0x3}, @typedef={0x4, 0x0, 0x0, 0x8, 0x5}, @fwd={0x2}, @enum={0x8, 0x1, 0x0, 0x6, 0x4, [{0xa, 0x26}]}, @float={0x3, 0x0, 0x0, 0x10, 0xc}]}}, 0x0, 0x92, 0x0, 0x0, 0x40000}, 0x28)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0x9, &(0x7f0000000480)=0x1, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf256200000008000300", @ANYRES32=r5, @ANYBLOB="d16d3457c9e0da491736f2c4c91426582b9df9545a3b5581992cc8da44645fb774389e8baf80cff5e4ff315509f0ce576c107b298318830b410d6dfbda3bbb64e7dfbcb66a0e7ef694487dff1ac467d6c3c3f38da0c5b882"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000810)
r6 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000080)={0x1, 0x4, 0x20})
close_range(r6, r6, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000040)={0x0, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_DROP_MASTER(r7, 0x641f)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0xb5b7, 0x101, 0x100}})

1m48.923766599s ago: executing program 3 (id=23):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xc2941, 0x0)
syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x301000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3e)
ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0xff)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r2 = syz_open_dev$dvb_frontend(&(0x7f00000002c0), 0x0, 0x2)
ioctl$FE_SET_FRONTEND(r2, 0x40246f4c, &(0x7f0000000340)={0x30a32c0, 0x1, @ofdm={0x5, 0x7, 0x17, 0x13, 0x7, 0xa, 0x1}})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"})

1m48.923567707s ago: executing program 3 (id=24):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0) (async)
syz_emit_vhci(&(0x7f00000005c0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x1a}, @hci_ev_le_ext_adv_report={{}, {0x1, [{0x4, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x47, 0x75, 0x3, 0x3, 0x3, 0x2, 0x0, @none}]}}}}, 0x1d) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0) (async)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x14}, 0x18)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r1, 0x65, 0x8, 0x0, &(0x7f0000000340))

1m48.853122118s ago: executing program 3 (id=25):
r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) (async)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) (async)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4eb3, @loopback}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'team_slave_0\x00', <r5=>0x0}) (async)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_buf(r6, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8) (async)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10) (async)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000004c0)=[{0x6, 0x2, 0xa4, 0x7fff0003}]}) (async)
symlink(&(0x7f00000049c0)='.\x00', &(0x7f00000059c0)='./file0\x00') (async)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000080), 0x18)
close_range(r7, 0xffffffffffffffff, 0x0) (async)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r8, &(0x7f0000000080)={0x1d, r5, 0x0, {0x0, 0xf0}, 0xfe}, 0x18) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001040)=ANY=[@ANYBLOB="1c0000001d00070f000000000000000007000000", @ANYRES32=r9, @ANYBLOB="07279f"], 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0x1a000}}, 0x0) (async)
sendmsg$xdp(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) (async)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1) (async)
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00')
ioctl$DRM_IOCTL_GET_UNIQUE(0xffffffffffffffff, 0xc0106401, &(0x7f0000000140)={0xcc, &(0x7f0000000400)=""/204}) (async)
open_by_handle_at(r10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="20000000f1000000010100000000000000000008f4"], 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})

1m47.743765235s ago: executing program 3 (id=53):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
semctl$IPC_RMID(0x0, 0x0, 0x0) (async)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/tty/ldiscs\x00', 0x0, 0x0)
read$watch_queue(r1, &(0x7f0000000140)=""/4096, 0x1000) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x900, 0x0) (async)
bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000000040)=@base={0x8, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4}, 0x50)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000480)="db4a0fc74424002a000000c7442402b3b5437cff2c2466bad104b076ee440f20c03505000000440f22c00f01c5430f01c84e0fc76800c4c27d5a023636f3410f1efbc483f9df4ab4f5", 0x49}], 0x1, 0x3c, 0x0, 0x0) (async)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20008040)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000030400000000000000c97c1895f5bc75700005000000", @ANYRES32=0x0, @ANYRES64=r0], 0x3c}, 0x1, 0x0, 0x0, 0x40000640}, 0x4000090)

1m47.711449508s ago: executing program 32 (id=53):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
semctl$IPC_RMID(0x0, 0x0, 0x0) (async)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/tty/ldiscs\x00', 0x0, 0x0)
read$watch_queue(r1, &(0x7f0000000140)=""/4096, 0x1000) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x900, 0x0) (async)
bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000000040)=@base={0x8, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4}, 0x50)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000480)="db4a0fc74424002a000000c7442402b3b5437cff2c2466bad104b076ee440f20c03505000000440f22c00f01c5430f01c84e0fc76800c4c27d5a023636f3410f1efbc483f9df4ab4f5", 0x49}], 0x1, 0x3c, 0x0, 0x0) (async)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20008040)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000030400000000000000c97c1895f5bc75700005000000", @ANYRES32=0x0, @ANYRES64=r0], 0x3c}, 0x1, 0x0, 0x0, 0x40000640}, 0x4000090)

1m45.523900381s ago: executing program 0 (id=86):
unshare(0x4050400)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYBLOB="24efd4ee6898d9000080030803000000000000005fbd00000002050003008800d8e6363303016081efcf"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)

1m45.522750473s ago: executing program 0 (id=87):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x50)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, &(0x7f00000015c0)={{<r1=>r0, &(0x7f0000000180)='\x00', 0x200000, &(0x7f00000001c0)={@align=0x81, {0x9, 0xaf, 0x1, 0x1}}, 0x4e7, &(0x7f0000000200)={@_ha_fsid}, &(0x7f0000000240)=0x1}, 0x2, &(0x7f0000000300)=[{0x1, 0x3, &(0x7f0000000280)=')]\x00', &(0x7f00000004c0)="ea2265323b6ad9b8e14307648e7eb8211fd921f35143ec909abb13efc1c955c28e62a69cdb689c59e55a69db6dfc9e2a3f96ed3c6f0994a90caf14b7f95398030342fcde5c8a959b7a399fc460c5c619ee9bdd53c017bac85088737cf00e779bcd36ac00bfd26f6568728fa0c3332dd051493306dd2c9634c38377f3587234563874672dd15a8c623b0c47377fa4861eb325ecfa3682a088ad52a28e8d3a4eb40d19ce488c3605aa40e61fced2d42ca1f7892ddc350f898b6d63eeedef50b06fce03fdbad58dc7", 0xc7, 0x32}, {0x1, 0x8, &(0x7f00000002c0)='\x00', &(0x7f00000005c0)="44bc6e686adb1fe8dd180a2bb2c40cf33c85ad027c5e7d63206c606922129b041387937410cc98ded45bc6a1739a3f68c0f783199ffeb23579517468d7e68d640c27568a6387725296c902bee65927c88765b596dcd8189584c35d8287278983f3c911ed1b50e29a1e595d94fb53fc75027f79c35492bb4ab5301796cd944e112a6942a44cc98f85b2bc3a5411741527d1a4cfc2995923db6d3b4795c2ba84181122e05f38e59c2d446c7c547aac1e82edb620a990825e3864e0ed760b323d8fc7bee403a77fb53ac8983a7e637079e83a0b0609de1271d83eed88b81326f35d342c229be1a1da4991b750a2111a2f4bd4ac690244e4b57d603550ceceaf7d4af0579c906eac7e73b23190dc19ddf14f492ec36b9cfc7b10d41261ed1e3537672c75d6c14071c0d2ec4df46cb4d7102307ec0e207c1eb95c23cbda04d44ab515f42f2df05d6687bfae8e4de174d0afda3a375f93e3b0b918625d2a52669ff5adc9d54f36d4ff8feaa7bb1e94dc89ef74a659fb4d58f408c3dd26beeb12b3751b4e2473cb0641225606c91fd85f2356dc73d1061d0ce82275e01c97a851b09f55bdbfe13fcb2d02308a81f340e85abd875a0e013de9cd801667e330dc1a40c50c1dcb0ae1c04b4baec0d75ddd8583ce0bc674bfa3d516e41eac5839fdb19041ca326e12e4367547345bb6e1e12b477c2cd29b5af4f66d041556d9eecf479739e270c0a79f84e46c63d003c4dd081d648b63bfa028c77357be5ad20062b0467fe8d8770af97a2687e973c300513ecfa4066a2a2fab4f08506509dbea210d04f48dd851b704e10d7ea4740944044445568a25c3492274b6b45a27e4bcd730a34ff396a99fca6f029997306c89dc177293313276d7cc955262b057082541a7778d02fb3acd0c1af1d3dd1fa4c83286521c3512d23d13cab8779ca77a31f7beed876304ca5b6aa57e3ab93ee2da7e01787826bb7256be18e4c387f4e7047b6872deb1506cfb1c8dcc689f70c4782c3016b6c88b978e5e737b9600dfd76e2a71d394f97508180b6d649c97dae6ad4b72c7b7136f0230ab3d5a50b470a24ba39caf5f8e4fb2fa92d9929b4882d22e697b651a2799916a3721e21cd043be7ad01046ac2b4947c247a87cad2057945063d32a2fbaf4df80e90bebfec6d6fc7c1477322cd8328cc6104d2a51e11c5a7dfb3c3c4fc93a4153fbe8978bdedac4d713b4c29047e2c154b7cff329678cb7c1d5b521f2992259143cc6ea136ea9925aa7124fdabfa60838183d55254efd4b74d918b79b94ef0a5a4a2ad34df7a9faa89c7c3b67116440c39b795278262bf45ba6c76ec7c29a635e3f1b5e969c166835401ef72641fc0aa92bbda7cf6a43127be10457e7850b4cba5411968f45c62fb08be0a53205ecfe6395a096d29cc9ffafce4ec8b007ca7b2525f38fd97db3728ffefb121c75d25141fcd9408ada3563e334fe5a36ba9c51efe46059a9022cb2ae49aa417138f2a3722a836d91dda8a19bff53df5272a008eb985e8d9a5978919201f414f4612906c3b65f52205a7cb7dea75bf35efe748c80bc7e5140a8ba0b29c493761fc08ae1e1d8df54fa5ce29fa2e030184df30682ea1b2b26b284398c1a711c340aca102d538f634ed38632aae39876b75544ead6b488208dbb2f2ae86d81dd0d4574e6a60e3c57a978c100edfeede2d2c68cd4ae6337512dac9f0be7cc8b4a16625e6b3a2ecd41b4f5c7099f454cb3b12859b8d4d73e7d2057267368542258915ae2bfd858d445e573aee98e6136ddfcdb45d72a122d4d18337916fbf66ebbd52bb4d225e5caa32e49185f8ef091777439d7e8290f5ae09cc87ec23ade4ca7dc0b8727986d7cb0c8f91ac7a4dfde5f600afdd08102e6a5196d70b516cc0dd3e7d8c77ab91458fdfb25754026dd05c8ab2764645ab10110af0690fdc85b7a57bb82aeb06e1e594f199ac27ae974a52aad9db852f41903bbfc253e1a5d6fb226dc43963bc9c99298d9470a1889f0ee9c4befffa991165e7a6215aa83afbe5acaa38f87d1b1e701b2726fd889a8e4aabe2dd67fb639a1f7d3e2885286d700b2af721aa84e2966332b7b953957ccbd82ad3caf84b87f77f5b855239f5a6447589b8d71cf61f0ed1494a36f5572e7426ddaf42649ed1a2383a892dc1ca8922ade71450d40859ac58b7fc63e5e6e72a2bedc8398c618306400293aca5f8195ce0e889db636e29254cd01af070c913d1be2a38e6216d3e1ec7f13400dbf497730bf849265f7fc3316a27c78b5376f65e51ad583efa2429fde07e8d678d9e7d024d817e521fab5a6568b429b8a3cf4e1fd59d48d761effa0537eb3f81cc67529321ee69be6905bc41e9c704cd9cde0b65cc392784ee49f266127203233bf9bab8be40390ad18056d4775b19bbc926261571a4e29a10314526d6553f21a2ae3b26d7720deed60609711814bce3e6af129b830cbfc65202a3844925addffcec6723ed9b6b807c0b10b0eda448cdb554a3dfcbe0ff1d25ba516780da14fd2993edf691f7a1f680cf0fc567b2c2054dc0aa7800cb138d1e2efe9d217b92c6549453bfeecd43fe1030146fea6b51f02d4ffc7e182bfb0f66e0ab9d0d2ed59d67a75e5607474fe7121ef2bb6326487eff74eabad0dbc5fd73d210e6164baaff2cb3366d3a1f00138c1c8286a823531efd867d8619b4d51bd0923c50037270a1a4c77d22da536e0159db66d1d0447ad13e36a5408927ef098b6125daac4b5ddbc8fe4acc330ab6a3fc99db37f5e2345a874e578b054902bf41172b76f5825b72cb95bbddcaed6d0d8527232acbc7fedb4951358579725be963f55799bcc7e710d59c861dcde0d0e93a0eaf3cbdd6ca1e81858b660da24a5b7b051c86a893c59365f040998c7619f78a40c8d172b8011285b41228a284c519e1f4692f32a5eb472dbb40a5a2f7ecbe01f0c561cfe924e66bd1502bdab2984c39a83783bb6fbd8bf5c38471f7d103080585ff7ce65755caf4862b7523b699a485f3b13af5ec440a49889788a1f52c99f5dd8e799e12af80e613ed524b02488c750f22d2894bd0091706e35e6e9390387a09b779202e72e17ab8992b5d13498f7e87fa2ec3045546d5c5a9b138c24e4e794e92800273c6b152cf4c9c798b39a0c82697cbb68359c1e8f440a51c83ab125aab8c942b1f4aff4209a5816b03c4cefd7f3c6b160b59bb329be45763e320b4ef20473160b19573eee0f25246e575cf333c74b1beb0f9f6184c3e49b636ad2bebc1e993e1b25f9eb99c05c24e7f103a38cf67af36b1d9b3b0c0eaf99aa063ab2ffb658133ff99d1f64046c3b252ce4ec0a5851e877dc911c2c2f54dc7463304475a592527f42d72e0a9a34052e6ee28c266ed80570b547f6ed28cbd7cd5bd1a7385b928edb7f191cae400a853b5724ac8f46abfe520e9042549c3cc2f8ef068cc897f0d3ddb3bfd4913750b8a69a3072925a6c4a805cbda88c91ea0729cfa5b9e71435d451b7344cbb0807a8cfebfb2109a34b8dbad72e374892c86ab79aeb5cd4aad3fef19a24748568a5a69f19f7bb496fb9006abc0efb6bf3c8fe4c9151e9a54510cbf90dc87e1e7dc6d7f52fcbc16050af37cce9d5e7239ad255cfd8972590e747aa3f31b81347fd73382b8e5fe330748df264d352b247569c0afab8c95516bfa3377258d1304e646646be689d7a0779522591b007f6e7c5e04a4934c085d6fe242e5418c4a975e38f2e011a1ae0963e0f1c8ed97937331333fc66cee78799b386038681dda3380fb2f4241ef9f1edca4fbcec90f1f4d1b99a3904063744b8e563a990a0744d58575ae7eb7db3a00f40d3a7cfb6731c0cd857cdc8d71a88d28a28d1bfdd0b060a43e32670c31705f5fac39499915bccd6349226fb998b59faf03c2db8b3e58f751db6788f40613c4f01d367bcf22c95e2bb4e8fdfa3a09857c101bbe799d3ba85fea89932e4883969483140104d7a25d8b99153fbd91660ab8950d67437fe01dbec616b086ae5198f0da3b0e0db4f4857514f3b73ddb4099cf9b73ee613c7734d9f6d4d4646a7a149dd7103ed0d0cfaef93daa579c9b78f7f7b8f5d3ee9eff5050cea4ea2a527f34d211a103ef479486c597ef399d3d8d7ff2f7c2a4288c512f78f381aed6971747d14a6f12021bce9b2e7a95dfb5ed1f9a745dd8eb58aaf56f93df5c066e9f2429c09cddb8522bda17dac33ce4b1bc22846a29353e9a7e47db641de863cab6440f7aa8f998607d3f92ed61ab181426b4f6087899f13b3ae0a0ce0bace7e1f451aa0a5ee8f3b48f6392cb1dfaf6895cc2ad340d5b11b7bc6bdcd3273f5290f1532f2c40b8118a541604b7006d169d89e704e9f1d82f8459a352ee062613ef7fb2003f6160bada36e4793a3571905f4c7b9c4630c944a054fd5b0fdf7ee546b98fe7955fa21fbf50f3366169ebadf98304ce659a86a10b68b2a78b56bcfd4448b18e02eb25b4713d0128fd861b92639cbb8db95cc5941f608c045e092a981f8b7094c8c22e1fd943b0c68949932d2b6bf8734204b184af2510a4d182d67c598d9d973f96b6f3fbc80971bd9883ef5266ec940c03722f34acb33840cda34e966fc586755be222c62de1791e93d44542332fef47dae151a64ab0b08e1cb3fd07b33591aaf44763005a87fc3a71abed5b663feff034e7f30af964e908698cb2c1b36db6ba6e7a5678e97d39625003ccd4498e8bc1b95cb5e23ac4ca32f96779580dd946b1233b7145411706ac1075dfbca50f5104023cfbf9332e3654a1ce659673017bb98cbc886769a3290ff8cd791f503f0bf7a10e2bacfaf95320fafd09f68d29995179ab9b88bdc64e40a0966a9eba436a1310427934615abfff1446a240b525bc57e45ac34903e6012951c05873602530303cb08f4c50788acd6e2e0797a570864a623382556ed409e28bea6317d2858540257a9592fb286a305282ae41d1abcea5bd075176d93388c02ff7307c23dfb88e48000aaf174d6a7c9042baec597b0129a6fce37d74d5df3b13ec69da174db9ef83efa00df5ba1bdb96880a7c8f80007cdded4a1ed5113fac355e4e6ef447c7dfef9d04c4c0b4e1574ab3ce731858f924cb41cd2321cdb23bee017b901d03e1bf4b1476ac35e1e50248f857d41e5f09affcf5f17b5cd5f9445f9847c259204579149e6434d34686504f4b6e7a728f6b4cbfc2988fc2ffa0538e118a93dd82038b29a92fe52c10a44466b475ea50ba82cb83db2ca018da94f560b495febc517bed2128fb18465ee5d0a83717020357ca8fd24c6fd04f86e9f4a90c178a9c63e610d1134efb18065f609f792ebbc950886075e9fbd2941425f05bf4f63b0d6f551b7b4116c1f2ed9181fac816cbecb8a88abc57d94e5fedd6a40fbd6e26d4cccd05db3b9c188e29b762119045e777be7d50a677db78177777b45f75da6169139c13ff0d21f6d21d520d4f83e4ae248abd23c2126332b649c3853b9ff601a2f790d4162cf817d3e25bceefdb192ed5aeaed606ae14d134222c66ae2653be13fe4f4e97eff0fae035de62d1026a0b201fdaa3e36b175db21cb8d6640c2fa7f8fe5114a975b4c3449d2299caf779986d243326b69afe610c32bcc4ba46612af9a1be85087fc46fde4f2f36b3c64b18f0381af899a99064cb7f6ede9e115667410f5f7b9e0df95ac992a7e4e1b2f2a4a425c55fbc6c9bfcb156570ff70a17d90f2373a8b2ef1e5d2d54033a370e45bb60b9c739663e9a2aa7f406e342434b86f12ce8d53b3ba439c6eaab34d2175503976b172f496d90faec980c334c74a8186cfcfea", 0x1000}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r0, 0x0, '\x00', 0x0, r1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m45.463493696s ago: executing program 0 (id=88):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r0, &(0x7f0000000880)=[{&(0x7f00000008c0)='\f', 0x1}], 0x30)
ioprio_set$uid(0x0, 0x0, 0x3)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x4)
ioctl$VT_ACTIVATE(r1, 0x5606, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @initr0, @generic={0x65}, @initr0, @exit, @alu={0x4, 0x0, 0x2, 0x3}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)

1m45.352806117s ago: executing program 0 (id=89):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x200)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/card3/oss_mixer\x00', 0xa0800, 0x0)
mount(&(0x7f00000006c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x204001, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r2 = semget$private(0x0, 0x4000000009, 0x208)
semop(r2, &(0x7f00000002c0)=[{0x1, 0x8698, 0x1000}], 0x1)
semop(r2, &(0x7f0000000000)=[{0x0, 0xfffb}, {0x1, 0x0, 0x800}], 0x2)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000140)=[0x1ff])
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x2253043, 0x0)
ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000340)=0x8)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000640)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000540)="8a21d57b0000", 0x0, 0x0, 0x12, 0x0, 0x0})
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x5d4, 0x400000)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000380)={{{@in=@private, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@local}, 0x0, @in6=@private2}}, &(0x7f0000000200)=0xe8)
mount$nfs4(&(0x7f0000000100)='\'\\}:![\x00', &(0x7f0000000140)='./cgroup\x00', &(0x7f00000001c0), 0x2018020, &(0x7f0000000240)={[{'\':'}], [{@uid_gt={'uid>', r4}}, {@seclabel}, {@subj_type={'subj_type', 0x3d, '[&\xdf\x8d'}}, {@fsuuid={'fsuuid', 0x3d, {[0x32, 0x61, 0x39, 0x37, 0x5, 0x32, 0x31, 0x64], 0x2d, [0x37, 0xf, 0x37, 0x34], 0x2d, [0x31, 0x36, 0x63, 0x33], 0x2d, [0x31, 0x36, 0x37, 0x63], 0x2d, [0x30, 0x33, 0x66, 0x57, 0x54, 0x37, 0x66, 0xe]}}}, {@appraise}, {@fsname={'fsname', 0x3d, '\\'}}]})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000cc0)=@newlink={0x58, 0x10, 0x401, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MCAST_TO_UCAST={0x5}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040)
ioctl$DRM_IOCTL_SET_MASTER(r3, 0x641e)
sendmmsg(r5, &(0x7f00000002c0)=[{{&(0x7f0000000080)=@caif=@util={0x25, "8e75c193a9637f530d85eae1cfb48fca"}, 0x80, &(0x7f0000000280), 0x0, &(0x7f0000000d40)=[{0xb8, 0x29, 0x6, "bc840a56a9da4e35b51c5307fa72b084419562e5a79b52f03dcab0a582b05a32f9d78556c3c5b509a31a8811081eeb05b618329e5f37fa94c2a71a81c9d824ce19cdce51c00eec9c47a5cf66048f3c3d32863b8dd7893907643e2724bf6f63b44939297e0490fc245e87d33adeb7b6dd7e9d774eec92d5a8b7fed241e99cdcff3826de0f54b47afac58fb65d4c7685361d1b364b34080e01c874d8096b892a34b4d9ee87827e"}, {0xc0, 0x10f, 0x5, "08b540f81b75c8499de01c194d4b560a1d85a1d491ac99e2bb182f34b8bdc84ae4d6deb6095e7896a005968663b4323d8f337fb052778c8ce680c1b2777ad9ff1c70ff8eec5c6757d0ac885f72cae6c4905db81a76be1ad80b89e440486f9b4c2c8d52456e33e3c85f8e5033635f5f26d812ddf7b18013896e8d752690b684aa7eb702349944c9696b10f95fcbe49c90395848dcf3b5d3a9ccb83690435d82884e6dda543ba1dea02b12"}, {0x78, 0xff, 0x3, "3357ea5686757fdda64c81a39c40d0f5c668b8422cb3ee87066cb96b5deb228ae940c72c5321ae1f98673daea02ac4d1148c2f32484b7c2d66025deacc5c28428a1651ec617328e500476a8efa9fda3f0fd2cd1e44f125d69f980ed0e0a27b94cab8"}, {0x110, 0x119, 0x9, "489dcced51344019d20a002091ebce7e553cb11a64fb39b440a0f54d7a56b3ffad43cf819025d21180976ce5d85240bf906e89dded41b41ba9722a5df6f554b89063359f657703908a6b1d7ff03eaf235224db11aa99a973b29776952556fb89b9b5f96b136b9535113dee9baa276cdc488fbeb376cca3365409192601ef6315472ee8a033f662e178ed4da9fe1a043e0c58c3842f89d793bd7e19cce434b1568e64e901fd85472820361b018e007f7b7b219693bb7b725c5cb5c5f7a6f2716f84908a82c2e3d589d46ea278f8bc36577b6f7b85df002877d818b180bca2408f7107e9ffccc41db52b8998e85563fcb3c8241dded00cf72ba5182b03"}, {0xb0, 0x112, 0x8, "6078eca2a3f05584e3022226ac21a2cc2e05a888684c971722eb998c87e62273fc012918a961d6a58a68d89ccb51ffb34dc4fd129a27648bfd4975d167a552b68a51fcc68b77a94cff723d3238c64cfe59bea8baa0d63db88994f930dae57023304978491dd94957948abd39664ce29ff87cb5d3ef65158326894d471eaa10dd2374e2dd698bf1e7b3f472ff485e5e4ecf6d6b5c2d96199a6730cc5f9d31b812"}, {0x80, 0x10b, 0x8000, "5c9b81100fb6b5955dabb813abfd327d562fd884e4dd6d561591db4282abc8cd6d7d38958ca1410bfee6d67a4484c455c4b726bea15489aa8a34add29b4393ca6a1d57b71aa32baa663e34d70798f3991ae447894e24df94a0326f47c2d3788fe3daa9edcdb4999ac13c57"}, {0x110, 0x10b, 0x2, "775125b6ce4ff401ee47c2cf11fc735f5d7551fea9a840348507b2dcdb24cdd192b522e839c0735bdeecf166325e14a45ab40380345b7248480f0a1f89fa8c182cc8a9da32c20b36dfd0ab4b3fe0aad870e96d96982ffd5742cd8cbaf671b5b1781321b9c8b85643b7f7d7250becc5f9cde60c3b5f8146a04458a89fadd661de5ad988dc1dd4c9bdb954a87148cb618504cd97a3d8d327cd143f62d77006174520f4a43107d225eff38df131ccfb7bba39e7867d16813f58cad9b06da1739b76058e8fb5fd00dab951dc88d9f340fe515ed3a2776e685f2929a77ccb67a29fdf3ada46acf43fb45282ba8a2dd560bae6abd9a58b4624e0b647640311a5bd"}, {0x1010, 0x113, 0x80000001, "a86cd8c2d748d68f02a57270908372f631c19bd61a298ae60d3a540da4f4fcaa2491ace71cf977abe12676903600c937dd598dd3be8c90fd58f4d5b83e746b6fbc2bc2552992c1b531f67149e4f6d06b58916db2dcac018893ce6c3eba652fde99debaa9bf79af8aad491d53b69fb8895f7c78c27616f5947284e4ac81b8de77906fecac2f2087147a5f19d65e5eb7ea2f8de26bfbabfe4deb71ed3068b28b4da5aeb90ffe93faf4e309478af9ae3d3bab9b42aa1fef9d1751126efd3533cbca210fccef4309e162bc25ce97670a86b17aba92069334736d861fa3b2c3e9929504174c78b15595d037f26408eab1850010b9055a45985302ee376789a78b7f14d1804a3a4a1fb9ad2023ea343e12ae03b75f9396632bd1811a3753450cd3163c604f1953f0be55354d4c6e2b143de896c409d9363640d80b4b1395bd530979591ab8027ba072262bbf944b68ebc2a152677dd99354a1e3e66bff46654bd33e923a6a8ee1113a2153873d77ad72406ce2ba7403887b522fd173e70990af958baaef91da8c66d1cbf914a6e057f5c9c8e897196979c45ce931eead21240d3d2f62356e6d8c436b956be384a1ea87aa8017089c206fc177a61cadacc29dcdb0a61461b78707a3edd6aa52b193b49e798b7369cfe52ecd9de26a3edaf99855215f2e22c285f48b98020b105ef3ca80d728f56d741d64bdd24a39013ec58af7dd3f7632ddb581157e7fd97f05b8a6e172642f8173f4e5b14fad48621d24c4ed8fef36ddaaa091e8c2ff74f888a0b36e367a9308c7f1b8332b989ce1428b227e96f872c39a69931ce1197e96923876749a6e7c6bbf7580f24295623f798eda5299b549bf3f3fb0dc2a30e68cdd70d6e9bdc97054d640a80b9c212f8ddb4a1ca26fea9174675b1f81f2fd10f7e9783f9179cc69047c649919f7cf23ede95e1ecb61388413596f930b85111a2760f7051bdda887f4a2204a3844f4293a50c25b4fb78819f6c345dfe870015466caff783d863a0590d97afe1e9981482f375d146d7cf01be2567b154e55b25dc957b057f70d0b8ebc042e809f8ae5ed7cfd8e5b7c0b25cea426841cf7b8c62d4348c8be383518eb127488d571b396d1ebed03eddaac3c863e4e6237ee93b2696d31b58ccf74406af070b133c65b2f85949b3b649d00cc7faa5540a30ec8fbcf8e464a75d40397092bc8f4ae2b6fe308b5fd1be001f3ae40fdb5fac0a0abefb58629adccec009d6da953d5a3dcadac4b1edf227ca900fa29bf6d2a306760d16e7bfc075f598a05ae9a4d9e915f59fe48248da7cb490ad2e62106f7050c3f238eb839524ae16cb39f02edecc434ef6c7c196ec642d85970e3f18284328459987c67b2fe359bbc99438df94bc1311842743c705baf0ec93029976b66e0d0e99295ee0f8e53de356487354ccf3f713786a00beb7bbd95266f40fd2a9071eb35f5c9711de81505fc232e6ac49546939ed574d905e5966fdf497aa29a7c2cc2475de8827fa2a167651fa655237c30d5d1fef04367c90bad2fa2632d75643dcbc86640e38866bc3cc6f639f4c8b9fd765802fc0d54d04252147ac9e6e1490a2dab49630d6da4fc52662330b3f19aab104df452d3aaee9b5bdb367b1849e4bd66db22a4d3bf9391b2249302f1b1265d5bfffcb3b1061f85f651fcc84903e0ba7378d794da5d031c65b8873da69787ea48a1a262074613a4e397b673df429ec9ee65d6f85a8944af00a2cac4ba322b8fcea6892557b2cea0a4864e0eabe918ccb42f283a5eb4b0ec28da3234a6fc047fd8a00d7f7f4d2d59b416ba78e1a5dfdac58251ae0102f0979b3dad63e31d74c9b6e05e301a347938cc8e1519f1b0a47eb695f33b3ed97e231da9e4da531c999ac5438f8c1fdf94101d588102fcd038cb85872ec747f4bfc018b9be5f685bf503c7b1b5e33e71e3e2c861949a5f79e5b0b63d864545d61309776bff8c3e6fb6bbbdc37c3551105b7ea88eec627f1529883fc2b762838836bd0f9c4527ebc97daa199661b7400f2331917ea43e573155342657ce8bf9fb7bf4898d5a28913eb20b2a57818d92f63d050f14f884f2a05727963757288cb412ffa581045fc6b4e57a779bb0f5d87d05eeaffbcc8a32e46292efa01404225f11272aaa34e85b497b7726b2774dc70580f9f6fac0533b9d0111bffc2ec5b8d1980ec668b6bd65cd6914ca31fe6b1dc744c9f00c219fe66750f9234f5cc6e2186914f466d2a3123c71d696f90a2fac99898cec4dd37c45b9fd6a8458d97e9cae33724582e0b74fcb10aa020c2839b2c3b254e787f9bb89f8cde139bc7b27002787e9dfec8ffe5ff5bf794e8cb1604b2a6d82e8c0e5a227ba9b78021bacfeb4f3b2c3e4c8344286fb46ff593db2fbc94c94e4ecb2ff729c4f06497380d6443fa6cc5ff787b79807102fcb8c2954dcdfca3ecd0803564109db48dfb673ba8efa37f28f6b3345ab768d4c67758a892bd37a506edbdcfc1da9ab724c56993f84b46b0eb81243febd3b5842be92ec53c60a41e4077927737eec3b04eef0fe4752aacb22e5b27e3866ebc3884ab2615f350ccc767ca67ddb95ff03975879a02959f46176456bbbd0dbd111f71e9fac74b478b0b90e9a42747d8c2a082605bf3368e45c86b1661e8279784a39d60a91d859ccc907e78800fac15c2ea6d52c54bb293ca35a4d9295ebddd9fec283c297ed955b795f5478f40580af0374760e42c7f039c94d8a2ccd9b39bfc05561bc92a8ccde4803cf1b66ca3012bfc6cc868804faf0890dac9daa1168ce9253cdfb286315b6238995c18b221711ecc1e609126e99b3f2d4b539089095b1bf9606a233a80c9f56b69a1d5895c4c19f168b2a2dec0db409375f0a2003e8e726568ce2b7508094d89ca036b68155ef908c691661774dc286356e94d44f05bc9e472e46718bda48e7d031faaa022b0742eb1e810a8aebea1ecb1bfdaadca24ae57e0ef3299501d6fa502640374503bf34a4e6beb4b097138ad8e4b8cf2bcfc707a22ed87d0dfb6e64567dac2772be177a5cf8d23857902b64d8ce4f3ebd5f8fc64270072bbfd8f0806c4b59b334d24529f7e5d21e5ed0aec48e53ba4a9818bd20da0a6f1871738ac2563ad8004ae0f3bd2ad9ba9611447a11ba4951fc1d1afc2269c9d8afc2b7bda2def53397669a609b748c8a764f633c3e0d6881508a810dd1651072ba72b9c42075bc761faab74f4c3899224e315d0051199a63529a1bbf079f6fc8dc29b65948ed24110a939f38ed70c90cb9fc8f2760389428ee4f89661f5c19926a3d561700543e72eb1659e0047efea2010086113b773b653f5679b853aa61a80b355d653a8ca6f7fac8854dbd31d4a733ad4a6de5b262693ef5805c02f336d2127abbd8f891520b2b4d170bcbf6922c20cfb8c6904a08fbe58e5d819fc40e5a316e635da1e07f4b2bd3bc63261ebc113084b33a67c6d8062a8f06e43c48979147d2d68068d329962fc82443c547dfcaa38156d01074bd585a7ac22b2c93356b92efdd0e82f843494bbd7a48a2f8951d94d8fe5b18f0708a1f743f98231f3624780caadd9b92855d87d13984814774523aabac8312aaa18a11586977a5aef52cca1a10a6032134002e83adda86d425f8cdd7194067f48acf227261328bbb6bf16fceb3b3b0f6f9204a0661762805662b0103f148ebb68d460281c719770b21314b0da0dcc7d69594fa031818cedfd58e9518e9679d9997c7fbe2afaca349138cf8b441220a85e919eb94e411e96b09974a5f3c410e6626265b300ab653f93d04b8fa189f97c244b2fe1095a06dbd4619e51d588128bdde2928cd1ea2e23512e5a7325bad8a8d060f4b2e4e3b8823074b42dee660594c8bf8c1ff8f2ce5f41f5dd89ff0ba268d21e4ca19913d8725666dc2231a42e750488207ab4d408b13ffc1dc6cc97fc8634a24bff1b9689008f2548248ba6f6bef4cd0f5a08e5a5f8cb78dc4ae356fd94c82a2d4f24b27a27f688b3d0f9521604d73311e487fcf434fadd5ba8594bb1e5c282135bdd3fca61746e141d30bf1c018774aabcb1332dc3877219dbbc711bda82cacf0b9d01451112d7063a80df2f56239e72f15c21fb83ea7b2b74c723154c1aba25b9a1a9d1d6d55cc8888dba25b9fadd76874fb046e02fd73d5a0773c954cd8123db4110f35519b3e053e0b5317d328830877c9e94bce66524e4282930ecfb4d8f2ae1adbd3b6dc4692f2a04060edf64504cc8b512fbef519c6fdb7def2ac58b746d90a5a2278213f2d906681042e890672289b3102968098dc2580bb23669c7355c30f745f4825304590a73045a06a75b3c6d5f6b12799392759c9224294857c981ae354a13e575b0e1a7e46e397a4dd1c971e78bad7eafb7a1b1e171aa497beee989122c7d96d41adb9e0adab8ee748967455f61cdc3cbfeeecb0a6834576ff1ce550957a508bb1cc493ed9bc5f333e055a3176c3463df88b734e11132a63676adcf049f4dd377489d08cda25df91ce15bdcda659885ec59b3b3b8b9854bff8ddc9ea230ad52eff77c6e963f22392db9304ce891a5682e64ca51ad329ac672286209098c8205cfb6b38a9202ca697afbba15abe24e743d5fad415abc64906e2d9e9de74bc38563f78033ec54518d3b3e850905d54607cd9394530fd4348e0871607c908ef49af65b534a6a9790190c4407365f1a9712dcd62a13e31be4cafb6a302015e19b873db180eb9236fce8d477b2746c949c19b2ffbfed4a4d4047b6ff6aed5a59d2145ac1e955d066762269e6a3cd91d36c79a4aae7739a811f6b2a63950dde5ff0e31be07a85c1c96d0166b9fab3fb02132dd4f6002b818253e0208305081d4f52bd27b082094af5f865b81b0eaab3399a1b3f1fa1e8caa374e01c68be9ba73be9f6aa098a62cfba4109f6ac4f1fcc65c81f6cbba3ed7a60c1fd0829564181f9a48c7e58f5a970f3563939638494048d66fd21447de6afee1d848f34ad63e782b7ab4cb5dd576704a74206f56d5ee4d77baac2be0f03fd4111e2b1068fa5fc5aff09e8118459947d06ccce9fee0f114d6559bfea838c7b5782ed982725b4f39a886b8c0bf03e19f1fb591b4832f53301d0fd13ad9d0ecaccfc785d420868269416b01c8bf627fd9d25d0bed9892e0d83c1eba21d19e51806c03d57c6279b138655cf7dfdb55a77f487b6b666c0f468e0d99485918d0cb9eb01b4cae868200e1ee788eec6ade489cafca1c1e9f4ec83cabe0264d962637ae53f6454a1a410d730d06e260abdacb38391e96983be0e0d650fa5f588c484db0411a0fbb4f15867616e833c215f91893063f5dd5dcc6dadb66d7405258de6cab3a98cbfe72289335260ee45ce4d3b890de73a65eb0187c97008a3f4f0799610ec4096cfe3941f8f822a5b924f1c95332f8a4fabe1436837a1c32d6eb273218c3f3388e530a8e78b935335107375158f45b10de9524cd197320eb5bb294d4aea7e825976a9e61a30f69734f4a3d189632c5a27b6e24b1e4d6c9be453b0eef5fc322b3e422f5619acf21ec836f567847ca82fdc815f0c86b5aaa93295a80198765cbf8310f686e6e604781756167d1f33a6c3e62c8d6cc4c49a38aa889eb3f821ca12b3913cd75f4665ef18c45e2f42c9f107995b086f35e433aa75191d7e583dc2eecc5d0e819c6dfe482b96601e865e3805786ae678fc5a7a9f43893c4ce123dd209478e265e9bd00738524872ed8dcb31951a7be91e5c2cd6d9ffde7a707eefdedf3932476a8c3a376b2ad8f63494051f647431ef3507557a18717462c9705f52c8268f232d56"}, {0xe0, 0x102, 0x6, "c79d4bd64f28084799e5a1503acda403296b624545eed4b7b9880b44f81c0995ed3f8caf1aca169e2f3a7deda851f0b2e468847693c6683f5d80a836302fee9ce302e6767125bdeb2ba71d2ec0f85b803a713f0113e06253e95d62b8a61a5dadb53ebb9f8b6f19bb4e31547ec301f212834e59358db4a45367eb6a185579ac19d1a5ae4d318418125ee3337599a3e6f6f72a382cc49f32872ce77f64cc58995232e02fa8d3782cdbd137cd8715fecd060c316770b42037e0a2720d6bc107ef28e7ddee9a46b02e86e96faa9ce1c277"}, {0xc0, 0x112, 0x1, "b945a8b70e747775122740dd3596c4b72143e4d6202e20c34675ac1e3eaddb866d7a5d779eaf9d0356fe09bdf503357044b16a7ce6f28541f03080fc5d0d642c6d9d312ead7303b441e8fa46cf2d24bf52e91a09028807ce2e3884d1c0833a90f98eafe54c4bafc71becff93c59d53668f996b2a69be41a7717aa0aba477c4227d00128ad1d6f1a4088ab322ff3c15e8bd0c0aa1ccb1c74b16e2cb09febf64f866c78643657d613734322f"}], 0x16f0}}], 0x1, 0x4000)

1m44.392818669s ago: executing program 0 (id=92):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) (async)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="2703022b590241c90000002f1eafbcf706e1050000008847000f1102ee1680ca82973d2bd4b8bf4a8291a14b8a34f90186cee844000000080000000019b0fb0bba", 0x41}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b7d050139bf7ada32bc9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d3333ce2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb0000000000000000", 0xff4a}, {&(0x7f0000000280)="fe112162c63e6da8bc8432294ef18af53cc330a62a2c7035246635093ba4d30fcf19a90804f04a10939db8f4e13069cdaed167bf1b68c94d8d694d6ad1a4d51a715975560ad48770706eb1b88d021e1119f2eb75275cfe77f862368649be0f7aff5e7826729816e3d3e7986d9434f891c71ca6e4210c6757083cfd8e732048c504f28b6d309fc129ed8eb5a82e224eb648f90134d1d315977c6ea360a7fece4baa3dd7dcc970759f29df0e86469e954e2b050e87b203ca27a2a519b7555c3b73f2681d49442d9647ff5ea64110cc5020fdeafe53a7d8be70f3260816bc376bcdc5352771fa55d9733e27730ec7103520e8359c78edd21ee6c68feb1905cfd622f5da09ffe8ba9f05081a8d214156376f99906245f2f390ad71de09d98f0574f8c5b52dcc2fa494f461be6c2560ddbaafb80c5b4583cbe56d24f14ab78fd718947077ea736251c7b8f1e267267534c84daa6f095e94bfb85986a03ddea362cc7e6682884e710727c1163cd4f336c13b844605b7a815fe39e43bd0d2e414410a82958455b8a6bd9194c631d66295675fed64c04107a595c421111a3af6e9fadab5c9", 0x1a1}, {&(0x7f0000000180)="6fe4dd9eeba3271dc700b581440284", 0xfe69}], 0x4}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYRESDEC=r1, @ANYRES32=0x0, @ANYRESDEC], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x4000000)

1m44.182307409s ago: executing program 0 (id=93):
r0 = creat(&(0x7f0000000340)='./file0/file0\x00', 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={<r2=>0x0}, &(0x7f00000000c0)=0xc)
syz_open_procfs(r2, &(0x7f00000002c0)='net/protocols\x00')
getsockopt$sock_int(r1, 0x1, 0xb, 0x0, &(0x7f0000000040))
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x78, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35b", 0x6)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x2}}, 0x40)

1m44.138850774s ago: executing program 33 (id=93):
r0 = creat(&(0x7f0000000340)='./file0/file0\x00', 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={<r2=>0x0}, &(0x7f00000000c0)=0xc)
syz_open_procfs(r2, &(0x7f00000002c0)='net/protocols\x00')
getsockopt$sock_int(r1, 0x1, 0xb, 0x0, &(0x7f0000000040))
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x78, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35b", 0x6)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x2}}, 0x40)

1m38.332670052s ago: executing program 1 (id=186):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x13e)
write$cgroup_int(r0, &(0x7f0000000040)=0xfe8e, 0x12) (async)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0)
ioctl$SNDCTL_SEQ_GETTIME(r1, 0x80045113, &(0x7f0000000280)) (async)
r2 = getpid() (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000980)=ANY=[@ANYBLOB="2cffffffffffffff7f00000000000004000400006006000000acd0c4c8999fd7e5060d000000000000000000"], 0x2c}}, 0x0)
syz_pidfd_open(r2, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000180)=r2, 0x12)
r4 = openat(r0, &(0x7f0000000080)='./file3\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0)
fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000100))
r5 = socket$inet(0x2b, 0x80000, 0x8)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c) (async)
r6 = add_key$fscrypt_v1(&(0x7f0000000240), &(0x7f0000000280)={'fscrypt:', @desc1}, &(0x7f00000003c0)={0x0, "675b8d2ba1a14f602814ff83adc214f4b242c066aa45419a6cb685bbf48f6566fff6bc36cfe5680f13e830a15ca0cecb119bb2e8667c9dc9298e2f84436a21f2", 0x1b}, 0x48, 0xfffffffffffffff8)
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r6)
mount(0x0, &(0x7f0000000300)='./file3\x00', &(0x7f00000000c0)='pvfs2\x00', 0x0, &(0x7f0000000380)='acl') (async)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100)) (async, rerun: 64)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) (rerun: 64)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
r9 = dup3(r8, r7, 0x0)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x4}) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
r10 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r10, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) (async, rerun: 64)
linkat(r9, &(0x7f0000000480)='./bus\x00', r9, &(0x7f0000000440)='./file3\x00', 0x400) (async, rerun: 64)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})

1m38.212604742s ago: executing program 1 (id=187):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = gettid()
rt_sigqueueinfo(r1, 0x36, &(0x7f00000007c0)={0x20, 0x2, 0x8})
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r2, &(0x7f0000000980)=[{&(0x7f0000000500)="be81", 0x2001e}], 0x1, 0x5, 0xa, 0x14)
ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0)

1m38.063630818s ago: executing program 1 (id=190):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
r0 = socket(0x2, 0x3, 0xff)
sendto$inet6(r0, &(0x7f0000001180)="62543689eeb7551e9e20a764b220e9bc25912b83", 0x14, 0x4, &(0x7f0000002180)={0xa, 0x4e20, 0x2, @rand_addr=' \x01\x00', 0x3}, 0x1c)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bfe000/0x400000)=nil)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0)) (async)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000080)) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0)
mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000300)='./file3\x00', &(0x7f0000000200)='btrfs\x00', 0x0, &(0x7f0000000380)='acl')
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000240)={0xfec00000, 0x210000, 0x8}) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000001500010300000000000000000c0000000c0004"], 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000) (async)
sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
r6 = syz_io_uring_setup(0x70e4, &(0x7f0000000800)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r9, 0x5408, &(0x7f00000000c0)={0xcf50, 0x0, 0xffff, 0x9dff, 0x15})
write$binfmt_aout(r9, &(0x7f00000000c0)=ANY=[], 0xff2e) (async)
ioctl$TCSETS(r9, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x0, 0xd, "0062007d82000000000000002240f7ffffff00"})
r10 = syz_open_pts(r9, 0x0)
r11 = dup3(r10, r9, 0x0)
ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000200)=0x17)
ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000240)=0x3) (async)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x44, 0x0, @fd, 0x4, 0x0, 0x0, 0x0, 0x1}) (async)
io_uring_enter(r6, 0x4b33, 0x6c66, 0x71, &(0x7f0000000080)={[0x5]}, 0x8) (async)
io_uring_enter(r6, 0x2d3e, 0x0, 0x0, 0x0, 0x0) (async)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13101}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x5, @loopback}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x50}}, 0x0)

1m37.943187095s ago: executing program 1 (id=191):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'ip6erspan0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newqdisc={0x74, 0x24, 0xf0b, 0x70bc26, 0xfffffffc, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x44, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x6}, @TCA_CAKE_RTT={0x8}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}, @TCA_CAKE_ATM={0x8}, @TCA_CAKE_RAW={0x8}, @TCA_CAKE_MPU={0x8, 0xe, 0x70}, @TCA_CAKE_ATM={0x8, 0x4, 0x2}, @TCA_CAKE_MEMORY={0x8, 0xa, 0xff}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x2004c084}, 0x20000080)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000140000006000000000082f00fe88a43de1a400000000000000027d01ff0200000000000000000000000000010000883e"], 0xfdef)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000200)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00')
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r8, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a)

1m36.941732695s ago: executing program 1 (id=208):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
rseq(0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2284, &(0x7f0000000080))

1m36.595277214s ago: executing program 1 (id=210):
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000b3f000/0x3000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)

1m36.580971655s ago: executing program 34 (id=210):
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000b3f000/0x3000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)

6.77273929s ago: executing program 2 (id=1050):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x200000005c031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xec776000) (async)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) (async)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f00009db000/0x3000)=nil, 0x800000}) (async)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_LIST_RULES(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x3f5, 0x1, 0x70bd27, 0x25dfdbfb, "", ["", ""]}, 0x10}}, 0x8084)
io_setup(0x9, &(0x7f0000000f40)=<r2=>0x0)
io_cancel(r2, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x8, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x0) (async)
syz_usb_connect$midi(0x0, 0x31, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1f, 0x1, 0x1, 0x4, 0x90, 0x5, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0xde9f8f615f94a193, 0x4, [], [{{0x9, 0x5, 0x5, 0x0, 0x0, 0x0, 0x9, 0x40, {0x4}}}]}}}}}]}}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000080)={<r3=>r0, 0x10000, 0x8a92, 0x3})
ioctl$XFS_IOC_SWAPEXT(r3, 0xc0c0586d, &(0x7f0000000180)={0x0, r1, r1, 0x6, 0x10, '\x00', {0xf, 0x0, 0x401, 0xc9, 0xffffc843, 0xf5e1, 0x7f, 0x57c, {0x101, 0x7}, {0x3}, {0x2, 0xfffffff8}, 0x7, 0x7, 0x17a1fbc7, 0xa918, 0x1ff, 0x3, 0x5, 0x2, 0x6, 0xfff9, '\x00', 0x33dc, 0x4, 0x1}}) (async)
r4 = socket$xdp(0x2c, 0x3, 0x0) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r5, &(0x7f0000000380)=[{&(0x7f0000000300)="429b5b0007f6b0885f57b0b77d75963f88a8", 0x12}], 0x1) (async)
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) (async)
mmap$xdp(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x200000d, 0x11, r4, 0x100000000)

5.492840019s ago: executing program 6 (id=1072):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x43442, 0x58)
fallocate(r4, 0x0, 0x9, 0x10001)
r5 = open(&(0x7f0000000240)='./file1\x00', 0xcd042, 0x0)
read(r5, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
r6 = io_uring_setup(0x13b5, &(0x7f0000000140)={0x0, 0x911c, 0x40, 0x3, 0x2fa})
io_uring_register$IORING_REGISTER_BUFFERS2(r6, 0x14, &(0x7f0000003480)={0x4, 0x0, 0x4, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x0}, 0x2)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r6, 0x1e, &(0x7f0000000000)={r6}, 0x1)
pipe(&(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r9=>0x0)
io_submit(r9, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4, 0x6, r8, 0x0, 0x0, 0x1}])
setsockopt$CAN_RAW_ERR_FILTER(r8, 0x65, 0x2, &(0x7f0000000080)=0xfffffffc, 0x4)
getsockopt$inet_tcp_buf(r3, 0x6, 0x1a, &(0x7f0000002300)=""/4096, &(0x7f0000000040)=0x1000)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)={0x34, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r10}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8ea}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xd}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x52000, 0x0)
write$sndseq(r0, &(0x7f00000006c0)=[{0xe, 0x0, 0x2, 0xfd, @tick, {}, {0xe}, @queue={0xa, {0x7, 0x2}}}], 0x1c)

5.287731419s ago: executing program 6 (id=1073):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bond0\x00', &(0x7f00000002c0)=@ethtool_eeprom={0xb, 0x4d, 0xd832}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000b80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0x5b16, 0x0)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
shmget(0x3, 0x1000, 0x40, &(0x7f00003e3000/0x1000)=nil)

5.287530896s ago: executing program 2 (id=1074):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x1})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000480)=""/74, 0x49)

4.680224843s ago: executing program 6 (id=1077):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000180)=0xffffffff)
syz_emit_ethernet(0x6e, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280), 0x4)
r1 = socket(0x2a, 0x2, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000240)="f2435f0100088000000000850800", 0xe, 0x1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r3, @ANYBLOB="1400350064756d6d7930"], 0x3c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000080)={'dummy0\x00'})

4.623149196s ago: executing program 6 (id=1078):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x40, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x24, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_NOLEARN={0x5, 0x1e, 0x1}, @NL80211_MESHCONF_PLINK_TIMEOUT={0x8, 0x1c, 0x8}, @NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME={0x6, 0xd, 0xffff}, @NL80211_MESHCONF_HWMP_ROOTMODE={0x5, 0xe, 0x3}]}]}, 0x40}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88)
r5 = socket(0xa, 0x3, 0xff)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a64000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a31000000001400048008000240a04b3d02080001400000000308000540000000001c0008800c00014000000000000000090c000240000000000018ab6e14000000110001"], 0x8c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
sendmsg$inet6(r5, &(0x7f0000001c00)={&(0x7f0000000140)={0xa, 0xa, 0x7, @mcast2}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="671723d7c60133", 0x7}, {&(0x7f0000000180)="9e91d91a92dc7c8fff658bb539e2ffb332c99223a7dfe52c1f51218206f5abfd2a", 0x21}], 0x2}, 0x20008b88)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = syz_pidfd_open(r7, 0x0)
poll(&(0x7f0000000100)=[{r8, 0x2058}], 0x1, 0xfffffc01)

4.402109043s ago: executing program 6 (id=1081):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000030700000a7c000000060a030400000000000000000a0000050900010073797a3100000000500004804c0001800b00010074617267657400003c000280240003007339f2f304fdd672bad09dfbe4ffffff0001000001f9580dabf95ddc91967c2008000240000000000c00010052415445455354000900020073797a32"], 0xa4}, 0x1, 0x0, 0x0, 0x4000890}, 0x20008040)
sendmmsg$inet6(r1, &(0x7f0000001c80)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x173b2a7e, @remote, 0x19}, 0x1c, &(0x7f00000007c0)=[{&(0x7f0000000140)="56501366ff", 0x5}], 0x1, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000800000000000000040000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5121b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a0100000000000000e28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c251112e2a59ea0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6c597eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e64103602000000db47d7990d5a007faccb2f86660079f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d8418351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f00000013c0)="8cc3b3df84eef7496ca0b4fe126a656e0c88a52bce", 0x15}], 0x1}}, {{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f00000017c0)="359db6a559aae72e61ce3e", 0xb}], 0x1}}], 0x3, 0x28048005)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a6c000000060a0104000000000000000002000000400004803c0001800a0001006d617463680000002c0002801400030084001f000000110002000f116b61979e090001006c3274700000000008000240000000000900010073797a30000000000900020073797a32"], 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

4.401632821s ago: executing program 6 (id=1082):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0x3, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000001180)=0x2000000)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40101)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r3, &(0x7f00000000c0)=[{0x5, 0x1, 0x0, 0x0, @time, {}, {}, @result}], 0x1c)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r2, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r2, 0x800c5012, &(0x7f0000000200))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f0000000240)={@val={0x0, 0x18}, @void, @eth={@local, @remote, @val={@void, {0x8100, 0x1, 0x0, 0x2}}, {@ipv6={0x86dd, @generic={0x1, 0x6, "5efdc2", 0x18, 0x6, 0xff, @local, @mcast2, {[@routing={0xa9, 0x2, 0x0, 0xeb, 0x0, [@loopback]}]}}}}}}, 0x56)
setsockopt$inet_opts(r0, 0x0, 0xf, &(0x7f0000000000)='\x00', 0x1)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180200009d96d1c800000000000000008500000020000000850000002a00000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r7 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000100), 0x1e000, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r7, 0x6612)
syz_emit_vhci(0x0, 0x61)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000400)="e0b9547ed387dbe9abc89b6f5b7e", 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.782940652s ago: executing program 5 (id=1104):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000b0ff0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000d509000013ffffff7baaf0ff00000000bf9700000000000007080000fffdffffbfa400000000000007040000f0ffffff740200000800000018220000", @ANYRES32=r0, @ANYBLOB="000000004608f4ff760000007d9800000000000056080000000000008500000005000000b7000000000000009500000000000000"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000140)={0x0, 0xa00, &(0x7f0000000100)={&(0x7f0000000180)={0x64, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6}, @IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}]}, 0x64}}, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000bc0)={0x1, 0x0, @pic={0x5, 0x7f, 0xc4, 0x6, 0x0, 0x9, 0x2, 0xf9, 0x7, 0x2, 0x5, 0x1, 0x0, 0x9, 0x81, 0xcf}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000340)={[0xa, 0xfffffffffffffff7, 0x10, 0x0, 0x400000007f, 0x1, 0xa, 0x3, 0x10000000000009, 0x189040bf, 0xffff, 0x400000000004, 0x8396, 0x206, 0x80009, 0x10000000f], 0x0, 0x26d307})
r5 = socket$inet(0x2, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r5, 0x8983, &(0x7f00000000c0)={0x6, 'dvmrp1\x00', {0x10000}, 0x3})
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
sendto$inet(r5, 0x0, 0x0, 0x8004, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
sendto$inet(r5, &(0x7f00000019c0)="c70582e1aa96fa90ae", 0x9, 0x800, &(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000040), 0x208e24b)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f0000000180)="0b031407e0ff640f0200475412f6a13bb1000e00080008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r9}, 0x14)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.493156745s ago: executing program 5 (id=1105):
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)={0x0, 0x2000, 0x0, 0x0, 0x0, 0x3cd})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000004500000002"], 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106a053103000000000001090224000100"], 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) (async)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async, rerun: 64)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$SIOCRSGCAUSE(r5, 0x89e0, &(0x7f0000000000)) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) (async)
futex_waitv(&(0x7f0000000d80)=[{0x1, 0x0, 0x4}], 0x1, 0x0, 0x0, 0x1)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, 0x0}) (async)
setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5})

2.203030009s ago: executing program 2 (id=1106):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000001000/0x3000)=nil, 0x30000, 0x0, 0x11, r0, 0x0)
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil)
syz_clone(0x2800400, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}, 0x4}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x4}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

2.202503902s ago: executing program 5 (id=1107):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000000000000200011008020000", @ANYRES32=r3, @ANYBLOB="08009f0007000000080026006c090000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newtaction={0x888, 0x30, 0xb, 0x1, 0xfffffffc, {}, [{0x874, 0x1, [@m_police={0x870, 0x5, 0x0, 0x0, {{0xb}, {0x814, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0xc, 0x4, 0x1ff, 0x1, 0x80, 0x8, 0x8, 0xd04, 0xffffffff, 0x100, 0x8, 0x5, 0x58, 0x5, 0x6f4, 0x0, 0x8000, 0x0, 0x5, 0x4, 0xfffffff9, 0x5, 0x7ff, 0xa000000, 0x0, 0x2, 0x4, 0x407, 0x1, 0x0, 0xb, 0x9, 0xfffffc0d, 0x119, 0x6, 0x3, 0x39f, 0x4, 0x7, 0x7, 0x46, 0x10001, 0x91d1, 0x4, 0xd44, 0x80000000, 0x7ff, 0xc1a3, 0x8, 0x400, 0x1b, 0x7, 0x2, 0x8, 0x40, 0x8, 0x7, 0x9, 0x9, 0xf, 0x4, 0x8, 0x5, 0x4, 0x3, 0xb026, 0x3, 0x2, 0x9, 0x7, 0x4, 0x4, 0x7, 0x5, 0x1fb, 0x7f, 0x7, 0x10001, 0x8, 0x10000, 0x2a, 0x4, 0x80000000, 0x1, 0x5, 0x4, 0x401, 0x59, 0xfffffffd, 0x4, 0x70, 0x0, 0x60000000, 0xffffff81, 0x1, 0x4, 0x610, 0x24000, 0xe, 0x0, 0x6, 0x60, 0x7, 0x101, 0x8, 0x7fffffff, 0x50a2, 0xd, 0xa89, 0x0, 0xe, 0x1, 0x9, 0x6, 0x3713, 0x2, 0x7ff, 0xffff, 0xff, 0x5, 0x4, 0x2, 0x5, 0x5, 0x1ff, 0x5, 0x11e, 0xffffffff, 0x2, 0x7, 0x0, 0x5, 0xe, 0x1a, 0x2, 0x10, 0x3, 0x2, 0x3ff, 0x4, 0x3, 0x24c0, 0x0, 0x80000000, 0x1b1, 0xfffffffd, 0xb6b, 0x10, 0x400, 0x80003, 0x9, 0x1, 0x3, 0x3, 0x10001, 0xa, 0x1, 0x3, 0x4, 0x2, 0xeec787d, 0xad51, 0x7, 0x3, 0x1, 0x6, 0x1, 0xffffffff, 0x8001, 0x7, 0xfffffffb, 0xe817, 0x4, 0x9, 0x101, 0x8, 0x8, 0x8, 0x3800000, 0x6, 0x2, 0x4, 0x5, 0xfffffffb, 0x0, 0x1ff, 0x6, 0x9, 0x3, 0xcab, 0x0, 0x3, 0xfffffff7, 0x4, 0x1ff, 0x56, 0xa769, 0xffff, 0x663, 0x4, 0x7, 0x5, 0x8, 0x644f, 0xfffffc00, 0x7, 0x6, 0x0, 0x2, 0x84e, 0x9, 0x401, 0x10, 0x6, 0x10, 0x73, 0x4, 0x1, 0x1, 0x81, 0x80000000, 0x2, 0x47e1162b, 0x6, 0x9, 0x8, 0x4, 0x10, 0xbdc3, 0xd50, 0x6, 0x4, 0x7, 0x8, 0x0, 0x800, 0x4, 0x7, 0x30192119, 0x5, 0x2, 0x3, 0x3f19, 0x83c, 0x34e, 0x9, 0x2, 0x1ff, 0x4, 0x2, 0xfffffff7, 0x4, 0x6, 0x3, 0x5]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x2}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x8, 0xba2, 0x800, 0x34b, 0x8000, 0x5, 0x19040000, 0x1, 0x2, 0x73ba, 0x9, 0xff0000, 0x40, 0x5, 0xb89, 0x9, 0x9, 0x2, 0x164, 0x5, 0x4, 0x6, 0x1, 0x8, 0xfffff800, 0x389e, 0x3, 0x7, 0x22, 0xb9, 0xff, 0x8, 0x7, 0x663c, 0x8, 0x4, 0x3, 0x8, 0x5, 0x9e6, 0x0, 0x7ec, 0x8b, 0xc71, 0x4, 0xffff3d76, 0x1, 0xce, 0x0, 0x5, 0x400, 0x200, 0x7bb, 0xfffffff7, 0x1, 0x3, 0xde, 0xa4e0000, 0x5668, 0x4, 0x81, 0x8, 0x2, 0x1, 0x8, 0xfffffffc, 0xffffffff, 0x28b9, 0x3, 0x3ff, 0x7aeb, 0xa187, 0x3, 0xfe9, 0x9, 0x96, 0x1, 0x0, 0x2, 0xa21800, 0x9, 0x5, 0x7, 0x5, 0x7fff, 0x80000000, 0x6, 0x10001, 0x6, 0xf, 0x8000, 0x7f, 0x0, 0x5e2, 0xf01f, 0xfffffe00, 0x2, 0x2, 0x3, 0x1, 0x6, 0x3a, 0x1, 0xea, 0xc000000, 0xffff9399, 0x6, 0xc6c, 0xb39, 0x5, 0x4000000, 0x8147, 0xe8, 0xd28a, 0x200, 0x7, 0x3, 0x0, 0x1a, 0xb, 0x7f, 0x6, 0x2, 0x4, 0x1, 0x7, 0x0, 0x7, 0x0, 0x5, 0x81, 0x5, 0x3, 0x3, 0x101, 0x0, 0x3, 0x7, 0x4, 0xef, 0x8000, 0x2, 0x2a, 0x4, 0x599, 0x3, 0x8, 0x7ff, 0xa2244f2, 0x8, 0x101, 0x3, 0x6, 0x1, 0x6ec3, 0x80000001, 0x7a3, 0x9, 0x5, 0x8, 0x0, 0x3, 0x7, 0x7ff, 0x4, 0x5, 0x4, 0x5, 0x5, 0x6000000, 0x8, 0x1, 0x6, 0x48c, 0x4, 0xc4, 0x3, 0xfffffff8, 0x3720, 0x5, 0x8001, 0x4, 0x7, 0xc2, 0xfffffffd, 0x0, 0x7fffffff, 0x7f, 0x95e, 0x2c, 0x1, 0xfffffffa, 0x841, 0x7, 0x8, 0x2, 0x9d, 0xcd22, 0xc09, 0x6, 0x934, 0x8, 0x9, 0x1, 0x100, 0x40, 0x2, 0xfffffd1b, 0x2, 0x91, 0x6, 0x3, 0xe1d6, 0x1, 0x6, 0x5, 0x10, 0x1, 0x1, 0x6, 0x1000007, 0x3ff, 0x540, 0x9b72, 0x4e47f375, 0x3, 0x7, 0x6, 0x9, 0x4, 0x80000000, 0x0, 0x2, 0x433a7d1a, 0x8c9, 0x5, 0xfffffffd, 0x4, 0x401, 0x7, 0xb, 0x7, 0x5, 0x5, 0x7, 0x8, 0xe, 0x7, 0x9, 0x3, 0xff, 0x5d35, 0x6, 0xffffffff, 0x5]}]]}, {0x31, 0x6, "65783c4fc89a3d2c73eecbbf56fc5470465b9abb50e58975c3058f6771617540f7118410330fa750626019178b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x888}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000200), 0x7, 0x0)
ioctl$VIDIOC_G_INPUT(r5, 0x80045626, &(0x7f0000000240))
llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)=""/86, 0x56)
socket$inet6_udp(0xa, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = dup(r7)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r8, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
close(0x3)
socket(0x2, 0x80805, 0x0)

2.112742384s ago: executing program 2 (id=1108):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8, 0x7, 0x1, 0x0, 0x4}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000080)={0x80000001, 0x4, 0x6}, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000006c80)=ANY=[@ANYBLOB="782800001200050b00000000000000000a"], 0x2878}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x23}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}], {0x14, 0x10}}, 0xa4}}, 0x4)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_TYPE={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x94}}, 0x0)

2.11255384s ago: executing program 4 (id=1109):
r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00')
pread64(r0, &(0x7f0000000000)=""/33, 0x21, 0x7945)
preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/181, 0xb5}, {&(0x7f0000000100)=""/92, 0x5c}, {&(0x7f0000000180)=""/66, 0x42}, {&(0x7f0000000200)=""/186, 0xba}], 0x4, 0x443, 0xfffe)

2.11228852s ago: executing program 2 (id=1110):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000000000000a"], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x0, 0xffff0000}, 0x48)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000ac0)={0x0, 0xffffffffffffff02, &(0x7f0000000a80)={&(0x7f00000009c0)=ANY=[@ANYRESHEX=r2], 0x34}, 0x1, 0x0, 0x0, 0x64040814}, 0x80)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x4f}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x37}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x20, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0xac}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000840)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000a00)=ANY=[@ANYBLOB="18010000070a0101"], 0x118}, 0x1, 0x0, 0x0, 0x20080010}, 0x24000082)

2.032845641s ago: executing program 4 (id=1111):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000100)={'gre0\x00', <r1=>0x0, 0x700, 0x1, 0xa23, 0x7ff, {{0x21, 0x4, 0x3, 0x2, 0x84, 0x66, 0x0, 0xf2, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, {[@ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x24, 0x43, 0x3, 0x4, [{@loopback, 0x401}, {@loopback, 0x2}, {@empty, 0x3}, {@remote, 0x7}]}, @generic={0x7, 0x6, "ed9d9ce6"}, @ssrr={0x89, 0x27, 0x31, [@remote, @remote, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x32}]}, @ssrr={0x89, 0x7, 0x93, [@loopback]}, @timestamp={0x44, 0x14, 0x10, 0x0, 0x1, [0x80000001, 0x80000000, 0x1, 0x2]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', r1, 0x29, 0xa, 0x40, 0xac4, 0x40, @ipv4={'\x00', '\xff\xff', @local}, @rand_addr=' \x01\x00', 0xc0, 0x8000, 0xc4, 0x621}})
socket$inet6_udp(0xa, 0x2, 0x0) (async)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000100)={'gre0\x00', 0x0, 0x700, 0x1, 0xa23, 0x7ff, {{0x21, 0x4, 0x3, 0x2, 0x84, 0x66, 0x0, 0xf2, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, {[@ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x24, 0x43, 0x3, 0x4, [{@loopback, 0x401}, {@loopback, 0x2}, {@empty, 0x3}, {@remote, 0x7}]}, @generic={0x7, 0x6, "ed9d9ce6"}, @ssrr={0x89, 0x27, 0x31, [@remote, @remote, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x32}]}, @ssrr={0x89, 0x7, 0x93, [@loopback]}, @timestamp={0x44, 0x14, 0x10, 0x0, 0x1, [0x80000001, 0x80000000, 0x1, 0x2]}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', r1, 0x29, 0xa, 0x40, 0xac4, 0x40, @ipv4={'\x00', '\xff\xff', @local}, @rand_addr=' \x01\x00', 0xc0, 0x8000, 0xc4, 0x621}}) (async)

2.032407735s ago: executing program 4 (id=1112):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200002000000007020000f8ffffffb703000008000000b704000000000000850000108200000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b0000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'macvtap0\x00'})
socket$packet(0x11, 0x3, 0x300)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_TX_POWER(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8014}, 0x40000)
r3 = socket$kcm(0xa, 0x2, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e23, 0x3, 'rr\x00', 0x1, 0x80005, 0x70}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0xe20, 0x0, 0x8d, 0x2}}, 0x44)
sendmsg$sock(r3, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

1.882783619s ago: executing program 5 (id=1113):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xe7e7}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4}]}}]}, 0x44}}, 0x20004015)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.383054364s ago: executing program 4 (id=1114):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@gettclass={0x24, 0x2a, 0x20, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x4, 0xf}, {0x0, 0xfff2}, {0xe, 0xfff3}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x60004}, 0x20000000)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000480), 0x0)
r3 = accept$alg(r2, 0x0, 0x0)
sendmmsg$alg(r3, 0x0, 0x0, 0x24000040)
recvmmsg(r3, 0x0, 0x0, 0x2120, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f0000000380))
sendmsg$nl_generic(r4, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0xfffd, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdb6, 0x3, [@default, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, 0x0, 0x240400c0)
ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x0, 'syz1\x00', @null, 0x101, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]})
unshare(0x62040200)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)

202.191938ms ago: executing program 2 (id=1115):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x1})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000480)=""/74, 0x49)

81.293355ms ago: executing program 4 (id=1116):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000180)=0xffffffff)
syz_emit_ethernet(0x6e, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280), 0x4)
r1 = socket(0x2a, 0x2, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000240)="f2435f0100088000000000850800", 0xe, 0x1, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000080)={'dummy0\x00'})

80.574699ms ago: executing program 5 (id=1117):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x1]}, 0x8, 0x80000)
signalfd4(r3, &(0x7f0000000040)={[0x2]}, 0x8, 0x800)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x40, 0x24, 0xf0b, 0x70bd2d, 0x25dfdbfb, {0x60, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x1fffc000, 0xb, 0x5}}}}]}, 0x40}}, 0x0)

80.324779ms ago: executing program 4 (id=1118):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0)
recvmmsg(r1, &(0x7f0000006000), 0x0, 0x22, 0x0)
setsockopt$sock_int(r1, 0x1, 0x28, &(0x7f0000000000)=0x3, 0x4)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x181440)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r3 = gettid()
timer_create(0x9, &(0x7f0000000180)={0x0, 0x1e, 0x4, @tid=r3}, &(0x7f00000000c0)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff00b1]}, 0x0, 0x0, 0x8)
r5 = syz_usb_connect(0x0, 0x36, &(0x7f0000001340)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xffffffff})
r6 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r6, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}, {0xfff2, 0x7}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001340)=@deltfilter={0x2c, 0x2d, 0x1, 0x78bd2d, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff2}, {0xfff2, 0xffff}, {0x0, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0x3}]}, 0x2c}}, 0x24004810)
io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f00000017c0)={0x0, 0x0, 0x0, '\x00', [{}]}, 0x1)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x80, 0x0, 0x419}}}, 0x7)
socket$inet(0x2, 0x3, 0x7f)
bpf$MAP_CREATE(0x0, 0x0, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)

0s ago: executing program 5 (id=1119):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
writev(r0, &(0x7f0000001880)=[{&(0x7f00000005c0)='~', 0x1}, {&(0x7f0000000680)='T', 0x1}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000b80), 0xffffffffffffffff)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r5, 0xae78, 0x0)
sendmsg$FOU_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040021}, 0x40080)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x9, 0x3, 0x230, 0xe0, 0xffffffff, 0xffffffff, 0xe0, 0xffffffff, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@ip={@rand_addr=0x64010101, @rand_addr=0x64010100, 0xffffffff, 0xffffff00, 'wg1\x00', 'netpci0\x00', {}, {}, 0x1d, 0x2, 0x30}, 0x0, 0xb8, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@socket0={{0x20}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x1, 0x6}, {0x3, 0x4}}}}, {{@ip={@empty, @multicast1, 0xffffff00, 0x0, 'wlan0\x00', 'ip6gretap0\x00', {0xff}, {0xff}, 0x5e, 0x1, 0x45}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x8, 0xffffffff, 0xc, 'syz1\x00', {0x80000001}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x290)

kernel console output (not intermixed with test programs):

10-1: USB disconnect, device number 2
[   69.388161][   T59] libceph: connect (1)[c::]:6789 error -101
[   69.390411][   T59] libceph: mon0 (1)[c::]:6789 connect error
[   69.416186][ T6823] ceph: No mds server is up or the cluster is laggy
[   69.464839][ T6826] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   69.563731][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.567589][ T5933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.570746][ T5933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.575764][ T5933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.578549][ T5933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.674855][ T6831] chnl_net:caif_netlink_parms(): no params data found
[   69.727826][ T6831] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.730958][ T6831] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.734540][ T6831] bridge_slave_0: entered allmulticast mode
[   69.738559][ T6831] bridge_slave_0: entered promiscuous mode
[   69.743152][ T6831] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.746405][ T6831] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.749555][ T6831] bridge_slave_1: entered allmulticast mode
[   69.753503][ T6831] bridge_slave_1: entered promiscuous mode
[   69.778917][ T6831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.783351][ T6831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.786396][   T53] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[   69.803352][ T6831] team0: Port device team_slave_0 added
[   69.808327][ T6831] team0: Port device team_slave_1 added
[   69.834027][ T6831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.837454][ T6831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   69.848297][ T6831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.857680][ T6831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.860900][ T6831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   69.871053][ T6831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.901472][ T6831] hsr_slave_0: entered promiscuous mode
[   69.904186][ T6831] hsr_slave_1: entered promiscuous mode
[   69.906422][ T6831] debugfs: 'hsr0' already exists in 'hsr'
[   69.908425][ T6831] Cannot create hsr debugfs directory
[   69.935546][   T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.964140][   T53] usb 10-1: Using ep0 maxpacket: 16
[   69.969310][   T53] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   69.972696][   T53] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[   69.978227][   T53] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   69.981236][   T53] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.984045][   T53] usb 10-1: Product: syz
[   69.985478][   T53] usb 10-1: Manufacturer: syz
[   69.987121][   T53] usb 10-1: SerialNumber: syz
[   70.076061][   T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.102665][ T6831] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   70.108124][ T6831] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   70.112665][ T6831] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   70.117249][ T6831] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   70.152669][   T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.225481][   T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.242883][   T53] usb 10-1: 0:2 : does not exist
[   70.247471][   T53] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[   70.249415][ T6831] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.261811][ T6831] 8021q: adding VLAN 0 to HW filter on device team0
[   70.267775][ T1195] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.270306][ T1195] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.276122][   T53] usb 10-1: USB disconnect, device number 3
[   70.280745][ T1195] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.283469][ T1195] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.295352][ T5933] Bluetooth: hci3: command tx timeout
[   70.307086][ T5938] udevd[5938]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   70.371827][   T46] bridge_slave_1: left allmulticast mode
[   70.376621][   T46] bridge_slave_1: left promiscuous mode
[   70.378515][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.382419][   T46] bridge_slave_0: left allmulticast mode
[   70.388107][   T46] bridge_slave_0: left promiscuous mode
[   70.390595][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.580833][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   70.585204][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   70.588770][   T46] bond0 (unregistering): Released all slaves
[   70.638303][ T6831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.784977][ T6831] veth0_vlan: entered promiscuous mode
[   70.790653][ T6831] veth1_vlan: entered promiscuous mode
[   70.809081][ T6831] veth0_macvtap: entered promiscuous mode
[   70.813728][ T6831] veth1_macvtap: entered promiscuous mode
[   70.823066][ T6831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.829238][ T6831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.848778][   T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.854494][   T46] hsr_slave_0: left promiscuous mode
[   70.856621][   T46] hsr_slave_1: left promiscuous mode
[   70.858672][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   70.861017][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[   70.863775][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.868405][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[   70.873828][   T46] veth1_macvtap: left promiscuous mode
[   70.875927][   T46] veth0_macvtap: left promiscuous mode
[   70.878343][   T46] veth1_vlan: left promiscuous mode
[   70.880094][   T46] veth0_vlan: left promiscuous mode
[   71.019224][   T46] team0 (unregistering): Port device team_slave_1 removed
[   71.027549][   T46] team0 (unregistering): Port device team_slave_0 removed
[   71.054894][   T40] kauditd_printk_skb: 52 callbacks suppressed
[   71.054974][   T40] audit: type=1400 audit(1774544657.774:423): avc:  denied  { read } for  pid=6890 comm="syz.5.221" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   71.067971][   T40] audit: type=1400 audit(1774544657.774:424): avc:  denied  { open } for  pid=6890 comm="syz.5.221" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   71.139806][   T10] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[   71.146750][ T6896] IPVS: length: 24 != 24159191448
[   71.334508][   T59] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   71.485806][   T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   71.489741][   T59] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   71.493112][   T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.497181][   T59] usb 7-1: config 0 descriptor??
[   71.644248][ T5933] Bluetooth: hci0: command tx timeout
[   71.912583][   T59] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor
[   71.924146][   T59] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0926:3333.0003/input/input7
[   72.552991][   T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.558711][   T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.562301][   T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.631281][   T59] keytouch 0003:0926:3333.0003: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[   72.639518][   T40] audit: type=1400 audit(1774544659.344:425): avc:  denied  { read } for  pid=5322 comm="acpid" name="event4" dev="devtmpfs" ino=2889 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   72.653502][   T59] usb 7-1: USB disconnect, device number 6
[   72.657710][   T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.662563][   T40] audit: type=1400 audit(1774544659.344:426): avc:  denied  { open } for  pid=5322 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2889 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   72.669645][   T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.679237][   T40] audit: type=1400 audit(1774544659.344:427): avc:  denied  { ioctl } for  pid=5322 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2889 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   72.686965][ T6902] fido_id[6902]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb7/7-1/report_descriptor': No such file or directory
[   72.705501][   T10] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[   72.706711][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.708701][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.711151][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.726792][   T10] usb 9-1: config 0 descriptor??
[   72.730385][   T10] cp210x 9-1:0.0: cp210x converter detected
[   72.767576][   T40] audit: type=1400 audit(1774544659.494:428): avc:  denied  { mounton } for  pid=6831 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   72.832478][   T40] audit: type=1400 audit(1774544659.554:429): avc:  denied  { read append } for  pid=6907 comm="syz.6.218" name="usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   72.845104][   T40] audit: type=1400 audit(1774544659.554:430): avc:  denied  { open } for  pid=6907 comm="syz.6.218" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   72.993625][   T46] IPVS: stop unused estimator thread 0...
[   73.111028][ T6928] __nla_validate_parse: 3 callbacks suppressed
[   73.111047][ T6928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.226'.
[   73.139684][   T10] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32
[   73.149218][   T10] usb 9-1: cp210x converter now attached to ttyUSB0
[   73.345762][   T10] usb 9-1: USB disconnect, device number 3
[   73.354265][   T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[   73.363240][   T10] cp210x 9-1:0.0: device disconnected
[   73.724859][ T5933] Bluetooth: hci0: command tx timeout
[   74.073857][   T40] audit: type=1800 audit(1774544660.794:431): pid=6961 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.229" name="bus" dev="overlay" ino=36 res=0 errno=0
[   75.014578][   T40] audit: type=1400 audit(1774544661.734:432): avc:  denied  { setopt } for  pid=6983 comm="syz.2.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   75.425531][ T6998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.236'.
[   75.503963][  T840] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[   75.675574][  T840] usb 9-1: Using ep0 maxpacket: 8
[   75.681154][  T840] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   75.684685][  T840] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.687351][  T840] usb 9-1: Product: syz
[   75.688724][  T840] usb 9-1: Manufacturer: syz
[   75.690866][  T840] usb 9-1: SerialNumber: syz
[   75.699194][  T840] usb 9-1: config 0 descriptor??
[   75.820648][ T5933] Bluetooth: hci0: command tx timeout
[   75.915056][  T840] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   76.133815][   T40] audit: type=1400 audit(1774544662.854:433): avc:  denied  { write } for  pid=7009 comm="syz.5.243" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   76.263976][   T59] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[   76.289762][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[   76.424096][   T59] usb 11-1: Using ep0 maxpacket: 32
[   76.427439][   T59] usb 11-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[   76.430284][   T59] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.438722][   T59] usb 11-1: config 0 descriptor??
[   76.646809][   T59] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[   76.657019][   T59] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   76.661012][   T59] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[   76.664406][   T59] usb 11-1: media controller created
[   76.696223][   T59] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   77.674010][   T59] stb0899_attach: Driver disabled by Kconfig
[   77.677340][   T59] az6027: no front-end attached
[   77.677340][   T59] 
[   77.682153][   T59] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[   77.691618][   T59] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb11/11-1/input/input8
[   77.702966][   T59] dvb-usb: schedule remote query interval to 400 msecs.
[   77.705370][   T59] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[   77.725582][  T840] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[   77.883051][  T840] usb 11-1: USB disconnect, device number 2
[   77.885228][ T5933] Bluetooth: hci0: command tx timeout
[   77.910940][  T840] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[   77.927204][   T10] usb 9-1: USB disconnect, device number 4
[   78.553237][   T40] audit: type=1400 audit(1774544665.274:434): avc:  denied  { read } for  pid=7062 comm="syz.4.254" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   78.564465][   T40] audit: type=1400 audit(1774544665.274:435): avc:  denied  { open } for  pid=7062 comm="syz.4.254" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   78.704163][   T39] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[   78.858039][ T7070] binder: 7069:7070 ioctl c0306201 0 returned -14
[   78.869740][   T39] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[   78.876882][   T39] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 24929, setting to 1024
[   78.881804][   T39] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[   78.890442][   T39] usb 11-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[   78.894198][   T39] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.897748][   T39] usb 11-1: Product: syz
[   78.899588][   T39] usb 11-1: Manufacturer: syz
[   78.901574][   T39] usb 11-1: SerialNumber: syz
[   78.908604][   T39] usb 11-1: config 0 descriptor??
[   78.915698][ T7073] binder: 7069:7073 ioctl c0306201 0 returned -14
[   78.916673][ T7058] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[   78.921320][ T7058] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[   79.063727][ T5933] Bluetooth: hci3: unexpected event for opcode 0x1003
[   79.128485][ T7058] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[   79.131199][ T7058] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[   79.552257][   T39] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[   79.796323][   T40] audit: type=1326 audit(1774544666.524:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7083 comm="syz.4.261" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f44ecd9c799 code=0x0
[   79.915531][   T39] dm9601 11-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[   79.923599][   T39] usb 11-1: USB disconnect, device number 3
[   80.460858][ T7100] netlink: 8 bytes leftover after parsing attributes in process `syz.5.266'.
[   80.818287][   T40] audit: type=1400 audit(1774544667.544:437): avc:  denied  { ioctl } for  pid=7113 comm="syz.4.272" path="socket:[18013]" dev="sockfs" ino=18013 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   81.061399][   T53] IPVS: starting estimator thread 0...
[   81.224427][ T7122] IPVS: using max 44 ests per chain, 105600 per kthread
[   81.414241][   T40] audit: type=1400 audit(1774544668.094:438): avc:  denied  { ioctl } for  pid=7125 comm="syz.2.274" path="socket:[17290]" dev="sockfs" ino=17290 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[   81.573988][   T40] audit: type=1400 audit(1774544668.254:439): avc:  denied  { connect } for  pid=7125 comm="syz.2.274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[   81.647008][ T7129] netlink: 16166 bytes leftover after parsing attributes in process `syz.6.275'.
[   81.708188][ T7133] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=259 sclass=netlink_route_socket pid=7133 comm=syz.6.277
[   82.293372][ T7144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.281'.
[   82.306350][ T7144] syz_tun: entered promiscuous mode
[   82.308529][ T7144] macvtap1: entered promiscuous mode
[   82.310941][ T7144] macvtap1: entered allmulticast mode
[   82.313224][ T7144] syz_tun: entered allmulticast mode
[   82.323160][ T7144] syz_tun: left allmulticast mode
[   82.325628][ T7144] syz_tun: left promiscuous mode
[   82.328255][ T7144] macvtap1: left promiscuous mode
[   82.330621][ T7144] macvtap1: left allmulticast mode
[   82.891371][   T40] audit: type=1400 audit(1774544669.614:440): avc:  denied  { setopt } for  pid=7157 comm="syz.5.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   83.095175][ T5942] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[   83.098103][ T5942] Bluetooth: hci3: Injecting HCI hardware error event
[   83.101201][ T5942] Bluetooth: hci3: hardware error 0x00
[   83.798953][ T7176] netlink: 16 bytes leftover after parsing attributes in process `syz.4.289'.
[   83.997620][   T40] audit: type=1400 audit(1774544670.724:441): avc:  denied  { audit_write } for  pid=7181 comm="syz.5.294" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   84.011723][   T40] audit: type=1326 audit(1774544670.734:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7181 comm="syz.5.294" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c0f9c799 code=0x7ffc0000
[   84.021573][   T40] audit: type=1326 audit(1774544670.734:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7181 comm="syz.5.294" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23c0f9c799 code=0x7ffc0000
[   84.588521][   T40] audit: type=1400 audit(1774544671.314:444): avc:  denied  { ioctl } for  pid=7190 comm="syz.2.296" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x937a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   85.209581][ T5942] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[   85.514246][   T59] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[   85.666185][   T59] usb 10-1: config index 0 descriptor too short (expected 39, got 27)
[   85.668974][   T59] usb 10-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   85.674785][   T59] usb 10-1: config 0 interface 0 has no altsetting 0
[   85.682379][   T59] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   85.685814][   T59] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[   85.689292][   T59] usb 10-1: Product: syz
[   85.691369][   T59] usb 10-1: Manufacturer: syz
[   85.693429][   T59] usb 10-1: SerialNumber: syz
[   85.704560][   T59] usb 10-1: config 0 descriptor??
[   85.708797][   T59] hub 10-1:0.0: bad descriptor, ignoring hub
[   85.711325][   T59] hub 10-1:0.0: probe with driver hub failed with error -5
[   85.736992][   T59] snd-usb-audio 10-1:0.0: probe with driver snd-usb-audio failed with error -22
[   85.742587][ T7197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.754706][ T5938] udevd[5938]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   86.050076][   T59] usb 10-1: USB disconnect, device number 4
[   86.283959][   T40] audit: type=1400 audit(1774544673.004:445): avc:  denied  { ioctl } for  pid=7235 comm="syz.6.306" path="socket:[18285]" dev="sockfs" ino=18285 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[   86.316719][ T7250] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7250 comm=syz.2.307
[   86.528878][ T3245] cfg80211: failed to load regulatory.db
[   86.744240][   T10] IPVS: starting estimator thread 0...
[   86.844711][ T7275] IPVS: using max 25 ests per chain, 60000 per kthread
[   87.257671][ T7282] ��: renamed from team_slave_1 (while UP)
[   87.291546][   T40] audit: type=1400 audit(1774544674.014:446): avc:  denied  { create } for  pid=7279 comm="syz.2.314" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   88.082980][ T7304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.322'.
[   88.086288][ T7304] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   88.089639][ T7304] netlink: 24 bytes leftover after parsing attributes in process `syz.2.322'.
[   88.456855][ T6015] IPVS: starting estimator thread 0...
[   88.544116][ T7319] IPVS: using max 44 ests per chain, 105600 per kthread
[   89.286893][ T7331] comedi comedi3: comedi_config --init_data is deprecated
[   90.124401][   T40] audit: type=1400 audit(1774544676.584:447): avc:  denied  { mount } for  pid=7334 comm="syz.4.334" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   90.842929][  T840] libceph: connect (1)[c::]:6789 error -101
[   90.845134][  T840] libceph: mon0 (1)[c::]:6789 connect error
[   91.064028][   T10] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[   91.111549][  T840] libceph: connect (1)[c::]:6789 error -101
[   91.125506][  T840] libceph: mon0 (1)[c::]:6789 connect error
[   91.214275][   T10] usb 10-1: Using ep0 maxpacket: 32
[   91.219166][   T10] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   91.234395][   T10] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   91.237332][   T10] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   91.240538][   T10] usb 10-1: Product: syz
[   91.242181][   T10] usb 10-1: Manufacturer: syz
[   91.257875][   T10] usb 10-1: SerialNumber: syz
[   91.274502][   T10] usb 10-1: config 0 descriptor??
[   91.294512][ T7344] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[   91.298746][   T10] hub 10-1:0.0: bad descriptor, ignoring hub
[   91.301205][   T10] hub 10-1:0.0: probe with driver hub failed with error -5
[   91.568226][ T7351] ceph: No mds server is up or the cluster is laggy
[   91.902362][   T40] audit: type=1400 audit(1774544678.624:448): avc:  denied  { ioctl } for  pid=7383 comm="syz.4.345" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   92.656758][  T129] raw-gadget.0 gadget.5: failed to queue suspend event
[   92.727939][ T7344] raw-gadget.0 gadget.5: failed to queue resume event
[   92.745102][   T90] raw-gadget.0 gadget.5: failed to queue suspend event
[   92.821288][ T7344] raw-gadget.0 gadget.5: failed to queue resume event
[   92.852609][ T1145] raw-gadget.0 gadget.5: failed to queue suspend event
[   92.924156][ T7344] raw-gadget.0 gadget.5: failed to queue resume event
[   92.945631][  T129] raw-gadget.0 gadget.5: failed to queue suspend event
[   93.034151][ T7344] raw-gadget.0 gadget.5: failed to queue resume event
[   93.056306][   T90] raw-gadget.0 gadget.5: failed to queue suspend event
[   93.126896][ T7344] raw-gadget.0 gadget.5: failed to queue resume event
[   93.149855][   T90] raw-gadget.0 gadget.5: failed to queue suspend event
[   93.209107][ T7423] ufs: You didn't specify the type of your ufs filesystem
[   93.209107][ T7423] 
[   93.209107][ T7423] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[   93.209107][ T7423] 
[   93.209107][ T7423] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[   93.221480][ T7423] ufs: ufstype=old is supported read-only
[   93.225176][ T7423] ufs: ufs_fill_super(): bad magic number
[   93.254279][ T7344] raw-gadget.0 gadget.5: failed to queue resume event
[   93.345854][   T12] raw-gadget.0 gadget.5: failed to queue suspend event
[   93.424262][ T7344] raw-gadget.0 gadget.5: failed to queue resume event
[   93.444987][   T13] raw-gadget.0 gadget.5: failed to queue suspend event
[   93.458386][ T7344] raw-gadget.0 gadget.5: failed to queue disconnect event
[   93.464462][ T6015] usb 10-1: USB disconnect, device number 5
[   93.492493][   T40] audit: type=1400 audit(1774544680.214:449): avc:  denied  { connect } for  pid=7425 comm="syz.5.356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   93.503060][   T40] audit: type=1400 audit(1774544680.224:450): avc:  denied  { bind } for  pid=7425 comm="syz.5.356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   93.516698][   T40] audit: type=1400 audit(1774544680.244:451): avc:  denied  { write } for  pid=7425 comm="syz.5.356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   93.530877][   T40] audit: type=1400 audit(1774544680.254:452): avc:  denied  { block_suspend } for  pid=7425 comm="syz.5.356" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   93.590348][ T7428] netlink: 'syz.5.357': attribute type 10 has an invalid length.
[   93.611487][ T7428] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   95.132084][ T7457] ubi31: attaching mtd0
[   95.134846][ T7457] ubi31: scanning is finished
[   95.136482][ T7457] ubi31: empty MTD device detected
[   95.670316][ T7457] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[   95.964122][ T5942] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   95.969133][ T5942] Bluetooth: hci1: Injecting HCI hardware error event
[   95.973086][ T5942] Bluetooth: hci1: hardware error 0x00
[   96.075321][ T7466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   96.158304][ T7478] netlink: 4 bytes leftover after parsing attributes in process `syz.4.372'.
[   96.203596][ T7480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.375'.
[   97.264037][ T7486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.478233][ T7501] overlayfs: missing 'lowerdir'
[   98.050077][   T40] audit: type=1400 audit(1774544684.514:453): avc:  denied  { firmware_load } for  pid=7497 comm="syz.5.374" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[   98.338979][ T7505] syz.5.374 (7505) used greatest stack depth: 19104 bytes left
[   98.352889][ T5942] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   98.426904][   T40] audit: type=1400 audit(1774544685.154:454): avc:  denied  { name_bind } for  pid=7517 comm="syz.6.385" src=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  100.478700][ T7527] batman_adv: batadv0: Adding interface: dummy0
[  100.481361][ T7527] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.503995][ T7527] batman_adv: batadv0: Interface activated: dummy0
[  100.514844][   T40] audit: type=1400 audit(1774544687.244:455): avc:  denied  { ioctl } for  pid=7526 comm="syz.2.387" path="socket:[19071]" dev="sockfs" ino=19071 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  100.520939][ T7527] batadv0: mtu less than device minimum
[  100.544742][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.549527][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.554150][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.558836][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.564074][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.569764][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.574350][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.580721][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.586564][ T7527] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  100.865934][ T7542] syzkaller0: entered promiscuous mode
[  100.868060][ T7542] syzkaller0: entered allmulticast mode
[  100.920537][ T7545] netlink: 8 bytes leftover after parsing attributes in process `syz.6.389'.
[  100.924162][ T7545] netlink: 4 bytes leftover after parsing attributes in process `syz.6.389'.
[  101.217111][ T7545] netlink: 8 bytes leftover after parsing attributes in process `syz.6.389'.
[  101.217423][   T12] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  101.221045][ T7545] netlink: 4 bytes leftover after parsing attributes in process `syz.6.389'.
[  101.232317][   T12] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  101.246853][   T12] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  101.260755][   T12] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  101.597126][   T10] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  102.003972][   T10] usb 10-1: Using ep0 maxpacket: 8
[  102.007080][   T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  102.011051][   T10] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  102.014088][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.018198][   T10] usb 10-1: config 0 descriptor??
[  102.230794][   T10] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  102.746797][ T6014] usb 10-1: USB disconnect, device number 6
[  102.746858][    C3] iowarrior 10-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  103.124067][   T40] audit: type=1400 audit(1774544689.794:456): avc:  denied  { setopt } for  pid=7591 comm="syz.4.406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  103.826856][ T7619] Illegal XDP return value 633756457 on prog  (id 35) dev syz_tun, expect packet loss!
[  103.950020][   T40] audit: type=1400 audit(1774544690.674:457): avc:  denied  { create } for  pid=7626 comm="syz.4.416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  103.965409][   T40] audit: type=1400 audit(1774544690.684:458): avc:  denied  { write } for  pid=7626 comm="syz.4.416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  105.374051][ T5929] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  105.544029][ T5929] usb 9-1: Using ep0 maxpacket: 32
[  105.549237][ T5929] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  105.552716][ T5929] usb 9-1: config 0 has no interface number 0
[  105.573362][ T5929] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  105.577456][ T5929] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.579829][ T5929] usb 9-1: Product: syz
[  105.581419][ T5929] usb 9-1: Manufacturer: syz
[  105.594016][ T5929] usb 9-1: SerialNumber: syz
[  105.596741][ T5929] usb 9-1: config 0 descriptor??
[  105.686391][ T7669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.427'.
[  106.429502][ T5929] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  106.454530][ T5929] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  106.554034][   T40] audit: type=1400 audit(1774544693.234:459): avc:  denied  { accept } for  pid=7674 comm="syz.6.430" lport=49843 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  106.561359][   T40] audit: type=1400 audit(1774544693.234:460): avc:  denied  { write } for  pid=7674 comm="syz.6.430" lport=49843 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  106.569344][   T40] audit: type=1400 audit(1774544693.234:461): avc:  denied  { setopt } for  pid=7674 comm="syz.6.430" lport=49843 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  106.734632][ T5929] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  106.738231][ T5929] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -32
[  106.836303][ T7685] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  106.839381][ T7685] IPv6: NLM_F_CREATE should be set when creating new route
[  106.842223][ T7685] IPv6: NLM_F_CREATE should be set when creating new route
[  106.844824][ T7685] IPv6: NLM_F_CREATE should be set when creating new route
[  107.257476][   T40] audit: type=1400 audit(1774544693.984:462): avc:  denied  { write } for  pid=7686 comm="syz.6.433" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  108.195070][ T5929] usb 9-1: USB disconnect, device number 5
[  109.210250][ T5942] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  109.215341][ T5942] CPU: 0 UID: 0 PID: 5942 Comm: kworker/u33:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  109.215367][ T5942] Tainted: [L]=SOFTLOCKUP
[  109.215373][ T5942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  109.215386][ T5942] Workqueue: hci0 hci_rx_work
[  109.215422][ T5942] Call Trace:
[  109.215428][ T5942]  <TASK>
[  109.215434][ T5942]  dump_stack_lvl+0x100/0x190
[  109.215462][ T5942]  sysfs_warn_dup.cold+0x1c/0x28
[  109.215484][ T5942]  sysfs_create_dir_ns+0x24b/0x2b0
[  109.215507][ T5942]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  109.215532][ T5942]  ? find_held_lock+0x2b/0x80
[  109.215551][ T5942]  ? kobject_add_internal+0x25f/0x930
[  109.215573][ T5942]  ? kobject_add_internal+0x25f/0x930
[  109.215598][ T5942]  ? do_raw_spin_unlock+0x145/0x1e0
[  109.215620][ T5942]  kobject_add_internal+0x2c8/0x930
[  109.215651][ T5942]  kobject_add+0x16a/0x1e0
[  109.215664][ T5942]  ? __pfx_kobject_add+0x10/0x10
[  109.215676][ T5942]  ? class_to_subsys+0x10f/0x150
[  109.215701][ T5942]  ? kobject_put+0xb9/0x640
[  109.215723][ T5942]  ? _raw_spin_unlock+0x28/0x50
[  109.215747][ T5942]  device_add+0x294/0x1950
[  109.215763][ T5942]  ? __pfx_dev_set_name+0x10/0x10
[  109.215785][ T5942]  ? __pfx_device_add+0x10/0x10
[  109.215800][ T5942]  ? mgmt_send_event_skb+0x2fb/0x460
[  109.215823][ T5942]  hci_conn_add_sysfs+0x1a3/0x260
[  109.215845][ T5942]  le_conn_complete_evt+0x11cb/0x1f40
[  109.215869][ T5942]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  109.215892][ T5942]  hci_le_conn_complete_evt+0x23c/0x3a0
[  109.215910][ T5942]  ? skb_pull_data+0x15f/0x1e0
[  109.215931][ T5942]  hci_le_meta_evt+0x34a/0x5f0
[  109.215949][ T5942]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  109.215968][ T5942]  hci_event_packet+0x682/0x11c0
[  109.215987][ T5942]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  109.216008][ T5942]  ? __pfx_hci_event_packet+0x10/0x10
[  109.216027][ T5942]  ? kcov_remote_start+0x374/0x660
[  109.216047][ T5942]  ? lockdep_hardirqs_on+0x78/0x100
[  109.216074][ T5942]  hci_rx_work+0x451/0xfc0
[  109.216095][ T5942]  process_one_work+0xa23/0x19a0
[  109.216120][ T5942]  ? __pfx_process_one_work+0x10/0x10
[  109.216141][ T5942]  ? __pfx_hci_rx_work+0x10/0x10
[  109.216164][ T5942]  worker_thread+0x5ef/0xe50
[  109.216187][ T5942]  ? kthread+0x13a/0x450
[  109.216200][ T5942]  ? __pfx_worker_thread+0x10/0x10
[  109.216215][ T5942]  kthread+0x370/0x450
[  109.216230][ T5942]  ? __pfx_kthread+0x10/0x10
[  109.216248][ T5942]  ret_from_fork+0x754/0xd80
[  109.216264][ T5942]  ? __pfx_ret_from_fork+0x10/0x10
[  109.216281][ T5942]  ? __switch_to+0x7b4/0x1120
[  109.216299][ T5942]  ? __pfx_kthread+0x10/0x10
[  109.216318][ T5942]  ret_from_fork_asm+0x1a/0x30
[  109.216346][ T5942]  </TASK>
[  109.216383][ T5942] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  109.324366][ T5942] Bluetooth: hci0: failed to register connection device
[  109.631158][ T7737] No control pipe specified
[  110.064771][ T5929] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  110.245271][ T5929] usb 9-1: Using ep0 maxpacket: 16
[  110.251476][ T5929] usb 9-1: no configurations
[  110.253182][ T5929] usb 9-1: can't read configurations, error -22
[  110.394574][ T5929] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  110.553969][ T5929] usb 9-1: Using ep0 maxpacket: 16
[  110.557201][ T5929] usb 9-1: no configurations
[  110.559309][ T5929] usb 9-1: can't read configurations, error -22
[  110.562473][ T5929] usb usb9-port1: attempt power cycle
[  111.130701][ T5929] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  111.154594][ T5929] usb 9-1: Using ep0 maxpacket: 16
[  111.157031][ T5929] usb 9-1: no configurations
[  111.158813][ T5929] usb 9-1: can't read configurations, error -22
[  111.304191][ T5929] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  111.334761][ T5929] usb 9-1: Using ep0 maxpacket: 16
[  111.339673][ T5929] usb 9-1: no configurations
[  111.343630][ T5929] usb 9-1: can't read configurations, error -22
[  111.349093][ T5929] usb usb9-port1: unable to enumerate USB device
[  111.444779][ T7773] input: syz0 as /devices/virtual/input/input9
[  111.555494][ T7777] macvtap0: entered promiscuous mode
[  111.558630][ T7777] netlink: 4 bytes leftover after parsing attributes in process `syz.2.464'.
[  111.563557][ T7777] veth0_macvtap: left promiscuous mode
[  111.583507][ T7777] macvtap0 (unregistering): left promiscuous mode
[  111.931471][ T7789] netlink: 44 bytes leftover after parsing attributes in process `syz.5.468'.
[  112.705150][ T7787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  112.938229][ T7809] FAULT_INJECTION: forcing a failure.
[  112.938229][ T7809] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  112.942348][ T7809] CPU: 3 UID: 0 PID: 7809 Comm: syz.6.477 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  112.942373][ T7809] Tainted: [L]=SOFTLOCKUP
[  112.942377][ T7809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  112.942384][ T7809] Call Trace:
[  112.942389][ T7809]  <TASK>
[  112.942394][ T7809]  dump_stack_lvl+0x100/0x190
[  112.942425][ T7809]  should_fail_ex.cold+0x5/0xa
[  112.942450][ T7809]  _copy_from_user+0x2e/0xd0
[  112.942469][ T7809]  move_addr_to_kernel+0x65/0x170
[  112.942483][ T7809]  __sys_connect+0xb5/0x170
[  112.942502][ T7809]  ? __pfx___sys_connect+0x10/0x10
[  112.942519][ T7809]  ? __fget_files+0x21f/0x3d0
[  112.942544][ T7809]  ? __pfx_ksys_write+0x10/0x10
[  112.942564][ T7809]  __x64_sys_connect+0x72/0xb0
[  112.942577][ T7809]  ? lockdep_hardirqs_on+0x78/0x100
[  112.942599][ T7809]  do_syscall_64+0x106/0xf80
[  112.942619][ T7809]  ? clear_bhb_loop+0x40/0x90
[  112.942639][ T7809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.942655][ T7809] RIP: 0033:0x7f729139c799
[  112.942665][ T7809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.942680][ T7809] RSP: 002b:00007f728f5f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  112.942696][ T7809] RAX: ffffffffffffffda RBX: 00007f7291615fa0 RCX: 00007f729139c799
[  112.942707][ T7809] RDX: 000000000000001c RSI: 0000200000000240 RDI: 0000000000000004
[  112.942716][ T7809] RBP: 00007f728f5f6090 R08: 0000000000000000 R09: 0000000000000000
[  112.942725][ T7809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  112.942734][ T7809] R13: 00007f7291616038 R14: 00007f7291615fa0 R15: 00007ffc19e5e6b8
[  112.942752][ T7809]  </TASK>
[  113.051598][  T840] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  113.209268][  T840] usb 7-1: Using ep0 maxpacket: 8
[  113.212966][  T840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  113.216733][  T840] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  113.219650][  T840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.223444][  T840] usb 7-1: config 0 descriptor??
[  113.438593][  T840] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  113.646094][ T7877] netlink: 56 bytes leftover after parsing attributes in process `syz.5.494'.
[  113.649107][ T7877] netlink: 56 bytes leftover after parsing attributes in process `syz.5.494'.
[  113.652632][ T7877] netlink: 56 bytes leftover after parsing attributes in process `syz.5.494'.
[  113.653262][   T10] usb 7-1: USB disconnect, device number 7
[  113.655751][ T7877] netlink: 56 bytes leftover after parsing attributes in process `syz.5.494'.
[  113.661455][ T7877] netlink: 56 bytes leftover after parsing attributes in process `syz.5.494'.
[  113.862658][ T7892] �����5g�Q[�: renamed from lo (while UP)
[  114.148627][   T40] audit: type=1400 audit(1774544700.874:463): avc:  denied  { listen } for  pid=7913 comm="syz.4.503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  114.157564][   T40] audit: type=1400 audit(1774544700.874:464): avc:  denied  { accept } for  pid=7913 comm="syz.4.503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  114.394059][ T6014] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  114.603998][ T6014] usb 10-1: Using ep0 maxpacket: 8
[  114.609719][ T6014] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  114.613338][ T6014] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  114.619774][ T6014] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.629236][ T6014] usb 10-1: config 0 descriptor??
[  114.640130][    T9] IPVS: starting estimator thread 0...
[  114.693125][   T40] audit: type=1400 audit(1774544701.414:465): avc:  denied  { create } for  pid=7928 comm="syz.2.511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  114.726947][   T40] audit: type=1400 audit(1774544701.414:466): avc:  denied  { create } for  pid=7928 comm="syz.2.511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  114.736469][ T7932] IPVS: using max 44 ests per chain, 105600 per kthread
[  114.848363][ T6014] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  114.853384][ T7941] net_ratelimit: 10 callbacks suppressed
[  114.853395][ T7941] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  114.901607][ T7943] overlay: Unknown parameter 'permit_directio'
[  115.071400][ T6014] usb 10-1: USB disconnect, device number 7
[  115.185372][ T7949] netlink: 'syz.5.517': attribute type 64 has an invalid length.
[  129.722586][   T40] audit: type=1400 audit(1774544716.444:467): avc:  denied  { mount } for  pid=7955 comm="syz.2.520" name="/" dev="ramfs" ino=19362 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  129.729370][ T7958] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  129.730607][ T7959] SELinux:  policydb magic number 0x224e0002 does not match expected magic number 0xf97cff8c
[  129.733835][ T7958] overlayfs: failed to set xattr on upper
[  129.740496][ T7959] SELinux: failed to load policy
[  129.740930][ T7958] overlayfs: ...falling back to redirect_dir=nofollow.
[  129.750801][ T7958] overlayfs: ...falling back to index=off.
[  129.752828][ T7958] overlayfs: ...falling back to uuid=null.
[  129.760860][   T40] audit: type=1400 audit(1774544716.454:468): avc:  denied  { mounton } for  pid=7955 comm="syz.2.520" path="/file0" dev="ramfs" ino=19363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  129.771495][   T40] audit: type=1400 audit(1774544716.454:469): avc:  denied  { load_policy } for  pid=7957 comm="syz.5.518" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  129.782868][ T7966] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  129.819190][ T7963] Failed to initialize the IGMP autojoin socket (err -2)
[  129.829052][   T40] audit: type=1400 audit(1774544716.554:470): avc:  denied  { read } for  pid=7955 comm="syz.2.520" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  129.838284][   T40] audit: type=1400 audit(1774544716.554:471): avc:  denied  { open } for  pid=7955 comm="syz.2.520" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  130.162894][ T7999] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  130.244036][ T6014] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  130.414016][ T6014] usb 9-1: Using ep0 maxpacket: 8
[  130.417374][ T6014] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  130.421057][ T6014] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  130.424627][ T6014] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.429253][ T6014] usb 9-1: config 0 descriptor??
[  130.637034][ T6014] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  130.808120][ T8001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.529'.
[  130.811753][ T8001] netlink: 8 bytes leftover after parsing attributes in process `syz.6.529'.
[  130.815850][ T8002] netlink: 8 bytes leftover after parsing attributes in process `syz.6.529'.
[  130.818767][ T8002] netlink: 8 bytes leftover after parsing attributes in process `syz.6.529'.
[  130.838050][ T6015] usb 9-1: USB disconnect, device number 10
[  130.894607][   T40] audit: type=1400 audit(1774544717.624:472): avc:  denied  { write } for  pid=8004 comm="syz.4.530" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  130.903760][ T8005] binder_alloc: 8004: binder_alloc_buf, no vma
[  130.998919][ T8013] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  131.002499][ T8013] overlayfs: failed to set xattr on upper
[  131.004686][ T8013] overlayfs: ...falling back to redirect_dir=nofollow.
[  131.006986][ T8013] overlayfs: ...falling back to index=off.
[  131.008887][ T8013] overlayfs: ...falling back to uuid=null.
[  131.016542][ T8013] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  131.204841][ T8031] netlink: 68 bytes leftover after parsing attributes in process `syz.6.542'.
[  131.231595][   T40] audit: type=1400 audit(1774544717.954:473): avc:  denied  { create } for  pid=8030 comm="syz.2.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  131.234006][ T5929] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  131.243064][ T8031] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8031 comm=syz.6.542
[  131.264235][   T40] audit: type=1400 audit(1774544717.954:474): avc:  denied  { ioctl } for  pid=8030 comm="syz.2.543" path="socket:[20361]" dev="sockfs" ino=20361 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  131.394190][ T5929] usb 10-1: Using ep0 maxpacket: 8
[  131.398866][ T5929] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  131.402660][ T5929] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  131.408900][ T5929] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.412877][ T5929] usb 10-1: config 0 descriptor??
[  131.550819][ T8051] efs: cannot read volume header
[  131.582896][ T8055] netlink: 8 bytes leftover after parsing attributes in process `syz.6.552'.
[  131.586156][ T8055] netlink: 24 bytes leftover after parsing attributes in process `syz.6.552'.
[  131.589282][ T8055] netlink: 8 bytes leftover after parsing attributes in process `syz.6.552'.
[  131.592277][ T8055] netlink: 24 bytes leftover after parsing attributes in process `syz.6.552'.
[  131.623138][ T5929] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  131.664029][ T8059] netlink: 12 bytes leftover after parsing attributes in process `syz.6.554'.
[  131.676097][ T8059] bond1: entered promiscuous mode
[  131.678005][ T8059] 8021q: adding VLAN 0 to HW filter on device bond1
[  131.683558][   T40] audit: type=1400 audit(1774544718.404:475): avc:  denied  { create } for  pid=8058 comm="syz.6.554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  131.692617][ T8059] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  131.692963][   T40] audit: type=1400 audit(1774544718.404:476): avc:  denied  { write } for  pid=8058 comm="syz.6.554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  131.696998][ T8059] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  131.707697][ T8059] bond1: (slave ipvlan2): Error -95 calling set_mac_address
[  132.072284][ T8071] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size.
[  132.343762][ T8080] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized
[  132.790294][ T8100] syz.6.569 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  132.849356][ T8101] trusted_key: encrypted_key: master key parameter is missing
[  133.018640][ T8104] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[  133.154756][ T8112] batman_adv: batadv0: Interface deactivated: dummy0
[  133.157246][ T8112] batman_adv: batadv0: Removing interface: dummy0
[  133.230168][ T8116] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  133.344279][ T8125] Process accounting resumed
[  133.624720][ T8145] fuse: Unknown parameter '.d'
[  133.808014][ T8169] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  133.812622][ T8169] block device autoloading is deprecated and will be removed.
[  133.852484][ T8171] overlayfs: regular lower layers cannot follow data lower layers
[  133.877960][ T8163] md: superblock version 12389 not known
[  133.880900][ T8163] md: couldn't set array info. -22
[  133.904002][   T53] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  133.943444][ T8176] Failed to initialize the IGMP autojoin socket (err -2)
[  133.957929][   T59] usb 10-1: USB disconnect, device number 8
[  134.074012][   T53] usb 11-1: Using ep0 maxpacket: 16
[  134.077058][   T53] usb 11-1: config index 0 descriptor too short (expected 65, got 36)
[  134.079642][   T53] usb 11-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  134.083407][   T53] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 55, changing to 9
[  134.099696][   T53] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 8496, setting to 1024
[  134.115249][   T53] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  134.119403][   T53] usb 11-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  134.122316][   T53] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.137315][   T53] usb 11-1: config 0 descriptor??
[  134.146895][   T53] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/input/input10
[  134.351823][ T3245] usb 11-1: USB disconnect, device number 4
[  134.474022][   T10] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  134.604175][    T9] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  134.617292][ T8245] FAULT_INJECTION: forcing a failure.
[  134.617292][ T8245] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.621682][ T8245] CPU: 3 UID: 0 PID: 8245 Comm: syz.5.607 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  134.621709][ T8245] Tainted: [L]=SOFTLOCKUP
[  134.621716][ T8245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  134.621726][ T8245] Call Trace:
[  134.621742][ T8245]  <TASK>
[  134.621749][ T8245]  dump_stack_lvl+0x100/0x190
[  134.621787][ T8245]  should_fail_ex.cold+0x5/0xa
[  134.621809][ T8245]  _copy_to_user+0x32/0xd0
[  134.621837][ T8245]  snd_seq_read+0x319/0x680
[  134.621874][ T8245]  ? __pfx_snd_seq_read+0x10/0x10
[  134.621895][ T8245]  ? avc_policy_seqno+0x9/0x20
[  134.621915][ T8245]  ? bpf_lsm_file_permission+0x9/0x10
[  134.621939][ T8245]  ? security_file_permission+0x76/0x210
[  134.621964][ T8245]  ? rw_verify_area+0xce/0x6d0
[  134.621990][ T8245]  ? __pfx_snd_seq_read+0x10/0x10
[  134.622014][ T8245]  vfs_readv+0x5d8/0x8d0
[  134.622044][ T8245]  ? __pfx_vfs_readv+0x10/0x10
[  134.622070][ T8245]  ? find_held_lock+0x2b/0x80
[  134.622104][ T8245]  ? __fget_files+0x21f/0x3d0
[  134.622127][ T8245]  ? do_readv+0x28a/0x340
[  134.622162][ T8245]  do_readv+0x28a/0x340
[  134.622185][ T8245]  ? __pfx_do_readv+0x10/0x10
[  134.622211][ T8245]  do_syscall_64+0x106/0xf80
[  134.622231][ T8245]  ? clear_bhb_loop+0x40/0x90
[  134.622250][ T8245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.622265][ T8245] RIP: 0033:0x7f23c0f9c799
[  134.622278][ T8245] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  134.622292][ T8245] RSP: 002b:00007f23c1d84028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  134.622326][ T8245] RAX: ffffffffffffffda RBX: 00007f23c1215fa0 RCX: 00007f23c0f9c799
[  134.622336][ T8245] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003
[  134.622345][ T8245] RBP: 00007f23c1d84090 R08: 0000000000000000 R09: 0000000000000000
[  134.622353][ T8245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.622362][ T8245] R13: 00007f23c1216038 R14: 00007f23c1215fa0 R15: 00007ffd849f42e8
[  134.622381][ T8245]  </TASK>
[  134.654034][   T10] usb 7-1: Using ep0 maxpacket: 8
[  134.702388][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  134.706097][   T10] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  134.709018][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.715921][   T10] usb 7-1: config 0 descriptor??
[  134.774171][    T9] usb 9-1: Using ep0 maxpacket: 8
[  134.777807][    T9] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  134.781612][    T9] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  134.787417][    T9] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  134.791950][    T9] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  134.798017][    T9] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  134.801855][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.934457][   T10] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  134.999173][   T40] kauditd_printk_skb: 17 callbacks suppressed
[  134.999218][   T40] audit: type=1400 audit(1774544721.724:494): avc:  denied  { ioctl } for  pid=8261 comm="syz.6.611" path="socket:[23982]" dev="sockfs" ino=23982 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  135.013406][    T9] usb 9-1: GET_CAPABILITIES returned 0
[  135.015372][    T9] usbtmc 9-1:16.0: can't read capabilities
[  135.214770][    T9] usb 9-1: USB disconnect, device number 11
[  135.219867][   T40] audit: type=1400 audit(1774544721.944:495): avc:  denied  { recv } for  pid=0 comm="swapper/1" saddr=10.0.2.2 src=37160 daddr=10.0.2.15 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  135.228117][ T8271] nbd: nbd64 already in use
[  135.228194][   T40] audit: type=1400 audit(1774544721.944:496): avc:  denied  { recv } for  pid=5862 comm="sshd-session" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=54430 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  135.238596][ T8270] nbd: nbd64 already in use
[  135.316190][ T8033] udevd[8033]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  135.383280][ T8287] Failed to initialize the IGMP autojoin socket (err -2)
[  135.427913][   T40] audit: type=1400 audit(1774544722.154:497): avc:  denied  { mounton } for  pid=8237 comm="syz.4.604" path="/bus" dev="hugetlbfs" ino=22841 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1
[  135.430151][ T8238] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  135.437357][ T8238] overlayfs: failed to set xattr on upper
[  135.439145][ T8238] overlayfs: ...falling back to redirect_dir=nofollow.
[  135.441258][ T8238] overlayfs: ...falling back to index=off.
[  135.443094][ T8238] overlayfs: ...falling back to uuid=null.
[  135.450316][ T8238] overlayfs: maximum fs stacking depth exceeded
[  135.500282][   T40] audit: type=1400 audit(1774544722.224:498): avc:  denied  { setopt } for  pid=8291 comm="syz.6.617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  135.512652][   T40] audit: type=1400 audit(1774544722.234:499): avc:  denied  { write } for  pid=8291 comm="syz.6.617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  135.705787][   T40] audit: type=1400 audit(1774544722.434:500): avc:  denied  { ioctl } for  pid=8303 comm="syz.6.620" path="socket:[22973]" dev="sockfs" ino=22973 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  135.794708][   T40] audit: type=1400 audit(1774544722.524:501): avc:  denied  { append } for  pid=8306 comm="syz.6.621" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  135.840921][   T40] audit: type=1400 audit(1774544722.564:502): avc:  denied  { listen } for  pid=8309 comm="syz.6.622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  135.862867][   T40] audit: type=1400 audit(1774544722.564:503): avc:  denied  { accept } for  pid=8309 comm="syz.6.622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  135.866527][ T8312] __nla_validate_parse: 7 callbacks suppressed
[  135.866559][ T8312] netlink: 8 bytes leftover after parsing attributes in process `syz.5.623'.
[  135.876080][ T8312] netlink: 24 bytes leftover after parsing attributes in process `syz.5.623'.
[  135.879790][ T8312] netlink: 8 bytes leftover after parsing attributes in process `syz.5.623'.
[  135.882701][ T8312] netlink: 24 bytes leftover after parsing attributes in process `syz.5.623'.
[  135.895184][ T8314] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  136.411742][ T8345] netlink: 8 bytes leftover after parsing attributes in process `syz.4.634'.
[  136.415789][ T8345] netlink: 12 bytes leftover after parsing attributes in process `syz.4.634'.
[  136.419285][ T8345] netlink: 8 bytes leftover after parsing attributes in process `syz.4.634'.
[  136.422181][ T8345] netlink: 12 bytes leftover after parsing attributes in process `syz.4.634'.
[  136.451620][ T8348] Failed to initialize the IGMP autojoin socket (err -2)
[  136.463089][ T8351] netlink: 'syz.4.635': attribute type 5 has an invalid length.
[  136.470226][ T8351] tmpfs: User quota inode hardlimit too large.
[  136.580525][ T8361] netlink: 8 bytes leftover after parsing attributes in process `syz.4.639'.
[  136.588867][ T8361] fuse: blksize only supported for fuseblk
[  136.627917][ T8362] FAULT_INJECTION: forcing a failure.
[  136.627917][ T8362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.633820][ T8362] CPU: 1 UID: 0 PID: 8362 Comm: syz.5.638 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  136.633842][ T8362] Tainted: [L]=SOFTLOCKUP
[  136.633848][ T8362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  136.633856][ T8362] Call Trace:
[  136.633861][ T8362]  <TASK>
[  136.633866][ T8362]  dump_stack_lvl+0x100/0x190
[  136.633908][ T8362]  should_fail_ex.cold+0x5/0xa
[  136.633924][ T8362]  _copy_to_user+0x32/0xd0
[  136.633940][ T8362]  simple_read_from_buffer+0xcb/0x170
[  136.633953][ T8362]  proc_fail_nth_read+0x1af/0x230
[  136.633970][ T8362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.633987][ T8362]  ? rw_verify_area+0xce/0x6d0
[  136.634003][ T8362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  136.634019][ T8362]  vfs_read+0x1e4/0xb30
[  136.634038][ T8362]  ? __pfx_vfs_read+0x10/0x10
[  136.634055][ T8362]  ? __fget_files+0x215/0x3d0
[  136.634071][ T8362]  ? __fget_files+0x21f/0x3d0
[  136.634086][ T8362]  ksys_read+0x12a/0x250
[  136.634096][ T8362]  ? __pfx_ksys_read+0x10/0x10
[  136.634110][ T8362]  do_syscall_64+0x106/0xf80
[  136.634126][ T8362]  ? clear_bhb_loop+0x40/0x90
[  136.634139][ T8362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.634151][ T8362] RIP: 0033:0x7f23c0f5cfce
[  136.634161][ T8362] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  136.634172][ T8362] RSP: 002b:00007f23c1d83fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  136.634183][ T8362] RAX: ffffffffffffffda RBX: 00007f23c1d846c0 RCX: 00007f23c0f5cfce
[  136.634195][ T8362] RDX: 000000000000000f RSI: 00007f23c1d840a0 RDI: 0000000000000004
[  136.634202][ T8362] RBP: 00007f23c1d84090 R08: 0000000000000000 R09: 0000000000000000
[  136.634208][ T8362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.634214][ T8362] R13: 00007f23c1216038 R14: 00007f23c1215fa0 R15: 00007ffd849f42e8
[  136.634230][ T8362]  </TASK>
[  137.008880][ T8393] netlink: 'syz.4.650': attribute type 1 has an invalid length.
[  137.074501][ T8400] netlink: 4 bytes leftover after parsing attributes in process `syz.4.650'.
[  137.118003][ T8409] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=40720 sclass=netlink_route_socket pid=8409 comm=syz.4.652
[  137.136430][ T8411] nbd: must specify at least one socket
[  137.253225][  T840] usb 7-1: USB disconnect, device number 8
[  137.367603][ T8438] kvm: kvm [8437]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x1
[  137.384295][ T8440] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  137.386849][ T8440] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  137.425139][ T8442] tmpfs: Unknown parameter 'grardlimit'
[  137.490431][ T8444] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=36 sclass=netlink_tcpdiag_socket pid=8444 comm=syz.2.666
[  137.494545][ T8444] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=8444 comm=syz.2.666
[  137.498594][ T8444] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=8444 comm=syz.2.666
[  137.594112][ T5929] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  137.724848][ T6015] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  137.737183][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  137.754180][ T5929] usb 9-1: Using ep0 maxpacket: 8
[  137.757740][ T5929] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  137.760898][ T5929] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  137.764997][ T5929] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  137.769203][ T5929] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  137.773704][ T5929] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  137.781475][ T5929] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  137.785160][ T5929] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.907766][ T6015] usb 11-1: Using ep0 maxpacket: 8
[  137.916683][ T6015] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  137.920985][ T6015] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  137.944049][ T6015] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.964164][ T6015] usb 11-1: config 0 descriptor??
[  138.173618][ T6015] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1
[  138.378432][ T8447] usbtmc 9-1:16.0: send_request_dev_dep_msg_in returned -90
[  138.381690][ T6015] usb 11-1: USB disconnect, device number 5
[  138.749583][   T10] usb 9-1: USB disconnect, device number 12
[  138.922347][ T8485] program syz.6.677 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  139.327645][ T8500] overlayfs: failed to resolve './file1': -2
[  140.713034][ T8467] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  140.814404][   T40] kauditd_printk_skb: 16 callbacks suppressed
[  140.814421][   T40] audit: type=1400 audit(1774544727.544:520): avc:  denied  { setopt } for  pid=8506 comm="syz.2.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  140.826065][ T8506] delete_channel: no stack
[  140.844159][   T40] audit: type=1400 audit(1774544727.544:521): avc:  denied  { ioctl } for  pid=8511 comm="syz.4.685" path="/144/file0" dev="tmpfs" ino=774 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  140.896757][ T8518] netlink: 'syz.4.685': attribute type 3 has an invalid length.
[  140.902137][   T40] audit: type=1400 audit(1774544727.624:522): avc:  denied  { perfmon } for  pid=8511 comm="syz.4.685" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  141.006107][   T40] audit: type=1400 audit(1774544727.734:523): avc:  denied  { lock } for  pid=8529 comm="syz.6.693" path="socket:[23146]" dev="sockfs" ino=23146 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  141.027253][   T40] audit: type=1400 audit(1774544727.744:524): avc:  denied  { connect } for  pid=8529 comm="syz.6.693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  141.074243][   T40] audit: type=1400 audit(1774544727.804:525): avc:  denied  { write } for  pid=8529 comm="syz.6.693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  141.174017][    T9] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  141.336867][    T9] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  141.339615][    T9] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  141.342526][    T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  141.345781][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  141.349151][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  141.353068][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  141.360130][    T9] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  141.363768][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.368583][    T9] usb 7-1: config 0 descriptor??
[  141.369698][ T8521] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  141.371705][ T8544] overlayfs: failed to resolve './file0': -2
[  141.411749][ T8549] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  141.492203][ T8555] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  141.534029][   T40] audit: type=1400 audit(1774544728.244:526): avc:  denied  { mount } for  pid=8559 comm="syz.6.702" name="/" dev="autofs" ino=26043 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  141.535416][ T8564] __nla_validate_parse: 5 callbacks suppressed
[  141.535426][ T8564] netlink: 44 bytes leftover after parsing attributes in process `syz.5.703'.
[  141.576846][    T9] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  141.666793][ T8572] IPVS: Error during creation of socket; terminating
[  141.744089][ T8574] overlayfs: failed to resolve './file0': -2
[  141.773090][   T40] audit: type=1400 audit(1774544728.494:527): avc:  denied  { read write } for  pid=8520 comm="syz.2.689" name="lp0" dev="devtmpfs" ino=3013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  141.775358][    C2] usblp0: nonzero read bulk status received: -71
[  141.794383][   T40] audit: type=1400 audit(1774544728.494:529): avc:  denied  { open } for  pid=8520 comm="syz.2.689" path="/dev/usb/lp0" dev="devtmpfs" ino=3013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  141.801801][   T40] audit: type=1400 audit(1774544728.494:528): avc:  denied  { read write } for  pid=8520 comm="syz.2.689" name="lp0" dev="devtmpfs" ino=3013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  141.814046][ T6271] usb 11-1: new high-speed USB device number 6 using dummy_hcd
[  141.936585][   T53] usb 7-1: USB disconnect, device number 9
[  141.945609][   T53] usblp0: removed
[  141.966959][ T6271] usb 11-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  141.969915][ T6271] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.972644][ T6271] usb 11-1: Product: syz
[  141.974159][ T6271] usb 11-1: Manufacturer: syz
[  141.975626][ T6271] usb 11-1: SerialNumber: syz
[  141.985468][ T6271] usb 11-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  142.011500][ T6271] usb 11-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  142.235369][ T8567] 9p: Bad value for 'rfdno'
[  142.254265][  T840] usb 11-1: USB disconnect, device number 6
[  142.604055][ T6015] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  142.648861][ T8604] netlink: 'syz.4.716': attribute type 1 has an invalid length.
[  142.654701][ T8606] QAT: failed to copy from user.
[  142.764656][ T6015] usb 7-1: Using ep0 maxpacket: 8
[  142.767918][ T6015] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  142.769822][ T8614] tipc: Trying to set illegal importance in message
[  142.771136][ T6015] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  142.777639][ T6015] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  142.780789][ T6015] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  142.786129][ T6015] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  142.789161][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.008798][ T6015] usb 7-1: GET_CAPABILITIES returned 0
[  143.010647][ T6015] usbtmc 7-1:16.0: can't read capabilities
[  143.014141][   T10] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  143.094090][ T6271] ath9k_htc 11-1:1.0: ath9k_htc: Target is unresponsive
[  143.097275][ T6271] ath9k_htc: Failed to initialize the device
[  143.101935][  T840] usb 11-1: ath9k_htc: USB layer deinitialized
[  143.169391][ T8620] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  143.189372][   T10] usb 9-1: config 255 has an invalid interface number: 195 but max is 0
[  143.193094][   T10] usb 9-1: config 255 has no interface number 0
[  143.195960][   T10] usb 9-1: config 255 interface 195 has no altsetting 0
[  143.200615][   T10] usb 9-1: New USB device found, idVendor=093a, idProduct=262c, bcdDevice=3b.a2
[  143.203786][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.207309][   T10] usb 9-1: Product: ଣ⧆뚸芢ᨏ㺡鄘텀뇫嗞셆ṝ⥮糪퇖끵趐숕㦶羬Ⅽ⎮ꇋ띘멆樵踣멚鿌ベ嗒䵘᪖뢐뎼'䫲ꀰ병餶좯̤봅괯穃⁕ꪅ쯢拾폤퉝㕹勥挟蠈⿾忍볱쎧拓즜㨙⺢ఒ城ㄍ尦ԶⰢ蟎䈪侽න
[  143.210352][ T6015] usb 7-1: USB disconnect, device number 10
[  143.216397][   T10] usb 9-1: Manufacturer: 磾깤縞艋郃ᬈ价鞻鉌옲꽲뛎㉞씌ȳ㥬혼玝뒒졒뇳ᛏ덬ꀹퟱ鸻龐勯驔阢淰ỉꍇऀᾰ鴚揨释榼鍜醭罜哇꿪ⓨ禷尚퟉శꗠ殀Խ瀳౸
[  143.225094][   T10] usb 9-1: SerialNumber: 、
[  143.312695][ T8631] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.367419][ T8634] netlink: 'syz.6.727': attribute type 39 has an invalid length.
[  143.449752][   T10] gspca_main: gspca_pac7302-2.14.0 probing 093a:262c
[  143.452093][   T10] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  143.454279][   T10] gspca_pac7302 9-1:255.195: probe with driver gspca_pac7302 failed with error -71
[  143.461976][   T10] usb 9-1: USB disconnect, device number 13
[  143.580038][ T8639] netlink: 132 bytes leftover after parsing attributes in process `syz.6.729'.
[  143.807967][ T8664] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  143.900703][ T8671] kvm: pic: non byte write
[  143.901562][ T8671] kvm: pic: non byte write
[  144.079028][ T8685] hfs: can't find a HFS filesystem on dev sr0
[  144.087967][ T8685] hfs: can't find a HFS filesystem on dev sr0
[  144.352946][ T8704] tmpfs: Unknown parameter 't'
[  144.368406][ T8705] syzkaller0: entered promiscuous mode
[  144.391088][ T8707] Failed to initialize the IGMP autojoin socket (err -2)
[  144.468645][ T8714] netlink: 32 bytes leftover after parsing attributes in process `syz.6.754'.
[  144.471891][ T8714] gretap0: entered promiscuous mode
[  144.473828][ T8714] gretap0: entered allmulticast mode
[  144.593491][ T8727] overlayfs: missing 'workdir'
[  144.598796][ T8727] overlayfs: failed to resolve './file0': -2
[  144.787035][ T8741] Failed to initialize the IGMP autojoin socket (err -2)
[  144.829059][ T8743] netlink: 'syz.2.763': attribute type 10 has an invalid length.
[  144.834349][ T8743] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  144.838581][ T8743] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  144.843847][ T8743] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  144.922047][ T8753] netlink: 71 bytes leftover after parsing attributes in process `syz.2.767'.
[  145.055848][ T8766] usb usb3: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  145.122444][ T8783] Failed to initialize the IGMP autojoin socket (err -2)
[  145.215744][ T8798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.779'.
[  145.236911][ T8798] bond2: Invalid ad_actor_system MAC address.
[  145.238899][ T8798] bond2: option ad_actor_system: invalid value (27571)
[  145.243107][ T8798] bond2 (unregistering): Released all slaves
[  145.281012][ T8806] netlink: 212328 bytes leftover after parsing attributes in process `syz.6.775'.
[  145.286537][ T8806] netlink: ct family unspecified
[  145.410677][ T8823] random: crng reseeded on system resumption
[  145.439713][ T8825] IPv6: NLM_F_CREATE should be specified when creating new route
[  145.460684][ T8830] vxfs: unable to read disk superblock at 1
[  145.465556][ T8830] vxfs: unable to read disk superblock at 8
[  145.467800][ T8830] vxfs: can't find superblock.
[  145.499964][ T8832] usb usb9: usbfs: process 8832 (syz.2.788) did not claim interface 0 before use
[  145.599578][ T8841] Failed to initialize the IGMP autojoin socket (err -2)
[  145.933566][ T8865] netlink: 32 bytes leftover after parsing attributes in process `syz.5.795'.
[  145.964415][ T5933] Bluetooth: hci2: unexpected event 0x01 length: 4 > 1
[  146.062187][ T8887] Failed to initialize the IGMP autojoin socket (err -2)
[  146.284117][ T6014] usb 11-1: new high-speed USB device number 7 using dummy_hcd
[  146.372045][ T8921] netlink: 4 bytes leftover after parsing attributes in process `syz.2.811'.
[  146.439171][ T6014] usb 11-1: config 0 has an invalid interface number: 120 but max is 0
[  146.441783][ T6014] usb 11-1: config 0 has no interface number 0
[  146.445685][ T6014] usb 11-1: config 0 interface 120 altsetting 0 endpoint 0x83 has an invalid bInterval 195, changing to 11
[  146.449446][ T6014] usb 11-1: config 0 interface 120 altsetting 0 endpoint 0x83 has invalid maxpacket 9866, setting to 1024
[  146.453207][ T6014] usb 11-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  146.457845][ T6014] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.461630][ T6014] usb 11-1: config 0 descriptor??
[  146.464302][ T8882] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  146.468780][ T6014] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.120/input/input11
[  146.511719][ T8933] Failed to initialize the IGMP autojoin socket (err -2)
[  146.593966][   T53] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  146.754052][   T53] usb 10-1: Using ep0 maxpacket: 8
[  146.757887][  T840] usb 11-1: USB disconnect, device number 7
[  146.757885][   T53] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  146.757910][   T53] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  146.777223][   T53] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.782531][ T8955] netlink: 'syz.6.819': attribute type 1 has an invalid length.
[  146.783761][   T53] usb 10-1: config 0 descriptor??
[  146.800295][ T8955] 8021q: adding VLAN 0 to HW filter on device bond2
[  146.811803][ T8955] bond2: (slave veth0_to_bond): making interface the new active one
[  146.815961][ T8955] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  146.871055][ T8959] Failed to initialize the IGMP autojoin socket (err -2)
[  146.984021][   T59] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  146.996768][   T53] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  147.134200][   T59] usb 9-1: Using ep0 maxpacket: 8
[  147.137992][   T59] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  147.141401][   T59] usb 9-1: config 0 has no interface number 0
[  147.144083][   T59] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  147.148405][   T59] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  147.152494][   T59] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  147.157452][   T59] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  147.162209][   T59] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  147.166527][   T59] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.174563][   T59] usb 9-1: config 0 descriptor??
[  147.189359][   T59] ldusb 9-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  147.210285][ T8978] Failed to initialize the IGMP autojoin socket (err -2)
[  147.331728][ T8983] netlink: 'syz.2.826': attribute type 27 has an invalid length.
[  147.397175][   T40] kauditd_printk_skb: 15 callbacks suppressed
[  147.397188][   T40] audit: type=1400 audit(1774544734.124:545): avc:  denied  { getopt } for  pid=8988 comm="syz.2.828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  147.437608][   T10] usb 9-1: USB disconnect, device number 14
[  147.446252][ T8993] netlink: 28 bytes leftover after parsing attributes in process `syz.4.818'.
[  147.616481][ T9002] kvm: user requested TSC rate below hardware speed
[  147.827926][   T40] audit: type=1400 audit(1774544734.554:546): avc:  denied  { create } for  pid=9009 comm="syz.6.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  147.844121][   T40] audit: type=1400 audit(1774544734.554:547): avc:  denied  { bind } for  pid=9009 comm="syz.6.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  147.850714][   T40] audit: type=1400 audit(1774544734.564:548): avc:  denied  { map } for  pid=9009 comm="syz.6.834" path="/dev/comedi0" dev="devtmpfs" ino=1302 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  147.948815][   T40] audit: type=1400 audit(1774544734.674:549): avc:  denied  { lock } for  pid=9018 comm="syz.6.836" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=27907 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  148.160745][ T9023] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  148.163111][ T9023] overlayfs: failed to set xattr on upper
[  148.165255][ T9023] overlayfs: ...falling back to redirect_dir=nofollow.
[  148.167567][ T9023] overlayfs: ...falling back to index=off.
[  148.169475][ T9023] overlayfs: ...falling back to uuid=null.
[  148.203838][ T9025] netlink: 71 bytes leftover after parsing attributes in process `syz.6.838'.
[  149.309750][ T9038] netlink: 104 bytes leftover after parsing attributes in process `syz.6.842'.
[  149.356818][   T10] ldusb 9-1:0.55: LD USB Device #1 now disconnected
[  149.368485][ T6014] usb 10-1: USB disconnect, device number 9
[  149.409873][ T9048] Failed to initialize the IGMP autojoin socket (err -2)
[  149.526722][ T9062] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  149.529863][ T9062] overlayfs: failed to set xattr on upper
[  149.532074][ T9062] overlayfs: ...falling back to redirect_dir=nofollow.
[  149.535950][ T9062] overlayfs: ...falling back to index=off.
[  149.538038][ T9062] overlayfs: ...falling back to uuid=null.
[  149.632271][ T9064] netlink: 8 bytes leftover after parsing attributes in process `syz.6.848'.
[  149.636224][ T9064] netlink: 8 bytes leftover after parsing attributes in process `syz.6.848'.
[  149.683322][ T9071] netlink: 48 bytes leftover after parsing attributes in process `syz.6.851'.
[  149.686511][ T9071] netlink: 48 bytes leftover after parsing attributes in process `syz.6.851'.
[  149.718241][   T40] audit: type=1326 audit(1774544736.444:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9072 comm="syz.2.852" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4eeaf9c799 code=0x0
[  149.735347][ T9076] vxcan0: tx address claim with dest, not broadcast
[  149.792892][   T40] audit: type=1400 audit(1774544736.514:551): avc:  denied  { mount } for  pid=9073 comm="syz.6.853" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  149.909669][ T9093] Failed to initialize the IGMP autojoin socket (err -2)
[  149.937897][   T40] audit: type=1400 audit(1774544736.664:552): avc:  denied  { write } for  pid=9094 comm="syz.2.859" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  149.961054][ T9095] 9p: Invalid gid '0x00000000ffffffff'
[  149.964088][ T9095] netlink: 'syz.2.859': attribute type 10 has an invalid length.
[  150.120818][ T9109] netlink: 48 bytes leftover after parsing attributes in process `syz.2.862'.
[  150.123775][ T9109] netlink: 48 bytes leftover after parsing attributes in process `syz.2.862'.
[  150.394014][ T3245] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  150.516822][ T9133] Failed to initialize the IGMP autojoin socket (err -2)
[  150.565959][ T3245] usb 9-1: Using ep0 maxpacket: 8
[  150.571411][ T9135] netlink: 72 bytes leftover after parsing attributes in process `syz.5.870'.
[  150.572173][ T3245] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  150.579058][ T3245] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  150.582598][ T3245] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  150.586394][ T3245] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  150.589739][ T3245] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  150.593701][ T3245] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  150.610517][ T3245] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.638630][ T9147] comedi comedi3: comedi_config --init_data is deprecated
[  150.826100][ T3245] usb 9-1: GET_CAPABILITIES returned 0
[  150.827890][ T3245] usbtmc 9-1:16.0: can't read capabilities
[  150.829782][   T40] audit: type=1400 audit(1774544737.554:553): avc:  denied  { setopt } for  pid=9159 comm="syz.5.883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  150.857809][ T9162] mac80211_hwsim hwsim14 syzkaller0: entered promiscuous mode
[  150.872805][ T9162] mac80211_hwsim hwsim14 syzkaller0: entered allmulticast mode
[  150.880066][   T40] audit: type=1400 audit(1774544737.604:554): avc:  denied  { write } for  pid=9161 comm="syz.5.875" path="socket:[28065]" dev="sockfs" ino=28065 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  150.881261][ T9162] tmpfs: Group quota inode hardlimit too large.
[  151.120300][   T10] usb 9-1: USB disconnect, device number 15
[  151.253144][ T9181] netlink: 'syz.2.880': attribute type 64 has an invalid length.
[  151.258714][ T9181] netlink: 'syz.2.880': attribute type 4 has an invalid length.
[  151.362966][ T9194] Failed to initialize the IGMP autojoin socket (err -2)
[  151.465258][ T9205] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  151.473959][ T9205] overlayfs: failed to set xattr on upper
[  151.476318][ T9205] overlayfs: ...falling back to redirect_dir=nofollow.
[  151.479648][ T9205] overlayfs: ...falling back to index=off.
[  151.482079][ T9205] overlayfs: ...falling back to uuid=null.
[  151.484488][ T9205] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  151.507589][ T9187] netlink: 'syz.5.882': attribute type 39 has an invalid length.
[  151.887580][ T9251] netlink: 'syz.6.895': attribute type 7 has an invalid length.
[  151.890559][ T9251] netlink: 'syz.6.895': attribute type 7 has an invalid length.
[  151.968353][ T9260] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  151.970789][ T9260] overlayfs: failed to set xattr on upper
[  151.972644][ T9260] overlayfs: ...falling back to redirect_dir=nofollow.
[  151.975613][ T9260] overlayfs: ...falling back to index=off.
[  151.978354][ T9260] overlayfs: ...falling back to uuid=null.
[  152.054223][ T9267] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma?
[  152.117375][ T9274] 8021q: VLANs not supported on ip6gre0
[  152.119306][ T9275] overlayfs: workdir and upperdir must reside under the same mount
[  152.127868][ T9275] bpf: Bad value for 'uid'
[  152.374134][   T10] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  152.452691][ T9299] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio0-cursor)
[  152.514025][   T10] usb 10-1: device descriptor read/64, error -71
[  152.530038][ T9305] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  152.605234][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  152.605253][   T40] audit: type=1800 audit(1774544739.324:561): pid=9309 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.2.914" name="/newroot/270/bus/#1456//deleted" dev="tmpfs" ino=1456 res=0 errno=0
[  152.764036][   T10] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  152.784031][ T6911] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  152.904066][   T10] usb 10-1: device descriptor read/64, error -71
[  152.915037][   T40] audit: type=1400 audit(1774544739.644:562): avc:  denied  { create } for  pid=9315 comm="syz.6.916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  152.954034][ T6911] usb 9-1: Using ep0 maxpacket: 8
[  152.958260][ T6911] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  152.961660][ T6911] usb 9-1: config 0 has no interface number 0
[  152.964584][ T6911] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  152.969469][ T6911] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  152.975172][ T6911] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  152.980325][ T6911] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  152.988058][ T6911] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  152.992020][ T6911] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.000638][ T6911] usb 9-1: config 0 descriptor??
[  153.010391][ T6911] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  153.014330][   T10] usb usb10-port1: attempt power cycle
[  153.215797][   T40] audit: type=1400 audit(1774544739.944:563): avc:  denied  { mounton } for  pid=9306 comm="syz.4.913" path="/proc/552/task" dev="proc" ino=29044 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  153.219790][ T9322] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  153.228086][ T9322] overlayfs: failed to set xattr on upper
[  153.230163][ T9322] overlayfs: ...falling back to redirect_dir=nofollow.
[  153.232690][ T9322] overlayfs: ...falling back to index=off.
[  153.235018][ T9322] overlayfs: ...falling back to uuid=null.
[  153.249438][   T40] audit: type=1400 audit(1774544739.974:564): avc:  denied  { associate } for  pid=9323 comm="syz.4.913" name="core" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  153.284465][   T40] audit: type=1400 audit(1774544740.014:565): avc:  denied  { setopt } for  pid=9306 comm="syz.4.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  153.354165][   T10] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  153.374344][   T53] usb 9-1: USB disconnect, device number 16
[  153.374837][   T10] usb 10-1: device descriptor read/8, error -71
[  153.380012][   T53] ldusb 9-1:0.55: LD USB Device #0 now disconnected
[  153.483716][ T9333] veth1: mtu less than device minimum
[  153.502932][ T9335] __nla_validate_parse: 3 callbacks suppressed
[  153.502944][ T9335] netlink: 8 bytes leftover after parsing attributes in process `syz.4.923'.
[  153.614102][   T10] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  153.634712][   T10] usb 10-1: device descriptor read/8, error -71
[  153.713465][ T8222] Bluetooth: hci4: Frame reassembly failed (-84)
[  153.754206][   T10] usb usb10-port1: unable to enumerate USB device
[  153.794247][ T9352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.928'.
[  153.798137][ T9352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.928'.
[  153.833842][ T9352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.928'.
[  153.837467][ T9352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.928'.
[  153.936608][ T9359] loop6: detected capacity change from 0 to 2640
[  153.939517][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939576][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939599][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939624][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939646][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939682][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939713][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939740][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939752][ T9359] ldm_validate_partition_table(): Disk read failed.
[  153.939775][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939797][ T9359] Buffer I/O error on dev loop6, logical block 0, async page read
[  153.939832][ T9359] Dev loop6: unable to read RDB block 0
[  153.939964][ T9359]  loop6: unable to read partition table
[  153.940113][ T9359] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  154.054091][ T9359] loop6: detected capacity change from 2640 to 524287999
[  154.109235][   T40] audit: type=1400 audit(1774544740.834:566): avc:  denied  { ioctl } for  pid=9360 comm="syz.4.931" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0xe503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  154.453239][ T9366] Failed to initialize the IGMP autojoin socket (err -2)
[  154.589876][ T9374] netlink: 24 bytes leftover after parsing attributes in process `syz.6.933'.
[  154.596893][ T9374] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9374 comm=syz.6.933
[  154.824029][ T9386] netlink: 8 bytes leftover after parsing attributes in process `syz.6.937'.
[  154.827536][ T9386] netlink: 4 bytes leftover after parsing attributes in process `syz.6.937'.
[  154.852569][ T9386] netlink: 8 bytes leftover after parsing attributes in process `syz.6.937'.
[  154.858235][ T9386] netlink: 4 bytes leftover after parsing attributes in process `syz.6.937'.
[  154.938225][ T9392] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  154.981935][ T9396] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3857 sclass=netlink_route_socket pid=9396 comm=syz.4.941
[  155.318348][ T9419] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  155.320850][ T9419] overlayfs: failed to set xattr on upper
[  155.322721][ T9419] overlayfs: ...falling back to redirect_dir=nofollow.
[  155.329727][ T9419] overlayfs: ...falling back to index=off.
[  155.331678][ T9419] overlayfs: ...falling back to uuid=null.
[  155.391785][   T40] audit: type=1400 audit(1774544742.114:567): avc:  denied  { ioctl } for  pid=9425 comm="syz.6.951" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x9422 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  155.400507][ T9426] exFAT-fs (nbd6): unable to read boot sector
[  155.408956][ T9424] Failed to initialize the IGMP autojoin socket (err -2)
[  155.412744][ T9426] exFAT-fs (nbd6): failed to read boot sector
[  155.414077][   T40] audit: type=1400 audit(1774544742.124:568): avc:  denied  { append } for  pid=9423 comm="syz.5.950" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  155.423553][ T9426] exFAT-fs (nbd6): failed to recognize exfat type
[  155.423602][   T40] audit: type=1400 audit(1774544742.124:569): avc:  denied  { ioctl } for  pid=9423 comm="syz.5.950" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  155.433822][   T40] audit: type=1400 audit(1774544742.124:570): avc:  denied  { mounton } for  pid=9425 comm="syz.6.951" path="/syzcgroup/unified/syz6" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  155.456848][ T9433] Failed to initialize the IGMP autojoin socket (err -2)
[  155.539059][ T9441] 0�: renamed from hsr0 (while UP)
[  155.555297][ T9441] 0�: entered allmulticast mode
[  155.557777][ T9441] hsr_slave_0: entered allmulticast mode
[  155.560161][ T9441] hsr_slave_1: entered allmulticast mode
[  155.564576][ T9441] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[  155.724026][ T5942] Bluetooth: hci4: command 0x1003 tx timeout
[  155.733324][ T5933] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  155.756171][ T9456] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  155.760557][ T9456] overlayfs: failed to set xattr on upper
[  155.762234][ T9456] overlayfs: ...falling back to redirect_dir=nofollow.
[  155.775105][ T9456] overlayfs: ...falling back to index=off.
[  155.777190][ T9456] overlayfs: ...falling back to uuid=null.
[  155.946651][ T9485] loop5: detected capacity change from 0 to 7
[  155.952725][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.956514][ T9487] Failed to initialize the IGMP autojoin socket (err -2)
[  155.958002][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.968482][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.973495][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.977877][    C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.982010][    C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.986219][    C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.990807][ T8033] ldm_validate_partition_table(): Disk read failed.
[  155.994127][    C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  155.998182][    C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  156.004850][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  156.014250][ T8033] Dev loop5: unable to read RDB block 0
[  156.025681][ T8qemu-system-x86_64: warning: 9p: degraded performance: a reasonable high msize should be chosen on client/guest side (chosen msize is <= 8192). See https://wiki.qemu.org/Documentation/9psetup#msize for details.
033]  loop5: unable to read partition table
[  156.030003][ T8033] loop5: partition table beyond EOD, truncated
[  156.058349][ T9485] ldm_validate_partition_table(): Disk read failed.
[  156.061190][ T9485] Dev loop5: unable to read RDB block 0
[  156.063556][ T9485]  loop5: unable to read partition table
[  156.066491][ T9485] loop5: partition table beyond EOD, truncated
[  156.068549][ T9485] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  156.080208][ T9504] 9pnet_virtio: no channels available for device syz
[  156.203324][ T9516] trusted_key: syz.5.976 sent an empty control message without MSG_MORE.
[  156.316010][ T9523] binder: 9521:9523 ioctl c0306201 200000000040 returned -22
[  156.529431][ T9546] Failed to initialize the IGMP autojoin socket (err -2)
[  156.673297][ T9560] netlink: 'syz.6.988': attribute type 3 has an invalid length.
[  156.676532][ T9560] netlink: 'syz.6.988': attribute type 1 has an invalid length.
[  156.679034][ T9560] NCSI netlink: No device for ifindex 33022
[  156.776840][ T9565] kvm: MWAIT instruction emulated as NOP!
[  156.782365][ T9571] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  156.787747][ T9571] overlayfs: failed to set xattr on upper
[  156.791022][ T9571] overlayfs: ...falling back to redirect_dir=nofollow.
[  156.793555][ T9571] overlayfs: ...falling back to index=off.
[  156.795590][ T9571] overlayfs: ...falling back to uuid=null.
[  157.066727][ T9594] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  157.069023][ T9594] overlayfs: failed to set xattr on upper
[  157.070908][ T9594] overlayfs: ...falling back to redirect_dir=nofollow.
[  157.073300][ T9594] overlayfs: ...falling back to index=off.
[  157.078756][ T9594] overlayfs: ...falling back to uuid=null.
[  157.109952][ T9598] Failed to initialize the IGMP autojoin socket (err -2)
[  157.212024][ T9610] vcan0: tx drop: invalid da for name 0x0000000000000003
[  157.343778][ T9628] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  157.347538][ T9628] overlayfs: failed to set xattr on upper
[  157.350031][ T9628] overlayfs: ...falling back to redirect_dir=nofollow.
[  157.353339][ T9628] overlayfs: ...falling back to index=off.
[  157.356155][ T9628] overlayfs: ...falling back to uuid=null.
[  157.516389][ T9639] bridge_slave_1: left allmulticast mode
[  157.518479][ T9639] bridge_slave_1: left promiscuous mode
[  157.520511][ T9639] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.529841][ T9639] bridge_slave_0: left allmulticast mode
[  157.531854][ T9639] bridge_slave_0: left promiscuous mode
[  157.534264][ T9639] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.546019][   T10] usb 11-1: new high-speed USB device number 8 using dummy_hcd
[  157.694063][   T10] usb 11-1: Using ep0 maxpacket: 8
[  157.697744][   T10] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  157.703860][   T10] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  157.714001][   T10] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.721792][   T40] kauditd_printk_skb: 181 callbacks suppressed
[  157.721803][   T40] audit: type=1400 audit(1774544744.444:752): avc:  denied  { rmdir } for  pid=6364 comm="syz-executor" name="file0" dev="tmpfs" ino=1017 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:dhcpd_initrc_exec_t:s0"
[  157.740450][   T10] usb 11-1: config 0 descriptor??
[  157.810609][ T9658] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  157.853270][ T9665] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  157.855854][ T9665] overlayfs: failed to set xattr on upper
[  157.857781][ T9665] overlayfs: ...falling back to redirect_dir=nofollow.
[  157.859955][ T9665] overlayfs: ...falling back to index=off.
[  157.861874][ T9665] overlayfs: ...falling back to uuid=null.
[  157.899578][ T9668] /dev/sg0: Can't lookup blockdev
[  157.953569][   T10] iowarrior 11-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  158.344805][   T40] audit: type=1400 audit(1774544745.074:753): avc:  denied  { append } for  pid=9696 comm="syz.5.1032" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  158.367052][   T40] audit: type=1400 audit(1774544745.084:754): avc:  denied  { sqpoll } for  pid=9696 comm="syz.5.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  158.373474][   T40] audit: type=1400 audit(1774544745.084:755): avc:  denied  { map } for  pid=9696 comm="syz.5.1032" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=30380 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  158.381691][   T40] audit: type=1400 audit(1774544745.084:756): avc:  denied  { read write } for  pid=9696 comm="syz.5.1032" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=31471 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  158.413859][ T9698] overlayfs: failed to resolve './file2': -2
[  158.415049][ T9699] overlayfs: failed to resolve './file2': -2
[  158.437130][ T9699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.443190][ T9699] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.525293][ T9714] netlink: 'syz.4.1034': attribute type 8 has an invalid length.
[  158.545764][ T9714] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65534 sclass=netlink_route_socket pid=9714 comm=syz.4.1034
[  158.579616][ T9722] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.685192][  T840] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  158.806161][ T9722] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.890939][ T9722] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.967240][ T9752] unsupported nla_type 4111
[  159.010870][ T9722] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.073585][ T9760] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  159.084665][ T9760] __nla_validate_parse: 20 callbacks suppressed
[  159.084675][ T9760] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1045'.
[  159.090563][ T9760] netlink: 75 bytes leftover after parsing attributes in process `syz.4.1045'.
[  159.123084][   T46] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.140256][ T9768] IPv6: Can't replace route, no match found
[  159.141722][   T46] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.151777][   T46] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  159.171656][ T8217] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  159.209609][ T9771] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1047'.
[  159.215887][ T9774] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1048'.
[  159.329297][   T40] audit: type=1400 audit(1774544746.054:757): avc:  denied  { setopt } for  pid=9781 comm="syz.5.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  159.349145][   T40] audit: type=1400 audit(1774544746.074:758): avc:  denied  { read } for  pid=9781 comm="syz.5.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  159.544017][   T10] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  159.637316][ T9791] ������: renamed from vlan0 (while UP)
[  159.703963][   T10] usb 7-1: Using ep0 maxpacket: 32
[  159.715790][   T10] usb 7-1: unable to get BOS descriptor or descriptor too short
[  159.720161][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  159.745037][   T10] usb 7-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40
[  159.747912][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.750506][   T10] usb 7-1: Product: syz
[  159.751886][   T10] usb 7-1: Manufacturer: syz
[  159.753336][   T10] usb 7-1: SerialNumber: syz
[  159.865255][   T40] audit: type=1400 audit(1774544746.594:759): avc:  denied  { unmount } for  pid=6364 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  159.891201][ T9798] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1056'.
[  159.988939][   T40] audit: type=1400 audit(1774544746.714:760): avc:  denied  { map } for  pid=9778 comm="syz.2.1050" path="socket:[32457]" dev="sockfs" ino=32457 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  159.996986][   T40] audit: type=1400 audit(1774544746.714:761): avc:  denied  { read accept } for  pid=9778 comm="syz.2.1050" path="socket:[32457]" dev="sockfs" ino=32457 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  160.085271][   T10] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  160.089838][   T10] usb 7-1: MIDIStreaming interface descriptor not found
[  160.103083][ T9816] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1061'.
[  160.109660][ T9816] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1061'.
[  160.129666][ T9816] devtmpfs: Unknown parameter '�
'
[  160.145502][   T10] usb 7-1: USB disconnect, device number 11
[  160.222542][ T9824] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1064'.
[  160.320003][ T6271] usb 11-1: USB disconnect, device number 8
[  160.348062][ T9831] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  160.350344][ T9831] overlayfs: failed to set xattr on upper
[  160.352292][ T9831] overlayfs: ...falling back to redirect_dir=nofollow.
[  160.355217][ T9831] overlayfs: ...falling back to index=off.
[  160.357183][ T9831] overlayfs: ...falling back to uuid=null.
[  160.634016][   T53] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  160.793967][   T53] usb 10-1: Using ep0 maxpacket: 8
[  160.799183][   T53] usb 10-1: config 0 has no interfaces?
[  160.802744][   T53] usb 10-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  160.814198][   T53] usb 10-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  160.816964][   T53] usb 10-1: Product: syz
[  160.818761][   T53] usb 10-1: Manufacturer: syz
[  160.820452][   T53] usb 10-1: SerialNumber: syz
[  160.834944][   T53] usb 10-1: config 0 descriptor??
[  161.044009][ T6271] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  161.070973][ T9833] syz.5.1067: vmalloc error: size 4127592448, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  161.076798][ T9833] CPU: 0 UID: 0 PID: 9833 Comm: syz.5.1067 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  161.076818][ T9833] Tainted: [L]=SOFTLOCKUP
[  161.076822][ T9833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  161.076829][ T9833] Call Trace:
[  161.076834][ T9833]  <TASK>
[  161.076839][ T9833]  dump_stack_lvl+0x100/0x190
[  161.076874][ T9833]  warn_alloc.cold+0x95/0x1c1
[  161.076895][ T9833]  ? __pfx_warn_alloc+0x10/0x10
[  161.076912][ T9833]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  161.076932][ T9833]  ? lockdep_hardirqs_on+0x78/0x100
[  161.076948][ T9833]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  161.076966][ T9833]  ? kasan_save_stack+0x3f/0x50
[  161.076983][ T9833]  ? kasan_save_stack+0x30/0x50
[  161.076999][ T9833]  ? kasan_save_track+0x14/0x30
[  161.077018][ T9833]  ? vb2_vmalloc_alloc+0x135/0x410
[  161.077037][ T9833]  __vmalloc_node_range_noprof+0x1252/0x1530
[  161.077051][ T9833]  ? do_syscall_64+0x106/0xf80
[  161.077067][ T9833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.077082][ T9833]  ? vb2_vmalloc_alloc+0x135/0x410
[  161.077105][ T9833]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  161.077125][ T9833]  ? vb2_vmalloc_alloc+0x135/0x410
[  161.077136][ T9833]  vmalloc_user_noprof+0x9e/0xe0
[  161.077150][ T9833]  ? vb2_vmalloc_alloc+0x135/0x410
[  161.077162][ T9833]  vb2_vmalloc_alloc+0x135/0x410
[  161.077174][ T9833]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  161.077188][ T9833]  __vb2_queue_alloc+0x8d5/0x1160
[  161.077214][ T9833]  vb2_core_create_bufs+0x5fa/0xa30
[  161.077235][ T9833]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  161.077259][ T9833]  ? rcu_is_watching+0x12/0xc0
[  161.077275][ T9833]  vb2_create_bufs+0x40c/0x830
[  161.077293][ T9833]  ? __pfx_vb2_create_bufs+0x10/0x10
[  161.077310][ T9833]  ? v4l_sanitize_format+0x18d/0x430
[  161.077326][ T9833]  vb2_ioctl_create_bufs+0x244/0x3e0
[  161.077342][ T9833]  ? check_fmt+0x230/0x900
[  161.077354][ T9833]  v4l_create_bufs+0x17d/0x270
[  161.077368][ T9833]  __video_do_ioctl+0xb2a/0xdf0
[  161.077384][ T9833]  ? __might_fault+0xc5/0x140
[  161.077399][ T9833]  ? __pfx___video_do_ioctl+0x10/0x10
[  161.077418][ T9833]  video_usercopy+0x47a/0x1740
[  161.077434][ T9833]  ? __pfx___video_do_ioctl+0x10/0x10
[  161.077450][ T9833]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  161.077468][ T9833]  ? __pfx_video_usercopy+0x10/0x10
[  161.077491][ T9833]  v4l2_ioctl+0x1bd/0x250
[  161.077506][ T9833]  ? __pfx_v4l2_ioctl+0x10/0x10
[  161.077522][ T9833]  __x64_sys_ioctl+0x18e/0x210
[  161.077540][ T9833]  do_syscall_64+0x106/0xf80
[  161.077556][ T9833]  ? clear_bhb_loop+0x40/0x90
[  161.077569][ T9833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.077580][ T9833] RIP: 0033:0x7f23c0f9c799
[  161.077591][ T9833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  161.077602][ T9833] RSP: 002b:00007f23c1d84028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  161.077613][ T9833] RAX: ffffffffffffffda RBX: 00007f23c1215fa0 RCX: 00007f23c0f9c799
[  161.077620][ T9833] RDX: 0000200000000140 RSI: 00000000c100565c RDI: 0000000000000009
[  161.077626][ T9833] RBP: 00007f23c1032c99 R08: 0000000000000000 R09: 0000000000000000
[  161.077633][ T9833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  161.077639][ T9833] R13: 00007f23c1216038 R14: 00007f23c1215fa0 R15: 00007ffd849f42e8
[  161.077653][ T9833]  </TASK>
[  161.077657][ T9833] Mem-Info:
[  161.188576][ T9833] active_anon:35908 inactive_anon:231 isolated_anon:0
[  161.188576][ T9833]  active_file:9611 inactive_file:44197 isolated_file:0
[  161.188576][ T9833]  unevictable:1768 dirty:84 writeback:0
[  161.188576][ T9833]  slab_reclaimable:9692 slab_unreclaimable:70873
[  161.188576][ T9833]  mapped:25350 shmem:27192 pagetables:4142
[  161.188576][ T9833]  sec_pagetables:296 bounce:0
[  161.188576][ T9833]  kernel_misc_reclaimable:0
[  161.188576][ T9833]  free:418489 free_pcp:20693 free_cma:0
[  161.203337][ T9833] Node 0 active_anon:137668kB inactive_anon:924kB active_file:38444kB inactive_file:176588kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:101400kB dirty:332kB writeback:0kB shmem:99276kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14720kB pagetables:15480kB sec_pagetables:1184kB all_unreclaimable? no Balloon:0kB
[  161.234226][ T9833] Node 1 active_anon:12kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:96kB pagetables:1088kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  161.237702][ T6271] usb 7-1: Using ep0 maxpacket: 8
[  161.246744][ T9833] Node 0 DMA free:13228kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:4kB free_cma:0kB
[  161.256951][ T9833] lowmem_reserve[]: 0 1231 1231 1231 1231
[  161.258911][ T9833] Node 0 DMA32 free:83500kB boost:0kB min:27476kB low:34344kB high:41212kB reserved_highatomic:0KB free_highatomic:0KB active_anon:132460kB inactive_anon:924kB active_file:38444kB inactive_file:176588kB unevictable:3536kB writepending:332kB zspages:0kB present:2080628kB managed:1260848kB mlocked:0kB bounce:0kB free_pcp:32980kB local_pcp:10948kB free_cma:0kB
[  161.259208][ T6271] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  161.279076][ T9833] lowmem_reserve[]: 0 0 0 0 0
[  161.280670][ T9833] Node 1 Normal free:1591116kB boost:0kB min:39760kB low:49700kB high:59640kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:3536kB writepending:4kB zspages:0kB present:2097152kB managed:1781884kB mlocked:0kB bounce:0kB free_pcp:47492kB local_pcp:15880kB free_cma:0kB
[  161.283681][ T6271] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  161.292143][ T9833] lowmem_reserve[]: 0 0 0 0 0
[  161.298752][ T9833] Node 0 DMA: 8*4kB (UME) 5*8kB (UM) 9*16kB (UME) 9*32kB (UME) 9*64kB (UME) 7*128kB (UME) 4*256kB (UM) 6*512kB (UME) 3*1024kB (ME) 2*2048kB (UM) 0*4096kB = 13240kB
[  161.304227][ T9833] Node 0 DMA32: 2153*4kB (UM) 1438*8kB (UME) 911*16kB (UME) 367*32kB (UME) 182*64kB (UME) 68*128kB (UME) 37*256kB (UME) 22*512kB (UM) 4*1024kB (M) 0*2048kB 0*4096kB = 91620kB
[  161.305126][ T6271] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.309859][ T9833] Node 1 Normal: 295*4kB (UM) 180*8kB (UM) 267*16kB (UME) 245*32kB (UM) 249*64kB (UME) 237*128kB (UME) 225*256kB (UM) 220*512kB (UME) 202*1024kB (UME) 7*2048kB (UME) 278*4096kB (UM) = 1591116kB
[  161.319362][ T9833] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  161.322592][ T9833] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  161.324575][ T6271] usb 7-1: config 0 descriptor??
[  161.325790][ T9833] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  161.330161][ T9833] Node 1 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  161.333068][ T9833] 74799 total pagecache pages
[  161.334784][ T9833] 0 pages in swap cache
[  161.336213][ T9833] Free swap  = 124996kB
[  161.337547][ T9833] Total swap = 124996kB
[  161.338925][ T9833] 1048443 pages RAM
[  161.352383][ T9833] 0 pages HighMem/MovableOnly
[  161.360059][ T9833] 283920 pages reserved
[  161.361463][ T9833] 0 pages cma reserved
[  161.371330][ T9870] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1076'.
[  161.471778][ T9870] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1076'.
[  161.533795][ T6271] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  161.556692][ T9883] binder_alloc: 9881: binder_alloc_buf, no vma
[  161.875575][ T3245] usb 10-1: USB disconnect, device number 15
[  161.927998][ T9910] netlink: 'syz.4.1089': attribute type 7 has an invalid length.
[  161.955391][ T9915] netlink: 'syz.5.1090': attribute type 1 has an invalid length.
[  161.971722][ T9915] bond1: entered promiscuous mode
[  161.973774][ T9915] 8021q: adding VLAN 0 to HW filter on device bond1
[  161.994331][ T9915] bond1: (slave bridge1): making interface the new active one
[  161.996867][ T9915] bridge1: entered promiscuous mode
[  161.999569][ T9915] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  162.099819][ T9926] Failed to initialize the IGMP autojoin socket (err -2)
[  163.134445][ T9967] Failed to initialize the IGMP autojoin socket (err -2)
[  163.358398][ T9977] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  163.835459][ T6014] usb 7-1: USB disconnect, device number 12
[  163.844098][ T6911] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  163.858488][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  163.858503][   T40] audit: type=1400 audit(1774544750.584:770): avc:  denied  { map } for  pid=9984 comm="syz.2.1106" path="socket:[34033]" dev="sockfs" ino=34033 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  163.872999][   T40] audit: type=1400 audit(1774544750.584:771): avc:  denied  { read } for  pid=9984 comm="syz.2.1106" path="socket:[34033]" dev="sockfs" ino=34033 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  163.879087][ T9985] netlink: 'syz.2.1106': attribute type 4 has an invalid length.
[  164.094179][T10002] __nla_validate_parse: 6 callbacks suppressed
[  164.094199][T10002] netlink: 260 bytes leftover after parsing attributes in process `syz.2.1110'.
[  164.718979][T10010] Failed to initialize the IGMP autojoin socket (err -2)
[  165.949174][T10018] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1113'.
[  165.952482][T10018] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1113'.
[  166.010002][   T40] audit: type=1400 audit(1774544752.734:772): avc:  denied  { wake_alarm } for  pid=10025 comm="syz.4.1118" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  166.019866][T10022] overlayfs: failed to resolve './file1': -2
[  166.084057][ T6911] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  166.234149][ T6911] usb 7-1: Using ep0 maxpacket: 8
[  166.237375][ T6911] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  166.241103][ T6911] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  166.244321][ T6911] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.249671][ T6911] usb 7-1: config 0 descriptor??
[  166.274005][ T6015] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  166.294069][ T6014] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  166.423956][ T6015] usb 9-1: Using ep0 maxpacket: 8
[  166.427957][ T6015] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[  166.431424][ T6015] usb 9-1: config 179 has no interface number 0
[  166.434053][ T6015] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  166.438402][ T6015] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  166.443471][ T6015] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  166.446127][ T6014] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  166.448766][ T6015] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  166.451683][ T6014] usb 10-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  166.456402][ T6015] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  166.456433][ T6015] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  166.456444][ T6015] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.459677][ T6014] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  166.461272][ T6911] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  166.469999][T10026] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  166.470344][ T6014] usb 10-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  166.483494][ T6014] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  166.487127][ T6014] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  166.491953][ T6014] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  166.494963][ T6014] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  166.497519][ T6014] usb 10-1: Product: syz
[  166.498897][ T6014] usb 10-1: Manufacturer: syz
[  166.502622][T10028] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  166.506525][ T6014] cdc_wdm 10-1:1.0: skipping garbage
[  166.508145][ T6014] cdc_wdm 10-1:1.0: skipping garbage
[  166.511424][ T6014] cdc_wdm 10-1:1.0: cdc-wdm1: USB WDM device
[  166.513526][ T6014] cdc_wdm 10-1:1.0: Unknown control protocol
[  166.880068][ T6271] usb 9-1: USB disconnect, device number 17
[  166.880074][    C3] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  166.880110][    C3] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  166.890191][    C3] ==================================================================
[  166.893661][    C3] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23b/0x260
[  166.896990][    C3] Read of size 4 at addr ffff88805a76285c by task swapper/3/0
[  166.901692][    C3] 
[  166.903431][    C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  166.903450][    C3] Tainted: [L]=SOFTLOCKUP
[  166.903455][    C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  166.903461][    C3] Call Trace:
[  166.903466][    C3]  <IRQ>
[  166.903470][    C3]  dump_stack_lvl+0x100/0x190
[  166.903491][    C3]  print_report+0x156/0x4c9
[  166.903507][    C3]  ? __virt_addr_valid+0x81/0x620
[  166.903523][    C3]  ? __phys_addr+0xe8/0x180
[  166.903539][    C3]  ? do_raw_spin_lock+0x23b/0x260
[  166.903551][    C3]  kasan_report+0xdf/0x1e0
[  166.903563][    C3]  ? do_raw_spin_lock+0x23b/0x260
[  166.903577][    C3]  do_raw_spin_lock+0x23b/0x260
[  166.903589][    C3]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  166.903602][    C3]  ? kcov_remote_stop+0x201/0x540
[  166.903616][    C3]  ? kcov_remote_stop+0x201/0x540
[  166.903632][    C3]  _raw_spin_lock_irqsave+0x42/0x60
[  166.903655][    C3]  ? __wake_up+0x1c/0x60
[  166.903670][    C3]  __wake_up+0x1c/0x60
[  166.903685][    C3]  usb_anchor_resume_wakeups+0xc7/0xf0
[  166.903705][    C3]  __usb_hcd_giveback_urb+0x3d6/0x610
[  166.903722][    C3]  usb_hcd_giveback_urb+0x3ca/0x4a0
[  166.903739][    C3]  dummy_timer+0xd85/0x3670
[  166.903752][    C3]  ? find_held_lock+0x2b/0x80
[  166.903769][    C3]  ? debug_object_deactivate+0x2e4/0x3b0
[  166.903786][    C3]  ? __pfx_debug_object_deactivate+0x10/0x10
[  166.903803][    C3]  ? __pfx_dummy_timer+0x10/0x10
[  166.903813][    C3]  ? rcu_is_watching+0x12/0xc0
[  166.903826][    C3]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  166.903839][    C3]  ? __pfx_dummy_timer+0x10/0x10
[  166.903849][    C3]  __hrtimer_run_queues+0x50e/0xa70
[  166.903863][    C3]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  166.903875][    C3]  ? ktime_get_update_offsets_now+0x2cd/0x4d0
[  166.903887][    C3]  hrtimer_run_softirq+0x17d/0x350
[  166.903900][    C3]  handle_softirqs+0x1eb/0x9e0
[  166.903916][    C3]  ? __pfx_handle_softirqs+0x10/0x10
[  166.903930][    C3]  __irq_exit_rcu+0xef/0x150
[  166.903944][    C3]  irq_exit_rcu+0x9/0x30
[  166.903956][    C3]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  166.903972][    C3]  </IRQ>
[  166.903975][    C3]  <TASK>
[  166.903979][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  166.903993][    C3] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  166.904008][    C3] Code: 18 82 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 e1 1a 00 fb f4 <e9> fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  166.904018][    C3] RSP: 0018:ffffc90000197df0 EFLAGS: 00000202
[  166.904028][    C3] RAX: 00000000002ba367 RBX: ffff88801eaea4c0 RCX: ffffffff8b90ac75
[  166.904035][    C3] RDX: 0000000000000000 RSI: ffffffff8de788fd RDI: ffffffff8c1b12a0
[  166.904042][    C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d4e679d
[  166.904049][    C3] R10: ffff88806a733ceb R11: 0000000000000000 R12: 0000000000000003
[  166.904055][    C3] R13: ffffed1003d5d498 R14: 0000000000000003 R15: ffffffff90d9b010
[  166.904064][    C3]  ? ct_kernel_exit+0x125/0x180
[  166.904080][    C3]  default_idle+0x9/0x10
[  166.904095][    C3]  default_idle_call+0x6c/0xb0
[  166.904104][    C3]  do_idle+0x464/0x590
[  166.904118][    C3]  ? __pfx_do_idle+0x10/0x10
[  166.904133][    C3]  cpu_startup_entry+0x4f/0x60
[  166.904147][    C3]  start_secondary+0x21d/0x2d0
[  166.904164][    C3]  ? __pfx_start_secondary+0x10/0x10
[  166.904181][    C3]  common_startup_64+0x13e/0x148
[  166.904197][    C3]  </TASK>
[  166.904201][    C3] 
[  167.039163][    C3] Allocated by task 6015:
[  167.040528][    C3]  kasan_save_stack+0x30/0x50
[  167.042044][    C3]  kasan_save_track+0x14/0x30
[  167.043537][    C3]  __kasan_kmalloc+0xaa/0xb0
[  167.045004][    C3]  xpad_probe+0x28e/0x1f60
[  167.046438][    C3]  usb_probe_interface+0x303/0x8f0
[  167.048086][    C3]  really_probe+0x241/0xa60
[  167.049579][    C3]  __driver_probe_device+0x1de/0x400
[  167.051425][    C3]  driver_probe_device+0x4c/0x1b0
[  167.053371][    C3]  __device_attach_driver+0x1df/0x340
[  167.055740][    C3]  bus_for_each_drv+0x159/0x1e0
[  167.057387][    C3]  __device_attach+0x1e4/0x4d0
[  167.058930][    C3]  device_initial_probe+0xaf/0xd0
[  167.060780][    C3]  bus_probe_device+0x64/0x160
[  167.062300][    C3]  device_add+0x11d9/0x1950
[  167.063797][    C3]  usb_set_configuration+0xd97/0x1c60
[  167.065594][    C3]  usb_generic_driver_probe+0xa1/0xe0
[  167.067335][    C3]  usb_probe_device+0xef/0x400
[  167.068922][    C3]  really_probe+0x241/0xa60
[  167.070527][    C3]  __driver_probe_device+0x1de/0x400
[  167.072390][    C3]  driver_probe_device+0x4c/0x1b0
[  167.074254][    C3]  __device_attach_driver+0x1df/0x340
[  167.076016][    C3]  bus_for_each_drv+0x159/0x1e0
[  167.077565][    C3]  __device_attach+0x1e4/0x4d0
[  167.079139][    C3]  device_initial_probe+0xaf/0xd0
[  167.080810][    C3]  bus_probe_device+0x64/0x160
[  167.082485][    C3]  device_add+0x11d9/0x1950
[  167.083963][    C3]  usb_new_device.cold+0x685/0x115c
[  167.085616][    C3]  hub_event+0x314d/0x4af0
[  167.087106][    C3]  process_one_work+0xa23/0x19a0
[  167.088762][    C3]  worker_thread+0x5ef/0xe50
[  167.090346][    C3]  kthread+0x370/0x450
[  167.091885][    C3]  ret_from_fork+0x754/0xd80
[  167.093337][    C3]  ret_from_fork_asm+0x1a/0x30
[  167.094946][    C3] 
[  167.095771][    C3] Freed by task 6271:
[  167.097228][    C3]  kasan_save_stack+0x30/0x50
[  167.098856][    C3]  kasan_save_track+0x14/0x30
[  167.100465][    C3]  kasan_save_free_info+0x3b/0x70
[  167.102148][    C3]  __kasan_slab_free+0x5f/0x80
[  167.103766][    C3]  kfree+0x1f6/0x6b0
[  167.105078][    C3]  xpad_disconnect+0x1cf/0x530
[  167.106718][    C3]  usb_unbind_interface+0x1dd/0x9e0
[  167.108483][    C3]  device_remove+0x12a/0x180
[  167.110045][    C3]  device_release_driver_internal+0x44e/0x620
[  167.112013][    C3]  bus_remove_device+0x2bc/0x560
[  167.113657][    C3]  device_del+0x376/0x9b0
[  167.115121][    C3]  usb_disable_device+0x367/0x810
[  167.116833][    C3]  usb_disconnect+0x2e2/0x9a0
[  167.118404][    C3]  hub_event+0x1d0c/0x4af0
[  167.119858][    C3]  process_one_work+0xa23/0x19a0
[  167.121474][    C3]  worker_thread+0x5ef/0xe50
[  167.123037][    C3]  kthread+0x370/0x450
[  167.124410][    C3]  ret_from_fork+0x754/0xd80
[  167.126099][    C3]  ret_from_fork_asm+0x1a/0x30
[  167.127902][    C3] 
[  167.128824][    C3] The buggy address belongs to the object at ffff88805a762800
[  167.128824][    C3]  which belongs to the cache kmalloc-1k of size 1024
[  167.133612][    C3] The buggy address is located 92 bytes inside of
[  167.133612][    C3]  freed 1024-byte region [ffff88805a762800, ffff88805a762c00)
[  167.137875][    C3] 
[  167.138749][    C3] The buggy address belongs to the physical page:
[  167.140802][    C3] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805a767000 pfn:0x5a760
[  167.144035][    C3] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  167.147064][    C3] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  167.149728][    C3] page_type: f5(slab)
[  167.151334][    C3] raw: 00fff00000000240 ffff88801b842dc0 ffffea0000b36e10 ffffea0000aaca10
[  167.154354][    C3] raw: ffff88805a767000 000000080010000d 00000000f5000000 0000000000000000
[  167.157193][    C3] head: 00fff00000000240 ffff88801b842dc0 ffffea0000b36e10 ffffea0000aaca10
[  167.160117][    C3] head: ffff88805a767000 000000080010000d 00000000f5000000 0000000000000000
[  167.162923][    C3] head: 00fff00000000003 ffffea000169d801 00000000ffffffff 00000000ffffffff
[  167.165623][    C3] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  167.168341][    C3] page dumped because: kasan: bad access detected
[  167.170350][    C3] page_owner tracks the page as allocated
[  167.172458][    C3] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1195, tgid 1195 (kworker/u32:9), ts 74566987489, free_ts 70805526790
[  167.179792][    C3]  post_alloc_hook+0x153/0x170
[  167.181591][    C3]  get_page_from_freelist+0x111d/0x3140
[  167.183406][    C3]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[  167.185468][    C3]  new_slab+0xa6/0x6b0
[  167.186902][    C3]  refill_objects+0x26b/0x400
[  167.188520][    C3]  __pcs_replace_empty_main+0x1ab/0x660
[  167.190391][    C3]  __kmalloc_noprof+0x688/0x850
[  167.192076][    C3]  ieee802_11_parse_elems_full+0x177/0x3720
[  167.194041][    C3]  ieee80211_inform_bss+0x159/0x1150
[  167.195843][    C3]  cfg80211_inform_single_bss_data+0x898/0x1e20
[  167.197894][    C3]  cfg80211_inform_bss_data+0x237/0x3a00
[  167.199740][    C3]  cfg80211_inform_bss_frame_data+0x247/0x790
[  167.201780][    C3]  ieee80211_bss_info_update+0x310/0xab0
[  167.203681][    C3]  ieee80211_ibss_rx_queued_mgmt+0x1919/0x2f80
[  167.205957][    C3]  ieee80211_iface_work+0xbff/0x13d0
[  167.208036][    C3]  cfg80211_wiphy_work+0x446/0x5c0
[  167.209892][    C3] page last free pid 129 tgid 129 stack trace:
[  167.212299][    C3]  __free_frozen_pages+0x7e1/0x10d0
[  167.214031][    C3]  qlist_free_all+0x47/0xe0
[  167.215804][    C3]  kasan_quarantine_reduce+0x1a0/0x1f0
[  167.217769][    C3]  __kasan_slab_alloc+0x69/0x90
[  167.219324][    C3]  kmem_cache_alloc_node_noprof+0x25a/0x6f0
[  167.221133][    C3]  __alloc_skb+0x140/0x710
[  167.222513][    C3]  rtmsg_ifinfo_build_skb+0x81/0x260
[  167.224198][    C3]  rtmsg_ifinfo+0xa4/0x1b0
[  167.225635][    C3]  netif_state_change+0x17f/0x380
[  167.227278][    C3]  linkwatch_do_dev+0xdb/0x110
[  167.228809][    C3]  __linkwatch_run_queue+0x3a9/0x900
[  167.230504][    C3]  linkwatch_event+0x8f/0xc0
[  167.231993][    C3]  process_one_work+0xa23/0x19a0
[  167.233566][    C3]  worker_thread+0x5ef/0xe50
[  167.235059][    C3]  kthread+0x370/0x450
[  167.236633][    C3]  ret_from_fork+0x754/0xd80
[  167.238294][    C3] 
[  167.239185][    C3] Memory state around the buggy address:
[  167.241196][    C3]  ffff88805a762700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  167.244118][    C3]  ffff88805a762780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  167.246817][    C3] >ffff88805a762800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.249333][    C3]                                                     ^
[  167.251522][    C3]  ffff88805a762880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.254064][    C3]  ffff88805a762900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  167.256619][    C3] ==================================================================
[  167.259153][    C3] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  167.261542][    C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  167.264925][    C3] Tainted: [L]=SOFTLOCKUP
[  167.266333][    C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  167.269484][    C3] Call Trace:
[  167.270553][    C3]  <IRQ>
[  167.271607][    C3]  dump_stack_lvl+0x100/0x190
[  167.273133][    C3]  vpanic+0x552/0x970
[  167.274425][    C3]  ? __pfx_vpanic+0x10/0x10
[  167.275939][    C3]  ? __pfx_vprintk_emit+0x10/0x10
[  167.277618][    C3]  ? do_raw_spin_lock+0x23b/0x260
[  167.279285][    C3]  panic+0xd1/0xe0
[  167.280491][    C3]  ? __pfx_panic+0x10/0x10
[  167.281928][    C3]  ? end_report.part.0+0x23/0x90
[  167.283523][    C3]  ? rcu_is_watching+0x12/0xc0
[  167.285037][    C3]  ? end_report.part.0+0x23/0x90
[  167.286631][    C3]  ? check_panic_on_warn+0x1f/0x90
[  167.288369][    C3]  check_panic_on_warn.cold+0x19/0x34
[  167.290078][    C3]  end_report.part.0+0x3a/0x90
[  167.291699][    C3]  kasan_report.cold+0xe/0x18
[  167.293261][    C3]  ? do_raw_spin_lock+0x23b/0x260
[  167.294924][    C3]  do_raw_spin_lock+0x23b/0x260
[  167.296559][    C3]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  167.298255][    C3]  ? kcov_remote_stop+0x201/0x540
[  167.299858][    C3]  ? kcov_remote_stop+0x201/0x540
[  167.301447][    C3]  _raw_spin_lock_irqsave+0x42/0x60
[  167.303118][    C3]  ? __wake_up+0x1c/0x60
[  167.304473][    C3]  __wake_up+0x1c/0x60
[  167.305778][    C3]  usb_anchor_resume_wakeups+0xc7/0xf0
[  167.307596][    C3]  __usb_hcd_giveback_urb+0x3d6/0x610
[  167.309308][    C3]  usb_hcd_giveback_urb+0x3ca/0x4a0
[  167.310995][    C3]  dummy_timer+0xd85/0x3670
[  167.312484][    C3]  ? find_held_lock+0x2b/0x80
[  167.314005][    C3]  ? debug_object_deactivate+0x2e4/0x3b0
[  167.316109][    C3]  ? __pfx_debug_object_deactivate+0x10/0x10
[  167.318200][    C3]  ? __pfx_dummy_timer+0x10/0x10
[  167.319800][    C3]  ? rcu_is_watching+0x12/0xc0
[  167.321418][    C3]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  167.323319][    C3]  ? __pfx_dummy_timer+0x10/0x10
[  167.324909][    C3]  __hrtimer_run_queues+0x50e/0xa70
[  167.326610][    C3]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  167.328425][    C3]  ? ktime_get_update_offsets_now+0x2cd/0x4d0
[  167.330357][    C3]  hrtimer_run_softirq+0x17d/0x350
[  167.332393][    C3]  handle_softirqs+0x1eb/0x9e0
[  167.334042][    C3]  ? __pfx_handle_softirqs+0x10/0x10
[  167.335987][    C3]  __irq_exit_rcu+0xef/0x150
[  167.337567][    C3]  irq_exit_rcu+0x9/0x30
[  167.339054][    C3]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  167.341007][    C3]  </IRQ>
[  167.342209][    C3]  <TASK>
[  167.343249][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  167.345158][    C3] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  167.346985][    C3] Code: 18 82 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 e1 1a 00 fb f4 <e9> fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  167.352985][    C3] RSP: 0018:ffffc90000197df0 EFLAGS: 00000202
[  167.354910][    C3] RAX: 00000000002ba367 RBX: ffff88801eaea4c0 RCX: ffffffff8b90ac75
[  167.357609][    C3] RDX: 0000000000000000 RSI: ffffffff8de788fd RDI: ffffffff8c1b12a0
[  167.360166][    C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d4e679d
[  167.362811][    C3] R10: ffff88806a733ceb R11: 0000000000000000 R12: 0000000000000003
[  167.365361][    C3] R13: ffffed1003d5d498 R14: 0000000000000003 R15: ffffffff90d9b010
[  167.368035][    C3]  ? ct_kernel_exit+0x125/0x180
[  167.369807][    C3]  default_idle+0x9/0x10
[  167.371284][    C3]  default_idle_call+0x6c/0xb0
[  167.372958][    C3]  do_idle+0x464/0x590
[  167.374375][    C3]  ? __pfx_do_idle+0x10/0x10
[  167.375936][    C3]  cpu_startup_entry+0x4f/0x60
[  167.377675][    C3]  start_secondary+0x21d/0x2d0
[  167.379243][    C3]  ? __pfx_start_secondary+0x10/0x10
[  167.380970][    C3]  common_startup_64+0x13e/0x148
[  167.382577][    C3]  </TASK>
[  167.384361][    C3] Kernel Offset: disabled
[  167.385746][    C3] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:05:53  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080000000 RBX=0000000000000021 RCX=ffffffff8b8d2d5c RDX=00000000ffffffe9
RSI=0000000000000000 RDI=0000000000000005 RBP=ffff88802aa62596 RSP=ffffc9000328f380
R8 =0000000000000005 R9 =0000000000000000 R10=00000000ffffffe9 R11=0000000000000000
R12=0000000000000030 R13=0000000000000000 R14=ffff88802aa62580 R15=0000000000000016
RIP=ffffffff8208eee0 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9d51679880 ffffffff 00c00000
GS =0000 ffff8880d633f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c3cbfec CR3=00000000262b3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000d0000000 Opmask01=0000000000004211 Opmask02=0000000001010037 Opmask03=0000000000000010
Opmask04=00000000fffffff7 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 303430313a393831 632f617461642f76
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02d7be90
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9d50ff1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff00ffffffff ffffffffffffff00
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffff000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 646431ee66bc1824 646431ee66bcb9d4
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 646431ee66bcb9dc 646431ee66bcb9dc
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005500706d742e 303430313a393831 632f617461642f76 6564752f6e75722f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00184d4554535953 4255530018485441 505645440056001f 56000e004c004b00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a64737c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02d7cda0 0000558a02d8b330 0000558a02d88c80 0000558a02d95140
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02d7a6d0 0000558a02d8b3b0 0000558a02d7c380 0000558a02d7b9e0
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02d7be70 0000558a02d760c0 0000558a02d76040 0000558a02d90ae0
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 81e283a9e7afb4ea 8294ee85b4eba4cc afa2ecb6a4e991b3 ebbab1eeb080eab2
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000461dfb RBX=ffff88801e6c24c0 RCX=ffffffff8b90ac75 RDX=0000000000000000
RSI=ffffffff8de788fd RDI=ffffffff8c1b12a0 RBP=0000000000000000 RSP=ffffc90000177df0
R8 =0000000000000001 R9 =ffffed100d4a679d R10=ffff88806a533ceb R11=0000000000000000
R12=0000000000000001 R13=ffffed1003cd8498 R14=0000000000000001 R15=ffffffff90d9b010
RIP=ffffffff8b9095df RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d643f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f23bf1f4fa8 CR3=0000000042a41000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd849f47d6
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd849f47d6 00007ffd849f47dc
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23c103327c
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23c10332bc
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23c1033420
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23c10332ae
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000030c685 RBX=ffff88801eaec980 RCX=ffffffff8b90ac75 RDX=0000000000000000
RSI=ffffffff8de788fd RDI=ffffffff8c1b12a0 RBP=0000000000000000 RSP=ffffc90000187df0
R8 =0000000000000001 R9 =ffffed100d4c679d R10=ffff88806a633ceb R11=0000000000000000
R12=0000000000000002 R13=ffffed1003d5d930 R14=0000000000000002 R15=ffffffff90d9b010
RIP=ffffffff8b9095df RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d653f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c2b575a CR3=0000000034641000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcfe0400 Opmask01=0000000000000000 Opmask02=00000000ffff7fdf Opmask03=0000000020400004
Opmask04=00000000fffffff7 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02fc6680 00005589f6988040
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02fc6680
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02d7c380
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a02d900c0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9d50ff1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 737326f971a4d483 737326fc29677159
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a893306bf6d752e3 737373762bd35ef6
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 737365636f727020 756c6c2520716573 006e6f6974697472 6170006b636f6c62
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 312d392f39627375 2f342e6463685f79 6d6d75642f6d726f 6674616c702f7365
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005600051f40494c 43055c5155484005 424b4c55554c4e53 004057005b1a0f00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a1 0000000000000050 676461672d776172 2f730035362e3937
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 dbe0431885a42190 0000000558a02d87 00000000000000e1 0000003177617264
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 422c44422c43422c 42422c41422c3942 2c38422c37422c34 422c33422c32422c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 31422c30422c4441 2c36412c35412c34 412c33412c31412c 46392c45392c3839
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c36392c45382c43 382c41382c39382c 38382c37382c3638 2c35382c34382c33
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000004d 0000535953425547 0000000000000021 0000000000000020
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000004d 000000302f421b00 0000000000000021 0000000000000020
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff857a5c70 RDI=ffffffff9b4a6b80 RBP=ffffffff9b4a6b40 RSP=ffffc900006f8448
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff3694dc2 R15=dffffc0000000000
RIP=ffffffff857a5c97 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d663f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000026002000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff800 Opmask01=0000000000000000 Opmask02=00000000f802fefc Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 203a6b6361747320 6461657268747020
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdb8b1e956
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdb8b1e956 00007ffdb8b1e95c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44ece3327c
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44ece332bc
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44ece33420
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44ece332ae
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000342e63 64755f796d6d7564
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7865000a64657275 6769666e6f63203a 7463656e6e6f635f 6273755f7a797300
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5d40000a41405750 424c434b4a46051f 5146404b4b4a465f 4756505f5f5c5600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44ecfec5f8 00007f44ecfec5c8 00007f44ecfec600 00007f44ecfec5e0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000