last executing test programs:

1m10.186108197s ago: executing program 3 (id=1760):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00')
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'geneve1\x00', <r3=>0x0})
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x5)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_SERVICE(r6, 0x0, 0x483, &(0x7f0000000040), &(0x7f00000000c0)=0x68)
fchdir(r5)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r7 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r7, &(0x7f0000001fc0)=""/184, 0xb8)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r3, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a80140007"], 0x58}, 0x1, 0x2}, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x3, 0x0, '\x00', [{0x10001, 0x2, 0x0, 0xd03f, 0x9, 0xa00000}, {0x4e, 0x4, 0x2, 0x0, 0x7, 0x9}], ['\x00', '\x00', '\x00']})
preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
writev(r0, &(0x7f00000003c0), 0x100000000000022d)

1m10.172466429s ago: executing program 3 (id=1761):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000100)=0x14)
read(r2, &(0x7f00000019c0)=""/4093, 0xffd)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="080028bd7000fddbdf252d000000d795f86cbfe8fee308002f0008301c075d002c0001000000b5baef226e3f382c72f50faada981914d92adf6b969f1439ff94640a10f4cc1f99ba4bbf29e68588f6fcca67fa4a559bfcfb073c1c0839af374ed52b200e4ea2c83113266c99cb49697df1a3d8a69bb382b1934d0bb9d2ac042e678fca316738edc3cc08f3591dadccad64cf48b098511d242ef00bdd13a5b4ed3eb5b550ea036917a7a9"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x4004)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="cc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}], 0x1}}], 0x2, 0x4048884)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x2, 0x9, 0x200, 0x0, 0xa77a, {0x0, @in6={{0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffff7}}, 0x74, 0x4, 0xe60e, 0x8, 0x7}}, &(0x7f0000000280)=0xb0)

1m9.219162548s ago: executing program 3 (id=1782):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000003680)='/sys/power/wakeup_count', 0x202080, 0x42)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000003740)=[@text64={0x40, &(0x7f00000036c0)="66b813018ed03e3e0f01cf8f697881be00300000c40295ddd1c462f98ead00800000b9af090000b87a42b368ba000000000f3066baf80cb8fc596a82ef66bafc0cb87e000000efc744240005000000c744240256260000ff1c24460f01d1b98f030000b89f000000ba000000000f30", 0x6f}], 0x1, 0x22, &(0x7f0000003780), 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
setsockopt$inet_mreqsrc(r2, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
sendmmsg$inet6(r0, &(0x7f0000000540)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x3, @loopback, 0x3}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000240)="dc", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="be", 0x1}], 0x1}}], 0x2, 0x3404c891)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x8002}, 0x8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r4, 0x0, 0x42, &(0x7f0000003600)={'NETMAP\x00'}, &(0x7f0000003640)=0x1e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES64], 0x40}}, 0x0)
socket(0x0, 0x4, 0x200)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000ffffffd40700002000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2681d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e6e83d15645aa818d92b21aa6459512f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa8666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e517232586872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000600001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736dd19363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419dfc75c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a0ea49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2ddf267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed186a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d36df524b760ab92efcce7dd1574a0730a9e015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbe4fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c63fb9450dd03985d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921bd4d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a980010000fdf278218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9d3696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f21d9d5bc27d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c30600a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86da86b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3d70001500e34ad2e1b2e64af4e37211b524e20f4ae1ba89a32bad2af9030f8add5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e90eb1fffffffffffffcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c2615318bf813e788c84409dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f11b615c87c441dc970ec896a5af6bf69b50a244bc138a1cae3d220bcff6bcb3058c6e0d1cc0da889710f33f5638f805ce602365492282863cc8092b16656dea03cd50182aabbac78a14506dcbf823bec4a5dad14c4d7353b6a55c28321647df3a85bf9fca4e18aeaf4867e6a3dbdd7a5dbe1a52bddae83fc368404a032b75649cf74d7af8e9e3e43fad643ad3e8575a2bb0507531eac5e10b631575f1360803c8f556e07f292ab66b9bcea0c2f09db289a5934a4f2f5fe5cfc52b270a4a5fa2a8de62dcaf7ef52f1fd84c55e6a0c5a365a3b4e73c4ac6fc26367f3f6c07b06a0874c039622ba2bd369b105f57099f742a000a36c2f044a5de24604f82a1f197d9a70b5a62f794f57ec02df70d459fedd6125ae41479a2661360a79e175f0add2820018d5985183ee80f681403a7d08e0e2b88d0750c90b7ed5fed6f81ce797f3b60445ce811d2b4e45005a5ea06c1fe927af06433cd3885dc954e698a7a73416c73bfab7773a6e5e14338797ce9148cda4c0bf05fb67915aeb3661e755e4e1a0ceedfe8e91ee5361ff4c7c07b422e1443a6616b6eb3c325d5687644a4c0a1d44d9dfd82896f56bdfa0790406984c123e1d37da4a9a9444485e9b1e3b6b548528989d2aecc1e7b6ee92ca19298801105ced8964e000000000000000000000000000000000000000000000000000000000003d1c031ee2fc25c7ad34283187545b1343f7ab862e66cf5bf4ba4dbf5fda31619c05ddb97199ad4d01471e9b3c7f485b1e74d0ed34201915e79d5ed229f0773ab6b38529c45b10d0796e005b6d663b942320339b9fe1d4e393b4bcb596898cde06955a345db3cb956b0e5da1c1dba7046f4d12fc65085302f333516804d9f"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
r6 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'team_slave_1\x00'})
getsockopt$PNPIPE_IFINDEX(r6, 0x113, 0x2, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000340), 0xffffffffffffffff)
r8 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000380)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
fcntl$getownex(r3, 0x10, &(0x7f00000023c0)={0x0, <r10=>0x0})
sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f00000035c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000003580)={&(0x7f0000002400)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r7, @ANYBLOB="080026bd7000fcdbdf2525000000080001007063690011000200303030303a30303a31302e300000000008008a00", @ANYRES32=r8, @ANYBLOB="080001007063690011000200303030303a30303a31302e300000000008008b00", @ANYRES32=r9, @ANYBLOB="0e0001006e657464657673696d0000000f0002006e657464657673696d30000008008c00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008c00040000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008c00030000000e0001006e657464657673696d0000000f0002006e657464657673696d30000001008b00", @ANYRES32=r10, @ANYBLOB], 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x84)
syz_emit_ethernet(0xfc, &(0x7f0000000180)={@link_local, @broadcast, @val={@val={0x88a8, 0x4, 0x1, 0x4}, {0x8100, 0x4, 0x1, 0x3}}, {@x25={0x805, {0x1, 0x0, 0x9, "ab81f44fe797ada9891b1db8ceb2825f8ece5cd1fda9f83ae1093c399e17f6b8302a2cf9d4b17361635801495e91bf29ac14fb9ea9ca86e8d4764f71cec830ba3aad7ee31cc25784e6639747e7c3c2fc452ce380e6dcc95b1b041d09344c0912c2a5193108017c8c310fb7d426b0048b5102ac9bc99e3607d2e3fdf238e030b1978c28531ccf2e43e108ded56934cb5d62cec2da5064179b5144bec68a779f1a9360813fc3ed2c3435dc94e3ab86e594375cd5c77a1e8e43c96e5880e32e23972ef42aac8ea017ec844f30ae0a13ce02fd030f090e4e7fa5f8c4c7a267196154e50a2d"}}}}, &(0x7f00000002c0)={0x0, 0x3, [0xe47, 0xb9c, 0xdcb, 0xa5e]})
r11 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x101000)
ioctl$CEC_DQEVENT(r11, 0xc0506107, &(0x7f0000000040)={0x0, 0x0, 0x0, @lost_msgs})

1m7.854459989s ago: executing program 3 (id=1794):
mkdir(&(0x7f00000000c0)='./file0\x00', 0x14)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000540)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x30}}, 0x0)
mount$9p_virtio(&(0x7f0000000680), &(0x7f0000000480)='./bus\x00', &(0x7f00000004c0), 0x0, &(0x7f00000006c0)=ANY=[])
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x42, 0x1ff)
r2 = socket$unix(0x1, 0x5, 0x0)
accept4$unix(r2, &(0x7f00000001c0), &(0x7f0000000100)=0x6e, 0x800)

1m7.854341367s ago: executing program 3 (id=1795):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xaa, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)

1m7.583269627s ago: executing program 3 (id=1801):
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000300)={<r0=>0x0, 0x81, 0x1, [0x5]}, &(0x7f0000000340)=0xa)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000380)={r0, 0x6}, &(0x7f00000003c0)=0x8)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, &(0x7f0000000280)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f00000002c0)=0x2c)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0xa000, 0x0)
read$rfkill(r4, 0x0, 0x0)
r5 = eventfd(0x5)
r6 = eventfd(0x3)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000001c0)={r6, 0x17, 0x2, r5})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r8 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r8, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r8, r7})
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000180)={r8, r7})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"])
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000003b80)={0x3, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$KVM_GET_VCPU_EVENTS(r12, 0x4048aecb, &(0x7f0000000080))
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0)
userfaultfd(0x80801)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m7.506571264s ago: executing program 32 (id=1801):
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000300)={<r0=>0x0, 0x81, 0x1, [0x5]}, &(0x7f0000000340)=0xa)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000380)={r0, 0x6}, &(0x7f00000003c0)=0x8)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, &(0x7f0000000280)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f00000002c0)=0x2c)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0xa000, 0x0)
read$rfkill(r4, 0x0, 0x0)
r5 = eventfd(0x5)
r6 = eventfd(0x3)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000001c0)={r6, 0x17, 0x2, r5})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r8 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r8, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r8, r7})
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000180)={r8, r7})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"])
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000003b80)={0x3, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$KVM_GET_VCPU_EVENTS(r12, 0x4048aecb, &(0x7f0000000080))
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0)
userfaultfd(0x80801)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m2.146698602s ago: executing program 4 (id=1854):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
getpeername$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, &(0x7f0000000100)=0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x181a80)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r2, 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, 0x0, 0x4000)
dup3(r0, r1, 0x0)
sendmmsg$inet(r1, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000000540)="679512f062b8d965651edd4c06c901784e56aa174403ad4134742b71d211c6a85d8bc563c27f754fc2af5351f2f41e867c71c19837f2feba7862e511a47c446cd11c960f018962a53f6cf31a1123ff8092c9ff560701bfc579fa80f9149acafe2a225fed70d9173f0243a55be3c4028da556cf126da9c1b9b8f8e113", 0x7c}, {0x0}, {&(0x7f0000000e80)='S', 0x1}], 0x3}}], 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4)

1m2.130550901s ago: executing program 4 (id=1856):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)={0x38, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x0, 0x0, 0x0, @uid=0xee00}, @nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x1, 0x0, 0x0, @binary="3170d5cb1bc451e04e70f5549e82ac73"}]}]}, 0x38}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_LOCAL_NAME={{0xa9}, 0xa0}}}, 0x7)

1m2.064508434s ago: executing program 4 (id=1858):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x70}}], 0x1, 0x2000c044)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x714f, 0x0)

1m1.180923383s ago: executing program 4 (id=1873):
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000044}, 0x0)
sendmsg$AUDIT_TRIM(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x3f6, 0x100, 0x70bd2d, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000080)=@udp}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[], 0x24}}, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0, 0x6f4}}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)

1m1.180715545s ago: executing program 4 (id=1874):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
setpgid(0x0, r0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x201800, 0x0)

1m1.093889471s ago: executing program 4 (id=1875):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x8})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)
mknod$loop(0x0, 0x0, 0x1)
futex_waitv(&(0x7f0000000d80)=[{0x1, 0x0, 0x4}], 0x1, 0x0, 0x0, 0x1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r3, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r3, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb)

45.823698634s ago: executing program 33 (id=1875):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x8})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)
mknod$loop(0x0, 0x0, 0x1)
futex_waitv(&(0x7f0000000d80)=[{0x1, 0x0, 0x4}], 0x1, 0x0, 0x0, 0x1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r3, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r3, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb)

2.140612241s ago: executing program 0 (id=2501):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/18, @ANYRES32=r6], 0x20}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x714f, 0x0)

1.573427524s ago: executing program 5 (id=2514):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000980)=@newtfilter={0x6c, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}, {0xfff2}, {0x0, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x38, 0x2, [@TCA_BPF_ACT={0x34, 0x1, [@m_gact={0x30, 0x12, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x81}}]}, 0x6c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000003c0)="b8040000000f23d80f21f835400000100f23f8b9800000c00f3235000800000f30360f01d1b9800000c00f3235010000000f30f3818700980000ca260000f3640f07c4c235af223e0f79872b5fd97a0fc7bcb80070000066ba4300b8ffa50000ef", 0x61}], 0x1, 0x5, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f0000000a00)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000100000000000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af180200010000000500000000260004001818fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d957070fec680ed6e445ecb72324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483dc7619e77a6f27c957452e3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000180b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032107f5000000000000000000000200000000000000000000000000008879e6648520000000000000000000145e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c0305d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed0000004c20d7b27f88169b7ff5e3c44aaf16d90a2acae6fd38483e347c3259d79bdd4a31823b297e2feaf8db6717b216bbacb251b344dba937a2fae5cf2318cf08e2b5b0b7188970773853a59e30e67fd3"], 0x0)

1.22338562s ago: executing program 0 (id=2516):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x42, &(0x7f0000000080)=0xffff7b6e, 0x4)
getsockopt$inet6_buf(r2, 0x29, 0x6, 0x0, &(0x7f0000000280))
ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f0000000440)=0x2a4)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
r4 = socket(0x10, 0x803, 0x0)
write(r4, &(0x7f0000000340)="1c0000005e001f3814584707f9f4ffffff000000230000001ff80000", 0x1c)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000003180), 0x200, 0x0)
readv(r5, &(0x7f0000001400)=[{&(0x7f0000000000)=""/157, 0x9d}], 0x1)
r6 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@alg={0xe0, 0x10, 0x1, 0x0, 0x3, {{'aegis128\x00'}}}, 0xe0}, 0x1, 0x0, 0x0, 0x4c000}, 0x4008004)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmmsg$inet(r2, &(0x7f00000072c0)=[{{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000000100)='\f', 0x1}], 0x1}}], 0x1, 0x4000805)
r7 = fcntl$dupfd(r2, 0x0, r2)
r8 = socket(0x10, 0x3, 0x5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'erspan0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@gettclass={0x24, 0x2a, 0x200, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {0xc, 0xc}, {0x9, 0xfff1}, {0xfff3, 0xe}}, ["", "", "", "", ""]}, 0x24}}, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x26e1, 0x0)
close(r11)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
sendmmsg$alg(r11, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000300)="ebe3a0e9796cfd1647e299f4e376fd9a128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3ad219e1e85550b8af8c6dbb7996069837304ee9b17ab0297628957a707b57a0553154405cc5567da2d429687257627dd278889375727adafcfb607d6d7b89f864b3ea75875d4b4cc3bb65f5e7fddc5b896e305b4c904b740cc96e48d45f01666953518ebe0c38dc58e07c38ae760000b22b955ee8bb64e9ff6abb866a6696432dc587bc25e3b7c01dba5eac9a43cdfdbec3e67c452e147b0ff4775c237719b8bb79dde67b504dd3c04e4219e8d7dbd93536", 0xdb}], 0x2, 0x0, 0x0, 0x800}], 0x1, 0x810)
ioctl$SIOCSIFHWADDR(r11, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})
recvfrom$inet(r3, &(0x7f0000000140)=""/241, 0xf1, 0x10001, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="700000001000810500"/20, @ANYRES32=0x0, @ANYBLOB="0580040000000000500012800b00010067656e657665000040000280050008000000000005000d000100000005000d000200000008000b4000001e82060005004e210000140007"], 0x70}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="3c00000010000304000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028008001e0020"], 0x3c}, 0x1, 0x2000000000000000}, 0x0)
ioctl$USBDEVFS_RESETEP(r7, 0x80045503, &(0x7f00000000c0)={0x5})

1.223105888s ago: executing program 5 (id=2517):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000f80)=""/4096, 0x300)
r2 = dup(r0)
write$UHID_INPUT(r2, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f450987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006)

1.133260813s ago: executing program 0 (id=2519):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
read$char_usb(r2, &(0x7f00000003c0)=""/198, 0xc6)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
r3 = signalfd4(0xffffffffffffffff, &(0x7f00000001c0)={[0xffffffffffffffff]}, 0x8, 0x80800)
read$FUSE(r3, &(0x7f0000003a40)={0x2020}, 0x2020)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000002280)={0x2020}, 0x2020)
move_mount(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000000040)='./file0\x00', 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x18, r1, 0x1, 0x70bd2b, 0x5dfd9fc, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

1.051336168s ago: executing program 0 (id=2520):
sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x20c5a042d44d61c0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r1, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x70}}}}, [@chandef_params, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e9}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7fff}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xb}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x20004040)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x6}, @hci_rp_read_def_link_policy={{0x6}, {0xfe, 0x1}}}}, 0x9)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0)

1.049133489s ago: executing program 5 (id=2522):
r0 = socket$alg(0x26, 0x5, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)='B', 0x1}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000540))
ptrace$cont(0x20, r1, 0x0, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x2}, 0x28)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r3, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000001a00), 0x0, 0xfeffffff, 0x10, 0x8, 0x0, 0x0}}, 0x10)

1.048927322s ago: executing program 0 (id=2523):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
timer_create(0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xaa, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)

988.797428ms ago: executing program 1 (id=2525):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/19, @ANYRES32=r6], 0x20}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x714f, 0x0)

988.52528ms ago: executing program 5 (id=2526):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001280)=@newlink={0x58, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x600a4, 0x40}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x2}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x58}}, 0x8000)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000000)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000000600)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x1, 0x3, 0x3, 0x81, @f={0x7, 0x2, 0x2, 0x3, {0xa, 0xd0, "9026a0d97de9b7d84d920a2df6250c3df9e83b79419089b151e2d09df2746447aaca065bc1a86aed69133cefbbc456f69411e4dec301f92e24f25f76baacc969a4531691ddc350fb32929ec54ebaf0d7a21d8782a341659db6521a5174e30c8225d7efc051e417a0760505119a661458621f983fed82fc27678d314502a58d2f74e7369c415d9b23780f8fa9b33ee139aac6d5afe16678856a0ff7eb1be81c09691ae213249b942310e3d34740e47de27dc1587db52d9b630296b8696d6bb9f29b8e2ea7942c96d1fbf2f91e10cbbeaf"}, 0x2}}, 0xda)

903.085717ms ago: executing program 2 (id=2527):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000080)={0x4000000, 0x0, 0x0, 0x1, 0xa})

902.762989ms ago: executing program 2 (id=2528):
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001000010425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="dd5800000000000014000310776c606e3000000000000000000000000a001100ffffffffffff0000"], 0x40}}, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], 0x0, 0x52, &(0x7f00000000c0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x93, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000200)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) (async)
r5 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r5, 0xffff) (async)
close(0x3) (async)
fcntl$addseals(r5, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f00000001c0)={r5, 0x1, 0x0, 0x8000})
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
pread64(r6, &(0x7f0000001480)=""/90, 0x5a, 0x0) (async)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async)
mkdirat(r6, &(0x7f00000002c0)='./bus\x00', 0x102) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) (async)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
chdir(&(0x7f0000001180)='./bus\x00')
open$dir(&(0x7f0000000100)='./file0\x00', 0x15b800, 0x0) (async)
rmdir(&(0x7f0000000440)='./file0\x00')

853.709092ms ago: executing program 2 (id=2529):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e20, 0x80000, @dev={0xfe, 0x80, '\x00', 0x20}, 0x4000}, 0x1c, 0x0, 0x0, &(0x7f0000000480)=[@hopopts={{0x18, 0x29, 0x36, {0x87}}}], 0x18}, 0x40c0)

853.07377ms ago: executing program 2 (id=2530):
socket$igmp6(0xa, 0x3, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x7}, 0x8)
listen(r0, 0x5)
accept4(r0, &(0x7f0000000240)=@x25, 0x0, 0x80800) (fail_nth: 6)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c)
socket(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

533.662186ms ago: executing program 2 (id=2531):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000009bee0500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900420073797a310000000008000a40ff010000000011800e000100636f6e6e6e696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000040)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r5, @ANYBLOB="0c009985f2330fd547793c000800a0003a0900080500390104000000080026"], 0x40}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000851}, 0x40)
r6 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_MIDI_PRETIME(r7, 0xc0046d00, &(0x7f0000000240)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
ioctl$SG_IO(r6, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffffffffffb, 0x6, 0x4, @buffer={0x0, 0x1000, &(0x7f0000001d80)=""/4096}, &(0x7f0000000000)="a1f8a81b133d", 0x0, 0x0, 0x30, 0x0, 0x0})
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r8 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x1, &(0x7f0000000000)=@raw=[@generic={0x20, 0x0, 0x0, 0x80}], &(0x7f0000000040)='GPL\x00'}, 0x94)
io_uring_setup(0x7d2e, &(0x7f0000002380)={0x0, 0xa205, 0x1046, 0x6})
r9 = socket(0x1, 0x803, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="580000001000010400000085b4856d000000000000000000", @ANYRES32=0x0, @ANYBLOB="0003000000000000300012800b000100697036746e6c00002000028014000200ff020000000000000000000000000001060010000300000008000a00", @ANYRES32=r10, @ANYBLOB], 0x58}}, 0x0)

113.398822ms ago: executing program 1 (id=2532):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x58fe7ab67a988db6}, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x10, r0, 0x2e029000)

112.694543ms ago: executing program 0 (id=2533):
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r0, &(0x7f0000001300)="92", 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="4000000010000104000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="10c00000000000001800128008000100677470000c00028008000200", @ANYBLOB='\b\x00'], 0x40}}, 0x0)
r2 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
close(r2)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
read(r2, &(0x7f0000000240)=""/87, 0x57)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000001040)=@assoc_value={<r4=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000200)={r4, 0x9, 0x2, 0xa, 0x8, 0x200009e}, 0x14)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x4, 0x0)
close(r5)
write(r5, &(0x7f00000002c0)="a5fdb2b12b645622261b77bb273eaca9f9da0d5b496a6a16e7fe0946dc706b90989961f6aad080e27ee93f73e8a976b770632f3c3f5f8199f26b50aa69e5a6bcbebe03cace9a8dcb85b5a5fbb6157843e4699f7bfbe4ab6dc6940a1506eecf441a9b87d46c9790170fefa9e31a14f274abf938631b1adb835efa624bef61f1796315e94709a32894fa8c379ae836fc2c85c6efb312f54d85420d7c2b14535cb104e2f70aec7d99376a26f712ede7eaead32f1187d8c784dfe3ce9380e48086b8725371b6989c93ec2b0d806c6547fb620a472894caf1842efe9323db3a1cbd687aee31a792bb7e147f44db84d0ec5e74", 0xf0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x1d34, 0x4, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x80, 0x40, 0x9, [{{0x9, 0x4, 0x0, 0xfd, 0x2, 0x3, 0x1, 0x0, 0xc, {0x9, 0x21, 0x8, 0x8, 0x1, {0x22, 0xcb9}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x80, 0x4, 0x82}}}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f00000003c0)={0xa, 0x6, 0x250, 0x5, 0x8, 0x40, 0x8, 0xfc}, 0x226, &(0x7f0000000400)={0x5, 0xf, 0x226, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x53, 0x4, 0x9}, @generic={0xe1, 0x10, 0x11, "7bfa8483ccde4a7cdeb23937c269f068eb5be00a976cf81bf5e8b9ed628a9859c734abce6d8fd92f935e8b310ac3463c2302e20fa0836d692990279e495080a8c10bf85208d81cbacb8c5564ff9dca00071934d767639c58f6d75aae28ecb98939f38be86ce74bc8b3a8f53910c0f839431d082aeec01745b875b8cc00eff0434f048d4fa9b099bf955b8f7de7a414dc11c575c23cbabc82fc232226101cedef03824b72ae8099567deba9eb1482f5888c99c40838ab7e281ee988417906bf0f9637d73a6955800baaf2eb40437bf169cc9a1bb4b20ff30299be19f6e45a"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x4, 0x3, 0x2, 0xec9, 0x81}, @generic={0x73, 0x10, 0x2, "93f2168159ef636e628bcd5c1d52d65b6514e4944325b1487b7aef4b04ddc37b11bcdc1df3d811b86e291f95251941c073c1eaf1962296d0f3ab370c53b29cac31ada403033f85715324f2836851e688b5d4362abcb02fe77b3cc56bda93a97371fc8c644180097b37f4c029619e57bc"}, @generic={0xb8, 0x10, 0xa, "45434b9994061dad59be3e3535e1652fad3ed937144dd40388ea7dcbf100a989e880290d10a791e3dca6728a13c358592150d4f92ed83366e29fb81c1704b9203ece78ca1fe78cf19ff683a4f57b47928203b32a052941d666dd5e8e3389cfbb34e3cb9d175c3deaea88cc979904c10ba94f0007bc7baaaa8386ad6b5b4807fdb3e5bd01a70ff99b6ed54ce6c36784d6ab548550ff03c61e8a4db01ec0cc0f7f433d0eca0db4c71bc626fdcbe2b6234abe96649929"}]}, 0x3, [{0x25, &(0x7f0000000640)=@string={0x25, 0x3, "0f884be1c3b3a72bfd7ebfe2ca1dac977d21a2265a26dc131e080c0074272c3127d0e1"}}, {0x89, &(0x7f0000000680)=@string={0x89, 0x3, "2a45d1424f7310b440c228a84bdc64f5b2cd642b023aa5a75bd2d15a380e967ff13425e594df5d279ae61f63486fd56be9e2e487c56e65b6913e0dfe1ffb39933d36b218d40ba11e5433549c0280c0dad836fc611b1cd0315bf6fb0e210cca460d0aeed16da9ffa7e30ad81bffd9b38744cb0fd8d041a383d24ea6140627dd933112aa3e1de82b"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x812}}]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, &(0x7f0000000040)={0xffff, 0x3, 0x8001, 0x100})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000560000042bbd7000ffdb0e0700feff09", @ANYRES32=0x0], 0x18}, 0x1, 0x0, 0x0, 0x58a6f155420c253}, 0x4040010)

112.350939ms ago: executing program 5 (id=2534):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='syz_tun\x00', 0x10)
r1 = socket(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x419, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x8004}, 0x1c)
fcntl$getownex(r0, 0x10, &(0x7f0000000000))
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty=0xe0000001}, {0x0, 0x4e20, 0x8}}}}}, 0x0)

112.198923ms ago: executing program 1 (id=2535):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_RMFB(r0, 0xc00464af, &(0x7f0000000600)=r3)

111.729403ms ago: executing program 5 (id=2536):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
write$binfmt_aout(r3, 0x0, 0xffffffdb)
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000005c0)='fd', 0x0, r4)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x2)
symlinkat(&(0x7f0000000080)='./file0\x00', r6, &(0x7f00000000c0)='./file0\x00')
unlinkat(r6, &(0x7f0000000040)='./file0\x00', 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r6, 0x40085112, &(0x7f0000000000)=@v={0x93, 0x9, 0x90, 0x16, @MIDI_NOTEON=@note=0x1c, 0x8c, 0xfffa})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r9, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_RMFB(r7, 0xc00464af, &(0x7f0000000600)=r10)

89.661415ms ago: executing program 2 (id=2537):
syz_usb_connect$uac1(0x4, 0x98, &(0x7f0000000200)=ANY=[@ANYBLOB="12011003000000106b1d01014000010203010902860003010140750904000000010100000a24010600080201020904010000010200000904010101010200000b2402010c038f076d15630a24020198010f07347c09240202080001800209240201090108095909050109400206100507250100010700090402000001020000090402010101"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)={0x14, r1, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4040000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x60a80, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040302"], 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000780)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x5c, r1, 0x200, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6}]}, @NL80211_ATTR_CQM={0x34, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6f}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6ea}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x1}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x8}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x462}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x7}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x400c4)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d}, 0x94)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r4, 0x29, 0x12, 0x0, &(0x7f0000000040))
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246)
writev(r5, &(0x7f0000000600)=[{&(0x7f0000000300)="dd094f618b3522744148ad0ac5e1683f36d84202050c90d19264dc137290501bddc57780c285b23e77b334422cee141b54d013b6aa1bc1da5dd0b11fba5abf061c7a", 0x42}, {&(0x7f0000000140)="4a7fe0", 0x3}, {&(0x7f0000000380)="3ef628288921d597cd8aa720c5ea0d4553b42b5792ec9f6c17cacf7bcad115dd12188fe8043d7713367e6052c0f828f861a82c0da8414ec146bbc0683e98eb129fc33888b7e96fb4d06dc4bfa609c06fd4fa9268f4a827134682709bc03ee9d37c65a7c0211a4199631f413d58ee78ce674bfe321c65220b3caf0bd4", 0x7c}, {&(0x7f0000000400)}, {&(0x7f0000000440)="6d0dcc0538260106d6c86f004cf0403b3a12b4ce1e5a55006aa15a3d6d830a768316cb87973f11747db30bb843cbb14d018d188732c337547dc7bf7f48b0af31bbd50032a59057fd66c66260ebf109cc868e14f241cb47b0881b43792d4fc9fd286ec53f313e04", 0x67}, {&(0x7f00000004c0)="0e885e0695eda14c640d935c68a1a7e6aff3645d5f8ea46fcf8778e1005960c91d34", 0x22}, {&(0x7f0000000500)="43761125b75dafe2a931997098ad42162b4e8c700e0bbaa8c37e4c20d053ce09348ab336e99e1c85dca98af9a209b42511bedec370bb27bfb036ef86f86f071ffef6201ff688b3a9a5d14e588646e7e4a1c12f8d6873710722a759b25db1ba9e253662d9b7f181a2c2c88eb2378248e677577b4c9b6a4b563dc905d07d33df90c3c420d07f5615995b64ef12fee3264e38a57086c318abf1a0a8efe810b866a20f7362c99f2873c15aba7e5124cc06e56605b81dca646743ab5dd7fb867eb99c9dc9338668cf554cb7189c6cec6d271ed34fac4bb47e06481b0ee2357c656c2860c4df40e3943d3294b7d492ccee96f4a970c84e4fe56f1159", 0xf9}], 0x7)
r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r6, 0x10c, 0x3, &(0x7f00000001c0)=0x5, 0x4)

79.599135ms ago: executing program 1 (id=2538):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_RMFB(r0, 0xc00464af, &(0x7f0000000600)=r3) (fail_nth: 3)

3.88038ms ago: executing program 1 (id=2539):
r0 = memfd_create(0x0, 0x5)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r0, 0x0)
mbind(&(0x7f0000126000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x2)
mbind(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x1, 0x0, 0xbb2, 0x3)

0s ago: executing program 1 (id=2540):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000700)={'bond0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x38}}, 0x2}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r2 = fcntl$dupfd(r1, 0x0, r1)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x40801}, 0x40001)

kernel console output (not intermixed with test programs):

"autofs" ino=38204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  229.736336][   T40] audit: type=1400 audit(1754587379.948:1712): avc:  denied  { unmount } for  pid=14454 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  229.806925][   T40] audit: type=1400 audit(1754587380.028:1713): avc:  denied  { unlink } for  pid=15896 comm="syz.2.1872" name="#51" dev="tmpfs" ino=2619 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  230.811766][ T5328] Bluetooth: hci1: command tx timeout
[  231.323038][T15954] FAULT_INJECTION: forcing a failure.
[  231.323038][T15954] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.327195][T15954] CPU: 1 UID: 0 PID: 15954 Comm: syz.2.1887 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  231.327212][T15954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  231.327219][T15954] Call Trace:
[  231.327224][T15954]  <TASK>
[  231.327229][T15954]  dump_stack_lvl+0x16c/0x1f0
[  231.327262][T15954]  should_fail_ex+0x512/0x640
[  231.327276][T15954]  _copy_from_user+0x2e/0xd0
[  231.327288][T15954]  video_usercopy+0xedd/0x1720
[  231.327306][T15954]  ? __pfx___video_do_ioctl+0x10/0x10
[  231.327321][T15954]  ? selinux_kernel_read_file+0xc0/0x130
[  231.327335][T15954]  ? __pfx_video_usercopy+0x10/0x10
[  231.327360][T15954]  v4l2_ioctl+0x1bd/0x250
[  231.327375][T15954]  ? __pfx_v4l2_ioctl+0x10/0x10
[  231.327390][T15954]  __x64_sys_ioctl+0x18e/0x210
[  231.327408][T15954]  do_syscall_64+0xcd/0x4c0
[  231.327420][T15954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.327431][T15954] RIP: 0033:0x7fe30f58ebe9
[  231.327440][T15954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.327451][T15954] RSP: 002b:00007fe310337038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  231.327461][T15954] RAX: ffffffffffffffda RBX: 00007fe30f7b5fa0 RCX: 00007fe30f58ebe9
[  231.327468][T15954] RDX: 0000200000000100 RSI: 00000000c0145608 RDI: 0000000000000003
[  231.327474][T15954] RBP: 00007fe310337090 R08: 0000000000000000 R09: 0000000000000000
[  231.327480][T15954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.327486][T15954] R13: 00007fe30f7b6038 R14: 00007fe30f7b5fa0 R15: 00007ffe7be8ba28
[  231.327499][T15954]  </TASK>
[  231.382979][    C1] vkms_vblank_simulate: vblank timer overrun
[  231.424858][T15957] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=15957 comm=syz.2.1888
[  232.064640][T15975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1892'.
[  232.441551][T15990] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1899'.
[  232.444800][T15990] netlink: 'syz.1.1899': attribute type 2 has an invalid length.
[  232.570169][T16008] FAULT_INJECTION: forcing a failure.
[  232.570169][T16008] name failslab, interval 1, probability 0, space 0, times 0
[  232.576515][T16008] CPU: 3 UID: 0 PID: 16008 Comm: syz.0.1896 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  232.576532][T16008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  232.576538][T16008] Call Trace:
[  232.576543][T16008]  <TASK>
[  232.576547][T16008]  dump_stack_lvl+0x16c/0x1f0
[  232.576568][T16008]  should_fail_ex+0x512/0x640
[  232.576578][T16008]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  232.576592][T16008]  should_failslab+0xc2/0x120
[  232.576605][T16008]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  232.576616][T16008]  ? alloc_empty_file+0x55/0x1e0
[  232.576634][T16008]  alloc_empty_file+0x55/0x1e0
[  232.576650][T16008]  path_openat+0xda/0x2cb0
[  232.576661][T16008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.576678][T16008]  ? __pfx_path_openat+0x10/0x10
[  232.576694][T16008]  do_filp_open+0x20b/0x470
[  232.576707][T16008]  ? __pfx_do_filp_open+0x10/0x10
[  232.576729][T16008]  ? alloc_fd+0x471/0x7d0
[  232.576745][T16008]  do_sys_openat2+0x11b/0x1d0
[  232.576761][T16008]  ? __pfx_do_sys_openat2+0x10/0x10
[  232.576775][T16008]  ? find_held_lock+0x2b/0x80
[  232.576790][T16008]  ? handle_mm_fault+0x2ab/0xd10
[  232.576810][T16008]  __x64_sys_openat+0x174/0x210
[  232.576826][T16008]  ? __pfx___x64_sys_openat+0x10/0x10
[  232.576842][T16008]  ? do_user_addr_fault+0x843/0x1370
[  232.576857][T16008]  do_syscall_64+0xcd/0x4c0
[  232.576869][T16008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.576880][T16008] RIP: 0033:0x7fe440d8d550
[  232.576889][T16008] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  232.576900][T16008] RSP: 002b:00007fe441c87b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  232.576910][T16008] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fe440d8d550
[  232.576917][T16008] RDX: 0000000000020000 RSI: 00007fe441c87c10 RDI: 00000000ffffff9c
[  232.576924][T16008] RBP: 00007fe441c87c10 R08: 0000000000000000 R09: 0023776172646968
[  232.576930][T16008] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  232.576936][T16008] R13: 00007fe440fb6038 R14: 00007fe440fb5fa0 R15: 00007fff0528d2d8
[  232.576950][T16008]  </TASK>
[  232.707976][T16053] gretap1: entered promiscuous mode
[  232.728103][T16063] FAULT_INJECTION: forcing a failure.
[  232.728103][T16063] name failslab, interval 1, probability 0, space 0, times 0
[  232.733588][T16063] CPU: 2 UID: 0 PID: 16063 Comm: syz.2.1913 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  232.733612][T16063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  232.733623][T16063] Call Trace:
[  232.733629][T16063]  <TASK>
[  232.733636][T16063]  dump_stack_lvl+0x16c/0x1f0
[  232.733665][T16063]  should_fail_ex+0x512/0x640
[  232.733676][T16063]  ? fs_reclaim_acquire+0xae/0x150
[  232.733699][T16063]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  232.733720][T16063]  should_failslab+0xc2/0x120
[  232.733738][T16063]  __kmalloc_noprof+0xd2/0x510
[  232.733757][T16063]  tomoyo_realpath_from_path+0xc2/0x6e0
[  232.733778][T16063]  ? tomoyo_profile+0x47/0x60
[  232.733803][T16063]  tomoyo_path_number_perm+0x245/0x580
[  232.733819][T16063]  ? tomoyo_path_number_perm+0x237/0x580
[  232.733839][T16063]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  232.733853][T16063]  ? find_held_lock+0x2b/0x80
[  232.733893][T16063]  ? find_held_lock+0x2b/0x80
[  232.733912][T16063]  ? hook_file_ioctl_common+0x145/0x410
[  232.733937][T16063]  ? __fget_files+0x20e/0x3c0
[  232.733957][T16063]  security_file_ioctl+0x9b/0x240
[  232.733978][T16063]  __x64_sys_ioctl+0xb7/0x210
[  232.734003][T16063]  do_syscall_64+0xcd/0x4c0
[  232.734020][T16063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.734032][T16063] RIP: 0033:0x7fe30f58ebe9
[  232.734045][T16063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.734060][T16063] RSP: 002b:00007fe310337038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  232.734076][T16063] RAX: ffffffffffffffda RBX: 00007fe30f7b5fa0 RCX: 00007fe30f58ebe9
[  232.734085][T16063] RDX: 0000000000000000 RSI: 00000000400caed0 RDI: 0000000000000004
[  232.734094][T16063] RBP: 00007fe310337090 R08: 0000000000000000 R09: 0000000000000000
[  232.734103][T16063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.734111][T16063] R13: 00007fe30f7b6038 R14: 00007fe30f7b5fa0 R15: 00007ffe7be8ba28
[  232.734132][T16063]  </TASK>
[  232.734137][T16063] ERROR: Out of memory at tomoyo_realpath_from_path.
[  232.845547][T16070] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  232.900112][T16078] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1916'.
[  232.926909][T16082] netlink: 'syz.1.1917': attribute type 4 has an invalid length.
[  232.933658][T16081] tmpfs: Bad value for 'mpol'
[  233.176882][T16136] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1926'.
[  233.372962][T16153] CIFS: iocharset name too long
[  233.440776][T16161] fuse: Unknown parameter ''
[  233.450127][T16164] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1936'.
[  233.688279][T16183] 9pnet_fd: Insufficient options for proto=fd
[  233.734094][T16189] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1944'.
[  233.766695][T16190] fuse: Bad value for 'fd'
[  233.802998][T16194] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1944'.
[  233.884267][T16199] sctp: [Deprecated]: syz.1.1946 (pid 16199) Use of int in max_burst socket option.
[  233.884267][T16199] Use struct sctp_assoc_value instead
[  233.961609][T16204] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1947'.
[  234.623246][   T40] kauditd_printk_skb: 173 callbacks suppressed
[  234.623259][   T40] audit: type=1400 audit(1754587384.848:1887): avc:  denied  { getopt } for  pid=16218 comm="syz.1.1953" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  234.626241][T16220] netlink: 'syz.1.1953': attribute type 21 has an invalid length.
[  234.635654][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1953'.
[  234.638959][T16220] netlink: 'syz.1.1953': attribute type 21 has an invalid length.
[  234.641418][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1953'.
[  234.697986][   T40] audit: type=1400 audit(1754587384.918:1888): avc:  denied  { create } for  pid=16223 comm="syz.2.1955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  234.710932][   T40] audit: type=1400 audit(1754587384.918:1889): avc:  denied  { setopt } for  pid=16223 comm="syz.2.1955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  234.721498][   T40] audit: type=1400 audit(1754587384.918:1890): avc:  denied  { bind } for  pid=16223 comm="syz.2.1955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  234.729384][   T40] audit: type=1400 audit(1754587384.918:1891): avc:  denied  { name_bind } for  pid=16223 comm="syz.2.1955" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  234.738155][   T40] audit: type=1400 audit(1754587384.918:1892): avc:  denied  { node_bind } for  pid=16223 comm="syz.2.1955" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  234.742701][T16226] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1956'.
[  234.745009][   T40] audit: type=1400 audit(1754587384.918:1893): avc:  denied  { write } for  pid=16223 comm="syz.2.1955" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  234.755258][   T40] audit: type=1400 audit(1754587384.918:1894): avc:  denied  { connect } for  pid=16223 comm="syz.2.1955" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  234.762112][   T40] audit: type=1400 audit(1754587384.918:1895): avc:  denied  { name_connect } for  pid=16223 comm="syz.2.1955" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  234.782598][   T40] audit: type=1400 audit(1754587385.008:1896): avc:  denied  { watch watch_reads } for  pid=16231 comm="syz.2.1959" path="pipe:[35834]" dev="pipefs" ino=35834 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  234.827022][T16235] bond0: entered allmulticast mode
[  234.828697][T16235] bond_slave_0: entered allmulticast mode
[  234.830489][T16235] bond_slave_1: entered allmulticast mode
[  234.837057][T16235] geneve2: entered promiscuous mode
[  234.838779][T16235] geneve2: entered allmulticast mode
[  234.841178][ T1146] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.843766][T16238] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1959'.
[  234.844020][ T1146] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.849569][ T1146] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.852796][ T1146] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.872155][T16240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1961'.
[  235.766046][T16279] "syz.2.1974" (16279) uses obsolete ecb(arc4) skcipher
[  235.846444][T16285] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  235.919363][T16296] veth1_macvtap: left promiscuous mode
[  235.922602][T16296] macsec0: entered promiscuous mode
[  235.924683][T16296] macsec0: entered allmulticast mode
[  235.975227][ T5328] Bluetooth: hci2: ISO packet for unknown connection handle 3584
[  236.672487][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.675033][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  237.431683][ T6169] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  237.591739][ T6169] usb 5-1: Using ep0 maxpacket: 8
[  237.594633][ T6169] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  237.597652][ T6169] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  237.600700][ T6169] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  237.604019][ T6169] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  237.608046][ T6169] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  237.610858][ T6169] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.820705][ T6169] usb 5-1: GET_CAPABILITIES returned 0
[  237.822668][ T6169] usbtmc 5-1:16.0: can't read capabilities
[  238.029401][ T6175] usb 5-1: USB disconnect, device number 12
[  238.190773][T16471] cgroup: Unknown subsys name 'euid<18446744073709551615'
[  238.508327][T16502] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2037'.
[  238.555998][T16508] FAULT_INJECTION: forcing a failure.
[  238.555998][T16508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.560255][T16508] CPU: 3 UID: 0 PID: 16508 Comm: syz.0.2039 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  238.560271][T16508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  238.560279][T16508] Call Trace:
[  238.560283][T16508]  <TASK>
[  238.560287][T16508]  dump_stack_lvl+0x16c/0x1f0
[  238.560308][T16508]  should_fail_ex+0x512/0x640
[  238.560320][T16508]  _copy_from_user+0x2e/0xd0
[  238.560333][T16508]  bpf_test_init.isra.0+0xe2/0x140
[  238.560349][T16508]  bpf_prog_test_run_xdp+0x4f0/0x1590
[  238.560370][T16508]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  238.560387][T16508]  ? __might_fault+0xb0/0x190
[  238.560400][T16508]  ? fput+0x9b/0xd0
[  238.560414][T16508]  ? __bpf_prog_get+0x97/0x2a0
[  238.560425][T16508]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  238.560442][T16508]  __sys_bpf+0x1050/0x4de0
[  238.560457][T16508]  ? __pfx___sys_bpf+0x10/0x10
[  238.560471][T16508]  ? ksys_write+0x190/0x250
[  238.560483][T16508]  ? __mutex_unlock_slowpath+0x163/0x800
[  238.560509][T16508]  ? fput+0x9b/0xd0
[  238.560522][T16508]  ? ksys_write+0x1ac/0x250
[  238.560532][T16508]  ? __pfx_ksys_write+0x10/0x10
[  238.560545][T16508]  __x64_sys_bpf+0x78/0xc0
[  238.560559][T16508]  ? lockdep_hardirqs_on+0x7c/0x110
[  238.560575][T16508]  do_syscall_64+0xcd/0x4c0
[  238.560585][T16508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.560596][T16508] RIP: 0033:0x7fe440d8ebe9
[  238.560606][T16508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.560616][T16508] RSP: 002b:00007fe441c88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  238.560626][T16508] RAX: ffffffffffffffda RBX: 00007fe440fb5fa0 RCX: 00007fe440d8ebe9
[  238.560633][T16508] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  238.560639][T16508] RBP: 00007fe441c88090 R08: 0000000000000000 R09: 0000000000000000
[  238.560645][T16508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.560651][T16508] R13: 00007fe440fb6038 R14: 00007fe440fb5fa0 R15: 00007fff0528d2d8
[  238.560664][T16508]  </TASK>
[  238.653209][ T5328] Bluetooth: hci2: unexpected event for opcode 0x200b
[  238.750723][T16542] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2045'.
[  238.785018][T16550] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2047'.
[  238.935822][T16577] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2050'.
[  239.135348][ T5328] Bluetooth: hci3: unexpected event for opcode 0x080d
[  239.598198][T16649] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2061'.
[  239.655646][   T40] kauditd_printk_skb: 223 callbacks suppressed
[  239.655657][   T40] audit: type=1400 audit(1754587389.878:2120): avc:  denied  { map_create } for  pid=16663 comm="syz.2.2063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  239.663880][   T40] audit: type=1400 audit(1754587389.878:2121): avc:  denied  { prog_load } for  pid=16663 comm="syz.2.2063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  239.669777][   T40] audit: type=1400 audit(1754587389.878:2122): avc:  denied  { bpf } for  pid=16663 comm="syz.2.2063" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  239.678784][   T40] audit: type=1400 audit(1754587389.878:2123): avc:  denied  { perfmon } for  pid=16663 comm="syz.2.2063" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  239.688256][   T40] audit: type=1400 audit(1754587389.878:2124): avc:  denied  { ioctl } for  pid=16663 comm="syz.2.2063" path="socket:[38743]" dev="sockfs" ino=38743 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  239.696428][   T40] audit: type=1400 audit(1754587389.878:2125): avc:  denied  { module_request } for  pid=16663 comm="syz.2.2063" kmod="netdev-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  239.703789][   T40] audit: type=1400 audit(1754587389.878:2126): avc:  denied  { allowed } for  pid=16665 comm="syz.1.2064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  239.709881][   T40] audit: type=1400 audit(1754587389.888:2127): avc:  denied  { execute } for  pid=16665 comm="syz.1.2064" path="/516/cpu.stat" dev="tmpfs" ino=2715 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  239.717248][   T40] audit: type=1400 audit(1754587389.898:2128): avc:  denied  { sys_module } for  pid=16663 comm="syz.2.2063" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  239.837893][   T40] audit: type=1400 audit(1754587390.058:2129): avc:  denied  { create } for  pid=16684 comm="syz.1.2068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  239.839862][T16685] raw_sendmsg: syz.1.2068 forgot to set AF_INET. Fix it!
[  240.069689][T16695] __nla_validate_parse: 33 callbacks suppressed
[  240.069703][T16695] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2070'.
[  240.701690][ T6169] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  240.853036][ T6169] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  240.855935][ T6169] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  240.859220][ T6169] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  240.862217][ T6169] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  240.865652][ T6169] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  240.870468][ T6169] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  240.873472][ T6169] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  240.876058][ T6169] usb 5-1: Product: syz
[  240.877449][ T6169] usb 5-1: Manufacturer: syz
[  240.885380][ T6169] cdc_wdm 5-1:1.0: skipping garbage
[  240.887099][ T6169] cdc_wdm 5-1:1.0: skipping garbage
[  240.889883][ T6169] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  240.891918][ T6169] cdc_wdm 5-1:1.0: Unknown control protocol
[  240.935060][T16737] geneve3: entered promiscuous mode
[  240.936778][T16737] geneve3: entered allmulticast mode
[  240.939200][   T13] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  240.942149][   T13] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  240.944948][   T13] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  240.948169][   T13] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  240.951757][T16737] netlink: 'syz.1.2077': attribute type 1 has an invalid length.
[  241.087896][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.090047][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.092235][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.094334][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.096449][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.098571][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.100669][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.102778][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.104860][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.106935][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.109059][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.111364][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.113508][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.115607][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.117662][ T6169] usb 5-1: USB disconnect, device number 13
[  241.119619][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  241.119629][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  241.119638][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  241.126672][T16745] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2078'.
[  241.130701][T16745] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2078'.
[  241.232056][T16754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2080'.
[  241.845984][T16775] __vm_enough_memory: pid: 16775, comm: syz.0.2086, bytes: 21200351522816 not enough memory for the allocation
[  242.048324][T16787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2089'.
[  242.213985][T16802] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd
[  242.289733][ T5328] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  243.080974][T16812] netlink: 'syz.0.2092': attribute type 32 has an invalid length.
[  243.203557][ T5328] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  243.207069][ T5328] Bluetooth: hci3: Injecting HCI hardware error event
[  243.212058][ T5970] Bluetooth: hci3: hardware error 0x00
[  243.534127][T16842] /dev/sr0: Can't open blockdev
[  244.013790][T16859] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2101'.
[  244.016711][T16859] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2101'.
[  244.510029][T16873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2106'.
[  244.512989][T16873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2106'.
[  244.583445][T16876] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1280 sclass=netlink_route_socket pid=16876 comm=syz.0.2107
[  244.590334][T16876] devpts: Bad value for 'max'
[  244.623731][T16881] geneve2: entered promiscuous mode
[  244.625526][T16881] geneve2: entered allmulticast mode
[  244.630006][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  244.633752][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  244.636521][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  244.639331][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  245.013663][   T40] kauditd_printk_skb: 139 callbacks suppressed
[  245.013685][   T40] audit: type=1400 audit(1754587395.238:2269): avc:  denied  { execute } for  pid=16887 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  245.016061][T16886] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  245.027425][   T40] audit: type=1400 audit(1754587395.238:2270): avc:  denied  { execute_no_trans } for  pid=16887 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  245.038037][   T40] audit: type=1400 audit(1754587395.238:2271): avc:  denied  { execmem } for  pid=16887 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  245.091184][   T40] audit: type=1400 audit(1754587395.308:2272): avc:  denied  { mount } for  pid=16885 comm="syz.1.2109" name="/" dev="9p" ino=35913830 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  245.134987][T16891] overlayfs: failed to clone lowerpath
[  245.139251][   T40] audit: type=1400 audit(1754587395.358:2273): avc:  denied  { setopt } for  pid=16885 comm="syz.1.2109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  245.147572][   T40] audit: type=1400 audit(1754587395.368:2274): avc:  denied  { write } for  pid=16885 comm="syz.1.2109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  245.172845][   T63] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  245.176779][   T63] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  245.179708][   T63] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  245.182807][   T63] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  245.185286][   T63] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  245.191206][   T40] audit: type=1400 audit(1754587395.408:2275): avc:  denied  { mounton } for  pid=16894 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  245.230052][   T40] audit: type=1400 audit(1754587395.448:2276): avc:  denied  { map_create } for  pid=16903 comm="syz.2.2111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  245.231002][ T1145] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.237190][   T40] audit: type=1400 audit(1754587395.448:2277): avc:  denied  { map_read map_write } for  pid=16903 comm="syz.2.2111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  245.237226][   T40] audit: type=1400 audit(1754587395.458:2278): avc:  denied  { prog_run } for  pid=16903 comm="syz.2.2111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  245.281691][ T5970] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  245.337885][ T1145] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.370361][T16894] chnl_net:caif_netlink_parms(): no params data found
[  245.420365][ T1145] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.479675][ T1145] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.486021][T16894] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.488366][T16894] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.490763][T16894] bridge_slave_0: entered allmulticast mode
[  245.493582][T16894] bridge_slave_0: entered promiscuous mode
[  245.496849][T16894] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.499165][T16894] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.501535][T16894] bridge_slave_1: entered allmulticast mode
[  245.506879][T16894] bridge_slave_1: entered promiscuous mode
[  245.540418][T16894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.546640][T16894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.584064][T16894] team0: Port device team_slave_0 added
[  245.587820][T16894] team0: Port device team_slave_1 added
[  245.634309][T16894] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.636605][T16894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.645727][T16894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.657031][T16894] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.659278][T16894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.668213][T16894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.681262][ T1145] bridge_slave_1: left allmulticast mode
[  245.683514][ T1145] bridge_slave_1: left promiscuous mode
[  245.686570][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.691848][ T1145] bridge_slave_0: left allmulticast mode
[  245.694302][ T1145] bridge_slave_0: left promiscuous mode
[  245.696213][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.868262][T17587] netlink: 'syz.1.2115': attribute type 1 has an invalid length.
[  245.870729][T17587] netlink: 'syz.1.2115': attribute type 4 has an invalid length.
[  245.873177][T17587] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2115'.
[  245.954867][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  245.959102][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.962845][ T1145] bond0 (unregistering): Released all slaves
[  246.028675][T16894] hsr_slave_0: entered promiscuous mode
[  246.031003][T16894] hsr_slave_1: entered promiscuous mode
[  246.199604][ T1145] hsr_slave_0: left promiscuous mode
[  246.203676][ T1145] hsr_slave_1: left promiscuous mode
[  246.205749][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.208195][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.210960][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.214260][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.240273][T17938] overlayfs: failed to clone upperpath
[  246.243650][ T1145] veth1_macvtap: left promiscuous mode
[  246.245714][ T1145] veth0_macvtap: left promiscuous mode
[  246.247576][ T1145] veth1_vlan: left promiscuous mode
[  246.249348][ T1145] veth0_vlan: left promiscuous mode
[  246.841184][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  246.905016][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  247.204928][ T5970] Bluetooth: hci4: command tx timeout
[  247.407189][T16894] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  247.412502][T16894] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  247.417286][T16894] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  247.421598][T16894] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  247.444526][T17970] wireguard: wg1: Could not create IPv4 socket
[  247.495679][T17976] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5121 sclass=netlink_route_socket pid=17976 comm=syz.2.2124
[  247.497816][T16894] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.510584][T16894] 8021q: adding VLAN 0 to HW filter on device team0
[  247.520924][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.523326][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.531282][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.533595][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.668891][T18006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2127'.
[  247.672422][T16894] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.675679][T18006] comedi comedi3: ni_at_a2150: I/O port conflict (0x4f27,28)
[  247.804911][T18034] overlayfs: failed to clone upperpath
[  247.806193][T16894] veth0_vlan: entered promiscuous mode
[  247.813042][T16894] veth1_vlan: entered promiscuous mode
[  247.825724][T16894] veth0_macvtap: entered promiscuous mode
[  247.830224][T16894] veth1_macvtap: entered promiscuous mode
[  247.839251][T16894] batman_adv: batadv0: Interface activated: batadv_slave_0
[  247.844825][T16894] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.850090][   T73] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.854840][   T73] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.858282][   T73] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.861057][   T73] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.912323][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.914801][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.941178][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.945254][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.981713][ T6018] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  248.128237][T18077] kvm: kvm [18076]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xfb15
[  248.132699][ T6018] usb 5-1: Using ep0 maxpacket: 32
[  248.135635][T18077] kvm: kvm [18076]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf881
[  248.135770][ T6018] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  248.143192][ T6018] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  248.145362][T18077] kvm: kvm [18076]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x4369
[  248.146156][ T6018] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  248.151415][ T6018] usb 5-1: Product: syz
[  248.153251][ T6018] usb 5-1: Manufacturer: syz
[  248.154752][ T6018] usb 5-1: SerialNumber: syz
[  248.157811][ T6018] usb 5-1: config 0 descriptor??
[  248.159932][T18019] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  248.163943][ T6018] hub 5-1:0.0: bad descriptor, ignoring hub
[  248.165822][ T6018] hub 5-1:0.0: probe with driver hub failed with error -5
[  248.174182][T18081] pimreg65328: entered allmulticast mode
[  248.296036][T18101] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  248.298347][T18101] overlayfs: failed to set xattr on upper
[  248.300125][T18101] overlayfs: ...falling back to redirect_dir=nofollow.
[  248.302884][T18101] overlayfs: ...falling back to index=off.
[  248.304755][T18101] overlayfs: ...falling back to uuid=null.
[  248.306595][T18101] overlayfs: ...falling back to xino=off.
[  248.308412][T18101] overlayfs: conflicting lowerdir path
[  248.338901][T18107] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2133'.
[  248.370976][T18110] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2134'.
[  248.404334][T18114] pim6reg: entered allmulticast mode
[  248.409715][T18117] geneve2: entered promiscuous mode
[  248.411383][T18117] geneve2: entered allmulticast mode
[  248.416826][T18114] pim6reg: left allmulticast mode
[  248.429261][ T1241] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  248.432520][ T1241] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  248.435454][T18117] netlink: 'syz.5.2135': attribute type 1 has an invalid length.
[  248.437960][ T1241] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  248.445052][ T1241] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  248.507092][T18137] openvswitch: netlink: Flow key attr not present in new flow.
[  248.535122][T18143] devpts: Bad value for 'max'
[  248.649960][T18152] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2144'.
[  248.874334][T18170] overlayfs: failed to clone upperpath
[  249.910083][T18209] overlayfs: failed to clone upperpath
[  250.321863][ T5970] Bluetooth: hci4: command tx timeout
[  250.490894][   T40] kauditd_printk_skb: 197 callbacks suppressed
[  250.490907][   T40] audit: type=1400 audit(1754587400.708:2476): avc:  denied  { mounton } for  pid=18210 comm="syz.2.2158" path="/575/file0" dev="tmpfs" ino=3096 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  250.514814][   T40] audit: type=1400 audit(1754587400.738:2477): avc:  denied  { create } for  pid=18213 comm="syz.2.2159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  250.520895][   T40] audit: type=1400 audit(1754587400.738:2478): avc:  denied  { setopt } for  pid=18213 comm="syz.2.2159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  250.527038][   T40] audit: type=1400 audit(1754587400.738:2479): avc:  denied  { bind } for  pid=18213 comm="syz.2.2159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  250.533341][   T40] audit: type=1400 audit(1754587400.738:2480): avc:  denied  { name_bind } for  pid=18213 comm="syz.2.2159" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  250.540120][   T40] audit: type=1400 audit(1754587400.738:2481): avc:  denied  { node_bind } for  pid=18213 comm="syz.2.2159" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  250.546971][   T40] audit: type=1400 audit(1754587400.738:2482): avc:  denied  { write } for  pid=18213 comm="syz.2.2159" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  250.553603][   T40] audit: type=1400 audit(1754587400.738:2483): avc:  denied  { connect } for  pid=18213 comm="syz.2.2159" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  250.560476][   T40] audit: type=1400 audit(1754587400.738:2484): avc:  denied  { name_connect } for  pid=18213 comm="syz.2.2159" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  250.567482][   T40] audit: type=1400 audit(1754587400.778:2485): avc:  denied  { ioctl } for  pid=18215 comm="syz.2.2160" path="socket:[41250]" dev="sockfs" ino=41250 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  250.607818][T18217] overlayfs: failed to clone upperpath
[  250.805059][T18242] sctp: [Deprecated]: syz.1.2167 (pid 18242) Use of int in max_burst socket option.
[  250.805059][T18242] Use struct sctp_assoc_value instead
[  250.847547][T18242] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2167'.
[  251.083863][T18251] overlayfs: failed to clone upperpath
[  251.587362][T18284] omfs: Invalid superblock (0)
[  251.587418][   T34] usb 5-1: USB disconnect, device number 14
[  251.623935][T18292] ubi: mtd0 is already attached to ubi31
[  251.695083][T18315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  251.720337][T18311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2178'.
[  251.772029][T18332] IPv6: NLM_F_REPLACE set, but no existing node found!
[  251.821571][T18343] IPv6: NLM_F_REPLACE set, but no existing node found!
[  251.851248][T18349] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2186'.
[  251.854543][T18349] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2186'.
[  251.860146][T18349] gretap0: entered promiscuous mode
[  251.863186][T18349] gretap0: left promiscuous mode
[  252.040868][T18358] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2188'.
[  252.075596][ T5970] Bluetooth: hci2: ISO packet for unknown connection handle 3584
[  252.291576][T18366] overlayfs: failed to clone upperpath
[  252.369769][T18368] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2191'.
[  252.373215][T18371] fuse: Unknown parameter 'froup_id'
[  252.401805][ T5970] Bluetooth: hci4: command tx timeout
[  252.496576][T18384] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  252.827945][T18426] netlink: 'syz.5.2205': attribute type 2 has an invalid length.
[  252.831415][T18426] netlink: 'syz.5.2205': attribute type 1 has an invalid length.
[  252.834247][T18426] netlink: 'syz.5.2205': attribute type 1 has an invalid length.
[  252.864632][T18431] bond0: (slave veth0_macvtap): Error: Device is in use and cannot be enslaved
[  253.027660][T18450] overlayfs: failed to clone upperpath
[  253.032247][T18450] overlayfs: failed to clone upperpath
[  253.110565][T18458] overlayfs: failed to clone upperpath
[  253.426527][T18472] overlayfs: failed to clone upperpath
[  253.832528][T18482] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  253.857523][T18488] FAULT_INJECTION: forcing a failure.
[  253.857523][T18488] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.862375][T18488] CPU: 3 UID: 0 PID: 18488 Comm: syz.0.2222 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  253.862391][T18488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  253.862398][T18488] Call Trace:
[  253.862402][T18488]  <TASK>
[  253.862407][T18488]  dump_stack_lvl+0x16c/0x1f0
[  253.862444][T18488]  should_fail_ex+0x512/0x640
[  253.862460][T18488]  _copy_to_user+0x32/0xd0
[  253.862473][T18488]  simple_read_from_buffer+0xcb/0x170
[  253.862486][T18488]  proc_fail_nth_read+0x197/0x240
[  253.862499][T18488]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  253.862512][T18488]  ? rw_verify_area+0xcf/0x6c0
[  253.862528][T18488]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  253.862540][T18488]  vfs_read+0x1e1/0xc60
[  253.862552][T18488]  ? __pfx___mutex_lock+0x10/0x10
[  253.862566][T18488]  ? __pfx_vfs_read+0x10/0x10
[  253.862580][T18488]  ? __fget_files+0x20e/0x3c0
[  253.862596][T18488]  ksys_read+0x12a/0x250
[  253.862606][T18488]  ? __pfx_ksys_read+0x10/0x10
[  253.862621][T18488]  do_syscall_64+0xcd/0x4c0
[  253.862632][T18488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.862643][T18488] RIP: 0033:0x7fe440d8d5fc
[  253.862652][T18488] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  253.862662][T18488] RSP: 002b:00007fe441c88030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  253.862673][T18488] RAX: ffffffffffffffda RBX: 00007fe440fb5fa0 RCX: 00007fe440d8d5fc
[  253.862679][T18488] RDX: 000000000000000f RSI: 00007fe441c880a0 RDI: 0000000000000004
[  253.862685][T18488] RBP: 00007fe441c88090 R08: 0000000000000000 R09: 0000000000000000
[  253.862691][T18488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.862697][T18488] R13: 00007fe440fb6038 R14: 00007fe440fb5fa0 R15: 00007fff0528d2d8
[  253.862710][T18488]  </TASK>
[  253.864045][T18487] overlayfs: conflicting lowerdir path
[  255.444664][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[  255.446709][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  258.252325][   T40] kauditd_printk_skb: 167 callbacks suppressed
[  258.252336][   T40] audit: type=1400 audit(1754587408.478:2653): avc:  denied  { search } for  pid=18522 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.261454][   T40] audit: type=1400 audit(1754587408.478:2654): avc:  denied  { search } for  pid=18522 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1897 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.269201][   T40] audit: type=1400 audit(1754587408.478:2655): avc:  denied  { search } for  pid=18522 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.276600][   T40] audit: type=1400 audit(1754587408.478:2656): avc:  denied  { search } for  pid=18522 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.283758][   T40] audit: type=1400 audit(1754587408.478:2657): avc:  denied  { read open } for  pid=18523 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.291548][   T40] audit: type=1400 audit(1754587408.478:2658): avc:  denied  { getattr } for  pid=18523 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.299876][   T40] audit: type=1400 audit(1754587408.488:2659): avc:  denied  { add_name } for  pid=18522 comm="dhcpcd-run-hook" name="resolv.conf.eth6.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  258.306910][   T40] audit: type=1400 audit(1754587408.488:2660): avc:  denied  { create } for  pid=18522 comm="dhcpcd-run-hook" name="resolv.conf.eth6.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.313899][   T40] audit: type=1400 audit(1754587408.488:2661): avc:  denied  { write open } for  pid=18522 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth6.ipv4ll" dev="tmpfs" ino=8735 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  258.322383][   T40] audit: type=1400 audit(1754587408.488:2662): avc:  denied  { append } for  pid=18522 comm="dhcpcd-run-hook" name="resolv.conf.eth6.ipv4ll" dev="tmpfs" ino=8735 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  266.322875][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  266.322885][   T40] audit: type=1400 audit(1754587416.548:2667): avc:  denied  { name_connect } for  pid=18576 comm="syz.2.2230" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  266.325885][T18584] overlayfs: failed to clone upperpath
[  266.331612][   T40] audit: type=1400 audit(1754587416.548:2668): avc:  denied  { mounton } for  pid=18578 comm="syz.5.2231" path="/25/file1" dev="tmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  266.340495][   T40] audit: type=1400 audit(1754587416.548:2669): avc:  denied  { mount } for  pid=18578 comm="syz.5.2231" name="/" dev="autofs" ino=42469 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  266.365782][   T40] audit: type=1400 audit(1754587416.588:2670): avc:  denied  { create } for  pid=18592 comm="syz.0.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  266.366668][T18593] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2233'.
[  266.372992][   T40] audit: type=1400 audit(1754587416.588:2671): avc:  denied  { write } for  pid=18592 comm="syz.0.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  266.390715][   T40] audit: type=1400 audit(1754587416.608:2672): avc:  denied  { allowed } for  pid=18598 comm="syz.2.2234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  266.397761][   T40] audit: type=1400 audit(1754587416.618:2673): avc:  denied  { read } for  pid=18578 comm="syz.5.2231" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  266.404879][   T40] audit: type=1400 audit(1754587416.618:2674): avc:  denied  { open } for  pid=18578 comm="syz.5.2231" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  266.408922][T18584] overlayfs: failed to clone upperpath
[  266.412553][   T40] audit: type=1400 audit(1754587416.618:2675): avc:  denied  { read write } for  pid=18578 comm="syz.5.2231" name="video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  266.421120][   T40] audit: type=1400 audit(1754587416.618:2676): avc:  denied  { open } for  pid=18578 comm="syz.5.2231" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  266.547375][   T63] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  266.550891][   T63] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  266.560712][   T63] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  266.564565][   T63] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  266.567176][   T63] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  266.679629][T18612] chnl_net:caif_netlink_parms(): no params data found
[  266.793436][T18612] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.795729][T18612] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.798149][T18612] bridge_slave_0: entered allmulticast mode
[  266.800776][T18612] bridge_slave_0: entered promiscuous mode
[  266.804726][T18612] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.807014][T18612] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.809341][T18612] bridge_slave_1: entered allmulticast mode
[  266.812936][T18612] bridge_slave_1: entered promiscuous mode
[  266.867707][T18612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.872761][T18612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.940638][T18612] team0: Port device team_slave_0 added
[  266.945046][T18612] team0: Port device team_slave_1 added
[  266.962820][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  266.966158][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.007288][T18612] batman_adv: batadv0: Adding interface: batadv_slave_0
[  267.009607][T18612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  267.019129][T18612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  267.025441][T18612] batman_adv: batadv0: Adding interface: batadv_slave_1
[  267.027805][T18612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  267.035981][T18612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  267.053409][ T1145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  267.056669][ T1145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.102368][T18612] hsr_slave_0: entered promiscuous mode
[  267.104679][T18612] hsr_slave_1: entered promiscuous mode
[  267.106905][T18612] debugfs: 'hsr0' already exists in 'hsr'
[  267.108777][T18612] Cannot create hsr debugfs directory
[  267.143633][ T1145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  267.146885][ T1145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.212769][ T1145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  267.216002][ T1145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.278916][T19533] FAULT_INJECTION: forcing a failure.
[  267.278916][T19533] name failslab, interval 1, probability 0, space 0, times 0
[  267.284318][T19533] CPU: 0 UID: 0 PID: 19533 Comm: syz.5.2238 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  267.284336][T19533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  267.284342][T19533] Call Trace:
[  267.284346][T19533]  <TASK>
[  267.284351][T19533]  dump_stack_lvl+0x16c/0x1f0
[  267.284396][T19533]  should_fail_ex+0x512/0x640
[  267.284411][T19533]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  267.284424][T19533]  should_failslab+0xc2/0x120
[  267.284436][T19533]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  267.284447][T19533]  ? fpstate_reset+0x112/0x3b0
[  267.284461][T19533]  ? alloc_pid+0xc7/0xbc0
[  267.284473][T19533]  alloc_pid+0xc7/0xbc0
[  267.284486][T19533]  copy_process+0x466f/0x7690
[  267.284508][T19533]  ? __pfx_copy_process+0x10/0x10
[  267.284524][T19533]  ? lockdep_init_map_type+0x5c/0x280
[  267.284536][T19533]  ? lockdep_init_map_type+0x5c/0x280
[  267.284546][T19533]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  267.284560][T19533]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  267.284578][T19533]  vhost_task_create+0x1d2/0x2e0
[  267.284589][T19533]  ? __pfx_vhost_task_create+0x10/0x10
[  267.284603][T19533]  ? __pfx_vhost_task_fn+0x10/0x10
[  267.284620][T19533]  kvm_mmu_post_init_vm+0x1b7/0x380
[  267.284633][T19533]  kvm_arch_vcpu_ioctl_run+0x66/0x1980
[  267.284649][T19533]  ? kvm_vcpu_ioctl+0x14c6/0x1690
[  267.284667][T19533]  kvm_vcpu_ioctl+0x5eb/0x1690
[  267.284682][T19533]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  267.284697][T19533]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  267.284711][T19533]  ? do_vfs_ioctl+0x128/0x14f0
[  267.284727][T19533]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  267.284743][T19533]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  267.284763][T19533]  ? hook_file_ioctl_common+0x145/0x410
[  267.284783][T19533]  ? selinux_file_ioctl+0x180/0x270
[  267.284796][T19533]  ? selinux_file_ioctl+0xb4/0x270
[  267.284809][T19533]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  267.284824][T19533]  __x64_sys_ioctl+0x18e/0x210
[  267.284841][T19533]  do_syscall_64+0xcd/0x4c0
[  267.284856][T19533]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.284867][T19533] RIP: 0033:0x7f2f97d8ebe9
[  267.284876][T19533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.284886][T19533] RSP: 002b:00007f2f98c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  267.284897][T19533] RAX: ffffffffffffffda RBX: 00007f2f97fb5fa0 RCX: 00007f2f97d8ebe9
[  267.284903][T19533] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  267.284909][T19533] RBP: 00007f2f98c52090 R08: 0000000000000000 R09: 0000000000000000
[  267.284915][T19533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.284921][T19533] R13: 00007f2f97fb6038 R14: 00007f2f97fb5fa0 R15: 00007fff81dc2668
[  267.284934][T19533]  </TASK>
[  267.441022][ T1145] bridge_slave_1: left allmulticast mode
[  267.443197][ T1145] bridge_slave_1: left promiscuous mode
[  267.445146][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.450186][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.500389][T19642] netlink: 'syz.5.2243': attribute type 1 has an invalid length.
[  267.652205][T19654] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  267.777652][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  267.781868][ T1145] bond_slave_0: left promiscuous mode
[  267.785980][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  267.789617][ T1145] bond_slave_1: left promiscuous mode
[  267.792966][ T1145] bond0 (unregistering): Released all slaves
[  267.859836][ T1145] bond1 (unregistering): (slave veth3): Releasing active interface
[  267.862461][ T1145] veth0_to_bond: entered promiscuous mode
[  267.865654][ T1145] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[  267.869251][ T1145] bond1 (unregistering): Released all slaves
[  267.887560][T19642] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  267.951509][ T1145] tipc: Left network mode
[  268.194395][ T1145] hsr_slave_0: left promiscuous mode
[  268.199215][ T1145] hsr_slave_1: left promiscuous mode
[  268.201244][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  268.203636][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  268.206289][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  268.208600][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  268.236222][ T1145] veth0_macvtap: left promiscuous mode
[  268.238115][ T1145] veth1_vlan: left promiscuous mode
[  268.239799][ T1145] veth0_vlan: left promiscuous mode
[  268.394853][T19714] overlayfs: failed to clone upperpath
[  268.642362][   T63] Bluetooth: hci1: command tx timeout
[  268.882382][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  268.954668][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  269.042549][ T6018] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  269.207675][T19738] overlayfs: failed to clone upperpath
[  269.213154][ T6018] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  269.218939][ T6018] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  269.222994][ T6018] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  269.225575][ T6018] usb 10-1: Product: syz
[  269.226997][ T6018] usb 10-1: Manufacturer: syz
[  269.228499][ T6018] usb 10-1: SerialNumber: syz
[  269.436802][ T6018] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  269.505823][T18612] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  269.509783][T18612] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  269.513817][T18612] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  269.517686][T18612] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  269.566269][T18612] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.574705][T18612] 8021q: adding VLAN 0 to HW filter on device team0
[  269.579533][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.581826][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.587857][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.590105][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.620879][T18612] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  269.625408][T18612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  269.627966][T19773] FAULT_INJECTION: forcing a failure.
[  269.627966][T19773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  269.632802][T19773] CPU: 2 UID: 0 PID: 19773 Comm: syz.0.2257 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  269.632818][T19773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.632824][T19773] Call Trace:
[  269.632829][T19773]  <TASK>
[  269.632833][T19773]  dump_stack_lvl+0x16c/0x1f0
[  269.632853][T19773]  should_fail_ex+0x512/0x640
[  269.632865][T19773]  strncpy_from_user+0x3b/0x2e0
[  269.632883][T19773]  getname_flags.part.0+0x8f/0x550
[  269.632901][T19773]  getname_flags+0x93/0xf0
[  269.632912][T19773]  do_sys_openat2+0xb8/0x1d0
[  269.632927][T19773]  ? __pfx_do_sys_openat2+0x10/0x10
[  269.632943][T19773]  ? __fget_files+0x20e/0x3c0
[  269.632957][T19773]  __x64_sys_openat+0x174/0x210
[  269.632972][T19773]  ? __pfx___x64_sys_openat+0x10/0x10
[  269.632986][T19773]  ? ksys_write+0x1ac/0x250
[  269.633001][T19773]  do_syscall_64+0xcd/0x4c0
[  269.633012][T19773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.633023][T19773] RIP: 0033:0x7fe440d8ebe9
[  269.633032][T19773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.633043][T19773] RSP: 002b:00007fe441c88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  269.633053][T19773] RAX: ffffffffffffffda RBX: 00007fe440fb5fa0 RCX: 00007fe440d8ebe9
[  269.633060][T19773] RDX: 0000000000000100 RSI: 0000200000000240 RDI: ffffffffffffff9c
[  269.633067][T19773] RBP: 00007fe441c88090 R08: 0000000000000000 R09: 0000000000000000
[  269.633073][T19773] R10: 0000000000000198 R11: 0000000000000246 R12: 0000000000000001
[  269.633079][T19773] R13: 00007fe440fb6038 R14: 00007fe440fb5fa0 R15: 00007fff0528d2d8
[  269.633092][T19773]  </TASK>
[  269.725015][T18612] 8021q: adding VLAN 0 to HW filter on device batadv0
[  269.747458][T18612] veth0_vlan: entered promiscuous mode
[  269.753210][T18612] veth1_vlan: entered promiscuous mode
[  269.760074][   T60] usb 10-1: USB disconnect, device number 2
[  269.766292][   T60] usblp0: removed
[  269.771910][T18612] veth0_macvtap: entered promiscuous mode
[  269.781383][T18612] veth1_macvtap: entered promiscuous mode
[  269.791587][T18612] batman_adv: batadv0: Interface activated: batadv_slave_0
[  269.797695][T18612] batman_adv: batadv0: Interface activated: batadv_slave_1
[  269.803269][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  269.806146][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  269.810970][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  269.814406][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  269.846272][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  269.848887][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.866437][   T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  269.869239][ T1145] IPVS: stop unused estimator thread 0...
[  269.869567][   T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.931228][T19808] netlink: 'syz.2.2259': attribute type 23 has an invalid length.
[  270.026492][T19818] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2260'.
[  270.030747][T19818] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2260'.
[  270.043356][T19819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2260'.
[  270.410848][T19842] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  270.645835][T19859] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19859 comm=syz.5.2268
[  270.731858][   T63] Bluetooth: hci1: command tx timeout
[  270.912548][ T6005] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  271.071865][ T6005] usb 10-1: Using ep0 maxpacket: 8
[  271.082275][ T6005] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  271.085545][ T6005] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2
[  271.088370][ T6005] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  271.091931][ T6005] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  271.095405][ T6005] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  271.098304][ T6005] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.109815][ T6005] hub 10-1:1.0: bad descriptor, ignoring hub
[  271.115867][ T6005] hub 10-1:1.0: probe with driver hub failed with error -5
[  271.118427][ T6005] cdc_wdm 10-1:1.0: skipping garbage
[  271.121572][ T6005] cdc_wdm 10-1:1.0: skipping garbage
[  271.124816][ T6005] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  271.126964][ T6005] cdc_wdm 10-1:1.0: Unknown control protocol
[  271.612999][ T6175] usb 10-1: USB disconnect, device number 3
[  271.993607][   T40] kauditd_printk_skb: 194 callbacks suppressed
[  271.993619][   T40] audit: type=1400 audit(1754587422.218:2871): avc:  denied  { unmount } for  pid=18612 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  272.026682][   T40] audit: type=1400 audit(1754587422.248:2872): avc:  denied  { sys_module } for  pid=19906 comm="syz.0.2284" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  272.033329][   T40] audit: type=1400 audit(1754587422.248:2873): avc:  denied  { module_request } for  pid=19906 comm="syz.0.2284" kmod="syz_tun" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  272.064596][   T40] audit: type=1400 audit(1754587422.288:2874): avc:  denied  { create } for  pid=19916 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  272.070827][   T40] audit: type=1400 audit(1754587422.288:2875): avc:  denied  { read } for  pid=19916 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  272.076991][   T40] audit: type=1400 audit(1754587422.288:2876): avc:  denied  { write } for  pid=19916 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  272.084694][   T40] audit: type=1400 audit(1754587422.288:2877): avc:  denied  { write } for  pid=19916 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  272.091082][   T40] audit: type=1400 audit(1754587422.288:2878): avc:  denied  { read } for  pid=19916 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  272.093489][T19912] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  272.097620][   T40] audit: type=1400 audit(1754587422.288:2879): avc:  denied  { ioctl } for  pid=19916 comm="syz.1.2279" path="socket:[42705]" dev="sockfs" ino=42705 ioctlcmd=0x2100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  272.110943][   T40] audit: type=1400 audit(1754587422.288:2880): avc:  denied  { create } for  pid=19916 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  272.212401][T19936] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  272.270876][T19942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2282'.
[  272.491783][   T60] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  272.651734][   T60] usb 7-1: Using ep0 maxpacket: 8
[  272.654763][   T60] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  272.657733][   T60] usb 7-1: config 0 has no interface number 0
[  272.659838][   T60] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  272.663340][   T60] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  272.667562][   T60] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  272.671238][   T60] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  272.675444][   T60] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  272.678521][   T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.682655][   T60] usb 7-1: config 0 descriptor??
[  272.689215][   T60] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  272.811838][   T63] Bluetooth: hci1: command tx timeout
[  272.894767][T19958] IPv6: NLM_F_CREATE should be specified when creating new route
[  272.953648][ T6169] usb 7-1: USB disconnect, device number 20
[  272.957139][ T6169] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  273.006656][T19973] FAULT_INJECTION: forcing a failure.
[  273.006656][T19973] name failslab, interval 1, probability 0, space 0, times 0
[  273.010900][T19973] CPU: 0 UID: 0 PID: 19973 Comm: syz.0.2288 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  273.010917][T19973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  273.010924][T19973] Call Trace:
[  273.010929][T19973]  <TASK>
[  273.010934][T19973]  dump_stack_lvl+0x16c/0x1f0
[  273.010956][T19973]  should_fail_ex+0x512/0x640
[  273.010966][T19973]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  273.010980][T19973]  should_failslab+0xc2/0x120
[  273.010993][T19973]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  273.011003][T19973]  ? __pfx___might_resched+0x10/0x10
[  273.011017][T19973]  ? __alloc_skb+0x2b2/0x380
[  273.011034][T19973]  __alloc_skb+0x2b2/0x380
[  273.011049][T19973]  ? __pfx___alloc_skb+0x10/0x10
[  273.011065][T19973]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  273.011080][T19973]  nl80211_new_interface+0x592/0x1190
[  273.011097][T19973]  ? __pfx_nl80211_new_interface+0x10/0x10
[  273.011114][T19973]  ? nl80211_pre_doit+0x1b0/0xb10
[  273.011132][T19973]  genl_family_rcv_msg_doit+0x209/0x2f0
[  273.011146][T19973]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  273.011165][T19973]  ? bpf_lsm_capable+0x9/0x10
[  273.011180][T19973]  ? security_capable+0x7e/0x260
[  273.011193][T19973]  ? ns_capable+0xd7/0x110
[  273.011207][T19973]  genl_rcv_msg+0x55c/0x800
[  273.011220][T19973]  ? __pfx_genl_rcv_msg+0x10/0x10
[  273.011231][T19973]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  273.011244][T19973]  ? __pfx_nl80211_new_interface+0x10/0x10
[  273.011257][T19973]  ? __pfx_nl80211_post_doit+0x10/0x10
[  273.011269][T19973]  ? __lock_acquire+0x62e/0x1ce0
[  273.011288][T19973]  netlink_rcv_skb+0x158/0x420
[  273.011298][T19973]  ? __pfx_genl_rcv_msg+0x10/0x10
[  273.011310][T19973]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  273.011325][T19973]  ? netlink_deliver_tap+0x1ae/0xd30
[  273.011340][T19973]  ? selinux_netlink_send+0x578/0x830
[  273.011353][T19973]  ? is_vmalloc_addr+0x86/0xa0
[  273.011365][T19973]  genl_rcv+0x28/0x40
[  273.011379][T19973]  netlink_unicast+0x5a7/0x870
[  273.011390][T19973]  ? __pfx_netlink_unicast+0x10/0x10
[  273.011400][T19973]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  273.011421][T19973]  netlink_sendmsg+0x8d1/0xdd0
[  273.011433][T19973]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.011447][T19973]  ____sys_sendmsg+0xa98/0xc70
[  273.011460][T19973]  ? copy_msghdr_from_user+0x10a/0x160
[  273.011476][T19973]  ? __pfx_____sys_sendmsg+0x10/0x10
[  273.011494][T19973]  ___sys_sendmsg+0x134/0x1d0
[  273.011510][T19973]  ? __pfx____sys_sendmsg+0x10/0x10
[  273.011538][T19973]  ? __mutex_unlock_slowpath+0x100/0x800
[  273.011559][T19973]  __sys_sendmsg+0x16d/0x220
[  273.011576][T19973]  ? __pfx___sys_sendmsg+0x10/0x10
[  273.011600][T19973]  do_syscall_64+0xcd/0x4c0
[  273.011626][T19973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.011637][T19973] RIP: 0033:0x7fe440d8ebe9
[  273.011647][T19973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.011657][T19973] RSP: 002b:00007fe441c88038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  273.011667][T19973] RAX: ffffffffffffffda RBX: 00007fe440fb5fa0 RCX: 00007fe440d8ebe9
[  273.011674][T19973] RDX: 0000000024044884 RSI: 0000200000000300 RDI: 0000000000000003
[  273.011680][T19973] RBP: 00007fe441c88090 R08: 0000000000000000 R09: 0000000000000000
[  273.011686][T19973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  273.011691][T19973] R13: 00007fe440fb6038 R14: 00007fe440fb5fa0 R15: 00007fff0528d2d8
[  273.011705][T19973]  </TASK>
[  273.152126][T19980] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2290'.
[  273.152202][T19979] netlink: 'syz.1.2291': attribute type 1 has an invalid length.
[  273.164761][T19981] netlink: 'syz.0.2290': attribute type 10 has an invalid length.
[  273.167538][T19981] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  273.225168][T19994] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2293'.
[  273.233180][T19994] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.304761][T19994] bridge_slave_0 (unregistering): left allmulticast mode
[  273.307117][T19994] bridge_slave_0 (unregistering): left promiscuous mode
[  273.309537][T19994] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.504809][T20010] comedi comedi3: dt2817: I/O port conflict (0x4f27,5)
[  274.001508][T20024] overlayfs: failed to clone upperpath
[  274.353256][T20052] FAULT_INJECTION: forcing a failure.
[  274.353256][T20052] name failslab, interval 1, probability 0, space 0, times 0
[  274.357204][T20052] CPU: 0 UID: 0 PID: 20052 Comm: syz.5.2311 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  274.357220][T20052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  274.357226][T20052] Call Trace:
[  274.357231][T20052]  <TASK>
[  274.357236][T20052]  dump_stack_lvl+0x16c/0x1f0
[  274.357256][T20052]  should_fail_ex+0x512/0x640
[  274.357269][T20052]  should_failslab+0xc2/0x120
[  274.357283][T20052]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  274.357295][T20052]  ? skb_clone+0x190/0x3f0
[  274.357314][T20052]  skb_clone+0x190/0x3f0
[  274.357331][T20052]  netlink_deliver_tap+0xabd/0xd30
[  274.357350][T20052]  netlink_unicast+0x64c/0x870
[  274.357363][T20052]  ? __pfx_netlink_unicast+0x10/0x10
[  274.357378][T20052]  netlink_sendmsg+0x8d1/0xdd0
[  274.357390][T20052]  ? __pfx_netlink_sendmsg+0x10/0x10
[  274.357405][T20052]  ____sys_sendmsg+0xa98/0xc70
[  274.357418][T20052]  ? copy_msghdr_from_user+0x10a/0x160
[  274.357434][T20052]  ? __pfx_____sys_sendmsg+0x10/0x10
[  274.357452][T20052]  ___sys_sendmsg+0x134/0x1d0
[  274.357468][T20052]  ? __pfx____sys_sendmsg+0x10/0x10
[  274.357496][T20052]  ? __mutex_unlock_slowpath+0x100/0x800
[  274.357517][T20052]  __sys_sendmsg+0x16d/0x220
[  274.357534][T20052]  ? __pfx___sys_sendmsg+0x10/0x10
[  274.357558][T20052]  do_syscall_64+0xcd/0x4c0
[  274.357569][T20052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.357581][T20052] RIP: 0033:0x7f2f97d8ebe9
[  274.357589][T20052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.357600][T20052] RSP: 002b:00007f2f98c52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  274.357611][T20052] RAX: ffffffffffffffda RBX: 00007f2f97fb5fa0 RCX: 00007f2f97d8ebe9
[  274.357617][T20052] RDX: 0000000000008010 RSI: 0000200000000140 RDI: 0000000000000003
[  274.357624][T20052] RBP: 00007f2f98c52090 R08: 0000000000000000 R09: 0000000000000000
[  274.357630][T20052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.357636][T20052] R13: 00007f2f97fb6038 R14: 00007f2f97fb5fa0 R15: 00007fff81dc2668
[  274.357649][T20052]  </TASK>
[  274.357712][T20052] netlink: 5 bytes leftover after parsing attributes in process `syz.5.2311'.
[  274.430624][T20052] netlink: 5 bytes leftover after parsing attributes in process `syz.5.2311'.
[  274.433459][T20052] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2311'.
[  274.436872][T20052] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2311'.
[  274.505855][T20072] IPVS: Unknown mcast interface: ip6erspan0
[  274.518650][T20072] syzkaller0: entered promiscuous mode
[  274.520449][T20072] syzkaller0: entered allmulticast mode
[  274.612748][T20072] infiniband syz2: set active
[  274.614818][T20072] infiniband syz2: added syzkaller0
[  274.641361][T20072] RDS/IB: syz2: added
[  274.643348][T20072] smc: adding ib device syz2 with port count 1
[  274.645391][T20072] smc:    ib device syz2 port 1 has pnetid 
[  274.881983][   T63] Bluetooth: hci1: command tx timeout
[  275.056857][   T73] smc: removing ib device syz2
[  275.059598][   T34] syz2: Port: 1 Link DOWN
[  275.206748][T20098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2320'.
[  275.216081][T20098] FAULT_INJECTION: forcing a failure.
[  275.216081][T20098] name failslab, interval 1, probability 0, space 0, times 0
[  275.221059][T20098] CPU: 3 UID: 0 PID: 20098 Comm: syz.5.2320 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  275.221074][T20098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  275.221080][T20098] Call Trace:
[  275.221084][T20098]  <TASK>
[  275.221089][T20098]  dump_stack_lvl+0x16c/0x1f0
[  275.221110][T20098]  should_fail_ex+0x512/0x640
[  275.221120][T20098]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  275.221135][T20098]  should_failslab+0xc2/0x120
[  275.221147][T20098]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  275.221159][T20098]  ? mark_held_locks+0x49/0x80
[  275.221180][T20098]  ? neigh_sysctl_register+0xb2/0x670
[  275.221199][T20098]  kmemdup_noprof+0x29/0x60
[  275.221211][T20098]  neigh_sysctl_register+0xb2/0x670
[  275.221226][T20098]  ? __pfx_ndisc_ifinfo_sysctl_change+0x10/0x10
[  275.221243][T20098]  ? __pfx___debug_object_init+0x10/0x10
[  275.221258][T20098]  ? __pfx_neigh_sysctl_register+0x10/0x10
[  275.221277][T20098]  ? lockdep_init_map_type+0x5c/0x280
[  275.221287][T20098]  ? mld_in_v1_mode+0x2b2/0x3a0
[  275.221303][T20098]  addrconf_sysctl_register+0xb9/0x1f0
[  275.221318][T20098]  ipv6_add_dev+0xb31/0x15f0
[  275.221332][T20098]  ipv6_find_idev+0x192/0x220
[  275.221344][T20098]  addrconf_add_dev+0x31/0x1c0
[  275.221355][T20098]  addrconf_init_auto_addrs+0x201/0x810
[  275.221369][T20098]  addrconf_notify+0x6e2/0x19e0
[  275.221384][T20098]  ? ip6mr_device_event+0x1bc/0x230
[  275.221403][T20098]  notifier_call_chain+0xbc/0x410
[  275.221420][T20098]  ? __pfx_addrconf_notify+0x10/0x10
[  275.221437][T20098]  call_netdevice_notifiers_info+0xbe/0x140
[  275.221451][T20098]  netif_state_change+0x165/0x3b0
[  275.221462][T20098]  ? __pfx_netif_state_change+0x10/0x10
[  275.221475][T20098]  ? ip_tunnel_update+0x73b/0x960
[  275.221489][T20098]  netdev_state_change+0xaa/0x240
[  275.221500][T20098]  ip_tunnel_changelink+0x174/0x330
[  275.221513][T20098]  ipgre_changelink+0x170/0x260
[  275.221530][T20098]  ? __pfx_ipgre_changelink+0x10/0x10
[  275.221546][T20098]  ? cap_capable+0xb3/0x250
[  275.221560][T20098]  ? ns_capable+0xd7/0x110
[  275.221574][T20098]  ? __pfx_ipgre_changelink+0x10/0x10
[  275.221590][T20098]  rtnl_newlink+0x129b/0x2000
[  275.221625][T20098]  ? __pfx_rtnl_newlink+0x10/0x10
[  275.221641][T20098]  ? find_held_lock+0x2b/0x80
[  275.221654][T20098]  ? avc_has_perm_noaudit+0x117/0x3b0
[  275.221673][T20098]  ? avc_has_perm_noaudit+0x149/0x3b0
[  275.221701][T20098]  ? find_held_lock+0x2b/0x80
[  275.221713][T20098]  ? __pfx_rtnl_newlink+0x10/0x10
[  275.221729][T20098]  ? __pfx_rtnl_newlink+0x10/0x10
[  275.221744][T20098]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  275.221754][T20098]  ? __pfx_rtnl_newlink+0x10/0x10
[  275.221770][T20098]  rtnetlink_rcv_msg+0x95e/0xe90
[  275.221781][T20098]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  275.221794][T20098]  ? ref_tracker_free+0x37c/0x830
[  275.221807][T20098]  netlink_rcv_skb+0x158/0x420
[  275.221817][T20098]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  275.221828][T20098]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  275.221842][T20098]  ? netlink_deliver_tap+0x1ae/0xd30
[  275.221861][T20098]  netlink_unicast+0x5a7/0x870
[  275.221873][T20098]  ? __pfx_netlink_unicast+0x10/0x10
[  275.221910][T20098]  netlink_sendmsg+0x8d1/0xdd0
[  275.221923][T20098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.221938][T20098]  ____sys_sendmsg+0xa98/0xc70
[  275.221950][T20098]  ? copy_msghdr_from_user+0x10a/0x160
[  275.221966][T20098]  ? __pfx_____sys_sendmsg+0x10/0x10
[  275.221984][T20098]  ___sys_sendmsg+0x134/0x1d0
[  275.222001][T20098]  ? __pfx____sys_sendmsg+0x10/0x10
[  275.222029][T20098]  ? __mutex_unlock_slowpath+0x100/0x800
[  275.222050][T20098]  __sys_sendmsg+0x16d/0x220
[  275.222066][T20098]  ? __pfx___sys_sendmsg+0x10/0x10
[  275.222091][T20098]  do_syscall_64+0xcd/0x4c0
[  275.222102][T20098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.222113][T20098] RIP: 0033:0x7f2f97d8ebe9
[  275.222122][T20098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.222133][T20098] RSP: 002b:00007f2f98c52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  275.222143][T20098] RAX: ffffffffffffffda RBX: 00007f2f97fb5fa0 RCX: 00007f2f97d8ebe9
[  275.222149][T20098] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  275.222155][T20098] RBP: 00007f2f98c52090 R08: 0000000000000000 R09: 0000000000000000
[  275.222161][T20098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  275.222170][T20098] R13: 00007f2f97fb6038 R14: 00007f2f97fb5fa0 R15: 00007fff81dc2668
[  275.222184][T20098]  </TASK>
[  275.647178][T20126] netlink: 'syz.1.2326': attribute type 10 has an invalid length.
[  275.653340][T20126] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  275.655839][T20126] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  275.658460][T20126] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  276.271906][T20144] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2331'.
[  276.572006][ T6175] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  276.578537][T20172] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2340'.
[  276.753006][ T6175] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  276.756462][ T6175] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  276.759481][ T6175] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  276.762658][ T6175] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.768272][T20153] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  276.774954][ T6175] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  276.787401][ T5970] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  276.790760][ T5970] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  276.795420][ T5970] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  276.806238][ T5970] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  276.809188][ T5970] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  276.847598][ T1146] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.852373][ T1146] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  276.894993][T20209] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  276.935125][ T1146] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.938431][ T1146] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  276.975132][   T34] usb 7-1: USB disconnect, device number 21
[  276.984448][T20188] chnl_net:caif_netlink_parms(): no params data found
[  277.044912][ T1146] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.048989][ T1146] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  277.097700][T20188] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.100011][T20188] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.102619][T20188] bridge_slave_0: entered allmulticast mode
[  277.105210][T20188] bridge_slave_0: entered promiscuous mode
[  277.108306][T20188] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.111170][T20188] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.115298][T20188] bridge_slave_1: entered allmulticast mode
[  277.118013][T20188] bridge_slave_1: entered promiscuous mode
[  277.164912][ T1146] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  277.168262][ T1146] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  277.176509][   T40] kauditd_printk_skb: 210 callbacks suppressed
[  277.176520][   T40] audit: type=1400 audit(1754587427.398:3091): avc:  denied  { read write } for  pid=20151 comm="syz.2.2334" name="video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  277.176880][T20188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  277.178707][T20153] vivid-000: =================  START STATUS  =================
[  277.187840][T20188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  277.189181][   T40] audit: type=1400 audit(1754587427.398:3092): avc:  denied  { open } for  pid=20151 comm="syz.2.2334" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  277.190440][T20153] vivid-000: Test Pattern: 75% Colorbar
[  277.190480][T20153] vivid-000: Fill Percentage of Frame: 100
[  277.190494][T20153] vivid-000: Horizontal Movement: Move Right Fast
[  277.190507][T20153] vivid-000: Vertical Movement: No Movement
[  277.190520][T20153] vivid-000: OSD Text Mode: All
[  277.190542][T20153] vivid-000: Show Border: false
[  277.190554][T20153] vivid-000: Show Square: false
[  277.190566][T20153] vivid-000: Sensor Flipped Horizontally: false
[  277.190579][T20153] vivid-000: Sensor Flipped Vertically: false
[  277.190591][T20153] vivid-000: Insert SAV Code in Image: false
[  277.190604][T20153] vivid-000: Insert EAV Code in Image: false
[  277.190616][T20153] vivid-000: Insert Video Guard Band: false
[  277.190629][T20153] vivid-000: Reduced Framerate: false
[  277.190642][T20153] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  277.190656][T20153] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  277.190669][T20153] vivid-000: Enable Capture Cropping: true
[  277.190682][T20153] vivid-000: Enable Capture Composing: true
[  277.190694][T20153] vivid-000: Enable Capture Scaler: true
[  277.190706][T20153] vivid-000: Timestamp Source: End of Frame
[  277.190718][T20153] vivid-000: Colorspace: sRGB
[  277.190730][T20153] vivid-000: Transfer Function: Default
[  277.190742][T20153] vivid-000: Y'CbCr Encoding: Default
[  277.190753][T20153] vivid-000: HSV Encoding: Hue 0-179
[  277.190764][T20153] vivid-000: Quantization: Default
[  277.190774][T20153] vivid-000: Apply Alpha To Red Only: false
[  277.190785][T20153] vivid-000: Standard Aspect Ratio: 4x3
[  277.190801][T20153] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  277.190816][T20153] vivid-000: DV Timings: 640x480p59 inactive
[  277.190829][T20153] vivid-000: DV Timings Aspect Ratio: 4x3
[  277.190840][T20153] vivid-000: Maximum EDID Blocks: 2
[  277.190850][T20153] vivid-000: Limited RGB Range (16-235): false
[  277.190862][T20153] vivid-000: Rx RGB Quantization Range: Automatic
[  277.190876][T20153] vivid-000: Power Present: 0x00000001
[  277.190891][T20153] tpg source WxH: 320x180 (R'G'B)
[  277.190899][T20153] tpg field: 1
[  277.190904][T20153] tpg crop: (0,0)/320x180
[  277.190913][T20153] tpg compose: (0,0)/320x180
[  277.190920][T20153] tpg colorspace: 8
[  277.190924][T20153] tpg transfer function: 0/2
[  277.190929][T20153] tpg quantization: 0/1
[  277.190934][T20153] tpg RGB range: 0/2
[  277.190939][T20153] vivid-000: ==================  END STATUS  ==================
[  277.193958][   T63] Bluetooth: hci1: connection err: -111
[  277.198514][   T40] audit: type=1400 audit(1754587427.398:3093): avc:  denied  { ioctl } for  pid=20151 comm="syz.2.2334" path="/dev/video7" dev="devtmpfs" ino=974 ioctlcmd=0x5646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  277.293646][   T40] audit: type=1400 audit(1754587427.518:3094): avc:  denied  { mounton } for  pid=20500 comm="syz.5.2347" path="/58/bus" dev="tmpfs" ino=355 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  277.300662][   T40] audit: type=1400 audit(1754587427.518:3095): avc:  denied  { unlink } for  pid=20500 comm="syz.5.2347" name="#75" dev="tmpfs" ino=359 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  277.308248][   T40] audit: type=1400 audit(1754587427.518:3096): avc:  denied  { mount } for  pid=20500 comm="syz.5.2347" name="/" dev="overlay" ino=354 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  277.332217][T20188] team0: Port device team_slave_0 added
[  277.337248][T20188] team0: Port device team_slave_1 added
[  277.376426][T20188] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.378682][T20188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.387623][T20188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.403667][   T40] audit: type=1400 audit(1754587427.628:3097): avc:  denied  { read } for  pid=5679 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  277.414915][T20188] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.417124][T20188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.425151][T20188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  277.470045][   T40] audit: type=1400 audit(1754587427.688:3098): avc:  denied  { prog_run } for  pid=20899 comm="syz.0.2348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  277.499684][T20188] hsr_slave_0: entered promiscuous mode
[  277.502013][T20188] hsr_slave_1: entered promiscuous mode
[  277.504103][T20188] debugfs: 'hsr0' already exists in 'hsr'
[  277.505911][T20188] Cannot create hsr debugfs directory
[  277.510561][ T1146] bridge_slave_1: left promiscuous mode
[  277.514148][ T1146] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.517655][ T1146] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.814939][   T40] audit: type=1400 audit(1754587428.038:3099): avc:  denied  { create } for  pid=21036 comm="syz.2.2349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  277.821070][   T40] audit: type=1400 audit(1754587428.038:3100): avc:  denied  { setopt } for  pid=21036 comm="syz.2.2349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  277.948405][ T1146] bond0 (unregistering): left allmulticast mode
[  277.950470][ T1146] bond_slave_0: left allmulticast mode
[  277.952849][ T1146] bond_slave_1: left allmulticast mode
[  277.954592][ T1146] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  277.958769][ T1146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  277.961879][ T1146] bond_slave_0: left promiscuous mode
[  277.964317][ T1146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  277.967228][ T1146] bond_slave_1: left promiscuous mode
[  277.969757][ T1146] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  277.972717][ T1146] mac80211_hwsim hwsim3 wlan1: left promiscuous mode
[  277.983799][ T1146] bond0 (unregistering): Released all slaves
[  278.059686][T21064] __nla_validate_parse: 4 callbacks suppressed
[  278.059696][T21064] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2353'.
[  278.064629][T21064] netlink: 264 bytes leftover after parsing attributes in process `syz.5.2353'.
[  278.068216][T21064] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2353'.
[  278.085603][ T1146] : left promiscuous mode
[  278.099789][   T63] Bluetooth: hci1: Malformed Event: 0x02
[  278.157819][ T1146] tipc: Disabling bearer <eth:team0>
[  278.160700][ T1146] tipc: Left network mode
[  278.383073][ T1146] hsr_slave_0: left promiscuous mode
[  278.385281][ T1146] hsr_slave_1: left promiscuous mode
[  278.387451][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.390343][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.394064][ T1146] batman_adv: batadv0: Interface deactivated: dummy0
[  278.396343][ T1146] batman_adv: batadv0: Removing interface: dummy0
[  278.525207][ T1146] team0 (unregistering): Port device vlan0 removed
[  278.893607][   T63] Bluetooth: hci2: command tx timeout
[  278.949646][ T1146] team0 (unregistering): Port device team_slave_1 removed
[  279.021290][ T1146] team0 (unregistering): Port device team_slave_0 removed
[  279.054046][T21305] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2359'.
[  279.146586][T21309] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2360'.
[  279.255335][T21311] netlink: 'syz.5.2360': attribute type 10 has an invalid length.
[  279.550255][T21311] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  279.842292][T20188] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  279.847544][T20188] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  279.855025][T20188] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  279.859306][T20188] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  279.906083][T20188] 8021q: adding VLAN 0 to HW filter on device bond0
[  279.914983][T20188] 8021q: adding VLAN 0 to HW filter on device team0
[  279.920472][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.922674][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  279.930389][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.932673][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  279.942486][T21392] overlay: Unknown parameter 'smackfshat'
[  280.058665][T20188] 8021q: adding VLAN 0 to HW filter on device batadv0
[  280.085798][T20188] veth0_vlan: entered promiscuous mode
[  280.092526][T20188] veth1_vlan: entered promiscuous mode
[  280.107586][T20188] veth0_macvtap: entered promiscuous mode
[  280.113681][T20188] veth1_macvtap: entered promiscuous mode
[  280.123053][T20188] batman_adv: batadv0: Interface activated: batadv_slave_0
[  280.127626][T20188] batman_adv: batadv0: Interface activated: batadv_slave_1
[  280.139199][ T1145] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  280.143171][ T1145] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  280.148347][ T1145] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  280.151160][ T1145] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  280.205103][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.210201][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.226280][ T1241] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.228855][ T1241] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.290323][T21440] ip6gretap1: entered promiscuous mode
[  280.292528][T21440] ip6gretap1: entered allmulticast mode
[  280.307666][T21440] syz.1.2377: attempt to access beyond end of device
[  280.307666][T21440] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0
[  280.313512][T21440] vxfs: unable to read disk superblock at 1
[  280.316492][T21440] syz.1.2377: attempt to access beyond end of device
[  280.316492][T21440] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0
[  280.320551][T21440] vxfs: unable to read disk superblock at 8
[  280.323620][T21440] vxfs: can't find superblock.
[  280.588362][T21448] netlink: 'syz.1.2378': attribute type 1 has an invalid length.
[  280.654956][T21459] netlink: 'syz.1.2382': attribute type 10 has an invalid length.
[  280.665650][T21459] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  280.669456][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  280.673542][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.722051][T21464] FAULT_INJECTION: forcing a failure.
[  280.722051][T21464] name failslab, interval 1, probability 0, space 0, times 0
[  280.726263][T21464] CPU: 1 UID: 0 PID: 21464 Comm: syz.1.2382 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  280.726279][T21464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  280.726286][T21464] Call Trace:
[  280.726291][T21464]  <TASK>
[  280.726295][T21464]  dump_stack_lvl+0x16c/0x1f0
[  280.726338][T21464]  should_fail_ex+0x512/0x640
[  280.726353][T21464]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  280.726366][T21464]  should_failslab+0xc2/0x120
[  280.726379][T21464]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  280.726390][T21464]  ? __pfx___might_resched+0x10/0x10
[  280.726404][T21464]  ? __alloc_skb+0x2b2/0x380
[  280.726421][T21464]  __alloc_skb+0x2b2/0x380
[  280.726436][T21464]  ? __pfx___alloc_skb+0x10/0x10
[  280.726451][T21464]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  280.726467][T21464]  nl80211_new_interface+0x592/0x1190
[  280.726484][T21464]  ? __pfx_nl80211_new_interface+0x10/0x10
[  280.726502][T21464]  ? nl80211_pre_doit+0x1b0/0xb10
[  280.726517][T21464]  genl_family_rcv_msg_doit+0x209/0x2f0
[  280.726531][T21464]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  280.726547][T21464]  ? bpf_lsm_capable+0x9/0x10
[  280.726562][T21464]  ? security_capable+0x7e/0x260
[  280.726574][T21464]  ? ns_capable+0xd7/0x110
[  280.726587][T21464]  genl_rcv_msg+0x55c/0x800
[  280.726601][T21464]  ? __pfx_genl_rcv_msg+0x10/0x10
[  280.726612][T21464]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  280.726625][T21464]  ? __pfx_nl80211_new_interface+0x10/0x10
[  280.726638][T21464]  ? __pfx_nl80211_post_doit+0x10/0x10
[  280.726653][T21464]  netlink_rcv_skb+0x158/0x420
[  280.726663][T21464]  ? __pfx_genl_rcv_msg+0x10/0x10
[  280.726675][T21464]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  280.726691][T21464]  ? netlink_deliver_tap+0x1ae/0xd30
[  280.726709][T21464]  genl_rcv+0x28/0x40
[  280.726719][T21464]  netlink_unicast+0x5a7/0x870
[  280.726731][T21464]  ? __pfx_netlink_unicast+0x10/0x10
[  280.726740][T21464]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  280.726762][T21464]  netlink_sendmsg+0x8d1/0xdd0
[  280.726773][T21464]  ? __pfx_netlink_sendmsg+0x10/0x10
[  280.726788][T21464]  ____sys_sendmsg+0xa98/0xc70
[  280.726801][T21464]  ? copy_msghdr_from_user+0x10a/0x160
[  280.726816][T21464]  ? __pfx_____sys_sendmsg+0x10/0x10
[  280.726834][T21464]  ___sys_sendmsg+0x134/0x1d0
[  280.726851][T21464]  ? __pfx____sys_sendmsg+0x10/0x10
[  280.726879][T21464]  ? __mutex_unlock_slowpath+0x100/0x800
[  280.726904][T21464]  __sys_sendmsg+0x16d/0x220
[  280.726920][T21464]  ? __pfx___sys_sendmsg+0x10/0x10
[  280.726941][T21464]  ? fput+0x9b/0xd0
[  280.726957][T21464]  do_syscall_64+0xcd/0x4c0
[  280.726968][T21464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.726980][T21464] RIP: 0033:0x7f105598ebe9
[  280.726989][T21464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.726999][T21464] RSP: 002b:00007f10567e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  280.727009][T21464] RAX: ffffffffffffffda RBX: 00007f1055bb6090 RCX: 00007f105598ebe9
[  280.727016][T21464] RDX: 0000000024044884 RSI: 0000200000000300 RDI: 0000000000000003
[  280.727022][T21464] RBP: 00007f10567e6090 R08: 0000000000000000 R09: 0000000000000000
[  280.727028][T21464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.727034][T21464] R13: 00007f1055bb6128 R14: 00007f1055bb6090 R15: 00007ffd333b46a8
[  280.727047][T21464]  </TASK>
[  280.858005][T21471] binder: 21469:21471 ioctl f507 0 returned -22
[  280.895507][T21476] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2388'.
[  280.899689][T21476] misc userio: Begin command sent, but we're already running
[  280.961923][   T63] Bluetooth: hci2: command tx timeout
[  281.075885][T21489] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2392'.
[  281.110064][T21489] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2392'.
[  281.213279][T19625] udevd[19625]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  281.254814][T21520] netlink: 'syz.1.2396': attribute type 10 has an invalid length.
[  281.263683][   T13] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  281.456452][T21534] netlink: 'syz.1.2398': attribute type 10 has an invalid length.
[  281.464998][T21534] 8021q: adding VLAN 0 to HW filter on device batadv0
[  281.469272][T21534] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  281.497295][T21538] netlink: 166528 bytes leftover after parsing attributes in process `syz.1.2399'.
[  281.505580][T21538] autofs4:pid:21538:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  281.642945][T21545] netlink: 'syz.1.2403': attribute type 10 has an invalid length.
[  281.647322][T21545] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  281.763533][T21553] __vm_enough_memory: pid: 21553, comm: syz.5.2407, bytes: 21200334905344 not enough memory for the allocation
[  281.818890][T21553] rdma_op ffff8880277e21f0 conn xmit_rdma 0000000000000000
[  281.951497][T21559] FAULT_INJECTION: forcing a failure.
[  281.951497][T21559] name failslab, interval 1, probability 0, space 0, times 0
[  281.956928][   T63] Bluetooth: hci4: unknown advertising packet type: 0x82
[  281.956962][   T63] Bluetooth: hci4: unknown advertising packet type: 0x20
[  281.959357][   T63] Bluetooth: hci4: Dropping invalid advertising data
[  281.962266][T21559] CPU: 1 UID: 0 PID: 21559 Comm: syz.1.2409 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  281.962282][T21559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  281.962289][T21559] Call Trace:
[  281.962293][T21559]  <TASK>
[  281.962298][T21559]  dump_stack_lvl+0x16c/0x1f0
[  281.962318][T21559]  should_fail_ex+0x512/0x640
[  281.962329][T21559]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  281.962347][T21559]  should_failslab+0xc2/0x120
[  281.962360][T21559]  __kmalloc_cache_noprof+0x6a/0x3e0
[  281.962376][T21559]  ? drm_mode_atomic_ioctl+0xf64/0x25f0
[  281.962393][T21559]  drm_mode_atomic_ioctl+0xf64/0x25f0
[  281.962412][T21559]  ? avc_has_extended_perms+0x47c/0x1090
[  281.962430][T21559]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  281.962444][T21559]  ? __lock_acquire+0xb97/0x1ce0
[  281.962470][T21559]  ? drm_is_current_master+0x2c/0x40
[  281.962484][T21559]  ? do_raw_spin_unlock+0x172/0x230
[  281.962498][T21559]  drm_ioctl_kernel+0x1f4/0x3e0
[  281.962508][T21559]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  281.962522][T21559]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  281.962537][T21559]  drm_ioctl+0x5c9/0xc30
[  281.962550][T21559]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  281.962565][T21559]  ? __pfx_drm_ioctl+0x10/0x10
[  281.962581][T21559]  ? selinux_file_ioctl+0x180/0x270
[  281.962594][T21559]  ? selinux_file_ioctl+0xb4/0x270
[  281.962608][T21559]  ? __pfx_drm_ioctl+0x10/0x10
[  281.962619][T21559]  __x64_sys_ioctl+0x18e/0x210
[  281.962637][T21559]  do_syscall_64+0xcd/0x4c0
[  281.962648][T21559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.962659][T21559] RIP: 0033:0x7f105598ebe9
[  281.962668][T21559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.962678][T21559] RSP: 002b:00007f1056807038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  281.962689][T21559] RAX: ffffffffffffffda RBX: 00007f1055bb5fa0 RCX: 00007f105598ebe9
[  281.962696][T21559] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000c
[  281.962702][T21559] RBP: 00007f1056807090 R08: 0000000000000000 R09: 0000000000000000
[  281.962708][T21559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  281.962714][T21559] R13: 00007f1055bb6038 R14: 00007f1055bb5fa0 R15: 00007ffd333b46a8
[  281.962726][T21559]  </TASK>
[  282.038172][   T63] Bluetooth: hci4: Malformed LE Event: 0x02
[  282.084852][T21577] netlink: 'syz.0.2414': attribute type 10 has an invalid length.
[  282.087908][T21578] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2416'.
[  282.090189][T21577] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  282.105267][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.107836][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.207427][   T40] kauditd_printk_skb: 307 callbacks suppressed
[  282.207438][   T40] audit: type=1400 audit(1754587432.428:3408): avc:  denied  { create } for  pid=21590 comm="syz.1.2419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  282.207533][ T1241] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  282.209939][   T40] audit: type=1400 audit(1754587432.428:3409): avc:  denied  { write } for  pid=21590 comm="syz.1.2419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  282.226037][   T40] audit: type=1326 audit(1754587432.428:3410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21590 comm="syz.1.2419" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f105598ebe9 code=0x0
[  282.232634][   T40] audit: type=1400 audit(1754587432.438:3411): avc:  denied  { ioctl } for  pid=21573 comm="syz.0.2414" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=48695 ioctlcmd=0x8924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  282.240189][   T40] audit: type=1400 audit(1754587432.438:3412): avc:  denied  { create } for  pid=21573 comm="syz.0.2414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  282.932881][   T40] audit: type=1400 audit(1754587433.158:3413): avc:  denied  { create } for  pid=21603 comm="syz.2.2420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  282.953951][   T40] audit: type=1400 audit(1754587433.178:3414): avc:  denied  { read } for  pid=21607 comm="syz.2.2423" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  282.960488][   T40] audit: type=1400 audit(1754587433.178:3415): avc:  denied  { open } for  pid=21607 comm="syz.2.2423" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  282.971993][   T40] audit: type=1400 audit(1754587433.178:3416): avc:  denied  { read write } for  pid=21608 comm="syz.5.2421" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  282.979186][   T40] audit: type=1400 audit(1754587433.178:3417): avc:  denied  { open } for  pid=21608 comm="syz.5.2421" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  283.041738][   T63] Bluetooth: hci2: command tx timeout
[  283.074263][T21610] kvm: kvm [21607]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4ec400001700
[  283.248761][T21638] netlink: 88 bytes leftover after parsing attributes in process `syz.5.2431'.
[  283.251693][T21638] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2431'.
[  283.316583][ T1241] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  284.076258][T21679] futex_wake_op: syz.1.2440 tries to shift op by 32; fix this program
[  284.087792][T21679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2440'.
[  284.115962][T21679] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  284.130550][T21679] evm: overlay not supported
[  284.146707][T21686] 8021q: adding VLAN 0 to HW filter on device bond1
[  284.150176][T21686] bond0: (slave bond1): Enslaving as an active interface with an up link
[  284.519626][T21752] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  285.131692][   T63] Bluetooth: hci2: command tx timeout
[  285.161304][T21778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2459'.
[  285.210893][T21789] netlink: 'syz.1.2463': attribute type 10 has an invalid length.
[  285.215284][T21789] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2463'.
[  285.218265][T21789] team0: entered promiscuous mode
[  285.219952][T21789] team_slave_0: entered promiscuous mode
[  285.222148][T21789] team_slave_1: entered promiscuous mode
[  285.224269][T21789] bridge0: port 3(team0) entered blocking state
[  285.226461][T21789] bridge0: port 3(team0) entered disabled state
[  285.228725][T21789] team0: entered allmulticast mode
[  285.230384][T21789] team_slave_0: entered allmulticast mode
[  285.232274][T21789] team_slave_1: entered allmulticast mode
[  285.235588][T21789] bridge0: port 3(team0) entered blocking state
[  285.237633][T21789] bridge0: port 3(team0) entered forwarding state
[  285.761519][T21802] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  286.548248][T21870] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2483'.
[  286.635829][T21870] hsr_slave_0 (unregistering): left promiscuous mode
[  287.117417][T21888] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2486'.
[  287.232102][   T40] kauditd_printk_skb: 172 callbacks suppressed
[  287.232171][   T40] audit: type=1400 audit(1754587437.309:3590): avc:  denied  { mounton } for  pid=21887 comm="syz.2.2486" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  287.289080][   T40] audit: type=1400 audit(1754587437.339:3591): avc:  denied  { setopt } for  pid=21887 comm="syz.2.2486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  288.073385][T21906] FAULT_INJECTION: forcing a failure.
[  288.073385][T21906] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  288.077457][T21906] CPU: 1 UID: 0 PID: 21906 Comm: syz.0.2489 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  288.077484][T21906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.077493][T21906] Call Trace:
[  288.077500][T21906]  <TASK>
[  288.077507][T21906]  dump_stack_lvl+0x16c/0x1f0
[  288.077568][T21906]  should_fail_ex+0x512/0x640
[  288.077596][T21906]  _copy_to_user+0x32/0xd0
[  288.077617][T21906]  simple_read_from_buffer+0xcb/0x170
[  288.077637][T21906]  proc_fail_nth_read+0x197/0x240
[  288.077657][T21906]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  288.077679][T21906]  ? rw_verify_area+0xcf/0x6c0
[  288.077706][T21906]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  288.077727][T21906]  vfs_read+0x1e1/0xc60
[  288.077748][T21906]  ? __pfx___mutex_lock+0x10/0x10
[  288.077792][T21906]  ? __pfx_vfs_read+0x10/0x10
[  288.077816][T21906]  ? __fget_files+0x20e/0x3c0
[  288.077843][T21906]  ksys_read+0x12a/0x250
[  288.077861][T21906]  ? __pfx_ksys_read+0x10/0x10
[  288.077879][T21906]  ? fdget+0x187/0x210
[  288.077901][T21906]  do_syscall_64+0xcd/0x4c0
[  288.077919][T21906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.077937][T21906] RIP: 0033:0x7fe440d8d5fc
[  288.077952][T21906] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  288.077969][T21906] RSP: 002b:00007fe441c67030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  288.077985][T21906] RAX: ffffffffffffffda RBX: 00007fe440fb6090 RCX: 00007fe440d8d5fc
[  288.077996][T21906] RDX: 000000000000000f RSI: 00007fe441c670a0 RDI: 0000000000000004
[  288.078007][T21906] RBP: 00007fe441c67090 R08: 0000000000000000 R09: 0000000000000000
[  288.078017][T21906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.078031][T21906] R13: 00007fe440fb6128 R14: 00007fe440fb6090 R15: 00007fff0528d2d8
[  288.078056][T21906]  </TASK>
[  288.081228][   T40] audit: type=1400 audit(1754587438.299:3592): avc:  denied  { write } for  pid=21907 comm="syz.1.2491" name="vmci" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  288.491925][T21917] netlink: 'syz.2.2494': attribute type 13 has an invalid length.
[  288.494822][T21917] netlink: 'syz.2.2494': attribute type 17 has an invalid length.
[  288.527023][T21917] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  288.538098][   T40] audit: type=1400 audit(1754587438.759:3593): avc:  denied  { read write } for  pid=21916 comm="syz.2.2494" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  288.545329][   T40] audit: type=1400 audit(1754587438.759:3594): avc:  denied  { open } for  pid=21916 comm="syz.2.2494" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  288.607500][T21943] FAULT_INJECTION: forcing a failure.
[  288.607500][T21943] name failslab, interval 1, probability 0, space 0, times 0
[  288.611256][T21943] CPU: 1 UID: 0 PID: 21943 Comm: syz.2.2495 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  288.611271][T21943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.611278][T21943] Call Trace:
[  288.611282][T21943]  <TASK>
[  288.611286][T21943]  dump_stack_lvl+0x16c/0x1f0
[  288.611307][T21943]  should_fail_ex+0x512/0x640
[  288.611318][T21943]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  288.611331][T21943]  should_failslab+0xc2/0x120
[  288.611343][T21943]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  288.611354][T21943]  ? __alloc_skb+0x2b2/0x380
[  288.611372][T21943]  __alloc_skb+0x2b2/0x380
[  288.611387][T21943]  ? __pfx___alloc_skb+0x10/0x10
[  288.611406][T21943]  alloc_skb_with_frags+0xe0/0x860
[  288.611419][T21943]  sock_alloc_send_pskb+0x7fb/0x990
[  288.611434][T21943]  ? avc_has_perm+0x144/0x1f0
[  288.611451][T21943]  ? __pfx_avc_has_perm+0x10/0x10
[  288.611468][T21943]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  288.611485][T21943]  ? sock_has_perm+0x259/0x2f0
[  288.611496][T21943]  ? __pfx_sock_has_perm+0x10/0x10
[  288.611508][T21943]  hci_sock_sendmsg+0x1c7/0x25f0
[  288.611526][T21943]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  288.611544][T21943]  sock_write_iter+0x4fc/0x5b0
[  288.611557][T21943]  ? __pfx_sock_write_iter+0x10/0x10
[  288.611572][T21943]  ? bpf_lsm_file_permission+0x9/0x10
[  288.611586][T21943]  ? security_file_permission+0x71/0x210
[  288.611613][T21943]  ? rw_verify_area+0xcf/0x6c0
[  288.611632][T21943]  vfs_write+0x6c4/0x1150
[  288.611643][T21943]  ? __pfx_sock_write_iter+0x10/0x10
[  288.611656][T21943]  ? __pfx_vfs_write+0x10/0x10
[  288.611665][T21943]  ? find_held_lock+0x2b/0x80
[  288.611687][T21943]  ksys_write+0x1f8/0x250
[  288.611697][T21943]  ? __pfx_ksys_write+0x10/0x10
[  288.611712][T21943]  do_syscall_64+0xcd/0x4c0
[  288.611723][T21943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.611734][T21943] RIP: 0033:0x7f78efd8ebe9
[  288.611743][T21943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.611753][T21943] RSP: 002b:00007f78f0c96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  288.611763][T21943] RAX: ffffffffffffffda RBX: 00007f78effb5fa0 RCX: 00007f78efd8ebe9
[  288.611770][T21943] RDX: 0000000000000006 RSI: 0000200000000000 RDI: 0000000000000004
[  288.611775][T21943] RBP: 00007f78f0c96090 R08: 0000000000000000 R09: 0000000000000000
[  288.611781][T21943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.611787][T21943] R13: 00007f78effb6038 R14: 00007f78effb5fa0 R15: 00007fff8de706a8
[  288.611800][T21943]  </TASK>
[  288.699463][T21945] ip6tnl0: mtu less than device minimum
[  288.711104][   T40] audit: type=1400 audit(1754587438.919:3595): avc:  denied  { create } for  pid=21944 comm="syz.5.2496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  288.718329][   T40] audit: type=1400 audit(1754587438.919:3596): avc:  denied  { ioctl } for  pid=21944 comm="syz.5.2496" path="socket:[47762]" dev="sockfs" ino=47762 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  288.736395][   T40] audit: type=1400 audit(1754587438.919:3597): avc:  denied  { write } for  pid=21946 comm="syz.1.2497" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  288.749610][   T40] audit: type=1400 audit(1754587438.929:3598): avc:  denied  { create } for  pid=21946 comm="syz.1.2497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  288.756645][   T40] audit: type=1400 audit(1754587438.929:3599): avc:  denied  { write } for  pid=21946 comm="syz.1.2497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  288.806529][T21968] FAULT_INJECTION: forcing a failure.
[  288.806529][T21968] name failslab, interval 1, probability 0, space 0, times 0
[  288.810369][T21968] CPU: 0 UID: 0 PID: 21968 Comm: syz.5.2503 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  288.810385][T21968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.810391][T21968] Call Trace:
[  288.810396][T21968]  <TASK>
[  288.810400][T21968]  dump_stack_lvl+0x16c/0x1f0
[  288.810421][T21968]  should_fail_ex+0x512/0x640
[  288.810431][T21968]  ? fs_reclaim_acquire+0xae/0x150
[  288.810448][T21968]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  288.810463][T21968]  should_failslab+0xc2/0x120
[  288.810476][T21968]  __kmalloc_noprof+0xd2/0x510
[  288.810490][T21968]  tomoyo_realpath_from_path+0xc2/0x6e0
[  288.810506][T21968]  ? tomoyo_profile+0x47/0x60
[  288.810522][T21968]  tomoyo_path_number_perm+0x245/0x580
[  288.810534][T21968]  ? tomoyo_path_number_perm+0x237/0x580
[  288.810547][T21968]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  288.810559][T21968]  ? find_held_lock+0x2b/0x80
[  288.810584][T21968]  ? find_held_lock+0x2b/0x80
[  288.810596][T21968]  ? hook_file_ioctl_common+0x145/0x410
[  288.810615][T21968]  ? __fget_files+0x20e/0x3c0
[  288.810630][T21968]  security_file_ioctl+0x9b/0x240
[  288.810644][T21968]  __x64_sys_ioctl+0xb7/0x210
[  288.810662][T21968]  do_syscall_64+0xcd/0x4c0
[  288.810673][T21968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.810684][T21968] RIP: 0033:0x7f2f97d8ebe9
[  288.810693][T21968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.810703][T21968] RSP: 002b:00007f2f98c52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  288.810714][T21968] RAX: ffffffffffffffda RBX: 00007f2f97fb5fa0 RCX: 00007f2f97d8ebe9
[  288.810720][T21968] RDX: 0000000000000000 RSI: 000000000000640f RDI: 0000000000000003
[  288.810726][T21968] RBP: 00007f2f98c52090 R08: 0000000000000000 R09: 0000000000000000
[  288.810732][T21968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.810738][T21968] R13: 00007f2f97fb6038 R14: 00007f2f97fb5fa0 R15: 00007fff81dc2668
[  288.810751][T21968]  </TASK>
[  288.810755][T21968] ERROR: Out of memory at tomoyo_realpath_from_path.
[  289.113058][   T34] IPVS: starting estimator thread 0...
[  289.212230][T22006] IPVS: using max 43 ests per chain, 103200 per kthread
[  289.270984][T22020] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2514'.
[  289.662983][T22031] netlink: 'syz.0.2516': attribute type 30 has an invalid length.
[  289.674095][T22029] FAULT_INJECTION: forcing a failure.
[  289.674095][T22029] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  289.674116][T22029] CPU: 2 UID: 0 PID: 22029 Comm: syz.2.2515 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  289.674130][T22029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  289.674136][T22029] Call Trace:
[  289.674141][T22029]  <TASK>
[  289.674145][T22029]  dump_stack_lvl+0x16c/0x1f0
[  289.674183][T22029]  should_fail_ex+0x512/0x640
[  289.674199][T22029]  _copy_from_user+0x2e/0xd0
[  289.674212][T22029]  copy_msghdr_from_user+0x98/0x160
[  289.674229][T22029]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  289.674248][T22029]  ? irqentry_exit+0x3b/0x90
[  289.674274][T22029]  ___sys_sendmsg+0xfe/0x1d0
[  289.674291][T22029]  ? __pfx____sys_sendmsg+0x10/0x10
[  289.674323][T22029]  __sys_sendmsg+0x16d/0x220
[  289.674340][T22029]  ? __pfx___sys_sendmsg+0x10/0x10
[  289.674355][T22029]  ? __pfx_bpf_trace_run2+0x10/0x10
[  289.674370][T22029]  ? syscall_trace_enter+0x1cb/0x240
[  289.674383][T22029]  ? rcu_is_watching+0x12/0xc0
[  289.674398][T22029]  do_syscall_64+0xcd/0x4c0
[  289.674409][T22029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.674420][T22029] RIP: 0033:0x7f78efd8ebe9
[  289.674429][T22029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.674439][T22029] RSP: 002b:00007f78f0c96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  289.674450][T22029] RAX: ffffffffffffffda RBX: 00007f78effb5fa0 RCX: 00007f78efd8ebe9
[  289.674457][T22029] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  289.674463][T22029] RBP: 00007f78f0c96090 R08: 0000000000000000 R09: 0000000000000000
[  289.674469][T22029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.674475][T22029] R13: 00007f78effb6038 R14: 00007f78effb5fa0 R15: 00007fff8de706a8
[  289.674488][T22029]  </TASK>
[  289.677990][ T1145] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0
[  289.741318][ T1145] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0
[  289.741341][ T1145] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0
[  289.741437][ T1145] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0
[  289.932614][ T1241] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  289.968260][T22108] netlink: 'syz.2.2528': attribute type 17 has an invalid length.
[  290.419077][T22119] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2531'.
[  290.789136][   T63] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11
[  290.799149][T22141] FAULT_INJECTION: forcing a failure.
[  290.799149][T22141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.803512][T22141] CPU: 2 UID: 0 PID: 22141 Comm: syz.1.2538 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  290.803529][T22141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.803535][T22141] Call Trace:
[  290.803540][T22141]  <TASK>
[  290.803544][T22141]  dump_stack_lvl+0x16c/0x1f0
[  290.803564][T22141]  should_fail_ex+0x512/0x640
[  290.803577][T22141]  _copy_from_user+0x2e/0xd0
[  290.803589][T22141]  drm_ioctl+0x4fb/0xc30
[  290.803614][T22141]  ? __pfx_drm_mode_rmfb_ioctl+0x10/0x10
[  290.803632][T22141]  ? __pfx_drm_ioctl+0x10/0x10
[  290.803648][T22141]  ? selinux_file_ioctl+0x180/0x270
[  290.803661][T22141]  ? selinux_file_ioctl+0xb4/0x270
[  290.803675][T22141]  ? __pfx_drm_ioctl+0x10/0x10
[  290.803686][T22141]  __x64_sys_ioctl+0x18e/0x210
[  290.803704][T22141]  do_syscall_64+0xcd/0x4c0
[  290.803715][T22141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.803726][T22141] RIP: 0033:0x7f105598ebe9
[  290.803734][T22141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.803745][T22141] RSP: 002b:00007f1056807038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.803755][T22141] RAX: ffffffffffffffda RBX: 00007f1055bb5fa0 RCX: 00007f105598ebe9
[  290.803761][T22141] RDX: 0000200000000600 RSI: 00000000c00464af RDI: 0000000000000003
[  290.803767][T22141] RBP: 00007f1056807090 R08: 0000000000000000 R09: 0000000000000000
[  290.803773][T22141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.803779][T22141] R13: 00007f1055bb6038 R14: 00007f1055bb5fa0 R15: 00007ffd333b46a8
[  290.803792][T22141]  </TASK>
[  290.895929][T22146] 
[  290.896770][T22146] ======================================================
[  290.898950][T22146] WARNING: possible circular locking dependency detected
[  290.901119][T22146] 6.16.0-syzkaller-11952-g6e64f4580381 #0 Not tainted
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  290.903472][T22146] ------------------------------------------------------
[  290.907643][T22146] syz.1.2540/22146 is trying to acquire lock:
[  290.909560][T22146] ffffffff905cad58 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_device_down+0xd3/0x810
[  290.912694][T22146] 
[  290.912694][T22146] but task is already holding lock:
[  290.915492][T22146] ffffffff905cacf8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x2c/0x810
[  290.918628][T22146] 
[  290.918628][T22146] which lock already depends on the new lock.
[  290.918628][T22146] 
[  290.921808][T22146] 
[  290.921808][T22146] the existing dependency chain (in reverse order) is:
[  290.924773][T22146] 
[  290.924773][T22146] -> #2 (nr_neigh_list_lock){+...}-{3:3}:
[  290.927896][T22146]        _raw_spin_lock_bh+0x33/0x40
[  290.929692][T22146]        nr_rt_ioctl+0xc66/0x29b0
[  290.931302][T22146]        nr_ioctl+0x19a/0x2e0
[  290.932778][T22146]        sock_do_ioctl+0x118/0x280
[  290.934542][T22146]        sock_ioctl+0x227/0x6b0
[  290.936102][T22146]        __x64_sys_ioctl+0x18e/0x210
[  290.937815][T22146]        do_syscall_64+0xcd/0x4c0
[  290.939405][T22146]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.941419][T22146] 
[  290.941419][T22146] -> #1 (&nr_node->node_lock){+...}-{3:3}:
[  290.943955][T22146]        _raw_spin_lock_bh+0x33/0x40
[  290.945930][T22146]        nr_rt_ioctl+0x816/0x29b0
[  290.947855][T22146]        nr_ioctl+0x19a/0x2e0
[  290.949411][T22146]        sock_do_ioctl+0x118/0x280
[  290.951165][T22146]        sock_ioctl+0x227/0x6b0
[  290.952742][T22146]        __x64_sys_ioctl+0x18e/0x210
[  290.954490][T22146]        do_syscall_64+0xcd/0x4c0
[  290.956083][T22146]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.958169][T22146] 
[  290.958169][T22146] -> #0 (nr_node_list_lock){+...}-{3:3}:
[  290.960616][T22146]        __lock_acquire+0x12a6/0x1ce0
[  290.962309][T22146]        lock_acquire+0x179/0x350
[  290.963957][T22146]        _raw_spin_lock_bh+0x33/0x40
[  290.965607][T22146]        nr_rt_device_down+0xd3/0x810
[  290.967363][T22146]        nr_device_event+0x126/0x170
[  290.969026][T22146]        notifier_call_chain+0xbc/0x410
[  290.970789][T22146]        call_netdevice_notifiers_info+0xbe/0x140
[  290.972784][T22146]        netif_close_many+0x319/0x630
[  290.974494][T22146]        netif_close+0x17f/0x230
[  290.976065][T22146]        dev_close+0xaa/0x240
[  290.977562][T22146]        bpq_device_event+0x601/0x840
[  290.979277][T22146]        notifier_call_chain+0xbc/0x410
[  290.981007][T22146]        call_netdevice_notifiers_info+0xbe/0x140
[  290.983014][T22146]        __dev_notify_flags+0x1f7/0x2e0
[  290.984758][T22146]        netif_change_flags+0x108/0x160
[  290.986504][T22146]        dev_change_flags+0xba/0x250
[  290.988177][T22146]        dev_ifsioc+0x1498/0x1f70
[  290.989775][T22146]        dev_ioctl+0x223/0x10e0
[  290.991295][T22146]        sock_do_ioctl+0x19d/0x280
[  290.992888][T22146]        sock_ioctl+0x227/0x6b0
[  290.994444][T22146]        __x64_sys_ioctl+0x18e/0x210
[  290.996104][T22146]        do_syscall_64+0xcd/0x4c0
[  290.997883][T22146]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.999916][T22146] 
[  290.999916][T22146] other info that might help us debug this:
[  290.999916][T22146] 
[  291.003057][T22146] Chain exists of:
[  291.003057][T22146]   nr_node_list_lock --> &nr_node->node_lock --> nr_neigh_list_lock
[  291.003057][T22146] 
[  291.007306][T22146]  Possible unsafe locking scenario:
[  291.007306][T22146] 
[  291.009602][T22146]        CPU0                    CPU1
[  291.011298][T22146]        ----                    ----
[  291.013010][T22146]   lock(nr_neigh_list_lock);
[  291.014532][T22146]                                lock(&nr_node->node_lock);
[  291.016805][T22146]                                lock(nr_neigh_list_lock);
[  291.019094][T22146]   lock(nr_node_list_lock);
[  291.020559][T22146] 
[  291.020559][T22146]  *** DEADLOCK ***
[  291.020559][T22146] 
[  291.023075][T22146] 2 locks held by syz.1.2540/22146:
[  291.024721][T22146]  #0: ffffffff9037ed88 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x212/0x10e0
[  291.027500][T22146]  #1: ffffffff905cacf8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_device_down+0x2c/0x810
[  291.030653][T22146] 
[  291.030653][T22146] stack backtrace:
[  291.032502][T22146] CPU: 2 UID: 0 PID: 22146 Comm: syz.1.2540 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[  291.032517][T22146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  291.032524][T22146] Call Trace:
[  291.032528][T22146]  <TASK>
[  291.032533][T22146]  dump_stack_lvl+0x116/0x1f0
[  291.032551][T22146]  print_circular_bug+0x275/0x350
[  291.032569][T22146]  check_noncircular+0x14c/0x170
[  291.032587][T22146]  __lock_acquire+0x12a6/0x1ce0
[  291.032606][T22146]  lock_acquire+0x179/0x350
[  291.032622][T22146]  ? nr_rt_device_down+0xd3/0x810
[  291.032635][T22146]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  291.032648][T22146]  _raw_spin_lock_bh+0x33/0x40
[  291.032662][T22146]  ? nr_rt_device_down+0xd3/0x810
[  291.032674][T22146]  nr_rt_device_down+0xd3/0x810
[  291.032688][T22146]  ? __local_bh_enable_ip+0xa4/0x120
[  291.032702][T22146]  nr_device_event+0x126/0x170
[  291.032712][T22146]  notifier_call_chain+0xbc/0x410
[  291.032727][T22146]  ? __pfx_nr_device_event+0x10/0x10
[  291.032738][T22146]  call_netdevice_notifiers_info+0xbe/0x140
[  291.032751][T22146]  netif_close_many+0x319/0x630
[  291.032763][T22146]  ? __pfx_netif_close_many+0x10/0x10
[  291.032775][T22146]  ? __neigh_ifdown.isra.0+0x523/0x920
[  291.032787][T22146]  netif_close+0x17f/0x230
[  291.032799][T22146]  ? __pfx_netif_close+0x10/0x10
[  291.032811][T22146]  dev_close+0xaa/0x240
[  291.032821][T22146]  bpq_device_event+0x601/0x840
[  291.032836][T22146]  notifier_call_chain+0xbc/0x410
[  291.032851][T22146]  ? __pfx_bpq_device_event+0x10/0x10
[  291.032866][T22146]  call_netdevice_notifiers_info+0xbe/0x140
[  291.032878][T22146]  __dev_notify_flags+0x1f7/0x2e0
[  291.032893][T22146]  ? __pfx___dev_notify_flags+0x10/0x10
[  291.032908][T22146]  ? __pfx___dev_change_flags+0x10/0x10
[  291.032924][T22146]  ? __mutex_trylock_common+0xe9/0x250
[  291.032941][T22146]  netif_change_flags+0x108/0x160
[  291.032957][T22146]  dev_change_flags+0xba/0x250
[  291.032968][T22146]  dev_ifsioc+0x1498/0x1f70
[  291.032983][T22146]  ? __pfx_dev_ifsioc+0x10/0x10
[  291.032998][T22146]  ? __pfx___mutex_lock+0x10/0x10
[  291.033009][T22146]  ? dev_load+0x8e/0x240
[  291.033024][T22146]  dev_ioctl+0x223/0x10e0
[  291.033038][T22146]  sock_do_ioctl+0x19d/0x280
[  291.033050][T22146]  ? __pfx_sock_do_ioctl+0x10/0x10
[  291.033062][T22146]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  291.033078][T22146]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  291.033094][T22146]  sock_ioctl+0x227/0x6b0
[  291.033106][T22146]  ? __pfx_sock_ioctl+0x10/0x10
[  291.033117][T22146]  ? hook_file_ioctl_common+0x145/0x410
[  291.033134][T22146]  ? selinux_file_ioctl+0x180/0x270
[  291.033147][T22146]  ? selinux_file_ioctl+0xb4/0x270
[  291.033160][T22146]  ? __pfx_sock_ioctl+0x10/0x10
[  291.033172][T22146]  __x64_sys_ioctl+0x18e/0x210
[  291.033187][T22146]  do_syscall_64+0xcd/0x4c0
[  291.033208][T22146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.033221][T22146] RIP: 0033:0x7f105598ebe9
[  291.033230][T22146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.033242][T22146] RSP: 002b:00007f1056807038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  291.033254][T22146] RAX: ffffffffffffffda RBX: 00007f1055bb5fa0 RCX: 00007f105598ebe9
[  291.033262][T22146] RDX: 0000200000000700 RSI: 0000000000008914 RDI: 0000000000000004
[  291.033269][T22146] RBP: 00007f1055a11e19 R08: 0000000000000000 R09: 0000000000000000
[  291.033276][T22146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  291.033283][T22146] R13: 00007f1055bb6038 R14: 00007f1055bb5fa0 R15: 00007ffd333b46a8
[  291.033293][T22146]  </TASK>
[  291.091953][    T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd

VM DIAGNOSIS:
17:24:03  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000d7a3c4 RBX=0000000000000000 RCX=ffffffff8b92ac29 RDX=ffffed100d486656
RSI=ffffffff8c161080 RDI=ffffffff819133c1 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08
R8 =0000000000000000 R9 =ffffed100d486655 R10=ffff88806a4332ab R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90aaff90 R15=0000000000000000
RIP=ffffffff8b92978f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d66c4000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000000700 CR3=0000000029ccc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000004 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff81dc2b76
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff81dc2b76 00007fff81dc2b7c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97e12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97e12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97e12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97e12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97e12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97e12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97f874a8 00007f2f97f874a0 00007f2f97f87498 00007f2f97f87470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f98aed100 00007f2f97f87460 00007f2f97f80004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2f97f874b8 00007f2f97f874b0 00007f2f97f874a8 00007f2f97f874a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=000000000003fa11 RCX=ffffffff822da5de RDX=ffff88802896c880
RSI=ffffffff822d9928 RDI=000000000003fa11 RBP=000fffffffffffff RSP=ffffc90006bff888
R8 =0000000000000007 R9 =0000000000000005 R10=0000000000000005 R11=0000000000000001
R12=0000000000000005 R13=0000000000000001 R14=ffff88803ea644b0 R15=800000003fa11867
RIP=ffffffff81bb9386 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe75e4eec80 ffffffff 00c00000
GS =0000 ffff8880d67c4000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fe75e856000 CR3=00000000494ae000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000004 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 0000ff0000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 000000ffffffffff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e322e325f434249 4c4700352e322e32
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000002e322e32
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c4700362e322e32 5f4342494c470035
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000030
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000018
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe75e859b20 00007fe75e85a050
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff856366d5 RDI=ffffffff9b106160 RBP=ffffffff9b106120 RSP=ffffc9000710ef78
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000032 R14=ffffffff9b106120 R15=ffffffff85636670
RIP=ffffffff856366ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f10568076c0 ffffffff 00c00000
GS =0000 ffff8880d68c4000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f1056806f98 CR3=000000002d23b000 CR4=00352ef0
DR0=000000000000fffe DR1=0000000000000003 DR2=0000000000000e8f DR3=0000000000000007 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000040003003 Opmask01=0000000000000000 Opmask02=00000000bdedfdff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0200000000000000 00000000000002ff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3483a96b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0200000000000000 00000000000002ff
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 730065756575715f 6c6f72746e6f6320 3a73250064697074 696177203a732500
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 560040504050545f 494a57514b4a4605 1f560000414c5551 4c4452051f560000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3701013563538263 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2730010001007100 0000ff133ddc0302 39773b3a3633211c 1a0f0c060379010e
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff 0101910101740050 24aa644eb46aac9c 2730010001007100
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff133ddc0302 39773b3a3633211c 1a0f0c060379010e 3701013563538263
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbff52532232d20
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=1ffffd40002e0c90 RBX=ffffea0001706480 RCX=ffffffff82074c78 RDX=fffff940002e0c91
RSI=0000000000000008 RDI=ffffea0001706480 RBP=0000000000000000 RSP=ffffc90003857830
R8 =0000000000000000 R9 =fffff940002e0c90 R10=ffffea0001706487 R11=0000000000000000
R12=00007f98043b4000 R13=ffffc900038579b8 R14=dffffc0000000000 R15=0000000000000000
RIP=ffffffff82074c84 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d69c4000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f9809ae7d60 CR3=000000000e380000 CR4=00352ef0
DR0=0000000000008009 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002020004 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9808f876c3 00007f9808f876c3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd500085e0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555575d64e7f 0000555575d64c30
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555575d5fa24 0000555575d5fa20
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555575d6e3d7 0000555575d6dee0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555575d5f814 0000555575d5f810
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 08060604069a3810 0002800401000002 080606010492048c 080002b003000488
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0120808210000580 0401000004080606 015dee20a0820800 05e00300100005d0
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0300100005c00302 100005b003401000 0690030fffffffff ffff040680030680
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0405a00300080005 90030fffffffffff ff04058003010000 0208060010000100
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000208060604069a 3810000280040100 0002080606010492 048c080002b00300
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000