last executing test programs:

2m8.521414628s ago: executing program 2 (id=1212):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d500987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f353b3b090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

2m8.52116868s ago: executing program 2 (id=1213):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10)
getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000000)={'filter\x00', 0x0, 0x0, 0x1000000, [0x6, 0x1000, 0x3, 0x5, 0x49e, 0x40]}, &(0x7f00000000c0)=0x78)

2m8.440818793s ago: executing program 2 (id=1214):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r0, &(0x7f0000000000)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b3246c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1029}}, 0x1006)

2m8.380445296s ago: executing program 2 (id=1216):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getpeername$netrom(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000200000006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1ad, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB='&'], 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r3, r2, 0x26, 0x0, 0x0, @void, @value}, 0x10)
ioctl$TCFLSH(r1, 0x400455c8, 0x4)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x2004c880, &(0x7f0000000540)={0xa, 0x4e20, 0x8000002, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_le_set_ext_adv_params={{0xe6}, {0x0, 0xf}}}}, 0x8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r7)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010024bd7000fcdbdf2503000000180001801400020073797a5f74756e000000000000000000050005"], 0x34}, 0x1, 0x0, 0x0, 0x20009005}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000ac0)={'tunl0\x00', <r9=>r5, 0x8, 0x8, 0xfffff800, 0x2, {{0x1c, 0x4, 0x0, 0x20, 0x70, 0x65, 0x0, 0x80, 0x29, 0x0, @local, @local, {[@ssrr={0x89, 0x1b, 0xe5, [@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @multicast1, @broadcast, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x26}]}, @end, @end, @cipso={0x86, 0x32, 0x1, [{0x2, 0xf, "671ac79ca4eb15b4618ed5ffb7"}, {0x5, 0x4, "da7f"}, {0x1, 0x2}, {0x0, 0x5, "4f65e7"}, {0x0, 0x12, "140c1a5fbcb3a6d66f2a0000d49f7faa"}]}, @rr={0x7, 0xb, 0x4e, [@rand_addr=0x64010101, @multicast1]}]}}}}})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000780)=0x14)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000900)={r3, 0x58, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0}}, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000940)={'bond0\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000cc0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c80)={&(0x7f0000000d00)={0x274, r8, 0x4, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}]}]}, 0x274}, 0x1, 0x0, 0x0, 0x80}, 0x20004005)
sendmsg$nl_route_sched(r6, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000002000)=@delchain={0x754, 0x65, 0x10, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x6, 0x6}, {0xfff2, 0xd}, {0xb, 0xd}}, [@TCA_CHAIN={0x8, 0xb, 0x2e9}, @filter_kind_options=@f_u32={{0x8}, {0x720, 0x2, [@TCA_U32_SEL={0x6f4, 0x5, {0x9, 0x80, 0x0, 0xfffa, 0x6, 0x7ff, 0x4f7, 0x6, [{0xd, 0x5d, 0xc3, 0x9}, {0xa, 0x2, 0x5, 0xf}, {0xc0, 0x8b9, 0x1, 0x2}, {0x94, 0xffff, 0x74ba, 0x8}, {0x2, 0xb, 0x1, 0xccf}, {0x5, 0x6, 0x10001, 0x7f}, {0x800, 0xffff, 0xffff, 0x9}, {0x1, 0xaad, 0x6c, 0x400}, {0x5, 0x7, 0x8001, 0x7}, {0xa, 0x10001, 0x3, 0x800}, {0x140, 0x4, 0x3, 0x4}, {0x8001, 0x96f922f, 0x4, 0x35e1f2b4}, {0x9, 0xf, 0x2, 0xa8}, {0xf, 0x6, 0x0, 0x3}, {0x7, 0x10, 0x8, 0x7}, {0x6, 0x5, 0x1, 0x9}, {0x2, 0x5, 0x0, 0x2}, {0x0, 0x9b39, 0x10001, 0x40}, {0xfffffffb, 0x8, 0xbec, 0x5}, {0xfffffffa, 0xfff, 0x9, 0xffff7a5e}, {0x2, 0x48000000, 0x7d, 0x3}, {0x80000000, 0x6, 0x6, 0xfffffffd}, {0x7, 0x129, 0x8, 0x123}, {0x3, 0x2, 0x1}, {0x2, 0x3, 0x9, 0x537}, {0x3, 0x2c2, 0xa, 0x3}, {0x0, 0x401, 0x5, 0x5}, {0x81, 0x8001, 0xfffffff8, 0x13e80000}, {0x189dbba5, 0x9, 0x401}, {0x3, 0x80000001, 0x7, 0x9}, {0x300, 0xe0f, 0x0, 0x7}, {0x88a, 0x9, 0x10, 0x75}, {0xfffffffd, 0x3, 0x45, 0x3d61e948}, {0xf649, 0x9, 0x4, 0x3}, {0x3, 0x7, 0x4da1, 0x5}, {0x7, 0x8, 0x290}, {0x87e, 0x6, 0xc3cd, 0x76}, {0x2877, 0xda, 0x509, 0x1}, {0x3, 0x3, 0x2, 0x6}, {0x1, 0x4ff, 0x1, 0x1}, {0xfffffffe, 0x6, 0x93a, 0x5}, {0xfffffffa, 0x4, 0x66f0}, {0x61fd, 0x7, 0x5, 0x81}, {0x9, 0x57, 0x1, 0x3}, {0xfffffffe, 0x7ff, 0x0, 0xffffffff}, {0x7fff, 0x6, 0x3, 0x400}, {0x1e17, 0x3, 0x1ff, 0x4}, {0x6, 0x9, 0x3, 0xfffffff5}, {0x7, 0xd2f, 0x0, 0x944}, {0x0, 0x2, 0x0, 0x495e}, {0x8, 0xff, 0x0, 0x30}, {0x1, 0x10, 0x1, 0x10}, {0x683f93f, 0x3, 0x6, 0x5}, {0x8, 0x740, 0x3, 0x5}, {0xfffffff9, 0x1, 0x401, 0xffffffff}, {0x8e44, 0x1, 0xa8, 0x9}, {0xa06, 0x8, 0x6, 0x7ff}, {0x4, 0x5, 0x1, 0x72}, {0x3a6, 0x2, 0x8001, 0x3}, {0x81, 0x5, 0x7280, 0x1}, {0x7d78, 0x1ff, 0xfffffffe, 0x2}, {0x1, 0x7, 0x1000000, 0x9}, {0xffffff2a, 0x6, 0x8000, 0x6}, {0x10000, 0x7, 0xe73, 0x100}, {0x8, 0x1, 0x400, 0x1}, {0x69, 0x4, 0x529e, 0x7}, {0x1, 0x7, 0xb, 0x7}, {0x101, 0xb, 0x400, 0x3}, {0x4, 0x5, 0xfffffff8}, {0x80000000, 0xf, 0x1}, {0x101, 0xfffffffa, 0x5a5e, 0x6}, {0x78000000, 0x0, 0x5, 0x2}, {0x7, 0x0, 0x3, 0xfff}, {0x7, 0x22, 0x5, 0x4}, {0x7, 0xff, 0x0, 0xffe1}, {0xfffff800, 0xffffffff, 0x1, 0x1000}, {0x401, 0xf0d, 0x400, 0x2}, {0x9, 0x6018, 0x4, 0x20001}, {0x6, 0x8, 0xd071, 0x9ce4}, {0x8, 0x7, 0x10000, 0x10}, {0x8, 0x1ff, 0x7, 0x1}, {0x10001, 0x10000, 0x1, 0x2}, {0x2, 0x33, 0x7ff, 0x45000988}, {0x4, 0x9, 0x5b, 0xd543}, {0x1a9e03c, 0x7, 0x8}, {0x4, 0x7fff, 0x8, 0xfffffffa}, {0x0, 0x2, 0x0, 0x3ff}, {0x7, 0x7, 0x1, 0x80}, {0x6, 0x3, 0xd, 0x3}, {0x4, 0x401, 0xa51b, 0xffffffff}, {0x1ff, 0x5, 0x2, 0x101}, {0x0, 0x8, 0x4, 0x7}, {0x7, 0x4, 0x8d7, 0x101}, {0x4, 0x7, 0x4, 0x6f83}, {0x6, 0x5, 0x7, 0x2}, {0x4, 0x800, 0x7f, 0x4}, {0xb, 0x5, 0xa5, 0x9}, {0xfffffff9, 0x1b, 0x7fff, 0xe162}, {0x8, 0x3ff, 0x0, 0x66c}, {0x4, 0x4, 0x0, 0x9}, {0x4, 0x2, 0x8, 0x9}, {0xfffff3be, 0xfffffffc, 0x0, 0x5}, {0x6, 0x3, 0x8e, 0x3}, {0x1, 0x4, 0x5, 0x4}, {0x1, 0x168c, 0x6, 0x80000000}, {0x0, 0x6, 0x3b7b, 0x690}, {0xfffffffb, 0xf, 0x7ff, 0x1}, {0x9, 0x3e0, 0x6, 0x2e}, {0x3, 0x9, 0x1, 0xf12a}, {0x4ea, 0x4, 0x3, 0x7}]}}, @TCA_U32_DIVISOR={0x8, 0x4, 0x22}, @TCA_U32_MARK={0x10, 0xa, {0xb0, 0x9}}, @TCA_U32_CLASSID={0x8, 0x1, {0x9, 0xc}}, @TCA_U32_HASH={0x8, 0x2, 0x100}]}}]}, 0x754}, 0x1, 0x0, 0x0, 0x4040800}, 0x1)
r13 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000de000000000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r13, r5, 0x25, 0x8, @val=@iter={0x0}}, 0x20)
r14 = socket(0x10, 0x803, 0x0)
sendto(r14, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r14, &(0x7f00000037c0)=[{{&(0x7f0000000000)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x3ffffffffffff7c, 0x0, &(0x7f0000003700)={0x77359400})

2m8.240381755s ago: executing program 2 (id=1217):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x9, 0xfff1}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x681e}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x7, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x102)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'ip6tnl0\x00', {0x5}, 0xfff7})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="5400000202be7b0603000000000000000000000000000500050002000000050004000100000005000100060000000c00078008000640000000000900020073797a300000000010000300686173683a69702c6d61630041ef2a46dfb2ebf02452221a852864cf43d169e8e89b8fa766c3c9b03711b8bfc032be33fc737e3be3ccce02533b5e212413fce97372b2c8c026a016c3767e5d1ff407f843ac1e52686a55b49651a4ed74f1721be7a83e449e78300319af3175d96fba691d1acab018b667b242524b765964e9b6503ac0e73f211ca6d9cda18172d2684b669952cf77a7aa71b52a583b50772e24bbca898c6af3f9af3cdf40e7b4383d88b521049f55f2312808013f8ab3abfabacad9afc759b1650637dd203b01ce7556de6263e59f3d20bd300062bbbbebbbdebaa6f30bb81b1b1f7482242cf5f5aba922158f76354259143bb758346c7e72a40f1e7a527ec835075bc7de1e6ece5a36b61087c0a9f9d3ae07eb0f46c77e84b2e0a4ec4ffdc4100950161d5520d3006b6c945739d9abc8b0083b109d8d66c01cab7e493c8cbb118c02f8dff459fe74c0a080b8aa42a08f91e370f6c7e12bbd48fb02a6f6834e7dcef16a6d3a33a7115ca0d137e342af2c338244fa23c0e9cb4e073c3a2a71123984"], 0x54}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r8 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0xf5, 0x1}, 0x10)
r9 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r9, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r10 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r10, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)

2m8.110141937s ago: executing program 2 (id=1218):
mknod(0x0, 0x0, 0x5)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0800000004000000040000000900000000000000", @ANYBLOB="0077ffffffffffffff000000000000e0a93f0d69cfb9c235469a2cf4e282ccf7a24e488e1b54ca45a13d535c47cb14765462dbd9c875368817eb3670d513f14fb90200b746a5b2feb7d975d374c53020216eb3a9b03ffc8b9961341335", @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=<r2=>r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB="2c726f6f746d83b3afc061456d6f6465f50d08000000d3023030303030303030304d", @ANYRES64=r2, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRESHEX=r1])
write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x9, 0xffffffff80001408}}, 0x50)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00'})
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2b, 0x21dfdbfc, {0x0, 0x0, 0x0, r7, {0xd, 0xf}, {}, {0x7, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

2m4.371102548s ago: executing program 1 (id=1295):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x6000, @fd, 0xfffffffffffffffd, 0x20000000, 0x10000, 0x0, 0x1, {0x1}})
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x3, 0x4e042)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000))
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x0, <r1=>r0, 0x80000})
r2 = gettid()
timer_create(0x5, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000080)={0x9, 0x100})

2m3.511378927s ago: executing program 1 (id=1302):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d500987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f353b6d090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

2m3.510061787s ago: executing program 1 (id=1304):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4) (fail_nth: 14)

2m1.400754642s ago: executing program 1 (id=1325):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000003480)={0x2020}, 0x2020)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
add_key(&(0x7f00000001c0)='keyring\x00', &(0x7f0000001000), &(0x7f0000001000)="2e98", 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x80003, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e0000002ae1414aa0100000000000000"], 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x34, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0x8, 0x5, 0x0, 0x0, @u32=0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r5)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002c0000002c0000000900000007000000000002000000000000000000070000000000000e0100000000000000000000000000000202000000002e00"], 0x0, 0x4d, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
socket$inet6(0xa, 0x2, 0x3a)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt(r7, 0x0, 0x32, 0x0, &(0x7f0000000040))
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, &(0x7f00000000c0)=0x26d, 0x4)
capset(&(0x7f0000000280)={0x20071026}, &(0x7f0000000340))
mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000ffb000/0x1000)=nil, 0xffffffffdf004fff)

2m1.300803671s ago: executing program 1 (id=1327):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r0, &(0x7f0000000400)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2, 0x0, 0x0, @private1, 0xfffffffe}}, 0x24)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x24)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYRES8=r3, @ANYBLOB="4f883384f4cb5d7c6c35e3fb55c52353bedc7c0e12be34e523742762ff4eb2090a39b6a85a073dee4407d246f357355704d7b9e161c9b1dfd48b6541491206bbb73bd10f6a5a966ad96ea1f1c0342af425b9dd7f", @ANYBLOB="010700000000fcdbdf256700000008000300", @ANYRES32=r3, @ANYRESHEX=r1], 0x2c}}, 0x40)

2m1.131050093s ago: executing program 1 (id=1331):
preadv(0xffffffffffffffff, &(0x7f0000001b80)=[{0x0}, {&(0x7f0000000500)=""/101, 0x65}], 0x2, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c02600004100070100fcff0007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010)

2m1.107067427s ago: executing program 32 (id=1331):
preadv(0xffffffffffffffff, &(0x7f0000001b80)=[{0x0}, {&(0x7f0000000500)=""/101, 0x65}], 0x2, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c02600004100070100fcff0007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010)

1m53.089525732s ago: executing program 33 (id=1218):
mknod(0x0, 0x0, 0x5)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0800000004000000040000000900000000000000", @ANYBLOB="0077ffffffffffffff000000000000e0a93f0d69cfb9c235469a2cf4e282ccf7a24e488e1b54ca45a13d535c47cb14765462dbd9c875368817eb3670d513f14fb90200b746a5b2feb7d975d374c53020216eb3a9b03ffc8b9961341335", @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=<r2=>r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB="2c726f6f746d83b3afc061456d6f6465f50d08000000d3023030303030303030304d", @ANYRES64=r2, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRESHEX=r1])
write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x9, 0xffffffff80001408}}, 0x50)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lseek(0xffffffffffffffff, 0x0, 0x2)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00'})
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2b, 0x21dfdbfc, {0x0, 0x0, 0x0, r7, {0xd, 0xf}, {}, {0x7, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

1m47.160673997s ago: executing program 4 (id=1488):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e58650010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

1m47.160539497s ago: executing program 4 (id=1489):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRES64, @ANYBLOB="6965b374729b68d132d7b2db602644c845ea55e1219f97c005663bfc3fafb00715c49a1dcb21248332b9e854d871821cf69d4a4809d4208a3dbece0c31929e41b18dc3bd4a3f1fa919f82038464b0989907c38100c37da128a8d609a1cb97a3a9eef660c318ddd405320eb236efab0e48982be384765f1b34480a6b6de5eae05deb76bd228450a97929d9fa832b88c067a57794cf32c9adfec247099a8e22dc5cf5a46824d0c", @ANYRESDEC=r1, @ANYBLOB="d6d4827d7051151a61ae07227a7f7a4736b128254b273fb6f5f4706929089d4d8d827110628c14ae6bf64e4b73", @ANYRESOCT=r1])
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]})
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r2, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007006e6174"], 0x25c}}, 0x0)

1m46.270984926s ago: executing program 4 (id=1492):
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x2000802, 0x0)
mkdir(&(0x7f0000000000)='./cgroup\x00', 0x41)

1m46.27073803s ago: executing program 4 (id=1493):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x2}]}}}]}, 0x3c}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x420000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1fffffffff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000340)=@mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "186856f3"}})
pipe2(&(0x7f0000000000)={0x0, <r3=>0x0}, 0x0)
pipe(0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$UI_BEGIN_FF_UPLOAD(r4, 0xc06855c8, &(0x7f00000000c0)={0xc, 0x7, {0x55, 0x0, 0x5, {0x8, 0x3}, {0x3, 0x1}, @cond=[{0x80, 0xf, 0x688, 0x101, 0x1, 0xb}, {0x55b, 0x3, 0x7, 0x2, 0x3, 0x8000}]}, {0x57, 0x7, 0x8, {0xa10e}, {0x8, 0x3}, @ramp={0x400, 0x40, {0x8001, 0x2, 0xffff, 0x5}}}})
open_by_handle_at(0xffffffffffffffff, &(0x7f00000002c0)=@OVL_FILEID_V1={0x2a, 0xf8, {'\x00', {0x0, 0xfb, 0x27, 0x7, 0x3, "fe121221f1c083c7151135d6fa31e026", "53607ad6b96555d8a1b65a061f56e48d11ab"}}}, 0x200000)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000108117980800000000000109022400010000000009040000020308000009210000010122290a09058103"], 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0xe, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r6, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f00000001c0)={0x1, 0x2, 0xff, 0x800})
mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r9, @ANYRES64=r5], 0x44}}, 0x0)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)={[{}]})
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a300000000038000380340000802800018023000100118c"], 0xf0}, 0x1, 0x0, 0x0, 0x10}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000540), 0x101040, 0x0)

1m43.202417995s ago: executing program 4 (id=1503):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r0, &(0x7f0000000000)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a61c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1029}}, 0x1006)

1m43.000612384s ago: executing program 4 (id=1513):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x101400, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff, 0x2}, 0x18, 0x0)
read$FUSE(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="00000080", @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf253100000008000300", @ANYRES32=r4, @ANYBLOB="0800db00", @ANYRES32, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40815}, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f0000000140)="2600000014004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000b4000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb7020000080000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0x0, 0xe, 0x0, &(0x7f0000000640)="000000001beaea7a9644ef158011", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r9 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt$inet_mreqn(r9, 0x0, 0x20, 0x0, &(0x7f0000002ac0))
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, &(0x7f0000000580))
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r10, 0x0)
preadv(r10, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
write$tcp_congestion(r10, &(0x7f0000000200)='illinois\x00', 0x9)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r10, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x382d, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0x5})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
syz_io_uring_setup(0x723f, &(0x7f0000000500)={0x0, 0x2dde, 0x800, 0x2, 0x32f}, &(0x7f0000000100), &(0x7f0000000180))
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)

1m42.923412349s ago: executing program 34 (id=1513):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x101400, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff, 0x2}, 0x18, 0x0)
read$FUSE(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="00000080", @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf253100000008000300", @ANYRES32=r4, @ANYBLOB="0800db00", @ANYRES32, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x40815}, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f0000000140)="2600000014004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000b4000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb7020000080000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0x0, 0xe, 0x0, &(0x7f0000000640)="000000001beaea7a9644ef158011", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r9 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt$inet_mreqn(r9, 0x0, 0x20, 0x0, &(0x7f0000002ac0))
ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, &(0x7f0000000580))
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r10, 0x0)
preadv(r10, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
write$tcp_congestion(r10, &(0x7f0000000200)='illinois\x00', 0x9)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r10, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x382d, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0x5})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
syz_io_uring_setup(0x723f, &(0x7f0000000500)={0x0, 0x2dde, 0x800, 0x2, 0x32f}, &(0x7f0000000100), &(0x7f0000000180))
ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0)

6.420174124s ago: executing program 3 (id=3237):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40014}, 0x8000)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0x6)

6.316272991s ago: executing program 3 (id=3239):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001900010025bd7000000000001c1414"], 0x30}}, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000400)='.\x00', 0xa4000021)
r3 = open(&(0x7f0000000040)='.\x00', 0x418601, 0x8)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
mknod(&(0x7f0000000040)='./file0\x00', 0x8000, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(r5, r5, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x40200, 0x42)
r6 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000c0000ce0200000000000000000000003baf6e13000000000e6b6a5a0bccbfa58557cc8a5790d07fa2f98355b1ac0a4ca0dc9966bb29cf20ac5df80890ed13b4bff9"], 0x48)
r7 = dup2(r6, r5)
getsockname$packet(r3, &(0x7f0000000140), &(0x7f0000000340)=0x14)
r8 = syz_open_dev$video4linux(&(0x7f0000000040), 0x40007ff, 0x28842)
r9 = syz_open_dev$radio(&(0x7f0000002040), 0x3, 0x2)
ioctl$VIDIOC_G_MODULATOR(r9, 0xc0445636, &(0x7f0000000140)={0x0, "c1e3c6e9d4e0668be33dfa93c2a82cbbd334b5351b615cf0fac06b6babfa8bf6", 0x2, 0xffffc7d7, 0x4, 0x2, 0x3})
ioctl$VIDIOC_ENUMSTD(r8, 0xc0485619, &(0x7f0000000080)={0xfffffffb, 0x320000, "cde939b73644e113dd00b3eb443710d2ab8943e11513fc39", {0x3, 0xa0}, 0x101})
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000040)={<r11=>0x0, 0xfffc0000}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r10, 0x84, 0x75, &(0x7f00000002c0)={r11}, 0x8)
r12 = socket$nl_route(0x10, 0x3, 0x0)
r13 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000c80)={'lo\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x154, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r14, {}, {0xf, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}, @TCA_STAB={0x108, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, {0xc, 0x2, [0x0, 0x0, 0x0, 0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x2, [0x0, 0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, {0x18, 0x2, [0x0, 0x6, 0x2, 0x3, 0xdc36, 0x27, 0x400, 0x1, 0x3ff, 0x8240]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b2400, 0x3, 0x7}}, {0x12, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, {0x18, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008000)
getsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f0000000080)=0x1, 0x0)
ioctl$sock_bt_hci(r7, 0x800448d2, &(0x7f00000001c0)="e26cf790f3f2353501d88a96100c2e11a98304d0b32b7cd96ad5d1b13ba3e630d6eec8af863b506e8ceb3299cdb915d6298649b26b0ae75d5c84068ce778f5107b4e39a6609005f894161860f221e159717ad65119ddfc01acaf7b5ee6ff28a4c5bc985b02292ef4e41d37c5c17a1cd17e173afa24c3d9c74ee5f2b6febb2b2d4173100000009c9676dd55c3ff9291ee3d87")

4.189925402s ago: executing program 3 (id=3268):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f00000001c0)={0x4000, r1}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000180)={0x4000, r1}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x80, 0x8, 0x2, 0xe05, 0xe7, 0x4})
r3 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000380)=[0x8, 0xf0])

1.520460062s ago: executing program 6 (id=3305):
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000380)=[0x8, 0xf0])

1.147694195s ago: executing program 3 (id=3306):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000600007000000027c00000400fc80a72601"], 0x26c0}}, 0x4010)

1.147472851s ago: executing program 3 (id=3307):
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) (async)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='dctcp\x00', 0x6) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='dctcp\x00', 0x6)
fsmount(0xffffffffffffffff, 0x0, 0x88) (async)
r2 = fsmount(0xffffffffffffffff, 0x0, 0x88)
fchdir(r2)
mkdir(&(0x7f0000000440)='./file1\x00', 0xe0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) (async)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000400, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@nfs_export_on}]})
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000300), 0x0, &(0x7f00000003c0)={[{@nfs_export_on}, {@lowerdir={'lowerdir', 0x3d, './file2'}}, {@uuid_on}, {@nfs_export_on}, {@userxattr}, {@xino_auto}, {@redirect_dir_nofollow}, {@uuid_on}, {@uuid_off}, {@xino_off}]})
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000080)={0x980903, 0x4})
r5 = inotify_init()
inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x1400037e) (async)
inotify_add_watch(r5, &(0x7f0000000000)='.\x00', 0x1400037e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
inotify_add_watch(r5, &(0x7f0000000080)='.\x00', 0x80000000) (async)
inotify_add_watch(r5, &(0x7f0000000080)='.\x00', 0x80000000)
lsetxattr$trusted_overlay_origin(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r6 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, 0x0)
r7 = socket(0x2, 0x80805, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000240)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'sh\x00', 0x1, 0xfffffffe, 0x6e}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e26, 0x3, 'lc\x00', 0x16, 0x8, 0x8}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0x5, 0x12d5f, 0x3}}, 0x44)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r9, 0x0, 0x487, &(0x7f0000000280)={{0xff, @broadcast, 0x4e21, 0x3, 'ovf\x00', 0x3, 0x8, 0x4082}, {@broadcast, 0x4e20, 0x2, 0xc8, 0x80012c58, 0xf62}}, 0x44)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x16, 0x4, &(0x7f00000006c0)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x12, r3, 0x0) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x12, r3, 0x0)

1.010425472s ago: executing program 3 (id=3309):
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000380)=[0x8, 0xf0]) (fail_nth: 2)

868.694965ms ago: executing program 0 (id=3311):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="500000001000cff500000000ffffffff00000700", @ANYRES32=0x0, @ANYBLOB="0000000001401e0030001280080001006873720024000280050007000100000008000100", @ANYRES32=r3, @ANYBLOB="08000200", @ANYRES32=r1], 0x50}}, 0x0)

806.621107ms ago: executing program 0 (id=3315):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0xd}}, @NFT_MSG_NEWSET={0x20, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_DATA={0x4}}], {0x14}}, 0xa8}, 0x1, 0x0, 0x0, 0x44810}, 0x44000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x746, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r1, 0x4010744d, &(0x7f0000000180))
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e0b06"], 0xe)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(r3)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae01, 0x1)
syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f0000000080)={0xdddd0000, 0x28c000, 0x8})

430.250723ms ago: executing program 0 (id=3325):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000037c000004"], 0x26c0}}, 0x4010)

428.701981ms ago: executing program 0 (id=3327):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="440000001800010000000000000000000a00000000000000000300001800160014000100020000000000000000001000fc00010008001f"], 0x44}, 0x1, 0x0, 0x0, 0x24041004}, 0x0)

428.573471ms ago: executing program 5 (id=3328):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000006f80)=ANY=[@ANYBLOB="a03700002d00012826bd7000fcdbdf250400000005000b"], 0x37a0}, 0x1, 0x600, 0x0, 0x4000d}, 0x20004004)

359.770461ms ago: executing program 0 (id=3329):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x400)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = dup(0xffffffffffffffff)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
write$binfmt_misc(r2, &(0x7f00000000c0)="33481349a73f6df0eb2d0e92ab8069c5a68636fc1cafd9e279d19a479657d03bfa69f18c317ede62015fbd19365c5917405af0f0ce755f5877e4cef5ec76493ce2448f13ba632f8098421a27aea1f3734a33bdfd8adbe7b531e756a1fe23934754a2a07d72a244", 0x67)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
pread64(r1, &(0x7f0000000440)=""/230, 0xe6, 0x8)
chdir(&(0x7f0000000080)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
chdir(&(0x7f0000000280)='./file0/file0/..\x00')
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="820000000000000008010040"])

359.657388ms ago: executing program 5 (id=3330):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602feff00000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

299.580057ms ago: executing program 5 (id=3331):
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000000100)='./file0\x00')
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)

299.389043ms ago: executing program 5 (id=3332):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008520000000000000000000711208000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

240.202798ms ago: executing program 5 (id=3333):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mtu(r1, 0x0, 0xa, 0x0, 0x0)
setsockopt$inet_int(r1, 0x0, 0x2, &(0x7f0000000700)=0x91, 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000100)=0x3)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/167, &(0x7f0000000100)=""/47})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000340))
r4 = syz_clone(0x200100, &(0x7f0000000900)="2feb1e748a65f753e0e1c0ff6eae2851a69b0c544907bceda94175d66d147752111cc646c32cd47a88018ebed5f2148b5d163db4fcec94b187da9e8d53c798a3ff036876a74ab8743d39126abd084135a6646db4f9e4eae8b01f172b0691626e975196ebc264e6aee02a67aab6fb361d9143bc6608a98002c32cbedfcd872a71f95e84c1efebf5919003d3d818a3841932a530e04d9cdd88aeb2bb05e5693233aa220046f2a4a64addcd8eb548aec5a8def8d2ef6aca24166321d2dbf0819f0a2d32134c7f552911f882a9d8787fa9dc423a5378cbe67bcde3ae23f06d58685478a93f21f5f86b4f4435c61f1c3b96b2ebdb00eaebe620", 0xf7, &(0x7f0000000a00), &(0x7f0000000a40), &(0x7f0000000a80)="a1e2a8ff25b2bd771c2c4a813843de87")
prctl$PR_SET_PTRACER(0x59616d61, r4)
r5 = dup(r2)
sendmsg$rds(r5, &(0x7f00000008c0)={&(0x7f00000001c0)={0x2, 0x4e23, @broadcast}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000380)=""/223, 0xdf}, {&(0x7f0000000200)=""/64, 0x40}, {&(0x7f0000000480)=""/241, 0xf1}], 0x3, &(0x7f00000007c0)=[@mask_cswp={0x58, 0x114, 0x9, {{0x40, 0x6ae}, &(0x7f0000000580)=0x8000000000000000, &(0x7f00000005c0)=0xd7c2, 0x58, 0x5, 0x1, 0x9, 0x20, 0x5}}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000600)=""/144, 0x90}, &(0x7f00000006c0), 0x8}}, @mask_cswp={0x58, 0x114, 0x9, {{0x9, 0x1}, &(0x7f0000000740)=0xe27, &(0x7f0000000780)=0x7e6, 0xfe, 0x800, 0xde5c, 0x0, 0x6, 0x401}}], 0xe0, 0x48000}, 0x4000840)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x1, r5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x51857000)
syz_emit_ethernet(0xd2, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000e70c00001400fe8000000000000000000000000000bb000000000000000000000000000000004e214e21009c9078010000000200000098558ced0561c369bd33d395bb9998e65920ac070000000000000000000000002d8a3f8f6b35bf2999f23cb4b717412f777bd8931167fb9a2bdb672fb36b067900000000000000000000000000000000f24b91ff3ac89b423d9c2632e77da5f229e21074e80d66883c39541338b27b0047081c5ce5491f55d30a2224544c894ff9732ce4f1a601c017cf96f0"], 0x0)

240.019721ms ago: executing program 0 (id=3334):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40014}, 0x8000)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0x6) (fail_nth: 6)

180.123905ms ago: executing program 5 (id=3335):
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x28011, r2, 0x0)
readlink(&(0x7f0000000040)='./file0/file0/file0/file0/file0\x00', &(0x7f00000003c0)=""/176, 0xb0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000030000000000000000000000850000008700000085000000070000009500"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000002400)=ANY=[@ANYBLOB="0100000000f2fffff2000040"])
syz_emit_ethernet(0x3e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800471414aa07070441b613a300"/46, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c00000090780000"], 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r9, 0x0)
syz_open_dev$evdev(0x0, 0x5, 0x80082)
pselect6(0x0, 0x0, &(0x7f0000000000)={0xa4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0x0, 0x0)
preadv(r9, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r10, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0xc94})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
pivot_root(&(0x7f0000000140)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000240)='./file0/file0/file0/file0/file0\x00')
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0810", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000380)=[0x8, 0xf0])

158.703119ms ago: executing program 6 (id=3336):
mq_notify(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0xc, 0x1, @thr={0x0, 0x0}})
mq_notify(0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x9)
ioctl$TCXONC(r0, 0x540a, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x17)

70.212683ms ago: executing program 6 (id=3337):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000037c00000400fc80"], 0x26c0}}, 0x4010)

69.843188ms ago: executing program 6 (id=3338):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000200007000000027c00000400fc80a72601"], 0x26c0}}, 0x4010)

140.269µs ago: executing program 6 (id=3339):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32, @ANYBLOB="140035"], 0x3c}, 0x1, 0x0, 0x3f00}, 0x0)

0s ago: executing program 6 (id=3340):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) (async)
syz_open_dev$media(&(0x7f0000000940), 0x1, 0x169902) (async)
r0 = socket$pptp(0x18, 0x1, 0x2) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) (async)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r1, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)='x', 0x1}], 0x1}}], 0x1, 0x4048841)
socket$kcm(0x10, 0x2, 0x10)
connect$pptp(r0, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x1) (async)
socket(0x1e, 0x4, 0x0) (async)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
dup(r3) (async)
syz_io_uring_setup(0x1ec8, &(0x7f0000000300)={0x0, 0xed62, 0x10000, 0x2, 0x297}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

: batadv_slave_0
[  191.493173][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  191.495760][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  191.514264][   T13] veth0_macvtap: left promiscuous mode
[  191.516420][   T13] veth1_vlan: left promiscuous mode
[  191.518098][   T13] veth0_vlan: left promiscuous mode
[  192.065036][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  192.073527][T13082] netlink: 'syz.0.2375': attribute type 9 has an invalid length.
[  192.263984][   T13] team0 (unregistering): Port device team_slave_1 removed
[  192.305000][ T5938] Bluetooth: hci3: command 0x1003 tx timeout
[  192.305157][ T5939] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  192.343759][T13093] netlink: 'syz.0.2380': attribute type 3 has an invalid length.
[  192.346460][T13093] netlink: 'syz.0.2380': attribute type 1 has an invalid length.
[  192.348919][T13093] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.2380'.
[  192.349759][T13096] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2381'.
[  192.354682][T13096] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2381'.
[  192.379015][   T13] team0 (unregistering): Port device team_slave_0 removed
[  192.579156][   T12] smc: removing ib device syz2
[  193.066237][T13106] netlink: 'syz.6.2385': attribute type 9 has an invalid length.
[  193.127925][T13110] netlink: del zone limit has 4 unknown bytes
[  193.167170][T13112] netlink: set zone limit has 4 unknown bytes
[  193.289333][T13127] binder: 13126:13127 ioctl 4c0a 200000000140 returned -22
[  193.402298][T13138] netlink: set zone limit has 4 unknown bytes
[  193.406193][T13139] can0: slcan on ttyS3.
[  193.640119][T13163] vivid-001: disconnect
[  193.675475][T13158] can0 (unregistered): slcan off ttyS3.
[  193.738501][T13169] __nla_validate_parse: 3 callbacks suppressed
[  193.738513][T13169] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2409'.
[  193.777689][T13173] netlink: set zone limit has 4 unknown bytes
[  193.782454][T13175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2413'.
[  193.804294][T13177] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2414'.
[  193.839187][T13179] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2415'.
[  193.862930][T13183] netlink: 'syz.5.2416': attribute type 9 has an invalid length.
[  193.876080][T13185] ALSA: mixer_oss: invalid index 40000
[  193.884720][   T40] audit: type=1400 audit(1748996812.641:1046): avc:  denied  { execute } for  pid=13184 comm="syz.6.2417" path="/memory.stat" dev="ramfs" ino=49582 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  193.891914][   T40] audit: type=1400 audit(1748996812.651:1047): avc:  denied  { read } for  pid=13184 comm="syz.6.2417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  193.908265][T13191] can0: slcan on ttyS3.
[  193.929564][T13165] vivid-001: reconnect
[  193.942885][T13199] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2422'.
[  193.979675][T13201] netlink: set zone limit has 4 unknown bytes
[  194.008000][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  194.026786][T13207] netlink: 14220 bytes leftover after parsing attributes in process `syz.6.2426'.
[  194.063284][   T40] audit: type=1400 audit(1748996812.821:1048): avc:  denied  { link } for  pid=13209 comm="syz.0.2427" name="#23" dev="tmpfs" ino=456 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  194.099693][T13214] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2429'.
[  194.102629][T13208] can0 (unregistered): slcan off ttyS3.
[  194.117577][T13216] netlink: 'syz.6.2430': attribute type 1 has an invalid length.
[  194.120029][T13216] netlink: 'syz.6.2430': attribute type 3 has an invalid length.
[  194.122616][T13216] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2430'.
[  194.127022][T13216] NCSI netlink: No device for ifindex 0
[  194.163791][T13219] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2431'.
[  194.187815][T13220] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8722 sclass=netlink_route_socket pid=13220 comm=syz.6.2432
[  194.209877][T13222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2433'.
[  194.247311][T13225] netlink: set zone limit has 4 unknown bytes
[  194.331843][T13231] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24592 sclass=netlink_route_socket pid=13231 comm=syz.6.2437
[  194.383776][T13237] can0: slcan on ttyS3.
[  194.489357][T13245] netlink: set zone limit has 4 unknown bytes
[  194.538669][T13249] cgroup2: Unknown parameter 'euid'
[  194.580308][   T40] audit: type=1400 audit(1748996813.341:1049): avc:  denied  { watch watch_reads } for  pid=13259 comm="syz.5.2449" path="/244/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  194.587010][T13252] can0 (unregistered): slcan off ttyS3.
[  194.644915][   T40] audit: type=1400 audit(1748996813.401:1050): avc:  denied  { ioctl } for  pid=13266 comm="syz.6.2451" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x5621 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  194.707714][T13279] fuse: Bad value for 'fd'
[  194.716210][T13283] netlink: 'syz.0.2457': attribute type 9 has an invalid length.
[  194.729671][   T40] audit: type=1326 audit(1748996813.491:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13278 comm="syz.5.2455" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13f978e969 code=0x0
[  194.791669][T13288] syz.0.2459: attempt to access beyond end of device
[  194.791669][T13288] sr0: rw=0, sector=0, nr_sectors = 4 limit=0
[  194.796387][T13288] hfs: can't find a HFS filesystem on dev sr0
[  194.903675][T13303] JFS: discard option not supported on device
[  194.906546][T13303] syz.6.2464: attempt to access beyond end of device
[  194.906546][T13303] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0
[  194.910654][T13303] syz.6.2464: attempt to access beyond end of device
[  194.910654][T13303] nbd6: rw=0, sector=120, nr_sectors = 8 limit=0
[  194.914638][T13303] Mount JFS Failure: -5
[  195.215051][ T1023] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  195.386205][ T1023] usb 5-1: config 0 has no interfaces?
[  195.387994][ T1023] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  195.388009][ T1023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.389621][ T1023] usb 5-1: config 0 descriptor??
[  195.545820][T13323] netlink: set zone limit has 4 unknown bytes
[  195.585865][T13327] loop6: detected capacity change from 0 to 63
[  195.595397][T13328] buffer_io_error: 38 callbacks suppressed
[  195.595409][T13328] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.600168][T13328] Buffer I/O error on dev loop6, logical block 1, async page read
[  195.602865][T13328] Buffer I/O error on dev loop6, logical block 2, async page read
[  195.605792][T13328] Buffer I/O error on dev loop6, logical block 3, async page read
[  195.610364][ T5941] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.612960][ T5941] Buffer I/O error on dev loop6, logical block 1, async page read
[  195.615304][ T1469] usb 5-1: USB disconnect, device number 34
[  195.616360][ T5941] Buffer I/O error on dev loop6, logical block 2, async page read
[  195.620562][ T5941] Buffer I/O error on dev loop6, logical block 3, async page read
[  195.624089][T13328] Buffer I/O error on dev loop6, logical block 0, async page read
[  195.630252][T13328] Buffer I/O error on dev loop6, logical block 1, async page read
[  195.791156][   T40] audit: type=1400 audit(1748996814.551:1052): avc:  denied  { mount } for  pid=13331 comm="syz.3.2474" name="/" dev="9p" ino=35913813 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  195.831080][T13349] netlink: 'syz.5.2479': attribute type 10 has an invalid length.
[  195.859985][T13354] netlink: 'syz.6.2481': attribute type 12 has an invalid length.
[  195.862531][T13355] netlink: 'syz.5.2480': attribute type 7 has an invalid length.
[  195.866503][T13355] program syz.5.2480 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  195.881826][   T40] audit: type=1400 audit(1748996814.641:1053): avc:  denied  { unmount } for  pid=5932 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  195.906346][T13359] netlink: set zone limit has 4 unknown bytes
[  195.960667][   T40] audit: type=1400 audit(1748996814.721:1054): avc:  denied  { write } for  pid=13362 comm="syz.5.2486" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  196.000763][T13370] netlink: 'syz.6.2489': attribute type 10 has an invalid length.
[  196.051184][T13377] netlink: 'syz.3.2492': attribute type 9 has an invalid length.
[  196.077270][T13381] netlink: set zone limit has 4 unknown bytes
[  196.186265][T13397] random: crng reseeded on system resumption
[  196.300773][T13406] overlayfs: failed to resolve './file1/file0': -2
[  197.035009][ T1469] usb 11-1: new high-speed USB device number 13 using dummy_hcd
[  197.174951][ T1469] usb 11-1: device descriptor read/64, error -71
[  197.425236][ T1469] usb 11-1: new high-speed USB device number 14 using dummy_hcd
[  197.543872][   T40] audit: type=1400 audit(1748996816.301:1055): avc:  denied  { accept } for  pid=13446 comm="syz.3.2518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  197.555038][ T1469] usb 11-1: device descriptor read/64, error -71
[  197.622488][T13456] netlink: 'syz.3.2521': attribute type 9 has an invalid length.
[  197.665813][ T1469] usb usb11-port1: attempt power cycle
[  197.816749][T13464] Bluetooth: hci3: Frame reassembly failed (-84)
[  198.014966][ T1469] usb 11-1: new high-speed USB device number 15 using dummy_hcd
[  198.035587][ T1469] usb 11-1: device descriptor read/8, error -71
[  198.204924][   T10] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  198.284960][ T1469] usb 11-1: new high-speed USB device number 16 using dummy_hcd
[  198.305679][ T1469] usb 11-1: device descriptor read/8, error -71
[  198.355060][   T10] usb 5-1: Using ep0 maxpacket: 16
[  198.357986][   T10] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  198.360493][   T10] usb 5-1: config 0 has no interface number 0
[  198.362975][   T10] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  198.367465][   T10] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  198.371863][   T10] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  198.374657][   T10] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  198.377249][   T10] usb 5-1: Product: syz
[  198.378557][   T10] usb 5-1: SerialNumber: syz
[  198.382294][   T10] usb 5-1: config 0 descriptor??
[  198.386191][   T10] cm109 5-1:0.8: invalid payload size 0, expected 4
[  198.389306][   T10] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input28
[  198.415141][ T1469] usb usb11-port1: unable to enumerate USB device
[  198.594624][T13466] ip6gretap1: entered promiscuous mode
[  198.596393][T13466] ip6gretap1: entered allmulticast mode
[  198.603514][T13466] nftables ruleset with unbound chain
[  198.612229][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  198.612464][   T52] usb 5-1: USB disconnect, device number 35
[  198.614555][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  198.622502][   T52] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  199.441504][T13488] __nla_validate_parse: 11 callbacks suppressed
[  199.441515][T13488] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2534'.
[  199.479886][T13490] can0: slcan on ttyS3.
[  199.675692][T13493] can0 (unregistered): slcan off ttyS3.
[  199.827049][ T5939] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  199.827137][ T5938] Bluetooth: hci3: command 0x1003 tx timeout
[  199.992733][   T40] audit: type=1400 audit(1748996818.751:1056): avc:  denied  { bind } for  pid=13501 comm="syz.6.2540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  200.044364][T13519] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2545'.
[  200.202079][T13523] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2547'.
[  200.234347][   T40] audit: type=1400 audit(1748996818.991:1057): avc:  denied  { connect } for  pid=13524 comm="syz.0.2548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  200.242059][   T40] audit: type=1400 audit(1748996819.001:1058): avc:  denied  { map } for  pid=13524 comm="syz.0.2548" path="socket:[51511]" dev="sockfs" ino=51511 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  200.251786][   T40] audit: type=1400 audit(1748996819.001:1059): avc:  denied  { read accept } for  pid=13524 comm="syz.0.2548" path="socket:[51511]" dev="sockfs" ino=51511 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  200.284173][T13527] validate_nla: 1 callbacks suppressed
[  200.284190][T13527] netlink: 'syz.0.2549': attribute type 9 has an invalid length.
[  200.350731][T13535] netlink: 'syz.5.2553': attribute type 10 has an invalid length.
[  200.392819][T13539] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2555'.
[  200.535257][T13541] net_ratelimit: 1 callbacks suppressed
[  200.535271][T13541] netlink: set zone limit has 4 unknown bytes
[  200.648699][T13549] netlink: 'syz.3.2560': attribute type 9 has an invalid length.
[  200.936832][   T40] audit: type=1400 audit(1748996819.701:1060): avc:  denied  { audit_write } for  pid=13564 comm="syz.6.2565" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  201.445343][T13547] slcan: can't register candev
[  201.448343][T13547] Falling back ldisc for ttyS3.
[  201.669068][T13578] netlink: 'syz.6.2570': attribute type 10 has an invalid length.
[  201.741986][T13582] block device autoloading is deprecated and will be removed.
[  201.772874][ T5938] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  201.783356][ T5938] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  201.790098][ T5938] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  201.801001][T13584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2573'.
[  201.803897][T13584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2573'.
[  201.804177][ T5938] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  201.807669][T13584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2573'.
[  201.811424][ T5938] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  201.829518][T13584] tc_dump_action: action bad kind
[  201.857984][T13593] netlink: 14212 bytes leftover after parsing attributes in process `syz.0.2575'.
[  201.895063][ T5980] usb 10-1: new full-speed USB device number 26 using dummy_hcd
[  201.956999][T13585] chnl_net:caif_netlink_parms(): no params data found
[  201.995667][T13609] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2576'.
[  202.027893][T13615] netlink: 'syz.0.2580': attribute type 10 has an invalid length.
[  202.041626][T13585] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.043925][T13585] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.046301][ T5980] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  202.046449][T13585] bridge_slave_0: entered allmulticast mode
[  202.049494][ T5980] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  202.049513][ T5980] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  202.052193][T13585] bridge_slave_0: entered promiscuous mode
[  202.055888][ T5980] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  202.056720][ T5980] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  202.064733][T13585] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.065863][ T5980] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  202.070057][T13585] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.071633][ T5980] usb 10-1: Manufacturer: syz
[  202.074300][T13585] bridge_slave_1: entered allmulticast mode
[  202.080120][ T5980] usb 10-1: config 0 descriptor??
[  202.081394][T13585] bridge_slave_1: entered promiscuous mode
[  202.121863][T13585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  202.126014][ T5939] Bluetooth: hci1: unexpected subevent 0x05 length: 9 < 12
[  202.127338][T13585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.169022][T13585] team0: Port device team_slave_0 added
[  202.177736][T13585] team0: Port device team_slave_1 added
[  202.226774][T13585] batman_adv: batadv0: Adding interface: batadv_slave_0
[  202.229008][T13585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.237115][T13585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.246993][T13585] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.249162][T13585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.261247][T13585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.338729][T13585] hsr_slave_0: entered promiscuous mode
[  202.341818][T13585] hsr_slave_1: entered promiscuous mode
[  202.345119][ T5980] rc_core: IR keymap rc-hauppauge not found
[  202.345129][ T5980] Registered IR keymap rc-empty
[  202.345191][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.365066][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.397981][ T5980] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  202.402946][ T5980] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input29
[  202.409922][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.425679][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.444971][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.465614][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.495083][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.508139][T13585] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.515317][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.535458][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.555376][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.574970][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.593549][T13585] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.604967][ T5980] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  202.626470][ T5980] mceusb 10-1:0.0: Registered  with mce emulator interface version 1
[  202.628962][ T5980] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  202.633844][ T5980] usb 10-1: USB disconnect, device number 26
[  202.686603][T13585] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.788654][T13585] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.796065][T13634] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2584'.
[  202.865098][T13642] Bluetooth: MGMT ver 1.23
[  202.882709][T13647] fuse: Bad value for 'fd'
[  202.883548][   T40] audit: type=1400 audit(1748996821.641:1061): avc:  denied  { mounton } for  pid=13646 comm="syz.6.2589" path="/275/file0" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  202.937286][T13651] can0: slcan on ttyS3.
[  202.938615][T13585] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  202.944754][T13585] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  202.945324][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  202.973395][T13585] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  202.979560][T13585] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  203.050872][T13585] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.060801][T13585] 8021q: adding VLAN 0 to HW filter on device team0
[  203.070182][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.072789][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.076299][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.078560][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.109155][T13669] netlink: 'syz.6.2597': attribute type 10 has an invalid length.
[  203.149276][T13667] can0 (unregistered): slcan off ttyS3.
[  203.149292][   T40] audit: type=1326 audit(1748996821.911:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13673 comm="syz.6.2598" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f796578e969 code=0xffff0000
[  203.214786][T13585] 8021q: adding VLAN 0 to HW filter on device batadv0
[  203.245197][ T1469] usb 10-1: new full-speed USB device number 27 using dummy_hcd
[  203.263748][T13585] veth0_vlan: entered promiscuous mode
[  203.273944][T13585] veth1_vlan: entered promiscuous mode
[  203.293420][T13585] veth0_macvtap: entered promiscuous mode
[  203.302791][T13585] veth1_macvtap: entered promiscuous mode
[  203.315628][T13585] batman_adv: batadv0: Interface activated: batadv_slave_0
[  203.322652][T13585] batman_adv: batadv0: Interface activated: batadv_slave_1
[  203.327882][T13585] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  203.331684][T13585] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  203.334384][T13677] Bluetooth: hci0: Frame reassembly failed (-84)
[  203.337529][T13585] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  203.340130][T13585] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  203.389111][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.391584][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.406289][ T1469] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  203.409571][ T1469] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  203.413036][ T1469] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  203.413583][ T1207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.416402][ T1469] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  203.418886][ T1207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.423638][ T1469] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  203.428079][ T1469] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  203.430631][ T1469] usb 10-1: Manufacturer: syz
[  203.438490][ T1469] usb 10-1: config 0 descriptor??
[  203.627054][T13686] netlink: set zone limit has 4 unknown bytes
[  203.684989][ T1469] rc_core: IR keymap rc-hauppauge not found
[  203.687801][ T1469] Registered IR keymap rc-empty
[  203.689731][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.705014][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.721604][   T40] audit: type=1400 audit(1748996822.481:1063): avc:  denied  { map } for  pid=13692 comm="syz.3.2605" path="/dev/video3" dev="devtmpfs" ino=960 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  203.737914][ T1469] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  203.748021][ T1469] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input30
[  203.754687][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.784964][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.815548][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.835076][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.855131][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.877243][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.897296][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.915433][ T5938] Bluetooth: hci3: command tx timeout
[  203.919365][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.935584][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.941436][   T40] audit: type=1400 audit(1748996822.701:1064): avc:  denied  { getopt } for  pid=13702 comm="syz.3.2610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  203.942000][T13706] can0: slcan on ttyS3.
[  203.965001][ T1469] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  203.976497][T13703] /dev/sr0: Can't open blockdev
[  203.997921][ T1469] mceusb 10-1:0.0: Registered  with mce emulator interface version 1
[  204.000870][ T1469] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  204.015295][ T1469] usb 10-1: USB disconnect, device number 27
[  204.019026][T13711] syzkaller1: entered promiscuous mode
[  204.020832][T13711] syzkaller1: entered allmulticast mode
[  204.230458][   T40] audit: type=1400 audit(1748996822.991:1065): avc:  denied  { read } for  pid=13716 comm="syz.5.2614" path="socket:[54595]" dev="sockfs" ino=54595 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  204.246047][T13713] can0 (unregistered): slcan off ttyS3.
[  204.275404][T13719] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=13719 comm=syz.5.2615
[  204.281074][T13719] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  204.291521][T13719] cramfs: wrong magic
[  204.370759][T13729] 9pnet_fd: p9_fd_create_tcp (13729): problem connecting socket to 127.0.0.1
[  204.409167][T13734] netlink: 'syz.5.2621': attribute type 10 has an invalid length.
[  204.456337][T13737] __nla_validate_parse: 8 callbacks suppressed
[  204.456382][T13737] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2622'.
[  204.585051][T13748] netlink: 'syz.6.2625': attribute type 2 has an invalid length.
[  204.587613][T13748] netlink: 'syz.6.2625': attribute type 1 has an invalid length.
[  204.590040][T13748] netlink: 'syz.6.2625': attribute type 1 has an invalid length.
[  204.598945][T13744] xt_hashlimit: size too large, truncated to 1048576
[  204.602736][T13750] netlink: 13 bytes leftover after parsing attributes in process `syz.5.2627'.
[  204.675809][T13755] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2629'.
[  204.764473][T13765] SELinux:  policydb version -1415556864 does not match my version range 15-34
[  204.770744][T13765] SELinux: failed to load policy
[  204.892705][T13771] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2638'.
[  204.910585][T13774] netlink: set zone limit has 4 unknown bytes
[  204.939351][T13777] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2639'.
[  205.061135][T13783] kvm: pic: non byte write
[  205.062978][T13783] kvm: MWAIT instruction emulated as NOP!
[  205.129399][T13796] netlink: 500 bytes leftover after parsing attributes in process `syz.6.2647'.
[  205.173261][T13798] netlink: set zone limit has 4 unknown bytes
[  205.258180][T13804] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2651'.
[  205.313399][T13808] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2653'.
[  205.345119][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  205.546488][T13824] netlink: set zone limit has 4 unknown bytes
[  205.563914][T13826] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2661'.
[  205.590604][T13832] validate_nla: 5 callbacks suppressed
[  205.590621][T13832] netlink: 'syz.0.2663': attribute type 10 has an invalid length.
[  205.636624][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.639620][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.642367][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.648118][T13838] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  205.657063][T13838] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  205.675862][T13843] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  205.675862][T13843] The task syz.3.2665 (13843) triggered the difference, watch for misbehavior.
[  205.679018][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.686421][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.692424][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.698860][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.703816][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.711815][T13838] xfrm0 speed is unknown, defaulting to 1000
[  205.738604][  T214] Bluetooth: hci0: Frame reassembly failed (-84)
[  205.741188][T13847] Bluetooth: hci0: Frame reassembly failed (-84)
[  205.773820][T13850] netlink: set zone limit has 4 unknown bytes
[  205.860915][T13854] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2673'.
[  205.947589][T13860] netlink: 'syz.0.2676': attribute type 10 has an invalid length.
[  205.985507][ T5938] Bluetooth: hci3: command tx timeout
[  206.029125][T13872] netlink: 'syz.5.2682': attribute type 12 has an invalid length.
[  206.035175][T13870] netlink: set zone limit has 4 unknown bytes
[  206.112402][T13884] netlink: 'syz.0.2687': attribute type 10 has an invalid length.
[  206.248401][T13898] netlink: set zone limit has 4 unknown bytes
[  206.435030][ T1023] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[  206.455088][T13917] netlink: 'syz.0.2701': attribute type 10 has an invalid length.
[  206.568683][T13929] netlink: set zone limit has 4 unknown bytes
[  206.584925][ T1023] usb 10-1: Using ep0 maxpacket: 8
[  206.588217][ T1023] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  206.591729][ T1023] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  206.595974][ T1023] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  206.599274][ T1023] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.603363][ T1023] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  206.606461][ T1023] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.716387][T13945] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  206.719194][T13945] overlayfs: missing 'lowerdir'
[  206.722134][T13947] netlink: 'syz.0.2714': attribute type 39 has an invalid length.
[  206.817037][ T1023] usb 10-1: GET_CAPABILITIES returned 0
[  206.818929][ T1023] usbtmc 10-1:16.0: can't read capabilities
[  207.005275][ T6077] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  207.021422][ T1023] usb 10-1: USB disconnect, device number 28
[  207.154936][ T6077] usb 5-1: Using ep0 maxpacket: 8
[  207.157730][ T6077] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  207.160209][ T6077] usb 5-1: config 0 has no interface number 0
[  207.162225][ T6077] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  207.165927][ T6077] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  207.168724][ T6077] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.172974][ T6077] usb 5-1: config 0 descriptor??
[  207.178542][ T6077] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  207.430822][ T5980] usb 5-1: USB disconnect, device number 36
[  207.544803][T13950] netlink: 'syz.5.2715': attribute type 10 has an invalid length.
[  207.592805][T13954] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  207.598053][T13956] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  207.744987][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  207.745209][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  207.793921][T13969] netlink: set zone limit has 4 unknown bytes
[  207.872298][T13980] netlink: 'syz.5.2726': attribute type 10 has an invalid length.
[  207.908540][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  207.908550][   T40] audit: type=1400 audit(1748996826.671:1068): avc:  denied  { append } for  pid=13985 comm="syz.5.2728" name="pfkey" dev="proc" ino=4026533015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  207.991901][  T214] Bluetooth: hci0: Frame reassembly failed (-84)
[  207.993761][T13999] netlink: set zone limit has 4 unknown bytes
[  208.028197][T14004] netlink: 'syz.6.2736': attribute type 10 has an invalid length.
[  208.040739][T13997] Bluetooth: hci0: Frame reassembly failed (-84)
[  208.065002][ T5938] Bluetooth: hci3: command tx timeout
[  208.166208][T14026] netlink: 'syz.6.2745': attribute type 27 has an invalid length.
[  208.168242][T14024] netlink: set zone limit has 4 unknown bytes
[  208.328016][T14026] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  208.338080][T14026] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.424798][T14026] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.427888][T14026] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.430631][T14026] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.433434][T14026] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.441848][T14026] netdevsim netdevsim6 netdevsim0: left promiscuous mode
[  208.467161][T14029] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.469953][T14029] 8021q: adding VLAN 0 to HW filter on device team0
[  208.473799][T14029] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  208.476733][T14033] blktrace: Concurrent blktraces are not allowed on sg0
[  208.492731][   T70] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  208.612272][T14033] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  208.615263][T14033] overlayfs: missing 'lowerdir'
[  208.620499][T14036] blktrace: Concurrent blktraces are not allowed on sg0
[  209.077867][   T40] audit: type=1400 audit(1748996827.841:1069): avc:  denied  { setopt } for  pid=14070 comm="syz.6.2762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  209.465943][T14096] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present
[  209.468790][T14096] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9)
[  209.473888][   T40] audit: type=1400 audit(1748996828.231:1070): avc:  denied  { bind } for  pid=14094 comm="syz.5.2772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  209.475944][T14096] syz.5.2772: attempt to access beyond end of device
[  209.475944][T14096] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[  209.484744][T14096] exFAT-fs (nbd5): unable to read boot sector
[  209.487265][T14096] exFAT-fs (nbd5): failed to read boot sector
[  209.489235][T14096] exFAT-fs (nbd5): failed to recognize exfat type
[  209.741548][T14098] __nla_validate_parse: 19 callbacks suppressed
[  209.741560][T14098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2773'.
[  209.799691][   T40] audit: type=1400 audit(1748996828.561:1071): avc:  denied  { read } for  pid=5333 comm="acpid" name="event4" dev="devtmpfs" ino=3314 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  209.808967][   T40] audit: type=1400 audit(1748996828.561:1072): avc:  denied  { open } for  pid=5333 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3314 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  209.819448][   T40] audit: type=1400 audit(1748996828.561:1073): avc:  denied  { ioctl } for  pid=5333 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3314 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  209.827518][   T40] audit: type=1400 audit(1748996828.561:1074): avc:  denied  { ioctl } for  pid=14101 comm="syz.3.2775" path="/dev/input/mice" dev="devtmpfs" ino=940 ioctlcmd=0xae89 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  209.913879][T14107] overlayfs: missing 'workdir'
[  209.921048][T14107] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.2777'.
[  210.064952][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  210.065133][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  210.087514][T14122] FAULT_INJECTION: forcing a failure.
[  210.087514][T14122] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.091741][T14122] CPU: 3 UID: 0 PID: 14122 Comm: syz.3.2782 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  210.091764][T14122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  210.091776][T14122] Call Trace:
[  210.091783][T14122]  <TASK>
[  210.091789][T14122]  dump_stack_lvl+0x16c/0x1f0
[  210.091827][T14122]  should_fail_ex+0x512/0x640
[  210.091848][T14122]  _copy_from_user+0x2e/0xd0
[  210.091860][T14122]  copy_msghdr_from_user+0x98/0x160
[  210.091878][T14122]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  210.091901][T14122]  ___sys_sendmsg+0xfe/0x1d0
[  210.091917][T14122]  ? __pfx____sys_sendmsg+0x10/0x10
[  210.091932][T14122]  ? __lock_acquire+0x622/0x1c90
[  210.091965][T14122]  __sys_sendmsg+0x16d/0x220
[  210.091981][T14122]  ? __pfx___sys_sendmsg+0x10/0x10
[  210.092006][T14122]  do_syscall_64+0xcd/0x4c0
[  210.092018][T14122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.092028][T14122] RIP: 0033:0x7fb629f8e969
[  210.092037][T14122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.092048][T14122] RSP: 002b:00007fb62ad85038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  210.092058][T14122] RAX: ffffffffffffffda RBX: 00007fb62a1b5fa0 RCX: 00007fb629f8e969
[  210.092065][T14122] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  210.092071][T14122] RBP: 00007fb62ad85090 R08: 0000000000000000 R09: 0000000000000000
[  210.092077][T14122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.092083][T14122] R13: 0000000000000000 R14: 00007fb62a1b5fa0 R15: 00007ffe216323c8
[  210.092096][T14122]  </TASK>
[  210.105481][T14124] binder: 14123:14124 ioctl c0306201 200000000100 returned -22
[  210.140872][T14126] binder: BINDER_SET_CONTEXT_MGR already set
[  210.141817][T14124] ieee802154 phy1 wpan1: encryption failed: -22
[  210.144287][T14126] binder: 14125:14126 ioctl 4018620d 2000000000c0 returned -16
[  210.145316][ T5939] Bluetooth: hci3: command tx timeout
[  210.146421][T14127] binder: 14125:14127 ioctl c0306201 2000000003c0 returned -14
[  210.148617][T14127] binder_alloc: binder_alloc_mmap_handler: 14125 200000ffb000-200000fff000 already mapped failed -16
[  210.218549][T14136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2788'.
[  210.255541][T14141] SELinux: syz.0.2790 (14141) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  210.282110][T14126] syz.3.2784 (14126): drop_caches: 2
[  210.335540][T14152] Bluetooth: hci0: Frame reassembly failed (-84)
[  210.337846][  T214] Bluetooth: hci0: Frame reassembly failed (-84)
[  210.338704][T14149] binder: 14148:14149 ioctl c0306201 200000000640 returned -22
[  210.392520][T14155] overlay: ./file0 is not a directory
[  210.423301][   T40] audit: type=1400 audit(1748996829.181:1075): avc:  denied  { rename } for  pid=14153 comm="syz.3.2796" name="bus" dev="9p" ino=35913906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  210.557368][T14159] net_ratelimit: 20 callbacks suppressed
[  210.557379][T14159] netlink: del zone limit has 4 unknown bytes
[  210.598948][T14161] netlink: zone id is out of range
[  210.601251][T14161] netlink: zone id is out of range
[  210.603446][T14161] netlink: zone id is out of range
[  210.605730][T14161] netlink: zone id is out of range
[  210.607868][T14161] netlink: zone id is out of range
[  210.610047][T14161] netlink: zone id is out of range
[  210.612247][T14161] netlink: zone id is out of range
[  210.614400][T14161] netlink: zone id is out of range
[  210.616740][T14161] netlink: zone id is out of range
[  211.147383][   T40] audit: type=1326 audit(1748996829.911:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14167 comm="syz.0.2801" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6eaab8e969 code=0x0
[  211.188994][   T40] audit: type=1400 audit(1748996829.951:1077): avc:  denied  { read write } for  pid=14169 comm="syz.6.2802" name="uhid" dev="devtmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  211.231334][T14172] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2803'.
[  211.302319][T14177] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=14177 comm=syz.6.2805
[  211.306975][T14177] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=14177 comm=syz.6.2805
[  211.336936][T14180] validate_nla: 6 callbacks suppressed
[  211.336947][T14180] netlink: 'syz.6.2806': attribute type 10 has an invalid length.
[  211.404139][T14184] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2808'.
[  212.019694][T14201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2815'.
[  212.118098][T14209] netlink: 'syz.0.2818': attribute type 10 has an invalid length.
[  212.211069][T14215] FAULT_INJECTION: forcing a failure.
[  212.211069][T14215] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  212.216783][T14215] CPU: 1 UID: 0 PID: 14215 Comm: syz.0.2821 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  212.216798][T14215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  212.216805][T14215] Call Trace:
[  212.216810][T14215]  <TASK>
[  212.216814][T14215]  dump_stack_lvl+0x16c/0x1f0
[  212.216834][T14215]  should_fail_ex+0x512/0x640
[  212.216848][T14215]  _copy_from_iter+0x29f/0x16f0
[  212.216862][T14215]  ? rcu_is_watching+0x12/0xc0
[  212.216876][T14215]  ? __pfx__copy_from_iter+0x10/0x10
[  212.216886][T14215]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[  212.216902][T14215]  ? __asan_memset+0x23/0x50
[  212.216915][T14215]  ? __build_skb_around+0x278/0x3b0
[  212.216929][T14215]  ? is_vmalloc_addr+0x86/0xa0
[  212.216946][T14215]  netlink_sendmsg+0x829/0xdd0
[  212.216961][T14215]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.216978][T14215]  ____sys_sendmsg+0xa98/0xc70
[  212.216990][T14215]  ? copy_msghdr_from_user+0x10a/0x160
[  212.217006][T14215]  ? __pfx_____sys_sendmsg+0x10/0x10
[  212.217025][T14215]  ___sys_sendmsg+0x134/0x1d0
[  212.217041][T14215]  ? __pfx____sys_sendmsg+0x10/0x10
[  212.217056][T14215]  ? __lock_acquire+0x622/0x1c90
[  212.217088][T14215]  __sys_sendmsg+0x16d/0x220
[  212.217104][T14215]  ? __pfx___sys_sendmsg+0x10/0x10
[  212.217128][T14215]  do_syscall_64+0xcd/0x4c0
[  212.217139][T14215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.217150][T14215] RIP: 0033:0x7f6eaab8e969
[  212.217159][T14215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.217169][T14215] RSP: 002b:00007f6eab9c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  212.217180][T14215] RAX: ffffffffffffffda RBX: 00007f6eaadb5fa0 RCX: 00007f6eaab8e969
[  212.217186][T14215] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  212.217193][T14215] RBP: 00007f6eab9c1090 R08: 0000000000000000 R09: 0000000000000000
[  212.217199][T14215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.217205][T14215] R13: 0000000000000000 R14: 00007f6eaadb5fa0 R15: 00007ffeb28b8e38
[  212.217218][T14215]  </TASK>
[  212.384989][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  212.385208][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  212.439810][T14225] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=14225 comm=syz.6.2826
[  212.458621][T14228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2827'.
[  212.497466][T14234] netlink: 'syz.3.2830': attribute type 10 has an invalid length.
[  212.573094][T14243] FAULT_INJECTION: forcing a failure.
[  212.573094][T14243] name failslab, interval 1, probability 0, space 0, times 0
[  212.579107][T14243] CPU: 0 UID: 0 PID: 14243 Comm: syz.0.2833 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  212.579122][T14243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  212.579129][T14243] Call Trace:
[  212.579133][T14243]  <TASK>
[  212.579138][T14243]  dump_stack_lvl+0x16c/0x1f0
[  212.579159][T14243]  should_fail_ex+0x512/0x640
[  212.579172][T14243]  should_failslab+0xc2/0x120
[  212.579189][T14243]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  212.579204][T14243]  ? skb_clone+0x190/0x3f0
[  212.579223][T14243]  skb_clone+0x190/0x3f0
[  212.579239][T14243]  netlink_deliver_tap+0xabd/0xd30
[  212.579254][T14243]  netlink_unicast+0x5df/0x7f0
[  212.579268][T14243]  ? __pfx_netlink_unicast+0x10/0x10
[  212.579279][T14243]  ? __build_skb_around+0x278/0x3b0
[  212.579295][T14243]  netlink_sendmsg+0x8d1/0xdd0
[  212.579310][T14243]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.579327][T14243]  ____sys_sendmsg+0xa98/0xc70
[  212.579340][T14243]  ? copy_msghdr_from_user+0x10a/0x160
[  212.579356][T14243]  ? __pfx_____sys_sendmsg+0x10/0x10
[  212.579374][T14243]  ___sys_sendmsg+0x134/0x1d0
[  212.579391][T14243]  ? __pfx____sys_sendmsg+0x10/0x10
[  212.579406][T14243]  ? __lock_acquire+0x622/0x1c90
[  212.579439][T14243]  __sys_sendmsg+0x16d/0x220
[  212.579455][T14243]  ? __pfx___sys_sendmsg+0x10/0x10
[  212.579484][T14243]  do_syscall_64+0xcd/0x4c0
[  212.579495][T14243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.579506][T14243] RIP: 0033:0x7f6eaab8e969
[  212.579515][T14243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.579525][T14243] RSP: 002b:00007f6eab9c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  212.579536][T14243] RAX: ffffffffffffffda RBX: 00007f6eaadb5fa0 RCX: 00007f6eaab8e969
[  212.579542][T14243] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  212.579549][T14243] RBP: 00007f6eab9c1090 R08: 0000000000000000 R09: 0000000000000000
[  212.579555][T14243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.579561][T14243] R13: 0000000000000000 R14: 00007f6eaadb5fa0 R15: 00007ffeb28b8e38
[  212.579575][T14243]  </TASK>
[  212.727611][T14262] dummy0: entered promiscuous mode
[  212.728214][T14264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2840'.
[  212.775589][T14268] netlink: 'syz.0.2843': attribute type 10 has an invalid length.
[  212.784644][T14270] overlayfs: failed to resolve './file1': -2
[  212.856147][T14285] FAULT_INJECTION: forcing a failure.
[  212.856147][T14285] name failslab, interval 1, probability 0, space 0, times 0
[  212.867245][T14285] CPU: 1 UID: 0 PID: 14285 Comm: syz.0.2848 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  212.867261][T14285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  212.867269][T14285] Call Trace:
[  212.867273][T14285]  <TASK>
[  212.867277][T14285]  dump_stack_lvl+0x16c/0x1f0
[  212.867298][T14285]  should_fail_ex+0x512/0x640
[  212.867309][T14285]  ? __kmalloc_noprof+0xbf/0x510
[  212.867325][T14285]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  212.867340][T14285]  should_failslab+0xc2/0x120
[  212.867357][T14285]  __kmalloc_noprof+0xd2/0x510
[  212.867372][T14285]  ? avc_has_perm_noaudit+0x149/0x3b0
[  212.867388][T14285]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  212.867405][T14285]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  212.867421][T14285]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  212.867439][T14285]  ? bpf_lsm_capable+0x9/0x10
[  212.867451][T14285]  ? security_capable+0x7e/0x260
[  212.867466][T14285]  ? ns_capable+0xd7/0x110
[  212.867481][T14285]  genl_rcv_msg+0x55c/0x800
[  212.867496][T14285]  ? __pfx_genl_rcv_msg+0x10/0x10
[  212.867510][T14285]  ? __pfx_ovs_ct_limit_cmd_del+0x10/0x10
[  212.867529][T14285]  netlink_rcv_skb+0x155/0x420
[  212.867541][T14285]  ? __pfx_genl_rcv_msg+0x10/0x10
[  212.867555][T14285]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  212.867576][T14285]  ? netlink_deliver_tap+0x1ae/0xd30
[  212.867590][T14285]  genl_rcv+0x28/0x40
[  212.867601][T14285]  netlink_unicast+0x53d/0x7f0
[  212.867615][T14285]  ? __pfx_netlink_unicast+0x10/0x10
[  212.867626][T14285]  ? __build_skb_around+0x278/0x3b0
[  212.867643][T14285]  netlink_sendmsg+0x8d1/0xdd0
[  212.867657][T14285]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.867674][T14285]  ____sys_sendmsg+0xa98/0xc70
[  212.867687][T14285]  ? copy_msghdr_from_user+0x10a/0x160
[  212.867703][T14285]  ? __pfx_____sys_sendmsg+0x10/0x10
[  212.867722][T14285]  ___sys_sendmsg+0x134/0x1d0
[  212.867739][T14285]  ? __pfx____sys_sendmsg+0x10/0x10
[  212.867754][T14285]  ? __lock_acquire+0x622/0x1c90
[  212.867787][T14285]  __sys_sendmsg+0x16d/0x220
[  212.867803][T14285]  ? __pfx___sys_sendmsg+0x10/0x10
[  212.867828][T14285]  do_syscall_64+0xcd/0x4c0
[  212.867839][T14285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.867850][T14285] RIP: 0033:0x7f6eaab8e969
[  212.867859][T14285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.867869][T14285] RSP: 002b:00007f6eab9c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  212.867880][T14285] RAX: ffffffffffffffda RBX: 00007f6eaadb5fa0 RCX: 00007f6eaab8e969
[  212.867887][T14285] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  212.867893][T14285] RBP: 00007f6eab9c1090 R08: 0000000000000000 R09: 0000000000000000
[  212.867899][T14285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.867906][T14285] R13: 0000000000000000 R14: 00007f6eaadb5fa0 R15: 00007ffeb28b8e38
[  212.867919][T14285]  </TASK>
[  213.001889][T14302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2852'.
[  213.038352][   T60] Bluetooth: hci0: Frame reassembly failed (-84)
[  213.043620][T14306] Bluetooth: hci0: Frame reassembly failed (-84)
[  213.061351][T14310] netlink: 'syz.3.2857': attribute type 10 has an invalid length.
[  213.080904][T14309] 8021q: adding VLAN 0 to HW filter on device bond1
[  213.155737][T14317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2859'.
[  213.267201][T14327] FAULT_INJECTION: forcing a failure.
[  213.267201][T14327] name failslab, interval 1, probability 0, space 0, times 0
[  213.271058][T14327] CPU: 1 UID: 0 PID: 14327 Comm: syz.6.2863 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  213.271074][T14327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  213.271080][T14327] Call Trace:
[  213.271084][T14327]  <TASK>
[  213.271088][T14327]  dump_stack_lvl+0x16c/0x1f0
[  213.271109][T14327]  should_fail_ex+0x512/0x640
[  213.271120][T14327]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  213.271137][T14327]  should_failslab+0xc2/0x120
[  213.271154][T14327]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  213.271167][T14327]  ? __lock_acquire+0x622/0x1c90
[  213.271183][T14327]  ? __alloc_skb+0x2b2/0x380
[  213.271201][T14327]  __alloc_skb+0x2b2/0x380
[  213.271216][T14327]  ? __pfx___alloc_skb+0x10/0x10
[  213.271233][T14327]  ? find_held_lock+0x2b/0x80
[  213.271248][T14327]  ovs_ct_limit_cmd_reply_start+0x55/0x1f0
[  213.271263][T14327]  ovs_ct_limit_cmd_del+0x16e/0x7e0
[  213.271279][T14327]  ? __pfx_ovs_ct_limit_cmd_del+0x10/0x10
[  213.271292][T14327]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  213.271308][T14327]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  213.271325][T14327]  genl_family_rcv_msg_doit+0x206/0x2f0
[  213.271340][T14327]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  213.271359][T14327]  ? bpf_lsm_capable+0x9/0x10
[  213.271370][T14327]  ? security_capable+0x7e/0x260
[  213.271387][T14327]  ? ns_capable+0xd7/0x110
[  213.271400][T14327]  genl_rcv_msg+0x55c/0x800
[  213.271416][T14327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  213.271429][T14327]  ? __pfx_ovs_ct_limit_cmd_del+0x10/0x10
[  213.271447][T14327]  netlink_rcv_skb+0x155/0x420
[  213.271459][T14327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  213.271474][T14327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  213.271491][T14327]  ? netlink_deliver_tap+0x1ae/0xd30
[  213.271505][T14327]  genl_rcv+0x28/0x40
[  213.271517][T14327]  netlink_unicast+0x53d/0x7f0
[  213.271530][T14327]  ? __pfx_netlink_unicast+0x10/0x10
[  213.271541][T14327]  ? __build_skb_around+0x278/0x3b0
[  213.271562][T14327]  netlink_sendmsg+0x8d1/0xdd0
[  213.271576][T14327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.271593][T14327]  ____sys_sendmsg+0xa98/0xc70
[  213.271606][T14327]  ? copy_msghdr_from_user+0x10a/0x160
[  213.271622][T14327]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.271641][T14327]  ___sys_sendmsg+0x134/0x1d0
[  213.271657][T14327]  ? __pfx____sys_sendmsg+0x10/0x10
[  213.271672][T14327]  ? __lock_acquire+0x622/0x1c90
[  213.271704][T14327]  __sys_sendmsg+0x16d/0x220
[  213.271720][T14327]  ? __pfx___sys_sendmsg+0x10/0x10
[  213.271745][T14327]  do_syscall_64+0xcd/0x4c0
[  213.271756][T14327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.271767][T14327] RIP: 0033:0x7f796578e969
[  213.271776][T14327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.271787][T14327] RSP: 002b:00007f796651a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.271797][T14327] RAX: ffffffffffffffda RBX: 00007f79659b5fa0 RCX: 00007f796578e969
[  213.271804][T14327] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  213.271810][T14327] RBP: 00007f796651a090 R08: 0000000000000000 R09: 0000000000000000
[  213.271817][T14327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.271823][T14327] R13: 0000000000000000 R14: 00007f79659b5fa0 R15: 00007ffdcd116658
[  213.271836][T14327]  </TASK>
[  213.376730][T14328] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.380038][T14328] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.478329][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  213.478340][   T40] audit: type=1400 audit(1748996832.241:1080): avc:  denied  { mount } for  pid=14341 comm="syz.5.2868" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  213.512972][T14344] netlink: 'syz.5.2869': attribute type 10 has an invalid length.
[  213.518118][T14344] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  213.586312][   T70] bond0: (slave bond_slave_0): interface is now down
[  213.588834][   T70] bond0: (slave bond_slave_1): interface is now down
[  213.592762][T14350] netlink: 'syz.5.2871': attribute type 10 has an invalid length.
[  213.595829][T14350] syz_tun: entered promiscuous mode
[  213.602908][T14350] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  213.628444][T14332] xfrm1: entered allmulticast mode
[  213.740209][T14375] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  213.777706][T14381] netlink: 'syz.3.2881': attribute type 10 has an invalid length.
[  213.795117][T14381] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  213.837458][   T40] audit: type=1400 audit(1748996832.591:1081): avc:  denied  { write } for  pid=14385 comm="syz.3.2883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  213.846318][T14386] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  213.956913][T14405] @: renamed from vlan0
[  213.973604][T14409] netlink: 'syz.3.2893': attribute type 10 has an invalid length.
[  213.978994][T14405] Unknown options in mask 5
[  214.136695][T14438] FAULT_INJECTION: forcing a failure.
[  214.136695][T14438] name failslab, interval 1, probability 0, space 0, times 0
[  214.139036][T14441] x_tables: duplicate underflow at hook 2
[  214.140948][T14438] CPU: 0 UID: 0 PID: 14438 Comm: syz.5.2903 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  214.140964][T14438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  214.140971][T14438] Call Trace:
[  214.140975][T14438]  <TASK>
[  214.140980][T14438]  dump_stack_lvl+0x16c/0x1f0
[  214.141000][T14438]  should_fail_ex+0x512/0x640
[  214.141014][T14438]  should_failslab+0xc2/0x120
[  214.141031][T14438]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  214.141046][T14438]  ? skb_clone+0x190/0x3f0
[  214.141065][T14438]  skb_clone+0x190/0x3f0
[  214.141082][T14438]  netlink_deliver_tap+0xabd/0xd30
[  214.141097][T14438]  netlink_unicast+0x6b2/0x7f0
[  214.141111][T14438]  ? __pfx_netlink_unicast+0x10/0x10
[  214.141123][T14438]  ? __pfx____ratelimit+0x10/0x10
[  214.141137][T14438]  ? mark_held_locks+0x49/0x80
[  214.141156][T14438]  ovs_ct_limit_cmd_del+0x5a4/0x7e0
[  214.141173][T14438]  ? __pfx_ovs_ct_limit_cmd_del+0x10/0x10
[  214.141187][T14438]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  214.141202][T14438]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  214.141219][T14438]  genl_family_rcv_msg_doit+0x206/0x2f0
[  214.141235][T14438]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  214.141254][T14438]  ? bpf_lsm_capable+0x9/0x10
[  214.141266][T14438]  ? security_capable+0x7e/0x260
[  214.141281][T14438]  ? ns_capable+0xd7/0x110
[  214.141295][T14438]  genl_rcv_msg+0x55c/0x800
[  214.141324][T14438]  ? __pfx_genl_rcv_msg+0x10/0x10
[  214.141339][T14438]  ? __pfx_ovs_ct_limit_cmd_del+0x10/0x10
[  214.141357][T14438]  netlink_rcv_skb+0x155/0x420
[  214.141369][T14438]  ? __pfx_genl_rcv_msg+0x10/0x10
[  214.141383][T14438]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  214.141401][T14438]  ? netlink_deliver_tap+0x1ae/0xd30
[  214.141414][T14438]  genl_rcv+0x28/0x40
[  214.141426][T14438]  netlink_unicast+0x53d/0x7f0
[  214.141440][T14438]  ? __pfx_netlink_unicast+0x10/0x10
[  214.141451][T14438]  ? __build_skb_around+0x278/0x3b0
[  214.141467][T14438]  netlink_sendmsg+0x8d1/0xdd0
[  214.141482][T14438]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.141499][T14438]  ____sys_sendmsg+0xa98/0xc70
[  214.141512][T14438]  ? copy_msghdr_from_user+0x10a/0x160
[  214.141528][T14438]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.141552][T14438]  ___sys_sendmsg+0x134/0x1d0
[  214.141569][T14438]  ? __pfx____sys_sendmsg+0x10/0x10
[  214.141584][T14438]  ? __lock_acquire+0x622/0x1c90
[  214.141616][T14438]  __sys_sendmsg+0x16d/0x220
[  214.141632][T14438]  ? __pfx___sys_sendmsg+0x10/0x10
[  214.141657][T14438]  do_syscall_64+0xcd/0x4c0
[  214.141668][T14438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.141679][T14438] RIP: 0033:0x7f13f978e969
[  214.141689][T14438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.141699][T14438] RSP: 002b:00007f13fa66c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  214.141710][T14438] RAX: ffffffffffffffda RBX: 00007f13f99b5fa0 RCX: 00007f13f978e969
[  214.141716][T14438] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  214.141722][T14438] RBP: 00007f13fa66c090 R08: 0000000000000000 R09: 0000000000000000
[  214.141729][T14438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  214.141735][T14438] R13: 0000000000000000 R14: 00007f13f99b5fa0 R15: 00007ffe8c571608
[  214.141748][T14438]  </TASK>
[  214.165132][T14447] netlink: 'syz.5.2906': attribute type 10 has an invalid length.
[  214.493674][T14480] FAULT_INJECTION: forcing a failure.
[  214.493674][T14480] name failslab, interval 1, probability 0, space 0, times 0
[  214.498050][T14480] CPU: 1 UID: 0 PID: 14480 Comm: syz.5.2917 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  214.498077][T14480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  214.498084][T14480] Call Trace:
[  214.498094][T14480]  <TASK>
[  214.498099][T14480]  dump_stack_lvl+0x16c/0x1f0
[  214.498130][T14480]  should_fail_ex+0x512/0x640
[  214.498146][T14480]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  214.498162][T14480]  should_failslab+0xc2/0x120
[  214.498178][T14480]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  214.498193][T14480]  ? __alloc_skb+0x2b2/0x380
[  214.498209][T14480]  ? bpf_lsm_capable+0x9/0x10
[  214.498222][T14480]  __alloc_skb+0x2b2/0x380
[  214.498237][T14480]  ? __pfx___alloc_skb+0x10/0x10
[  214.498252][T14480]  ? genl_rcv_msg+0x4c0/0x800
[  214.498265][T14480]  ? genl_rcv_msg+0x4bb/0x800
[  214.498282][T14480]  netlink_ack+0x15d/0xb80
[  214.498298][T14480]  netlink_rcv_skb+0x332/0x420
[  214.498310][T14480]  ? __pfx_genl_rcv_msg+0x10/0x10
[  214.498324][T14480]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  214.498342][T14480]  ? netlink_deliver_tap+0x1ae/0xd30
[  214.498356][T14480]  genl_rcv+0x28/0x40
[  214.498367][T14480]  netlink_unicast+0x53d/0x7f0
[  214.498381][T14480]  ? __pfx_netlink_unicast+0x10/0x10
[  214.498392][T14480]  ? __build_skb_around+0x278/0x3b0
[  214.498408][T14480]  netlink_sendmsg+0x8d1/0xdd0
[  214.498423][T14480]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.498440][T14480]  ____sys_sendmsg+0xa98/0xc70
[  214.498454][T14480]  ? copy_msghdr_from_user+0x10a/0x160
[  214.498474][T14480]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.498493][T14480]  ___sys_sendmsg+0x134/0x1d0
[  214.498509][T14480]  ? __pfx____sys_sendmsg+0x10/0x10
[  214.498524][T14480]  ? __lock_acquire+0x622/0x1c90
[  214.498559][T14480]  __sys_sendmsg+0x16d/0x220
[  214.498575][T14480]  ? __pfx___sys_sendmsg+0x10/0x10
[  214.498600][T14480]  do_syscall_64+0xcd/0x4c0
[  214.498611][T14480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.498622][T14480] RIP: 0033:0x7f13f978e969
[  214.498631][T14480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.498641][T14480] RSP: 002b:00007f13fa66c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  214.498651][T14480] RAX: ffffffffffffffda RBX: 00007f13f99b5fa0 RCX: 00007f13f978e969
[  214.498658][T14480] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  214.498664][T14480] RBP: 00007f13fa66c090 R08: 0000000000000000 R09: 0000000000000000
[  214.498670][T14480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  214.498677][T14480] R13: 0000000000000000 R14: 00007f13f99b5fa0 R15: 00007ffe8c571608
[  214.498690][T14480]  </TASK>
[  214.636145][T14486] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  214.674089][T14488] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  214.841674][T14506] __nla_validate_parse: 13 callbacks suppressed
[  214.841689][T14506] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2929'.
[  215.115284][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  215.115383][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  215.185068][ T5980] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  215.263071][T14519] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  215.345563][ T5980] usb 10-1: Using ep0 maxpacket: 8
[  215.348559][ T5980] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  215.351806][ T5980] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  215.354947][ T5980] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  215.358044][ T5980] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  215.362167][ T5980] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  215.365255][ T5980] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.574451][ T5980] usb 10-1: usb_control_msg returned -71
[  215.576760][ T5980] usbtmc 10-1:16.0: can't read capabilities
[  215.585879][ T5980] usb 10-1: USB disconnect, device number 29
[  215.603750][T14534] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2942'.
[  215.639895][T14538] net_ratelimit: 383 callbacks suppressed
[  215.639906][T14538] netlink: del zone limit has 4 unknown bytes
[  215.642142][   T40] audit: type=1400 audit(1748996834.401:1082): avc:  denied  { ioctl } for  pid=14535 comm="syz.6.2943" path="socket:[56753]" dev="sockfs" ino=56753 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sock_file permissive=1
[  215.643731][T14538] FAULT_INJECTION: forcing a failure.
[  215.643731][T14538] name failslab, interval 1, probability 0, space 0, times 0
[  215.645996][T14536] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2943'.
[  215.659874][T14538] CPU: 2 UID: 0 PID: 14538 Comm: syz.0.2944 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  215.659889][T14538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  215.659895][T14538] Call Trace:
[  215.659899][T14538]  <TASK>
[  215.659904][T14538]  dump_stack_lvl+0x16c/0x1f0
[  215.659924][T14538]  should_fail_ex+0x512/0x640
[  215.659937][T14538]  should_failslab+0xc2/0x120
[  215.659954][T14538]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  215.659969][T14538]  ? skb_clone+0x190/0x3f0
[  215.659989][T14538]  skb_clone+0x190/0x3f0
[  215.660006][T14538]  netlink_deliver_tap+0xabd/0xd30
[  215.660021][T14538]  netlink_unicast+0x6b2/0x7f0
[  215.660035][T14538]  ? __pfx_netlink_unicast+0x10/0x10
[  215.660045][T14538]  ? genl_rcv_msg+0x4bb/0x800
[  215.660063][T14538]  netlink_ack+0x696/0xb80
[  215.660078][T14538]  netlink_rcv_skb+0x332/0x420
[  215.660090][T14538]  ? __pfx_genl_rcv_msg+0x10/0x10
[  215.660105][T14538]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  215.660123][T14538]  ? netlink_deliver_tap+0x1ae/0xd30
[  215.660136][T14538]  genl_rcv+0x28/0x40
[  215.660148][T14538]  netlink_unicast+0x53d/0x7f0
[  215.660161][T14538]  ? __pfx_netlink_unicast+0x10/0x10
[  215.660172][T14538]  ? __build_skb_around+0x278/0x3b0
[  215.660189][T14538]  netlink_sendmsg+0x8d1/0xdd0
[  215.660203][T14538]  ? __pfx_netlink_sendmsg+0x10/0x10
[  215.660221][T14538]  ____sys_sendmsg+0xa98/0xc70
[  215.660233][T14538]  ? copy_msghdr_from_user+0x10a/0x160
[  215.660265][T14538]  ? __pfx_____sys_sendmsg+0x10/0x10
[  215.660286][T14538]  ___sys_sendmsg+0x134/0x1d0
[  215.660302][T14538]  ? __pfx____sys_sendmsg+0x10/0x10
[  215.660317][T14538]  ? __lock_acquire+0x622/0x1c90
[  215.660351][T14538]  __sys_sendmsg+0x16d/0x220
[  215.660367][T14538]  ? __pfx___sys_sendmsg+0x10/0x10
[  215.660392][T14538]  do_syscall_64+0xcd/0x4c0
[  215.660404][T14538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.660414][T14538] RIP: 0033:0x7f6eaab8e969
[  215.660424][T14538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.660434][T14538] RSP: 002b:00007f6eab9c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  215.660444][T14538] RAX: ffffffffffffffda RBX: 00007f6eaadb5fa0 RCX: 00007f6eaab8e969
[  215.660451][T14538] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  215.660458][T14538] RBP: 00007f6eab9c1090 R08: 0000000000000000 R09: 0000000000000000
[  215.660464][T14538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  215.660470][T14538] R13: 0000000000000000 R14: 00007f6eaadb5fa0 R15: 00007ffeb28b8e38
[  215.660484][T14538]  </TASK>
[  215.664752][T14536] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2943'.
[  215.724357][T14542] nfs4: Bad value for 'source'
[  215.882520][   T40] audit: type=1400 audit(1748996834.641:1083): avc:  denied  { write } for  pid=14544 comm="syz.6.2947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  216.026378][T14552] netlink: set zone limit has 4 unknown bytes
[  216.085451][T14559] netlink: zone id is out of range
[  216.088026][T14559] netlink: zone id is out of range
[  216.090694][T14559] netlink: del zone limit has 4 unknown bytes
[  216.123655][T14566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2956'.
[  216.137608][T14568] netlink: del zone limit has 4 unknown bytes
[  216.140658][T14568] FAULT_INJECTION: forcing a failure.
[  216.140658][T14568] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.146892][T14568] CPU: 2 UID: 0 PID: 14568 Comm: syz.5.2957 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  216.146916][T14568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  216.146927][T14568] Call Trace:
[  216.146933][T14568]  <TASK>
[  216.146941][T14568]  dump_stack_lvl+0x16c/0x1f0
[  216.146973][T14568]  should_fail_ex+0x512/0x640
[  216.146996][T14568]  _copy_to_user+0x32/0xd0
[  216.147018][T14568]  simple_read_from_buffer+0xcb/0x170
[  216.147045][T14568]  proc_fail_nth_read+0x197/0x270
[  216.147069][T14568]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  216.147094][T14568]  ? rw_verify_area+0xcf/0x680
[  216.147115][T14568]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  216.147138][T14568]  vfs_read+0x1e4/0xc60
[  216.147164][T14568]  ? __pfx___mutex_lock+0x10/0x10
[  216.147182][T14568]  ? __pfx_vfs_read+0x10/0x10
[  216.147210][T14568]  ? __fget_files+0x20e/0x3c0
[  216.147242][T14568]  ksys_read+0x12a/0x250
[  216.147264][T14568]  ? __pfx_ksys_read+0x10/0x10
[  216.147295][T14568]  do_syscall_64+0xcd/0x4c0
[  216.147314][T14568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.147331][T14568] RIP: 0033:0x7f13f978d37c
[  216.147346][T14568] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  216.147363][T14568] RSP: 002b:00007f13fa66c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  216.147381][T14568] RAX: ffffffffffffffda RBX: 00007f13f99b5fa0 RCX: 00007f13f978d37c
[  216.147393][T14568] RDX: 000000000000000f RSI: 00007f13fa66c0a0 RDI: 0000000000000004
[  216.147405][T14568] RBP: 00007f13fa66c090 R08: 0000000000000000 R09: 0000000000000000
[  216.147416][T14568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  216.147425][T14568] R13: 0000000000000000 R14: 00007f13f99b5fa0 R15: 00007ffe8c571608
[  216.147448][T14568]  </TASK>
[  216.288746][ T1023] usb 11-1: new high-speed USB device number 17 using dummy_hcd
[  216.297347][T14575] Bluetooth: hci0: Frame reassembly failed (-84)
[  216.394322][T14580] validate_nla: 3 callbacks suppressed
[  216.394333][T14580] netlink: 'syz.0.2962': attribute type 10 has an invalid length.
[  216.447690][ T1023] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  216.451143][ T1023] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  216.454440][ T1023] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  216.458950][ T1023] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  216.461812][ T1023] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.466535][ T1023] usb 11-1: config 0 descriptor??
[  216.507880][   T40] audit: type=1400 audit(1748996835.271:1084): avc:  denied  { lock } for  pid=14583 comm="syz.0.2964" path="socket:[59469]" dev="sockfs" ino=59469 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  216.614802][T14587] fuseblk: Bad value for 'fd'
[  216.622301][   T10] IPVS: starting estimator thread 0...
[  216.625303][   T40] audit: type=1400 audit(1748996835.391:1085): avc:  denied  { mounton } for  pid=14583 comm="syz.0.2964" path="/207/file0" dev="hugetlbfs" ino=58519 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1
[  216.714946][T14588] IPVS: using max 43 ests per chain, 103200 per kthread
[  216.873700][ T1023] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd
[  216.877599][ T1023] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  216.888781][ T1023] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  217.141852][   T10] usb 11-1: USB disconnect, device number 17
[  217.324367][T14591] netlink: set zone limit has 4 unknown bytes
[  217.411470][   T40] audit: type=1400 audit(1748996836.171:1086): avc:  denied  { write } for  pid=14597 comm="syz.0.2968" path="socket:[56825]" dev="sockfs" ino=56825 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  217.426163][   T70] bond0: (slave syz_tun): interface is now down
[  217.509120][T14604] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2970'.
[  217.511980][T14604] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2970'.
[  217.539054][T14606] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2971'.
[  217.667449][T14613] netlink: 'syz.6.2974': attribute type 10 has an invalid length.
[  217.732685][T14623] netlink: set zone limit has 4 unknown bytes
[  217.759523][T14625] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2980'.
[  217.792912][T14628] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2981'.
[  217.940525][T14642] syz.0.2985: attempt to access beyond end of device
[  217.940525][T14642] sr0: rw=0, sector=4, nr_sectors = 4 limit=0
[  217.946675][T14642] vxfs: unable to read disk superblock at 1
[  217.949509][T14642] syz.0.2985: attempt to access beyond end of device
[  217.949509][T14642] sr0: rw=0, sector=32, nr_sectors = 4 limit=0
[  217.954781][T14642] vxfs: unable to read disk superblock at 8
[  217.957952][T14642] vxfs: can't find superblock.
[  217.967430][T14643] syz.0.2985: attempt to access beyond end of device
[  217.967430][T14643] sr0: rw=0, sector=4, nr_sectors = 4 limit=0
[  217.971467][T14643] vxfs: unable to read disk superblock at 1
[  217.973476][T14643] syz.0.2985: attempt to access beyond end of device
[  217.973476][T14643] sr0: rw=0, sector=32, nr_sectors = 4 limit=0
[  217.975151][ T5980] usb 11-1: new full-speed USB device number 18 using dummy_hcd
[  217.977800][T14643] vxfs: unable to read disk superblock at 8
[  217.981668][T14643] vxfs: can't find superblock.
[  218.013295][T14650] ref_ctr_offset mismatch. inode: 0x4a3 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  218.100867][T14652] bridge: RTM_NEWNEIGH with invalid state 0x20
[  218.103647][T14652] netlink: zone id is out of range
[  218.105414][T14652] netlink: zone id is out of range
[  218.146725][ T5980] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  218.149857][ T5980] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  218.164922][ T5980] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  218.168407][ T5980] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  218.173567][ T5980] usb 11-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  218.177465][ T5980] usb 11-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  218.180111][ T5980] usb 11-1: Manufacturer: syz
[  218.188542][ T5980] usb 11-1: config 0 descriptor??
[  218.305091][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  218.305817][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  218.369794][T14666] netlink: 'syz.0.2995': attribute type 10 has an invalid length.
[  218.407373][   T40] audit: type=1401 audit(1748996837.171:1087): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t
[  218.434992][ T5980] rc_core: IR keymap rc-hauppauge not found
[  218.437007][ T5980] Registered IR keymap rc-empty
[  218.438593][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.461168][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.476435][ T5980] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0
[  218.481183][ T5980] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0/input34
[  218.487958][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.504957][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.525050][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.545049][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.565008][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.584935][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.605041][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.625947][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.645074][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.664936][ T5980] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  218.676969][   T40] audit: type=1400 audit(1748996837.441:1088): avc:  denied  { connect } for  pid=14683 comm="syz.5.3002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  218.680317][T14684] sp0: Synchronizing with TNC
[  218.687265][ T5980] mceusb 11-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  218.690507][ T5980] mceusb 11-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  218.704800][ T5980] usb 11-1: USB disconnect, device number 18
[  219.064382][T14701] netlink: 'syz.0.3008': attribute type 11 has an invalid length.
[  219.122397][T14705] 8021q: VLANs not supported on gre0
[  219.134257][T14705] Bluetooth: hci0: Frame reassembly failed (-84)
[  219.139475][   T60] Bluetooth: hci0: Frame reassembly failed (-84)
[  219.202634][T14711] netlink: 'syz.6.3013': attribute type 10 has an invalid length.
[  219.214976][ T5980] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[  219.322467][T14720] netlink: 'syz.6.3017': attribute type 10 has an invalid length.
[  219.326836][T14720] dummy0: entered promiscuous mode
[  219.345338][   T60] bond0: (slave wlan1): interface is now down
[  219.348103][   T60] bond0: now running without any active interface!
[  219.385983][ T5980] usb 10-1: Using ep0 maxpacket: 8
[  219.391720][ T5980] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  219.395479][ T5980] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  219.398813][ T5980] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  219.402229][ T5980] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  219.408932][ T5980] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  219.411828][ T5980] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.623300][ T5980] usb 10-1: GET_CAPABILITIES returned 0
[  219.625179][ T5980] usbtmc 10-1:16.0: can't read capabilities
[  219.674937][   T54] usb 11-1: new full-speed USB device number 19 using dummy_hcd
[  219.826380][T14697] usbtmc 10-1:16.0: usbtmc488_ioctl_trigger returned -71
[  219.826810][   T54] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  219.832897][   T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  219.839230][   T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  219.843170][   T54] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  219.849487][   T54] usb 11-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  219.852277][   T54] usb 11-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  219.854709][   T54] usb 11-1: Manufacturer: syz
[  219.861875][   T54] usb 11-1: config 0 descriptor??
[  220.114986][   T54] rc_core: IR keymap rc-hauppauge not found
[  220.117500][   T54] Registered IR keymap rc-empty
[  220.119882][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.145022][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.152112][ T5980] usb 10-1: USB disconnect, device number 30
[  220.165436][   T54] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0
[  220.170596][   T54] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0/input35
[  220.175755][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.205945][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.226699][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.256143][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.274981][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.295872][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.314973][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.335786][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.354982][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.375072][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  220.395842][   T54] mceusb 11-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  220.398837][   T54] mceusb 11-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  220.404322][   T54] usb 11-1: USB disconnect, device number 19
[  220.849396][   T40] audit: type=1400 audit(1748996839.611:1089): avc:  denied  { name_connect } for  pid=14738 comm="syz.6.3024" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  220.867705][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  220.869629][T14744] __nla_validate_parse: 8 callbacks suppressed
[  220.869640][T14744] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3025'.
[  221.001709][T14746] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3026'.
[  221.118143][T14754] netlink: 'syz.6.3029': attribute type 10 has an invalid length.
[  221.145612][T14756] netlink: 'syz.6.3031': attribute type 2 has an invalid length.
[  221.184982][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  221.186832][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  221.227485][T14761] net_ratelimit: 9 callbacks suppressed
[  221.227501][T14761] netlink: del zone limit has 4 unknown bytes
[  221.253138][T14763] netlink: set zone limit has 4 unknown bytes
[  221.284382][T14767] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3035'.
[  221.397110][T14777] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3040'.
[  221.399875][T14777] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3040'.
[  221.402548][T14777] netlink: 'syz.5.3040': attribute type 13 has an invalid length.
[  221.430170][T14780] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3041'.
[  221.501395][T14782] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3042'.
[  221.660694][T14796] netlink: 'syz.5.3047': attribute type 10 has an invalid length.
[  221.674923][    T0] NOHZ tick-stop error: local softirq work is pending, handler #20a!!!
[  221.778739][T14804] netlink: del zone limit has 4 unknown bytes
[  221.820781][T14806] netlink: set zone limit has 4 unknown bytes
[  221.946070][T14812] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3053'.
[  222.037541][T14818] netlink: del zone limit has 4 unknown bytes
[  222.049676][T14818] nbd: device at index 5 is going down
[  222.136149][T14822] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3059'.
[  222.153374][T14824] netlink: 'syz.5.3058': attribute type 11 has an invalid length.
[  222.189133][T14826] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3060'.
[  222.297071][T14834] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  222.330071][T14836] netlink: 'syz.6.3065': attribute type 10 has an invalid length.
[  222.436560][T14843] netlink: del zone limit has 4 unknown bytes
[  222.458499][T14845] netlink: set zone limit has 4 unknown bytes
[  222.551097][T14860] netlink: del zone limit has 4 unknown bytes
[  222.643538][T14864] program syz.5.3076 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  222.705862][T14872] netlink: 'syz.6.3079': attribute type 10 has an invalid length.
[  222.757613][T14879] netlink: 'syz.6.3081': attribute type 10 has an invalid length.
[  222.770182][T14881] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14881 comm=syz.5.3082
[  222.812473][   T40] audit: type=1326 audit(1748996841.571:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14882 comm="syz.6.3083" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f796578e969 code=0x7ffe0000
[  222.847372][T14885] Bluetooth: hci0: Frame reassembly failed (-84)
[  222.849944][   T70] Bluetooth: hci0: Frame reassembly failed (-84)
[  222.849950][   T40] audit: type=1400 audit(1748996841.611:1091): avc:  denied  { setattr } for  pid=14886 comm="syz.0.3085" name="NETLINK" dev="sockfs" ino=59844 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  222.875562][T14892] netlink: del zone limit has 4 unknown bytes
[  222.910673][T14894] netlink: set zone limit has 4 unknown bytes
[  222.939634][T14896] overlayfs: missing 'lowerdir'
[  223.446504][T14922] netlink: 'syz.0.3098': attribute type 10 has an invalid length.
[  223.974991][ T1023] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  224.146761][ T1023] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  224.149602][ T1023] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.152054][ T1023] usb 5-1: Product: syz
[  224.153371][ T1023] usb 5-1: Manufacturer: syz
[  224.154980][ T1023] usb 5-1: SerialNumber: syz
[  224.157766][ T1023] usb 5-1: config 0 descriptor??
[  224.201882][   T40] audit: type=1400 audit(1748996842.961:1092): avc:  denied  { write } for  pid=14950 comm="syz.3.3109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  224.864957][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  224.865193][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  224.967929][T14964] netlink: 'syz.6.3113': attribute type 10 has an invalid length.
[  224.999922][   T61] usb 5-1: USB disconnect, device number 37
[  225.275149][ T1023] usb 11-1: new full-speed USB device number 20 using dummy_hcd
[  225.426611][ T1023] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.429863][ T1023] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  225.433263][ T1023] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  225.436394][ T1023] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  225.441306][ T1023] usb 11-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  225.444147][ T1023] usb 11-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  225.447853][ T1023] usb 11-1: Manufacturer: syz
[  225.451679][ T1023] usb 11-1: config 0 descriptor??
[  225.627440][ T1142] Bluetooth: hci0: Frame reassembly failed (-84)
[  225.629471][   T70] Bluetooth: hci0: Frame reassembly failed (-84)
[  225.632981][T15015] virtio-fs: tag </dev/sg0> not found
[  225.677582][T15017] Bluetooth: hci0: Frame reassembly failed (-84)
[  225.715141][ T1023] rc_core: IR keymap rc-hauppauge not found
[  225.717710][ T1023] Registered IR keymap rc-empty
[  225.720432][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.736691][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.756265][ T1023] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0
[  225.761243][ T1023] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0/input36
[  225.767582][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.795496][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.815185][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.835152][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.865016][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.885040][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.906435][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.924962][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.945035][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.965177][ T1023] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  225.986878][ T1023] mceusb 11-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  225.990064][ T1023] mceusb 11-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  225.998461][ T1023] usb 11-1: USB disconnect, device number 20
[  226.395953][T15021] netlink: 'syz.6.3136': attribute type 9 has an invalid length.
[  226.398854][T15021] netlink: 'syz.6.3136': attribute type 9 has an invalid length.
[  226.677651][T15034] __nla_validate_parse: 14 callbacks suppressed
[  226.677663][T15034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3141'.
[  226.757982][   T54] hid (null): unknown global tag 0xa2
[  226.760213][   T54] hid (null): bogus close delimiter
[  226.762865][   T54] hid (null): unknown global tag 0xd
[  226.764716][   T54] hid (null): unknown global tag 0xd
[  226.769404][   T54] hid (null): unknown global tag 0xe
[  226.771769][   T54] hid (null): unknown global tag 0xd
[  226.774235][   T54] hid (null): unknown global tag 0xe
[  226.777618][   T54] hid (null): unknown global tag 0xfd
[  226.780057][   T54] hid (null): unknown global tag 0xe
[  226.782427][   T54] hid (null): unknown global tag 0x57
[  226.784806][   T54] hid (null): unknown global tag 0xc
[  226.788226][   T54] hid (null): unknown global tag 0xe
[  226.790557][   T54] hid (null): unknown global tag 0xd
[  226.792867][   T54] hid (null): unknown global tag 0xd
[  226.795598][   T54] hid (null): unknown global tag 0xd
[  226.797971][   T54] hid (null): unknown global tag 0xd
[  226.800250][   T54] hid (null): global environment stack underflow
[  226.803002][   T54] hid (null): unknown global tag 0xd
[  226.805721][   T54] hid (null): unknown global tag 0xc
[  226.808136][   T54] hid (null): invalid report_count -273137779
[  226.810778][   T54] hid (null): unknown global tag 0xe
[  226.813126][   T54] hid (null): report_id 189563588 is invalid
[  226.816357][   T54] hid (null): unknown global tag 0xc
[  226.818769][   T54] hid (null): global environment stack underflow
[  226.821363][   T54] hid (null): unknown global tag 0xdd
[  226.823663][   T54] hid (null): invalid report_count -363621176
[  226.825981][   T54] hid (null): invalid report_count 55639
[  226.827821][   T54] hid (null): report_id 2321956724 is invalid
[  226.829909][   T54] hid (null): invalid report_count 218676665
[  226.831878][   T54] hid (null): unknown global tag 0xe
[  226.833664][   T54] hid (null): unknown global tag 0xc
[  226.835691][   T54] hid (null): unknown global tag 0xd
[  226.837462][   T54] hid (null): unknown global tag 0xe
[  226.846101][   T54] hid-generic 0004:092B:0FFF.0003: unknown main item tag 0x2
[  226.848622][   T54] hid-generic 0004:092B:0FFF.0003: unknown main item tag 0x7
[  226.850965][   T54] hid-generic 0004:092B:0FFF.0003: unknown main item tag 0x5
[  226.854217][   T54] hid-generic 0004:092B:0FFF.0003: unexpected long global item
[  226.857098][   T54] hid-generic 0004:092B:0FFF.0003: probe with driver hid-generic failed with error -22
[  226.898880][T15042] netlink: 'syz.0.3143': attribute type 10 has an invalid length.
[  227.165266][   T61] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  227.282265][T15049] net_ratelimit: 214 callbacks suppressed
[  227.282276][T15049] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  227.316832][   T61] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  227.320818][   T61] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  227.339702][   T61] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  227.342776][   T61] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  227.348935][   T61] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  227.352956][   T61] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  227.355690][   T61] usb 5-1: Manufacturer: syz
[  227.364183][   T61] usb 5-1: config 0 descriptor??
[  227.486134][T15060] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3150'.
[  227.601270][T15063] netlink: del zone limit has 4 unknown bytes
[  227.628309][   T61] rc_core: IR keymap rc-hauppauge not found
[  227.630939][   T61] Registered IR keymap rc-empty
[  227.633168][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.655009][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.665029][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  227.667438][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  227.683607][   T61] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  227.698842][   T61] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input37
[  227.707338][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.738119][T15070] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3154'.
[  227.738395][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.752832][T15068] netlink: set zone limit has 4 unknown bytes
[  227.756073][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.785192][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.815006][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.845234][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.865165][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.885110][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.905272][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.925130][   T61] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  227.943095][   T40] audit: type=1400 audit(1748996846.701:1093): avc:  denied  { mount } for  pid=15082 comm="syz.6.3160" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  227.948590][   T61] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  227.965824][   T61] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  227.969588][   T61] usb 5-1: USB disconnect, device number 38
[  227.971404][T15087] netlink: 13 bytes leftover after parsing attributes in process `syz.6.3162'.
[  228.027310][T15092] netlink: 14212 bytes leftover after parsing attributes in process `syz.3.3164'.
[  228.047983][T15094] netlink: zone id is out of range
[  228.049671][T15094] netlink: zone id is out of range
[  228.051283][T15094] netlink: zone id is out of range
[  228.052897][T15094] netlink: zone id is out of range
[  228.054553][T15094] netlink: zone id is out of range
[  228.057994][T15094] netlink: zone id is out of range
[  228.059648][T15094] netlink: zone id is out of range
[  228.137728][T15098] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  228.144497][T15104] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3169'.
[  228.145959][T15098] CIFS mount error: No usable UNC path provided in device string!
[  228.145959][T15098] 
[  228.151914][T15098] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  228.161787][T15098] SELinux:  policydb string length 58120 does not match expected length 8
[  228.164573][T15098] SELinux: failed to load policy
[  228.258576][T15111] netlink: 'syz.3.3172': attribute type 10 has an invalid length.
[  228.317612][   T40] audit: type=1400 audit(1748996847.081:1094): avc:  denied  { accept } for  pid=15107 comm="syz.6.3171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  228.349883][T15122] FAULT_INJECTION: forcing a failure.
[  228.349883][T15122] name failslab, interval 1, probability 0, space 0, times 0
[  228.353756][T15122] CPU: 3 UID: 0 PID: 15122 Comm: syz.0.3176 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  228.353772][T15122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  228.353779][T15122] Call Trace:
[  228.353783][T15122]  <TASK>
[  228.353788][T15122]  dump_stack_lvl+0x16c/0x1f0
[  228.353835][T15122]  should_fail_ex+0x512/0x640
[  228.353852][T15122]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  228.353870][T15122]  should_failslab+0xc2/0x120
[  228.353886][T15122]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  228.353900][T15122]  ? __alloc_skb+0x2b2/0x380
[  228.353918][T15122]  __alloc_skb+0x2b2/0x380
[  228.353933][T15122]  ? __pfx___alloc_skb+0x10/0x10
[  228.353947][T15122]  ? find_held_lock+0x2b/0x80
[  228.353965][T15122]  alloc_skb_with_frags+0xe0/0x860
[  228.353980][T15122]  sock_alloc_send_pskb+0x7fb/0x990
[  228.353996][T15122]  ? avc_has_perm+0x11a/0x1c0
[  228.354010][T15122]  ? __pfx_avc_has_perm+0x10/0x10
[  228.354024][T15122]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  228.354038][T15122]  ? avc_has_perm_noaudit+0x149/0x3b0
[  228.354053][T15122]  ? sock_has_perm+0x259/0x2f0
[  228.354068][T15122]  ? __pfx_sock_has_perm+0x10/0x10
[  228.354085][T15122]  hci_sock_sendmsg+0x1c7/0x25f0
[  228.354099][T15122]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  228.354113][T15122]  sock_write_iter+0x4fc/0x5b0
[  228.354126][T15122]  ? __pfx_sock_write_iter+0x10/0x10
[  228.354143][T15122]  ? bpf_lsm_file_permission+0x9/0x10
[  228.354154][T15122]  ? security_file_permission+0x71/0x210
[  228.354166][T15122]  ? rw_verify_area+0xcf/0x680
[  228.354179][T15122]  vfs_write+0x6c4/0x1150
[  228.354193][T15122]  ? __pfx_sock_write_iter+0x10/0x10
[  228.354207][T15122]  ? __pfx_vfs_write+0x10/0x10
[  228.354219][T15122]  ? find_held_lock+0x2b/0x80
[  228.354240][T15122]  ksys_write+0x1f8/0x250
[  228.354254][T15122]  ? __pfx_ksys_write+0x10/0x10
[  228.354271][T15122]  do_syscall_64+0xcd/0x4c0
[  228.354282][T15122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.354293][T15122] RIP: 0033:0x7f6eaab8e969
[  228.354305][T15122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.354315][T15122] RSP: 002b:00007f6eab9c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  228.354326][T15122] RAX: ffffffffffffffda RBX: 00007f6eaadb5fa0 RCX: 00007f6eaab8e969
[  228.354333][T15122] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000004
[  228.354339][T15122] RBP: 00007f6eab9c1090 R08: 0000000000000000 R09: 0000000000000000
[  228.354344][T15122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.354351][T15122] R13: 0000000000000000 R14: 00007f6eaadb5fa0 R15: 00007ffeb28b8e38
[  228.354364][T15122]  </TASK>
[  228.444292][T15126] team0: No ports can be present during mode change
[  228.474409][T15131] nbd: nbd0 already in use
[  228.544209][T15135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3181'.
[  228.593714][T15125] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3171'.
[  228.596794][T15125] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  228.884397][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  228.886476][T15148] Bluetooth: hci0: Frame reassembly failed (-84)
[  229.463490][T15172] netlink: 13 bytes leftover after parsing attributes in process `syz.6.3195'.
[  229.675462][T15183] 9pnet_fd: Insufficient options for proto=fd
[  229.700163][T15185] netlink: 14212 bytes leftover after parsing attributes in process `syz.6.3200'.
[  230.548049][T15195] netlink: 'syz.5.3204': attribute type 10 has an invalid length.
[  230.938019][T15206] 9pnet_fd: Insufficient options for proto=fd
[  230.945041][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  230.947192][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  231.149363][T15228] 9pnet_fd: Insufficient options for proto=fd
[  231.192562][T15232] exFAT-fs (nullb0): invalid boot record signature
[  231.194661][T15232] exFAT-fs (nullb0): failed to read boot sector
[  231.197750][T15232] exFAT-fs (nullb0): failed to recognize exfat type
[  231.203012][T15232] netlink: 'syz.5.3221': attribute type 2 has an invalid length.
[  231.374479][T15246] block device autoloading is deprecated and will be removed.
[  231.382911][   T40] audit: type=1400 audit(1748996850.141:1095): avc:  denied  { ioctl } for  pid=15242 comm="syz.0.3224" path="/294/file0/file0" dev="fuse" ino=64 ioctlcmd=0x932 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  231.390593][T15243] md: md2 stopped.
[  231.674980][ T6001] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  231.756416][T15265] netlink: 'syz.5.3233': attribute type 10 has an invalid length.
[  231.834356][   T40] audit: type=1400 audit(1748996850.591:1096): avc:  denied  { setattr } for  pid=15270 comm="syz.5.3236" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  231.857032][ T6001] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  231.862614][ T6001] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  231.867200][ T6001] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  231.869975][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.875537][T15252] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  231.878120][T15275] FAULT_INJECTION: forcing a failure.
[  231.878120][T15275] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.881515][ T6001] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  231.883609][T15277] __nla_validate_parse: 7 callbacks suppressed
[  231.883618][T15277] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3239'.
[  231.891833][T15275] CPU: 1 UID: 0 PID: 15275 Comm: syz.5.3238 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  231.891849][T15275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  231.891856][T15275] Call Trace:
[  231.891860][T15275]  <TASK>
[  231.891864][T15275]  dump_stack_lvl+0x16c/0x1f0
[  231.891899][T15275]  should_fail_ex+0x512/0x640
[  231.891917][T15275]  _copy_from_iter+0x29f/0x16f0
[  231.891929][T15275]  ? __pfx_avc_has_perm+0x10/0x10
[  231.891945][T15275]  ? __pfx__copy_from_iter+0x10/0x10
[  231.891956][T15275]  ? avc_has_perm_noaudit+0x149/0x3b0
[  231.891971][T15275]  ? sock_has_perm+0x259/0x2f0
[  231.891986][T15275]  ? __pfx_sock_has_perm+0x10/0x10
[  231.892003][T15275]  hci_sock_sendmsg+0x46d/0x25f0
[  231.892016][T15275]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  231.892030][T15275]  sock_write_iter+0x4fc/0x5b0
[  231.892044][T15275]  ? __pfx_sock_write_iter+0x10/0x10
[  231.892061][T15275]  ? bpf_lsm_file_permission+0x9/0x10
[  231.892091][T15275]  ? security_file_permission+0x71/0x210
[  231.892121][T15275]  ? rw_verify_area+0xcf/0x680
[  231.892136][T15275]  vfs_write+0x6c4/0x1150
[  231.892150][T15275]  ? __pfx_sock_write_iter+0x10/0x10
[  231.892164][T15275]  ? __pfx_vfs_write+0x10/0x10
[  231.892176][T15275]  ? find_held_lock+0x2b/0x80
[  231.892198][T15275]  ksys_write+0x1f8/0x250
[  231.892212][T15275]  ? __pfx_ksys_write+0x10/0x10
[  231.892230][T15275]  do_syscall_64+0xcd/0x4c0
[  231.892240][T15275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.892251][T15275] RIP: 0033:0x7f13f978e969
[  231.892261][T15275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.892271][T15275] RSP: 002b:00007f13fa66c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  231.892282][T15275] RAX: ffffffffffffffda RBX: 00007f13f99b5fa0 RCX: 00007f13f978e969
[  231.892288][T15275] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000004
[  231.892294][T15275] RBP: 00007f13fa66c090 R08: 0000000000000000 R09: 0000000000000000
[  231.892300][T15275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.892306][T15275] R13: 0000000000000000 R14: 00007f13f99b5fa0 R15: 00007ffe8c571608
[  231.892320][T15275]  </TASK>
[  231.935106][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  232.000791][T15281] binder: 15280:15281 ioctl c0306201 2000000003c0 returned -14
[  232.016207][T15281] syz.5.3241 (15281): drop_caches: 2
[  232.080194][   T54] usb 5-1: USB disconnect, device number 39
[  232.851534][T15291] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3245'.
[  233.108524][T15297] net_ratelimit: 95 callbacks suppressed
[  233.108538][T15297] netlink: set zone limit has 4 unknown bytes
[  233.204404][   T40] audit: type=1400 audit(1748996851.961:1097): avc:  denied  { getopt } for  pid=15303 comm="syz.5.3251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  233.204682][T15304] netlink: 'syz.5.3251': attribute type 5 has an invalid length.
[  233.342946][T15310] netlink: 13 bytes leftover after parsing attributes in process `syz.5.3254'.
[  233.489270][T15316] netlink: 14504 bytes leftover after parsing attributes in process `syz.5.3258'.
[  233.547594][T15321] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3259'.
[  233.548333][T15319] netlink: 14212 bytes leftover after parsing attributes in process `syz.0.3257'.
[  233.574600][T15323] netlink: 'syz.5.3260': attribute type 10 has an invalid length.
[  233.646416][T15325] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3261'.
[  233.651607][   T40] audit: type=1400 audit(1748996852.411:1098): avc:  denied  { write } for  pid=15324 comm="syz.0.3261" lport=34258 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  233.658911][   T40] audit: type=1400 audit(1748996852.411:1099): avc:  denied  { setopt } for  pid=15324 comm="syz.0.3261" lport=34258 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  233.665072][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  233.771467][T15333] 9pnet_fd: Insufficient options for proto=fd
[  233.925264][T15337] netlink: 9896 bytes leftover after parsing attributes in process `syz.0.3266'.
[  233.985048][ T5938] Bluetooth: hci0: command 0x1003 tx timeout
[  233.987982][ T5939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  234.052880][ T5979] usb 10-1: new full-speed USB device number 31 using dummy_hcd
[  234.205047][   T54] usb 11-1: new full-speed USB device number 21 using dummy_hcd
[  234.207342][ T5979] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  234.210477][ T5979] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  234.214158][ T5979] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  234.217505][ T5979] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  234.222074][ T5979] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  234.224826][ T5979] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  234.227429][ T5979] usb 10-1: Manufacturer: syz
[  234.230453][ T5979] usb 10-1: config 0 descriptor??
[  234.356210][   T54] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  234.359389][   T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  234.362791][   T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  234.366343][   T54] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  234.371301][   T54] usb 11-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  234.374593][   T54] usb 11-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  234.377223][   T54] usb 11-1: Manufacturer: syz
[  234.382145][   T54] usb 11-1: config 0 descriptor??
[  234.484945][ T5979] rc_core: IR keymap rc-hauppauge not found
[  234.486833][ T5979] Registered IR keymap rc-empty
[  234.491567][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.505252][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.525870][ T5979] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  234.530252][ T5979] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input38
[  234.537708][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.556435][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.575188][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.605098][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.627152][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.635038][   T54] rc_core: IR keymap rc-hauppauge not found
[  234.636908][   T54] Registered IR keymap rc-empty
[  234.642100][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.647376][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.655070][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.665217][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.675398][   T54] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc1
[  234.680035][   T54] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc1/input39
[  234.685798][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.687755][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.706752][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.706872][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.725029][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.725115][ T5979] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  234.745057][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.747587][ T5979] mceusb 10-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  234.750360][ T5979] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  234.756439][ T5979] usb 10-1: USB disconnect, device number 31
[  234.776325][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.786213][T15339] FAULT_INJECTION: forcing a failure.
[  234.786213][T15339] name failslab, interval 1, probability 0, space 0, times 0
[  234.789965][T15339] CPU: 1 UID: 0 PID: 15339 Comm: syz.6.3267 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  234.789980][T15339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.789987][T15339] Call Trace:
[  234.789992][T15339]  <TASK>
[  234.789996][T15339]  dump_stack_lvl+0x16c/0x1f0
[  234.790015][T15339]  should_fail_ex+0x512/0x640
[  234.790026][T15339]  ? fs_reclaim_acquire+0xae/0x150
[  234.790039][T15339]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  234.790051][T15339]  should_failslab+0xc2/0x120
[  234.790067][T15339]  __kmalloc_noprof+0xd2/0x510
[  234.790084][T15339]  tomoyo_realpath_from_path+0xc2/0x6e0
[  234.790097][T15339]  ? tomoyo_profile+0x47/0x60
[  234.790111][T15339]  tomoyo_path_number_perm+0x245/0x580
[  234.790127][T15339]  ? tomoyo_path_number_perm+0x237/0x580
[  234.790144][T15339]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  234.790161][T15339]  ? find_held_lock+0x2b/0x80
[  234.790186][T15339]  ? find_held_lock+0x2b/0x80
[  234.790198][T15339]  ? hook_file_ioctl_common+0x145/0x410
[  234.790214][T15339]  ? __fget_files+0x20e/0x3c0
[  234.790232][T15339]  security_file_ioctl+0x9b/0x240
[  234.790244][T15339]  __x64_sys_ioctl+0xb7/0x210
[  234.790258][T15339]  do_syscall_64+0xcd/0x4c0
[  234.790269][T15339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.790280][T15339] RIP: 0033:0x7f796578e969
[  234.790293][T15339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.790304][T15339] RSP: 002b:00007f796651a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  234.790315][T15339] RAX: ffffffffffffffda RBX: 00007f79659b5fa0 RCX: 00007f796578e969
[  234.790322][T15339] RDX: 0000200000000380 RSI: 0000000040084504 RDI: 0000000000000004
[  234.790328][T15339] RBP: 00007f796651a090 R08: 0000000000000000 R09: 0000000000000000
[  234.790334][T15339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.790340][T15339] R13: 0000000000000000 R14: 00007f79659b5fa0 R15: 00007ffdcd116658
[  234.790354][T15339]  </TASK>
[  234.790358][T15339] ERROR: Out of memory at tomoyo_realpath_from_path.
[  234.804953][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.876348][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.895182][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.915863][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.934093][T15351] FAULT_INJECTION: forcing a failure.
[  234.934093][T15351] name failslab, interval 1, probability 0, space 0, times 0
[  234.939392][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  234.942174][T15351] CPU: 2 UID: 0 PID: 15351 Comm: syz.0.3271 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  234.942195][T15351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.942206][T15351] Call Trace:
[  234.942212][T15351]  <TASK>
[  234.942219][T15351]  dump_stack_lvl+0x16c/0x1f0
[  234.942248][T15351]  should_fail_ex+0x512/0x640
[  234.942265][T15351]  ? trace_contention_end+0xdd/0x130
[  234.942283][T15351]  should_failslab+0xc2/0x120
[  234.942307][T15351]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  234.942327][T15351]  ? hci_sock_sendmsg+0xde2/0x25f0
[  234.942343][T15351]  ? __alloc_skb+0x2b2/0x380
[  234.942366][T15351]  ? __pfx___mutex_lock+0x10/0x10
[  234.942383][T15351]  __alloc_skb+0x2b2/0x380
[  234.942406][T15351]  ? __pfx___alloc_skb+0x10/0x10
[  234.942437][T15351]  hci_sock_sendmsg+0x1a6f/0x25f0
[  234.942458][T15351]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  234.942481][T15351]  sock_write_iter+0x4fc/0x5b0
[  234.942501][T15351]  ? __pfx_sock_write_iter+0x10/0x10
[  234.942529][T15351]  ? bpf_lsm_file_permission+0x9/0x10
[  234.942543][T15351]  ? security_file_permission+0x71/0x210
[  234.942569][T15351]  ? rw_verify_area+0xcf/0x680
[  234.942589][T15351]  vfs_write+0x6c4/0x1150
[  234.942610][T15351]  ? __pfx_sock_write_iter+0x10/0x10
[  234.942631][T15351]  ? __pfx_vfs_write+0x10/0x10
[  234.942650][T15351]  ? find_held_lock+0x2b/0x80
[  234.942685][T15351]  ksys_write+0x1f8/0x250
[  234.942705][T15351]  ? __pfx_ksys_write+0x10/0x10
[  234.942733][T15351]  do_syscall_64+0xcd/0x4c0
[  234.942750][T15351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.942767][T15351] RIP: 0033:0x7f6eaab8e969
[  234.942780][T15351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.942796][T15351] RSP: 002b:00007f6eab9c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  234.942812][T15351] RAX: ffffffffffffffda RBX: 00007f6eaadb5fa0 RCX: 00007f6eaab8e969
[  234.942822][T15351] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000004
[  234.942832][T15351] RBP: 00007f6eab9c1090 R08: 0000000000000000 R09: 0000000000000000
[  234.942842][T15351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.942851][T15351] R13: 0000000000000000 R14: 00007f6eaadb5fa0 R15: 00007ffeb28b8e38
[  234.942874][T15351]  </TASK>
[  235.022797][    C2] vkms_vblank_simulate: vblank timer overrun
[  235.027369][   T54] mceusb 11-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  235.030524][   T54] mceusb 11-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  235.037664][   T54] usb 11-1: USB disconnect, device number 21
[  235.067797][T15353] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  235.195300][T15357] 9pnet_fd: Insufficient options for proto=fd
[  235.233160][T15361] netlink: del zone limit has 4 unknown bytes
[  235.263657][T15365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3278'.
[  235.326089][T15369] netlink: zone id is out of range
[  235.327088][  T214] nci: nci_rsp_packet: unknown rsp opcode 0x116
[  235.327772][T15369] netlink: zone id is out of range
[  235.327779][T15369] netlink: zone id is out of range
[  235.327784][T15369] netlink: zone id is out of range
[  235.327789][T15369] netlink: zone id is out of range
[  235.327793][T15369] netlink: zone id is out of range
[  235.327798][T15369] netlink: zone id is out of range
[  235.351899][T15373] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3279'.
[  235.570808][T15383] 9pnet_fd: Insufficient options for proto=fd
[  235.660758][T15387] 9p: Unknown access argument 18446744073709551615: -34
[  236.376583][T15421] netlink: 'syz.0.3297': attribute type 10 has an invalid length.
[  236.540612][T15428] tmpfs: Unknown parameter 'usrquotafile0'
[  236.612125][T15434] ntfs3(sr0): try to read out of volume at offset 0x0
[  236.957034][   T54] usb 11-1: new full-speed USB device number 22 using dummy_hcd
[  237.112460][T15444] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  237.115163][T15444] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  237.118963][T15444] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  237.122026][   T54] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  237.126255][   T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  237.129642][   T54] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  237.132642][   T54] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  237.136682][T15444] overlayfs: failed to resolve './file2': -2
[  237.139408][   T54] usb 11-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  237.142355][   T54] usb 11-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  237.146560][   T54] usb 11-1: Manufacturer: syz
[  237.150956][   T54] usb 11-1: config 0 descriptor??
[  237.153327][T15444] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  237.166105][T15444] IPVS: set_ctl: invalid protocol: 46 47.118.105.100:25967
[  237.169269][T15444] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  237.364776][T15457] __nla_validate_parse: 4 callbacks suppressed
[  237.364787][T15457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3311'.
[  237.395100][   T54] rc_core: IR keymap rc-hauppauge not found
[  237.400152][   T54] Registered IR keymap rc-empty
[  237.402127][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.412989][T15462] netlink: 9896 bytes leftover after parsing attributes in process `syz.5.3314'.
[  237.444953][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.476930][   T54] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0
[  237.485189][   T54] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0/input40
[  237.490569][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.505030][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.525229][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.559242][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.574936][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.594987][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.614957][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.635163][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.647443][T15478] x_tables: ip6_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT
[  237.655119][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.675598][   T54] mceusb 11-1:0.0: Error: mce write submit urb error = -90
[  237.699673][T15482] netlink: 'syz.5.3323': attribute type 15 has an invalid length.
[  237.705762][   T54] mceusb 11-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  237.709377][   T54] mceusb 11-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  237.723546][   T54] usb 11-1: USB disconnect, device number 22
[  237.792680][T15486] netlink: 9896 bytes leftover after parsing attributes in process `syz.0.3325'.
[  237.824263][T15490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3327'.
[  237.840544][T15492] netlink: 14212 bytes leftover after parsing attributes in process `syz.5.3328'.
[  237.889885][T15496] netlink: 'syz.5.3330': attribute type 10 has an invalid length.
[  237.985518][   T40] audit: type=1400 audit(1748996856.751:1100): avc:  denied  { ioctl } for  pid=15501 comm="syz.5.3333" path="socket:[63949]" dev="sockfs" ino=63949 ioctlcmd=0x9413 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  238.154194][T15510] netlink: 9896 bytes leftover after parsing attributes in process `syz.6.3337'.
[  238.196029][T15512] net_ratelimit: 6 callbacks suppressed
[  238.196041][T15512] netlink: del zone limit has 4 unknown bytes
[  238.274920][   T54] usb 10-1: new full-speed USB device number 32 using dummy_hcd
[  238.426887][   T54] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  238.430453][   T54] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  238.434041][   T54] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  238.437630][   T54] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  238.443057][   T54] usb 10-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  238.446791][   T54] usb 10-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  238.449769][   T54] usb 10-1: Manufacturer: syz
[  238.456597][   T54] usb 10-1: config 0 descriptor??
[  238.714933][   T54] rc_core: IR keymap rc-hauppauge not found
[  238.716845][   T54] Registered IR keymap rc-empty
[  238.718590][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  238.734948][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  238.755452][   T54] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  238.760222][   T54] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input41
[  238.765355][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  238.767460][    C3] 
[  238.768333][    C3] =============================
[  238.769775][    C3] [ BUG: Invalid wait context ]
[  238.771232][    C3] 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 Not tainted
[  238.773463][    C3] -----------------------------
[  238.776034][    C3] swapper/3/0 is trying to lock:
[  238.777622][    C3] ffffc90003606410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x254/0xeb0
[  238.780455][    C3] other info that might help us debug this:
[  238.782238][    C3] context-{2:2}
[  238.783317][    C3] 1 lock held by swapper/3/0:
[  238.784798][    C3]  #0: ffffc90003606960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x23a/0xeb0
[  238.786129][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  238.787773][    C3] stack backtrace:
[  238.787782][    C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) 
[  238.787795][    C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  238.787801][    C3] Call Trace:
[  238.787805][    C3]  <IRQ>
[  238.787810][    C3]  dump_stack_lvl+0x116/0x1f0
[  238.787834][    C3]  __lock_acquire+0xa12/0x1c90
[  238.787849][    C3]  ? __lock_acquire+0xb8a/0x1c90
[  238.787865][    C3]  lock_acquire+0x179/0x350
[  238.787880][    C3]  ? kvm_xen_set_evtchn_fast+0x254/0xeb0
[  238.787895][    C3]  _raw_read_lock_irqsave+0x46/0x90
[  238.787910][    C3]  ? kvm_xen_set_evtchn_fast+0x254/0xeb0
[  238.787922][    C3]  kvm_xen_set_evtchn_fast+0x254/0xeb0
[  238.787935][    C3]  ? kvm_xen_set_evtchn_fast+0x23a/0xeb0
[  238.787948][    C3]  ? __pfx_kvm_xen_set_evtchn_fast+0x10/0x10
[  238.787961][    C3]  ? do_raw_spin_unlock+0x172/0x230
[  238.787972][    C3]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  238.787986][    C3]  ? debug_object_deactivate+0x1ec/0x3a0
[  238.788006][    C3]  ? __pfx_xen_timer_callback+0x10/0x10
[  238.788019][    C3]  xen_timer_callback+0x1db/0x2a0
[  238.788031][    C3]  ? __pfx_xen_timer_callback+0x10/0x10
[  238.788060][    C3]  ? do_raw_spin_unlock+0x172/0x230
[  238.788071][    C3]  __hrtimer_run_queues+0x5ed/0xad0
[  238.788085][    C3]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  238.788096][    C3]  ? read_tsc+0x9/0x20
[  238.788108][    C3]  hrtimer_interrupt+0x397/0x8e0
[  238.788122][    C3]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[  238.788138][    C3]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  238.788152][    C3]  </IRQ>
[  238.788156][    C3]  <TASK>
[  238.788159][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  238.788170][    C3] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  238.788185][    C3] Code: 7b 74 02 e9 03 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 23 90 2c 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  238.788196][    C3] RSP: 0018:ffffc90000197df8 EFLAGS: 00000286
[  238.788205][    C3] RAX: 0000000000264fa5 RBX: 0000000000000003 RCX: ffffffff8b7d7c99
[  238.788211][    C3] RDX: 0000000000000000 RSI: ffffffff8de10e5b RDI: ffffffff8c154960
[  238.788217][    C3] RBP: ffffed1003c54000 R08: 0000000000000001 R09: ffffed100d4e6645
[  238.788223][    C3] R10: ffff88806a73322b R11: 0000000000000001 R12: 0000000000000003
[  238.788229][    C3] R13: ffff88801e2a0000 R14: ffffffff90a7bb50 R15: 0000000000000000
[  238.788241][    C3]  ? ct_kernel_exit+0x139/0x190
[  238.788257][    C3]  default_idle+0x13/0x20
[  238.788266][    C3]  default_idle_call+0x6d/0xb0
[  238.788276][    C3]  do_idle+0x391/0x510
[  238.788288][    C3]  ? __pfx_do_idle+0x10/0x10
[  238.788299][    C3]  ? trace_sched_exit_tp+0x31/0x130
[  238.788316][    C3]  cpu_startup_entry+0x4f/0x60
[  238.788328][    C3]  start_secondary+0x21d/0x2b0
[  238.788340][    C3]  ? __pfx_start_secondary+0x10/0x10
[  238.788354][    C3]  common_startup_64+0x13e/0x148
[  238.788365][    C3]  </TASK>
[  238.904969][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  238.935728][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  238.955376][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  238.986951][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  239.015770][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  239.034927][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  239.054995][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  239.075753][   T54] mceusb 10-1:0.0: Error: mce write submit urb error = -90
[  239.109817][   T54] mceusb 10-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  239.112607][   T54] mceusb 10-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  239.504944][ T5939] Bluetooth: hci1: command tx timeout
[  241.058498][ T6001] usb 10-1: USB disconnect, device number 32

VM DIAGNOSIS:
00:27:37  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080000300 RBX=0000000000000002 RCX=ffffffff89582aa0 RDX=ffff88801daf4880
RSI=000000000000a888 RDI=0000000000000003 RBP=ffffffff8ce28b60 RSP=ffffc90000126c78
R8 =0000000000000003 R9 =000000000000a888 R10=0000000000000008 R11=0000000000000000
R12=0000000000000008 R13=0000000000000003 R14=0000000000000002 R15=0000000000000000
RIP=ffffffff81bc1012 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6765000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f6eaadb7bac CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000007 DR1=000000000000000b DR2=0000000000000002 DR3=0000000000000009 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9a27b8156625b6b2 3fde0c06c29db787
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e1a2f61a56d2f34 6199649da7b4243d
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 75c4e7c5aaf13e15 48c869125c7c33c7
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 91981bbff2f2033e 6a5466057a898935
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 0000000000000060
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000020
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f768f62734ee0cf7 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1f9107d200000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1d2796c3578320df 964bbb627cc585a3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000589505b4
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3ee8bd1e04bc8b11 fdd38461312a9144
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 aaf184e185d7da2c ccbc984ff33dd3b5
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6eaad83488 00007f6eaad83480 00007f6eaad83478 00007f6eaad83450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6eab8ed100 00007f6eaad83440 00007f6eaad83458 00007f6eaad834a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6eaad83498 00007f6eaad83490 00007f6eaad83488 00007f6eaad83480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000d0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000019652c RBX=0000000000000001 RCX=ffffffff8b7d7c99 RDX=ffffed100d4a6646
RSI=ffffffff8c1548e0 RDI=ffffffff8191fd51 RBP=ffffed1003bd1488 RSP=ffffc90000177df8
R8 =0000000000000000 R9 =ffffed100d4a6645 R10=ffff88806a53322b R11=0000000000000000
R12=0000000000000001 R13=ffff88801de8a440 R14=ffffffff90a7bb50 R15=0000000000000000
RIP=ffffffff8b7d67ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6865000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b3241fffc CR3=000000003b728000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000
Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000003000000012 0004000000080024 0000000000280034
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000d14 0000001400000000 0000000000000000 0000000000000014
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c69662f2e01ffff ffffffffffffef08 0580032600000d3b 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7375632f7665642f 01ffffffffffffff ffeb081580030010 0000000000080604
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 016ee20002000716 1000000000000806 04016eea00020007 0ffe808004408010
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0002808010000010 0008006f8e00041c 1000040168c20002 0007001000100302
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 80100000031c8040 808080880004bffe 1000058004060140 9200020007003065
ZMM24=f6f51339f6f51339 f6f51339f6f51339 f6f51339f6f51339 f6f51339f6f51339 f6f51339f6f51339 f6f51339f6f51339 f6f51339f6f51339 f6f51339f6f51339
ZMM25=df0ed99ddf0ed99d df0ed99ddf0ed99d df0ed99ddf0ed99d df0ed99ddf0ed99d df0ed99ddf0ed99d df0ed99ddf0ed99d df0ed99ddf0ed99d df0ed99ddf0ed99d
ZMM26=2cae501a2cae501a 2cae501a2cae501a 2cae501a2cae501a 2cae501a2cae501a 2cae501a2cae501a 2cae501a2cae501a 2cae501a2cae501a 2cae501a2cae501a
ZMM27=7e4c0a587e4c0a58 7e4c0a587e4c0a58 7e4c0a587e4c0a58 7e4c0a587e4c0a58 7e4c0a587e4c0a58 7e4c0a587e4c0a58 7e4c0a587e4c0a58 7e4c0a587e4c0a58
ZMM28=000000400000003f 0000003e0000003d 0000003c0000003b 0000003a00000039 0000003800000037 0000003600000035 0000003400000033 0000003200000031
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=6d0f00006d0f0000 6d0f00006d0f0000 6d0f00006d0f0000 6d0f00006d0f0000 6d0f00006d0f0000 6d0f00006d0f0000 6d0f00006d0f0000 6d0f00006d0f0000
info registers vcpu 2

CPU#2
RAX=0000000000000007 RBX=0000000000003535 RCX=ffffffff8b79a22c RDX=ffffc900034af820
RSI=ffffffff8b79a23a RDI=ffffffff8d13b00e RBP=ffffc900034af820 RSP=ffffc900034af760
R8 =0000000000000005 R9 =0000000000000063 R10=00000000000badab R11=0000000000000000
R12=0000000000001de5 R13=00000000000badab R14=ffffc900834afb8a R15=ffffc900034af820
RIP=ffffffff8b79a295 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fba91e81c80 ffffffff 00c00000
GS =0000 ffff8880d6965000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c345fbf CR3=00000000241e8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000014 000000000001df8a
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555874b4448 00005555874b3910
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555874baa3b 00005555874b9d00
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0cb0030aae08000c a0030408000c9803 08808008000c9003 07b5c408000c8803
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0172ec0000000000 0000000000000001 ffffffffffffffff e7080cb803010800
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9003001000078003 0fffffffffffff04 0fffffffffffff04 0c80047b90080008
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007e00300100007 d00300100007c003 05100007b0030610 0007a00300100007
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010fffffffffffff 040fffffffffffff 040b80040fffffff ffffff0407800401
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8010000c014eaa00 10000bf0030fffff fffe10000be00300 10000bd003001000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0bc0031210000bb0 030010000ba00300 10000b90030ffe10 000b800300100007
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f00300100007e003 00100007d0030010 0007c00305100007 b00306100007a003
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000000000d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85598b15 RDI=ffffffff9b077320 RBP=ffffffff9b0772e0 RSP=ffffc900006f86a0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000000d R14=ffffffff9b0772e0 R15=ffffffff85598ab0
RIP=ffffffff85598b3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6a65000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f67e06a6e9c CR3=000000004b109000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000004144 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000040000400 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdcd1169e0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7965811a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7965811a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7965811a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7965811aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7965811b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7965811c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000