last executing test programs:

1m11.924346399s ago: executing program 0 (id=1945):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[], 0x0)
pwrite64(r2, 0x0, 0x0, 0x3)

1m8.855589954s ago: executing program 0 (id=1972):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r1, 0x0, 0x0)
r2 = accept(r0, 0x0, 0x0)
sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0)
recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

1m7.985707577s ago: executing program 0 (id=1976):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000002040)="17", 0x1, 0x40804, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@mss={0x2, 0x8}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @timestamp, @mss={0x2, 0x1}, @window={0x3, 0x7, 0xceca}], 0x7)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

1m7.985349409s ago: executing program 0 (id=1977):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_ALL_TARGETS={0x8, 0x1e}]}}}]}, 0x3c}, 0x1, 0x2000000000000000}, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000140), 0x3, 0x40082)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})
modify_ldt$write(0x1, &(0x7f0000000180)={0x1fff, 0x20000000, 0x3000}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f075, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
linkat(r3, &(0x7f0000000380)='./file1\x00', r3, &(0x7f00000003c0)='./bus\x00', 0x400)
rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x2)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000000906010200000c0000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe8000000000000000000000000000bb060004404e1f00000500070088"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000000800000000000000931b4d"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregs(0xd, r6, 0x0, &(0x7f00000003c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b88f8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ptrace$getregset(0x4205, r6, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/120, 0x78})
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000180)=0x10)

1m7.904509318s ago: executing program 0 (id=1979):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, 0x0, 0x0)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = accept(r0, 0x0, 0x0)
sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x454}}, 0x0)

1m7.785377162s ago: executing program 0 (id=1985):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000002040)="17", 0x1, 0x40804, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@mss={0x2, 0x8}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @timestamp, @mss={0x2, 0x1}, @window={0x3, 0x7, 0xceca}], 0x7)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

1m7.72653121s ago: executing program 32 (id=1985):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000002040)="17", 0x1, 0x40804, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@mss={0x2, 0x8}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @timestamp, @mss={0x2, 0x1}, @window={0x3, 0x7, 0xceca}], 0x7)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

44.103520247s ago: executing program 1 (id=2279):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {0x0}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

44.103295582s ago: executing program 1 (id=2280):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085", 0xcb}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

44.072078151s ago: executing program 1 (id=2281):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

43.965417674s ago: executing program 1 (id=2283):
setresuid(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x60001, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r1=>0x0})
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mkdir(0x0, 0x0) (async)
mkdir(0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0xd0, &(0x7f00000000c0)=0x2, 0x4)
mkdir(0x0, 0x0) (async)
mkdir(0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) (async)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, <r3=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f00000002c0)={0x48, 0x7, r3, 0x0, 0x10000, 0x0, 0x4, 0xfffffff5, 0x2d9406}) (async)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f00000002c0)={0x48, 0x7, r3, 0x0, 0x10000, 0x0, 0x4, 0xfffffff5, 0x2d9406})

43.965066573s ago: executing program 1 (id=2284):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000)={0x4f5}, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd604dd30800180601fe8000000000000000000000000000aafe8000000000000000000000000000aa00004001", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0426d106e6"], 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x42082)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r2, 0xc0f85403, &(0x7f0000000040))
close(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e601bae74656e642c6163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000100)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
sendmsg$NFT_BATCH(r4, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000ad4000000140a010100000000000000000300000aa00008009125a61d2f109d57cc16ef1b106b3f9e4f6f7d41bf8aa39d83c2db975dba7f84aecab35c33687780bef05182423e938943f1e69f29d7107e4ba50e69f99aba5305e4af9bc00d44ec09253acb5b629ddefa8ae0d7c701887c763e9c8cf45389e0a659f9a3916f53047b44facf601bb78d200c05c6914b2a21b655c2490678a07c04f4bb08742cd3054bcd75df37510a3aa18c10116644dc8182e854a20c00064000000000000000030900020073797a3100000000080003400000000a1400000011000100ebffffff000000000a00800a"], 0xfc}, 0x1, 0x0, 0x0, 0xc008}, 0x8001)
write$binfmt_elf64(r4, &(0x7f0000000700)=ANY=[@ANYBLOB="7f454c46032400c1028000000000000003003e004143d903e702d8b40000000040000000000000004d020000000000000700ffff000038000100fdff7f00084890736c334a8069532a33487d58b4030000000400000007000000000000000a000000000000000200000000000000060000000000000009000000000000007fffffffffffffffdb55e3354ca6d7b8b0c1f77ca94497b5a753e28d6bb58c01a63177e145b2b9c81845d88d4dc046601caf8c35442cbae017d589821cdb1a7a313c483a5ba0b9ec9aaef738e730d055d344144732771d08f675d1f04db0a822dfde2d23a7f8dc461f8602cc48735730b1d018f9d33fcd845c5a7969fe3edb91be82e53695212723285126d9e42499bafd698d6b000400e21bad51d8f0a403c070a8263eaf57cc261662eccacf965f5ba4aad17bc636d9c2e01d7dde441f3aefb2d4c8a225979479dfbeb0b815b73d74f7849fa271309c4ac5bb988b57cefd331f44848bbf5d6603954449948e1ed3cbfcfea2f110fe176100e1cdb4b8a81d21b9e5a77e5bc0ccb77c704e58096fd6d237ee8daf7583897d8050804d9abcd7a38b924d2266d5479813f5c1c78e219a1b690889f894fa92bb86514069daec6b35c44266d8fe3051feaa012e9771322f3213aeb57e4633b6d4dde62cae851649649b90efd8b7fc5ac019fdb424b122605d5ae8691486253e1f99cd17ae70ee6d1dbb54f4a13750265c3f41cd152f3b5503704c165815d2304e6e15dcc6609b6a8e26ee68c04458c823965b8032abba4d2bb903cd9580fe2beff629ae0b99034b59c3371f572429b897c7"], 0x9a)
close(r4)
read$snddsp(r3, &(0x7f0000000380)=""/110, 0x6e)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
sendto$inet6(r5, &(0x7f0000000180)="c2168c32af8f34607eff2d3120596b4a0aa626a5f42c363ee61be171906543da75e89effcffeb48ef789192cee21509290cc76d8fb3eaf3e5c90f3618b2cbcb512d3a0d3939f9d098c032a83837d21cf946b6fc1de9950bebc59a13f75364dd86244a44606b23ee1a5ff86052f9fdf6526f34e5316bf0f8f1ff9551e00fd046b0ad3b8c4480c731c8cf3d99796004174c3966c314c17665bdd8ea230f56435c0edfe2e4ace9d65b72cf89a7f7b7cf9c3c472dd5abe37c253ef34c7755ff5878756fc3457bcd891a92b", 0xc9, 0x4000800, &(0x7f0000000080)={0xa, 0x4e22, 0x72, @private0, 0x9b74}, 0x1c)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800003fffffffffe, 0xffffffffffffffff})
write$binfmt_script(r7, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0)
preadv(r7, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)

43.865431132s ago: executing program 1 (id=2285):
mkdir(&(0x7f0000001c00)='./file0\x00', 0x20)
r0 = open(&(0x7f0000000300)='.\x00', 0xa000, 0x124)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = fanotify_init(0xf00, 0x0)
r3 = open$dir(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x90000, 0x101)
fanotify_mark(r2, 0x1, 0x5000003a, r3, 0x0)
mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x1a0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
renameat2(r4, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r4, &(0x7f00000002c0)='./file0\x00', 0x2)

28.865120244s ago: executing program 33 (id=2285):
mkdir(&(0x7f0000001c00)='./file0\x00', 0x20)
r0 = open(&(0x7f0000000300)='.\x00', 0xa000, 0x124)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = fanotify_init(0xf00, 0x0)
r3 = open$dir(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x90000, 0x101)
fanotify_mark(r2, 0x1, 0x5000003a, r3, 0x0)
mkdirat(r0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x1a0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
renameat2(r4, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r4, &(0x7f00000002c0)='./file0\x00', 0x2)

21.914942445s ago: executing program 3 (id=2602):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f406", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

21.914765158s ago: executing program 3 (id=2603):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000200000006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1ad}, 0x48)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x12)
move_pages(r1, 0x2, &(0x7f0000000180)=[&(0x7f0000000000/0x3000)=nil, &(0x7f0000ff8000/0x7000)=nil], &(0x7f00000001c0)=[0x6, 0x5, 0x8, 0x1, 0x24f, 0xffff], &(0x7f0000000280)=[0x0, 0x0], 0x6)
r2 = socket$l2tp(0x2, 0x2, 0x73)
sendto$l2tp(r2, &(0x7f0000000100)="bc21ba4477a47040ebc58fa2cd86e922b373391fcc1f8d1cf1db678a3aad629fbec2a3bc249c756804cd91f8291b007e2508a4414f7dbbff1af2f92b39ea6800d960c6ace6493f972c43f725056f55b36a3b1dc0c85bdad3ccc53bb22eb60428", 0x60, 0x84, &(0x7f0000000080)={0x2, 0x0, @multicast2, 0x4}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x8, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r3, r0, 0x26}, 0x10)

21.854517844s ago: executing program 3 (id=2605):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x60, r3, 0xb7a006d1969b963b, 0x1, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x44, 0x33, @probe_request={{{}, {}, @device_a, @device_b}, @val, @val, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x1, 0x95ce, 0x9}}, @val={0x72, 0x6}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8011}, 0x10)
socket$kcm(0x10, 0x2, 0x0)

21.795176012s ago: executing program 3 (id=2607):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040))
sendmmsg$inet6(r0, &(0x7f00000004c0), 0x0, 0x20000040)

21.794845126s ago: executing program 3 (id=2608):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES8, @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, &(0x7f0000000440)="e7305075bdb09d2cc192bd0b050c21bf94fb82224c8ef72503cf374ec8bfd2c013ccda3b5dd6bd52e299983bac235f3aa9333dd4a61b49f43c2153479035116577d3794108f91486a7f8b3366e2ee35a8fb81adc99b75e534e4d3af19f8580cfe36a76bfb9cd1b0febd232eae526c79a730bbb195ad3ab4966839fcb152d45f1e5931813b8634786e946edc60b21ca6c44bf096624ae5ce7dee489529492ab98a0a9073613eaaa6eb3ed0633a4ee54d621bc0b7c2d371e28204c40e112e433421b149c027cb3ac", &(0x7f00000007c0)=""/256}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x58}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000640)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="08002dbd7000fcdbdf2501000000080002000100000008000400e00000010800040000000000080005007f00000108000400ac1e010114000c00fe88000000000000000000000000010114000b00ff01000000000000000000000000000114000c00fe800000000000000006000400000000000000000000000056c975d749cf18617948ceee190289a4abf0fd93e030c30b171ad1496be69340a337164353d7b6d4d6f7fd65b36f948e4bec985bc60ff53b02060c4f6448e3b3a2ebb1a7d9a2de0cf92414a87136e516053946c9adf1ee7773ca2332a6df6b54e0e4c6d1ed8b7eb0a09b2974193d5f55e05098dbd17276c98e035b2395ed1e81ec0ff039c5d598d9d4ed9b4d6ee5eb6056ce9c6ae076d1d0675cd873b5e21ebf9d97ecfc8ff4e3627bf805c44137116fbe98b85d11d3d6bae968e55eddfc0bab7187a724679f7afb6af62da1"], 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x18)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close_range(r2, r2, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r3, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mount(&(0x7f0000000240)=@nullb, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='afs\x00', 0x201010, 0x0)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run\x00', 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x8)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

21.715045533s ago: executing program 3 (id=2609):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.740005736s ago: executing program 4 (id=2760):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be521634", 0xc}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

8.665183192s ago: executing program 4 (id=2761):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$video(0x0, 0xa7, 0x403c0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007ed, &(0x7f0000008400)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000002c00)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000008100)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56561, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8}]}}]}, 0x3c}}, 0x0)
socket$unix(0x1, 0x5, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0xfdef)

8.665005822s ago: executing program 4 (id=2762):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000140)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

8.60508152s ago: executing program 4 (id=2763):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r2}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
chdir(&(0x7f0000000140)='./bus\x00')
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2000, 0x1)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) (async)
munmap(&(0x7f0000ba0000/0x2000)=nil, 0x2000)
syz_clone(0x4200000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=@newlink={0x20, 0x10, 0x503, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}}, 0x20}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
chdir(&(0x7f0000000140)='./bus\x00') (async)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x101902, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70f5497ba2f30929, @value=r3}, 0x28) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0xc0189436, &(0x7f0000000140)) (async)
syz_io_uring_setup(0x1113, &(0x7f0000000280)={0x0, 0xb44a, 0x0, 0x0, 0x21e}, &(0x7f0000000000), &(0x7f0000000040))

8.600238196s ago: executing program 4 (id=2764):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000400)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000640)=ANY=[@ANYBLOB="a800000000000080e8dec85a44e0f01cf138ee1fe6e1a2ac1fd2be1c2d88"], 0xa8)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}})
execve(&(0x7f0000000740)='./file0\x00', 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)
prctl$PR_GET_TSC(0x19, &(0x7f0000000d00))
unshare(0x20020000)
syz_io_uring_setup(0x6d9d, &(0x7f0000000200)={0x0, 0x942e, 0x2}, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r4, 0x10e, 0xc, &(0x7f0000000200)=0x5, 0x4)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001680)={0x14, 0x3a, 0x229, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
read$FUSE(r3, &(0x7f00000016c0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f0000006300)={0x2020, 0x0, <r9=>0x0, <r10=>0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r8, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r8, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3966, 0x3, 0x8000, 0x0, r10, r11, 0xe, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r12 = getegid()
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)={0x160, 0x0, r6, [{{0x0, 0x2, 0x78d, 0x7fff, 0xa, 0x6, {0x3, 0xff, 0xd3, 0x8, 0x289, 0x9, 0x2, 0x7fffffff, 0x5, 0x2000, 0xd329, 0x0, r7, 0xfffffff9, 0x5}}, {0x6, 0x5, 0x9, 0x4, 'trans=fd,'}}, {{0x2, 0x3, 0x4, 0x4, 0x7fff, 0x6, {0x2, 0x8938, 0x9, 0x7, 0x0, 0xe, 0x7fffffff, 0x80000001, 0x7, 0x6000, 0xfd0, r10, r12, 0x4, 0x101}}, {0x0, 0x400, 0x9, 0x3, 'trans=fd,'}}]}, 0x160)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r13, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRESOCT=r13, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

8.352252845s ago: executing program 4 (id=2768):
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[], 0x0)
pwrite64(r1, 0x0, 0x0, 0x3)

8.305775605s ago: executing program 34 (id=2768):
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[], 0x0)
pwrite64(r1, 0x0, 0x0, 0x3)

6.578893362s ago: executing program 35 (id=2609):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.134336664s ago: executing program 6 (id=2839):
syz_open_dev$tty1(0xc, 0x4, 0x2)
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000280)=0x9, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
syz_clone(0x100, 0x0, 0xfffffffffffffc2a, 0x0, 0x0, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x9, 0x0, 0x4})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x0, 0x48000016, r1, 0x0)
readv(r2, &(0x7f0000000180)=[{&(0x7f00000025c0)=""/4096, 0x1000}], 0x1)
socket(0x2b, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newtaction={0x18, 0x30, 0x300, 0x70bd27, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = socket$inet(0x2, 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={r6, 0x0, 0x1, 0x200000, 0x7, [0x0, <r7=>0x0], [0x9, 0x0, 0xc, 0x1], [0x46b6], [0x400004, 0x0, 0x3]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb3})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f00000003c0)={r7, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000200)={r6, 0x0, 0xfffffeff, 0xfffffffe, 0x1, [<r9=>0x0], [0x800, 0x2, 0x20, 0xb86], [0x1, 0x0, 0x0, 0x77], [0x10002, 0xa54, 0xd1, 0x3]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r8})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000040)={r9})
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @dev={0xac, 0x14, 0x14, 0x32}}, 0xc)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc)
r10 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r10, &(0x7f0000001b80)=[{&(0x7f0000000a40)=""/65, 0x41}, {&(0x7f0000000080)=""/101, 0x65}], 0x2, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, &(0x7f0000000700)={{}, 0x1, &(0x7f0000000400)=[0x8000000000000000], 0x10ca6513, 0xe})

1.424103466s ago: executing program 5 (id=2853):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x12)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000010500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540", @ANYRESOCT=r0], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

1.423934147s ago: executing program 5 (id=2854):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.334261608s ago: executing program 5 (id=2855):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000001c0)="c744240077dd0000c74424027fbe0000c7442406000000000f011c24b8010000000f01c1450f01ca470f01f866baf80cb8e4f61882ef66bafc0c66b8795966ef40250000000066b8de000f00d02e0f005ffa0f01c92e640fc71f", 0x5a}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x2, 0x3, 0x8000000000000001, 0x3, 0x4, 0xffffffff7fffffff, 0xfff, 0x3, 0x9b9, 0xfff, 0xe, 0x3, 0x2b5f7546, 0xfffffffffffffc00, 0x400, 0xffff], 0x1000, 0x20106})
io_setup(0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x78, 0x30, 0xb, 0x0, 0xfffffffe, {}, [{0x64, 0x1, [@m_ct={0x60, 0x1, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x1}}, @TCA_CT_MARK={0x8, 0x10, 0xfffffffe}, @TCA_CT_LABELS={0x14, 0x7, "e3ccd1c5b8fbe60833617f2f4a63b45b"}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x10000000)
syz_init_net_socket$bt_rfcomm(0x1f, 0x0, 0x3)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008010}, 0x8042)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=@mpls_getroute={0xb4, 0x1a, 0x800, 0x70bd2a, 0x25dfdbfd, {0x1c, 0x80, 0x20, 0x7f, 0xfe, 0x4, 0xfd, 0x4, 0x1000}, [@RTA_VIA={0x14, 0x12, {0x10, "523a4f0b4bc4bc2c61eb2385d00f"}}, @RTA_NEWDST={0x84, 0x13, [{0x2, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x100}, {0x4}, {0x0, 0x0, 0x1}, {0x1}, {0xb5c3, 0x0, 0x1}, {0xbbd, 0x0, 0x1}, {0x5e9, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x8ef}, {0xb, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x8}, {0x32ec, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0xd30}, {0x400}, {0xe9}, {0x5, 0x0, 0x1}, {0x7f, 0x0, 0x1}, {0x2}, {0x1000, 0x0, 0x1}, {}, {0x3, 0x0, 0x1}, {0x4, 0x0, 0x1}, {0x5}, {0xfff9d, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x5, 0x0, 0x1}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000000}, 0x804)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRES16=r5], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x84)

1.240280034s ago: executing program 6 (id=2858):
syz_open_dev$vim2m(0x0, 0x1fffffffff, 0x2)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x4008050)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3d, 0x0, 0x0)
write$nci(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010) (fail_nth: 8)

1.154610412s ago: executing program 5 (id=2861):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@netrom={'nr', 0x0}, 0x83)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_netdev_private(r0, 0x8924, &(0x7f0000000000))
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="500100001000130700000000fcdbdf25200100000000000000900700000120010000000000000000000000000001000005004e210002020000006c0000003b254748e4c3d6e33d1002061f391195013215360000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe3200000000000000000000000000ffffac1414bb000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000043050000000000000400000000000000ffffffffffffff7f000000000000000000000000000000000000000000000000000000002cbd7000003500000a000400500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a"], 0x150}, 0x1, 0x0, 0x0, 0x880}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

1.083461145s ago: executing program 2 (id=2863):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x3c, r1, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x3c}}, 0x0)

1.081475654s ago: executing program 5 (id=2865):
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0x8)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r2 = creat(&(0x7f0000000240)='./file0\x00', 0x1)
write$cgroup_int(r2, &(0x7f0000000540), 0xfffffdd8)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1.024887264s ago: executing program 2 (id=2866):
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0x8)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r2 = creat(&(0x7f0000000240)='./file0\x00', 0x1)
write$cgroup_int(r2, &(0x7f0000000540), 0xfffffdd8)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

914.769161ms ago: executing program 6 (id=2869):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r1, &(0x7f0000000040)={0x1f, @any, 0x2}, 0xa)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r2, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)
r3 = socket$pppoe(0x18, 0x1, 0x0)
ppoll(&(0x7f0000000280)=[{r3, 0x210}], 0x1, 0x0, 0x0, 0x0)
shutdown(r1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40000000000000061009508000000d96e00"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd0c, 0x10, &(0x7f0000000000), 0x76}, 0x48)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000300)=0x49b9, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$SIOCGSTAMPNS(r5, 0x8907, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
writev(r6, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x1df2d4e}], 0x1)
recvmmsg(r6, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000035c0)=""/234, 0xf1}, 0x1f0f77f}, {{&(0x7f0000000540)=@un=@abs, 0x80, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x3}], 0x1, &(0x7f00000005c0)=""/237, 0xec}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{0x0}, {&(0x7f0000003a00)=""/190, 0xbe}, {&(0x7f0000003ac0)=""/113, 0x7b}, {0x0}], 0x4, &(0x7f0000003c00)=""/54, 0x36}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}, 0xfffffffd}], 0x4, 0x40000121, 0x0)

744.908182ms ago: executing program 5 (id=2872):
semop(0x0, &(0x7f0000000000)=[{0x0, 0xfffb}, {0x1, 0x0, 0x800}], 0x2)
semtimedop(0x0, 0x0, 0x0, 0x0)

674.110666ms ago: executing program 7 (id=2874):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x3c, r1, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x3c}}, 0x0)

661.030069ms ago: executing program 2 (id=2875):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f00000006c0)={0x0, 'bridge0\x00', {0x101}, 0x2})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x3, &(0x7f0000346fc8)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200), 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x14, 0x0, 0x300, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0xc800}, 0x80)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})
r1 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x1f00, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x54, 0x10, 0x1, 0x60bd25, 0xfffffffc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0x12}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)

659.000185ms ago: executing program 7 (id=2876):
syz_open_dev$usbmon(0x0, 0x0, 0x0)
request_key(0x0, &(0x7f00000004c0)={'syz', 0x0}, 0x0, 0x0)
request_key(&(0x7f0000001d40)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0xfffffffffffffffe)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000"], 0x4c}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x4000080)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x1c, 0x3, 0x6, 0x5, 0xfffffff5, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x20000090)

574.731693ms ago: executing program 7 (id=2877):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0xc, &(0x7f0000000040)=0x5, 0x4)
r1 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r1)

574.527485ms ago: executing program 7 (id=2878):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
ioctl$LOOP_CHANGE_FD(r1, 0x4c03, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r0, {0x0, 0xffffffffffffffff}}, './file0\x00'})
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0}, &(0x7f0000000300)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xf, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x80000001}, [@generic={0xff, 0x5, 0xb, 0x8000, 0x80}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x800}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000280)='GPL\x00', 0x800, 0x0, 0x0, 0x0, 0x8, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x10, 0x1000, 0x2}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x1, 0x3, 0x1, 0xb}, {0x2, 0x3, 0x6, 0x9}], 0x10, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500), &(0x7f0000000540)={0x0, 0xfb, 0xc0, 0x0, 0x7, "6154a292f66ced54e926ced6cbf518c6", "748708bb4a48a0fa59fa6213e9657565567fd34ae3c1bfef8177dcb1aed6650f3d3312c132f132576b5e99ce2dd42bf8575ac7bd0a860165a745d18f86a8a4cb497cfec15b115142c78bd89a085f9be9618a12eb6c8bae21aa2d9ea16bb1f58cff9bdd92fd536cfa429d7c3739ce87d1a1aff0c05430912ad1ce8185d6d66b781800b1d8fd10420ee50c81c2eb4efa0f2511a2a5195d8778e08d2beeec2917cf95b92c22c24bee3923316c"}, 0xc0, 0x3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r5=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5}, 0x90)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x20000000)
r6 = getpid()
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r8, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r6}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)

494.949165ms ago: executing program 2 (id=2879):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

435.034137ms ago: executing program 2 (id=2880):
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0x8)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r2 = creat(&(0x7f0000000240)='./file0\x00', 0x1)
write$cgroup_int(r2, &(0x7f0000000540), 0xfffffdd8)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

129.440002ms ago: executing program 2 (id=2881):
r0 = socket(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0xd, @dev={0xfe, 0x80, '\x00', 0x20}, 0x9}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1, 0x141, 0x0) (fail_nth: 5)

129.259919ms ago: executing program 7 (id=2882):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000180)=@raw=[@printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000080)={0xf400, 0x1}, 0xf4240}, 0x94)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x4})
r2 = socket$inet6(0xa, 0x3, 0x3a)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x8, @loopback, 0x10007e8}, 0x1c)

5.008293ms ago: executing program 7 (id=2883):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x103000, 0x8d)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0)
pread64(r2, &(0x7f0000001440)=""/126, 0x7e, 0x41)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x8034, 0x2, 0x2}, 0x18, 0x0)
landlock_restrict_self(r3, 0x7)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21}, 0x10)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000040))

4.852432ms ago: executing program 6 (id=2884):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x3c, r1, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x3c}}, 0x0)

97.1µs ago: executing program 6 (id=2885):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000780)={'dummy0\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x20, r1, 0x401, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}, 0x1, 0x1000000, 0x0, 0x4001}, 0x20000080)

0s ago: executing program 6 (id=2886):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x7, 0x50323234, 0x4, 0x0, [{0x0, 0x9}, {0x1, 0xd420}, {0xea10, 0x9}, {0x10, 0x8001}, {0x80005, 0x1}, {0x3, 0x569}, {0x6, 0x7}, {0x6, 0x10000}], 0xfd, 0x0, 0x9, 0x0, 0x3}})
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000200)={0x30, 0x5, 0x0, {0x0, 0x1, 0x5, 0xfffffffb}}, 0x30)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="b0000000000000", @ANYRES8=r1], 0xb0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

kernel console output (not intermixed with test programs):

nterval 0, changing to 7
[  230.756987][ T5981] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.759785][ T5981] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.762605][ T5981] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.766382][ T5981] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.769207][ T5981] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.771940][ T5981] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.775553][ T5981] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.778318][ T5981] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.781046][ T5981] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.784664][ T5981] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.787445][ T5981] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  230.790208][ T5981] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  230.793759][ T5981] usb 9-1: config 0 interface 0 has no altsetting 0
[  230.797291][ T5981] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  230.800088][ T5981] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  230.802683][ T5981] usb 9-1: Product: syz
[  230.804344][ T5981] usb 9-1: Manufacturer: syz
[  230.805867][ T5981] usb 9-1: SerialNumber: syz
[  230.808714][ T5981] usb 9-1: config 0 descriptor??
[  230.814422][ T5981] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  230.872872][ T6023] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  231.013941][ T6023] usb 8-1: device descriptor read/64, error -71
[  231.067641][    C3] usb 9-1: yurex_control_callback - control failed: -71
[  231.068431][T11075] usb 9-1: USB disconnect, device number 6
[  231.075178][T11075] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  231.108192][   T40] audit: type=1400 audit(2000000315.125:536): avc:  denied  { write } for  pid=12252 comm="syz.2.2427" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  231.134837][ T6023] usb usb8-port1: attempt power cycle
[  231.472945][ T6023] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  231.503570][ T6023] usb 8-1: device descriptor read/8, error -71
[  231.753038][ T6023] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  231.773684][ T6023] usb 8-1: device descriptor read/8, error -71
[  231.893451][ T6023] usb usb8-port1: unable to enumerate USB device
[  231.896569][T12267] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.2432'.
[  232.020393][T12274] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2434'.
[  232.213015][ T5981] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  232.313198][ T2302] usb 7-1: new full-speed USB device number 60 using dummy_hcd
[  232.364076][ T5981] usb 8-1: device descriptor read/64, error -71
[  232.494212][ T2302] usb 7-1: config 0 has no interfaces?
[  232.497066][ T2302] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  232.499826][ T2302] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  232.502280][ T2302] usb 7-1: Manufacturer: syz
[  232.505031][ T2302] usb 7-1: config 0 descriptor??
[  232.612845][ T5933] Bluetooth: hci0: command tx timeout
[  232.612870][ T5981] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  232.710380][ T2302] usb 7-1: USB disconnect, device number 60
[  232.763498][ T5981] usb 8-1: device descriptor read/64, error -71
[  232.873884][ T5981] usb usb8-port1: attempt power cycle
[  233.067043][T12283] netlink: 'syz.3.2438': attribute type 1 has an invalid length.
[  233.069920][T12283] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2438'.
[  233.075649][T12283] openvswitch: netlink: Flow actions attr not present in new flow.
[  233.153049][ T5981] usb usb8-port1: Cannot enable. Maybe the USB cable is bad?
[  233.282825][ T5981] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[  233.303205][ T5981] usb 8-1: Using ep0 maxpacket: 8
[  233.306004][ T5981] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  233.308610][ T5981] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  233.311685][ T5981] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  233.314857][ T5981] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  233.317959][ T5981] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  233.322042][ T5981] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  233.324964][ T5981] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.532853][ T5981] usb 8-1: usb_control_msg returned -32
[  233.534752][ T5981] usbtmc 8-1:16.0: can't read capabilities
[  233.636646][   T40] audit: type=1400 audit(2000000317.655:537): avc:  denied  { read } for  pid=12295 comm="syz.4.2444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  233.676755][T12299] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2445'.
[  233.686580][T12299] bridge_slave_0: left allmulticast mode
[  233.688389][T12299] bridge_slave_0: left promiscuous mode
[  233.690301][T12299] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.696549][T12299] bridge_slave_1: left allmulticast mode
[  233.699013][T12299] bridge_slave_1: left promiscuous mode
[  233.701205][T12299] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.706743][T12299] bond0: (slave bond_slave_0): Releasing backup interface
[  233.711129][T12299] bond0: (slave bond_slave_1): Releasing backup interface
[  233.726831][T12299] team0: Port device team_slave_0 removed
[  233.733381][T12299] team0: Port device team_slave_1 removed
[  233.735628][T12299] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  233.738015][T12299] batman_adv: batadv0: Removing interface: batadv_slave_0
[  233.741070][T12299] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  233.743657][T12299] batman_adv: batadv0: Removing interface: batadv_slave_1
[  233.796015][T12302] usb 2-1: USB disconnect, device number 2
[  233.907998][T12305] lo speed is unknown, defaulting to 1000
[  234.192872][   T29] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  234.343192][   T29] usb 9-1: Using ep0 maxpacket: 8
[  234.347093][   T29] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  234.349763][T12315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2450'.
[  234.350639][   T29] usb 9-1: config 0 has no interface number 0
[  234.355917][   T29] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  234.360436][   T29] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  234.366493][   T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.370899][   T29] usb 9-1: config 0 descriptor??
[  234.376677][   T29] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1
[  234.574168][T12305] FAULT_INJECTION: forcing a failure.
[  234.574168][T12305] name failslab, interval 1, probability 0, space 0, times 0
[  234.578140][T12305] CPU: 1 UID: 0 PID: 12305 Comm: syz.4.2447 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  234.578155][T12305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  234.578162][T12305] Call Trace:
[  234.578167][T12305]  <TASK>
[  234.578171][T12305]  dump_stack_lvl+0x16c/0x1f0
[  234.578190][T12305]  should_fail_ex+0x512/0x640
[  234.578204][T12305]  ? __kmalloc_noprof+0xbf/0x510
[  234.578219][T12305]  ? usb_alloc_urb+0x66/0xa0
[  234.578234][T12305]  should_failslab+0xc2/0x120
[  234.578250][T12305]  __kmalloc_noprof+0xd2/0x510
[  234.578264][T12305]  ? __pfx_usbtmc_write+0x10/0x10
[  234.578278][T12305]  ? __pfx_usbtmc_write+0x10/0x10
[  234.578290][T12305]  usb_alloc_urb+0x66/0xa0
[  234.578310][T12305]  usbtmc_create_urb+0x13/0x140
[  234.578322][T12305]  usbtmc_write+0x23f/0xca0
[  234.578336][T12305]  ? avc_policy_seqno+0x9/0x20
[  234.578352][T12305]  ? selinux_file_permission+0x126/0x660
[  234.578366][T12305]  ? __pfx_usbtmc_write+0x10/0x10
[  234.578378][T12305]  ? bpf_lsm_file_permission+0x9/0x10
[  234.578394][T12305]  ? security_file_permission+0x71/0x210
[  234.578409][T12305]  ? rw_verify_area+0xcf/0x680
[  234.578422][T12305]  ? __pfx_usbtmc_write+0x10/0x10
[  234.578433][T12305]  vfs_write+0x2a0/0x1150
[  234.578449][T12305]  ? __pfx_vfs_write+0x10/0x10
[  234.578461][T12305]  ? find_held_lock+0x2b/0x80
[  234.578475][T12305]  ? __fget_files+0x204/0x3c0
[  234.578491][T12305]  ? __fget_files+0x20e/0x3c0
[  234.578508][T12305]  ksys_write+0x12a/0x250
[  234.578521][T12305]  ? __pfx_ksys_write+0x10/0x10
[  234.578538][T12305]  do_syscall_64+0xcd/0x4c0
[  234.578554][T12305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.578566][T12305] RIP: 0033:0x7fa2e498e929
[  234.578575][T12305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.578585][T12305] RSP: 002b:00007fa2e583b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  234.578596][T12305] RAX: ffffffffffffffda RBX: 00007fa2e4bb5fa0 RCX: 00007fa2e498e929
[  234.578602][T12305] RDX: 0000000000000002 RSI: 0000200000001300 RDI: 0000000000000005
[  234.578608][T12305] RBP: 00007fa2e583b090 R08: 0000000000000000 R09: 0000000000000000
[  234.578614][T12305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.578620][T12305] R13: 0000000000000000 R14: 00007fa2e4bb5fa0 R15: 00007ffd57318ee8
[  234.578633][T12305]  </TASK>
[  234.579080][   T29] usb 9-1: USB disconnect, device number 7
[  234.682835][ T5933] Bluetooth: hci0: command tx timeout
[  235.440519][T12337] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2460'.
[  235.508047][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  235.513373][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  235.517314][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  235.520503][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  235.523670][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  235.549114][T12340] lo speed is unknown, defaulting to 1000
[  235.557313][T12345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2463'.
[  235.560452][T12345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2463'.
[  235.744210][T12340] chnl_net:caif_netlink_parms(): no params data found
[  235.846087][T12340] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.848335][T12340] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.850547][T12340] bridge_slave_0: entered allmulticast mode
[  235.853209][T12340] bridge_slave_0: entered promiscuous mode
[  235.856367][T12340] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.858526][T12340] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.860667][T12340] bridge_slave_1: entered allmulticast mode
[  235.864358][T12340] bridge_slave_1: entered promiscuous mode
[  235.914127][T12340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.918689][T12340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.968327][T12340] team0: Port device team_slave_0 added
[  235.970581][T12372] lo speed is unknown, defaulting to 1000
[  235.974351][T12340] team0: Port device team_slave_1 added
[  236.011855][T12340] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.014172][T12340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.022126][T12340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.028041][T12340] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.030629][T12340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.039409][T12340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.107017][T12340] hsr_slave_0: entered promiscuous mode
[  236.109356][T12340] hsr_slave_1: entered promiscuous mode
[  236.111622][T12340] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  236.117119][T12340] Cannot create hsr debugfs directory
[  236.139224][   T29] usb 8-1: USB disconnect, device number 32
[  236.318221][   T40] audit: type=1400 audit(2000000320.335:538): avc:  denied  { write } for  pid=12384 comm="syz.3.2475" name="usbmon9" dev="devtmpfs" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  236.336609][T12340] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  236.351103][T12385] gtp0: entered promiscuous mode
[  236.359063][T12340] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  236.361895][   T40] audit: type=1400 audit(2000000320.375:539): avc:  denied  { ioctl } for  pid=12388 comm="syz.4.2477" path="/dev/ptp0" dev="devtmpfs" ino=729 ioctlcmd=0x3d06 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  236.378518][T12340] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  236.386051][T12340] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  236.401690][T12399] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2479'.
[  236.403316][T12340] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.406885][T12340] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.409330][T12340] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.411970][T12340] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.457532][T12340] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.481000][   T80] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.485548][T12403] netlink: set zone limit has 4 unknown bytes
[  236.489265][   T80] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.524985][T12340] 8021q: adding VLAN 0 to HW filter on device team0
[  236.542813][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.545071][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.564342][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.567677][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.707577][T12340] 8021q: adding VLAN 0 to HW filter on device batadv0
[  236.763352][ T5947] Bluetooth: hci0: command tx timeout
[  236.808370][T12434] Bluetooth: MGMT ver 1.23
[  236.811682][T12434] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  236.849599][T12437] program syz.2.2490 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  236.850014][T12340] veth0_vlan: entered promiscuous mode
[  236.856673][T12439] program syz.2.2490 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  236.862448][T12340] veth1_vlan: entered promiscuous mode
[  236.879202][T12340] veth0_macvtap: entered promiscuous mode
[  236.883763][T12340] veth1_macvtap: entered promiscuous mode
[  236.892914][T12340] batman_adv: batadv0: Interface activated: batadv_slave_0
[  236.899016][T12340] batman_adv: batadv0: Interface activated: batadv_slave_1
[  236.905691][T12340] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.908469][T12340] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.911193][T12340] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.914479][T12340] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.966449][ T1186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.974173][ T1186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.988428][ T1186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.991476][ T1186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.139032][T12463] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  237.203525][T12468] Cannot find map_set index 0 as target
[  237.261511][   T40] audit: type=1800 audit(2000000321.275:540): pid=12472 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.2502" name="bus" dev="overlay" ino=260 res=0 errno=0
[  237.263960][T12474] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2504'.
[  237.314522][T12478] loop6: detected capacity change from 0 to 524287487
[  237.317116][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.319591][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.322042][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.324972][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.327599][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.330106][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.332557][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.336330][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.339085][T12478] ldm_validate_partition_table(): Disk read failed.
[  237.341180][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.343787][T12478] Buffer I/O error on dev loop6, logical block 0, async page read
[  237.346569][T12478] Dev loop6: unable to read RDB block 0
[  237.348853][T12478]  loop6: unable to read partition table
[  237.359097][T12478] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  237.366281][T12478] ip6erspan0: entered promiscuous mode
[  237.396098][T12482] FAULT_INJECTION: forcing a failure.
[  237.396098][T12482] name failslab, interval 1, probability 0, space 0, times 0
[  237.400634][T12482] CPU: 1 UID: 0 PID: 12482 Comm: syz.5.2507 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  237.400650][T12482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  237.400658][T12482] Call Trace:
[  237.400662][T12482]  <TASK>
[  237.400666][T12482]  dump_stack_lvl+0x16c/0x1f0
[  237.400685][T12482]  should_fail_ex+0x512/0x640
[  237.400702][T12482]  should_failslab+0xc2/0x120
[  237.400718][T12482]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  237.400734][T12482]  ? skb_clone+0x190/0x3f0
[  237.400751][T12482]  skb_clone+0x190/0x3f0
[  237.400790][T12482]  netlink_deliver_tap+0xabd/0xd30
[  237.400812][T12482]  netlink_unicast+0x6b2/0x7f0
[  237.400824][T12482]  ? __pfx_netlink_unicast+0x10/0x10
[  237.400838][T12482]  netlink_ack+0x696/0xb80
[  237.400852][T12482]  netlink_rcv_skb+0x332/0x420
[  237.400862][T12482]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  237.400879][T12482]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  237.400894][T12482]  ? netlink_deliver_tap+0x1ae/0xd30
[  237.400914][T12482]  netlink_unicast+0x53a/0x7f0
[  237.400925][T12482]  ? __pfx_netlink_unicast+0x10/0x10
[  237.400940][T12482]  netlink_sendmsg+0x8d1/0xdd0
[  237.400952][T12482]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.400967][T12482]  ____sys_sendmsg+0xa98/0xc70
[  237.400978][T12482]  ? copy_msghdr_from_user+0x10a/0x160
[  237.400993][T12482]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.401010][T12482]  ___sys_sendmsg+0x134/0x1d0
[  237.401025][T12482]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.401042][T12482]  ? __lock_acquire+0x622/0x1c90
[  237.401075][T12482]  __sys_sendmsg+0x16d/0x220
[  237.401090][T12482]  ? __pfx___sys_sendmsg+0x10/0x10
[  237.401113][T12482]  do_syscall_64+0xcd/0x4c0
[  237.401130][T12482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.401141][T12482] RIP: 0033:0x7f2b0a98e929
[  237.401149][T12482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.401160][T12482] RSP: 002b:00007f2b0b80e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.401170][T12482] RAX: ffffffffffffffda RBX: 00007f2b0abb5fa0 RCX: 00007f2b0a98e929
[  237.401177][T12482] RDX: 0000000004000000 RSI: 0000200000000280 RDI: 0000000000000003
[  237.401183][T12482] RBP: 00007f2b0b80e090 R08: 0000000000000000 R09: 0000000000000000
[  237.401189][T12482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.401195][T12482] R13: 0000000000000000 R14: 00007f2b0abb5fa0 R15: 00007ffecc2d3f78
[  237.401212][T12482]  </TASK>
[  237.438337][ T5933] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  237.500286][ T5933] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  237.504271][ T5933] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  237.508107][ T5933] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  237.514284][ T5933] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  237.514456][T12483] tipc: Started in network mode
[  237.519972][T12483] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  237.525097][T12492] 9pnet_virtio: no channels available for device syz
[  237.534228][T12483] tipc: Enabled bearer <udp:s>, priority 10
[  237.551016][T12490] lo speed is unknown, defaulting to 1000
[  237.562968][ T5933] Bluetooth: hci3: command tx timeout
[  237.615574][T12500] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2512'.
[  237.717617][T12484] lo speed is unknown, defaulting to 1000
[  237.861760][T12520] sch_fq: defrate 4294967292 ignored.
[  237.869017][T12522] FAULT_INJECTION: forcing a failure.
[  237.869017][T12522] name failslab, interval 1, probability 0, space 0, times 0
[  237.873132][T12522] CPU: 0 UID: 0 PID: 12522 Comm: syz.3.2519 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  237.873149][T12522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  237.873156][T12522] Call Trace:
[  237.873161][T12522]  <TASK>
[  237.873166][T12522]  dump_stack_lvl+0x16c/0x1f0
[  237.873186][T12522]  should_fail_ex+0x512/0x640
[  237.873201][T12522]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  237.873216][T12522]  should_failslab+0xc2/0x120
[  237.873234][T12522]  __kmalloc_cache_noprof+0x6a/0x3e0
[  237.873247][T12522]  ? tcf_block_get_ext+0x938/0x1800
[  237.873260][T12522]  tcf_block_get_ext+0x938/0x1800
[  237.873275][T12522]  ingress_init+0x204/0x680
[  237.873288][T12522]  ? __pfx_ingress_init+0x10/0x10
[  237.873302][T12522]  qdisc_create+0x454/0xfc0
[  237.873318][T12522]  tc_modify_qdisc+0x146a/0x2130
[  237.873335][T12522]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  237.873360][T12522]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  237.873374][T12522]  rtnetlink_rcv_msg+0x3c6/0xe90
[  237.873392][T12522]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  237.873413][T12522]  ? ref_tracker_free+0x37c/0x830
[  237.873430][T12522]  netlink_rcv_skb+0x158/0x420
[  237.873441][T12522]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  237.873459][T12522]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  237.873476][T12522]  ? netlink_deliver_tap+0x1ae/0xd30
[  237.873505][T12522]  netlink_unicast+0x53a/0x7f0
[  237.873524][T12522]  ? __pfx_netlink_unicast+0x10/0x10
[  237.873547][T12522]  netlink_sendmsg+0x8d1/0xdd0
[  237.873573][T12522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.873599][T12522]  ____sys_sendmsg+0xa98/0xc70
[  237.873616][T12522]  ? copy_msghdr_from_user+0x10a/0x160
[  237.873637][T12522]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.873654][T12522]  ___sys_sendmsg+0x134/0x1d0
[  237.873669][T12522]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.873682][T12522]  ? __lock_acquire+0x622/0x1c90
[  237.873715][T12522]  __sys_sendmsg+0x16d/0x220
[  237.873730][T12522]  ? __pfx___sys_sendmsg+0x10/0x10
[  237.873755][T12522]  do_syscall_64+0xcd/0x4c0
[  237.873773][T12522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.873785][T12522] RIP: 0033:0x7f313cd8e929
[  237.873795][T12522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.873806][T12522] RSP: 002b:00007f313db4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.873818][T12522] RAX: ffffffffffffffda RBX: 00007f313cfb5fa0 RCX: 00007f313cd8e929
[  237.873825][T12522] RDX: 0000000000044080 RSI: 0000200000000040 RDI: 0000000000000003
[  237.873832][T12522] RBP: 00007f313db4f090 R08: 0000000000000000 R09: 0000000000000000
[  237.873838][T12522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.873845][T12522] R13: 0000000000000000 R14: 00007f313cfb5fa0 R15: 00007ffe37494a78
[  237.873859][T12522]  </TASK>
[  238.094048][T12484] chnl_net:caif_netlink_parms(): no params data found
[  238.207308][   T40] audit: type=1400 audit(2000000322.225:541): avc:  denied  { read } for  pid=12547 comm="syz.4.2528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  238.244556][T12484] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.246811][T12484] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.249192][T12484] bridge_slave_0: entered allmulticast mode
[  238.251764][T12484] bridge_slave_0: entered promiscuous mode
[  238.255039][T12484] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.257291][T12484] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.259530][T12484] bridge_slave_1: entered allmulticast mode
[  238.262342][T12484] bridge_slave_1: entered promiscuous mode
[  238.299827][T12484] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  238.305419][T12484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  238.412963][ T2302] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  238.425737][T12484] team0: Port device team_slave_0 added
[  238.433613][T12484] team0: Port device team_slave_1 added
[  238.437138][T12560] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2534'.
[  238.528533][T12484] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.530631][T12484] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.540523][T12484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.547283][T12484] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.549510][T12484] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.557443][T12484] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.563057][ T2302] usb 10-1: Using ep0 maxpacket: 8
[  238.568040][ T2302] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  238.571678][ T2302] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  238.584174][ T2302] usb 10-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  238.587689][ T2302] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  238.593237][ T2302] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  238.599209][ T2302] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.607631][T12484] hsr_slave_0: entered promiscuous mode
[  238.609918][T12484] hsr_slave_1: entered promiscuous mode
[  238.611830][ T2302] usbtmc 10-1:16.0: bulk endpoints not found
[  238.612040][T12484] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  238.616955][T12484] Cannot create hsr debugfs directory
[  238.642886][ T5981] tipc: Node number set to 4269801488
[  238.729476][T12484] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.809057][T12484] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.871463][T12582] input: syz1 as /devices/virtual/input/input24
[  238.879487][T12484] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.956171][T12484] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.070376][T12484] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  239.074608][T12484] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  239.078529][T12484] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  239.082487][T12484] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  239.128215][T12484] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.137560][T12484] 8021q: adding VLAN 0 to HW filter on device team0
[  239.142577][ T1186] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.144926][ T1186] bridge0: port 1(bridge_slave_0) entered forwarding state
[  239.150848][ T1186] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.153254][ T1186] bridge0: port 2(bridge_slave_1) entered forwarding state
[  239.192945][ T2302] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[  239.277063][T12484] 8021q: adding VLAN 0 to HW filter on device batadv0
[  239.318545][T12484] veth0_vlan: entered promiscuous mode
[  239.329933][T12484] veth1_vlan: entered promiscuous mode
[  239.346910][T12484] veth0_macvtap: entered promiscuous mode
[  239.350633][T12484] veth1_macvtap: entered promiscuous mode
[  239.352954][ T2302] usb 8-1: Using ep0 maxpacket: 8
[  239.356452][ T2302] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  239.358909][T12484] batman_adv: batadv0: Interface activated: batadv_slave_0
[  239.359090][ T2302] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  239.364798][ T2302] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  239.366655][T12484] batman_adv: batadv0: Interface activated: batadv_slave_1
[  239.368977][ T2302] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  239.373758][T12484] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  239.376460][ T2302] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  239.377966][T12484] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  239.383466][ T2302] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  239.383490][ T2302] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.392591][T12484] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  239.395427][T12484] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  239.434818][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.437438][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.450353][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.453542][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.562912][ T5933] Bluetooth: hci2: command tx timeout
[  239.597631][ T2302] usb 8-1: usb_control_msg returned -32
[  239.601352][ T2302] usbtmc 8-1:16.0: can't read capabilities
[  239.612519][ T2302] usb 8-1: USB disconnect, device number 33
[  239.652825][ T5933] Bluetooth: hci3: command tx timeout
[  240.224662][T12641] FAULT_INJECTION: forcing a failure.
[  240.224662][T12641] name failslab, interval 1, probability 0, space 0, times 0
[  240.228690][T12641] CPU: 2 UID: 0 PID: 12641 Comm: syz.3.2558 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  240.228706][T12641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  240.228712][T12641] Call Trace:
[  240.228718][T12641]  <TASK>
[  240.228723][T12641]  dump_stack_lvl+0x16c/0x1f0
[  240.228760][T12641]  should_fail_ex+0x512/0x640
[  240.228774][T12641]  ? __kmalloc_node_noprof+0xc5/0x500
[  240.228790][T12641]  should_failslab+0xc2/0x120
[  240.228806][T12641]  __kmalloc_node_noprof+0xd8/0x500
[  240.228819][T12641]  ? __up_read+0x1f8/0x750
[  240.228829][T12641]  ? crypto_alloc_tfmmem.isra.0+0x38/0x110
[  240.228848][T12641]  ? __pfx_crypto_alg_extsize+0x10/0x10
[  240.228862][T12641]  crypto_alloc_tfmmem.isra.0+0x38/0x110
[  240.228881][T12641]  crypto_create_tfm_node+0x85/0x350
[  240.228893][T12641]  crypto_spawn_tfm2+0x62/0xb0
[  240.228908][T12641]  aead_init_geniv+0x172/0x2d0
[  240.228918][T12641]  ? __pfx_aead_init_geniv+0x10/0x10
[  240.228928][T12641]  crypto_aead_init_tfm+0x14c/0x1b0
[  240.228945][T12641]  crypto_create_tfm_node+0x124/0x350
[  240.228957][T12641]  crypto_alloc_tfm_node+0x102/0x260
[  240.228969][T12641]  esp_init_aead.constprop.0+0x107/0x3b0
[  240.228985][T12641]  ? __pfx_esp_init_aead.constprop.0+0x10/0x10
[  240.229005][T12641]  ? find_held_lock+0x2b/0x80
[  240.229019][T12641]  esp6_init_state+0x86/0x520
[  240.229034][T12641]  __xfrm_init_state+0x6fb/0x1c10
[  240.229048][T12641]  ? __pfx_kasan_find_first_bad_addr+0xa/0x10
[  240.229061][T12641]  xfrm_add_sa+0x2ec8/0x5c00
[  240.229077][T12641]  ? cap_capable+0xb3/0x250
[  240.229089][T12641]  ? __pfx_xfrm_add_sa+0x10/0x10
[  240.229103][T12641]  ? __nla_parse+0x40/0x60
[  240.229119][T12641]  ? __pfx_xfrm_add_sa+0x10/0x10
[  240.229132][T12641]  xfrm_user_rcv_msg+0x58b/0xc00
[  240.229146][T12641]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  240.229157][T12641]  ? kfree_skbmem+0x1a4/0x1f0
[  240.229169][T12641]  ? consume_skb+0xcc/0x100
[  240.229185][T12641]  ? find_held_lock+0x2b/0x80
[  240.229197][T12641]  ? __dev_queue_xmit+0x896/0x43e0
[  240.229224][T12641]  ? __pfx___might_resched+0x10/0x10
[  240.229238][T12641]  ? rcu_is_watching+0x12/0xc0
[  240.229253][T12641]  netlink_rcv_skb+0x158/0x420
[  240.229264][T12641]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  240.229281][T12641]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  240.229297][T12641]  ? netlink_deliver_tap+0x1ae/0xd30
[  240.229316][T12641]  xfrm_netlink_rcv+0x71/0x90
[  240.229327][T12641]  netlink_unicast+0x53a/0x7f0
[  240.229339][T12641]  ? __pfx_netlink_unicast+0x10/0x10
[  240.229353][T12641]  netlink_sendmsg+0x8d1/0xdd0
[  240.229365][T12641]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.229381][T12641]  ____sys_sendmsg+0xa98/0xc70
[  240.229392][T12641]  ? copy_msghdr_from_user+0x10a/0x160
[  240.229407][T12641]  ? __pfx_____sys_sendmsg+0x10/0x10
[  240.229424][T12641]  ___sys_sendmsg+0x134/0x1d0
[  240.229439][T12641]  ? __pfx____sys_sendmsg+0x10/0x10
[  240.229452][T12641]  ? __lock_acquire+0x622/0x1c90
[  240.229485][T12641]  __sys_sendmsg+0x16d/0x220
[  240.229499][T12641]  ? __pfx___sys_sendmsg+0x10/0x10
[  240.229522][T12641]  do_syscall_64+0xcd/0x4c0
[  240.229539][T12641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.229550][T12641] RIP: 0033:0x7f313cd8e929
[  240.229559][T12641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.229570][T12641] RSP: 002b:00007f313db4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  240.229580][T12641] RAX: ffffffffffffffda RBX: 00007f313cfb5fa0 RCX: 00007f313cd8e929
[  240.229587][T12641] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  240.229593][T12641] RBP: 00007f313db4f090 R08: 0000000000000000 R09: 0000000000000000
[  240.229599][T12641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.229605][T12641] R13: 0000000000000000 R14: 00007f313cfb5fa0 R15: 00007ffe37494a78
[  240.229618][T12641]  </TASK>
[  240.429015][   T40] audit: type=1400 audit(2000000324.445:542): avc:  denied  { name_bind } for  pid=12644 comm="syz.3.2561" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  240.817791][T12683] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12683 comm=syz.3.2575
[  240.959619][T12699] lo: entered promiscuous mode
[  240.961567][T12699] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2582'.
[  240.965184][T12699] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  240.973137][T12699] binder: 12698:12699 ioctl c0306201 200000000640 returned -22
[  241.192637][   T29] usb 10-1: USB disconnect, device number 2
[  241.197060][T12704] FAULT_INJECTION: forcing a failure.
[  241.197060][T12704] name failslab, interval 1, probability 0, space 0, times 0
[  241.202027][T12704] CPU: 3 UID: 0 PID: 12704 Comm: syz.3.2584 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  241.202042][T12704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  241.202049][T12704] Call Trace:
[  241.202062][T12704]  <TASK>
[  241.202066][T12704]  dump_stack_lvl+0x16c/0x1f0
[  241.202095][T12704]  should_fail_ex+0x512/0x640
[  241.202113][T12704]  ? __kmalloc_noprof+0xbf/0x510
[  241.202128][T12704]  ? ethnl_default_doit+0x209/0xed0
[  241.202144][T12704]  should_failslab+0xc2/0x120
[  241.202163][T12704]  __kmalloc_noprof+0xd2/0x510
[  241.202179][T12704]  ethnl_default_doit+0x209/0xed0
[  241.202196][T12704]  ? __nla_parse+0x40/0x60
[  241.202212][T12704]  ? __pfx_ethnl_default_doit+0x10/0x10
[  241.202228][T12704]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  241.202242][T12704]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  241.202258][T12704]  genl_family_rcv_msg_doit+0x209/0x2f0
[  241.202272][T12704]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  241.202289][T12704]  ? bpf_lsm_capable+0x9/0x10
[  241.202300][T12704]  ? security_capable+0x7e/0x260
[  241.202313][T12704]  ? ns_capable+0xd7/0x110
[  241.202326][T12704]  genl_rcv_msg+0x55c/0x800
[  241.202340][T12704]  ? __pfx_genl_rcv_msg+0x10/0x10
[  241.202352][T12704]  ? __pfx_ethnl_default_doit+0x10/0x10
[  241.202373][T12704]  netlink_rcv_skb+0x158/0x420
[  241.202384][T12704]  ? __pfx_genl_rcv_msg+0x10/0x10
[  241.202396][T12704]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  241.202412][T12704]  ? netlink_deliver_tap+0x1ae/0xd30
[  241.202431][T12704]  genl_rcv+0x28/0x40
[  241.202441][T12704]  netlink_unicast+0x53a/0x7f0
[  241.202453][T12704]  ? __pfx_netlink_unicast+0x10/0x10
[  241.202467][T12704]  netlink_sendmsg+0x8d1/0xdd0
[  241.202480][T12704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.202495][T12704]  ____sys_sendmsg+0xa98/0xc70
[  241.202507][T12704]  ? copy_msghdr_from_user+0x10a/0x160
[  241.202521][T12704]  ? __pfx_____sys_sendmsg+0x10/0x10
[  241.202538][T12704]  ___sys_sendmsg+0x134/0x1d0
[  241.202554][T12704]  ? __pfx____sys_sendmsg+0x10/0x10
[  241.202567][T12704]  ? __lock_acquire+0x622/0x1c90
[  241.202600][T12704]  __sys_sendmsg+0x16d/0x220
[  241.202614][T12704]  ? __pfx___sys_sendmsg+0x10/0x10
[  241.202637][T12704]  do_syscall_64+0xcd/0x4c0
[  241.202654][T12704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  241.202666][T12704] RIP: 0033:0x7f313cd8e929
[  241.202674][T12704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  241.202685][T12704] RSP: 002b:00007f313db4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  241.202695][T12704] RAX: ffffffffffffffda RBX: 00007f313cfb5fa0 RCX: 00007f313cd8e929
[  241.202702][T12704] RDX: 0000000020000080 RSI: 0000200000000280 RDI: 0000000000000003
[  241.202708][T12704] RBP: 00007f313db4f090 R08: 0000000000000000 R09: 0000000000000000
[  241.202714][T12704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  241.202720][T12704] R13: 0000000000000000 R14: 00007f313cfb5fa0 R15: 00007ffe37494a78
[  241.202748][T12704]  </TASK>
[  241.398181][T12716] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2589'.
[  241.401383][T12716] netlink: 'syz.5.2589': attribute type 12 has an invalid length.
[  241.404622][T12716] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2589'.
[  241.642867][ T5933] Bluetooth: hci2: command tx timeout
[  241.732850][ T5933] Bluetooth: hci3: command tx timeout
[  242.086658][T12740] FAULT_INJECTION: forcing a failure.
[  242.086658][T12740] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  242.091058][T12740] CPU: 2 UID: 0 PID: 12740 Comm: syz.4.2598 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  242.091076][T12740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  242.091083][T12740] Call Trace:
[  242.091088][T12740]  <TASK>
[  242.091093][T12740]  dump_stack_lvl+0x16c/0x1f0
[  242.091112][T12740]  should_fail_ex+0x512/0x640
[  242.091128][T12740]  should_fail_alloc_page+0xe7/0x130
[  242.091146][T12740]  prepare_alloc_pages+0x3c2/0x610
[  242.091159][T12740]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  242.091179][T12740]  ? __lock_acquire+0x622/0x1c90
[  242.091201][T12740]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  242.091220][T12740]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  242.091237][T12740]  ? __lock_acquire+0x622/0x1c90
[  242.091252][T12740]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  242.091266][T12740]  ? policy_nodemask+0xea/0x4e0
[  242.091282][T12740]  alloc_pages_mpol+0x1fb/0x550
[  242.091298][T12740]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  242.091317][T12740]  folio_alloc_mpol_noprof+0x36/0x2f0
[  242.091335][T12740]  vma_alloc_folio_noprof+0xed/0x1e0
[  242.091352][T12740]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  242.091369][T12740]  ? find_held_lock+0x2b/0x80
[  242.091381][T12740]  ? __handle_mm_fault+0x1092/0x5490
[  242.091396][T12740]  __handle_mm_fault+0x2f21/0x5490
[  242.091411][T12740]  ? __pfx___handle_mm_fault+0x10/0x10
[  242.091422][T12740]  ? __pfx_mt_find+0x10/0x10
[  242.091446][T12740]  ? find_vma+0xbf/0x140
[  242.091461][T12740]  ? __pfx_find_vma+0x10/0x10
[  242.091478][T12740]  handle_mm_fault+0x589/0xd10
[  242.091491][T12740]  ? __pkru_allows_pkey+0x41/0xb0
[  242.091507][T12740]  do_user_addr_fault+0x7a6/0x1370
[  242.091524][T12740]  ? rcu_is_watching+0x12/0xc0
[  242.091538][T12740]  exc_page_fault+0x5c/0xb0
[  242.091554][T12740]  asm_exc_page_fault+0x26/0x30
[  242.091565][T12740] RIP: 0010:_copy_to_iter+0x4e6/0x16f0
[  242.091580][T12740] Code: 45 e8 5e 4e e1 fc 48 8b 4c 24 18 48 8b 44 24 28 89 ee 4c 8d 34 01 4c 89 f7 e8 e6 33 48 fd 0f 01 cb 48 89 e9 4c 89 ff 4c 89 f6 <f3> a4 0f 1f 00 0f 01 ca 48 89 e8 48 29 eb 48 29 c8 48 01 44 24 28
[  242.091590][T12740] RSP: 0018:ffffc90004497918 EFLAGS: 00050246
[  242.091600][T12740] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000001
[  242.091606][T12740] RDX: ffffed100951ac17 RSI: ffff88804a8d60b0 RDI: 0000200000002140
[  242.091612][T12740] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffed100951ac16
[  242.091618][T12740] R10: ffff88804a8d60b0 R11: 0000000000000001 R12: 0000000000000000
[  242.091624][T12740] R13: ffffc90004497b28 R14: ffff88804a8d60b0 R15: 0000200000002140
[  242.091638][T12740]  ? _copy_to_iter+0x4da/0x16f0
[  242.091655][T12740]  ? do_raw_spin_unlock+0x172/0x230
[  242.091666][T12740]  ? __pfx__copy_to_iter+0x10/0x10
[  242.091680][T12740]  ? _raw_spin_unlock+0x28/0x50
[  242.091693][T12740]  ? tcp_seq_stop+0x1d8/0x240
[  242.091704][T12740]  ? traverse.part.0.constprop.0+0x2c5/0x640
[  242.091723][T12740]  seq_read_iter+0x719/0x12c0
[  242.091737][T12740]  ? _kstrtoull+0x145/0x200
[  242.091751][T12740]  seq_read+0x39e/0x4e0
[  242.091763][T12740]  ? __pfx_seq_read+0x10/0x10
[  242.091779][T12740]  ? import_ubuf+0x1b6/0x220
[  242.091794][T12740]  ? avc_policy_seqno+0x9/0x20
[  242.091814][T12740]  ? __pfx_seq_read+0x10/0x10
[  242.091826][T12740]  proc_reg_read+0x23d/0x330
[  242.091844][T12740]  ? __pfx_proc_reg_read+0x10/0x10
[  242.091859][T12740]  vfs_readv+0x5be/0x8b0
[  242.091875][T12740]  ? __pfx_vfs_readv+0x10/0x10
[  242.091887][T12740]  ? find_held_lock+0x2b/0x80
[  242.091907][T12740]  ? __fget_files+0x20e/0x3c0
[  242.091925][T12740]  ? do_preadv+0x1a6/0x270
[  242.091936][T12740]  do_preadv+0x1a6/0x270
[  242.091948][T12740]  ? __pfx_do_preadv+0x10/0x10
[  242.091964][T12740]  do_syscall_64+0xcd/0x4c0
[  242.091981][T12740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.091991][T12740] RIP: 0033:0x7fa2e498e929
[  242.092000][T12740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.092010][T12740] RSP: 002b:00007fa2e581a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  242.092019][T12740] RAX: ffffffffffffffda RBX: 00007fa2e4bb6080 RCX: 00007fa2e498e929
[  242.092026][T12740] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000004
[  242.092032][T12740] RBP: 00007fa2e581a090 R08: 0000000000000000 R09: 0000000000000000
[  242.092038][T12740] R10: 0000000000000141 R11: 0000000000000246 R12: 0000000000000001
[  242.092044][T12740] R13: 0000000000000000 R14: 00007fa2e4bb6080 R15: 00007ffd57318ee8
[  242.092057][T12740]  </TASK>
[  242.509779][   T40] audit: type=1400 audit(2000000326.525:543): avc:  denied  { mounton } for  pid=12765 comm="syz.3.2608" path="/165/file1/file0" dev="autofs" ino=46169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  242.516834][   T40] audit: type=1400 audit(2000000326.525:544): avc:  denied  { mount } for  pid=12765 comm="syz.3.2608" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  242.529291][   T40] audit: type=1400 audit(2000000326.545:545): avc:  denied  { unmount } for  pid=11435 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  242.684049][   T34] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  242.832836][   T34] usb 10-1: Using ep0 maxpacket: 8
[  242.836577][   T34] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  242.840118][   T34] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  242.843739][   T34] usb 10-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  242.847124][   T34] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  242.851986][   T34] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  242.855882][   T34] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.861806][   T34] usbtmc 10-1:16.0: bulk endpoints not found
[  243.000390][T12771] xfrm1: entered allmulticast mode
[  243.004990][   T40] audit: type=1400 audit(2000000327.025:546): avc:  denied  { create } for  pid=12769 comm="syz.4.2611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  243.012016][   T40] audit: type=1800 audit(2000000327.025:547): pid=12771 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.2611" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  243.498748][T12780] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.502146][T12780] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.722957][ T5933] Bluetooth: hci2: command tx timeout
[  243.773541][   T40] audit: type=1400 audit(2000000327.795:548): avc:  denied  { map } for  pid=12785 comm="syz.2.2617" path="pipe:[44571]" dev="pipefs" ino=44571 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  243.803003][ T5933] Bluetooth: hci3: command tx timeout
[  243.972239][T12795] netlink: 'syz.4.2621': attribute type 23 has an invalid length.
[  244.094037][T12802] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  244.100217][T12802] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  244.152510][T12804] FAULT_INJECTION: forcing a failure.
[  244.152510][T12804] name failslab, interval 1, probability 0, space 0, times 0
[  244.157507][T12804] CPU: 1 UID: 0 PID: 12804 Comm: syz.4.2624 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  244.157532][T12804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  244.157543][T12804] Call Trace:
[  244.157564][T12804]  <TASK>
[  244.157571][T12804]  dump_stack_lvl+0x16c/0x1f0
[  244.157600][T12804]  should_fail_ex+0x512/0x640
[  244.157621][T12804]  ? __kmalloc_noprof+0xbf/0x510
[  244.157645][T12804]  ? vb2_core_allocated_buffers_storage+0x184/0x220
[  244.157670][T12804]  should_failslab+0xc2/0x120
[  244.157694][T12804]  __kmalloc_noprof+0xd2/0x510
[  244.157721][T12804]  vb2_core_allocated_buffers_storage+0x184/0x220
[  244.157749][T12804]  vb2_core_reqbufs+0x398/0xfe0
[  244.157781][T12804]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  244.157823][T12804]  __vb2_init_fileio+0x3f1/0x1100
[  244.157840][T12804]  ? __lock_acquire+0x622/0x1c90
[  244.157869][T12804]  ? vb2_fop_read+0xe6/0x3e0
[  244.157903][T12804]  __vb2_perform_fileio+0x9c2/0x1660
[  244.157926][T12804]  ? __pfx___vb2_perform_fileio+0x10/0x10
[  244.157944][T12804]  ? get_pid_task+0xfc/0x250
[  244.157975][T12804]  vb2_fop_read+0x215/0x3e0
[  244.158005][T12804]  v4l2_read+0x226/0x360
[  244.158026][T12804]  ? __pfx_v4l2_read+0x10/0x10
[  244.158047][T12804]  vfs_read+0x1e1/0xc60
[  244.158073][T12804]  ? __pfx_vfs_read+0x10/0x10
[  244.158091][T12804]  ? find_held_lock+0x2b/0x80
[  244.158113][T12804]  ? __fget_files+0x204/0x3c0
[  244.158141][T12804]  ? __fget_files+0x20e/0x3c0
[  244.158171][T12804]  ksys_read+0x12a/0x250
[  244.158191][T12804]  ? __pfx_ksys_read+0x10/0x10
[  244.158224][T12804]  do_syscall_64+0xcd/0x4c0
[  244.158252][T12804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.158270][T12804] RIP: 0033:0x7fa2e498e929
[  244.158284][T12804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.158302][T12804] RSP: 002b:00007fa2e583b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  244.158318][T12804] RAX: ffffffffffffffda RBX: 00007fa2e4bb5fa0 RCX: 00007fa2e498e929
[  244.158329][T12804] RDX: 0000000000000024 RSI: 00002000000001c0 RDI: 0000000000000003
[  244.158340][T12804] RBP: 00007fa2e583b090 R08: 0000000000000000 R09: 0000000000000000
[  244.158364][T12804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.158375][T12804] R13: 0000000000000000 R14: 00007fa2e4bb5fa0 R15: 00007ffd57318ee8
[  244.158399][T12804]  </TASK>
[  244.240449][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.863307][T12818] kvm: kvm [12817]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  245.095600][T12824] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2632'.
[  245.319659][T12834] netlink: 'syz.4.2636': attribute type 10 has an invalid length.
[  245.326509][T12834] 8021q: adding VLAN 0 to HW filter on device team0
[  245.329620][T12834] bond0: (slave team0): Enslaving as an active interface with an up link
[  245.333598][   T24] syz1: Port: 1 Link ACTIVE
[  245.400797][T12838] lo speed is unknown, defaulting to 1000
[  245.446777][ T6114] usb 10-1: USB disconnect, device number 3
[  245.705505][T12849] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2642'.
[  245.705506][T12850] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2642'.
[  245.705538][T12850] netlink: 'syz.4.2642': attribute type 7 has an invalid length.
[  245.709048][T12849] netlink: 'syz.4.2642': attribute type 7 has an invalid length.
[  245.709068][T12849] netlink: 'syz.4.2642': attribute type 8 has an invalid length.
[  245.709078][T12849] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2642'.
[  245.712649][T12850] netlink: 'syz.4.2642': attribute type 8 has an invalid length.
[  245.730242][T12850] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2642'.
[  245.812916][ T5933] Bluetooth: hci2: command tx timeout
[  245.832874][ T6114] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  245.994210][ T6114] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  245.997431][ T6114] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  246.001810][ T6114] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  246.004792][ T6114] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.008911][ T6114] usb 10-1: config 0 descriptor??
[  246.012605][ T6114] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  246.695243][T12866] 9pnet_virtio: no channels available for device syz
[  246.886626][T12885] lo speed is unknown, defaulting to 1000
[  246.973657][T12892] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2658'.
[  247.045731][T12895] FAULT_INJECTION: forcing a failure.
[  247.045731][T12895] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  247.049882][T12895] CPU: 0 UID: 0 PID: 12895 Comm: syz.4.2659 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  247.049900][T12895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  247.049906][T12895] Call Trace:
[  247.049912][T12895]  <TASK>
[  247.049916][T12895]  dump_stack_lvl+0x16c/0x1f0
[  247.049936][T12895]  should_fail_ex+0x512/0x640
[  247.049952][T12895]  _copy_from_user+0x2e/0xd0
[  247.049974][T12895]  kstrtouint_from_user+0xd6/0x1d0
[  247.049986][T12895]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  247.049997][T12895]  ? __lock_acquire+0xb8a/0x1c90
[  247.050021][T12895]  proc_fail_nth_write+0x83/0x250
[  247.050035][T12895]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  247.050052][T12895]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  247.050065][T12895]  vfs_write+0x2a0/0x1150
[  247.050081][T12895]  ? __pfx___mutex_lock+0x10/0x10
[  247.050096][T12895]  ? __pfx_vfs_write+0x10/0x10
[  247.050113][T12895]  ? __fget_files+0x20e/0x3c0
[  247.050131][T12895]  ksys_write+0x12a/0x250
[  247.050144][T12895]  ? __pfx_ksys_write+0x10/0x10
[  247.050161][T12895]  do_syscall_64+0xcd/0x4c0
[  247.050178][T12895]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.050190][T12895] RIP: 0033:0x7fa2e498d3df
[  247.050199][T12895] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  247.050210][T12895] RSP: 002b:00007fa2e583b030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  247.050222][T12895] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2e498d3df
[  247.050229][T12895] RDX: 0000000000000001 RSI: 00007fa2e583b0a0 RDI: 0000000000000006
[  247.050235][T12895] RBP: 00007fa2e583b090 R08: 0000000000000000 R09: 0000000000000000
[  247.050242][T12895] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  247.050248][T12895] R13: 0000000000000000 R14: 00007fa2e4bb5fa0 R15: 00007ffd57318ee8
[  247.050261][T12895]  </TASK>
[  247.412817][ T5981] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[  247.565751][T12925] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  247.568294][ T5981] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  247.573947][ T5981] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  247.581831][ T5981] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  247.585937][ T5981] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.589350][ T5981] usb 7-1: Product: syz
[  247.591078][ T5981] usb 7-1: Manufacturer: syz
[  247.593203][ T5981] usb 7-1: SerialNumber: syz
[  247.800643][T12904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.804740][T12904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.810994][T12942] FAULT_INJECTION: forcing a failure.
[  247.810994][T12942] name failslab, interval 1, probability 0, space 0, times 0
[  247.811892][ T5981] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[  247.817315][T12942] CPU: 0 UID: 0 PID: 12942 Comm: syz.4.2676 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  247.817339][T12942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  247.817349][T12942] Call Trace:
[  247.817355][T12942]  <TASK>
[  247.817362][T12942]  dump_stack_lvl+0x16c/0x1f0
[  247.817391][T12942]  should_fail_ex+0x512/0x640
[  247.817413][T12942]  ? __kmalloc_noprof+0xbf/0x510
[  247.817436][T12942]  ? tls_get_rec+0xfa/0x730
[  247.817451][T12942]  should_failslab+0xc2/0x120
[  247.817476][T12942]  __kmalloc_noprof+0xd2/0x510
[  247.817503][T12942]  tls_get_rec+0xfa/0x730
[  247.817524][T12942]  tls_sw_sendmsg+0xff6/0x23f0
[  247.817549][T12942]  ? avc_has_perm+0x1/0x1c0
[  247.817586][T12942]  ? __pfx_tls_sw_sendmsg+0x10/0x10
[  247.817604][T12942]  ? selinux_ip_forward+0x487/0x550
[  247.817626][T12942]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  247.817658][T12942]  ? __fget_files+0x20e/0x3c0
[  247.817679][T12942]  ? __pfx_find_held_lock+0x10/0x10
[  247.817700][T12942]  ? __pfx_tls_sw_sendmsg+0x10/0x10
[  247.817720][T12942]  inet6_sendmsg+0x11c/0x140
[  247.817746][T12942]  __sys_sendto+0x376/0x520
[  247.817769][T12942]  ? __pfx___sys_sendto+0x10/0x10
[  247.817812][T12942]  ? ksys_write+0x1ac/0x250
[  247.817832][T12942]  ? __pfx_ksys_write+0x10/0x10
[  247.817857][T12942]  __x64_sys_sendto+0xe0/0x1c0
[  247.817877][T12942]  ? do_syscall_64+0x91/0x4c0
[  247.817900][T12942]  ? lockdep_hardirqs_on+0x7c/0x110
[  247.817923][T12942]  do_syscall_64+0xcd/0x4c0
[  247.817949][T12942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.817967][T12942] RIP: 0033:0x7fa2e498e929
[  247.817981][T12942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.817997][T12942] RSP: 002b:00007fa2e583b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  247.818014][T12942] RAX: ffffffffffffffda RBX: 00007fa2e4bb5fa0 RCX: 00007fa2e498e929
[  247.818025][T12942] RDX: ffffffffffffff13 RSI: 00002000000001c0 RDI: 0000000000000003
[  247.818036][T12942] RBP: 00007fa2e583b090 R08: 0000000000000000 R09: 0000000003000137
[  247.818047][T12942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  247.818057][T12942] R13: 0000000000000000 R14: 00007fa2e4bb5fa0 R15: 00007ffd57318ee8
[  247.818082][T12942]  </TASK>
[  247.845561][T12944] dlm: no locking on control device
[  247.846966][   T40] audit: type=1400 audit(2000000331.865:549): avc:  denied  { append } for  pid=12943 comm="syz.4.2677" name="dlm-control" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  247.858130][T12944] netlink: 172 bytes leftover after parsing attributes in process `syz.4.2677'.
[  247.860157][ T5981] usb 7-1: USB disconnect, device number 61
[  248.525542][ T5981] usb 10-1: USB disconnect, device number 4
[  248.665614][T12954] input: syz1 as /devices/virtual/input/input25
[  248.754655][T12960] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2685'.
[  248.764879][T12962] xt_hashlimit: size too large, truncated to 1048576
[  248.797958][T12962] syz.2.2686: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  248.803988][T12962] CPU: 2 UID: 0 PID: 12962 Comm: syz.2.2686 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  248.804004][T12962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  248.804022][T12962] Call Trace:
[  248.804026][T12962]  <TASK>
[  248.804030][T12962]  dump_stack_lvl+0x16c/0x1f0
[  248.804049][T12962]  warn_alloc+0x248/0x3a0
[  248.804066][T12962]  ? __pfx_warn_alloc+0x10/0x10
[  248.804084][T12962]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  248.804099][T12962]  ? __vmalloc_node_noprof+0xad/0xf0
[  248.804112][T12962]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  248.804129][T12962]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  248.804145][T12962]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  248.804158][T12962]  ? __alloc_pages_noprof+0xb/0x1b0
[  248.804176][T12962]  ? ___kmalloc_large_node+0x84/0x1e0
[  248.804189][T12962]  __kvmalloc_node_noprof+0x30a/0x620
[  248.804203][T12962]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  248.804216][T12962]  ? net_generic+0xea/0x2a0
[  248.804227][T12962]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  248.804242][T12962]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  248.804255][T12962]  hashlimit_mt_check_common+0x8bb/0x1460
[  248.804272][T12962]  hashlimit_mt_check+0x71/0x90
[  248.804284][T12962]  ? __pfx_hashlimit_mt_check+0x10/0x10
[  248.804297][T12962]  xt_check_match+0x286/0xa50
[  248.804309][T12962]  ? __init_zone_device_page+0x3a2/0x690
[  248.804322][T12962]  ? __pfx_xt_check_match+0x10/0x10
[  248.804336][T12962]  ? xt_find_target+0x1f2/0x290
[  248.804349][T12962]  ? xt_find_match+0x1f6/0x290
[  248.804363][T12962]  find_check_entry.constprop.0+0x34e/0xa20
[  248.804380][T12962]  ? __pfx_find_check_entry.constprop.0+0x10/0x10
[  248.804397][T12962]  ? kasan_quarantine_put+0x10a/0x240
[  248.804411][T12962]  ? lockdep_hardirqs_on+0x7c/0x110
[  248.804428][T12962]  ? kfree+0x2b4/0x4d0
[  248.804439][T12962]  ? translate_table+0xc0e/0x17b0
[  248.804453][T12962]  translate_table+0xd0b/0x17b0
[  248.804472][T12962]  ? __pfx_translate_table+0x10/0x10
[  248.804483][T12962]  ? xt_alloc_table_info+0x3e/0xa0
[  248.804499][T12962]  do_ip6t_set_ctl+0x570/0xb00
[  248.804512][T12962]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  248.804526][T12962]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  248.804540][T12962]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  248.804564][T12962]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  248.804577][T12962]  nf_setsockopt+0x8a/0xf0
[  248.804589][T12962]  ipv6_setsockopt+0x135/0x170
[  248.804602][T12962]  rawv6_setsockopt+0xc2/0x510
[  248.804620][T12962]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  248.804638][T12962]  ? selinux_socket_setsockopt+0x6a/0x80
[  248.804651][T12962]  ? sock_common_setsockopt+0x2e/0xf0
[  248.804687][T12962]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  248.804705][T12962]  do_sock_setsockopt+0x224/0x470
[  248.804722][T12962]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  248.804747][T12962]  __sys_setsockopt+0x1a0/0x230
[  248.804764][T12962]  __x64_sys_setsockopt+0xbd/0x160
[  248.804777][T12962]  ? do_syscall_64+0x91/0x4c0
[  248.804792][T12962]  ? lockdep_hardirqs_on+0x7c/0x110
[  248.804807][T12962]  do_syscall_64+0xcd/0x4c0
[  248.804823][T12962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.804834][T12962] RIP: 0033:0x7fcff1d8e929
[  248.804844][T12962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  248.804855][T12962] RSP: 002b:00007fcff2cdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  248.804865][T12962] RAX: ffffffffffffffda RBX: 00007fcff1fb5fa0 RCX: 00007fcff1d8e929
[  248.804872][T12962] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000024
[  248.804879][T12962] RBP: 00007fcff1e10b39 R08: 0000000000000588 R09: 0000000000000000
[  248.804885][T12962] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000
[  248.804892][T12962] R13: 0000000000000000 R14: 00007fcff1fb5fa0 R15: 00007fff8f1b0e18
[  248.804906][T12962]  </TASK>
[  248.804920][T12962] Mem-Info:
[  248.927471][T12962] active_anon:14256 inactive_anon:10 isolated_anon:0
[  248.927471][T12962]  active_file:4191 inactive_file:52647 isolated_file:0
[  248.927471][T12962]  unevictable:1768 dirty:465 writeback:0
[  248.927471][T12962]  slab_reclaimable:9466 slab_unreclaimable:107308
[  248.927471][T12962]  mapped:32391 shmem:5154 pagetables:1244
[  248.927471][T12962]  sec_pagetables:320 bounce:0
[  248.927471][T12962]  kernel_misc_reclaimable:0
[  248.927471][T12962]  free:393737 free_pcp:15674 free_cma:0
[  248.943488][T12962] Node 0 active_anon:47312kB inactive_anon:40kB active_file:16740kB inactive_file:210364kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:117704kB dirty:1848kB writeback:0kB shmem:12120kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:15216kB pagetables:4688kB sec_pagetables:1280kB all_unreclaimable? yes Balloon:0kB
[  248.954736][T12962] Node 1 active_anon:7976kB inactive_anon:0kB active_file:24kB inactive_file:224kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:10496kB dirty:12kB writeback:0kB shmem:7380kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:240kB pagetables:288kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  248.965858][T12962] Node 0 DMA free:5320kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:148kB local_pcp:32kB free_cma:0kB
[  248.974766][T12962] lowmem_reserve[]: 0 1235 1235 1235 1235
[  248.976576][T12962] Node 0 DMA32 free:51456kB boost:12288kB min:39804kB low:46680kB high:53556kB reserved_highatomic:4096KB free_highatomic:1508KB active_anon:47312kB inactive_anon:40kB active_file:16740kB inactive_file:210364kB unevictable:3536kB writepending:1848kB present:2080628kB managed:1264704kB mlocked:0kB bounce:0kB free_pcp:22344kB local_pcp:7608kB free_cma:0kB
[  248.987161][T12962] lowmem_reserve[]: 0 0 0 0 0
[  248.988729][T12962] Node 1 Normal free:1522024kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:5992kB inactive_anon:0kB active_file:24kB inactive_file:224kB unevictable:4032kB writepending:12kB present:2097152kB managed:1781956kB mlocked:496kB bounce:0kB free_pcp:41768kB local_pcp:9500kB free_cma:0kB
[  248.999127][T12962] lowmem_reserve[]: 0 0 0 0 0
[  249.000626][T12962] Node 0 DMA: 0*4kB 1*8kB (U) 0*16kB 2*32kB (UE) 2*64kB (UE) 2*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 1*2048kB (M) 0*4096kB = 5320kB
[  249.005606][T12962] Node 0 DMA32: 6*4kB (MH) 22*8kB (UE) 19*16kB (MEH) 123*32kB (MEH) 60*64kB (UMEH) 68*128kB (UMEH) 48*256kB (UMEH) 24*512kB (UM) 8*1024kB (UM) 0*2048kB 0*4096kB = 49752kB
[  249.010826][T12962] Node 1 Normal: 4*4kB (E) 8*8kB (UE) 10*16kB (ME) 6*32kB (E) 5*64kB (ME) 0*128kB 6*256kB (UM) 6*512kB (ME) 5*1024kB (ME) 2*2048kB (UM) 368*4096kB (M) = 1521904kB
[  249.016641][T12962] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  249.019581][T12962] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  249.022431][T12962] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  249.025387][T12962] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  249.028213][T12962] 61618 total pagecache pages
[  249.029615][T12962] 0 pages in swap cache
[  249.030898][T12962] Free swap  = 123296kB
[  249.032225][T12962] Total swap = 124996kB
[  249.033701][T12962] 1048443 pages RAM
[  249.034914][T12962] 0 pages HighMem/MovableOnly
[  249.036390][T12962] 282938 pages reserved
[  249.037711][T12962] 0 pages cma reserved
[  249.106101][ T6114] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  249.254773][ T6114] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  249.258721][ T6114] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  249.263396][ T6114] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  249.269724][ T6114] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.288436][ T6114] usb 9-1: config 0 descriptor??
[  249.296089][ T6114] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  249.562825][   T34] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[  249.596771][T12989] netlink: 'syz.5.2696': attribute type 29 has an invalid length.
[  249.606495][T12988] netlink: 'syz.5.2696': attribute type 29 has an invalid length.
[  249.610848][T12988] netlink: 484 bytes leftover after parsing attributes in process `syz.5.2696'.
[  249.615390][   T29] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  249.680441][T12993] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.684019][T12993] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.734190][   T34] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  249.737409][   T34] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  249.743785][   T34] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  249.746608][   T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.749186][   T34] usb 7-1: Product: syz
[  249.750571][   T34] usb 7-1: Manufacturer: syz
[  249.752055][   T34] usb 7-1: SerialNumber: syz
[  249.960504][T12982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.966790][T12982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  249.971847][   T34] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[  249.976965][   T34] usb 7-1: USB disconnect, device number 62
[  250.800417][T13008] FAULT_INJECTION: forcing a failure.
[  250.800417][T13008] name failslab, interval 1, probability 0, space 0, times 0
[  250.804709][T13008] CPU: 2 UID: 0 PID: 13008 Comm: syz.5.2702 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  250.804725][T13008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  250.804732][T13008] Call Trace:
[  250.804736][T13008]  <TASK>
[  250.804740][T13008]  dump_stack_lvl+0x16c/0x1f0
[  250.804759][T13008]  should_fail_ex+0x512/0x640
[  250.804776][T13008]  should_failslab+0xc2/0x120
[  250.804792][T13008]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  250.804807][T13008]  ? __pfx___mod_timer+0x10/0x10
[  250.804823][T13008]  ? __alloc_skb+0x2b2/0x380
[  250.804839][T13008]  __alloc_skb+0x2b2/0x380
[  250.804853][T13008]  ? __pfx___alloc_skb+0x10/0x10
[  250.804868][T13008]  ? __lock_acquire+0x622/0x1c90
[  250.804888][T13008]  xfrm_send_state_notify+0x7d6/0x1fb0
[  250.804909][T13008]  ? __pfx_xfrm_send_state_notify+0x10/0x10
[  250.804928][T13008]  ? __pfx_xfrm_send_state_notify+0x10/0x10
[  250.804942][T13008]  km_state_notify+0xab/0x230
[  250.804954][T13008]  xfrm_add_sa+0x3524/0x5c00
[  250.804970][T13008]  ? cap_capable+0xb3/0x250
[  250.804982][T13008]  ? __pfx_xfrm_add_sa+0x10/0x10
[  250.804997][T13008]  ? __nla_parse+0x40/0x60
[  250.805013][T13008]  ? __pfx_xfrm_add_sa+0x10/0x10
[  250.805027][T13008]  xfrm_user_rcv_msg+0x58b/0xc00
[  250.805042][T13008]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  250.805053][T13008]  ? kfree_skbmem+0x1a4/0x1f0
[  250.805064][T13008]  ? consume_skb+0xcc/0x100
[  250.805081][T13008]  ? find_held_lock+0x2b/0x80
[  250.805093][T13008]  ? __dev_queue_xmit+0x896/0x43e0
[  250.805120][T13008]  ? __pfx___might_resched+0x10/0x10
[  250.805135][T13008]  ? rcu_is_watching+0x12/0xc0
[  250.805150][T13008]  netlink_rcv_skb+0x158/0x420
[  250.805161][T13008]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  250.805174][T13008]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  250.805190][T13008]  ? netlink_deliver_tap+0x1ae/0xd30
[  250.805209][T13008]  xfrm_netlink_rcv+0x71/0x90
[  250.805219][T13008]  netlink_unicast+0x53a/0x7f0
[  250.805231][T13008]  ? __pfx_netlink_unicast+0x10/0x10
[  250.805246][T13008]  netlink_sendmsg+0x8d1/0xdd0
[  250.805259][T13008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  250.805274][T13008]  ____sys_sendmsg+0xa98/0xc70
[  250.805286][T13008]  ? copy_msghdr_from_user+0x10a/0x160
[  250.805301][T13008]  ? __pfx_____sys_sendmsg+0x10/0x10
[  250.805319][T13008]  ___sys_sendmsg+0x134/0x1d0
[  250.805334][T13008]  ? __pfx____sys_sendmsg+0x10/0x10
[  250.805348][T13008]  ? __lock_acquire+0x622/0x1c90
[  250.805380][T13008]  __sys_sendmsg+0x16d/0x220
[  250.805395][T13008]  ? __pfx___sys_sendmsg+0x10/0x10
[  250.805419][T13008]  do_syscall_64+0xcd/0x4c0
[  250.805435][T13008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.805447][T13008] RIP: 0033:0x7f2b0a98e929
[  250.805456][T13008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.805467][T13008] RSP: 002b:00007f2b0b80e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  250.805478][T13008] RAX: ffffffffffffffda RBX: 00007f2b0abb5fa0 RCX: 00007f2b0a98e929
[  250.805485][T13008] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  250.805492][T13008] RBP: 00007f2b0b80e090 R08: 0000000000000000 R09: 0000000000000000
[  250.805498][T13008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  250.805504][T13008] R13: 0000000000000000 R14: 00007f2b0abb5fa0 R15: 00007ffecc2d3f78
[  250.805517][T13008]  </TASK>
[  250.946757][T13014] netlink: 'syz.2.2705': attribute type 10 has an invalid length.
[  250.949758][T13014] syz_tun: entered promiscuous mode
[  250.955977][T13014] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  250.980259][T13017] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  251.487069][T13021] FAULT_INJECTION: forcing a failure.
[  251.487069][T13021] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  251.491161][T13021] CPU: 3 UID: 0 PID: 13021 Comm: syz.2.2707 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  251.491176][T13021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  251.491183][T13021] Call Trace:
[  251.491188][T13021]  <TASK>
[  251.491193][T13021]  dump_stack_lvl+0x16c/0x1f0
[  251.491212][T13021]  should_fail_ex+0x512/0x640
[  251.491229][T13021]  _copy_from_user+0x2e/0xd0
[  251.491245][T13021]  video_usercopy+0xedd/0x1720
[  251.491260][T13021]  ? __pfx___video_do_ioctl+0x10/0x10
[  251.491273][T13021]  ? selinux_kernel_read_file+0xa0/0x130
[  251.491289][T13021]  ? __pfx_video_usercopy+0x10/0x10
[  251.491311][T13021]  v4l2_ioctl+0x1ba/0x250
[  251.491323][T13021]  ? __pfx_v4l2_ioctl+0x10/0x10
[  251.491336][T13021]  __x64_sys_ioctl+0x18b/0x210
[  251.491349][T13021]  do_syscall_64+0xcd/0x4c0
[  251.491366][T13021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.491378][T13021] RIP: 0033:0x7fcff1d8e929
[  251.491386][T13021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  251.491397][T13021] RSP: 002b:00007fcff2cdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  251.491408][T13021] RAX: ffffffffffffffda RBX: 00007fcff1fb5fa0 RCX: 00007fcff1d8e929
[  251.491415][T13021] RDX: 0000200000000100 RSI: 000000004014563c RDI: 0000000000000003
[  251.491422][T13021] RBP: 00007fcff2cdd090 R08: 0000000000000000 R09: 0000000000000000
[  251.491428][T13021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  251.491434][T13021] R13: 0000000000000000 R14: 00007fcff1fb5fa0 R15: 00007fff8f1b0e18
[  251.491447][T13021]  </TASK>
[  251.570727][T13023] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2708'.
[  251.574450][T13023] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2708'.
[  251.578110][T13023] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2708'.
[  251.582865][T13023] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2708'.
[  251.705466][T13028] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.748604][T13028] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.837748][   T40] audit: type=1400 audit(2000000335.855:550): avc:  denied  { relabelfrom } for  pid=13029 comm="syz.5.2711" name="TCP" dev="sockfs" ino=45547 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  251.845166][   T40] audit: type=1401 audit(2000000335.855:551): op=setxattr invalid_context="system_u:object_r:fsadm_log_t:s0"
[  251.884870][   T24] usb 9-1: USB disconnect, device number 8
[  251.944649][T13038] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2715'.
[  251.971673][T13043] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2717'.
[  252.031389][T13049] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  252.036406][T13049] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2717'.
[  252.450176][ T5981] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  252.614174][ T5981] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  252.620244][ T5981] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  252.625905][ T5981] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  252.628718][ T5981] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.633382][ T5981] usb 10-1: config 0 descriptor??
[  252.637379][ T5981] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  252.839745][T13077] netlink: 'syz.4.2731': attribute type 10 has an invalid length.
[  252.858445][T13077] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  252.889488][T13079] FAULT_INJECTION: forcing a failure.
[  252.889488][T13079] name failslab, interval 1, probability 0, space 0, times 0
[  252.894560][T13079] CPU: 0 UID: 0 PID: 13079 Comm: syz.4.2732 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  252.894578][T13079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  252.894585][T13079] Call Trace:
[  252.894590][T13079]  <TASK>
[  252.894594][T13079]  dump_stack_lvl+0x16c/0x1f0
[  252.894614][T13079]  should_fail_ex+0x512/0x640
[  252.894631][T13079]  should_failslab+0xc2/0x120
[  252.894647][T13079]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  252.894663][T13079]  ? skb_clone+0x190/0x3f0
[  252.894681][T13079]  skb_clone+0x190/0x3f0
[  252.894696][T13079]  netlink_deliver_tap+0xabd/0xd30
[  252.894717][T13079]  netlink_dump+0xb4d/0xce0
[  252.894735][T13079]  ? __pfx_netlink_dump+0x10/0x10
[  252.894756][T13079]  ? rcu_is_watching+0x12/0xc0
[  252.894770][T13079]  ? trace_contention_end+0xdd/0x130
[  252.894790][T13079]  __netlink_dump_start+0x6d6/0x990
[  252.894809][T13079]  ip_set_dump+0x17f/0x210
[  252.894828][T13079]  ? __pfx_ip_set_dump+0x10/0x10
[  252.894841][T13079]  ? __pfx_ip_set_dump_start+0x10/0x10
[  252.894854][T13079]  ? __pfx_ip_set_dump_do+0x10/0x10
[  252.894869][T13079]  ? __pfx_ip_set_dump_done+0x10/0x10
[  252.894887][T13079]  nfnetlink_rcv_msg+0x9fc/0x1200
[  252.894905][T13079]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  252.894920][T13079]  ? __lock_acquire+0x622/0x1c90
[  252.894948][T13079]  ? avc_has_perm_noaudit+0x149/0x3b0
[  252.894970][T13079]  netlink_rcv_skb+0x158/0x420
[  252.894981][T13079]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  252.894994][T13079]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  252.895012][T13079]  ? ns_capable+0xd7/0x110
[  252.895026][T13079]  nfnetlink_rcv+0x1b3/0x430
[  252.895038][T13079]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  252.895051][T13079]  ? netlink_deliver_tap+0x1ae/0xd30
[  252.895070][T13079]  netlink_unicast+0x53a/0x7f0
[  252.895082][T13079]  ? __pfx_netlink_unicast+0x10/0x10
[  252.895097][T13079]  netlink_sendmsg+0x8d1/0xdd0
[  252.895110][T13079]  ? __pfx_netlink_sendmsg+0x10/0x10
[  252.895126][T13079]  ____sys_sendmsg+0xa98/0xc70
[  252.895138][T13079]  ? copy_msghdr_from_user+0x10a/0x160
[  252.895152][T13079]  ? __pfx_____sys_sendmsg+0x10/0x10
[  252.895170][T13079]  ___sys_sendmsg+0x134/0x1d0
[  252.895185][T13079]  ? __pfx____sys_sendmsg+0x10/0x10
[  252.895199][T13079]  ? __lock_acquire+0x622/0x1c90
[  252.895232][T13079]  __sys_sendmsg+0x16d/0x220
[  252.895247][T13079]  ? __pfx___sys_sendmsg+0x10/0x10
[  252.895271][T13079]  do_syscall_64+0xcd/0x4c0
[  252.895288][T13079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.895300][T13079] RIP: 0033:0x7fa2e498e929
[  252.895309][T13079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.895320][T13079] RSP: 002b:00007fa2e583b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  252.895331][T13079] RAX: ffffffffffffffda RBX: 00007fa2e4bb5fa0 RCX: 00007fa2e498e929
[  252.895337][T13079] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  252.895344][T13079] RBP: 00007fa2e583b090 R08: 0000000000000000 R09: 0000000000000000
[  252.895350][T13079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  252.895356][T13079] R13: 0000000000000000 R14: 00007fa2e4bb5fa0 R15: 00007ffd57318ee8
[  252.895372][T13079]  </TASK>
[  253.805389][   T40] audit: type=1400 audit(2000000337.825:552): avc:  denied  { bind } for  pid=13096 comm="syz.4.2738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  253.850230][T13099] netlink: 'syz.4.2739': attribute type 16 has an invalid length.
[  253.852647][T13099] netlink: 'syz.4.2739': attribute type 17 has an invalid length.
[  253.937163][T13103] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  254.278713][T13118] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=13118 comm=syz.4.2747
[  254.283926][T13118] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=13118 comm=syz.4.2747
[  254.319023][   T40] audit: type=1400 audit(2000000338.335:553): avc:  denied  { write } for  pid=13119 comm="syz.4.2748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  254.615277][T13130] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2752'.
[  254.658489][T13135] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  255.010862][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804a2a6c00: rx timeout, send abort
[  255.023626][   T40] audit: type=1400 audit(2000000339.045:554): avc:  denied  { read } for  pid=5329 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  255.030478][   T40] audit: type=1400 audit(2000000339.045:555): avc:  denied  { search } for  pid=5329 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  255.037988][   T40] audit: type=1400 audit(2000000339.045:556): avc:  denied  { search } for  pid=5329 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  255.044704][   T40] audit: type=1400 audit(2000000339.045:557): avc:  denied  { add_name } for  pid=5329 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  255.051119][   T40] audit: type=1400 audit(2000000339.045:558): avc:  denied  { create } for  pid=5329 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  255.057896][   T40] audit: type=1400 audit(2000000339.045:559): avc:  denied  { append open } for  pid=5329 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  255.065098][   T40] audit: type=1400 audit(2000000339.045:560): avc:  denied  { getattr } for  pid=5329 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  255.197587][   T29] usb 10-1: USB disconnect, device number 5
[  255.226931][T13140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  255.274964][T13140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  255.283501][   T40] audit: type=1400 audit(2000000339.305:561): avc:  denied  { ioctl } for  pid=13141 comm="syz.2.2756" path="socket:[47226]" dev="sockfs" ino=47226 ioctlcmd=0x8941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  255.345506][T13142] NILFS (sr0): couldn't find nilfs on the device
[  255.384041][T13144] SELinux:  policydb table sizes (0,0) do not match mine (6,7)
[  255.386598][T13144] SELinux: failed to load policy
[  255.404440][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  255.406510][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  255.447607][T13148] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2759'.
[  255.510893][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804873fc00: rx timeout, send abort
[  255.514744][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804a2a6c00: abort rx timeout. Force session deactivation
[  255.648081][T11075] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[  255.812830][T11075] usb 7-1: Using ep0 maxpacket: 16
[  255.819660][T11075] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  255.823405][T11075] usb 7-1: config 1 interface 0 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  255.827047][T13163] netlink: 'syz.5.2766': attribute type 1 has an invalid length.
[  255.827488][T11075] usb 7-1: config 1 interface 0 has no altsetting 0
[  255.849150][T13163] 8021q: adding VLAN 0 to HW filter on device bond1
[  255.861097][T13163] vlan2: entered allmulticast mode
[  255.863392][T13163] veth1: entered allmulticast mode
[  255.868700][T13163] bond1: (slave vlan2): making interface the new active one
[  255.873570][T13163] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  255.926252][T13166] netlink: set zone limit has 4 unknown bytes
[  256.014317][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804873fc00: abort rx timeout. Force session deactivation
[  256.076192][T13173] 9pnet_virtio: no channels available for device syz
[  256.159075][T13175] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2773'.
[  256.161741][ T5947] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  256.167115][ T5947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  256.170368][ T5947] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  256.177312][ T5947] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  256.180288][ T5947] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  256.207494][T13176] lo speed is unknown, defaulting to 1000
[  256.250372][T13181] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2775'.
[  256.265337][T13181] bridge_slave_0: left allmulticast mode
[  256.267245][T13181] bridge_slave_0: left promiscuous mode
[  256.269113][T13181] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.273158][T13181] bridge_slave_1: left allmulticast mode
[  256.274943][T13181] bridge_slave_1: left promiscuous mode
[  256.276773][T13181] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.284277][T13181] bond0: (slave bond_slave_0): Releasing backup interface
[  256.289272][T13181] bond0: (slave bond_slave_1): Releasing backup interface
[  256.300511][T13181] team0: Port device team_slave_0 removed
[  256.310475][T13181] team0: Port device team_slave_1 removed
[  256.313335][T13181] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  256.315671][T13181] batman_adv: batadv0: Removing interface: batadv_slave_0
[  256.323515][T13181] bond1: (slave vlan2): Releasing active interface
[  256.384731][T13188] FAULT_INJECTION: forcing a failure.
[  256.384731][T13188] name failslab, interval 1, probability 0, space 0, times 0
[  256.388697][T13188] CPU: 3 UID: 0 PID: 13188 Comm: syz.5.2777 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  256.388713][T13188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  256.388720][T13188] Call Trace:
[  256.388725][T13188]  <TASK>
[  256.388729][T13188]  dump_stack_lvl+0x16c/0x1f0
[  256.388749][T13188]  should_fail_ex+0x512/0x640
[  256.388764][T13188]  ? fs_reclaim_acquire+0xae/0x150
[  256.388776][T13188]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  256.388791][T13188]  should_failslab+0xc2/0x120
[  256.388807][T13188]  __kmalloc_noprof+0xd2/0x510
[  256.388824][T13188]  tomoyo_realpath_from_path+0xc2/0x6e0
[  256.388843][T13188]  ? tomoyo_profile+0x47/0x60
[  256.388861][T13188]  tomoyo_path_number_perm+0x245/0x580
[  256.388874][T13188]  ? tomoyo_path_number_perm+0x237/0x580
[  256.388888][T13188]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  256.388901][T13188]  ? find_held_lock+0x2b/0x80
[  256.388927][T13188]  ? find_held_lock+0x2b/0x80
[  256.388940][T13188]  ? hook_file_ioctl_common+0x145/0x410
[  256.388960][T13188]  ? __fget_files+0x20e/0x3c0
[  256.388977][T13188]  security_file_ioctl+0x9b/0x240
[  256.388993][T13188]  __x64_sys_ioctl+0xb7/0x210
[  256.389006][T13188]  do_syscall_64+0xcd/0x4c0
[  256.389023][T13188]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.389035][T13188] RIP: 0033:0x7f2b0a98e929
[  256.389045][T13188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.389056][T13188] RSP: 002b:00007f2b0b80e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  256.389067][T13188] RAX: ffffffffffffffda RBX: 00007f2b0abb5fa0 RCX: 00007f2b0a98e929
[  256.389073][T13188] RDX: 00002000000000c0 RSI: 00000000c0d05605 RDI: 000000000000000a
[  256.389080][T13188] RBP: 00007f2b0b80e090 R08: 0000000000000000 R09: 0000000000000000
[  256.389086][T13188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.389093][T13188] R13: 0000000000000000 R14: 00007f2b0abb5fa0 R15: 00007ffecc2d3f78
[  256.389106][T13188]  </TASK>
[  256.389111][T13188] ERROR: Out of memory at tomoyo_realpath_from_path.
[  256.432717][T13176] chnl_net:caif_netlink_parms(): no params data found
[  256.528487][T13176] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.530762][T13176] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.533238][T13176] bridge_slave_0: entered allmulticast mode
[  256.535858][T13176] bridge_slave_0: entered promiscuous mode
[  256.539008][T13176] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.541303][T13176] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.543754][T13176] bridge_slave_1: entered allmulticast mode
[  256.546688][T13176] bridge_slave_1: entered promiscuous mode
[  256.584210][T13176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  256.589163][T13176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  256.628848][T13176] team0: Port device team_slave_0 added
[  256.632579][T13176] team0: Port device team_slave_1 added
[  256.666370][T13176] batman_adv: batadv0: Adding interface: batadv_slave_0
[  256.668563][T13176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  256.676550][T13176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  256.680794][T13176] batman_adv: batadv0: Adding interface: batadv_slave_1
[  256.683657][T13176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  256.691786][T13176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  256.737228][T13176] hsr_slave_0: entered promiscuous mode
[  256.739531][T13176] hsr_slave_1: entered promiscuous mode
[  256.741684][T13176] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  256.744135][T13176] Cannot create hsr debugfs directory
[  256.878650][T13176] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  256.883573][T13176] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  256.887693][T13176] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  256.891556][T13176] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  256.911273][T13176] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.913613][T13176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  256.916240][T13176] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.918506][T13176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.946777][T13176] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.957384][ T1186] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.961125][ T1186] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.980314][T13213] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2783'.
[  256.987564][T13176] 8021q: adding VLAN 0 to HW filter on device team0
[  257.008944][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.011202][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.017553][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.019798][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.129360][T13176] 8021q: adding VLAN 0 to HW filter on device batadv0
[  257.261912][T13176] veth0_vlan: entered promiscuous mode
[  257.268903][T13176] veth1_vlan: entered promiscuous mode
[  257.283734][T13176] veth0_macvtap: entered promiscuous mode
[  257.287548][T13176] veth1_macvtap: entered promiscuous mode
[  257.298479][T13176] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.307438][T13176] batman_adv: batadv0: Interface activated: batadv_slave_1
[  257.311805][T13176] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.315099][T13176] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  257.317888][T13176] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  257.320605][T13176] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.364761][ T1186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.367551][ T1186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.381962][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  257.384895][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.484053][T13240] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2790'.
[  257.719709][T13255] lo speed is unknown, defaulting to 1000
[  257.835031][ T5933] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  257.839365][ T5933] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  257.842391][ T5933] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  257.854966][ T5933] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  257.858062][ T5933] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  257.893899][T13257] lo speed is unknown, defaulting to 1000
[  258.038144][T13265] FAULT_INJECTION: forcing a failure.
[  258.038144][T13265] name failslab, interval 1, probability 0, space 0, times 0
[  258.042172][T13265] CPU: 3 UID: 0 PID: 13265 Comm: syz.6.2795 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  258.042196][T13265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  258.042203][T13265] Call Trace:
[  258.042209][T13265]  <TASK>
[  258.042214][T13265]  dump_stack_lvl+0x16c/0x1f0
[  258.042234][T13265]  should_fail_ex+0x512/0x640
[  258.042248][T13265]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  258.042265][T13265]  should_failslab+0xc2/0x120
[  258.042281][T13265]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  258.042294][T13265]  ? __lock_acquire+0xb8a/0x1c90
[  258.042310][T13265]  ? __alloc_skb+0x2b2/0x380
[  258.042328][T13265]  __alloc_skb+0x2b2/0x380
[  258.042341][T13265]  ? __pfx___alloc_skb+0x10/0x10
[  258.042360][T13265]  qdisc_notify.isra.0+0xde/0x3f0
[  258.042375][T13265]  qdisc_graft+0x78e/0x17c0
[  258.042392][T13265]  ? __pfx_qdisc_graft+0x10/0x10
[  258.042405][T13265]  ? rcu_is_watching+0x12/0xc0
[  258.042419][T13265]  ? qdisc_create+0x5b3/0xfc0
[  258.042433][T13265]  tc_modify_qdisc+0xf48/0x2130
[  258.042449][T13265]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  258.042474][T13265]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  258.042487][T13265]  rtnetlink_rcv_msg+0x3c6/0xe90
[  258.042504][T13265]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  258.042524][T13265]  ? ref_tracker_free+0x37c/0x830
[  258.042541][T13265]  netlink_rcv_skb+0x158/0x420
[  258.042552][T13265]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  258.042569][T13265]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  258.042584][T13265]  ? netlink_deliver_tap+0x1ae/0xd30
[  258.042604][T13265]  netlink_unicast+0x53a/0x7f0
[  258.042617][T13265]  ? __pfx_netlink_unicast+0x10/0x10
[  258.042631][T13265]  netlink_sendmsg+0x8d1/0xdd0
[  258.042644][T13265]  ? __pfx_netlink_sendmsg+0x10/0x10
[  258.042660][T13265]  ____sys_sendmsg+0xa98/0xc70
[  258.042671][T13265]  ? copy_msghdr_from_user+0x10a/0x160
[  258.042686][T13265]  ? __pfx_____sys_sendmsg+0x10/0x10
[  258.042706][T13265]  ___sys_sendmsg+0x134/0x1d0
[  258.042743][T13265]  ? __pfx____sys_sendmsg+0x10/0x10
[  258.042764][T13265]  ? __lock_acquire+0x622/0x1c90
[  258.042818][T13265]  __sys_sendmsg+0x16d/0x220
[  258.042845][T13265]  ? __pfx___sys_sendmsg+0x10/0x10
[  258.042879][T13265]  do_syscall_64+0xcd/0x4c0
[  258.042897][T13265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.042909][T13265] RIP: 0033:0x7fc35098e929
[  258.042923][T13265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.042938][T13265] RSP: 002b:00007fc3517c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  258.042954][T13265] RAX: ffffffffffffffda RBX: 00007fc350bb5fa0 RCX: 00007fc35098e929
[  258.042964][T13265] RDX: 0000000000004000 RSI: 0000200000000040 RDI: 0000000000000003
[  258.042974][T13265] RBP: 00007fc3517c8090 R08: 0000000000000000 R09: 0000000000000000
[  258.042982][T13265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  258.042989][T13265] R13: 0000000000000000 R14: 00007fc350bb5fa0 R15: 00007ffcbe2d0628
[  258.043002][T13265]  </TASK>
[  258.157394][T13267] xt_NFQUEUE: number of queues (65534) out of range (got 131068)
[  258.204055][ T5933] Bluetooth: hci0: command tx timeout
[  258.243497][T13273] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2798'.
[  258.311354][T13257] chnl_net:caif_netlink_parms(): no params data found
[  258.400751][T11075] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  258.404990][T11075] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.407408][T11075] usb 7-1: Product: ⳧
[  258.410268][T11075] usb 7-1: can't set config #1, error -71
[  258.412994][T11075] usb 7-1: USB disconnect, device number 63
[  258.436839][T13285] FAULT_INJECTION: forcing a failure.
[  258.436839][T13285] name failslab, interval 1, probability 0, space 0, times 0
[  258.440746][T13285] CPU: 3 UID: 0 PID: 13285 Comm: syz.2.2801 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  258.440762][T13285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  258.440769][T13285] Call Trace:
[  258.440773][T13285]  <TASK>
[  258.440778][T13285]  dump_stack_lvl+0x16c/0x1f0
[  258.440798][T13285]  should_fail_ex+0x512/0x640
[  258.440814][T13285]  should_failslab+0xc2/0x120
[  258.440831][T13285]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  258.440846][T13285]  ? __alloc_skb+0x2b2/0x380
[  258.440862][T13285]  __alloc_skb+0x2b2/0x380
[  258.440876][T13285]  ? __pfx___alloc_skb+0x10/0x10
[  258.440890][T13285]  ? __pfx_find_held_lock+0x10/0x10
[  258.440904][T13285]  ? atomic_notifier_call_chain+0x9e/0x1c0
[  258.440923][T13285]  mr6_netlink_event+0xde/0x190
[  258.440938][T13285]  ip6mr_mfc_add+0x1543/0x3500
[  258.440954][T13285]  ? mark_held_locks+0x21/0x80
[  258.440973][T13285]  ? __pfx_ip6mr_mfc_add+0x10/0x10
[  258.440989][T13285]  ? __pfx___mutex_lock+0x10/0x10
[  258.441007][T13285]  ? _copy_from_user+0x59/0xd0
[  258.441023][T13285]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  258.441041][T13285]  ? ip6_mroute_setsockopt+0x161d/0x20d0
[  258.441055][T13285]  ip6_mroute_setsockopt+0x161d/0x20d0
[  258.441069][T13285]  ? __lock_acquire+0xb8a/0x1c90
[  258.441091][T13285]  ? __pfx_ip6_mroute_setsockopt+0x10/0x10
[  258.441110][T13285]  ? find_held_lock+0x2b/0x80
[  258.441122][T13285]  ? __might_fault+0xe3/0x190
[  258.441135][T13285]  ? __might_fault+0xe3/0x190
[  258.441147][T13285]  ? __might_fault+0x13b/0x190
[  258.441166][T13285]  ? copy_from_sockptr_offset.constprop.0+0xe4/0x1a0
[  258.441178][T13285]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  258.441194][T13285]  ? do_ipv6_setsockopt+0x7b1/0x4400
[  258.441205][T13285]  do_ipv6_setsockopt+0x7b1/0x4400
[  258.441220][T13285]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  258.441233][T13285]  ? find_held_lock+0x2b/0x80
[  258.441246][T13285]  ? avc_has_perm_noaudit+0x117/0x3b0
[  258.441266][T13285]  ? avc_has_perm_noaudit+0x149/0x3b0
[  258.441285][T13285]  ? avc_has_perm+0x11a/0x1c0
[  258.441302][T13285]  ? __pfx_avc_has_perm+0x10/0x10
[  258.441324][T13285]  ? sock_has_perm+0x259/0x2f0
[  258.441336][T13285]  ? __pfx_sock_has_perm+0x10/0x10
[  258.441350][T13285]  ? ipv6_setsockopt+0xcb/0x170
[  258.441361][T13285]  ipv6_setsockopt+0xcb/0x170
[  258.441373][T13285]  rawv6_setsockopt+0xc2/0x510
[  258.441391][T13285]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  258.441409][T13285]  ? selinux_socket_setsockopt+0x6a/0x80
[  258.441421][T13285]  ? sock_common_setsockopt+0x2e/0xf0
[  258.441439][T13285]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  258.441457][T13285]  do_sock_setsockopt+0x224/0x470
[  258.441474][T13285]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  258.441498][T13285]  __sys_setsockopt+0x1a0/0x230
[  258.441515][T13285]  __x64_sys_setsockopt+0xbd/0x160
[  258.441529][T13285]  ? do_syscall_64+0x91/0x4c0
[  258.441544][T13285]  ? lockdep_hardirqs_on+0x7c/0x110
[  258.441559][T13285]  do_syscall_64+0xcd/0x4c0
[  258.441575][T13285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.441587][T13285] RIP: 0033:0x7fcff1d8e929
[  258.441597][T13285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.441608][T13285] RSP: 002b:00007fcff2cdd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  258.441634][T13285] RAX: ffffffffffffffda RBX: 00007fcff1fb5fa0 RCX: 00007fcff1d8e929
[  258.441641][T13285] RDX: 00000000000000cc RSI: 0000000000000029 RDI: 0000000000000003
[  258.441648][T13285] RBP: 00007fcff2cdd090 R08: 000000000000005c R09: 0000000000000000
[  258.441654][T13285] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  258.441661][T13285] R13: 0000000000000000 R14: 00007fcff1fb5fa0 R15: 00007fff8f1b0e18
[  258.441674][T13285]  </TASK>
[  258.442232][T13257] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.510455][T13293] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2802'.
[  258.511001][T13257] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.575158][T13257] bridge_slave_0: entered allmulticast mode
[  258.580024][T13257] bridge_slave_0: entered promiscuous mode
[  258.736623][T13257] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.739501][T13257] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.742474][T13257] bridge_slave_1: entered allmulticast mode
[  258.746241][T13257] bridge_slave_1: entered promiscuous mode
[  258.785256][T13257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  258.790172][T13257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  258.856205][T13257] team0: Port device team_slave_0 added
[  258.862450][T13257] team0: Port device team_slave_1 added
[  258.896336][T13257] batman_adv: batadv0: Adding interface: batadv_slave_0
[  258.899087][T13257] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.910223][T13257] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  258.917404][T13257] batman_adv: batadv0: Adding interface: batadv_slave_1
[  258.920159][T13257] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.931242][T13257] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  259.019389][T13257] hsr_slave_0: entered promiscuous mode
[  259.021865][T13257] hsr_slave_1: entered promiscuous mode
[  259.024716][T13257] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  259.027139][T13257] Cannot create hsr debugfs directory
[  259.084680][T13310] FAULT_INJECTION: forcing a failure.
[  259.084680][T13310] name failslab, interval 1, probability 0, space 0, times 0
[  259.092875][T13310] CPU: 0 UID: 0 PID: 13310 Comm: syz.6.2810 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  259.092904][T13310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  259.092914][T13310] Call Trace:
[  259.092921][T13310]  <TASK>
[  259.092928][T13310]  dump_stack_lvl+0x16c/0x1f0
[  259.092955][T13310]  should_fail_ex+0x512/0x640
[  259.092976][T13310]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  259.093002][T13310]  should_failslab+0xc2/0x120
[  259.093026][T13310]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  259.093055][T13310]  ? __alloc_skb+0x2b2/0x380
[  259.093082][T13310]  __alloc_skb+0x2b2/0x380
[  259.093104][T13310]  ? __pfx___alloc_skb+0x10/0x10
[  259.093129][T13310]  ? do_raw_spin_lock+0x12c/0x2b0
[  259.093152][T13310]  alloc_skb_with_frags+0xe0/0x860
[  259.093186][T13310]  tcp_send_rcvq+0x111/0x4e0
[  259.093208][T13310]  ? __pfx_tcp_send_rcvq+0x10/0x10
[  259.093233][T13310]  ? follow_page_pte+0x3af/0x14c0
[  259.093254][T13310]  tcp_sendmsg_locked+0x3979/0x4300
[  259.093277][T13310]  ? __pfx___might_resched+0x10/0x10
[  259.093304][T13310]  ? vma_pgtable_walk_end+0x3d/0x70
[  259.093327][T13310]  ? __asan_memcpy+0x3c/0x60
[  259.093346][T13310]  ? memcpy_to_scatterwalk+0x2ef/0x410
[  259.093372][T13310]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  259.093411][T13310]  tls_push_sg+0x243/0x9a0
[  259.093441][T13310]  ? __pfx_tls_push_sg+0x10/0x10
[  259.093465][T13310]  ? __pfx_gcm_encrypt_vaes_avx10_256+0x10/0x10
[  259.093498][T13310]  ? gup_fast_fallback+0x1252/0x29e0
[  259.093521][T13310]  tls_tx_records+0x345/0x6e0
[  259.093543][T13310]  tls_push_record+0x2546/0x3170
[  259.093566][T13310]  ? __pfx_find_held_lock+0x10/0x10
[  259.093594][T13310]  ? __pfx_tls_push_record+0x10/0x10
[  259.093610][T13310]  ? sk_psock_get+0x13e/0x470
[  259.093626][T13310]  ? __pfx_sk_psock_get+0x10/0x10
[  259.093642][T13310]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  259.093673][T13310]  bpf_exec_tx_verdict+0xf7b/0x14d0
[  259.093691][T13310]  ? iov_iter_advance+0x7d/0x6c0
[  259.093722][T13310]  ? __pfx_bpf_exec_tx_verdict+0x10/0x10
[  259.093739][T13310]  ? tls_get_rec+0xfa/0x730
[  259.093754][T13310]  ? stack_trace_save+0x8e/0xc0
[  259.093831][T13310]  ? sk_msg_alloc+0x65b/0x920
[  259.093864][T13310]  tls_sw_sendmsg+0x1b8c/0x23f0
[  259.093890][T13310]  ? avc_has_perm+0x1/0x1c0
[  259.093923][T13310]  ? __pfx_tls_sw_sendmsg+0x10/0x10
[  259.093942][T13310]  ? selinux_ip_forward+0x487/0x550
[  259.093964][T13310]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  259.093997][T13310]  ? __fget_files+0x20e/0x3c0
[  259.094019][T13310]  ? __pfx_find_held_lock+0x10/0x10
[  259.094039][T13310]  ? __pfx_tls_sw_sendmsg+0x10/0x10
[  259.094064][T13310]  inet6_sendmsg+0x11c/0x140
[  259.094091][T13310]  __sys_sendto+0x376/0x520
[  259.094113][T13310]  ? __pfx___sys_sendto+0x10/0x10
[  259.094155][T13310]  ? ksys_write+0x1ac/0x250
[  259.094174][T13310]  ? __pfx_ksys_write+0x10/0x10
[  259.094198][T13310]  __x64_sys_sendto+0xe0/0x1c0
[  259.094219][T13310]  ? do_syscall_64+0x91/0x4c0
[  259.094243][T13310]  ? lockdep_hardirqs_on+0x7c/0x110
[  259.094265][T13310]  do_syscall_64+0xcd/0x4c0
[  259.094291][T13310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.094308][T13310] RIP: 0033:0x7fc35098e929
[  259.094323][T13310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.094340][T13310] RSP: 002b:00007fc3517c8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  259.094357][T13310] RAX: ffffffffffffffda RBX: 00007fc350bb5fa0 RCX: 00007fc35098e929
[  259.094369][T13310] RDX: ffffffffffffff13 RSI: 00002000000001c0 RDI: 0000000000000003
[  259.094380][T13310] RBP: 00007fc3517c8090 R08: 0000000000000000 R09: 0000000003000137
[  259.094391][T13310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  259.094401][T13310] R13: 0000000000000000 R14: 00007fc350bb5fa0 R15: 00007ffcbe2d0628
[  259.094425][T13310]  </TASK>
[  259.328556][T13314] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2813'.
[  259.352436][T13314] bridge_slave_0: left allmulticast mode
[  259.354903][T13314] bridge_slave_0: left promiscuous mode
[  259.357393][T13314] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.364039][T13314] bridge_slave_1: left allmulticast mode
[  259.366436][T13314] bridge_slave_1: left promiscuous mode
[  259.368977][T13314] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.379998][T13314] bond0: (slave bond_slave_0): Releasing backup interface
[  259.382378][ T5933] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  259.387072][ T5933] CPU: 0 UID: 0 PID: 5933 Comm: kworker/u33:2 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  259.387089][ T5933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  259.387099][ T5933] Workqueue: hci3 hci_rx_work
[  259.387120][ T5933] Call Trace:
[  259.387125][ T5933]  <TASK>
[  259.387130][ T5933]  dump_stack_lvl+0x16c/0x1f0
[  259.387148][ T5933]  sysfs_warn_dup+0x7f/0xa0
[  259.387164][ T5933]  sysfs_create_dir_ns+0x24b/0x2b0
[  259.387180][ T5933]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  259.387196][ T5933]  ? find_held_lock+0x2b/0x80
[  259.387214][ T5933]  ? do_raw_spin_unlock+0x172/0x230
[  259.387227][ T5933]  kobject_add_internal+0x2c4/0x9b0
[  259.387248][ T5933]  kobject_add+0x16e/0x240
[  259.387259][ T5933]  ? __pfx_kobject_add+0x10/0x10
[  259.387270][ T5933]  ? do_raw_spin_unlock+0x172/0x230
[  259.387284][ T5933]  ? kobject_put+0xab/0x5a0
[  259.387304][ T5933]  device_add+0x288/0x1a70
[  259.387322][ T5933]  ? __pfx_dev_set_name+0x10/0x10
[  259.387333][ T5933]  ? __pfx_device_add+0x10/0x10
[  259.387350][ T5933]  ? mgmt_send_event_skb+0x2fb/0x460
[  259.387370][ T5933]  hci_conn_add_sysfs+0x17e/0x230
[  259.387388][ T5933]  le_conn_complete_evt+0x1075/0x1d70
[  259.387407][ T5933]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  259.387423][ T5933]  ? hci_event_packet+0x459/0x11c0
[  259.387441][ T5933]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  259.387458][ T5933]  ? skb_pull_data+0x166/0x210
[  259.387486][ T5933]  hci_le_meta_evt+0x357/0x5e0
[  259.387514][ T5933]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  259.387533][ T5933]  hci_event_packet+0x682/0x11c0
[  259.387548][ T5933]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  259.387565][ T5933]  ? __pfx_hci_event_packet+0x10/0x10
[  259.387583][ T5933]  ? kcov_remote_start+0x3c9/0x6d0
[  259.387607][ T5933]  ? lockdep_hardirqs_on+0x7c/0x110
[  259.387629][ T5933]  hci_rx_work+0x2c5/0x16b0
[  259.387646][ T5933]  ? rcu_is_watching+0x12/0xc0
[  259.387662][ T5933]  process_one_work+0x9cc/0x1b70
[  259.387681][ T5933]  ? __pfx_process_one_work+0x10/0x10
[  259.387698][ T5933]  ? assign_work+0x1a0/0x250
[  259.387776][ T5933]  worker_thread+0x6c8/0xf10
[  259.387815][ T5933]  ? __pfx_worker_thread+0x10/0x10
[  259.387827][ T5933]  kthread+0x3c2/0x780
[  259.387838][ T5933]  ? __pfx_kthread+0x10/0x10
[  259.387850][ T5933]  ? rcu_is_watching+0x12/0xc0
[  259.387864][ T5933]  ? __pfx_kthread+0x10/0x10
[  259.387876][ T5933]  ret_from_fork+0x5d4/0x6f0
[  259.387892][ T5933]  ? __pfx_kthread+0x10/0x10
[  259.387904][ T5933]  ret_from_fork_asm+0x1a/0x30
[  259.387922][ T5933]  </TASK>
[  259.387940][ T5933] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  259.485748][ T5933] Bluetooth: hci3: failed to register connection device
[  259.488591][T13314] bond0: (slave bond_slave_1): Releasing backup interface
[  259.521595][T13314] team0: Port device team_slave_0 removed
[  259.532313][T13314] team0: Port device team_slave_1 removed
[  259.534849][T13314] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  259.537290][T13314] batman_adv: batadv0: Removing interface: batadv_slave_0
[  259.540545][T13314] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.543104][T13314] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.653309][T13257] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  259.663496][T13257] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  259.671041][T13257] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  259.684127][T13257] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  259.740105][T13257] 8021q: adding VLAN 0 to HW filter on device bond0
[  259.754577][T13257] 8021q: adding VLAN 0 to HW filter on device team0
[  259.760454][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.763817][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  259.775700][  T102] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.778008][  T102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  259.885157][ T5933] Bluetooth: hci4: command tx timeout
[  260.283119][ T5933] Bluetooth: hci0: command tx timeout
[  260.550682][T13345] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  260.550682][T13345] The task syz.5.2818 (13345) triggered the difference, watch for misbehavior.
[  261.156354][T13257] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  261.282024][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  261.282035][   T40] audit: type=1400 audit(2000000345.295:566): avc:  denied  { setattr } for  pid=13347 comm="syz.6.2819" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  261.306302][T13257] 8021q: adding VLAN 0 to HW filter on device batadv0
[  261.488302][T13257] veth0_vlan: entered promiscuous mode
[  261.495761][T13257] veth1_vlan: entered promiscuous mode
[  261.510769][T13257] veth0_macvtap: entered promiscuous mode
[  261.515739][T13257] veth1_macvtap: entered promiscuous mode
[  261.530063][T13257] batman_adv: batadv0: Interface activated: batadv_slave_0
[  261.538249][T13257] batman_adv: batadv0: Interface activated: batadv_slave_1
[  261.547895][T13257] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  261.551455][T13257] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  261.556199][T13257] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  261.559709][T13257] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.615014][ T1186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.619900][ T1186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.651184][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.657964][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.963462][ T5933] Bluetooth: hci4: command tx timeout
[  262.091957][T13405] xt_connbytes: Forcing CT accounting to be enabled
[  262.098343][T13405] Cannot find add_set index 0 as target
[  262.345270][   T40] audit: type=1400 audit(2000000346.365:567): avc:  denied  { cmd } for  pid=13416 comm="syz.5.2842" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=io_uring permissive=1
[  262.373047][ T5933] Bluetooth: hci0: command tx timeout
[  262.440452][T13430] FAULT_INJECTION: forcing a failure.
[  262.440452][T13430] name failslab, interval 1, probability 0, space 0, times 0
[  262.445277][T13430] CPU: 1 UID: 0 PID: 13430 Comm: syz.5.2846 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  262.445294][T13430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  262.445301][T13430] Call Trace:
[  262.445305][T13430]  <TASK>
[  262.445310][T13430]  dump_stack_lvl+0x16c/0x1f0
[  262.445329][T13430]  should_fail_ex+0x512/0x640
[  262.445345][T13430]  should_failslab+0xc2/0x120
[  262.445362][T13430]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  262.445377][T13430]  ? skb_clone+0x190/0x3f0
[  262.445395][T13430]  skb_clone+0x190/0x3f0
[  262.445410][T13430]  netlink_deliver_tap+0xabd/0xd30
[  262.445431][T13430]  netlink_unicast+0x6b2/0x7f0
[  262.445443][T13430]  ? __pfx_netlink_unicast+0x10/0x10
[  262.445453][T13430]  ? genl_rcv_msg+0x4bb/0x800
[  262.445468][T13430]  netlink_ack+0x696/0xb80
[  262.445483][T13430]  netlink_rcv_skb+0x332/0x420
[  262.445493][T13430]  ? __pfx_genl_rcv_msg+0x10/0x10
[  262.445506][T13430]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  262.445523][T13430]  ? netlink_deliver_tap+0x1ae/0xd30
[  262.445541][T13430]  genl_rcv+0x28/0x40
[  262.445552][T13430]  netlink_unicast+0x53a/0x7f0
[  262.445564][T13430]  ? __pfx_netlink_unicast+0x10/0x10
[  262.445578][T13430]  netlink_sendmsg+0x8d1/0xdd0
[  262.445591][T13430]  ? __pfx_netlink_sendmsg+0x10/0x10
[  262.445607][T13430]  ____sys_sendmsg+0xa98/0xc70
[  262.445618][T13430]  ? copy_msghdr_from_user+0x10a/0x160
[  262.445633][T13430]  ? __pfx_____sys_sendmsg+0x10/0x10
[  262.445651][T13430]  ___sys_sendmsg+0x134/0x1d0
[  262.445666][T13430]  ? __pfx____sys_sendmsg+0x10/0x10
[  262.445679][T13430]  ? __lock_acquire+0x622/0x1c90
[  262.445713][T13430]  __sys_sendmsg+0x16d/0x220
[  262.445733][T13430]  ? __pfx___sys_sendmsg+0x10/0x10
[  262.445753][T13430]  ? fput+0x70/0xf0
[  262.445771][T13430]  do_syscall_64+0xcd/0x4c0
[  262.445788][T13430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.445800][T13430] RIP: 0033:0x7f2b0a98e929
[  262.445809][T13430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.445820][T13430] RSP: 002b:00007f2b0b80e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  262.445831][T13430] RAX: ffffffffffffffda RBX: 00007f2b0abb5fa0 RCX: 00007f2b0a98e929
[  262.445838][T13430] RDX: 0000000020000080 RSI: 0000200000000280 RDI: 0000000000000003
[  262.445844][T13430] RBP: 00007f2b0b80e090 R08: 0000000000000000 R09: 0000000000000000
[  262.445851][T13430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  262.445857][T13430] R13: 0000000000000000 R14: 00007f2b0abb5fa0 R15: 00007ffecc2d3f78
[  262.445871][T13430]  </TASK>
[  262.667230][   T40] audit: type=1400 audit(2000000346.685:568): avc:  denied  { append } for  pid=13437 comm="syz.5.2850" name="renderD128" dev="devtmpfs" ino=634 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  262.761977][   T40] audit: type=1400 audit(2000000346.775:569): avc:  denied  { getopt } for  pid=13439 comm="syz.5.2851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  263.106079][T13461] FAULT_INJECTION: forcing a failure.
[  263.106079][T13461] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.111272][T13461] CPU: 2 UID: 0 PID: 13461 Comm: syz.7.2860 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  263.111297][T13461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  263.111307][T13461] Call Trace:
[  263.111314][T13461]  <TASK>
[  263.111322][T13461]  dump_stack_lvl+0x16c/0x1f0
[  263.111371][T13461]  should_fail_ex+0x512/0x640
[  263.111403][T13461]  _copy_to_user+0x32/0xd0
[  263.111429][T13461]  simple_read_from_buffer+0xcb/0x170
[  263.111455][T13461]  proc_fail_nth_read+0x197/0x270
[  263.111478][T13461]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  263.111503][T13461]  ? rw_verify_area+0xcf/0x680
[  263.111523][T13461]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  263.111546][T13461]  vfs_read+0x1e1/0xc60
[  263.111572][T13461]  ? __pfx___mutex_lock+0x10/0x10
[  263.111598][T13461]  ? __pfx_vfs_read+0x10/0x10
[  263.111627][T13461]  ? __fget_files+0x20e/0x3c0
[  263.111659][T13461]  ksys_read+0x12a/0x250
[  263.111681][T13461]  ? __pfx_ksys_read+0x10/0x10
[  263.111709][T13461]  do_syscall_64+0xcd/0x4c0
[  263.111738][T13461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.111757][T13461] RIP: 0033:0x7f983778d33c
[  263.111772][T13461] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  263.111789][T13461] RSP: 002b:00007f983852e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  263.111807][T13461] RAX: ffffffffffffffda RBX: 00007f98379b5fa0 RCX: 00007f983778d33c
[  263.111820][T13461] RDX: 000000000000000f RSI: 00007f983852e0a0 RDI: 0000000000000004
[  263.111831][T13461] RBP: 00007f983852e090 R08: 0000000000000000 R09: 0000000000000000
[  263.111842][T13461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.111852][T13461] R13: 0000000000000000 R14: 00007f98379b5fa0 R15: 00007ffea7c1a5e8
[  263.111877][T13461]  </TASK>
[  263.129015][T13463] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2861'.
[  263.289396][T13475] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.294249][T13475] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.371744][T13485] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2870'.
[  263.562220][T13496] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2873'.
[  263.668238][T13503] netlink: 'syz.2.2875': attribute type 16 has an invalid length.
[  263.670798][T13503] netlink: 'syz.2.2875': attribute type 17 has an invalid length.
[  263.682303][T13503] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.684613][T13503] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.688966][T13503] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.691210][T13503] bridge0: port 2(bridge_slave_1) entered forwarding state
[  263.775478][T13507] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.860088][T13507] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.917276][T13507] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.027740][T13507] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.052868][ T5947] Bluetooth: hci4: command tx timeout
[  264.101846][T13507] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  264.110779][T13507] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  264.119792][T13507] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  264.128570][T13507] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.227683][T13518] FAULT_INJECTION: forcing a failure.
[  264.227683][T13518] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.232243][T13518] CPU: 2 UID: 0 PID: 13518 Comm: syz.2.2881 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  264.232260][T13518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  264.232267][T13518] Call Trace:
[  264.232271][T13518]  <TASK>
[  264.232275][T13518]  dump_stack_lvl+0x16c/0x1f0
[  264.232309][T13518]  should_fail_ex+0x512/0x640
[  264.232325][T13518]  _copy_to_user+0x32/0xd0
[  264.232342][T13518]  simple_read_from_buffer+0xcb/0x170
[  264.232357][T13518]  proc_fail_nth_read+0x197/0x270
[  264.232372][T13518]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  264.232386][T13518]  ? rw_verify_area+0xcf/0x680
[  264.232398][T13518]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  264.232411][T13518]  vfs_read+0x1e1/0xc60
[  264.232426][T13518]  ? __pfx___mutex_lock+0x10/0x10
[  264.232442][T13518]  ? __pfx_vfs_read+0x10/0x10
[  264.232459][T13518]  ? __fget_files+0x20e/0x3c0
[  264.232477][T13518]  ksys_read+0x12a/0x250
[  264.232490][T13518]  ? __pfx_ksys_read+0x10/0x10
[  264.232507][T13518]  do_syscall_64+0xcd/0x4c0
[  264.232542][T13518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.232554][T13518] RIP: 0033:0x7fcff1d8d33c
[  264.232564][T13518] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  264.232575][T13518] RSP: 002b:00007fcff2cbc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  264.232585][T13518] RAX: ffffffffffffffda RBX: 00007fcff1fb6080 RCX: 00007fcff1d8d33c
[  264.232593][T13518] RDX: 000000000000000f RSI: 00007fcff2cbc0a0 RDI: 0000000000000005
[  264.232599][T13518] RBP: 00007fcff2cbc090 R08: 0000000000000000 R09: 0000000000000000
[  264.232606][T13518] R10: 0000000000000141 R11: 0000000000000246 R12: 0000000000000001
[  264.232612][T13518] R13: 0000000000000000 R14: 00007fcff1fb6080 R15: 00007fff8f1b0e18
[  264.232626][T13518]  </TASK>
[  264.287322][T13527] ------------[ cut here ]------------
[  264.304749][T13527] WARNING: CPU: 0 PID: 13527 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x30b/0x23f0
[  264.308734][T13527] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  264.310612][T13527] CPU: 0 UID: 0 PID: 13527 Comm: syz.6.2886 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  264.317208][T13527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  264.320566][T13527] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0
[  264.322677][T13527] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 cf 76 6d 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 83 62 7a 0e 00 75 0b c6 05 7a 62 7a 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  264.329045][T13527] RSP: 0018:ffffc9000438f8d8 EFLAGS: 00010246
[  264.330965][T13527] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  264.333934][T13527] RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000040d40
[  264.336850][T13527] RBP: 0000100000001000 R08: 0000000000000007 R09: 0000000000000000
[  264.339318][T13527] R10: 0000100000001000 R11: 0000000000000001 R12: 0000000000000021
[  264.342209][T13527] R13: 1ffff92000871f30 R14: 0000100000001000 R15: 0000000000000021
[  264.345243][T13527] FS:  00007fc3517c86c0(0000) GS:ffff8880d6752000(0000) knlGS:0000000000000000
[  264.348329][T13527] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  264.350554][T13527] CR2: 0000200000001000 CR3: 0000000038fe9000 CR4: 0000000000352ef0
[  264.353396][T13527] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004144
[  264.355870][T13527] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  264.358507][T13527] Call Trace:
[  264.359576][T13527]  <TASK>
[  264.360561][T13527]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  264.362677][T13527]  ? kasan_quarantine_put+0x10a/0x240
[  264.364485][T13527]  ? lockdep_hardirqs_on+0x7c/0x110
[  264.366140][T13527]  ? kfree+0x2b4/0x4d0
[  264.367501][T13527]  ? p9_client_clunk+0x12a/0x170
[  264.369094][T13527]  ? p9_client_clunk+0x12f/0x170
[  264.370663][T13527]  ? v9fs_fid_get_acl+0x7a/0x120
[  264.372259][T13527]  __alloc_pages_noprof+0xb/0x1b0
[  264.380060][T13527]  ___kmalloc_large_node+0x84/0x1e0
[  264.381740][T13527]  ? v9fs_fid_get_acl+0x7a/0x120
[  264.383617][T13527]  __kmalloc_large_node_noprof+0x1c/0x70
[  264.385375][T13527]  __kmalloc_noprof.cold+0xc/0x61
[  264.386959][T13527]  ? __pfx_iget5_locked+0x10/0x10
[  264.388510][T13527]  ? v9fs_cache_inode_get_cookie+0x28f/0x3a0
[  264.390394][T13527]  v9fs_fid_get_acl+0x7a/0x120
[  264.391962][T13527]  v9fs_get_acl+0xee/0x530
[  264.393436][T13527]  v9fs_inode_from_fid_dotl+0x264/0x2f0
[  264.395174][T13527]  v9fs_mount+0x4fd/0xa30
[  264.396576][T13527]  ? __pfx_v9fs_mount+0x10/0x10
[  264.398181][T13527]  ? cap_capable+0xb3/0x250
[  264.399619][T13527]  ? __pfx_v9fs_mount+0x10/0x10
[  264.401172][T13527]  legacy_get_tree+0x109/0x220
[  264.402711][T13527]  vfs_get_tree+0x8b/0x340
[  264.404210][T13527]  path_mount+0x1414/0x2020
[  264.405653][T13527]  ? kmem_cache_free+0x2d1/0x4d0
[  264.407208][T13527]  ? __pfx_path_mount+0x10/0x10
[  264.408762][T13527]  ? putname+0x154/0x1a0
[  264.410108][T13527]  __x64_sys_mount+0x28d/0x310
[  264.411641][T13527]  ? __pfx___x64_sys_mount+0x10/0x10
[  264.413400][T13527]  do_syscall_64+0xcd/0x4c0
[  264.414841][T13527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.416696][T13527] RIP: 0033:0x7fc35098e929
[  264.418090][T13527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.424156][T13527] RSP: 002b:00007fc3517c8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  264.426807][T13527] RAX: ffffffffffffffda RBX: 00007fc350bb5fa0 RCX: 00007fc35098e929
[  264.429262][T13527] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  264.431868][T13527] RBP: 00007fc350a10b39 R08: 0000200000000580 R09: 0000000000000000
[  264.434516][T13527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  264.437081][T13527] R13: 0000000000000000 R14: 00007fc350bb5fa0 R15: 00007ffcbe2d0628
[  264.439765][T13527]  </TASK>
[  264.440771][T13527] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  264.443552][T13527] CPU: 0 UID: 0 PID: 13527 Comm: syz.6.2886 Not tainted 6.16.0-rc3-syzkaller-00121-gf02769e7f272 #0 PREEMPT(full) 
[  264.448212][T13527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  264.452384][T13527] Call Trace:
[  264.453740][T13527]  <TASK>
[  264.454910][T13527]  dump_stack_lvl+0x3d/0x1f0
[  264.456738][T13527]  panic+0x71c/0x800
[  264.458288][T13527]  ? __pfx_panic+0x10/0x10
[  264.460052][T13527]  ? show_trace_log_lvl+0x29b/0x3e0
[  264.462116][T13527]  ? __alloc_frozen_pages_noprof+0x30b/0x23f0
[  264.464488][T13527]  check_panic_on_warn+0xab/0xb0
[  264.466195][T13527]  __warn+0xf6/0x3c0
[  264.467447][T13527]  ? __alloc_frozen_pages_noprof+0x30b/0x23f0
[  264.469355][T13527]  report_bug+0x3c3/0x580
[  264.470715][T13527]  ? __alloc_frozen_pages_noprof+0x30b/0x23f0
[  264.472638][T13527]  handle_bug+0x184/0x210
[  264.474000][T13527]  exc_invalid_op+0x17/0x50
[  264.475427][T13527]  asm_exc_invalid_op+0x1a/0x20
[  264.476972][T13527] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0
[  264.479079][T13527] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 cf 76 6d 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 83 62 7a 0e 00 75 0b c6 05 7a 62 7a 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  264.485027][T13527] RSP: 0018:ffffc9000438f8d8 EFLAGS: 00010246
[  264.486923][T13527] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  264.489402][T13527] RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000040d40
[  264.491871][T13527] RBP: 0000100000001000 R08: 0000000000000007 R09: 0000000000000000
[  264.494316][T13527] R10: 0000100000001000 R11: 0000000000000001 R12: 0000000000000021
[  264.496767][T13527] R13: 1ffff92000871f30 R14: 0000100000001000 R15: 0000000000000021
[  264.499231][T13527]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  264.501209][T13527]  ? kasan_quarantine_put+0x10a/0x240
[  264.502921][T13527]  ? lockdep_hardirqs_on+0x7c/0x110
[  264.504561][T13527]  ? kfree+0x2b4/0x4d0
[  264.505851][T13527]  ? p9_client_clunk+0x12a/0x170
[  264.507412][T13527]  ? p9_client_clunk+0x12f/0x170
[  264.509033][T13527]  ? v9fs_fid_get_acl+0x7a/0x120
[  264.510584][T13527]  __alloc_pages_noprof+0xb/0x1b0
[  264.512175][T13527]  ___kmalloc_large_node+0x84/0x1e0
[  264.513813][T13527]  ? v9fs_fid_get_acl+0x7a/0x120
[  264.515365][T13527]  __kmalloc_large_node_noprof+0x1c/0x70
[  264.517120][T13527]  __kmalloc_noprof.cold+0xc/0x61
[  264.518707][T13527]  ? __pfx_iget5_locked+0x10/0x10
[  264.520290][T13527]  ? v9fs_cache_inode_get_cookie+0x28f/0x3a0
[  264.522224][T13527]  v9fs_fid_get_acl+0x7a/0x120
[  264.523717][T13527]  v9fs_get_acl+0xee/0x530
[  264.525147][T13527]  v9fs_inode_from_fid_dotl+0x264/0x2f0
[  264.526873][T13527]  v9fs_mount+0x4fd/0xa30
[  264.528241][T13527]  ? __pfx_v9fs_mount+0x10/0x10
[  264.529781][T13527]  ? cap_capable+0xb3/0x250
[  264.531201][T13527]  ? __pfx_v9fs_mount+0x10/0x10
[  264.532762][T13527]  legacy_get_tree+0x109/0x220
[  264.534274][T13527]  vfs_get_tree+0x8b/0x340
[  264.535684][T13527]  path_mount+0x1414/0x2020
[  264.537134][T13527]  ? kmem_cache_free+0x2d1/0x4d0
[  264.538687][T13527]  ? __pfx_path_mount+0x10/0x10
[  264.540229][T13527]  ? putname+0x154/0x1a0
[  264.541631][T13527]  __x64_sys_mount+0x28d/0x310
[  264.543141][T13527]  ? __pfx___x64_sys_mount+0x10/0x10
[  264.544830][T13527]  do_syscall_64+0xcd/0x4c0
[  264.546285][T13527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.548127][T13527] RIP: 0033:0x7fc35098e929
[  264.549544][T13527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.555487][T13527] RSP: 002b:00007fc3517c8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  264.558064][T13527] RAX: ffffffffffffffda RBX: 00007fc350bb5fa0 RCX: 00007fc35098e929
[  264.560503][T13527] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  264.562988][T13527] RBP: 00007fc350a10b39 R08: 0000200000000580 R09: 0000000000000000
[  264.565445][T13527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  264.567891][T13527] R13: 0000000000000000 R14: 00007fc350bb5fa0 R15: 00007ffcbe2d0628
[  264.570357][T13527]  </TASK>
[  264.572032][T13527] Kernel Offset: disabled
[  264.573439][T13527] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:30:41  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855bb115 RDI=ffffffff9b088320 RBP=ffffffff9b0882e0 RSP=ffffc9000438f240
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000033 R14=ffffffff9b0882e0 R15=ffffffff855bb0b0
RIP=ffffffff855bb13f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 00007fc3517c86c0 ffffffff 00c00000
GS =0000 ffff8880d6752000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000001000 CR3=0000000038fe9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000004144 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002000002 Opmask01=0000000000000001 Opmask02=00000000ffff7fdf Opmask03=0000000082000020
Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f4c8c21730 000055f4c8c21730
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f4c8af3a20
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055f4c8af18c0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 11940d41c22aa34d 73732682e49101fc
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373a2 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e69646165520073 25203a656c696620 7974706d6520676e 697070696b530065
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4245484d4952005f 090c164940454a0c 55585c41490c4b42 455c5c4547530049
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f6d697377685f31 3132303863616d2f 6c6175747269762f 736563697665642f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001c1 6c2f0073656c7572 0000003165730000 307761726469682f
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3139312c3039312c 4638312c4538312c 4238312c3938312c 3838312c3538312c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3438312c3138312c 3937312c3737312c 3437312c4436312c 4336312c3636312c
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3336312c3136312c 3036312c30462c46 442c30442c46432c 38412c37412c4639
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000000 RBX=ffffc900033371b8 RCX=ffffc9000333704c RDX=1ffff92000666e4e
RSI=ffffffff82089a70 RDI=ffffc900033371c4 RBP=ffffc90003337270 RSP=ffffc900033370d8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000010cd0
R12=ffffffff81a78010 R13=ffffc900033371b8 R14=0000000000000000 R15=ffff888022d1c880
RIP=ffffffff81a780e3 RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6852000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f04954e7d60 CR3=000000000e382000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04949846a3 00007f04949846a3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe6a15da80 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558333b86e 000055558333b530
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558329c498
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555832add43 00005555832adca0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010180041883a2d9 9608000100000008 06060129d2000000 000000000001ffff
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffef08 01d8030282080001 d0031ffe080001c8 030880080001c003
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 06080001b8030c08 0001b00307fe0800 01a80300080001a0 0305d00800019803
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a80080001900306 c3a1d1a408000188 031fdfeffffe0800 0180030480100001
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffff9082e800300 30656c69662f2e01 ffffffffffffffff ef080f8003001000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000046a91d RBX=0000000000000002 RCX=ffffffff8b809c59 RDX=0000000000000000
RSI=ffffffff8de1a086 RDI=ffffffff8c157ba0 RBP=ffffed1003c53910 RSP=ffffc90000187df8
R8 =0000000000000001 R9 =ffffed100d4c6645 R10=ffff88806a63322b R11=0000000000000001
R12=0000000000000002 R13=ffff88801e29c880 R14=ffffffff90a81350 R15=0000000000000000
RIP=ffffffff8b8087bf RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6952000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fcff1dedbf8 CR3=000000004fea5000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=00000000000003ff Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0aa11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0aa11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0aa11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0aa11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0aa11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0aa11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0ab84488 00007f2b0ab84480 00007f2b0ab84478 00007f2b0ab84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0b6ed100 00007f2b0ab84440 00007f2b0ab84458 00007f2b0ab844a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b0ab84498 00007f2b0ab84490 00007f2b0ab84488 00007f2b0ab84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000003 RBX=ffffffff8e5c4940 RCX=ffffc9000166faec RDX=0000000000000003
RSI=ffffffff8e5c4940 RDI=ffff888022ffc880 RBP=0000000000000002 RSP=ffffc9000166fab8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=ffffffff8e5c4940 R13=ffffc9000166faec R14=0000000000000003 R15=0000000000000003
RIP=ffffffff81980413 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6a52000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055556a69b808 CR3=00000000139a5000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcbe2d09b0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc350a11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc350a11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc350a11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc350a11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc350a11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc350a11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000