last executing test programs:

2m22.598850618s ago: executing program 2 (id=355):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x80008000, {0x0, 0x0, 0x0, r4, {0x5, 0xd}, {}, {0xa, 0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c)
sendto$inet6(r0, &(0x7f0000000300)="938f", 0x2, 0x14, &(0x7f0000000100)={0xa, 0x4e23, 0x7, @loopback}, 0x1c)

2m22.411586894s ago: executing program 2 (id=358):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000005ee37a411a000095ef4500d52625e188a6011a971b246887bc7e925260228f16e5a029bfdcc63ded526f784e1eabaf4d87721c55f3636cf8e204595d8954783b42a479c922978470855eec86bfe78053c092bd96c234573dbfa7731fcc204ffd23aaf16b96c5de27c1c8cc332048d6b01d914b1ad38f97c004980f17dae8777da4a5ea3ac23ce1e779595ced4d067899fb854305276cc2d1d473cfd1d009533646"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

2m22.410865716s ago: executing program 2 (id=359):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f9502547f70e06d038e7ff7fc6e5539b3471078b089b3b083848090890e0878f0e1ac6e7049b3372959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31310d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8a92fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18834dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b8dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00fd104d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff752613d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443eab40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738dd7b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a23dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c848a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333aed0418c0b44412d041259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b45030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475af3d3060eac38dcaea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100000000002058041150000000000001090201000100e800"], 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000bc0)={0x24, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x7b, @string={0x7b, 0x3, "a6d905007bc3080a569d16072b21ff9aec729c5cd55412d0cc03cf6a154b36034c119cae77afe3ec6b6fc8f3b6e72e13521fdd8840def9d19e6ca1be721e77afe20af1d698259154a71e6909ed4b62c6c11f5bcee5cc686af3332dc01c5c392c0c3004320b6e51029c68cdbe245a35fc6e05305b9720b8b3a8"}}, 0x0, 0x0}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
dup(r0) (async)
write$UHID_INPUT(r1, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f9502547f70e06d038e7ff7fc6e5539b3471078b089b3b083848090890e0878f0e1ac6e7049b3372959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31310d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8a92fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18834dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b8dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00fd104d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff752613d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443eab40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738dd7b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a23dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c848a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333aed0418c0b44412d041259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b45030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475af3d3060eac38dcaea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100000000002058041150000000000001090201000100e800"], 0x0) (async)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
syz_usb_control_io$hid(r2, &(0x7f0000000bc0)={0x24, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x7b, @string={0x7b, 0x3, "a6d905007bc3080a569d16072b21ff9aec729c5cd55412d0cc03cf6a154b36034c119cae77afe3ec6b6fc8f3b6e72e13521fdd8840def9d19e6ca1be721e77afe20af1d698259154a71e6909ed4b62c6c11f5bcee5cc686af3332dc01c5c392c0c3004320b6e51029c68cdbe245a35fc6e05305b9720b8b3a8"}}, 0x0, 0x0}, 0x0) (async)

2m21.591172251s ago: executing program 2 (id=367):
r0 = socket(0x15, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000080)={<r1=>0x0, @in6={{0xa, 0x4e20, 0x6, @private0, 0xd}}, [0xfffffffffffffff4, 0x8, 0x2f61, 0x7, 0x6, 0x7fff, 0x7, 0x8, 0x5, 0x7, 0x9, 0x0, 0x7, 0xffffffffffffffff, 0x4]}, &(0x7f0000000000)=0x100)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
tee(r3, r4, 0xfffffffffffffc01, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={r1, @in6={{0xa, 0x4e21, 0x7, @local, 0x7}}, 0x0, 0x6}, 0x90)
getsockopt(r0, 0x200000000114, 0x2710, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9)

2m21.501541042s ago: executing program 2 (id=368):
r0 = socket$inet(0x2, 0x1, 0x0)
getsockopt$inet_opts(r0, 0x0, 0x4, 0x0, &(0x7f0000000240)=0x28)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x14, r2, 0x303, 0x0, 0x0, {0x2a}}, 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x0) (async)
read$FUSE(0xffffffffffffffff, &(0x7f00000000c0)={0x2020}, 0x2020)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002140)=ANY=[@ANYBLOB="100000000000000005ee80886d46369f"], 0xffffffffffffffe5)

2m21.501097185s ago: executing program 2 (id=369):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001900010929bd700080000000021810000000fd010000000008000100ac141400080005000a0101021800168014000300fc0000000000000000000000000000000600150002000000cfcc08cf7f1f2c75e216db54b2f2d7b3fbcc0596dcf1812b63a0a3c3de7f4e08f4e9604c6583880f067566c30e968b5289383105f92d19d661b398644b004fc4a55cddf496585ffd389469e62fc71f989579d5c7f130272381d4d9bcd2f82627e603c09fb562177c0ab651ae0b4976e7283316d53670776e42aa6d667a831d9efe127742"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r1 = open_tree(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x81100)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10)
pipe2$9p(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (async)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
clock_gettime(0x0, &(0x7f00000002c0)) (async)
clock_gettime(0x0, &(0x7f00000002c0)={<r6=>0x0, <r7=>0x0})
write$input_event(r1, &(0x7f0000000300)={{r6, r7/1000+60000}, 0x14, 0x0, 0x625}, 0x18)
r8 = io_uring_setup(0x6613, &(0x7f0000000000)={0x0, 0x9c8e, 0x20, 0x3, 0x255})
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r9, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) (async)
ioctl$sock_ifreq(r9, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r9, 0x8949, &(0x7f0000000000)) (async)
ioctl$sock_netdev_private(r9, 0x8949, &(0x7f0000000000))
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r11, @ANYBLOB="ad43000000000100000006"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) (async)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000f92e6c668127efd500000000000000000000000000000000d2796779a0eb2759c2ad00ae3c62708f9a9c50bfe62e961012b21f42981439781deb64cd46368964740b1f025ac528f70fec492504c872c14be8113173012af498ee0e45c6a8222d8ccd50cea8febe0ec9dece42fbbe5d9b8cc2a35d77cf96ad2ac7175fad6a3f4deb0269f98648ead13e02ed6f57ced56555a6d959c9c419ba0a5bc0805b8883e4f6194332506c664362a4ceb05afdaad7c775a5bd2540061e24c7ad258514a3b4f84dff5b4701146c3f1cb44551afad7f52b4f004dd7ce69a0cbb34dc80a7296e42ddedd9d9d8e33fb5d05e600f0338a14355be61aae90065b9b55c47e1b4eb336013afcdcd86f7a74d7955e00ab53057c115", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r12, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r12, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@cgroup=r13, 0x2f, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
setsockopt$sock_linger(r13, 0x1, 0xd, &(0x7f0000000200)={0x0, 0x5}, 0x8) (async)
setsockopt$sock_linger(r13, 0x1, 0xd, &(0x7f0000000200)={0x0, 0x5}, 0x8)
r14 = syz_io_uring_setup(0x5216, &(0x7f0000000080)={0x0, 0xd73b, 0x1, 0x3, 0x3aa}, &(0x7f0000000180), &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_PERSONALITY(r14, 0x9, 0x0, 0x0) (async)
r15 = io_uring_register$IORING_REGISTER_PERSONALITY(r14, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0xa, 0x0, r15) (async)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0xa, 0x0, r15)

2m6.49754434s ago: executing program 32 (id=369):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001900010929bd700080000000021810000000fd010000000008000100ac141400080005000a0101021800168014000300fc0000000000000000000000000000000600150002000000cfcc08cf7f1f2c75e216db54b2f2d7b3fbcc0596dcf1812b63a0a3c3de7f4e08f4e9604c6583880f067566c30e968b5289383105f92d19d661b398644b004fc4a55cddf496585ffd389469e62fc71f989579d5c7f130272381d4d9bcd2f82627e603c09fb562177c0ab651ae0b4976e7283316d53670776e42aa6d667a831d9efe127742"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r1 = open_tree(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x81100)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10)
pipe2$9p(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) (async)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
clock_gettime(0x0, &(0x7f00000002c0)) (async)
clock_gettime(0x0, &(0x7f00000002c0)={<r6=>0x0, <r7=>0x0})
write$input_event(r1, &(0x7f0000000300)={{r6, r7/1000+60000}, 0x14, 0x0, 0x625}, 0x18)
r8 = io_uring_setup(0x6613, &(0x7f0000000000)={0x0, 0x9c8e, 0x20, 0x3, 0x255})
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r9, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) (async)
ioctl$sock_ifreq(r9, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r9, 0x8949, &(0x7f0000000000)) (async)
ioctl$sock_netdev_private(r9, 0x8949, &(0x7f0000000000))
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r11, @ANYBLOB="ad43000000000100000006"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) (async)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0000f92e6c668127efd500000000000000000000000000000000d2796779a0eb2759c2ad00ae3c62708f9a9c50bfe62e961012b21f42981439781deb64cd46368964740b1f025ac528f70fec492504c872c14be8113173012af498ee0e45c6a8222d8ccd50cea8febe0ec9dece42fbbe5d9b8cc2a35d77cf96ad2ac7175fad6a3f4deb0269f98648ead13e02ed6f57ced56555a6d959c9c419ba0a5bc0805b8883e4f6194332506c664362a4ceb05afdaad7c775a5bd2540061e24c7ad258514a3b4f84dff5b4701146c3f1cb44551afad7f52b4f004dd7ce69a0cbb34dc80a7296e42ddedd9d9d8e33fb5d05e600f0338a14355be61aae90065b9b55c47e1b4eb336013afcdcd86f7a74d7955e00ab53057c115", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r12, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r12, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@cgroup=r13, 0x2f, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)
setsockopt$sock_linger(r13, 0x1, 0xd, &(0x7f0000000200)={0x0, 0x5}, 0x8) (async)
setsockopt$sock_linger(r13, 0x1, 0xd, &(0x7f0000000200)={0x0, 0x5}, 0x8)
r14 = syz_io_uring_setup(0x5216, &(0x7f0000000080)={0x0, 0xd73b, 0x1, 0x3, 0x3aa}, &(0x7f0000000180), &(0x7f00000001c0))
io_uring_register$IORING_REGISTER_PERSONALITY(r14, 0x9, 0x0, 0x0) (async)
r15 = io_uring_register$IORING_REGISTER_PERSONALITY(r14, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0xa, 0x0, r15) (async)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0xa, 0x0, r15)

1m37.683540483s ago: executing program 4 (id=913):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040), 0x10)
listen(r1, 0x0)
accept4$unix(r1, 0x0, 0x0, 0x0)
recvmmsg$unix(r1, &(0x7f0000000540)=[{{&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f00000001c0)=""/229, 0xe5}], 0x1, &(0x7f0000000140)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f00000002c0), 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000340)=""/17, 0x11}, {&(0x7f0000000380)=""/250, 0xfa}, {&(0x7f0000000480)}], 0x3, &(0x7f0000000500)=[@cred={{0x1c}}], 0x20}}], 0x2, 0x40000102, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x5)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
sendfile(r2, r2, 0x0, 0x30)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xdb)

1m36.512566862s ago: executing program 4 (id=926):
syz_open_dev$loop(&(0x7f0000000140), 0x4048000000000000, 0x10f282)
r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8003, 0x25f}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r0, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r0, 0x6e2, 0x600, 0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)

1m36.404553121s ago: executing program 4 (id=927):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0xffffffff, [{0x0, 0x2, 0x21}]}, @restrict={0x0, 0x0, 0x0, 0x10, 0x2}]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (async)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='vlan0\x00', 0x10)

1m36.403694409s ago: executing program 4 (id=928):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]})
mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')

1m36.402797785s ago: executing program 4 (id=930):
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_int(r0, 0x29, 0x11, 0x0, &(0x7f0000001040))
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000040)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000100)="ad8c31846d8a3c290d95a9bfaa821d6c41687c7374cacad287f446f988e80a4eb3602412ca980839d4a77e7fe1b025f965e247ba540d936a71fd80c813758a584937f95b6564e79cdf34567ac5c17f54df9564bd2211e480fd80434a1294ffc246c66551bf78b290eb9911d9f32e4d6887fe7be1aea5014d569b022779ea1c9fefb7b3fbaf1c11a0ba055929d62ec3c74a571ef200e4ac39b9c4974aa9dbe3581922e0de7f85e889615d12a51943073661f55d021c58c6306ffb47b135653282c8d0636af8fe0339b4a0ddfc870fa238049352a5f08b7f6fe5b470821b97f5cf5e7ae68a7264ef9c9022ce344ba70ef6d55a621958be", 0xf6}, 0x68)
write$tcp_congestion(r1, 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x169a82, 0x100)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="252cdbdf25090005000800030000000000000b000c146bb8cbe1a976b0a45f7a00826debfa50f22dedbc5dc0a43a3543df8cd2225470ad3d0a480d846066b78c1b084490147e1404e40862c88d7f46a6b2bebd353923bd414b3e67f583ad4d580a4a49bcea8c5f5aad8ac236b92d946a78bcfb355e5d23115e85cd8e6e11113abbb5a177c94503251dc22feadbaaa2e48497c6582d3ec62c49efe3a6051fc523ea151cef3a20dc414d0b3ad9d8f0d55293302d1a353c2308362a052cb4c4029db1c2a2ddd3b2704b5602d65ef7d0de88cbe792c3cdcfa320ae6ca1809da4db27", @ANYRES32=r6, @ANYBLOB="0a00060008021100000100000800370000000000"], 0x30}, 0x1, 0x0, 0x0, 0x20040080}, 0x810)
write$cgroup_int(r2, &(0x7f0000000000)=0xfe8e, 0x12)
socket$igmp6(0xa, 0x3, 0x2) (async)
getsockopt$inet6_int(r0, 0x29, 0x11, 0x0, &(0x7f0000001040)) (async)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000040)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000100)="ad8c31846d8a3c290d95a9bfaa821d6c41687c7374cacad287f446f988e80a4eb3602412ca980839d4a77e7fe1b025f965e247ba540d936a71fd80c813758a584937f95b6564e79cdf34567ac5c17f54df9564bd2211e480fd80434a1294ffc246c66551bf78b290eb9911d9f32e4d6887fe7be1aea5014d569b022779ea1c9fefb7b3fbaf1c11a0ba055929d62ec3c74a571ef200e4ac39b9c4974aa9dbe3581922e0de7f85e889615d12a51943073661f55d021c58c6306ffb47b135653282c8d0636af8fe0339b4a0ddfc870fa238049352a5f08b7f6fe5b470821b97f5cf5e7ae68a7264ef9c9022ce344ba70ef6d55a621958be", 0xf6}, 0x68) (async)
write$tcp_congestion(r1, 0x0, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x169a82, 0x100) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000e40)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_GET_KEY(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="252cdbdf25090005000800030000000000000b000c146bb8cbe1a976b0a45f7a00826debfa50f22dedbc5dc0a43a3543df8cd2225470ad3d0a480d846066b78c1b084490147e1404e40862c88d7f46a6b2bebd353923bd414b3e67f583ad4d580a4a49bcea8c5f5aad8ac236b92d946a78bcfb355e5d23115e85cd8e6e11113abbb5a177c94503251dc22feadbaaa2e48497c6582d3ec62c49efe3a6051fc523ea151cef3a20dc414d0b3ad9d8f0d55293302d1a353c2308362a052cb4c4029db1c2a2ddd3b2704b5602d65ef7d0de88cbe792c3cdcfa320ae6ca1809da4db27", @ANYRES32=r6, @ANYBLOB="0a00060008021100000100000800370000000000"], 0x30}, 0x1, 0x0, 0x0, 0x20040080}, 0x810) (async)
write$cgroup_int(r2, &(0x7f0000000000)=0xfe8e, 0x12) (async)

1m36.39333306s ago: executing program 4 (id=933):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0xffffffffffff8001, 0x82242)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000080)={0x0, 0x0, <r2=>0x0})
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x10)
write(r3, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000000100000000000000080003000b000000", 0x24)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/wakeup_count', 0x101, 0x0)
write$tcp_mem(r4, &(0x7f00000000c0)={0x4, 0x20, 0x3, 0x20, 0x6}, 0x48)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000580)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r7 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r7)
mount$9p_tcp(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1a20201, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72743d3078303030303030303030303030346532322c63616368653d6c6f6f73652c6d73697a653d3078303030303030303030303030303030302c70726976706f72742c6163636573733d616e792c6e6f657874656e642c726f6f74636f6e746578743d756e636f6e66696e65645f752c009a58284ff8c96615722fdbe07feaf7d46d0790ea14257e0e0767962fe4a0bd0200103c37f804dccdde491094d9b4612ce719671fe86beb6fdfe674097a2b56f203af0840e0d21d3f658bc0c31ea491042defc2c8f825ff21f39fe926b6dcdcf71e03122938757f2e32d5cebc018c8ba3dfb7667bfaae5ee0509d85244dac513ce05fe5ab5528f79812073b6f1df46a8862ce2f45cac3cecc0b5398f1384d1d8875a5ce9f4a9b0b1d7d6d01e4175bbe9193059a76e3"])
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000c40)={0x1, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0xffffffff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000680)={0x0, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ALLOC(r7, 0xc0206434, &(0x7f00000006c0)={0x9d, <r9=>0x0})
ioctl$DRM_IOCTL_SG_ALLOC(r8, 0xc0106438, &(0x7f0000000700)={0x7, r9})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000008000b40000000006c000480140001800b000100657874686472000024000280080001400000000c0800034000000000080004400000002205"], 0x108}}, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f00000002c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x45a, @void, @value}, 0x94)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000600)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, r2})

1m21.319446923s ago: executing program 33 (id=933):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0xffffffffffff8001, 0x82242)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000080)={0x0, 0x0, <r2=>0x0})
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x10)
write(r3, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000000100000000000000080003000b000000", 0x24)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/wakeup_count', 0x101, 0x0)
write$tcp_mem(r4, &(0x7f00000000c0)={0x4, 0x20, 0x3, 0x20, 0x6}, 0x48)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000580)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r7 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r7)
mount$9p_tcp(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1a20201, &(0x7f0000000740)=ANY=[@ANYBLOB="7472616e733d7463702c706f72743d3078303030303030303030303030346532322c63616368653d6c6f6f73652c6d73697a653d3078303030303030303030303030303030302c70726976706f72742c6163636573733d616e792c6e6f657874656e642c726f6f74636f6e746578743d756e636f6e66696e65645f752c009a58284ff8c96615722fdbe07feaf7d46d0790ea14257e0e0767962fe4a0bd0200103c37f804dccdde491094d9b4612ce719671fe86beb6fdfe674097a2b56f203af0840e0d21d3f658bc0c31ea491042defc2c8f825ff21f39fe926b6dcdcf71e03122938757f2e32d5cebc018c8ba3dfb7667bfaae5ee0509d85244dac513ce05fe5ab5528f79812073b6f1df46a8862ce2f45cac3cecc0b5398f1384d1d8875a5ce9f4a9b0b1d7d6d01e4175bbe9193059a76e3"])
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r7})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000c40)={0x1, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0xffffffff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000680)={0x0, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ALLOC(r7, 0xc0206434, &(0x7f00000006c0)={0x9d, <r9=>0x0})
ioctl$DRM_IOCTL_SG_ALLOC(r8, 0xc0106438, &(0x7f0000000700)={0x7, r9})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000094000000060a010400000000000000000100000008000b40000000006c000480140001800b000100657874686472000024000280080001400000000c0800034000000000080004400000002205"], 0x108}}, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f00000002c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x45a, @void, @value}, 0x94)
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000600)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, r2})

8.129410615s ago: executing program 1 (id=2176):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000240)={'team0\x00', <r5=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x5c, r4, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0)

8.126169584s ago: executing program 1 (id=2178):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0xe}]})

8.057627124s ago: executing program 1 (id=2179):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
socket$inet(0x2, 0x3, 0x6)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000440)="25d9b5b1267ee353a0a5b01b2955dce09f", 0x11}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

8.057060936s ago: executing program 1 (id=2181):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new0default user:syz '], 0x2a, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000080)="bedee9de6824f207f3fa196f62983e0126bbddc88eae760ab9267021cdc0002df9bf19e497be2d139d6a7620e116", 0x2e}], 0x1, &(0x7f0000000c80)}, 0x0)
recvmmsg(r1, &(0x7f0000001400)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40000120, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4, 0x10, r1, 0xdc02b000)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff}, './file0\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a4000000003"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x40d, 0x70bd25, 0x25ffdbff, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x85}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xd}, {0xffff, 0xa}, {0x5, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000540)=[{{&(0x7f0000000340)=@l2tp={0x2, 0x0, @loopback, 0x4}, 0x80, &(0x7f0000000c80)=[{&(0x7f00000003c0)="4a76d5dc8b2d5085d2f4453ae7d8764f9e10fbc150acf475cc7c1b4703e3655d4c939461a0043467f92f8597370e8c85809398c9455ad20d8fb6672ed6b5f98268301a0c550f77692f564089c9667a91f0b3908f10bdaec61b887e336c26eef2ac50f6148b3e17282562515f41ea36065a9ea47c9b1b4053d8acfc4b56e5b30b5da35322493a04895888394bdfddee3f4ec71496e688c9b921ccf31afb847682998b1c7d016614b8fa1ea36ef3e205f315b956915ae21ce1e9824d2c292325ef523b77c975a261bd031550cf2badfc030fdb4e55899044e60a50cdb07d6c6c2b98fcdef2e01e706e28f3f290d690ba5f272bf796c90c", 0xf6}, {&(0x7f0000000cc0)="1fc8f32476b0d29fcaa14bee87a253bb9cdaab4b6becd825c4eb3c514a258f027f1266e73f532b7997b290f4a569a93625e0a3092aa4bf99d3e9834f730a79cd9aefea4d4318dcaaad891d444cbc7e579b85b5d9888cc29d1da73b81bb999dbad44f2f8d241b39bbcc1c7de2b5e612b81f863e50e62228527856c3a1bedfab92944c14e1fa270854e8e2d42c2900a639c7db107078c2288d8b063b5304134a553d11b783b4b772167b018654784d27a2cf625fb864a1ef9d54dd7304537cedf02818d06a89fd7aa8a84dadf1348fa115fcbace9a16e36802fb587f99524726b9d440483faec6ea8e866c5d89041c3640c1f5d91dc4ee2b8e5085d98035fdcfb2c07d47ff9b9833db2b56eb785a675263c00b014571bd046c8c5644a6cb7d04afa34073cac1ef6bd1bf1eb0eff10be9868502ae0a5488575f255e88abf68f64f78714cc7ffe0112e54bf896b288433ab8e481d109f482a5802ead1e7a0b8b13a9165c8faaa604983ce5da01da7b", 0x16d}, {&(0x7f0000000740)="0d0ed0f9484d8c532988aee9a41f16198a8cc809", 0x14}, {&(0x7f0000000c40)="f84fcc604019faa3553ee6d77e73ab8b2a809364e5c0ab2de446", 0x1a}], 0x4, &(0x7f0000000e40)=[{0xe8, 0x11, 0x9, "5fb6765a1782619ec01518e7c45db19f7a2a1089157e6e040c3147712c6327e53595475a10d0818a3815d99c511a00bd674d8a71993c0d6d1eca4b9fbc674a69a7a6c59af9b2b00ecdf3228406687a348b8912fce5e6c88d7b4a45d8da148b73ca6c23b4110e2bf259f521c73b8987ac2ea8df449ebaf11511246641df27e75b6d03bc361b0f88d247bc97e5bec18654811a8d373912e4f80d1fe34099c559546f2a71cfcc233d767e51e4428418f85dc65903f405553fc496ba32be0bfb6edb27e5dd2344b706c6e97485e39ff0b03a296b9b06"}, {0x38, 0x88, 0x5, "169dd05271633cc08f0846e2432d3ff7aca25d18d538222793e9dfbe42b4ba9988c4"}], 0x120}}], 0x1, 0x1)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r4)
sendmsg$NFC_CMD_DISABLE_SE(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYRES64=r4, @ANYRES16=r5, @ANYBLOB="01002abd7000ffdbdfd2fc590c960314251220000009000100", @ANYRES32=0x0, @ANYBLOB="08001500c0000000"], 0x24}, 0x1, 0x0, 0x0, 0x20040840}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r6=>r0}, './file0\x00'})
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={<r7=>0x0, @private, @private}, &(0x7f0000000180)=0xc)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=@delqdisc={0x5c, 0x25, 0x200, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0xfff3, 0xfff2}, {0xc, 0x3}, {0x1}}, [@TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x0, 0xf, 0xbaf, 0x1, 0x5, 0x80000001, 0x2}}, {0x8, 0x2, [0x3, 0xfffa]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x20a}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, 0x0, 0xc014)
write$uinput_user_dev(r2, &(0x7f00000007c0)={'syz0\x00', {0x5, 0x200, 0x1, 0x2d}, 0x4a, [0x5, 0x5f7, 0x3, 0x9, 0x20000, 0xa96, 0x6df, 0x7, 0x2, 0x3, 0x4, 0xf0, 0xffff0000, 0x3, 0x5, 0x7fff, 0x4, 0x0, 0x8, 0x2, 0xf, 0x2, 0x9, 0xe, 0x1, 0x1000, 0xd5c, 0x4b0, 0x9, 0x7, 0x1, 0xd, 0x4, 0x10000, 0x5, 0x101, 0x8, 0x401, 0xa7, 0x7ff, 0x6, 0x10, 0x3, 0x9, 0x9, 0xfff, 0x40, 0x0, 0x7dfb0d94, 0xd, 0x9, 0x7, 0x1fe5, 0x8, 0x4, 0x2, 0xe, 0x0, 0x7, 0x9, 0x2, 0x1e921104, 0x101, 0x800], [0x6, 0x40, 0xf1b5, 0x6, 0x7, 0xd2c, 0x28399209, 0x70ad, 0x5, 0x1ff, 0xfffffffa, 0x1, 0x1, 0x2, 0x7, 0xc, 0x101, 0x2, 0x5, 0x9, 0x10001, 0x2, 0x6, 0x7, 0x4, 0x9, 0x8, 0x6, 0x5, 0x401, 0x2, 0x2, 0x69bc0000, 0x2, 0x6, 0x4d3, 0x9, 0x8000, 0x0, 0x10, 0xe, 0xc, 0x5, 0x9, 0x4, 0xfffffffc, 0x8, 0xfdef, 0x8000, 0x7, 0x18, 0x74fe, 0x7, 0x3ff, 0x58, 0xffffffff, 0x10000, 0x0, 0xfffffffa, 0x4, 0xffff, 0x1, 0x9, 0xc2], [0x9, 0x5, 0x5, 0x5, 0x19, 0xfffffe00, 0xffffffff, 0x0, 0xf, 0x4, 0x2, 0x1, 0xa27, 0x2, 0x0, 0x5, 0x7, 0x8, 0x1, 0x2, 0x8, 0x7, 0xb04, 0x7ff, 0x7, 0x6, 0xd9, 0x40, 0x4, 0x5, 0x600000, 0x8, 0x80, 0xf7, 0xe0, 0x5d6339a2, 0xf551, 0x2, 0x8, 0x3, 0x7ff, 0x0, 0x72df, 0xf, 0x732, 0x7, 0x3, 0x0, 0x6, 0x7, 0x3ff, 0xab, 0x3, 0x1, 0x4, 0x6, 0x1, 0x2c4, 0xfff, 0x7, 0x6, 0x8, 0x800, 0x3], [0x8, 0x20, 0x80, 0x3, 0x3, 0x1, 0xb, 0xfffff3b7, 0xf556, 0xd6, 0x6, 0x8, 0x6, 0x4, 0x0, 0x4, 0x2bf7, 0x1, 0x7ff, 0xaed, 0x3, 0x619, 0x1, 0x9, 0x8c, 0x80000001, 0x10002, 0x200, 0x4, 0x8, 0x1, 0x1, 0x0, 0x1, 0x6, 0x297, 0xa50e, 0x2, 0x8c2, 0x6, 0x0, 0xffffffff, 0x4, 0x800, 0x7f, 0x1, 0xfffffffe, 0x8, 0x5, 0xf, 0x8000, 0x0, 0x4, 0x0, 0xe, 0x3, 0x9, 0x8, 0x8, 0x10001, 0x2, 0x2, 0xbf28, 0x6]}, 0x45c)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000001280)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, 0x0)

3.060225081s ago: executing program 3 (id=2208):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0x7}]})

3.059991565s ago: executing program 3 (id=2209):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000380)=ANY=[@ANYBLOB="f8000000160000000000000000000000ac1414aa000000000000000000000000ff01000000000000000000000000000100"/63, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff000000000000000000000000000000000000000000000000000000000000000000000001"], 0xf8}, 0x1, 0x0, 0x0, 0x20000840}, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}]}})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r4, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2)

2.959590617s ago: executing program 3 (id=2211):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xb, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xe}, @ptr={0x70742a85, 0x0, &(0x7f0000000600)=""/222, 0xde, 0x1, 0x5}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x37}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

2.850177066s ago: executing program 3 (id=2212):
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='mpol=prefer'])
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="64000000100001002abd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8221000008200200140003006e657464657673696d30000000000000300016802400018014000a0002"], 0x64}}, 0x0)
pipe(&(0x7f0000019480))
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r2 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000005c0)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r4, &(0x7f0000000380)={0xa, 0x0, 0x0, @remote, 0x8000002}, 0x1c)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e25, 0x0, @mcast1, 0x200}, 0x1c)
r5 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000001280)={r3, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000100000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x8a2]}})
ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r2)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @rand_addr=' \x01\x00', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x4}}}}}}}, 0x0)

2.74873903s ago: executing program 3 (id=2213):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0xa000, 0x0)
read$rfkill(r0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x9)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000180), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_128={{0x303}, "25389c057cab2ebf", "cc00e507e4f88f4679c0d609e5382163", "9d00", "d83600"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_256={{0x304}, "6a655069ade22ce4", "0d35db0d4af1cbcce779bbc24b53fc4988c215118dd14cb837de56339a336a19", 'FY\\;', "8891ea13f18ef0be"}, 0x38)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r3, &(0x7f0000004c80)=[{{&(0x7f0000000400)={0x2, 0x4e21, @empty}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000f00)="a84596", 0x3}], 0x1}}], 0x1, 0x4009800)
setsockopt$inet_mreqn(r3, 0x0, 0x24, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000040)='\f\x00', 0x2, 0x0, &(0x7f0000000340), 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r4, 0x0)
readlinkat(r4, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002780)=""/4109, 0x100d)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f00000000c0), &(0x7f0000000200)=0x40)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x4c}}, 0x24000090)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r5, 0xc008551c, &(0x7f00000006c0)={0x7, 0x8, [0x8, 0xab86]})
poll(&(0x7f0000000000)=[{r0, 0x6deb2fe3bc9dfe63}, {r1, 0x22c4}, {r0, 0x100}], 0x3, 0x0)

2.693654374s ago: executing program 0 (id=2214):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0xe}]})

2.693546598s ago: executing program 0 (id=2215):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, 0x0)

2.639722237s ago: executing program 3 (id=2216):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new0default user:syz '], 0x2a, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000080)="bedee9de6824f207f3fa196f62983e0126bbddc88eae760ab9267021cdc0002df9bf19e497be2d139d6a7620e116", 0x2e}], 0x1, &(0x7f0000000c80)}, 0x0)
recvmmsg(r1, &(0x7f0000001400)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40000120, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4, 0x10, r1, 0xdc02b000)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff}, './file0\x00'})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000280), r3)
sendmsg$NFC_CMD_DISABLE_SE(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01bd7000f8ffffffff4ea4b1581442971428b3b68ee7f43a88dbde6a8c4eb3cfffffff120048e0a530", @ANYRES32=0x0, @ANYBLOB="08001500c0000000"], 0x24}, 0x1, 0x0, 0x0, 0x20008840}, 0x40000)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, 0x0, 0xc014)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000800)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000002b00000008000300", @ANYRESHEX=r0, @ANYBLOB="0400460005003400fe000000080026008a090000300051802c0000800800030005ac0f0011000100436d9bb9c5e13fcd62bca7f88d000000050002"], 0x60}}, 0x40080)
write$uinput_user_dev(r2, &(0x7f00000002c0)={'syz0\x00', {0x5, 0x200, 0x1, 0x2d}, 0x36, [0x5, 0x5f7, 0x3, 0x9, 0xffffffc4, 0xa96, 0x6df, 0x7, 0x2, 0x3, 0x4, 0xf0, 0xffff0000, 0x3, 0x5, 0x7fff, 0xfffffff7, 0x0, 0x8, 0x2, 0xf, 0x2, 0x9, 0xe, 0x1, 0x1000, 0xd5c, 0x4b0, 0x9, 0x7, 0x1, 0xd, 0x6, 0x10000, 0x5, 0x101, 0x8, 0x401, 0xa7, 0x7ff, 0x6, 0x10, 0x3, 0x9, 0x9, 0xfff, 0x40, 0x0, 0x6dfb0d94, 0xd, 0x9, 0x7, 0x1fe5, 0x8, 0x4, 0x2, 0xe, 0x0, 0x7, 0x9, 0x2, 0x1e921104, 0x101, 0x800], [0x6, 0x40, 0xf1b4, 0x6, 0x7, 0xd2c, 0x28399209, 0x70ad, 0x5, 0x1ff, 0xfffffffa, 0x1, 0x1, 0x2, 0x7, 0xa, 0x101, 0x2, 0x5, 0x9, 0x10001, 0x2, 0x6, 0x7, 0x4, 0x9, 0x8, 0x6, 0x5, 0x401, 0x2, 0x2, 0x69bc0000, 0x2, 0x6, 0xb, 0x9, 0x2, 0x0, 0x10, 0xe, 0xc, 0x5, 0x9, 0x4, 0xfffffffc, 0x8, 0xfdef, 0x8000, 0x7, 0x18, 0x74fe, 0x7, 0x3ff, 0x58, 0x0, 0x10000, 0x0, 0xfffffffa, 0x4, 0xffff, 0x1, 0x9, 0xc2], [0x4ae0, 0x5, 0x5, 0x5, 0x19, 0xfffffe00, 0xffffffff, 0x0, 0xf, 0x4, 0x2, 0x1, 0xa27, 0x2, 0x0, 0x5, 0x7, 0x8, 0x1, 0x2, 0x8, 0x7, 0xb04, 0x7ff, 0x7, 0x6, 0xd9, 0x40, 0x4, 0x5, 0x600000, 0x8, 0x80, 0xf7, 0xe0, 0x5d6339a2, 0xf551, 0x2, 0x8, 0x3, 0x7ff, 0x0, 0x72df, 0xf, 0x4f5a, 0x7, 0x3, 0x0, 0x6, 0x7, 0x3ff, 0xab, 0x3, 0x1, 0x4, 0x6, 0x1, 0x2c4, 0xfff, 0x7, 0x6, 0x8, 0x800, 0x3], [0x8, 0x1e, 0x80, 0x3, 0x3, 0x1, 0xb, 0xfffff3b7, 0xf556, 0x0, 0x6, 0x8, 0x6, 0x4, 0x0, 0x4, 0x2bf7, 0x1, 0x7ff, 0xaed, 0x3, 0x619, 0x1, 0x2, 0x8c, 0x80000001, 0x2, 0x200, 0x4, 0x8, 0x1, 0x1, 0x0, 0x1, 0x6, 0x297, 0xa50e, 0x2, 0x8c2, 0x6, 0x0, 0xffffffff, 0x4, 0x800, 0x7f, 0x5, 0xfffffffe, 0x8, 0x5, 0xf, 0x8000, 0x839, 0x4, 0x0, 0xe, 0x3, 0x9, 0x8, 0xac5, 0x10001, 0x2, 0x2, 0xbf28, 0x6]}, 0x45c)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r3)
sendmsg$IEEE802154_ASSOCIATE_RESP(r7, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000740)={&(0x7f00000001c0)={0x70, r8, 0x300, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0xd}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0xfc}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0x61}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_STATUS={0x5, 0x3, 0x8}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000001280)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, 0x0)
ioctl$CEC_ADAP_S_PHYS_ADDR(r2, 0x40026102, 0x0)

2.63949383s ago: executing program 0 (id=2217):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0x7}]})

2.58024974s ago: executing program 0 (id=2218):
r0 = socket(0x11, 0x800000003, 0x0)
r1 = semget$private(0x0, 0x6, 0x3b1)
semop(r1, &(0x7f0000000000)=[{0x0, 0xea, 0x1000}, {0x0, 0x0, 0x1000}], 0x2)
semtimedop(r1, &(0x7f0000003340)=[{0x4, 0x3d, 0x1000}], 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x7, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000081}, 0x14000)
r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$CDROMSUBCHNL(r2, 0x530b, &(0x7f0000000040)={0x2, 0x0, 0xf, 0x2, 0x4, 0x9, @msf={0x81, 0x10, 0x5}, @msf={0x3, 0x10, 0x10}})

1.755354748s ago: executing program 0 (id=2227):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xb, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xe}, @ptr={0x70742a85, 0x0, &(0x7f0000000600)=""/222, 0xde, 0x1, 0x5}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x37}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

688.32574ms ago: executing program 1 (id=2201):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000440)="25d9b5b1267ee353a0a5b01b2955dce09f", 0x11}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

686.968852ms ago: executing program 0 (id=2235):
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c2402"], 0x0)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000880), 0x800, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x5, 0x8, &(0x7f0000000000)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000140)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f0000000180)="29e2bad1046807dd9595660f383858000f01ca360fc79b00100f08668e3e0804baf80c66b8468ff18566ef0fc75845ed0f01c50fc738", 0x36}], 0x1, 0x26, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x4542, 0x1ba)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x2282, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

579.602884ms ago: executing program 1 (id=2228):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r0, &(0x7f0000000000)=""/188, 0xbc)
r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(r2, 0xffffffffffffffff, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f00"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, 0x0)

330.162481ms ago: executing program 5 (id=2232):
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x14, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

239.159074ms ago: executing program 5 (id=2233):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x7)
ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x3, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]})

238.802259ms ago: executing program 5 (id=2234):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0x7}]})

69.891586ms ago: executing program 5 (id=2237):
r0 = syz_io_uring_setup(0x37, &(0x7f0000000080)={0x0, 0x36c4, 0x8, 0x0, 0x268}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000280)=""/204, 0xcc}], 0x1}, 0x0, 0x80002101})
io_uring_enter(r0, 0x800d81, 0x0, 0x0, 0x0, 0x0)
write(r3, &(0x7f0000000040)='\a', 0x1)

69.70556ms ago: executing program 5 (id=2238):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000080))
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000000000000050000000000000000000000030000000000f100ffffffff"])
r2 = inotify_init1(0x0)
r3 = syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$setown(r2, 0x8, r3)
fcntl$getownex(r2, 0x10, &(0x7f0000000040))
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x0, 0xe8f})
syz_emit_ethernet(0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000280000000000069078ac1414bbac1414aa00004e22", @ANYBLOB="ecfb89878f3de36e6178c8fcf8d0dfae80a404bb33", @ANYRES32=r0, @ANYRES8=r1], 0x0)

0s ago: executing program 5 (id=2239):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) (async)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000002780), 0x202, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (async)
r3 = fspick(r1, &(0x7f0000000000)='./file0\x00', 0x1)
fsmount(r3, 0x0, 0x5)

kernel console output (not intermixed with test programs):

[ T6015] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.236919][ T6015] usb 6-1: Product: syz
[  156.238824][ T6015] usb 6-1: Manufacturer: syz
[  156.240919][ T6015] usb 6-1: SerialNumber: syz
[  156.248305][ T6015] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  156.268437][  T839] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  156.563558][   T61] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  156.725372][   T61] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.728410][   T61] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  156.733863][   T61] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  156.736560][   T61] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.739704][   T61] usb 8-1: Product: syz
[  156.741542][   T61] usb 8-1: Manufacturer: syz
[  156.743644][   T61] usb 8-1: SerialNumber: syz
[  156.922986][T10827]  pmem0: [POWERTEC]
[  157.075219][   T61] usb 8-1: 0:2 : does not exist
[  157.088762][   T61] usb 8-1: USB disconnect, device number 16
[  157.117021][T10832] netlink: 'syz.5.1484': attribute type 1 has an invalid length.
[  157.119607][T10832] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1484'.
[  157.122976][T10832] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1484'.
[  157.125469][ T8937] udevd[8937]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  157.292961][T10843] overlayfs: missing 'lowerdir'
[  157.297714][T10839] Invalid logical block size (2)
[  157.333674][  T839] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  157.336010][  T839] ath9k_htc: Failed to initialize the device
[  157.354724][  T839] usb 6-1: ath9k_htc: USB layer deinitialized
[  157.573809][ T5945] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  157.596807][T10866] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1494'.
[  157.658309][T10877] overlayfs: missing 'lowerdir'
[  157.881374][T10892] fuse: root generation should be zero
[  157.989461][T10903] overlayfs: missing 'workdir'
[  158.141584][T10917] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  158.145249][T10917] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  158.149027][T10917] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  158.152235][T10917] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  158.159008][T10916] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  158.162614][T10916] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  158.167586][T10916] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  158.167638][T10916] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  158.202535][T10920] tmpfs: Bad value for 'mpol'
[  158.357747][T10927] overlayfs: missing 'workdir'
[  158.439077][T10931] loop4: detected capacity change from 0 to 7
[  158.444550][T10931] Dev loop4: unable to read RDB block 7
[  158.446347][T10931]  loop4: unable to read partition table
[  158.448215][T10931] loop4: partition table beyond EOD, truncated
[  158.450253][T10931] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[  158.467037][ T5344] Dev loop4: unable to read RDB block 7
[  158.469025][ T5344]  loop4: unable to read partition table
[  158.470909][ T5344] loop4: partition table beyond EOD, truncated
[  158.498425][T10933] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  158.551326][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  158.551337][   T40] audit: type=1400 audit(158.467:972): avc:  denied  { remove_name } for  pid=10938 comm="syz.5.1524" name="file0" dev="9p" ino=35913885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  158.561629][   T40] audit: type=1400 audit(158.467:973): avc:  denied  { rename } for  pid=10938 comm="syz.5.1524" name="file0" dev="9p" ino=35913885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  158.568528][   T40] audit: type=1400 audit(158.467:974): avc:  denied  { unlink } for  pid=10938 comm="syz.5.1524" name="file1" dev="9p" ino=35913887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  158.576809][   T40] audit: type=1400 audit(158.477:975): avc:  denied  { write } for  pid=10938 comm="syz.5.1524" name="file0" dev="9p" ino=35913887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  158.711294][T10947] overlayfs: missing 'workdir'
[  158.792463][T10950] openvswitch: netlink: IP tunnel TTL not specified.
[  158.839777][   T40] audit: type=1400 audit(158.757:976): avc:  denied  { read } for  pid=10955 comm="syz.5.1532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  158.867108][   T40] audit: type=1400 audit(158.787:977): avc:  denied  { mount } for  pid=10961 comm="syz.3.1534" name="/" dev="configfs" ino=3084 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  158.874324][   T40] audit: type=1400 audit(158.787:978): avc:  denied  { search } for  pid=10961 comm="syz.3.1534" name="/" dev="configfs" ino=3084 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  158.881643][   T40] audit: type=1400 audit(158.787:979): avc:  denied  { search } for  pid=10961 comm="syz.3.1534" name="/" dev="configfs" ino=3084 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  158.882346][ T2295] usb 6-1: USB disconnect, device number 26
[  158.891362][   T40] audit: type=1400 audit(158.787:980): avc:  denied  { search } for  pid=10961 comm="syz.3.1534" name="/" dev="configfs" ino=3084 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  158.945249][T10974] all: renamed from lo
[  158.985463][T10982] FAULT_INJECTION: forcing a failure.
[  158.985463][T10982] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.989521][T10982] CPU: 3 UID: 0 PID: 10982 Comm: syz.3.1537 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  158.989536][T10982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  158.989543][T10982] Call Trace:
[  158.989546][T10982]  <TASK>
[  158.989550][T10982]  dump_stack_lvl+0x16c/0x1f0
[  158.989582][T10982]  should_fail_ex+0x512/0x640
[  158.989601][T10982]  _copy_from_iter+0x29f/0x16f0
[  158.989616][T10982]  ? __alloc_skb+0x200/0x380
[  158.989630][T10982]  ? __pfx__copy_from_iter+0x10/0x10
[  158.989643][T10982]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  158.989656][T10982]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  158.989674][T10982]  netlink_sendmsg+0x829/0xdd0
[  158.989687][T10982]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.989702][T10982]  ____sys_sendmsg+0xa98/0xc70
[  158.989713][T10982]  ? copy_msghdr_from_user+0x10a/0x160
[  158.989727][T10982]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.989743][T10982]  ___sys_sendmsg+0x134/0x1d0
[  158.989758][T10982]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.989770][T10982]  ? __lock_acquire+0x622/0x1c90
[  158.989801][T10982]  __sys_sendmsg+0x16d/0x220
[  158.989815][T10982]  ? __pfx___sys_sendmsg+0x10/0x10
[  158.989837][T10982]  do_syscall_64+0xcd/0x4c0
[  158.989852][T10982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.989863][T10982] RIP: 0033:0x7f4a01d8e929
[  158.989871][T10982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.989881][T10982] RSP: 002b:00007f4a02b43038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  158.989891][T10982] RAX: ffffffffffffffda RBX: 00007f4a01fb6080 RCX: 00007f4a01d8e929
[  158.989897][T10982] RDX: 0000000000040000 RSI: 0000200000000600 RDI: 0000000000000006
[  158.989903][T10982] RBP: 00007f4a02b43090 R08: 0000000000000000 R09: 0000000000000000
[  158.989908][T10982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.989914][T10982] R13: 0000000000000000 R14: 00007f4a01fb6080 R15: 00007ffe91e3f678
[  158.989926][T10982]  </TASK>
[  159.077932][   T40] audit: type=1400 audit(158.997:981): avc:  denied  { override_creds } for  pid=10988 comm="syz.1.1543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  159.284992][ T6015] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  159.414725][ T5998] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  159.436554][ T6015] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  159.439481][ T6015] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.441972][ T6015] usb 8-1: Product: syz
[  159.443303][ T6015] usb 8-1: Manufacturer: syz
[  159.445390][ T6015] usb 8-1: SerialNumber: syz
[  159.451275][ T6015] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  159.462846][  T839] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  159.500935][T11025] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1556'.
[  159.553639][ T6019] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  159.567146][ T5998] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  159.570217][ T5998] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.573070][ T5998] usb 5-1: Product: syz
[  159.575634][ T5998] usb 5-1: Manufacturer: syz
[  159.577716][ T5998] usb 5-1: SerialNumber: syz
[  159.582789][ T5998] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  159.596605][ T6125] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  159.703733][ T6019] usb 10-1: Using ep0 maxpacket: 8
[  159.707641][ T6019] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  159.711148][ T6019] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  159.717997][ T6019] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  159.722120][ T6019] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  159.726366][ T6019] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  159.731776][ T6019] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  159.735939][ T6019] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.947042][ T6019] usb 10-1: usb_control_msg returned -32
[  159.949514][ T6019] usbtmc 10-1:16.0: can't read capabilities
[  160.301522][T11028] usbtmc 10-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[  160.456383][T11038] syz.1.1561: attempt to access beyond end of device
[  160.456383][T11038] sr0: rw=4096, sector=0, nr_sectors = 4 limit=0
[  160.461152][T11038] EXT4-fs (sr0): unable to read superblock
[  160.502462][   T53] usb 10-1: USB disconnect, device number 10
[  160.533719][  T839] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  160.536197][  T839] ath9k_htc: Failed to initialize the device
[  160.558491][  T839] usb 8-1: ath9k_htc: USB layer deinitialized
[  160.613908][ T6125] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  160.616343][ T6125] ath9k_htc: Failed to initialize the device
[  160.638535][ T6125] usb 5-1: ath9k_htc: USB layer deinitialized
[  160.741994][T11058] fuse: Unknown parameter 'd'
[  160.792467][T11061] netlink: 'syz.1.1568': attribute type 1 has an invalid length.
[  161.072280][T11065] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1570'.
[  161.118693][T11065] netlink: 14212 bytes leftover after parsing attributes in process `syz.5.1570'.
[  161.719317][T11079] xt_NFQUEUE: number of total queues is 0
[  162.026765][ T6019] usb 8-1: USB disconnect, device number 17
[  162.195625][ T6019] usb 5-1: USB disconnect, device number 19
[  162.215485][ T6015] usb 6-1: new low-speed USB device number 27 using dummy_hcd
[  162.293839][T11111] i2c i2c-1: Invalid block write size 34
[  162.342903][T11118] FAULT_INJECTION: forcing a failure.
[  162.342903][T11118] name failslab, interval 1, probability 0, space 0, times 0
[  162.347123][T11118] CPU: 0 UID: 0 PID: 11118 Comm: syz.3.1588 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  162.347138][T11118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  162.347145][T11118] Call Trace:
[  162.347148][T11118]  <TASK>
[  162.347152][T11118]  dump_stack_lvl+0x16c/0x1f0
[  162.347172][T11118]  should_fail_ex+0x512/0x640
[  162.347185][T11118]  ? fs_reclaim_acquire+0xae/0x150
[  162.347197][T11118]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  162.347211][T11118]  should_failslab+0xc2/0x120
[  162.347226][T11118]  __kmalloc_noprof+0xd2/0x510
[  162.347242][T11118]  tomoyo_realpath_from_path+0xc2/0x6e0
[  162.347258][T11118]  ? tomoyo_profile+0x47/0x60
[  162.347274][T11118]  tomoyo_path_number_perm+0x245/0x580
[  162.347285][T11118]  ? tomoyo_path_number_perm+0x237/0x580
[  162.347298][T11118]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  162.347310][T11118]  ? find_held_lock+0x2b/0x80
[  162.347334][T11118]  ? find_held_lock+0x2b/0x80
[  162.347345][T11118]  ? hook_file_ioctl_common+0x145/0x410
[  162.347369][T11118]  ? __fget_files+0x20e/0x3c0
[  162.347385][T11118]  security_file_ioctl+0x9b/0x240
[  162.347400][T11118]  __x64_sys_ioctl+0xb7/0x210
[  162.347412][T11118]  do_syscall_64+0xcd/0x4c0
[  162.347428][T11118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.347439][T11118] RIP: 0033:0x7f4a01d8e929
[  162.347447][T11118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.347457][T11118] RSP: 002b:00007f4a02b64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  162.347467][T11118] RAX: ffffffffffffffda RBX: 00007f4a01fb5fa0 RCX: 00007f4a01d8e929
[  162.347473][T11118] RDX: 0000200000000280 RSI: 00000000000007ab RDI: 0000000000000003
[  162.347479][T11118] RBP: 00007f4a02b64090 R08: 0000000000000000 R09: 0000000000000000
[  162.347485][T11118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.347490][T11118] R13: 0000000000000000 R14: 00007f4a01fb5fa0 R15: 00007ffe91e3f678
[  162.347503][T11118]  </TASK>
[  162.347772][T11118] ERROR: Out of memory at tomoyo_realpath_from_path.
[  162.359386][T11119] FAULT_INJECTION: forcing a failure.
[  162.359386][T11119] name failslab, interval 1, probability 0, space 0, times 0
[  162.365408][ T6015] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  162.367754][T11119] CPU: 3 UID: 0 PID: 11119 Comm: syz.0.1586 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  162.367769][T11119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  162.367775][T11119] Call Trace:
[  162.367779][T11119]  <TASK>
[  162.367783][T11119]  dump_stack_lvl+0x16c/0x1f0
[  162.367802][T11119]  should_fail_ex+0x512/0x640
[  162.367815][T11119]  ? __kmalloc_noprof+0xbf/0x510
[  162.367829][T11119]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  162.367843][T11119]  should_failslab+0xc2/0x120
[  162.367858][T11119]  __kmalloc_noprof+0xd2/0x510
[  162.367873][T11119]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  162.367887][T11119]  ? cred_has_capability.isra.0+0x193/0x2f0
[  162.367903][T11119]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  162.367916][T11119]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  162.367932][T11119]  ? bpf_lsm_capable+0x9/0x10
[  162.367943][T11119]  ? security_capable+0x7e/0x260
[  162.367957][T11119]  genl_rcv_msg+0x55c/0x800
[  162.367970][T11119]  ? __pfx_genl_rcv_msg+0x10/0x10
[  162.367982][T11119]  ? __pfx_nfc_genl_disable_se+0x10/0x10
[  162.367995][T11119]  ? __lock_acquire+0x622/0x1c90
[  162.368013][T11119]  netlink_rcv_skb+0x155/0x420
[  162.368023][T11119]  ? __pfx_genl_rcv_msg+0x10/0x10
[  162.368035][T11119]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  162.368051][T11119]  ? netlink_deliver_tap+0x1ae/0xd30
[  162.368067][T11119]  ? is_vmalloc_addr+0x86/0xa0
[  162.368081][T11119]  genl_rcv+0x28/0x40
[  162.368091][T11119]  netlink_unicast+0x53a/0x7f0
[  162.368102][T11119]  ? __pfx_netlink_unicast+0x10/0x10
[  162.368116][T11119]  netlink_sendmsg+0x8d1/0xdd0
[  162.368129][T11119]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.368149][T11119]  ____sys_sendmsg+0xa98/0xc70
[  162.368161][T11119]  ? copy_msghdr_from_user+0x10a/0x160
[  162.368175][T11119]  ? __pfx_____sys_sendmsg+0x10/0x10
[  162.368191][T11119]  ___sys_sendmsg+0x134/0x1d0
[  162.368206][T11119]  ? __pfx____sys_sendmsg+0x10/0x10
[  162.368219][T11119]  ? __lock_acquire+0x622/0x1c90
[  162.368250][T11119]  __sys_sendmsg+0x16d/0x220
[  162.368264][T11119]  ? __pfx___sys_sendmsg+0x10/0x10
[  162.368286][T11119]  do_syscall_64+0xcd/0x4c0
[  162.368302][T11119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.368313][T11119] RIP: 0033:0x7f6299d8e929
[  162.368322][T11119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.368332][T11119] RSP: 002b:00007f629abef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  162.368342][T11119] RAX: ffffffffffffffda RBX: 00007f6299fb6080 RCX: 00007f6299d8e929
[  162.368348][T11119] RDX: 0000000000040000 RSI: 0000200000000600 RDI: 0000000000000006
[  162.368354][T11119] RBP: 00007f629abef090 R08: 0000000000000000 R09: 0000000000000000
[  162.368360][T11119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.368366][T11119] R13: 0000000000000000 R14: 00007f6299fb6080 R15: 00007fff098b3e08
[  162.368379][T11119]  </TASK>
[  162.451666][    C3] vcan0: j1939_tp_rxtimer: 0xffff8880622f1800: rx timeout, send abort
[  162.453172][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  162.453195][ T6015] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  162.453209][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  162.455962][    C3] vcan0: j1939_xtp_rx_abort_one: 0xffff8880622f1800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  162.456494][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  162.477786][T11124] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1590'.
[  162.479434][ T6015] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  162.551985][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  162.555456][ T6015] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  162.559388][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  162.562869][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  162.567314][ T6015] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  162.569673][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  162.573428][ T6015] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  162.577176][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  162.580738][ T6015] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  162.586969][ T6015] usb 6-1: string descriptor 0 read error: -22
[  162.589014][ T6015] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  162.592278][ T6015] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.603868][ T6015] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  162.634712][T11132] netlink: 'syz.3.1594': attribute type 32 has an invalid length.
[  162.637211][T11132] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1594'.
[  162.640146][T11132] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  162.704290][ T6019] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  162.743758][ T6125] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  162.858528][ T6019] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  162.861418][ T6019] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.864075][T11089] orangefs: client-core tried to read wrong size
[  162.867058][ T6019] usb 5-1: Product: syz
[  162.868900][ T6019] usb 5-1: Manufacturer: syz
[  162.869298][T11089] xfrm2: entered allmulticast mode
[  162.870930][ T6019] usb 5-1: SerialNumber: syz
[  162.880223][ T6019] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  162.895427][ T2295] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  162.919670][ T6125] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  162.923003][ T6125] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.926218][ T6125] usb 10-1: Product: syz
[  162.927579][ T6125] usb 10-1: Manufacturer: syz
[  162.929093][ T6125] usb 10-1: SerialNumber: syz
[  162.933972][ T6125] usb 10-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  162.944220][  T837] usb 10-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  163.184359][ T5946] Bluetooth: hci4: command 0x0405 tx timeout
[  163.258059][ T6019] usb 10-1: USB disconnect, device number 11
[  163.576839][T11139] FAULT_INJECTION: forcing a failure.
[  163.576839][T11139] name failslab, interval 1, probability 0, space 0, times 0
[  163.580871][T11139] CPU: 2 UID: 0 PID: 11139 Comm: syz.3.1597 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  163.580886][T11139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.580892][T11139] Call Trace:
[  163.580897][T11139]  <TASK>
[  163.580902][T11139]  dump_stack_lvl+0x16c/0x1f0
[  163.580920][T11139]  should_fail_ex+0x512/0x640
[  163.580934][T11139]  ? fs_reclaim_acquire+0xae/0x150
[  163.580958][T11139]  ? tomoyo_encode2+0x100/0x3e0
[  163.580971][T11139]  should_failslab+0xc2/0x120
[  163.580986][T11139]  __kmalloc_noprof+0xd2/0x510
[  163.580999][T11139]  ? d_absolute_path+0x136/0x1a0
[  163.581012][T11139]  tomoyo_encode2+0x100/0x3e0
[  163.581027][T11139]  tomoyo_encode+0x29/0x50
[  163.581039][T11139]  tomoyo_realpath_from_path+0x18f/0x6e0
[  163.581058][T11139]  tomoyo_path_number_perm+0x245/0x580
[  163.581069][T11139]  ? tomoyo_path_number_perm+0x237/0x580
[  163.581082][T11139]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  163.581094][T11139]  ? find_held_lock+0x2b/0x80
[  163.581125][T11139]  ? find_held_lock+0x2b/0x80
[  163.581136][T11139]  ? hook_file_ioctl_common+0x145/0x410
[  163.581155][T11139]  ? __fget_files+0x20e/0x3c0
[  163.581171][T11139]  security_file_ioctl+0x9b/0x240
[  163.581186][T11139]  __x64_sys_ioctl+0xb7/0x210
[  163.581198][T11139]  do_syscall_64+0xcd/0x4c0
[  163.581214][T11139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.581224][T11139] RIP: 0033:0x7f4a01d8e929
[  163.581234][T11139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.581243][T11139] RSP: 002b:00007f4a02b64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  163.581253][T11139] RAX: ffffffffffffffda RBX: 00007f4a01fb5fa0 RCX: 00007f4a01d8e929
[  163.581259][T11139] RDX: 0000200000000280 RSI: 00000000000007ab RDI: 0000000000000003
[  163.581265][T11139] RBP: 00007f4a02b64090 R08: 0000000000000000 R09: 0000000000000000
[  163.581271][T11139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.581277][T11139] R13: 0000000000000000 R14: 00007f4a01fb5fa0 R15: 00007ffe91e3f678
[  163.581290][T11139]  </TASK>
[  163.581348][T11139] ERROR: Out of memory at tomoyo_realpath_from_path.
[  163.973654][  T837] ath9k_htc 10-1:1.0: ath9k_htc: Target is unresponsive
[  163.976262][  T837] ath9k_htc: Failed to initialize the device
[  163.978582][ T6019] usb 10-1: ath9k_htc: USB layer deinitialized
[  163.983826][ T2295] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  163.986118][ T2295] ath9k_htc: Failed to initialize the device
[  163.987616][T11157] FAULT_INJECTION: forcing a failure.
[  163.987616][T11157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.991793][T11157] CPU: 0 UID: 0 PID: 11157 Comm: syz.5.1606 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  163.991808][T11157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.991814][T11157] Call Trace:
[  163.991818][T11157]  <TASK>
[  163.991823][T11157]  dump_stack_lvl+0x16c/0x1f0
[  163.991841][T11157]  should_fail_ex+0x512/0x640
[  163.991857][T11157]  _copy_from_user+0x2e/0xd0
[  163.991872][T11157]  vmci_host_unlocked_ioctl+0xee9/0x2040
[  163.991886][T11157]  ? do_vfs_ioctl+0x523/0x1a60
[  163.991898][T11157]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  163.991914][T11157]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  163.991928][T11157]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  163.991943][T11157]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  163.991960][T11157]  ? hook_file_ioctl_common+0x145/0x410
[  163.991979][T11157]  ? selinux_file_ioctl+0x180/0x270
[  163.991992][T11157]  ? selinux_file_ioctl+0xb4/0x270
[  163.992005][T11157]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  163.992019][T11157]  __x64_sys_ioctl+0x18e/0x210
[  163.992031][T11157]  do_syscall_64+0xcd/0x4c0
[  163.992046][T11157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.992057][T11157] RIP: 0033:0x7f5b7f98e929
[  163.992065][T11157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.992075][T11157] RSP: 002b:00007f5b808ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  163.992085][T11157] RAX: ffffffffffffffda RBX: 00007f5b7fbb5fa0 RCX: 00007f5b7f98e929
[  163.992091][T11157] RDX: 0000200000000280 RSI: 00000000000007ab RDI: 0000000000000003
[  163.992097][T11157] RBP: 00007f5b808ac090 R08: 0000000000000000 R09: 0000000000000000
[  163.992102][T11157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.992108][T11157] R13: 0000000000000000 R14: 00007f5b7fbb5fa0 R15: 00007ffec126f668
[  163.992120][T11157]  </TASK>
[  164.011731][ T2295] usb 5-1: ath9k_htc: USB layer deinitialized
[  164.043882][T11159] overlayfs: upper fs does not support tmpfile.
[  164.217912][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  164.217928][   T40] audit: type=1400 audit(164.137:985): avc:  denied  { setattr } for  pid=11160 comm="syz.5.1608" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  164.659756][T11170] tmpfs: Unknown parameter 'n5£(ûèÉú%ù0ݺ'
[  164.936453][   T34] usb 6-1: USB disconnect, device number 27
[  165.385529][ T5998] usb 5-1: USB disconnect, device number 20
[  169.383095][T11178] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  169.404023][T11178] netlink: 'syz.1.1613': attribute type 10 has an invalid length.
[  169.406418][T11178] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1613'.
[  169.409315][T11178] dummy0: entered promiscuous mode
[  169.413037][T11178] bridge0: port 2(dummy0) entered blocking state
[  169.415572][T11178] bridge0: port 2(dummy0) entered disabled state
[  169.418813][T11178] dummy0: entered allmulticast mode
[  169.422624][T11178] bridge0: port 2(dummy0) entered blocking state
[  169.423591][   T40] audit: type=1400 audit(169.337:986): avc:  denied  { execute } for  pid=11175 comm="syz.5.1614" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=44394 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  169.425223][T11178] bridge0: port 2(dummy0) entered listening state
[  169.484247][T11191] netlink: 'syz.1.1619': attribute type 13 has an invalid length.
[  169.487226][T11191] gretap0: refused to change device tx_queue_len
[  169.489253][T11191] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  169.536638][T11197] FAULT_INJECTION: forcing a failure.
[  169.536638][T11197] name failslab, interval 1, probability 0, space 0, times 0
[  169.540984][T11197] CPU: 0 UID: 0 PID: 11197 Comm: syz.5.1621 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  169.541000][T11197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  169.541006][T11197] Call Trace:
[  169.541010][T11197]  <TASK>
[  169.541015][T11197]  dump_stack_lvl+0x16c/0x1f0
[  169.541033][T11197]  should_fail_ex+0x512/0x640
[  169.541046][T11197]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  169.541062][T11197]  should_failslab+0xc2/0x120
[  169.541077][T11197]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  169.541090][T11197]  ? __alloc_skb+0x2b2/0x380
[  169.541106][T11197]  __alloc_skb+0x2b2/0x380
[  169.541119][T11197]  ? __pfx___alloc_skb+0x10/0x10
[  169.541133][T11197]  ? genl_rcv_msg+0x4bb/0x800
[  169.541148][T11197]  netlink_ack+0x15d/0xb80
[  169.541160][T11197]  ? __lock_acquire+0x622/0x1c90
[  169.541178][T11197]  netlink_rcv_skb+0x332/0x420
[  169.541188][T11197]  ? __pfx_genl_rcv_msg+0x10/0x10
[  169.541200][T11197]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  169.541216][T11197]  ? netlink_deliver_tap+0x1ae/0xd30
[  169.541232][T11197]  ? is_vmalloc_addr+0x86/0xa0
[  169.541246][T11197]  genl_rcv+0x28/0x40
[  169.541256][T11197]  netlink_unicast+0x53a/0x7f0
[  169.541268][T11197]  ? __pfx_netlink_unicast+0x10/0x10
[  169.541282][T11197]  netlink_sendmsg+0x8d1/0xdd0
[  169.541294][T11197]  ? __pfx_netlink_sendmsg+0x10/0x10
[  169.541309][T11197]  ____sys_sendmsg+0xa98/0xc70
[  169.541321][T11197]  ? copy_msghdr_from_user+0x10a/0x160
[  169.541335][T11197]  ? __pfx_____sys_sendmsg+0x10/0x10
[  169.541351][T11197]  ___sys_sendmsg+0x134/0x1d0
[  169.541370][T11197]  ? __pfx____sys_sendmsg+0x10/0x10
[  169.541382][T11197]  ? __lock_acquire+0x622/0x1c90
[  169.541413][T11197]  __sys_sendmsg+0x16d/0x220
[  169.541427][T11197]  ? __pfx___sys_sendmsg+0x10/0x10
[  169.541449][T11197]  do_syscall_64+0xcd/0x4c0
[  169.541465][T11197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.541476][T11197] RIP: 0033:0x7f5b7f98e929
[  169.541485][T11197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.541494][T11197] RSP: 002b:00007f5b808ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  169.541504][T11197] RAX: ffffffffffffffda RBX: 00007f5b7fbb5fa0 RCX: 00007f5b7f98e929
[  169.541510][T11197] RDX: 0000000000040000 RSI: 0000200000000600 RDI: 0000000000000006
[  169.541516][T11197] RBP: 00007f5b808ac090 R08: 0000000000000000 R09: 0000000000000000
[  169.541522][T11197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.541528][T11197] R13: 0000000000000000 R14: 00007f5b7fbb5fa0 R15: 00007ffec126f668
[  169.541540][T11197]  </TASK>
[  169.741172][   T40] audit: type=1400 audit(169.657:987): avc:  denied  { read } for  pid=11203 comm="syz.1.1624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  169.754157][  T837] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  169.773889][ T5998] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  169.802239][T11206] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1625'.
[  169.805225][T11206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1625'.
[  169.908840][  T837] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  169.911686][  T837] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.914975][  T837] usb 8-1: Product: syz
[  169.916324][  T837] usb 8-1: Manufacturer: syz
[  169.917764][  T837] usb 8-1: SerialNumber: syz
[  169.923059][  T837] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  169.934171][ T5998] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  169.938468][ T5998] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.941841][ T5998] usb 10-1: Product: syz
[  169.944406][ T5998] usb 10-1: Manufacturer: syz
[  169.947052][ T5998] usb 10-1: SerialNumber: syz
[  169.955081][ T5998] usb 10-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  169.962957][  T837] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  169.973020][   T10] usb 10-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  170.154837][   T34] usb 6-1: new low-speed USB device number 28 using dummy_hcd
[  170.235628][ T6015] usb 10-1: USB disconnect, device number 12
[  170.316402][   T34] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  170.318880][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  170.322170][   T34] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  170.325896][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  170.329850][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  170.335366][   T34] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  170.338376][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  170.342695][   T34] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  170.353577][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  170.358017][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  170.363872][   T34] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  170.367060][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  170.371258][   T34] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  170.375478][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  170.379173][   T34] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  170.390714][   T34] usb 6-1: string descriptor 0 read error: -22
[  170.392801][   T34] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  170.395796][   T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.403643][   T34] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  170.482790][T11220] FAULT_INJECTION: forcing a failure.
[  170.482790][T11220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.487121][T11220] CPU: 1 UID: 0 PID: 11220 Comm: syz.0.1630 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  170.487145][T11220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  170.487154][T11220] Call Trace:
[  170.487161][T11220]  <TASK>
[  170.487167][T11220]  dump_stack_lvl+0x16c/0x1f0
[  170.487195][T11220]  should_fail_ex+0x512/0x640
[  170.487219][T11220]  _copy_from_user+0x2e/0xd0
[  170.487241][T11220]  memdup_user+0x6b/0xe0
[  170.487262][T11220]  vmci_host_unlocked_ioctl+0xf3f/0x2040
[  170.487283][T11220]  ? do_vfs_ioctl+0x523/0x1a60
[  170.487300][T11220]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  170.487323][T11220]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  170.487351][T11220]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  170.487374][T11220]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  170.487405][T11220]  ? hook_file_ioctl_common+0x145/0x410
[  170.487438][T11220]  ? selinux_file_ioctl+0x180/0x270
[  170.487458][T11220]  ? selinux_file_ioctl+0xb4/0x270
[  170.487481][T11220]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  170.487503][T11220]  __x64_sys_ioctl+0x18e/0x210
[  170.487523][T11220]  do_syscall_64+0xcd/0x4c0
[  170.487548][T11220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.487565][T11220] RIP: 0033:0x7f6299d8e929
[  170.487578][T11220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.487594][T11220] RSP: 002b:00007f629ac10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  170.487610][T11220] RAX: ffffffffffffffda RBX: 00007f6299fb5fa0 RCX: 00007f6299d8e929
[  170.487621][T11220] RDX: 0000200000000280 RSI: 00000000000007ab RDI: 0000000000000003
[  170.487630][T11220] RBP: 00007f629ac10090 R08: 0000000000000000 R09: 0000000000000000
[  170.487639][T11220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.487648][T11220] R13: 0000000000000000 R14: 00007f6299fb5fa0 R15: 00007fff098b3e08
[  170.487670][T11220]  </TASK>
[  170.557482][    C1] vkms_vblank_simulate: vblank timer overrun
[  170.603236][   T34] usb 6-1: USB disconnect, device number 28
[  170.752583][   T40] audit: type=1400 audit(170.667:988): avc:  denied  { getopt } for  pid=11227 comm="syz.0.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  170.809304][T11230] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1635'.
[  170.837744][T11233] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1636'.
[  170.843608][T11233] bridge0: entered allmulticast mode
[  170.848097][T11233] pim6reg: entered allmulticast mode
[  170.874198][T11237] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340
[  170.878759][T11237] netlink: 'syz.5.1638': attribute type 1 has an invalid length.
[  170.904821][T11237] 8021q: adding VLAN 0 to HW filter on device bond0
[  170.919329][T11237] bond0: (slave erspan0): making interface the new active one
[  170.922658][T11237] bond0: (slave erspan0): Enslaving as an active interface with an up link
[  170.927498][   T40] audit: type=1400 audit(170.847:989): avc:  denied  { accept } for  pid=11238 comm="syz.0.1637" path="socket:[44511]" dev="sockfs" ino=44511 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  170.964975][T11242] FAULT_INJECTION: forcing a failure.
[  170.964975][T11242] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.969266][T11242] CPU: 3 UID: 0 PID: 11242 Comm: syz.5.1639 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  170.969289][T11242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  170.969300][T11242] Call Trace:
[  170.969306][T11242]  <TASK>
[  170.969312][T11242]  dump_stack_lvl+0x16c/0x1f0
[  170.969340][T11242]  should_fail_ex+0x512/0x640
[  170.969366][T11242]  _copy_to_user+0x32/0xd0
[  170.969389][T11242]  vmci_host_unlocked_ioctl+0x9d5/0x2040
[  170.969413][T11242]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  170.969437][T11242]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  170.969452][T11242]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  170.969467][T11242]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  170.969485][T11242]  ? hook_file_ioctl_common+0x145/0x410
[  170.969504][T11242]  ? selinux_file_ioctl+0x180/0x270
[  170.969516][T11242]  ? selinux_file_ioctl+0xb4/0x270
[  170.969530][T11242]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  170.969543][T11242]  __x64_sys_ioctl+0x18e/0x210
[  170.969556][T11242]  do_syscall_64+0xcd/0x4c0
[  170.969572][T11242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.969582][T11242] RIP: 0033:0x7f5b7f98e929
[  170.969591][T11242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.969601][T11242] RSP: 002b:00007f5b808ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  170.969611][T11242] RAX: ffffffffffffffda RBX: 00007f5b7fbb5fa0 RCX: 00007f5b7f98e929
[  170.969617][T11242] RDX: 0000200000000280 RSI: 00000000000007ab RDI: 0000000000000003
[  170.969623][T11242] RBP: 00007f5b808ac090 R08: 0000000000000000 R09: 0000000000000000
[  170.969629][T11242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.969634][T11242] R13: 0000000000000000 R14: 00007f5b7fbb5fa0 R15: 00007ffec126f668
[  170.969651][T11242]  </TASK>
[  170.993199][ T1257] tipc: Subscription rejected, illegal request
[  171.014717][   T10] ath9k_htc 10-1:1.0: ath9k_htc: Target is unresponsive
[  171.043220][  T837] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  171.045596][  T837] ath9k_htc: Failed to initialize the device
[  171.047812][   T10] ath9k_htc: Failed to initialize the device
[  171.050978][ T6015] usb 10-1: ath9k_htc: USB layer deinitialized
[  171.070873][  T837] usb 8-1: ath9k_htc: USB layer deinitialized
[  171.189444][T11248] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1642'.
[  171.197961][   T40] audit: type=1400 audit(171.117:990): avc:  denied  { listen } for  pid=11247 comm="syz.0.1642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  171.221120][T11258] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1641'.
[  171.243475][   T40] audit: type=1400 audit(171.157:991): avc:  denied  { relabelfrom } for  pid=11259 comm="syz.0.1645" name="" dev="pipefs" ino=45375 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  171.436125][T11270] FAULT_INJECTION: forcing a failure.
[  171.436125][T11270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  171.441511][T11270] CPU: 3 UID: 0 PID: 11270 Comm: syz.0.1649 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  171.441534][T11270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  171.441544][T11270] Call Trace:
[  171.441551][T11270]  <TASK>
[  171.441558][T11270]  dump_stack_lvl+0x16c/0x1f0
[  171.441587][T11270]  should_fail_ex+0x512/0x640
[  171.441612][T11270]  _copy_to_user+0x32/0xd0
[  171.441636][T11270]  vmci_host_unlocked_ioctl+0x9d5/0x2040
[  171.441660][T11270]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  171.441685][T11270]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  171.441710][T11270]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  171.441733][T11270]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  171.441762][T11270]  ? hook_file_ioctl_common+0x145/0x410
[  171.441794][T11270]  ? selinux_file_ioctl+0x180/0x270
[  171.441814][T11270]  ? selinux_file_ioctl+0xb4/0x270
[  171.441836][T11270]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  171.441856][T11270]  __x64_sys_ioctl+0x18e/0x210
[  171.441879][T11270]  do_syscall_64+0xcd/0x4c0
[  171.441905][T11270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.441923][T11270] RIP: 0033:0x7f6299d8e929
[  171.441935][T11270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.441950][T11270] RSP: 002b:00007f629ac10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  171.441967][T11270] RAX: ffffffffffffffda RBX: 00007f6299fb5fa0 RCX: 00007f6299d8e929
[  171.441977][T11270] RDX: 0000200000000280 RSI: 00000000000007ab RDI: 0000000000000003
[  171.441987][T11270] RBP: 00007f629ac10090 R08: 0000000000000000 R09: 0000000000000000
[  171.441997][T11270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.442007][T11270] R13: 0000000000000000 R14: 00007f6299fb5fa0 R15: 00007fff098b3e08
[  171.442029][T11270]  </TASK>
[  171.444232][ T2295] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  171.693569][ T2295] usb 6-1: Using ep0 maxpacket: 32
[  171.697816][ T2295] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  171.701245][ T2295] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  171.704204][ T2295] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  171.706858][ T2295] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  171.709867][ T2295] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  171.713304][ T2295] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  171.718266][ T2295] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  171.721878][ T2295] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.727415][ T2295] usb 6-1: config 0 descriptor??
[  171.935440][ T2295] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 29 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  171.944909][ T2295] usb 6-1: USB disconnect, device number 29
[  171.959865][ T2295] usblp0: removed
[  172.213712][  T839] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  172.301868][T11311] nbd: couldn't find device at index 587202560
[  172.357405][T11314] netlink: 'syz.0.1662': attribute type 1 has an invalid length.
[  172.357428][T11314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1662'.
[  172.385628][  T839] usb 10-1: config 0 has an invalid descriptor of length 40, skipping remainder of the config
[  172.389751][  T839] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  172.395243][  T839] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  172.398741][  T839] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.404269][  T839] usb 10-1: config 0 descriptor??
[  172.409693][  T839] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  172.485096][T11320] gfs2: not a GFS2 filesystem
[  172.489355][T11320] gfs2: not a GFS2 filesystem
[  172.491367][T11320] gfs2: not a GFS2 filesystem
[  172.493267][T11320] gfs2: not a GFS2 filesystem
[  172.496394][T11320] gfs2: not a GFS2 filesystem
[  172.499076][T11320] gfs2: not a GFS2 filesystem
[  172.501512][T11320] gfs2: not a GFS2 filesystem
[  172.515270][   T60] usb 8-1: USB disconnect, device number 18
[  172.564309][T11328] 9pnet_fd: Insufficient options for proto=fd
[  172.567941][T11325] sctp: [Deprecated]: syz.3.1665 (pid 11325) Use of int in max_burst socket option.
[  172.567941][T11325] Use struct sctp_assoc_value instead
[  172.778476][T11338] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1668'.
[  172.824049][T11340] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1669'.
[  172.946900][T11346] syz.3.1672 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  173.088614][T11351] qrtr: Invalid version 255
[  173.175375][   T40] audit: type=1400 audit(173.097:992): avc:  denied  { watch watch_reads } for  pid=11354 comm="syz.3.1675" path="/382/file0/file0" dev="9p" ino=35913887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  173.511293][T11375] bridge_slave_1: entered promiscuous mode
[  173.597280][T11381] xt_hashlimit: size too large, truncated to 1048576
[  173.700029][   T40] audit: type=1400 audit(173.617:993): avc:  denied  { getopt } for  pid=11385 comm="syz.3.1684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  174.408117][T11398] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0)
[  174.436082][T11400] __nla_validate_parse: 2 callbacks suppressed
[  174.436095][T11400] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1689'.
[  174.525929][T11404] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  174.528852][T11404] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  174.532383][T11404] overlayfs: missing 'lowerdir'
[  174.641760][   T40] audit: type=1400 audit(174.557:994): avc:  denied  { accept } for  pid=11408 comm="syz.3.1693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  174.685645][   T40] audit: type=1326 audit(174.607:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11414 comm="syz.1.1696" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d1118e929 code=0x0
[  174.788445][   T40] audit: type=1400 audit(174.707:996): avc:  denied  { accept } for  pid=11414 comm="syz.1.1696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  174.947391][   T60] usb 10-1: USB disconnect, device number 13
[  175.036414][T11421] mkiss: ax0: crc mode is auto.
[  175.195487][T11426] random: crng reseeded on system resumption
[  175.195574][   T40] audit: type=1400 audit(175.117:997): avc:  denied  { append } for  pid=11424 comm="syz.3.1700" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  175.209166][   T40] audit: type=1400 audit(175.127:998): avc:  denied  { ioctl } for  pid=11424 comm="syz.3.1700" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3302 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  175.330503][T11432] FAULT_INJECTION: forcing a failure.
[  175.330503][T11432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.335402][T11432] CPU: 0 UID: 0 PID: 11432 Comm: syz.0.1701 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  175.335417][T11432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  175.335424][T11432] Call Trace:
[  175.335427][T11432]  <TASK>
[  175.335431][T11432]  dump_stack_lvl+0x16c/0x1f0
[  175.335466][T11432]  should_fail_ex+0x512/0x640
[  175.335485][T11432]  _copy_to_user+0x32/0xd0
[  175.335500][T11432]  simple_read_from_buffer+0xcb/0x170
[  175.335515][T11432]  proc_fail_nth_read+0x197/0x270
[  175.335528][T11432]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  175.335541][T11432]  ? rw_verify_area+0xcf/0x680
[  175.335552][T11432]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  175.335564][T11432]  vfs_read+0x1e4/0xc60
[  175.335578][T11432]  ? __pfx___mutex_lock+0x10/0x10
[  175.335593][T11432]  ? __pfx_vfs_read+0x10/0x10
[  175.335609][T11432]  ? __fget_files+0x20e/0x3c0
[  175.335626][T11432]  ksys_read+0x12a/0x250
[  175.335638][T11432]  ? __pfx_ksys_read+0x10/0x10
[  175.335653][T11432]  do_syscall_64+0xcd/0x4c0
[  175.335669][T11432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.335681][T11432] RIP: 0033:0x7f6299d8d33c
[  175.335689][T11432] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  175.335699][T11432] RSP: 002b:00007f629abef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  175.335708][T11432] RAX: ffffffffffffffda RBX: 00007f6299fb6080 RCX: 00007f6299d8d33c
[  175.335715][T11432] RDX: 000000000000000f RSI: 00007f629abef0a0 RDI: 0000000000000005
[  175.335720][T11432] RBP: 00007f629abef090 R08: 0000000000000000 R09: 0000000000000000
[  175.335726][T11432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.335731][T11432] R13: 0000000000000000 R14: 00007f6299fb6080 R15: 00007fff098b3e08
[  175.335744][T11432]  </TASK>
[  175.558603][T11443] netlink: 'syz.0.1705': attribute type 10 has an invalid length.
[  175.561211][T11443] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1705'.
[  175.570395][T11443] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  175.573278][T11443] team0: Failed to send options change via netlink (err -105)
[  175.576394][T11443] team0: Port device geneve0 added
[  175.621433][T11449] bad cache= option: none

[  175.621433][T11449] 
[  175.624291][T11449] CIFS: VFS: bad cache= option: none

[  175.764459][T11457] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1710'.
[  175.961401][   T40] audit: type=1326 audit(175.877:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11422 comm="syz.5.1699" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b7f98e929 code=0x7fc00000
[  176.015405][   T40] audit: type=1400 audit(175.937:1000): avc:  denied  { getopt } for  pid=11483 comm="syz.5.1719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  176.131564][T11499] syz.1.1724: attempt to access beyond end of device
[  176.131564][T11499] sr0: rw=0, sector=8, nr_sectors = 8 limit=0
[  176.141497][T11499] qnx4: unable to read the superblock
[  176.144255][T11502] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.1725' sets config #1
[  176.150880][T11503] netlink: 'syz.3.1726': attribute type 10 has an invalid length.
[  176.154197][T11503] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1726'.
[  176.158222][T11503] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  176.212672][T11511] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1728'.
[  176.249135][T11515] FAULT_INJECTION: forcing a failure.
[  176.249135][T11515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.253318][T11515] CPU: 0 UID: 0 PID: 11515 Comm: syz.1.1730 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  176.253333][T11515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  176.253340][T11515] Call Trace:
[  176.253344][T11515]  <TASK>
[  176.253347][T11515]  dump_stack_lvl+0x16c/0x1f0
[  176.253366][T11515]  should_fail_ex+0x512/0x640
[  176.253382][T11515]  _copy_to_user+0x32/0xd0
[  176.253397][T11515]  simple_read_from_buffer+0xcb/0x170
[  176.253412][T11515]  proc_fail_nth_read+0x197/0x270
[  176.253425][T11515]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  176.253450][T11515]  ? rw_verify_area+0xcf/0x680
[  176.253462][T11515]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  176.253474][T11515]  vfs_read+0x1e4/0xc60
[  176.253488][T11515]  ? __pfx___mutex_lock+0x10/0x10
[  176.253503][T11515]  ? __pfx_vfs_read+0x10/0x10
[  176.253518][T11515]  ? __fget_files+0x20e/0x3c0
[  176.253536][T11515]  ksys_read+0x12a/0x250
[  176.253547][T11515]  ? __pfx_ksys_read+0x10/0x10
[  176.253564][T11515]  do_syscall_64+0xcd/0x4c0
[  176.253579][T11515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.253590][T11515] RIP: 0033:0x7f7d1118d33c
[  176.253598][T11515] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  176.253608][T11515] RSP: 002b:00007f7d12042030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  176.253618][T11515] RAX: ffffffffffffffda RBX: 00007f7d113b5fa0 RCX: 00007f7d1118d33c
[  176.253624][T11515] RDX: 000000000000000f RSI: 00007f7d120420a0 RDI: 0000000000000004
[  176.253629][T11515] RBP: 00007f7d12042090 R08: 0000000000000000 R09: 0000000000000000
[  176.253635][T11515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.253641][T11515] R13: 0000000000000000 R14: 00007f7d113b5fa0 R15: 00007ffc75334ee8
[  176.253654][T11515]  </TASK>
[  176.423679][   T40] audit: type=1400 audit(176.337:1001): avc:  denied  { shutdown } for  pid=11518 comm="syz.5.1732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  176.433978][   T40] audit: type=1400 audit(176.357:1002): avc:  denied  { read } for  pid=11518 comm="syz.5.1732" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  176.443162][   T40] audit: type=1400 audit(176.357:1003): avc:  denied  { open } for  pid=11518 comm="syz.5.1732" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  176.653639][   T53] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  176.808211][   T53] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  176.811727][   T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.815272][   T53] usb 6-1: Product: syz
[  176.817148][   T53] usb 6-1: Manufacturer: syz
[  176.819243][   T53] usb 6-1: SerialNumber: syz
[  176.836957][   T53] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  176.849225][   T53] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  177.270243][T11538] tmpfs: Cannot change global quota limit on remount
[  177.348140][T11541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1738'.
[  177.442258][T11541] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1738'.
[  177.470192][T11548] xt_l2tp: v2 doesn't support IP mode
[  177.768114][T11555] "syz.3.1742" (11555) uses obsolete ecb(arc4) skcipher
[  177.903717][   T53] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  177.906153][   T53] ath9k_htc: Failed to initialize the device
[  177.929290][   T53] usb 6-1: ath9k_htc: USB layer deinitialized
[  178.313211][T11581] 9pnet_fd: Insufficient options for proto=fd
[  178.397670][T11576] netfs: Couldn't get user pages (rc=-14)
[  178.594115][   T60] usb 8-1: new full-speed USB device number 19 using dummy_hcd
[  178.626579][T11589] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  178.632757][T11589] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  178.723661][   T60] usb 8-1: device descriptor read/64, error -71
[  178.963573][   T60] usb 8-1: new full-speed USB device number 20 using dummy_hcd
[  179.094778][   T60] usb 8-1: device descriptor read/64, error -71
[  179.098208][ T6019] IPVS: starting estimator thread 0...
[  179.183657][T11605] IPVS: using max 46 ests per chain, 110400 per kthread
[  179.196412][T11607] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  179.200757][T11607] Error validating options; rc = [-22]
[  179.203378][T11607] netlink: 'syz.0.1759': attribute type 8 has an invalid length.
[  179.213947][   T60] usb usb8-port1: attempt power cycle
[  179.222206][T11608] netlink: 'syz.0.1759': attribute type 8 has an invalid length.
[  179.260374][T11613] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1760'.
[  179.311815][T11615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1761'.
[  179.315642][T11615] nbd: illegal input index 1879048192
[  179.415887][ T6100] usb 6-1: USB disconnect, device number 30
[  179.553641][   T60] usb 8-1: new full-speed USB device number 21 using dummy_hcd
[  179.577973][   T60] usb 8-1: device descriptor read/8, error -71
[  179.783353][  T839] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  179.833841][   T60] usb 8-1: new full-speed USB device number 22 using dummy_hcd
[  179.865565][   T60] usb 8-1: device descriptor read/8, error -71
[  179.913698][  T839] usb 5-1: device descriptor read/64, error -71
[  179.973938][   T60] usb usb8-port1: unable to enumerate USB device
[  180.153536][  T839] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  180.283871][  T839] usb 5-1: device descriptor read/64, error -71
[  180.393742][  T839] usb usb5-port1: attempt power cycle
[  180.743543][  T839] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  180.764163][  T839] usb 5-1: device descriptor read/8, error -71
[  180.909193][T11654] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1775'.
[  181.013759][  T839] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  181.034058][  T839] usb 5-1: device descriptor read/8, error -71
[  181.062533][T11659] syz.1.1776(11659): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  181.101479][T11658] bridge0: entered promiscuous mode
[  181.104107][T11658] macsec1: entered promiscuous mode
[  181.107020][T11658] bridge0: port 3(macsec1) entered blocking state
[  181.109860][T11658] bridge0: port 3(macsec1) entered disabled state
[  181.112666][T11658] macsec1: entered allmulticast mode
[  181.114748][T11658] bridge0: entered allmulticast mode
[  181.117935][T11658] macsec1: left allmulticast mode
[  181.120211][T11658] bridge0: left allmulticast mode
[  181.123863][T11658] bridge0: left promiscuous mode
[  181.143875][  T839] usb usb5-port1: unable to enumerate USB device
[  181.427191][T11670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1779'.
[  181.430492][T11670] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  181.492029][T11675] Attempt to restore checkpoint with obsolete wellknown handles
[  181.619026][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  181.619043][   T40] audit: type=1800 audit(181.537:1008): pid=11687 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1783" name="/" dev="9p" ino=2 res=0 errno=0
[  181.762982][T11690] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  181.774305][T11690] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  181.781505][T11692] syz_tun: entered allmulticast mode
[  181.871843][T11698] binder_alloc: 11697: binder_alloc_buf, no vma
[  181.907842][   T40] audit: type=1400 audit(181.827:1009): avc:  denied  { create } for  pid=11701 comm="syz.1.1789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  181.917234][   T40] audit: type=1400 audit(181.837:1010): avc:  denied  { sys_admin } for  pid=11701 comm="syz.1.1789" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  182.325316][T11719] TCP: out of memory -- consider tuning tcp_mem
[  182.499321][T11730] lo: entered promiscuous mode
[  182.504956][T11730] tunl0: entered promiscuous mode
[  182.508545][T11730] gre0: entered promiscuous mode
[  182.535915][T11730] gretap0: entered promiscuous mode
[  182.538662][T11730] erspan0: entered promiscuous mode
[  182.540655][T11730] ip_vti0: entered promiscuous mode
[  182.543395][T11730] ip6_vti0: entered promiscuous mode
[  182.545819][T11730] sit0: entered promiscuous mode
[  182.547850][T11730] ip6tnl0: entered promiscuous mode
[  182.549867][T11730] ip6gre0: entered promiscuous mode
[  182.552522][T11730] syz_tun: entered promiscuous mode
[  182.555195][T11730] ip6gretap0: entered promiscuous mode
[  182.557252][T11730] bridge0: entered promiscuous mode
[  182.560546][T11730] bond0: entered promiscuous mode
[  182.562677][T11730] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  182.568547][T11730] nlmon0: entered promiscuous mode
[  182.570866][T11730] batadv0: entered promiscuous mode
[  182.573169][T11730] veth0: entered promiscuous mode
[  182.575911][T11730] wg0: entered promiscuous mode
[  182.577866][T11730] wg1: entered promiscuous mode
[  182.579741][T11730] wg2: entered promiscuous mode
[  182.581892][T11730] veth0_to_bridge: entered promiscuous mode
[  182.585219][T11730] bridge_slave_0: entered promiscuous mode
[  182.588162][T11730] veth1_to_bridge: entered promiscuous mode
[  182.591780][T11730] veth0_to_bond: entered promiscuous mode
[  182.595519][T11730] bond_slave_0: entered promiscuous mode
[  182.598513][T11730] veth1_to_bond: entered promiscuous mode
[  182.601830][T11730] bond_slave_1: entered promiscuous mode
[  182.605683][T11730] veth1_to_team: entered promiscuous mode
[  182.608905][T11730] team_slave_1: entered promiscuous mode
[  182.612094][T11730] veth0_to_batadv: entered promiscuous mode
[  182.616723][T11730] batadv_slave_0: entered promiscuous mode
[  182.619474][T11730] veth1_to_batadv: entered promiscuous mode
[  182.621643][T11730] batadv_slave_1: entered promiscuous mode
[  182.624127][T11730] xfrm0: entered promiscuous mode
[  182.626067][T11730] veth0_to_hsr: entered promiscuous mode
[  182.628405][T11730] veth1_to_hsr: entered promiscuous mode
[  182.630929][T11730] hsr0: entered promiscuous mode
[  182.632802][T11730] veth1_virt_wifi: entered promiscuous mode
[  182.635606][T11730] veth0_virt_wifi: entered promiscuous mode
[  182.637902][T11730] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  182.641445][T11730] vlan0: entered promiscuous mode
[  182.643427][T11730] vlan1: entered promiscuous mode
[  182.646020][T11730] macvlan0: entered promiscuous mode
[  182.648333][T11730] macvlan1: entered promiscuous mode
[  182.650338][T11730] ipvlan0: entered promiscuous mode
[  182.654196][T11730] macvtap0: entered promiscuous mode
[  182.655976][T11730] macvtap0: left allmulticast mode
[  182.657580][T11730] veth0_macvtap: left allmulticast mode
[  182.659689][T11730] macsec0: entered promiscuous mode
[  182.661567][T11730] geneve0: entered promiscuous mode
[  182.664328][T11730] geneve1: entered promiscuous mode
[  182.666556][T11730] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  182.668848][T11730] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[  182.671831][T11730] netdevsim netdevsim1 netdevsim1: entered promiscuous mode
[  182.674911][T11730] netdevsim netdevsim1 netdevsim2: entered promiscuous mode
[  182.677371][T11730] netdevsim netdevsim1 netdevsim3: entered promiscuous mode
[  182.679865][T11730] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  182.682606][T11730] vxlan0: entered promiscuous mode
[  182.686607][T11730] vlan2: entered promiscuous mode
[  182.688337][T11730] vlan2: left allmulticast mode
[  182.689868][T11730] vlan1: left allmulticast mode
[  182.691430][T11730] veth0_vlan: left allmulticast mode
[  182.695622][T11730] gretap1: entered promiscuous mode
[  182.698074][T11730] vlan3: entered promiscuous mode
[  182.700879][T11730] veth2: entered promiscuous mode
[  182.702948][T11730] veth3: entered promiscuous mode
[  182.705608][T11730] erspan0: entered allmulticast mode
[  182.707363][T11730] macvtap1: left allmulticast mode
[  182.708981][T11730] erspan0: left allmulticast mode
[  182.713249][T11730] bridge1: entered promiscuous mode
[  182.716017][T11730] bond2: entered promiscuous mode
[  182.717627][T11730] vlan4: entered promiscuous mode
[  182.719862][T11730] veth4: entered promiscuous mode
[  182.721848][T11730] veth5: entered promiscuous mode
[  182.724203][T11730] vlan4: left allmulticast mode
[  182.725765][T11730] veth1: left allmulticast mode
[  182.728281][T11730] xfrm1: left allmulticast mode
[  182.730846][T11730] bridge2: entered promiscuous mode
[  182.733329][T11730] bond3: entered promiscuous mode
[  182.735483][T11730] geneve2: entered promiscuous mode
[  182.738040][T11730] syztnl2: entered promiscuous mode
[  182.740375][T11730] ip6erspan0: entered promiscuous mode
[  182.742356][T11730] dvmrp1: entered promiscuous mode
[  182.745326][T11730] veth6: entered promiscuous mode
[  182.747703][T11730] veth7: entered promiscuous mode
[  182.749769][T11730] gtp0: entered promiscuous mode
[  182.752091][T11730] ip6tnl1: entered promiscuous mode
[  182.754619][T11730] geneve3: left allmulticast mode
[  182.758816][T11730] bond4: entered promiscuous mode
[  182.760657][T11730] 8021q: adding VLAN 0 to HW filter on device bond4
[  182.761547][T11737] binder: 11736:11737 ioctl c0306201 2000000003c0 returned -14
[  182.763232][T11730] xfrm2: entered promiscuous mode
[  182.768562][T11730] xfrm2: left allmulticast mode
[  182.771024][T11730] bridge3: entered promiscuous mode
[  182.846529][   T13] bond2: (slave veth5): link status definitely up, 10000 Mbps full duplex
[  183.100333][   T40] audit: type=1400 audit(183.017:1011): avc:  denied  { create } for  pid=11748 comm="syz.3.1805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  183.130106][T11753] syz_tun: left allmulticast mode
[  183.131892][T11753] syz_tun: left promiscuous mode
[  183.133692][T11753] bridge0: port 3(syz_tun) entered disabled state
[  183.137809][T11753] veth0_to_bridge: left allmulticast mode
[  183.139990][T11753] veth0_to_bridge: left promiscuous mode
[  183.141904][T11753] bridge0: port 4(veth0_to_bridge) entered disabled state
[  183.145490][T11753] bridge_slave_0: left allmulticast mode
[  183.147693][T11753] bridge_slave_0: left promiscuous mode
[  183.149530][T11753] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.152893][T11753] bridge_slave_1: left allmulticast mode
[  183.156765][T11753] bridge_slave_1: left promiscuous mode
[  183.158897][T11753] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.163390][T11753] bond0: (slave bond_slave_0): Releasing backup interface
[  183.168174][T11753] bond0: (slave bond_slave_1): Releasing backup interface
[  183.175822][T11753] bond1: (slave geneve2): Releasing active interface
[  183.178330][T11753] bond1: (slave geneve2): the permanent HWaddr of slave - 66:32:2d:13:37:be - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  183.184216][T11753] geneve2: left allmulticast mode
[  183.187437][T11753] bond1: (slave veth3): Releasing active interface
[  183.274391][T11753] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  183.313284][T11761] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  183.474928][T11768] openvswitch: netlink: Missing valid actions attribute.
[  183.477890][T11768] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  183.736800][   T12] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  183.740360][   T12] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  183.763613][ T5998] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  183.884436][ T5998] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  184.051563][T11807] bridge0: port 2(syz_tun) entered blocking state
[  184.054034][T11807] bridge0: port 2(syz_tun) entered disabled state
[  184.058126][T11807] syz_tun: entered allmulticast mode
[  184.060916][T11807] syz_tun: entered promiscuous mode
[  184.062965][T11807] bridge0: port 2(syz_tun) entered blocking state
[  184.065841][T11807] bridge0: port 2(syz_tun) entered forwarding state
[  184.075988][T11798] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  184.183941][ T5998] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  184.333581][ T5998] usb 5-1: Using ep0 maxpacket: 8
[  184.336684][ T5998] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  184.339928][ T5998] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  184.342786][ T5998] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  184.347032][ T5998] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  184.350626][ T5998] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  184.353563][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.363257][ T5998] hub 5-1:1.0: bad descriptor, ignoring hub
[  184.365267][ T5998] hub 5-1:1.0: probe with driver hub failed with error -5
[  184.367869][ T5998] cdc_wdm 5-1:1.0: skipping garbage
[  184.369513][ T5998] cdc_wdm 5-1:1.0: skipping garbage
[  184.373038][ T5998] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  184.375789][ T5998] cdc_wdm 5-1:1.0: Unknown control protocol
[  184.387786][   T40] audit: type=1800 audit(184.307:1012): pid=11821 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.1833" name="file1" dev="tmpfs" ino=1103 res=0 errno=0
[  184.774012][   T10] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  184.847764][T11795] cdc_wdm 5-1:1.0: Error autopm - -16
[  184.849834][ T5998] usb 5-1: USB disconnect, device number 25
[  184.984141][ T5998] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  185.015241][    C0] bridge0: port 2(dummy0) entered learning state
[  185.107433][T11846] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1845'.
[  185.146714][ T5998] usb 5-1: unable to get BOS descriptor or descriptor too short
[  185.155521][ T5998] usb 5-1: unable to read config index 0 descriptor/start: -71
[  185.158663][ T5998] usb 5-1: can't read configurations, error -71
[  185.657603][T11854] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=16400 sclass=netlink_route_socket pid=11854 comm=syz.1.1849
[  185.664989][T11854] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=11854 comm=syz.1.1849
[  185.783583][   T60] usb 10-1: new full-speed USB device number 14 using dummy_hcd
[  185.913588][   T60] usb 10-1: device descriptor read/64, error -71
[  186.027893][T11869] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1854'.
[  186.092085][T11873] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  186.097500][   T40] audit: type=1400 audit(186.017:1013): avc:  denied  { bind } for  pid=11872 comm="syz.3.1856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  186.125362][T11875] bpf: Bad value for 'uid'
[  186.127333][T11875] sch_tbf: burst 0 is lower than device geneve0 mtu (1464) !
[  186.153564][   T60] usb 10-1: new full-speed USB device number 15 using dummy_hcd
[  186.293537][   T60] usb 10-1: device descriptor read/64, error -71
[  186.351836][T11900] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1864'.
[  186.404123][   T60] usb usb10-port1: attempt power cycle
[  186.743651][   T60] usb 10-1: new full-speed USB device number 16 using dummy_hcd
[  186.765327][   T60] usb 10-1: device descriptor read/8, error -71
[  186.811433][T11921] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  186.825910][T11921] afs: Unknown parameter 'lyn'
[  186.877427][T11923] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1873'.
[  186.934132][   T10] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  186.946492][T11929] netlink: 'syz.0.1875': attribute type 1 has an invalid length.
[  186.949650][T11929] netlink: 'syz.0.1875': attribute type 4 has an invalid length.
[  186.952507][T11929] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1875'.
[  187.003574][   T60] usb 10-1: new full-speed USB device number 17 using dummy_hcd
[  187.026753][   T60] usb 10-1: device descriptor read/8, error -71
[  187.088885][   T10] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  187.092765][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.096323][   T10] usb 8-1: Product: syz
[  187.098110][   T10] usb 8-1: Manufacturer: syz
[  187.100056][   T10] usb 8-1: SerialNumber: syz
[  187.111744][   T10] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  187.128712][   T10] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  187.133846][   T60] usb usb10-port1: unable to enumerate USB device
[  187.779672][T11937] Process accounting resumed
[  187.813744][    C0] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  187.850290][T11944] overlayfs: failed to clone upperpath
[  187.887200][T11949] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1882'.
[  187.936143][   T40] audit: type=1800 audit(187.857:1014): pid=11946 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.0.1881" name="/file1" dev="overlay" ino=2607 res=0 errno=0
[  188.138331][T11960] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1885'.
[  188.179206][T11962] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=16928 sclass=netlink_route_socket pid=11962 comm=syz.0.1886
[  188.214945][   T10] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  188.217357][   T10] ath9k_htc: Failed to initialize the device
[  188.236458][   T10] usb 8-1: ath9k_htc: USB layer deinitialized
[  188.406909][T11965] xt_NFQUEUE: number of total queues is 0
[  188.635707][   T40] audit: type=1800 audit(188.557:1015): pid=11973 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1891" name="bus" dev="overlay" ino=2659 res=0 errno=0
[  188.647793][T11975] serio: Serial port ptm0
[  188.710707][T11975] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1892'.
[  188.776089][T11985] netfs: Couldn't get user pages (rc=-14)
[  188.812955][T11986] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5127 sclass=netlink_route_socket pid=11986 comm=syz.1.1895
[  188.818213][T11993] syzkaller1: entered promiscuous mode
[  188.820159][T11993] syzkaller1: entered allmulticast mode
[  189.080241][T12016] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1906'.
[  189.143578][ T6100] usb 10-1: new full-speed USB device number 18 using dummy_hcd
[  189.157273][T12021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1908'.
[  189.190407][T12023] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1909'.
[  189.273799][ T6100] usb 10-1: device descriptor read/64, error -71
[  189.285627][T12031] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  189.361831][T12033] 9pnet_fd: Insufficient options for proto=fd
[  189.475810][T12035] devpts: Bad value for 'max'
[  189.513613][ T6100] usb 10-1: new full-speed USB device number 19 using dummy_hcd
[  189.643724][ T6100] usb 10-1: device descriptor read/64, error -71
[  189.649353][ T6015] usb 8-1: USB disconnect, device number 23
[  189.708767][   T40] audit: type=1400 audit(189.627:1016): avc:  denied  { watch } for  pid=12047 comm="syz.0.1918" path="/505/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  189.731183][T12045] openvswitch: netlink: Key type 9494 is out of range max 32
[  189.766269][ T6100] usb usb10-port1: attempt power cycle
[  189.846649][   T40] audit: type=1400 audit(189.767:1017): avc:  denied  { append } for  pid=12056 comm="syz.3.1921" name="video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  189.858907][ T5344]  pmem0: [POWERTEC]
[  189.901524][   T40] audit: type=1400 audit(189.817:1018): avc:  denied  { name_bind } for  pid=12064 comm="syz.1.1925" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  189.987587][T12076] ptrace attach of "/syz-executor exec"[5930] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                b\x0aøÿ\x0c  !¿¡      \x07
  øÿÿÿ·     ½      …   Ð   ·       •       ?ºj}6Ù±ŽØ¢âÄž€ ¦ôàä©Dl¢µñÌ\x0ašö˜9: óˆœ$ªVñQ™úÐ\x09<YÖk^Ο6Ç\x0d
\x0cPwÚ€û˜,” ÆlêHJA[v–a¶Ou$\x1b\x07.�  -uY:(  É>dÂ'ÉZ ·„bWðzr‘„QëÜôÎ÷ù``Vþ\x5c4fL\x0aù6\x0az^k`q0ÈŸÀ
[  190.025258][T12085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.056860][T12085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.061300][T12085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  190.064356][T12085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.103559][ T6100] usb 10-1: new full-speed USB device number 20 using dummy_hcd
[  190.106967][T12071] binder: binder_mmap: 12070 200000ffb000-200000ffe000 bad vm_flags failed -1
[  190.124772][ T6100] usb 10-1: device descriptor read/8, error -71
[  190.263634][   T60] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  190.363572][ T6100] usb 10-1: new full-speed USB device number 21 using dummy_hcd
[  190.385530][ T6100] usb 10-1: device descriptor read/8, error -71
[  190.417938][   T60] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  190.421822][   T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.425750][   T60] usb 5-1: Product: syz
[  190.427639][   T60] usb 5-1: Manufacturer: syz
[  190.429743][   T60] usb 5-1: SerialNumber: syz
[  190.437231][   T60] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  190.452335][ T6019] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  190.493973][ T6100] usb usb10-port1: unable to enumerate USB device
[  190.496752][   T40] audit: type=1400 audit(190.417:1019): avc:  denied  { setopt } for  pid=12107 comm="syz.3.1938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  190.654950][   T34] usb 5-1: USB disconnect, device number 28
[  190.766088][T12113] syzkaller1: entered promiscuous mode
[  190.767824][T12113] syzkaller1: entered allmulticast mode
[  190.772119][T12113] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma?
[  190.793777][ T6100] libceph: connect (1)[c::]:6789 error -101
[  190.797283][ T6100] libceph: mon0 (1)[c::]:6789 connect error
[  190.805769][ T6100] libceph: connect (1)[c::]:6789 error -101
[  190.809021][ T6100] libceph: mon0 (1)[c::]:6789 connect error
[  190.841689][   T10] libceph: connect (1)[c::]:6789 error -101
[  190.844067][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  191.059444][T12137] tmpfs: Bad value for 'usrquota_inode_hardlimit'
[  191.066252][ T6100] libceph: connect (1)[c::]:6789 error -101
[  191.069377][ T6100] libceph: mon0 (1)[c::]:6789 connect error
[  191.103700][   T10] libceph: connect (1)[c::]:6789 error -101
[  191.105689][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  191.217757][T12148] netlink: 'syz.1.1950': attribute type 5 has an invalid length.
[  191.312110][T12154] __nla_validate_parse: 8 callbacks suppressed
[  191.312122][T12154] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1953'.
[  191.486041][T12163] netlink: 272 bytes leftover after parsing attributes in process `syz.1.1955'.
[  191.494039][ T6019] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  191.497115][ T6019] ath9k_htc: Failed to initialize the device
[  191.500246][   T34] usb 5-1: ath9k_htc: USB layer deinitialized
[  191.574262][ T6100] libceph: connect (1)[c::]:6789 error -101
[  191.576938][ T6100] libceph: mon0 (1)[c::]:6789 connect error
[  191.623918][ T5998] libceph: connect (1)[c::]:6789 error -101
[  191.626145][ T5998] libceph: mon0 (1)[c::]:6789 connect error
[  191.638685][   T40] audit: type=1400 audit(191.557:1020): avc:  denied  { mount } for  pid=12170 comm="syz.1.1958" name="/" dev="rpc_pipefs" ino=51361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  191.666677][T12116] ceph: No mds server is up or the cluster is laggy
[  191.666928][T12113] ceph: No mds server is up or the cluster is laggy
[  191.793551][   T34] usb 5-1: new low-speed USB device number 29 using dummy_hcd
[  191.805243][T12183] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1962'.
[  191.857230][T12191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1963'.
[  191.945176][   T34] usb 5-1: config 0 has no interfaces?
[  191.947534][   T34] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  191.951268][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.957737][   T34] usb 5-1: config 0 descriptor??
[  191.965781][T12199] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1967'.
[  191.969827][   T40] audit: type=1400 audit(191.887:1021): avc:  denied  { accept } for  pid=12198 comm="syz.5.1967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  192.033618][T12197] kvm: pic: non byte write
[  192.369951][T12143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.372844][T12143] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.378074][T12143] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  192.383567][T12143] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1948'.
[  192.524936][ T6015] usb 5-1: USB disconnect, device number 29
[  192.727192][T12216] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1970'.
[  192.735038][T12215] delete_channel: no stack
[  192.818715][T12220] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1972'.
[  192.848968][   T40] audit: type=1326 audit(192.767:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12224 comm="syz.1.1974" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d1118e929 code=0x0
[  193.061631][T12238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1978'.
[  193.062689][   T40] audit: type=1400 audit(192.977:1023): avc:  denied  { shutdown } for  pid=12237 comm="syz.5.1979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  193.063642][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  193.070254][T12239] gfs2: not a GFS2 filesystem
[  193.084380][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  193.088287][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  193.104101][T12239] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1979'.
[  193.154976][T12247] loop6: detected capacity change from 0 to 524287999
[  193.202051][   T13] Bluetooth: hci6: Frame reassembly failed (-84)
[  193.205563][T12247] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 2
[  193.534970][T12273] SELinux:  Context system_u:object_r:clock_device_t:s0 is not valid (left unmapped).
[  193.539137][   T40] audit: type=1400 audit(193.457:1024): avc:  denied  { relabelto } for  pid=12272 comm="syz.3.1992" name="478" dev="tmpfs" ino=2617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:clock_device_t:s0"
[  193.550492][   T40] audit: type=1400 audit(193.457:1025): avc:  denied  { associate } for  pid=12272 comm="syz.3.1992" name="478" dev="tmpfs" ino=2617 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:clock_device_t:s0"
[  193.623539][   T34] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  193.664274][T12277] 9pnet_fd: p9_fd_create_tcp (12277): problem connecting socket to 127.0.0.1
[  193.698009][T12282] syz.3.1995: attempt to access beyond end of device
[  193.698009][T12282] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  193.701970][T12282] (syz.3.1995,12282,3):ocfs2_get_sector:1714 ERROR: status = -5
[  193.706623][T12282] (syz.3.1995,12282,3):ocfs2_sb_probe:753 ERROR: status = -5
[  193.708925][T12282] (syz.3.1995,12282,3):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  193.711689][T12282] (syz.3.1995,12282,3):ocfs2_fill_super:1177 ERROR: status = -5
[  193.803591][   T34] usb 10-1: Using ep0 maxpacket: 32
[  193.806415][   T34] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[  193.809014][   T34] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  193.811734][   T34] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[  193.815600][   T34] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  193.816473][T12284] openvswitch: netlink: IPv6 tunnel dst address is zero
[  193.818580][   T34] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  193.818609][   T34] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  193.818633][   T34] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  193.818644][   T34] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.820291][   T34] usb 10-1: config 0 descriptor??
[  193.821539][T12285] netlink: 'syz.3.1996': attribute type 2 has an invalid length.
[  193.840901][T12285] nbd: must specify a device to reconfigure
[  193.985825][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  194.033000][   T34] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  194.039088][   T34] usb 10-1: USB disconnect, device number 22
[  194.042979][   T34] usblp0: removed
[  194.374805][T12318] overlayfs: failed to resolve './file3': -2
[  194.484846][  T839] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[  194.600635][T12331] random: crng reseeded on system resumption
[  194.633697][  T839] usb 10-1: Using ep0 maxpacket: 32
[  194.638222][  T839] usb 10-1: config index 0 descriptor too short (expected 29220, got 36)
[  194.642455][  T839] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  194.646418][  T839] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81
[  194.650070][  T839] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  194.653897][  T839] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  194.656964][  T839] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  194.661161][  T839] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  194.664246][  T839] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.668964][  T839] usb 10-1: config 0 descriptor??
[  195.042517][  T839] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 23 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  195.047801][  T839] usb 10-1: USB disconnect, device number 23
[  195.052808][  T839] usblp0: removed
[  195.254557][ T5945] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  195.254639][ T5946] Bluetooth: hci6: command 0x1003 tx timeout
[  195.543099][T12372] fuse: Bad value for 'rootmode'
[  195.587157][T12374] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  195.590603][T12374] overlayfs: conflicting options: userxattr,redirect_dir=on
[  195.674791][T12376] 9pnet_fd: Insufficient options for proto=fd
[  195.713616][ T5998] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  195.786179][T12390] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  195.842665][T12398] sock: sock_timestamping_bind_phc: sock not bind to device
[  195.873603][ T5998] usb 5-1: Using ep0 maxpacket: 32
[  195.876666][ T5998] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  195.880069][T12400] xt_TCPMSS: Only works on TCP SYN packets
[  195.884487][   T34] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  195.885120][ T5998] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  195.889751][ T5998] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  195.892454][ T5998] usb 5-1: Product: syz
[  195.893877][    C0] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  195.896785][ T5998] usb 5-1: Manufacturer: syz
[  195.898323][ T5998] usb 5-1: SerialNumber: syz
[  195.899326][T12400] ata3.00: invalid multi_count 1 ignored
[  195.907291][   T40] audit: type=1400 audit(195.827:1026): avc:  denied  { checkpoint_restore } for  pid=12396 comm="syz.3.2035" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  195.913957][ T5998] usb 5-1: config 0 descriptor??
[  195.914420][T12368] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  195.918843][ T5998] hub 5-1:0.0: bad descriptor, ignoring hub
[  195.920827][ T5998] hub 5-1:0.0: probe with driver hub failed with error -5
[  195.963724][   T34] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  196.077551][T12423] overlayfs: failed to clone upperpath
[  196.152206][T12426] xt_NFQUEUE: number of total queues is 0
[  196.189092][   T40] audit: type=1326 audit(196.107:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12367 comm="syz.0.2023" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6299d8e929 code=0x0
[  196.310942][T12442] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  196.316065][T12443] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  196.573732][ T5998] usb 10-1: new full-speed USB device number 24 using dummy_hcd
[  196.619257][T12456] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  196.622821][T12456] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  196.649998][T12368] usb 5-1: reset high-speed USB device number 30 using dummy_hcd
[  196.660434][T12368] usb 5-1: device reset changed ep0 maxpacket size!
[  196.667015][  T839] usb 5-1: USB disconnect, device number 30
[  196.703592][ T5998] usb 10-1: device descriptor read/64, error -71
[  196.705975][T12462] __nla_validate_parse: 16 callbacks suppressed
[  196.705986][T12462] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2058'.
[  196.803535][  T839] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  196.817531][T12466] xt_NFQUEUE: number of total queues is 0
[  196.953909][ T5998] usb 10-1: new full-speed USB device number 25 using dummy_hcd
[  196.964443][  T839] usb 5-1: Using ep0 maxpacket: 8
[  196.969482][  T839] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  196.972295][  T839] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  196.975612][  T839] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  196.979686][  T839] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  196.982839][  T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.991364][  T839] usbtmc 5-1:16.0: bulk endpoints not found
[  197.028259][T12477] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2070'.
[  197.052551][   T40] audit: type=1400 audit(196.967:1028): avc:  denied  { create } for  pid=12478 comm="syz.3.2063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  197.059129][   T40] audit: type=1400 audit(196.967:1029): avc:  denied  { ioctl } for  pid=12478 comm="syz.3.2063" path="socket:[52549]" dev="sockfs" ino=52549 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  197.093678][ T5998] usb 10-1: device descriptor read/64, error -71
[  197.203756][ T5998] usb usb10-port1: attempt power cycle
[  197.543593][ T5998] usb 10-1: new full-speed USB device number 26 using dummy_hcd
[  197.570335][ T5998] usb 10-1: device descriptor read/8, error -71
[  197.572882][T12482] team0: left allmulticast mode
[  197.577419][T12482] bridge0: port 1(team0) entered disabled state
[  197.581504][T12482] dummy0: left allmulticast mode
[  197.583227][T12482] bridge0: port 2(dummy0) entered disabled state
[  197.598403][T12482] bond0: (slave wlan1): Releasing backup interface
[  197.610497][T12482] bond2: (slave veth5): Releasing active interface
[  197.612710][T12482] bond2: (slave veth5): the permanent HWaddr of slave - f6:53:68:34:c5:3b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  197.625870][T12482] bond2: (slave vlan4): Releasing active interface
[  197.632014][T12482] bond3: (slave geneve2): Releasing active interface
[  197.651649][T12484] team0: Mode changed to "random"
[  197.665385][ T6100] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  197.687654][T12482] team0: Port device vlan0 added
[  197.696964][T12482] tipc: Enabled bearer <eth:team0>, priority 0
[  197.740987][T12490] netlink: 'syz.3.2068': attribute type 10 has an invalid length.
[  197.766742][T12492] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2069'.
[  197.804130][ T5998] usb 10-1: new full-speed USB device number 27 using dummy_hcd
[  197.809588][T12497] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2080'.
[  197.819383][T12497] blkio.reset_stats is deprecated
[  197.825666][ T5998] usb 10-1: device descriptor read/8, error -71
[  197.933952][ T5998] usb usb10-port1: unable to enumerate USB device
[  198.469072][ T6015] usb 5-1: USB disconnect, device number 31
[  198.511226][T12504] netlink: 'syz.3.2074': attribute type 21 has an invalid length.
[  198.516190][T12504] dlm: plock device version mismatch: kernel (1.2.0), user (4289683456.32585.0)
[  198.606898][T12514] team0: Port device vlan0 removed
[  198.615769][ T6100] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  198.626758][T12514] team0: Port device geneve0 removed
[  198.635128][T12514] bond2: (slave geneve2): Releasing active interface
[  198.644955][   T54] tipc: Resetting bearer <eth:team0>
[  198.648964][T12520] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2084'.
[  198.671533][T12514] team0: Mode changed to "random"
[  198.678903][T12514] team0: Port device vlan0 added
[  198.684666][T12514] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  198.746986][T12532] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2089'.
[  198.781986][T12543] xt_hashlimit: size too large, truncated to 1048576
[  198.826186][T12549] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  198.944710][T12568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2101'.
[  198.973758][T12574] netlink: 'syz.0.2104': attribute type 10 has an invalid length.
[  198.988985][T12574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2104'.
[  198.992419][T12574] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2104'.
[  198.993366][T12576] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  199.003222][T12574] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2104'.
[  199.046910][T12580] No such timeout policy "syz1"
[  199.166456][T12600] netlink: 'syz.3.2114': attribute type 1 has an invalid length.
[  199.169154][T12600] netlink: 'syz.3.2114': attribute type 2 has an invalid length.
[  199.172544][T12600] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  199.176627][T12600] VFS: Can't find a romfs filesystem on dev nullb0.
[  199.176627][T12600] 
[  199.204528][T12602] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  199.294609][T12591] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  199.300977][T12591] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  199.308639][T12591] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  199.312515][T12591] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  199.318704][T12591] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  199.325486][T12591] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  199.333873][T12591] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  199.421466][T12618] macvtap1: entered allmulticast mode
[  199.423210][T12618] veth0_macvtap: entered allmulticast mode
[  199.465624][T12626] overlayfs: missing 'lowerdir'
[  199.592555][T12625] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  199.657593][T12644] bridge0: port 1(syz_tun) entered blocking state
[  199.659762][T12644] bridge0: port 1(syz_tun) entered disabled state
[  199.662029][T12644] syz_tun: entered allmulticast mode
[  199.665566][T12644] syz_tun: entered promiscuous mode
[  199.803792][  T837] usb 10-1: new full-speed USB device number 28 using dummy_hcd
[  199.896390][ T6015] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  199.927085][T12660] syz_tun: left allmulticast mode
[  199.928726][T12660] syz_tun: left promiscuous mode
[  199.930405][T12660] bridge0: port 1(syz_tun) entered disabled state
[  199.943569][  T837] usb 10-1: device descriptor read/64, error -71
[  199.989113][   T40] audit: type=1400 audit(199.907:1030): avc:  denied  { shutdown } for  pid=12664 comm="syz.1.2138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  200.006749][T12660] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  200.070264][ T6015] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  200.074382][ T6015] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.077775][ T6015] usb 5-1: Product: syz
[  200.079577][ T6015] usb 5-1: Manufacturer: syz
[  200.081488][ T6015] usb 5-1: SerialNumber: syz
[  200.089804][ T6015] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  200.100889][ T6100] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  200.183575][  T837] usb 10-1: new full-speed USB device number 29 using dummy_hcd
[  200.222595][T12693] team0: Port device vlan0 removed
[  200.231137][ T1186] tipc: Resetting bearer <eth:team0>
[  200.236668][T12693] team0: Unable to change to the same mode the team is in
[  200.241574][T12693] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  200.254886][   T10] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  200.313715][  T837] usb 10-1: device descriptor read/64, error -71
[  200.315974][   T10] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  200.423954][  T837] usb usb10-port1: attempt power cycle
[  200.764268][  T837] usb 10-1: new full-speed USB device number 30 using dummy_hcd
[  200.784182][  T837] usb 10-1: device descriptor read/8, error -71
[  201.023586][  T837] usb 10-1: new full-speed USB device number 31 using dummy_hcd
[  201.044054][  T837] usb 10-1: device descriptor read/8, error -71
[  201.153862][  T837] usb usb10-port1: unable to enumerate USB device
[  201.175556][ T6100] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  201.177796][ T6100] ath9k_htc: Failed to initialize the device
[  201.201218][ T6100] usb 5-1: ath9k_htc: USB layer deinitialized
[  201.327092][T12713] tipc: Resetting bearer <eth:team0>
[  201.359138][T12713] team0: Unable to change to the same mode the team is in
[  201.363348][T12713] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  201.375575][   T10] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  201.901429][T12736] tipc: Resetting bearer <eth:team0>
[  201.920171][T12736] team0: Unable to change to the same mode the team is in
[  201.923081][T12736] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  201.944388][ T5998] ip6_tunnel: syztnl2 xmit: Local address not yet configured!
[  202.201691][T12746] lo: left promiscuous mode
[  202.206220][T12746] tunl0: left promiscuous mode
[  202.210049][T12746] gre0: left promiscuous mode
[  202.214372][T12746] gretap0: left promiscuous mode
[  202.220521][T12746] ip_vti0: left promiscuous mode
[  202.224083][T12746] ip6_vti0: left promiscuous mode
[  202.227149][T12746] sit0: left promiscuous mode
[  202.233701][T12746] ip6tnl0: left promiscuous mode
[  202.239458][T12746] ip6gre0: left promiscuous mode
[  202.245884][T12746] syz_tun: left promiscuous mode
[  202.249317][T12746] ip6gretap0: left promiscuous mode
[  202.262720][T12746] bond0: left promiscuous mode
[  202.267991][T12746] tipc: Resetting bearer <eth:team0>
[  202.270698][T12746] team0: left promiscuous mode
[  202.276837][T12746] dummy0: left promiscuous mode
[  202.288582][T12746] nlmon0: left promiscuous mode
[  202.294908][T12746] batadv0: left promiscuous mode
[  202.303712][T12746] veth0: left promiscuous mode
[  202.314917][T12746] wg0: left promiscuous mode
[  202.322031][T12746] wg1: left promiscuous mode
[  202.328425][T12746] wg2: left promiscuous mode
[  202.334869][T12746] veth0_to_bridge: left promiscuous mode
[  202.341859][T12746] bridge_slave_0: left promiscuous mode
[  202.349396][T12746] veth1_to_bridge: left promiscuous mode
[  202.356426][T12746] bridge_slave_1: left promiscuous mode
[  202.361672][T12746] veth0_to_bond: left promiscuous mode
[  202.367681][T12746] bond_slave_0: left promiscuous mode
[  202.371962][T12746] veth1_to_bond: left promiscuous mode
[  202.380243][T12746] bond_slave_1: left promiscuous mode
[  202.385434][T12746] veth1_to_team: left promiscuous mode
[  202.394173][T12746] team_slave_1: left promiscuous mode
[  202.400242][T12746] veth0_to_batadv: left promiscuous mode
[  202.405351][T12746] batadv_slave_0: left promiscuous mode
[  202.414862][T12746] veth1_to_batadv: left promiscuous mode
[  202.420404][T12746] batadv_slave_1: left promiscuous mode
[  202.430828][T12746] xfrm0: left promiscuous mode
[  202.437659][T12746] veth0_to_hsr: left promiscuous mode
[  202.444030][T12746] veth1_to_hsr: left promiscuous mode
[  202.453196][T12746] hsr0: left promiscuous mode
[  202.463279][T12746] veth1_virt_wifi: left promiscuous mode
[  202.470655][T12746] veth0_virt_wifi: left promiscuous mode
[  202.475935][T12746] net veth1_virt_wifi virt_wifi0: left promiscuous mode
[  202.495587][T12746] vlan0: left promiscuous mode
[  202.497895][T12746] macvlan0: left promiscuous mode
[  202.502767][T12746] macvlan1: left promiscuous mode
[  202.505929][T12746] ipvlan0: left promiscuous mode
[  202.519828][T12746] macvtap0: left promiscuous mode
[  202.524799][T12746] macsec0: left promiscuous mode
[  202.528451][T12746] geneve0: left promiscuous mode
[  202.534916][T12746] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  202.537654][T12746] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  202.540424][T12746] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  202.543180][T12746] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  202.546654][T12746] geneve1: left promiscuous mode
[  202.551417][T12746] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  202.555981][T12746] netdevsim netdevsim1 netdevsim1: left promiscuous mode
[  202.564587][T12746] netdevsim netdevsim1 netdevsim2: left promiscuous mode
[  202.569619][T12746] netdevsim netdevsim1 netdevsim3: left promiscuous mode
[  202.578622][T12746] mac80211_hwsim hwsim8 wlan0: left promiscuous mode
[  202.582731][T12746] mac80211_hwsim hwsim9 wlan1: left promiscuous mode
[  202.586564][T12746] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  202.590558][T12746] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  202.594722][T12746] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  202.598441][T12746] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  202.605991][T12746] vxlan0: left promiscuous mode
[  202.612386][T12746] vlan2: left promiscuous mode
[  202.617140][T12746] vlan1: left promiscuous mode
[  202.621174][T12746] bond1: left promiscuous mode
[  202.626546][T12746] gretap1: left promiscuous mode
[  202.632657][T12746] vlan3: left promiscuous mode
[  202.634947][T12746] bridge0: left promiscuous mode
[  202.639286][T12746] veth2: left promiscuous mode
[  202.645382][T12746] veth3: left promiscuous mode
[  202.653196][T12746] macvtap1: left promiscuous mode
[  202.658006][T12746] bridge1: left promiscuous mode
[  202.662466][T12746] bond2: left promiscuous mode
[  202.666800][T12746] veth4: left promiscuous mode
[  202.669847][T12746] veth5: left promiscuous mode
[  202.671487][T12746] vlan4: left promiscuous mode
[  202.673028][T12746] veth1: left promiscuous mode
[  202.675923][  T839] usb 5-1: USB disconnect, device number 32
[  202.676117][T12746] xfrm1: left promiscuous mode
[  202.682245][T12746] bridge2: left promiscuous mode
[  202.687800][T12746] bond3: left promiscuous mode
[  202.691640][T12746] geneve2: left promiscuous mode
[  202.694026][T12746] syztnl2: left promiscuous mode
[  202.698450][T12746] ip6erspan0: left promiscuous mode
[  202.702861][T12746] dvmrp1: left promiscuous mode
[  202.705513][   T40] audit: type=1400 audit(202.627:1031): avc:  denied  { getopt } for  pid=12751 comm="syz.0.2173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  202.708224][T12746] veth6: left promiscuous mode
[  202.719468][T12746] veth7: left promiscuous mode
[  202.723718][T12746] gtp0: left promiscuous mode
[  202.727680][T12746] ip6tnl1: left promiscuous mode
[  202.732405][T12746] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  202.736327][T12746] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  202.739093][T12746] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  202.741998][T12746] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  202.745293][T12746] geneve3: left promiscuous mode
[  202.751051][T12746] bond4: left promiscuous mode
[  202.754241][T12746] xfrm2: left promiscuous mode
[  202.758461][T12746] bridge3: left promiscuous mode
[  202.765251][T12754] __nla_validate_parse: 9 callbacks suppressed
[  202.765262][T12754] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2174'.
[  202.811602][T12757] team0: Unable to change to the same mode the team is in
[  202.812294][T12758] binder: 12756:12758 ioctl c0306201 2000000003c0 returned -14
[  202.816052][T12757] vlan0: entered promiscuous mode
[  202.820973][T12757] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  202.847630][T12760] overlayfs: failed to resolve './file0': -2
[  202.929972][T12770] openvswitch: netlink: IP tunnel TTL not specified.
[  203.504055][ T6019] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  203.590779][T12784] bond0: (slave erspan0): Releasing active interface
[  203.597987][T12784] syz_tun: left allmulticast mode
[  203.599666][T12784] syz_tun: left promiscuous mode
[  203.601344][T12784] bridge0: port 2(syz_tun) entered disabled state
[  203.607407][T12784] bridge_slave_0: left allmulticast mode
[  203.609297][T12784] bridge_slave_0: left promiscuous mode
[  203.611191][T12784] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.633939][ T6019] usb 5-1: device descriptor read/64, error -71
[  203.635323][T12784] team0: Port device team_slave_0 removed
[  203.645582][T12784] team0: Port device team_slave_1 removed
[  203.647844][T12784] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.650159][T12784] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.653310][T12784] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.656421][T12784] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.668572][T12784] team0: Port device geneve0 removed
[  203.680110][T12785] team0: Mode changed to "random"
[  203.687003][T12784] tipc: Started in network mode
[  203.688592][T12784] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  203.691320][T12784] tipc: Enabled bearer <eth:team0>, priority 0
[  203.867266][T12791] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  203.870034][T12791] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  203.872802][T12791] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  203.876347][T12791] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  203.879137][T12791] geneve2: entered promiscuous mode
[  203.880814][T12791] geneve2: entered allmulticast mode
[  203.883518][ T6019] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  204.013589][ T6019] usb 5-1: device descriptor read/64, error -71
[  204.134360][ T6019] usb usb5-port1: attempt power cycle
[  204.473586][ T6019] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  204.495941][ T6019] usb 5-1: device descriptor read/8, error -71
[  204.694109][   T34] tipc: Node number set to 11578026
[  204.743583][ T6019] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  204.758212][T12801] overlayfs: missing 'lowerdir'
[  204.767601][ T6019] usb 5-1: device descriptor read/8, error -71
[  204.796286][   T40] audit: type=1400 audit(204.717:1032): avc:  denied  { name_bind } for  pid=12803 comm="syz.5.2195" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  204.883823][ T6019] usb usb5-port1: unable to enumerate USB device
[  205.730846][T12809] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  205.953604][ T6015] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[  206.073816][ T5945] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  206.077033][ T5945] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  206.080439][ T5945] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  206.084303][ T5945] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  206.087476][ T5945] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  206.113541][ T6015] usb 10-1: Using ep0 maxpacket: 32
[  206.119346][ T6015] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  206.125375][ T6015] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  206.128427][ T6015] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  206.131001][ T6015] usb 10-1: Product: syz
[  206.132346][ T6015] usb 10-1: Manufacturer: syz
[  206.134180][ T6015] usb 10-1: SerialNumber: syz
[  206.138978][ T6015] usb 10-1: config 0 descriptor??
[  206.142474][T12812] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  206.146716][ T6015] hub 10-1:0.0: bad descriptor, ignoring hub
[  206.148706][ T6015] hub 10-1:0.0: probe with driver hub failed with error -5
[  206.248020][T12820] chnl_net:caif_netlink_parms(): no params data found
[  206.333321][T11043] syz_tun (unregistering): left allmulticast mode
[  206.403946][T12820] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.406789][T12820] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.409770][T12820] bridge_slave_0: entered allmulticast mode
[  206.410722][   T40] audit: type=1326 audit(206.327:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12811 comm="syz.5.2198" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b7f98e929 code=0x0
[  206.416848][T12820] bridge_slave_0: entered promiscuous mode
[  206.442355][T12820] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.444815][T12820] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.447118][T12820] bridge_slave_1: entered allmulticast mode
[  206.449705][T12820] bridge_slave_1: entered promiscuous mode
[  206.482794][T12820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.488346][T12820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.567772][T12820] team0: Port device team_slave_0 added
[  206.573319][T12820] team0: Port device team_slave_1 added
[  206.631431][T12820] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.634187][T12820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.642741][T12820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.670442][T12820] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.672755][T12820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.681409][T12820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.749675][T12820] hsr_slave_0: entered promiscuous mode
[  206.752120][T12820] hsr_slave_1: entered promiscuous mode
[  206.754456][T12820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  206.756842][T12820] Cannot create hsr debugfs directory
[  206.853601][T12812] usb 10-1: reset high-speed USB device number 32 using dummy_hcd
[  206.856652][T12812] usb 10-1: device reset changed ep0 maxpacket size!
[  206.859194][  T837] usb 10-1: USB disconnect, device number 32
[  207.003610][  T837] usb 10-1: new high-speed USB device number 33 using dummy_hcd
[  207.124550][ T1257] dvmrp1 (unregistering): left allmulticast mode
[  207.153641][  T837] usb 10-1: Using ep0 maxpacket: 8
[  207.156781][  T837] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  207.159364][  T837] usb 10-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  207.162606][  T837] usb 10-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  207.167949][  T837] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  207.170865][  T837] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.178913][  T837] usbtmc 10-1:16.0: bulk endpoints not found
[  207.473697][ T1257] bond0 (unregistering): Released all slaves
[  207.548969][ T1257] bond1 (unregistering): Released all slaves
[  207.636171][ T1257] bond2 (unregistering): Released all slaves
[  207.717787][ T1257] bond3 (unregistering): Released all slaves
[  207.796379][ T1257] bond4 (unregistering): Released all slaves
[  207.844085][T12844] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  207.882553][ T1257] tipc: Disabling bearer <udp:syz2>
[  207.888980][ T1257] tipc: Disabling bearer <eth:team0>
[  207.900639][ T1257] tipc: Left network mode
[  207.917829][ T1257] IPVS: stopping backup sync thread 12443 ...
[  207.934258][   T40] audit: type=1800 audit(207.847:1034): pid=12855 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.2209" name="/" dev="9p" ino=2 res=0 errno=0
[  208.064667][T12863] binder: 12862:12863 ioctl c0306201 2000000003c0 returned -14
[  208.067491][T12863] binder_alloc: 12862: binder_alloc_buf, no vma
[  208.095929][T12867] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2212'.
[  208.137823][ T5945] Bluetooth: hci6: command tx timeout
[  208.226638][ T1257] hsr_slave_0: left promiscuous mode
[  208.236627][ T1257] hsr_slave_1: left promiscuous mode
[  208.623655][ T6019] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  208.717893][ T6100] usb 10-1: USB disconnect, device number 33
[  208.755216][T12892] binder: 12891:12892 ioctl c0306201 2000000003c0 returned -14
[  208.760589][T12892] binder_alloc: 12891: binder_alloc_buf, no vma
[  208.779314][ T6019] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  208.782326][ T6019] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.785145][ T6019] usb 8-1: Product: syz
[  208.786607][ T6019] usb 8-1: Manufacturer: syz
[  208.788095][ T6019] usb 8-1: SerialNumber: syz
[  208.794270][ T6019] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  208.812213][ T6019] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  209.053396][T12903] overlayfs: workdir and upperdir must reside under the same mount
[  209.238110][T12910] binder: 12909:12910 ioctl c0306201 2000000003c0 returned -14
[  209.240912][T12910] binder_alloc: 12909: binder_alloc_buf, no vma
[  209.796548][T12908] bond0: entered allmulticast mode
[  209.855109][T12820] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  209.860001][T12820] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  209.865691][T12820] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  209.875237][T12820] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  209.893945][ T6019] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  209.896464][ T6019] ath9k_htc: Failed to initialize the device
[  209.915611][ T6019] usb 8-1: ath9k_htc: USB layer deinitialized
[  209.947217][T12820] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.963051][T12820] 8021q: adding VLAN 0 to HW filter on device team0
[  209.981853][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.984360][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.991869][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.994179][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.113633][T12820] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.136135][T12820] veth0_vlan: entered promiscuous mode
[  210.140984][T12820] veth1_vlan: entered promiscuous mode
[  210.160055][T12820] veth0_macvtap: entered promiscuous mode
[  210.167024][T12820] veth1_macvtap: entered promiscuous mode
[  210.177362][T12820] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.184332][T12820] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.191893][T12820] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.194854][T12820] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.197583][T12820] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.200342][T12820] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.228701][ T5945] Bluetooth: hci6: command tx timeout
[  210.241270][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.246079][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.258519][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.261185][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.277059][   T40] audit: type=1400 audit(210.197:1035): avc:  denied  { write } for  pid=12820 comm="syz-executor" name="cgroup.procs" dev="cgroup" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0"
[  210.285803][   T40] audit: type=1400 audit(210.197:1036): avc:  denied  { open } for  pid=12820 comm="syz-executor" path="/syzcgroup/cpu/syz1/cgroup.procs" dev="cgroup" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0"
[  210.543696][ T6100] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  210.574831][   T40] audit: type=1800 audit(210.497:1037): pid=12951 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.2231" name="/" dev="9p" ino=2 res=0 errno=0
[  210.613672][  T839] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  210.695026][ T6100] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  210.698997][ T6100] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  210.703835][ T6100] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  210.706660][ T6100] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.709133][ T6100] usb 5-1: Product: syz
[  210.710707][ T6100] usb 5-1: Manufacturer: syz
[  210.712175][ T6100] usb 5-1: SerialNumber: syz
[  210.764108][  T839] usb 6-1: Using ep0 maxpacket: 32
[  210.767251][  T839] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  210.772403][  T839] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  210.775946][  T839] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  210.778588][  T839] usb 6-1: Product: syz
[  210.780088][  T839] usb 6-1: Manufacturer: syz
[  210.781766][  T839] usb 6-1: SerialNumber: syz
[  210.785682][  T839] usb 6-1: config 0 descriptor??
[  210.788229][T12945] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  210.791597][  T839] hub 6-1:0.0: bad descriptor, ignoring hub
[  210.794174][  T839] hub 6-1:0.0: probe with driver hub failed with error -5
[  210.945367][T12964] page: refcount:3 mapcount:0 mapping:ffff88802789b678 index:0x2 pfn:0x4b6e6
[  210.949583][T12964] memcg:ffff88802a6e0d00
[  210.951049][T12964] aops:def_blk_aops ino:fa00000
[  210.952656][T12964] flags: 0xfff6000000003d(locked|referenced|uptodate|dirty|lru|node=0|zone=1|lastcpupid=0x7ff)
[  210.957299][T12964] raw: 00fff6000000003d ffffea00012db9c8 ffff88801ce8c4e0 ffff88802789b678
[  210.960105][T12964] raw: 0000000000000002 0000000000000000 00000003ffffffff ffff88802a6e0d00
[  210.962881][T12964] page dumped because: VM_BUG_ON_FOLIO(!folio_contains(folio, index))
[  210.965866][T12964] page_owner tracks the page as allocated
[  210.968163][T12964] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 12965, tgid 12963 (syz.5.2239), ts 210940478396, free_ts 209978072232
[  210.976559][T12964]  post_alloc_hook+0x1c0/0x230
[  210.978206][T12964]  get_page_from_freelist+0x1321/0x3890
[  210.979985][T12964]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  210.981864][T12964]  alloc_pages_mpol+0x1fb/0x550
[  210.983421][T12964]  folio_alloc_noprof+0x20/0x2d0
[  210.986537][T12964]  filemap_alloc_folio_noprof+0x3a1/0x470
[  210.988260][T12964]  page_cache_ra_order+0x4c0/0xd00
[  210.989791][T12964]  filemap_fault+0x1465/0x26c0
[  210.991428][T12964]  __do_fault+0x10d/0x490
[  210.992778][T12964]  __handle_mm_fault+0x3c2a/0x5490
[  210.994632][T12964]  handle_mm_fault+0x589/0xd10
[  210.996123][T12964]  do_user_addr_fault+0x7a6/0x1370
[  210.997673][T12964]  exc_page_fault+0x5c/0xb0
[  210.999071][T12964]  asm_exc_page_fault+0x26/0x30
[  211.000703][T12964] page last free pid 12922 tgid 12922 stack trace:
[  211.002677][T12964]  __free_frozen_pages+0x7fe/0x1180
[  211.004380][T12964]  qlist_free_all+0x4d/0x120
[  211.005844][T12964]  kasan_quarantine_reduce+0x195/0x1e0
[  211.007559][T12964]  __kasan_slab_alloc+0x69/0x90
[  211.009098][T12964]  __kmalloc_noprof+0x1d4/0x510
[  211.010673][T12964]  tomoyo_realpath_from_path+0xc2/0x6e0
[  211.012400][T12964]  tomoyo_path_number_perm+0x245/0x580
[  211.014307][T12964]  security_file_ioctl+0x9b/0x240
[  211.015934][T12964]  __x64_sys_ioctl+0xb7/0x210
[  211.017430][T12964]  do_syscall_64+0xcd/0x4c0
[  211.018882][T12964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.020806][T12964] ------------[ cut here ]------------
[  211.022542][T12964] kernel BUG at mm/filemap.c:3442!
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  211.024411][T12964] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  211.026728][T12964] CPU: 0 UID: 0 PID: 12964 Comm: syz.5.2239 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  211.032063][T12964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  211.035395][T12964] RIP: 0010:filemap_fault+0x1847/0x26c0
[  211.037129][T12964] Code: 00 e9 d2 ec ff ff 48 8b 7c 24 28 e8 23 39 2e 00 e9 79 f3 ff ff e8 29 61 c7 ff 48 c7 c6 a0 1f b9 8b 48 89 df e8 ba 9e 10 00 90 <0f> 0b e8 12 61 c7 ff 48 c7 c6 a0 15 b9 8b 48 89 df e8 a3 9e 10 00
[  211.043049][T12964] RSP: 0018:ffffc90006807760 EFLAGS: 00010293
[  211.044945][T12964] RAX: 0000000000000000 RBX: ffffea00012db980 RCX: 0000000000000000
[  211.047356][T12964] RDX: ffff888025d6c880 RSI: ffffffff81f4bb36 RDI: ffff888025d6ccc4
[  211.049701][T12964] RBP: ffffc90006807990 R08: 0000000000000001 R09: 0000000000000001
[  211.050065][   T40] audit: type=1326 audit(210.967:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12944 comm="syz.1.2228" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f036d58e929 code=0x0
[  211.052160][T12964] R10: ffffffff90a80f57 R11: 0000000000000002 R12: ffff88802789b678
[  211.052171][T12964] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[  211.052178][T12964] FS:  00007f5b808ac6c0(0000) GS:ffff8880d6753000(0000) knlGS:0000000000000000
[  211.052199][T12964] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.052209][T12964] CR2: 000000110c2e4755 CR3: 00000000486b3000 CR4: 0000000000352ef0
[  211.052215][T12964] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004520
[  211.073659][T12964] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  211.076103][T12964] Call Trace:
[  211.077147][T12964]  <TASK>
[  211.078071][T12964]  ? __pfx_filemap_fault+0x10/0x10
[  211.079668][T12964]  ? __lock_acquire+0xb8a/0x1c90
[  211.081231][T12964]  __do_fault+0x10d/0x490
[  211.082577][T12964]  ? __pfx_filemap_map_pages+0x10/0x10
[  211.084280][T12964]  __handle_mm_fault+0x374c/0x5490
[  211.085834][T12964]  ? __pfx___handle_mm_fault+0x10/0x10
[  211.087495][T12964]  ? __pte_offset_map_lock+0x174/0x310
[  211.089184][T12964]  ? find_held_lock+0x2b/0x80
[  211.090738][T12964]  ? find_held_lock+0x2b/0x80
[  211.092203][T12964]  ? follow_page_pte+0x3af/0x14c0
[  211.093736][T12964]  handle_mm_fault+0x589/0xd10
[  211.095219][T12964]  __get_user_pages+0x589/0x3b80
[  211.096762][T12964]  ? __pfx___get_user_pages+0x10/0x10
[  211.098385][T12964]  ? __pfx_down_read_killable+0x10/0x10
[  211.100106][T12964]  ? __lock_acquire+0xb8a/0x1c90
[  211.101626][T12964]  faultin_page_range+0x39c/0x980
[  211.103161][T12964]  madvise_do_behavior+0x268/0x3f0
[  211.104724][T12964]  ? __pfx_madvise_do_behavior+0x10/0x10
[  211.106464][T12964]  do_madvise+0x161/0x230
[  211.107815][T12964]  ? __pfx_do_madvise+0x10/0x10
[  211.109332][T12964]  ? xfd_validate_state+0x61/0x180
[  211.110951][T12964]  __x64_sys_madvise+0xa9/0x110
[  211.112467][T12964]  ? lockdep_hardirqs_on+0x7c/0x110
[  211.114079][T12964]  do_syscall_64+0xcd/0x4c0
[  211.115499][T12964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.117324][T12964] RIP: 0033:0x7f5b7f98e929
[  211.118847][T12964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.124608][T12964] RSP: 002b:00007f5b808ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  211.127140][T12964] RAX: ffffffffffffffda RBX: 00007f5b7fbb5fa0 RCX: 00007f5b7f98e929
[  211.129547][T12964] RDX: 0000000000000017 RSI: 0000000000c00000 RDI: 0000200000000000
[  211.132211][T12964] RBP: 00007f5b7fa10b39 R08: 0000000000000000 R09: 0000000000000000
[  211.135289][T12964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  211.138249][T12964] R13: 0000000000000000 R14: 00007f5b7fbb5fa0 R15: 00007ffec126f668
[  211.140793][T12964]  </TASK>
[  211.141782][T12964] Modules linked in:
[  211.143354][T12964] ---[ end trace 0000000000000000 ]---
[  211.150605][T12964] RIP: 0010:filemap_fault+0x1847/0x26c0
[  211.152413][T12964] Code: 00 e9 d2 ec ff ff 48 8b 7c 24 28 e8 23 39 2e 00 e9 79 f3 ff ff e8 29 61 c7 ff 48 c7 c6 a0 1f b9 8b 48 89 df e8 ba 9e 10 00 90 <0f> 0b e8 12 61 c7 ff 48 c7 c6 a0 15 b9 8b 48 89 df e8 a3 9e 10 00
[  211.159653][  T837] usb 6-1: USB disconnect, device number 31
[  211.159669][T12964] RSP: 0018:ffffc90006807760 EFLAGS: 00010293
[  211.164041][T12964] RAX: 0000000000000000 RBX: ffffea00012db980 RCX: 0000000000000000
[  211.166947][T12964] RDX: ffff888025d6c880 RSI: ffffffff81f4bb36 RDI: ffff888025d6ccc4
[  211.169813][T12964] RBP: ffffc90006807990 R08: 0000000000000001 R09: 0000000000000001
[  211.172682][T12964] R10: ffffffff90a80f57 R11: 0000000000000002 R12: ffff88802789b678
[  211.177202][T12964] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[  211.179737][T12964] FS:  00007f5b808ac6c0(0000) GS:ffff8880d6753000(0000) knlGS:0000000000000000
[  211.183150][T12964] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.186349][T12964] CR2: 00007f036e30ef98 CR3: 00000000486b3000 CR4: 0000000000352ef0
[  211.188895][T12964] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004520
[  211.191044][ T6100] usb 5-1: 0:2 : does not exist
[  211.191563][T12964] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  211.196801][ T6100] usb 5-1: USB disconnect, device number 37
[  211.197003][T12964] Kernel panic - not syncing: Fatal exception
[  211.199243][T12964] Kernel Offset: disabled

VM DIAGNOSIS:
05:44:28  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff855b8190 RDI=ffffffff9b087320 RBP=ffffffff9b0872e0 RSP=ffffc90006807090
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552030203a555043
R12=0000000000000000 R13=ffffffff9b087330 R14=ffffffff9b0872e0 R15=ffffffff9b0875a0
RIP=ffffffff855b81b7 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f5b808ac6c0 ffffffff 00c00000
GS =0000 ffff8880d6753000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c2e4755 CR3=00000000486b3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000004520 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299e11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299e11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299e11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299e11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299e11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299e11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299f84488 00007f6299f84480 00007f6299f84478 00007f6299f84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f629aaed100 00007f6299f84440 00007f6299f80004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6299f84498 00007f6299f84490 00007f6299f84488 00007f6299f84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88806a442080 RCX=ffffffff81b0007d RDX=ffff88802e444880
RSI=ffffffff81b00059 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc900287d7518
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000007c78
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed100d488411 R15=ffff88806a53b580
RIP=ffffffff81b0005b RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6853000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fd9ea6e7d60 CR3=0000000032406000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd9e9b846a3 00007fd9e9b846a3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcb05571c0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555555b0bbad 0000555555b0b8a0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555555b0931a 0000555555b08f90
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ee08000100000408 0606012788000200 0700040008840800 019e800401c71000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010a100000100001 0000060806060107 b002100000040100 00020806060607b8
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0030656c69662f2e 01ffffffffffffff ffef080003121000 0680808010000004
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 06013fb600020007 2e10000c80808010 00000406013fb600 0200071c10000880
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8080100000040601 3fb600100002d0ee 0800010000040806 0601278800020007
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000029d944 RBX=0000000000000002 RCX=ffffffff8b800c19 RDX=ffffed100d4c6646
RSI=ffffffff8c157820 RDI=ffffffff8191fc31 RBP=ffffed1003bd7910 RSP=ffffc90000187df8
R8 =0000000000000000 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000000
R12=0000000000000002 R13=ffff88801debc880 R14=ffffffff90a80f50 R15=0000000000000000
RIP=ffffffff8b7ff77f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6953000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffd40496f0c CR3=000000003489f000 CR4=00352ef0
DR0=0000000000000000 DR1=000000000000003c DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe91e3f7a0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4a01e11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4a01e11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4a01e11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4a01e11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4a01e11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f4a01e11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000002b931d RBX=0000000000000003 RCX=ffffffff8b800c19 RDX=0000000000000000
RSI=ffffffff8de19d08 RDI=ffffffff8c1578a0 RBP=ffffed1003bda000 RSP=ffffc90000197df8
R8 =0000000000000001 R9 =ffffed100d4e6645 R10=ffff88806a73322b R11=0000000000000001
R12=0000000000000003 R13=ffff88801ded0000 R14=ffffffff90a80f50 R15=0000000000000000
RIP=ffffffff8b7ff77f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c01300
GS =0000 ffff8880d6a53000 ffffffff 00c01300
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b2d513ff8 CR3=0000000065d10000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000004144 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000010100 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff93b271a0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f036d611b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f036d611b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f036d611b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f036d611b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f036d611bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f036d611c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000090 0000000000000002 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000