last executing test programs:

4m6.180867616s ago: executing program 0 (id=980):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a3100000000"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

4m6.122325352s ago: executing program 0 (id=981):
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa001, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r2, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x100000})
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bff000/0x400000)=nil)
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x4, 0x2e8800)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_RMFB(r4, 0xc00464af, &(0x7f0000000080)=r7)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000024c0)={0x1, 0x0, @ioapic={0x3331a002, 0x800, 0x9, 0x6, 0x0, [{0x6, 0x0, 0x3, '\x00', 0x9}, {0xf, 0xdb, 0xc3, '\x00', 0x1}, {0x7f, 0xff, 0x6, '\x00', 0x4}, {0x0, 0x5, 0x80, '\x00', 0x3}, {0x6, 0x7, 0x7, '\x00', 0x26}, {0x8, 0xf9, 0x5, '\x00', 0x96}, {0x6, 0x9, 0xf8, '\x00', 0x6}, {0x9, 0x0, 0x2d, '\x00', 0x3}, {0x7, 0x5, 0xff, '\x00', 0x4}, {0x81, 0x0, 0x8, '\x00', 0x7e}, {0x2, 0xa0, 0x5, '\x00', 0xe}, {0x5, 0x9, 0x1}, {0x7f, 0x8, 0xb, '\x00', 0x2}, {0x4, 0x3, 0xf8, '\x00', 0x6}, {0x81, 0x0, 0x0, '\x00', 0xa}, {0x0, 0x40, 0x8, '\x00', 0x7}, {0x2c, 0x2, 0x0, '\x00', 0x80}, {0x0, 0x40, 0x2, '\x00', 0x69}, {0x5, 0x1b, 0x0, '\x00', 0xa}, {0xb4, 0x7, 0x5, '\x00', 0x1}, {0xf7, 0x3, 0x9, '\x00', 0x7}, {0x81, 0xf6, 0x0, '\x00', 0x9}, {0x0, 0x8, 0xad, '\x00', 0xb}, {0x0, 0xe, 0x7, '\x00', 0x7}]}})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r9 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x33565348, 0x0, 0x0, 0x0, 0x5, 0xfeedcafe, 0x3}})
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000380)="0f01c2c44221469fe1000000642e646766450fda690f66b8de000f00d08f481085580d43640f21a20f01c5c422e19e300f013166baf80cb82051a88eef66bafc0ced", 0x42}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_GET_NESTED_STATE(r10, 0xc080aebe, &(0x7f0000000440)={{0x0, 0x0, 0x80}})
r11 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r11, 0x402c5639, &(0x7f00000001c0)={0x1, 0x5, 0x1})
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r12, 0x6, 0x18, 0x0, &(0x7f0000002300))
r13 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
ioctl$KVM_SET_CLOCK(r8, 0x4030ae7b, &(0x7f0000000000)={0x98, 0x2, 0x5, 0x100, 0xb})
syz_open_dev$char_usb(0xc, 0xb4, 0xff)
openat$fb0(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r13)

4m4.549064287s ago: executing program 0 (id=986):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f0000000140)="84", 0x1}], 0x2}}], 0x1, 0x4400c000)
sendto$inet6(r0, &(0x7f0000000300), 0x48, 0x3b00, 0x0, 0xfffffffffffffdfd)

4m4.547491158s ago: executing program 0 (id=987):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2925099, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'ip6gre0\x00'}, 0x18)
sendmsg$kcm(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x10}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='5\x00'}]}, 0x1c}}, 0x20000080)

4m4.54576523s ago: executing program 0 (id=989):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a3100000000"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)

4m4.479532877s ago: executing program 0 (id=991):
socket(0x10, 0x2, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r1=>0x0}, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x3c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r7=>0x0})
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0x50, 0x21, 0x1, 0x40000, 0x0, {{@in6=@private2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0x50}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r7, @ANYBLOB="10007d80", @ANYRES32=r5, @ANYRESDEC=r1], 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0)

4m4.372636834s ago: executing program 32 (id=991):
socket(0x10, 0x2, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r1=>0x0}, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x3c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r7=>0x0})
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0x50, 0x21, 0x1, 0x40000, 0x0, {{@in6=@private2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0x50}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r7, @ANYBLOB="10007d80", @ANYRES32=r5, @ANYRESDEC=r1], 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0)

42.0290978s ago: executing program 4 (id=2539):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r0, 0x28, 0x6, &(0x7f0000000200)=""/59, &(0x7f0000000000)=0x3b)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc020000", @ANYRES16=r2, @ANYBLOB="020026bd7000ffdbdf2503040000640004801c0007800800030009000000080003000300000008000200070000000900010073797a31000000000900010073797a30000000000900010073797a31000000001300010062726f6164636173742d6c696e6b00000c000780080001001f000000640101800d00010069623a766c616e300000000044000280080001001c000000080001000e000000080002000700000008000300040000000800040001000000080001000200000008000200fdbb000008000200edd500001500010069623a76657468305f746f5f7465616d00000000380004001400010002004e22ac1414bb0000000000000000200002000a004e2000007ffffc01000000000000000000000000000004000000380004001400010002004e24ac1e01010000000000000000200002000a004e2200000003fe800000000000000000000000000038f9ffffff380004001400010002004e220a0101020000000000000000200002000a004e2100000004fe8000000000000000000000000000aa000400000c0002800800030000000000080003000100008038000400200001000a004e240000000420010000000000000000000000000000010000801400020002004e21ffffffff0000000000000000280002800800020085030000080001000000000004000400080002000900000008000200070000006c00028008000100040000002c00038008000100020000000800010001010000080002000100000008000200b600000008000200010000000c000380080001000400000008000100330d000014000380080001000100000008000100030000000400038008000100060000004c000280040004004400038008000100030000000800010001000000080001000800000008000100f9ffffff08000100ed000000080002000600000008000200040000000800010006000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x880)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f00000008c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)={0x230, r2, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x157a0a02}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8299}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x51}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x33f5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a58}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xab}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x2000c881}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6tnl0\x00', &(0x7f0000000a80)={'syztnl0\x00', <r3=>0x0, 0x29, 0x40, 0x4, 0x200, 0xc, @private0, @local, 0x7, 0x8, 0x7ff, 0x3}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000bc0)={'syztnl0\x00', &(0x7f0000000b40)={'ip_vti0\x00', r3, 0x700, 0x40, 0x1, 0xaf, {{0xd, 0x4, 0x0, 0x28, 0x34, 0x66, 0x0, 0x80, 0x0, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101, {[@ssrr={0x89, 0xb, 0x4e, [@empty, @remote]}, @noop, @timestamp_prespec={0x44, 0x14, 0xac, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xc}, 0xf}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x80000001}]}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b1b, &(0x7f0000000040))

35.257578166s ago: executing program 4 (id=2539):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r0, 0x28, 0x6, &(0x7f0000000200)=""/59, &(0x7f0000000000)=0x3b)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc020000", @ANYRES16=r2, @ANYBLOB="020026bd7000ffdbdf2503040000640004801c0007800800030009000000080003000300000008000200070000000900010073797a31000000000900010073797a30000000000900010073797a31000000001300010062726f6164636173742d6c696e6b00000c000780080001001f000000640101800d00010069623a766c616e300000000044000280080001001c000000080001000e000000080002000700000008000300040000000800040001000000080001000200000008000200fdbb000008000200edd500001500010069623a76657468305f746f5f7465616d00000000380004001400010002004e22ac1414bb0000000000000000200002000a004e2000007ffffc01000000000000000000000000000004000000380004001400010002004e24ac1e01010000000000000000200002000a004e2200000003fe800000000000000000000000000038f9ffffff380004001400010002004e220a0101020000000000000000200002000a004e2100000004fe8000000000000000000000000000aa000400000c0002800800030000000000080003000100008038000400200001000a004e240000000420010000000000000000000000000000010000801400020002004e21ffffffff0000000000000000280002800800020085030000080001000000000004000400080002000900000008000200070000006c00028008000100040000002c00038008000100020000000800010001010000080002000100000008000200b600000008000200010000000c000380080001000400000008000100330d000014000380080001000100000008000100030000000400038008000100060000004c000280040004004400038008000100030000000800010001000000080001000800000008000100f9ffffff08000100ed000000080002000600000008000200040000000800010006000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x880)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f00000008c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)={0x230, r2, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x157a0a02}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8299}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x51}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x33f5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a58}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xab}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x2000c881}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6tnl0\x00', &(0x7f0000000a80)={'syztnl0\x00', <r3=>0x0, 0x29, 0x40, 0x4, 0x200, 0xc, @private0, @local, 0x7, 0x8, 0x7ff, 0x3}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000bc0)={'syztnl0\x00', &(0x7f0000000b40)={'ip_vti0\x00', r3, 0x700, 0x40, 0x1, 0xaf, {{0xd, 0x4, 0x0, 0x28, 0x34, 0x66, 0x0, 0x80, 0x0, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101, {[@ssrr={0x89, 0xb, 0x4e, [@empty, @remote]}, @noop, @timestamp_prespec={0x44, 0x14, 0xac, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xc}, 0xf}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x80000001}]}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b1b, &(0x7f0000000040))

28.278207118s ago: executing program 4 (id=2539):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r0, 0x28, 0x6, &(0x7f0000000200)=""/59, &(0x7f0000000000)=0x3b)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc020000", @ANYRES16=r2, @ANYBLOB="020026bd7000ffdbdf2503040000640004801c0007800800030009000000080003000300000008000200070000000900010073797a31000000000900010073797a30000000000900010073797a31000000001300010062726f6164636173742d6c696e6b00000c000780080001001f000000640101800d00010069623a766c616e300000000044000280080001001c000000080001000e000000080002000700000008000300040000000800040001000000080001000200000008000200fdbb000008000200edd500001500010069623a76657468305f746f5f7465616d00000000380004001400010002004e22ac1414bb0000000000000000200002000a004e2000007ffffc01000000000000000000000000000004000000380004001400010002004e24ac1e01010000000000000000200002000a004e2200000003fe800000000000000000000000000038f9ffffff380004001400010002004e220a0101020000000000000000200002000a004e2100000004fe8000000000000000000000000000aa000400000c0002800800030000000000080003000100008038000400200001000a004e240000000420010000000000000000000000000000010000801400020002004e21ffffffff0000000000000000280002800800020085030000080001000000000004000400080002000900000008000200070000006c00028008000100040000002c00038008000100020000000800010001010000080002000100000008000200b600000008000200010000000c000380080001000400000008000100330d000014000380080001000100000008000100030000000400038008000100060000004c000280040004004400038008000100030000000800010001000000080001000800000008000100f9ffffff08000100ed000000080002000600000008000200040000000800010006000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x880)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f00000008c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)={0x230, r2, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x157a0a02}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8299}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x51}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x33f5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a58}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xab}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x2000c881}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6tnl0\x00', &(0x7f0000000a80)={'syztnl0\x00', <r3=>0x0, 0x29, 0x40, 0x4, 0x200, 0xc, @private0, @local, 0x7, 0x8, 0x7ff, 0x3}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000bc0)={'syztnl0\x00', &(0x7f0000000b40)={'ip_vti0\x00', r3, 0x700, 0x40, 0x1, 0xaf, {{0xd, 0x4, 0x0, 0x28, 0x34, 0x66, 0x0, 0x80, 0x0, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101, {[@ssrr={0x89, 0xb, 0x4e, [@empty, @remote]}, @noop, @timestamp_prespec={0x44, 0x14, 0xac, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xc}, 0xf}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x80000001}]}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b1b, &(0x7f0000000040))

21.300312588s ago: executing program 4 (id=2539):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r0, 0x28, 0x6, &(0x7f0000000200)=""/59, &(0x7f0000000000)=0x3b)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc020000", @ANYRES16=r2, @ANYBLOB="020026bd7000ffdbdf2503040000640004801c0007800800030009000000080003000300000008000200070000000900010073797a31000000000900010073797a30000000000900010073797a31000000001300010062726f6164636173742d6c696e6b00000c000780080001001f000000640101800d00010069623a766c616e300000000044000280080001001c000000080001000e000000080002000700000008000300040000000800040001000000080001000200000008000200fdbb000008000200edd500001500010069623a76657468305f746f5f7465616d00000000380004001400010002004e22ac1414bb0000000000000000200002000a004e2000007ffffc01000000000000000000000000000004000000380004001400010002004e24ac1e01010000000000000000200002000a004e2200000003fe800000000000000000000000000038f9ffffff380004001400010002004e220a0101020000000000000000200002000a004e2100000004fe8000000000000000000000000000aa000400000c0002800800030000000000080003000100008038000400200001000a004e240000000420010000000000000000000000000000010000801400020002004e21ffffffff0000000000000000280002800800020085030000080001000000000004000400080002000900000008000200070000006c00028008000100040000002c00038008000100020000000800010001010000080002000100000008000200b600000008000200010000000c000380080001000400000008000100330d000014000380080001000100000008000100030000000400038008000100060000004c000280040004004400038008000100030000000800010001000000080001000800000008000100f9ffffff08000100ed000000080002000600000008000200040000000800010006000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x880)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f00000008c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)={0x230, r2, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x157a0a02}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8299}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x51}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x33f5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a58}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xab}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x2000c881}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6tnl0\x00', &(0x7f0000000a80)={'syztnl0\x00', <r3=>0x0, 0x29, 0x40, 0x4, 0x200, 0xc, @private0, @local, 0x7, 0x8, 0x7ff, 0x3}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000bc0)={'syztnl0\x00', &(0x7f0000000b40)={'ip_vti0\x00', r3, 0x700, 0x40, 0x1, 0xaf, {{0xd, 0x4, 0x0, 0x28, 0x34, 0x66, 0x0, 0x80, 0x0, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101, {[@ssrr={0x89, 0xb, 0x4e, [@empty, @remote]}, @noop, @timestamp_prespec={0x44, 0x14, 0xac, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xc}, 0xf}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x80000001}]}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b1b, &(0x7f0000000040))

14.0687213s ago: executing program 4 (id=2539):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r0, 0x28, 0x6, &(0x7f0000000200)=""/59, &(0x7f0000000000)=0x3b)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc020000", @ANYRES16=r2, @ANYBLOB="020026bd7000ffdbdf2503040000640004801c0007800800030009000000080003000300000008000200070000000900010073797a31000000000900010073797a30000000000900010073797a31000000001300010062726f6164636173742d6c696e6b00000c000780080001001f000000640101800d00010069623a766c616e300000000044000280080001001c000000080001000e000000080002000700000008000300040000000800040001000000080001000200000008000200fdbb000008000200edd500001500010069623a76657468305f746f5f7465616d00000000380004001400010002004e22ac1414bb0000000000000000200002000a004e2000007ffffc01000000000000000000000000000004000000380004001400010002004e24ac1e01010000000000000000200002000a004e2200000003fe800000000000000000000000000038f9ffffff380004001400010002004e220a0101020000000000000000200002000a004e2100000004fe8000000000000000000000000000aa000400000c0002800800030000000000080003000100008038000400200001000a004e240000000420010000000000000000000000000000010000801400020002004e21ffffffff0000000000000000280002800800020085030000080001000000000004000400080002000900000008000200070000006c00028008000100040000002c00038008000100020000000800010001010000080002000100000008000200b600000008000200010000000c000380080001000400000008000100330d000014000380080001000100000008000100030000000400038008000100060000004c000280040004004400038008000100030000000800010001000000080001000800000008000100f9ffffff08000100ed000000080002000600000008000200040000000800010006000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x880)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f00000008c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)={0x230, r2, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x157a0a02}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8299}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x51}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x33f5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a58}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xab}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x2000c881}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6tnl0\x00', &(0x7f0000000a80)={'syztnl0\x00', <r3=>0x0, 0x29, 0x40, 0x4, 0x200, 0xc, @private0, @local, 0x7, 0x8, 0x7ff, 0x3}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000bc0)={'syztnl0\x00', &(0x7f0000000b40)={'ip_vti0\x00', r3, 0x700, 0x40, 0x1, 0xaf, {{0xd, 0x4, 0x0, 0x28, 0x34, 0x66, 0x0, 0x80, 0x0, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101, {[@ssrr={0x89, 0xb, 0x4e, [@empty, @remote]}, @noop, @timestamp_prespec={0x44, 0x14, 0xac, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xc}, 0xf}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x80000001}]}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b1b, &(0x7f0000000040))

6.361864942s ago: executing program 4 (id=2539):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r0, 0x28, 0x6, &(0x7f0000000200)=""/59, &(0x7f0000000000)=0x3b)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="bc020000", @ANYRES16=r2, @ANYBLOB="020026bd7000ffdbdf2503040000640004801c0007800800030009000000080003000300000008000200070000000900010073797a31000000000900010073797a30000000000900010073797a31000000001300010062726f6164636173742d6c696e6b00000c000780080001001f000000640101800d00010069623a766c616e300000000044000280080001001c000000080001000e000000080002000700000008000300040000000800040001000000080001000200000008000200fdbb000008000200edd500001500010069623a76657468305f746f5f7465616d00000000380004001400010002004e22ac1414bb0000000000000000200002000a004e2000007ffffc01000000000000000000000000000004000000380004001400010002004e24ac1e01010000000000000000200002000a004e2200000003fe800000000000000000000000000038f9ffffff380004001400010002004e220a0101020000000000000000200002000a004e2100000004fe8000000000000000000000000000aa000400000c0002800800030000000000080003000100008038000400200001000a004e240000000420010000000000000000000000000000010000801400020002004e21ffffffff0000000000000000280002800800020085030000080001000000000004000400080002000900000008000200070000006c00028008000100040000002c00038008000100020000000800010001010000080002000100000008000200b600000008000200010000000c000380080001000400000008000100330d000014000380080001000100000008000100030000000400038008000100060000004c000280040004004400038008000100030000000800010001000000080001000800000008000100f9ffffff08000100ed000000080002000600000008000200040000000800010006000000"], 0x2bc}, 0x1, 0x0, 0x0, 0x4}, 0x880)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f00000008c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000340)={0x230, r2, 0x10, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x157a0a02}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80000001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a1}]}, @TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xf1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8001}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8299}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x51}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x33f5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a58}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xab}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x2000c881}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000b00)={'ip6tnl0\x00', &(0x7f0000000a80)={'syztnl0\x00', <r3=>0x0, 0x29, 0x40, 0x4, 0x200, 0xc, @private0, @local, 0x7, 0x8, 0x7ff, 0x3}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000bc0)={'syztnl0\x00', &(0x7f0000000b40)={'ip_vti0\x00', r3, 0x700, 0x40, 0x1, 0xaf, {{0xd, 0x4, 0x0, 0x28, 0x34, 0x66, 0x0, 0x80, 0x0, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101, {[@ssrr={0x89, 0xb, 0x4e, [@empty, @remote]}, @noop, @timestamp_prespec={0x44, 0x14, 0xac, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0xc}, 0xf}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x80000001}]}]}}}}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r4, 0x8b1b, &(0x7f0000000040))

3.837024631s ago: executing program 1 (id=3377):
ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000400)=[0x1, 0x9])
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r3, 0x1, 0x70bd25, 0x25dfdbf4, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4)

3.664860183s ago: executing program 1 (id=3378):
syz_emit_ethernet(0x3a, &(0x7f00000004c0)={@random="a579bbcb1e8e", @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x4, 0x0, @empty=0xe0, @multicast1}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'virt_wifi0\x00', @ifru_flags}) (async)
ioctl$sock_proto_private(r0, 0x8b24, &(0x7f0000000080))
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) (async)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r3)
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000240)="0000000000000002ff69000000000001000000180000000200861f4104bfeacdd5a9007d16dcdc2850b536f0", 0x2c, r4)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x70, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_FD={0x8, 0x5, r2}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e20, 0xd, @private0={0xfc, 0x0, '\x00', 0x1}, 0x10001}, 0x1c)

3.580271205s ago: executing program 1 (id=3379):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
listen(r0, 0x1ad72f7)
accept4(r0, 0x0, 0x0, 0x80000)
accept4$netrom(r0, 0x0, 0x0, 0x80000)

2.717866952s ago: executing program 1 (id=3382):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007"], 0x50}}, 0x0)

2.717670771s ago: executing program 1 (id=3383):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x8, @mcast2}, {0xa, 0x0, 0x7, @remote}}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000080)={0x1, 0x10}, 0x18)

2.660349021s ago: executing program 1 (id=3384):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="180763498328039ab54d0000000000001811f800", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000001000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)="c2fb1a94", 0x4}, {&(0x7f0000004300)="26ab89597cd75711bcb2d00969f8d9882c9f2544badafea986a4975a564f38742db41a6ca3569fee72603d21d22acafe68175ebf8a3e0b9903aadc68ed715a2c88829620ad533c0b817577923b62c7ec4644b85bf762cd0c9c8089d357f298eca488a9bb0d2b71a00d72d9fb4e57deaa6dbb36d68d89e8c2eb519238019efc8aab8d3d7f232c6c35a3faf8d3e75dacec02dd65299b69d29a4fe7835a9cdf85276f774464ca7d5f7f1e3e0284f0a7c2fa18593c4730ced6c6bfa169a00f2526576f737afa1d7a9903d5374275d33b34f192ee013c8298d481aa0465219f1abfff34873ad7e2c6f0f57ccbecc6462c47e0db8f5a", 0xf3}], 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
syz_usb_disconnect(r3)
r4 = syz_usb_connect$cdc_ecm(0x5, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902"], 0x0)
ioctl$EVIOCRMFF(r3, 0x550c, 0x0)
syz_usb_disconnect(r4)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce850000000400000085000000050000009500"/89], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='global_dirty_state\x00', r6}, 0x10)
r7 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/power/reserved_size', 0x101002, 0x0)
sendfile(r7, r7, 0x0, 0x401)
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f0000002140)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000440)={0x50, 0x0, r9, {0x7, 0x29, 0x0, 0x14c0348, 0x0, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1)
ioctl$TIOCGPTPEER(r10, 0x4004092b, 0x8)

1.870325683s ago: executing program 2 (id=3385):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001b00000008000300", @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x1000000}, 0x0)

1.870168512s ago: executing program 2 (id=3386):
r0 = syz_open_dev$evdev(0x0, 0x9, 0x808c2)
ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000400)=[0x1, 0x9])
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r4, 0x1, 0x70bd25, 0x25dfdbf4, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4)

1.790315238s ago: executing program 2 (id=3387):
r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x44, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_connect$cdc_ecm(0x1, 0x0, 0x0, 0x0)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x800}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x1000000, 0x0, 0x0, 0x0) (fail_nth: 15)

359.09172ms ago: executing program 2 (id=3388):
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000001140)=ANY=[@ANYBLOB="030000000000000002004e23e0"], 0x90)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000810)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x40080)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xf}, {}, {0x5, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8801, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0xa}}]}}]}, 0x7c}}, 0x24040084)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
syz_open_dev$mouse(&(0x7f0000000040), 0x9, 0x34403)

358.536999ms ago: executing program 2 (id=3389):
syz_emit_ethernet(0x46, &(0x7f0000000080)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x10, 0x2c, 0x0, @dev, @mcast2, {[@hopopts={0x3c}], @echo_reply}}}}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000cc0)=@newsa={0x148, 0x1a, 0x713, 0x0, 0x0, {{@in=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, {@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x3502, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0xb1}}]}, 0x148}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@getnexthop={0x20, 0x6a, 0x262, 0x70bd25, 0x25dfdbfc, {}, [@NHA_ID={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x24000850)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x2e}], 0x1}, 0x0)
r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000180)={[{0x2d, 'blkio'}, {0x2b, 'hugetlb'}, {0x2b, 'io'}]}, 0x14)

299.905306ms ago: executing program 2 (id=3390):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
listen(r0, 0x1ad72f7)
accept4(r0, 0x0, 0x0, 0x80000)
accept4$netrom(r0, 0x0, 0x0, 0x80000)

229.974754ms ago: executing program 3 (id=3392):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a182"], 0x50}}, 0x0)

229.59492ms ago: executing program 3 (id=3393):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0)
timerfd_create(0x9, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

80.282804ms ago: executing program 3 (id=3394):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000000)=0x3, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtaction={0xf8, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0xe4, 0x1, [@m_sample={0xe0, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x2, 0xff, 0x8, 0x2, 0x7ff}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x55}]}, {0x92, 0x6, "36692424b97429af7bfa3b5a24e5fa5d2a435d13b9872aabccd1c6b342c14f2aeb4e8a02bf5249d3df633158f1a9aea62ad8013d2b836fffc32d365c1364ef728c0235806540697548cda1b75e619a021d04eb760b450aa91b6050dbfefcf78bb4cd789a3f7cefdee329af0ec54afacc2f6ab4a9e64ef2db849871b80057e6d4eab154ac580456143df8ab626f3b"}, {0xc, 0x7, {0x1}}, {0xc, 0x4, {0x3}}}}]}]}, 0xf8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="f00000001000000228bd700000000000ac1e0401000000000000000000000000ac14141b0000000000000000000000004e230001000000030200000033"], 0xf0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000054000100010000000000000007000000", @ANYRES32=0x0, @ANYBLOB="2000af12", @ANYRES32=0x0, @ANYBLOB="01000300ac1e000100000000000000000000000086dd0000"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@uuid_null}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@metacopy_off}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000000)='U', 0x1}], 0x1)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
fcntl$setstatus(r2, 0x4, 0xc2400)
write$USERIO_CMD_REGISTER(r2, &(0x7f0000000280), 0x2)

80.10049ms ago: executing program 3 (id=3395):
r0 = syz_open_dev$evdev(0x0, 0x9, 0x808c2)
ioctl$EVIOCSKEYCODE(r0, 0x40084504, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r4, 0x1, 0x70bd25, 0x25dfdbf4, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4)

15.734903ms ago: executing program 3 (id=3396):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x1, 0x101200)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000040)={0x800, 0x4, 0x6})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x7c, 0x1, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_TABLE_USERDATA={0x65, 0x6, "cbb1002cde5bf0e432c795b97c7d2ac5b231f0bedf50ba8dbd454127638379cab3e54830e477e16947980b4bbc2da73f41bd869ae8ed7272ab0728f30d00c30a88f330aaac5642449b3ddd61f475bec164a6c2de7d241a8ca63fdcf751018d2853"}]}, 0x7c}, 0x1, 0x0, 0x0, 0x40}, 0x40400c0)
r2 = syz_open_dev$sg(&(0x7f00000001c0), 0x6, 0x2a0a80)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cgroup.kill\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(r3, &(0x7f00000005c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={&(0x7f00000002c0)={0x288, r4, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4b}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xab9}]}, @TIPC_NLA_SOCK={0x58, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80000000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xe10}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x958}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xf7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xa9}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9d2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x800}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK={0x5c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x200}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6abe}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_SOCK={0x30, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6aa}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fffffff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xa79c}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}]}, @TIPC_NLA_NODE={0xe0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xdc, 0x3, "76593ef2e671e57cd9ed18e1472a4426dc1a843219d3692af8d26bf3d8678d61bbb17b9100a8d04177b28e8ae55b01d22aac7ffec6682487be77e1c883bfd931ec89287759854cee0392ab1f6eecea106985e454f3e1f70f23a65605dd6c8cbb78ca8e7734b6c2aabf36e82222f3a3528ea1b494295bc030d87e668085a3e20054b0c58f03f984c0a3e95104e8e092a96dda54b2cb584516ba733eb4c8454a0b93c4395012d76dd7912b912b366b563151f55a533f29c97cf8ed81df4301fe64f81d317463faa5c947ab7ee8d8889d295ab616348c565f3f"}]}]}, 0x288}, 0x1, 0x0, 0x0, 0x20080040}, 0x24048000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r3)
sendmsg$NL80211_CMD_GET_KEY(r5, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x5c, r6, 0x2, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x668e, 0x42}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "b49632e239"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY={0x2c, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_DEFAULT_TYPES={0x14, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000002}, 0x800)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000007c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000900)={&(0x7f0000000780), 0xc, &(0x7f00000008c0)={&(0x7f0000000800)={0x8c, r6, 0x20, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0xe}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x6}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x8}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xe9e1}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x16}]}, @NL80211_ATTR_CQM={0x38, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x9406}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x8}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xc]}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x6, 0x9]}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x3fd}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xe5c}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x24000010}, 0x40801)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000a80)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000980)={0xb4, 0x1, 0x9, 0x304, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1d}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x84, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x10}}, {0x8, 0x2, @broadcast}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x800}, 0x20040004)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000b00)=@attr_other={0x0, 0xcf, 0x8, &(0x7f0000000ac0)=0xdd})
sendmsg$DEVLINK_CMD_SB_POOL_GET(r3, &(0x7f0000000d40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x80000020}, 0xc, &(0x7f0000000d00)={&(0x7f0000000b80)={0x17c, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x6b20}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0xd}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x200}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x99a1}, {0x6, 0x11, 0x1ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x470}}]}, 0x17c}, 0x1, 0x0, 0x0, 0x5}, 0x4000000)
r8 = accept$ax25(r3, 0x0, &(0x7f0000000d80))
fstat(r5, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
quotactl_fd$Q_SETINFO(r8, 0xffffffff80000600, r9, &(0x7f0000000e40)={0x20000000, 0x8, 0x0, 0x1})
r10 = openat$null(0xffffffffffffff9c, &(0x7f0000000e80), 0x189002, 0x0)
setsockopt$packet_int(r10, 0x107, 0x14, &(0x7f0000000ec0)=0x5390, 0x4)
recvfrom$inet(r3, &(0x7f0000000f00)=""/148, 0x94, 0x40010122, &(0x7f0000000fc0)={0x2, 0x4e20, @private=0xa010101}, 0x10)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r10, 0x4068aea3, &(0x7f0000001000)={0x8f, 0x0, 0x4})
mkdirat(r3, &(0x7f0000001080)='./file0\x00', 0x12c)
r11 = openat$null(0xffffffffffffff9c, &(0x7f00000010c0), 0x80000, 0x0)
r12 = syz_open_dev$evdev(&(0x7f0000001100), 0x7fff, 0x80)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20240, 0x0)
r14 = open_tree(0xffffffffffffff9c, &(0x7f0000001180)='./file0\x00', 0x80000)
ioctl$FIDEDUPERANGE(r11, 0xc0189436, &(0x7f00000011c0)={0x2, 0x8001, 0xa, 0x0, 0x0, [{{r8}, 0xfffffffffffffffc}, {{r8}, 0xff}, {{r10}, 0x7}, {{r12}, 0x1}, {{r5}, 0x1}, {{r8}, 0x2}, {{r5}, 0x5}, {{r13}, 0x4}, {{r2}, 0x9}, {{r14}, 0xe11b}]})
ioctl$TUNSETOFFLOAD(r11, 0x400454d0, 0x10)

0s ago: executing program 3 (id=3397):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000000)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file0\x00', 0x109281, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002280)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x110002, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000007080)="f5201a6b6542be6cbad26e239346ffe3dbc7125e4eb0daba2e9ba73337e45b1a2c2828afbe1d99c856f2d7c9b91364a83e3c477d5e9569cf8787de2fd830003be5c3bbb4a246c4e13764c6e255ef511c263c70adb80380cc2b3247fb61ebddd2b945820fc646375953f1322be813b875bf64256ac7a8debe881f8352dc9fd70b9473bf07932110a5d1a94144b2ab0b4cd92458041eef085b29b5c115df0d7db2bea67006c66b64015fc980343e5ff451373afc63f2ae21d63cddeb3b0c53bbb4e0e31663f5b1b53de22517869df6114ac9047ee98a692b4f0e3e7cfc4e42368f217cc705f2bc5d10454ab30eda651c6ee29f0cc5a6ca7b384949955785844742121b5734a8cf3f3fe1d3e5c2085da26a028ba6c84d5cbce6afbe13cbb179d4c251e1d2d68e8c7d9c34eee698ceeb6e40aed55c62c45d8c7fcb2cfe95ce261238ca5c4458647ed7a001788e991e3d2ecfc77bedec164efda9e4a5d5f03043628fd8b5f906371c52e7de2e760b820dce5c3629610a48a036cd54f23ec3ef274f8da724f45c482505864c87359d4411cad79d7434c9a9d79323410b671880a344b933a47d735abd0e63308cf7f6e15790a50ccbcce072526952c763775066125af0fcde57ba3c514301aef17391c76adfc2419829a88e0d91b947d278cd03d94ce98ec639a6163eaa9755b1813685080ce588251fbd4240a7f65cdc1074503b0fe49b24996e52c6899ac90014d9a58566e841bcac357ed59f7e727475be4f7a526a5b420c5d6ababab7e7f8ba6ef6f3455a5aed80f4aaadb58fb38f725d524b4fd63238e07936d62e81ef46bb7346d7f55c4fdbe7606b1053f6faf6d80612311823efe1e6522fd5bbb77c52c868362f263e56ea1447b612d681828561adefdd28fb855fd81f27e2698cc02bbcf7d653cf8dc9eea252f2b1f48c0d2ab70ece454daf9b5829d7106eb8ca8807eebd07d1bf6af6a4523577db893995778759e1be294aea8edb9226a9acbd44f98f60641f87195521491e621b10cc2032434f319e76743601a0bcc99fb3636389172a790e25260de7cb58961f9ad44d16c7604402bbca8cf82be528a64107c0dd114fd3458c471e97888c1c739dc678b43b202c603946cb5720a1e7331282a48afb12b461c41b6fd92b97c6960ac9f664f509b02c8267d722f372b007befada669d4cc36fb931763ffd8744b10e78cb849d40f88d190778a70f902faa4f34cae0b9e163b59b1bae96a933afecbc6a768f1d7ae20bf2771f28c1a3d333ae0b6f691d2f985e1ed6d0e1c29d7db36234b9bec18a1ee98b9ae90e4706d1c952f6059cc4d64bfc14152a88443f260d179c705df71e006a60981fefaa8a51c9c368680b830967b01b60734b9924335d7700b083bd7e87b3ad2f3d497e914368a15c5456d08861fb7513e96acb49935dc3f46fcaa297cdbdc759cb8a5a2515a482ca60440da8b7d5a8c79659d99e3892f9086b372d78622d3689267652c4dd60754cb8eb45028b0c237adff5ffaeaf78ed5a541c57feeb014a53e2a98042d5712d5f7a779b7a12bc120b8cf6df35b258fe1ad7ebdbee88d25355560fad504dce4bd878df5e43c55e765ac324dd8d65ce29c2a93f9e085bb51ff75dbbf314ed6aa3a36330fd146d28654c659f1c6c5089c3619be1c7707be835500fb15bf873ab35517b743207621346db75d16fb21624c04ceddda2d607642004f611db7414e1c593ef38c62e4d27a8b7833436609c284a46edc9b973e790aba0bf4c6bc0069ce9372c6c7b93d15740771ddf9c704338f4af870c649ecdaeab106b1242dbb74c284bfb5d87aa688d27befe1dc0d1019fde1842e89eee67e11f925672ebff47e4503e02fa989297e9461d540000b5e0ed2d957efc3b77a10181597c7fb2c94e62db50e46c46d10c1127573bae01166170467b7641d7e07dcd879f04b8dc08dcf460bef8e83aae33151a72eddf9ccac4eb95c48cb4008ba3fea542b2e3c6c4c07850cd4ca551536a20d18ed18852baaaf7339908583aae41f08f3c6f5811cd730e849dc8382e8bdf3519ab900d38a0a9822400d619b52a957b1bbe8384619e5d65588a2ca6bf068ca27fce9aa0448a60d04b3b230db3a939409ec7df45d70a944b34baaf0bf951d205667c8281e9e87468d1a2f6edf79a7d5df12a8564e56d3a952efa4c4be2b09be2c3d699b05268e8cfe998a9f37b8714c92647ada8a8129bc4084624c6f1059f834193deef961f5dbfe500c1bf781f45441984d52800d81d814a82ec4f859c7217146ac447c8462612574a1a8603148ed46bf3e195d417bbe43aa6bf83ea8fb525941ef8dd56149bd6fdcbf626609ddb699e40e83fa4792b39384eb0d1b78c97c6798537b192753caed3a5eaa4a33d54b473b43851cb282cd857ae11a4d34c6b53fc1c334f8ec42672295b88a326b65d338a70bb3d5d866ff55a9ce0345c7a890cd6dee36012c76d862802c9cbaf1abbab99dc898eb432f50474ae6c202121d19f8d0467fcb1279457accf9b777c75390756762dde795d94aaba4c1729f559adc33966fbf517fc91fae21bd8ef22e914bbe6bae774246749ad63d8d16f21c9aebc80a97be408443ae60af610dd3ad9964b2401e049b09dbb46f6126d3d534a7786bb3663719943111231d18e51ed534b1e28807c062280924e5d53a8a1316ca2b5936911a267d5b799fd7d8e5e725271d5b8eb90e3dd9ef9eb1400c68eb8f88622f548af7df4846758cfb74aeb48588d1820f504e97ae1d818feb7113175b04e7c0bae6239672c987253cdf0e9845119f3f200d40f586ab986312144c3525acb78a5784f5707217105bae651e0c000792f4e88c1a924d33fbe5474a71b1e193a8d3a6a65dc485f2a299e7d07a6cf621260dcfc5d79c9243618f57507ca025baa53b3e684667f33dfb8ab9065cc548ad5c881bceb5d937462ea850fc197f5ae8c9489815b2cff853895e987e684195a094d8460ee52ef9d8f6fa0ba01092f0cdffcc7a682ca3125058ce9ed0064d7d0a868b0419b49ded3d93f0c7e1d700288350ff4c130cf6e0b507ce6064623294536c8fc4011b9b40299bfe02144806411d5b36997db26033a5ddeecd6bf3faefd3ca0a6cb70b0561106b2dabb06cf88bb6fa283e43dcd2fa1f33063183e15450385ba6fed4436502211d3181351db793a76ae11ebde2b23f340b7522748a4602ec469b88eb7f3d1325baa536ab8096c58c6f2b4863a541f618112643e194a5873cdae4172bb3005743782d8af22dbf23ab60e7d0f4ceb3ef0c46e23e1ecee1839558bc5c146dd97aba7651dfd2401fb8aec4eda71b1b15a2570130f0f5ff489ad4355a708a6eafa9752eb5c9f7a83f43c3e3b317e7e68133573f585fc27c5cfc0d90016f5be8594e1cfac36b24570cebb5be46d3f5917441ccadc355536b8b9b455b87667edd802b77178251afdefe9a4b5f0ff7e59fa5cf9b449e18bc4bf8154f15913128a2584f7d60a3c09f467233783690df422d3d9982200eb604ec2ef50830bba6f82e8b91823808fac0b07bc0e51a671c32dea0f2f9aa2cfbbc91cdf54b719b6009ce750bab1680cac77398b2a619d550161fa70e7e8b86fb535f8797fca75708efba7f0d95da4ac235d9de68a50c998a72c0c2da90f511ea456f776c881b8416b894cd835ad13c62b035ef4d220a66c86c1c00de534690e42d064bf4fff946af98aec3f9490d6f0586e891d272a4bfb776ab84bd693af6526c4b09beab2460634d929bcc61cf75b041f067e7b503ecd6a80934e169ebb0ac926a85b53cb1d7b63eee6abcd9e250834da6e4da23b3b3d90c2f726861760ca14b78d5e895eb7fa2e8b39f724a0371412b1c94c6a42f1beeae2328e353971531bddcda730b6a0d90f7c58e3ce5953cf5a6c9e3fd657c92fe4b5b8b0b659353944afa5c69c309527d6d4039e78c675c8d2f527fbcb2b765864fed987f785221862bd7deb66e6676ddebdd19cf4cb26869f562928dc98088bb69281615fc6a2dafc466e70ff9ea1a411e1a3ba3f94ed7d429796afc9f0c95da19a4db691c36407985e5f08473dd8afd9de88b2c26b6ebd2ea35177238e18dfc36d579a80074c06f5cca60cf6d64d27eeb121c6c8e5e09aa3165c101068cb748694695e803540d947f33740d30616001448173ef57bbcb82fcb213348a2a58e2d14480b1ce1ad346729631b91f7e343e37abd8e787274ff4598acc99cc58f3578979e6e6a1926333bd8818a256b58e67c6f77145ee26f24998cab89021423e03326c175adaa8ea905122553948ece311cbcb770222e7f4f373398497c8c301480d031fc53c2a7018d91777cec253e89e28a82d15e01c12c0ccae1b56ecff35b90b19769bff4b786d4624679abe852780e9e4b9985e0564ee604027dc2a60f65d2fcf1d354e163a8465f77eb67e2a6c9fa89ea0768f9cf117fd1ea8969e592da11d34f6f9b7adb24f3261dd14199fea6da6b5d31f825b3706492b3305cbf6ef553fadfcad51a0484f09a8d2491c8a937fdd36d9e0b94fb6bdca6e80a6079739cc1d455fd735e89fe89938a7132dc0c9f181953dd9cf2d106a3f1478b46ddf35aae9bc6932227d79ac4f534967be2cbc30fa254658b61752b534257fcda6338c36710bd8db219ec394b41e7fe541f9086ce19d28e13d2b3c384745fc88ed0cb5ef414e23e8782f99307c49121a733875e9fb9c8559d8ad6bab256dde2bfdee4286c1419b80acf55dd09da71116c0fa902d8e89465c313c311f272a11cd17417372dc74e01f3ba1a9afd8bcb9fad57cde63ad59a6999caaa359e6e5b4216dd3b0bc8d310e28c8a1232cefcbd5070d0537097e370433bc1017b7b1c4efa694a25b4385bccbdf79affb0b6d203b3cefe637fd6f7b51f5ec297471c874a57145b254bd14b89fe62709c94ca3cae304739294c7b4a871768e11cb7a2db0aaeff4abbd00c70b4d4e5e8f8c6d34afe3d619404e20ccf628f7902c17ab1200644fe465751587800d59acb3abd1f8a832a03f1634c0b7e4fb3086fd21c046d7430a1faadbd9b1625ee70c1071bede890f1c07113aed9b1a35ab0fb823e2cb38d2ee6376800f63d28326ec3be129333e1024d17c46198e329779a79f4ee69b56374268fefdd29995e411052bcc92318c636aa9fa634f3e537712f720a52cd95d5472cdd6b4eb66bd1ed2c41cb37c615eb486855671d964ba46ee44eb61ffcb0b22b20632ce3222e4c3037f348d5dec196f9e2bcc2335284f5529e4de9e6b4b84fc559de63357bc8ca0a00c16bdea79372b13abb251fd4bc52f1f732811b65b4c51715da133b20caba229244060fdec0ad4c47fdf1963b6aa1acf998585c59867b5afcd08958dceb9937a97e87b2153f45970ca77e5524c5160c69963717630795e3a4768e2521617bc211926e5cb08edea70cae99c6d7eff4c1e041c7ab0d3473d6ceb3cbc24a9f45c5818896463360490911b1fb77a24aa3b394e3ee1155ea2fbc6686db2c715670dc9187b33f3051b4b894b616bdf7fb287113c315413d83e0540676fe9a48d523bef3280611165fb77c7bb33c0a087fc06e7702fc7d8ea4f7aa264c7ed332af03ae3e392bc0f96ec11e3bca6604ccb7941043fb043b4880de676efaf3f0fba185e90db8e8e6718058fd1d26c49d0a163264d4aaf7094d02d6898f75c6edf2e49edf7b0a645018220535e8694baa1e910df6e493c0812c2cbb16966cb22af208279947f9490f2f5d3a49596050604f920af8fa41c5a339609659f331f24fa0aec3787d052a02541137dd1ccdc30970a879e4a42e491137bb3cddf2c87ea6368bc4d9aad9089af50b71d56bd296d891ac2fbec84303486739a44850680353efa2203d7fcfa00d9cd81433adcad3e6aac009784b63a3b7aca58155b24274b2d41de998321bdf0229ce74a0c61a24d74ceb30d4ba766632c4a48d9db4e3b3334830b12f3136158fb16fa745c2ebad16b65b279d28332894755de3e7ae2aa88f9e2af8a46200c427540eb68907152ee7d53212b55c170ab67c47c884db89757b09dc035ea59fe2be1f384b3edef6925c399753832d32296100ca4e2699154d6ed86bc145e92d699e43c2269ed359a004aee75ac5e730dffec87f239328bc95cc281a9c0bba661f6d36ac11d1151851c70cf39fbbabff2190b619294db73008e3d32acb0b29aa3d28d1e50784dbe35eb911d838bd710336612170666ea5f42b72c32be4d83c4ff61987acd1b1f0cebe281806af8ad4b6e7041431bcb8a93cf0f44826821b0bb9c053468b4d8d034c084ba1c8dfcad9fac6ec379da5425492dc6f7791b1b25d50bd9a930ead9e4faf5b557eebe4461320476a7ae12b0dcc9d171f6d2737b824db7259e62915779dc5e8a08bc69c0c68784202aa3462bdff06af76bdf9f106dd6228211534c4433717947dfaca4b7b61a21d706217e3718b5ccac40c3c4692bd59f222d0c2e98af1ff1919256d7b0540ed69b11f212a9598c7499ba634d1677ecf17517e207d40baed5aa0e25b7e70b6b16f6d6f0c36a146db0644ababd31bc50f5039b3bc4f12b603da2675e121b09fe92c69548dfb9df18d0e50c1387280b7bb1366bf5bbabfcef5557a05ce24df1a02f22f791e06c5e3e21e5fd6db7f2c90ffb83b154b0fd9866c46609dc10b274954caf80e83693f5581f23fd765a18aa4e294bbf7a8721015ea6a6e1ba64f79f6609924d43757fd0752024af79e296415b42de3428f14d9d89f84c2e076a0821cc8921fff677ec7b91178bcbd755ece28477a6bd01fd429d824ddfb62edcdab7c4495edc5a3d27826ea4bddaeacfa7cb17632cee0095ca55d3973812033d96ec5e5ed6880b3a998b4998fb7441e11dd060515bdbfd5aa32aac6ae1fceb8e92d7e8985949946a458ca2f69637de6b92410986f8fa5ba4b1598d8383fdbff2e004dee71500302e3e9270371b39237260bde0888702c7b2bcff69192bd381cfe59b197b9dbe5e2eee27b64c17e95a1dade453a6f29dc8bef1bdd34a92a5275972a2cb18f6f553f99c6098f50198b68cd35d2877d9cdd15074422b43b03170f23138dda44b62b5e161705405d2e9a007f8cc9ec7920d1a6e947ccc57b1a51a728fe1afcb84115fe48be15c894cce96391ab3cdc1bd9aa4cf58213c15d1a849c3f38c8ee34b208766129bbb493558c139f2bfc39df29fc73422127823fc9c993f20d9df9e0acaf0b1729437458e0a857ebfe4a373fd491952a475e9c391b7ee02b79554807c0f12293aa385a3c6b18bfbfc690a7aa9bc85d8adb705eac642ec8611ac62d09d2a6892cd671629d457c2191eb5940114113ed8cd4e8411d96200d3d66f947baa7915610c396402d38f109837d29c8e937fb6223a9d0d605a3d91312908fb5a7df36122c35f7e47855d526915c3a7cea432ca4524fcae3b5c6fbad196c1efef0d129d9b3f9d23104fc3c8a90dbcea0400311e51de50c5abb62fcbedf998ebc1cf23fd76bcc2aea2451f6d0d3b8fdd337ce8d24d7ce2a5b29318df58adb0006d4295c138b4b03060134802626e31a5da92b5a7a8677132523affbdc8d958b955eb4615370497429cd3767f2f708c2cadc233bc3e5efc8c837385749da08c6dd573e3b105ce459d659f790dcaf53c1d0b4d8e0c64b6bce15559e59e66b3b0b2695703e9bd5b1c5bb3c5b1028441391f8fbeadc032e890fe5e3be78569056d147a891f4bc85406e78f962b532eb436b0e047a7d3c88bb89455ffbf1da360207af5d827e9fbbedd8393a828a92382329ff444d9a8128c40e302453550426de4babcdee45108e79533b9747fd21b8f775a76e1d4d54a8a98a65ee3c183be34172877c26e600c89949ced85004d69c24d4fee6f87d2ff24900d41577c78dfbff698d438c0e26ebe15d7b75b49a5b2a5c627da3b13f6458aeff3f0a1944a339b4be5e13d58a71928bb77053beaf7b68568205b62f5a4a9b3c0fef441ede90f012047b0cf2228481fab85d94219ce9f417e4e2b6018b319270a6b6f0de93d0147842f582bd4e41f00720626be2b2f9116875ea4f92e380bcfc33058505ee0336e10c71a5abf6f32c72fe68c68c166454db8e101b3a271f04e4dda8947743e0ac408c73cff69c10e7c015c6b078bab0a1c7aab14a26df087b2b4c859e684aebadff5033d1ebd6c6589a27ac75a075e6ef801f5dece0dbd1e477bb70d2b8553a88b13e304e00735e183feab89edf469cb90c0a5bbf778809a9996f4e72b16417672cd97bdd1c0baa64ea2d782aea9d58ea357b54d06f316076b5c413417061b3c7485b534fcc8bf25d2adf043b47a3d47f0755fe6225bba7569fe672d3507c8e15f7139ef7f606c616c52733413befb248eee53c4a9a16f952ac56e18e221626c4f51eb90c1314167c9677a7eb7004b9b42fd6ec21dd38d5b9032c441166be3f8e9dfed39fb0e654ca3126003decf8e50bf8ace994e16fdbe3f53a36a11ed6f06d1bb8e54f574a83035eba379f2453f2346d11414cafbde87cb5d66b650a5e25ebaced402188c1b4b941e788e1af908fff3ef84c1dadef0550687f0b6aeef6063dc1c8c8efe09d611253efb4d288ea407ef3c043aacc3dfc19a18449b38fb97d9fc0bb67de3e1744f782d3a9d1fc449c3a902b1ec8789e336f731a51cc7fefc43736e04942167fbfdac9f15c5b3f921aaa3df0c9709c21339ce890cd4054828615f18fd12548258440a06dbec3d72719b3e9f5f9967525f90f16993cab09c9eab2b27b29c959c002dbb028cc96297d40822772c16b4b786cc57cd581c02f143d6e728eeac1ab4eca6170748002c0e2269611a2b402f9fa8190d9216b1e1b7de8f81074b8dbb665f0d69c52cf573d07ca0752fd6fe7da88dcf4a915ab1533f5686b766393fe9bf1aeef9d17414d1803708e61973dd205097eb1ed466c8dcfb2c7710caf9df713a11c774fd0469880534ae2ccd1e40216ffa145f0fc832b166896810a678f3a47dd24bc2e6835c16e405a444971068dbd47926f430871121be8f19c8ac4fd0a9e3ff7cd961f90f24265de455694cc291de76437953ac314b1791acbe96d3fcae4fa397287a02eac86f13c931f4d4f49ad52cf1db0efdf7027ee8e468d64d316a2208ae33d8fc3274861b41f2e064c99fbba37b7a0c46a3df8dc4589de7ac28df63ed697a48011c863049345c371f10f7d53a56947e348d07e4ff71eaaaf9aaa09bf1147b80d62a60dcec6d7dd4cbf52f2b0b89d2c7de1f16d63ccc0260b0982fcf105736b50001c19eda998426284713670aab21ce128a80b57920d8c3436edb859d4afd7ed835985b5bec01df5447e66ee8511b28671646e71c0669ab2203c4c9a020000279ba87f089d04924cb33ff82f59da9399ce3f20932c073289938e4e7101d357cce920a2aae72f94d6e1aaf9a3905f4da18a7ee849a39f0d1e83adc67ffab826490d4bfff1f80e8c2c180b08e013daf6d054be660390fc4f872b8d60f14951f05ac0dcb4c4281f71ac2d4cb4d68ffdfe8f5c43160d99ea0077486219bb9400a8fc1faacf12878379a7ea5eae2adbbe2871c1664bea1985d594963935019446d605a61ff79802e114a34610d002cf27e0f4b96c6ff880785307161813f48b68c6f9130a6faee6f332e77755fb68b68248ec113030575b1c262c2430c000d11b269ce4e98a32eea3af403630e83aeaaed1420c9fd66eadcf34d6d1fbe457c5216481ddaf6b397912630999fbc5298eab15ab3cce9de7741367264a4e30a61ff7f1d5e7e64290218d9f6f5c9898cd23ee1ac35ab8d3691bf3df31cef54c161bdf3093390ad2322b6f71f22199ac68c5eab4aa7523b4957202751b675fe82c9d42432c92c2fec148da6e5514e9d5f2618d5a616cdbc4a560b3e36eb6cb8baca3251d8e819ea8f552f07ecca0664e7ef22a3a6c11d023eade70f1b872cf58e89c625f561e4858877e39d324dd448b041e4435b676ce0e86de9045e8b9e8305ae60cb7a41c01ce2318af7f9fa011d24aac2b2d31360ce7b437c46df5756d94d1005a0359b57534c49d1e8e173ba183666a19ff6e6c63388250985249eb40f0f981a2bc34e8196e9c468b1bf329c4ac9cf5f19e46734b1238f99f1e6d8c95ecca9cfafc15c756bb4780b675ec9781bfdb583bd91a7df33ed49daec1d65d14f26d7cfadb9e1de06e922939e924b034e4d128cd66a2f7a87c9399c622922e6e33af68c5115053f42c519a054e295b5f8e420630dc116bb2562ac87a6402e4635bd6c6b95943820f86acd5f48ac519b06f1b0bf1c7a70d69e84c95600e017a67e64536197447b810c21cf86a9d09c37aaf6cc39333b414844ce883cec0ffb23e36d5560e9ff6922a9237a6503c72346ebebf57e59c13e7320f670e1826c802b9cc674b55284ddb061e6e38b16c58532497709028ccc4c000604d4a72b3255170a217ac411ea68e64fb3b63653b985abc42bf21629775a05812ef159992320c3cb93805bbebb250e2f9f92b2c8795c388fea24de5e70d45f8ad1764a6e39a1d588191f77fd7bd0408252c784deef806464edc1b4d3de83df34f1b615e10ba20948ca9f28c4f435163e1f5a6fdd0bc8ef397c25b7d704e1ff1dca065022b99778c05ad39f806c3f7ae4278b768eac09b7d317ec5e07db3fc5579a29fb42658ba66c68afb3b8401b2e09c13bc0652309b26cfab2febc3e96a6da6341e6e860468aca74caf06bfc576124594c3f123d5e987319862b0700bd257cff3ea8abff23ebf1a62e575741db2902761578de5c72f4d37bf9186c2391dfff0fcdf2969df27ac0c34d3f07feb0d1887de871e96916add75c15ce2f795749ceadacca94df5808a1629ccd906b3776e7c2a9e94393243de87656432ec21be389731be9821fc035859fffd503f9c8279bd4a36f3be1e3ba0beecaaf6ee44203d8b76c4ca97da38f63fd07ed7812601ab9095a77d52397ecc31819b91d3c28f639bda94c46a5d527abe34bc579338a4db395c57dbeec31a37685ee8121284b63583e026783e47d58deaad78a17e9a946ae7a3db89d8d78d9f37ee5861de7ca92e7335dade99819ecfd63770413b17de97bf403a6d97e163f7eead7d8c182b77cc3d0e0f28f30839445ef751bcf4f21b5803a4e8754fd9a3addb2553ad1d81879addbdc2668e5f2e15926ed805ce7b4ae01be9677c322d59d619cfc806a4946f59010aac481e49d0a0b2ccd0fbd88abf07d4912a081c81633f4a6e0e68eceee686d58a43c45d3bec1046d3bb8d7fc727dda7cfe22af174219bc8e928ca15ff9ce2c707bcea190f8fdeb86a2dc99d7ca81b78efdb0062f1967bb66132164d227e149aa52f39af5e763705373c864323a5885dc6061b5a2ee5501d0b1aa465d93052f29d033a750b1b9cc85fddc0cf168ddc62fb2d1570458d246906fbb689bc8ee3864901eb43f96c19482a7ba7a52fe08b241a32aa9a2774359132b5e1905a08ba37244265070f6d69a428a5834f10d9ba45f476f9e88e856ac223d8cf6ff04894faa2590ecd0a3f6938d661d8aecf6223ae99c414962a86fdc1c2599cee39e9f0153a57ed809bd90023c8d688cc1aa7b5eec5fcd01d07d00100", 0x2000, &(0x7f0000006dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006600)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x2}, 0x7)
read$FUSE(r1, &(0x7f0000009080)={0x2020, 0x0, <r5=>0x0}, 0x2020)
r6 = syz_open_dev$vim2m(&(0x7f0000000280), 0x10002, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000000)={0xf0f042})
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x4, 0x401000, 0x3, 0x7, 0x9, 0x10, 0x0, 0x0, 0x10, 0x7}}, 0x50)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10, 0xfffffffffffffffe, r5}, 0x10)
syz_fuse_handle_req(r1, &(0x7f0000002380)="d37f438c8ff0a793bb0fd85e80a3add0f8f65f17e46f60227e8b09439e47ae441d91f7c50d52383be1a08cfa58969071ef9251774b2aa82db4b537beb0834e94c9f625097a9fd8ae5d86ccc28ae9a5fbf7a931329d6c0aa28650849abea29afd035f5eb12f8126d5b8c277c8c14f25965396c229226cf8b0c6da769454f1981c1b0a8180b80469005a03d24fee1d6f5543a43d7156a0da6f40f6e4344cdfe5f96f373459fabd8c1fb029f3cbb965f11e04c92468dc54884926996135312816573b5f052907705fb31ed724a8097b4eb9a547bd0a4f9c66421393b19fe59fbc07bc8c6319225509823784428ca5f20741130774b9090811966d1de850ef61c965ba07e2fe52380c4bee79f58db0931b3d0c06cfac96c9e8676eb0e10ddcecb47f17e8c4ea80d3f67a9e04f5edae06ec33863b9fb5edf40c87fbdc5a00936d260eb32c3df5a905d3041a54d0fade7b220027169911111af6142645e771ce84efdff5ef5f3fe5b1efdb67ba83dd9f94008f787ecee2ec9849c34a8699900b3151e799fb1704100f2075cf313f719efba77efdfdf5e37379232785af24729608cf1099a9eeb643813fe492fbd86788f43e231fe0a6f3f0bf302efeaffa32890b1e48818959d7d2aabb83f062e356a81605f55da96df097b11471c46947910bb3e5e40a5a5c92077231d68efaec50b848907d1e37e18d885f5bd95d939ade1852a5e2f516781e1868f0894c8c0872c84d9c80fcfe085ac88e2a8caf63b3444f6d5f63c4582e766f1fb06a204d7b8c266e29bb43e04f42dc241b0f6926ea4b0340f0b3ac232d92677f2ec099b17361d988b72311e5e93d6d93ca3bb711c5fb979684f67f6ba32901b8adb223fea467157c55e8d5540743af46d36e6670fe21254ed91e207044db3424d42a63d780f2269ca3417aeb73632fb93dd42b07eff0f5ed90707423066f834c2881ae5272af5b3c04c6b9cadb8b234d24c5341696960a23f242837d91d6751695e9f07577bb81aea171df43b27c44ca5b815e66f63848403320ffdf2926f500b16e7496b835ae7a09288847cbb232e2e271cd732e38309d41ffb55391dc4a157e0c02505f54430a70a9ac197f5573a0b11722aec13a9adea4d8e0022810ca28414964d40cbcbf9d2704aa82637e13d561c4fed2ed602be375e547a7fa7198e6a75293abb3903d0b8204ba21dd369a79159cdd810162c2a2ee722bf4e43b7679dfb8b4ac9e768fb3d391fc4f1839f2e91f1c62050b8154cafb6dd19a3f8716a5c072725c5dad281281605ac02632d041accf07bed8135f4cab566db7e01c6902be5728fb01cd6b17edb8870e3417897a604ec795c440334b1bf9b6180ac13d13298b80b8f4352b0bb36ac151607d6ebedae06f8a0582ecd3963a6df647c38c64402ab29ed79533efbe311df5c29d9f1928371e99094f3e7d8aa3d277fe0e3471c6746ca5dab72d6ec161e05b46829c7b437cbbfd82e8606153f23205f051002e23a17906056a50a0d402814df2bfc1de9906b2ab651770a482315e06146af144acf0beea22a5a9bc61931d293483d0f3bf04e62e89cce3e3ee781b3340f59f8a026228e6f3cab05f23ea71334eadcaa1068f1b67f1eee3ee1698e92bc68759a3534069de9132ef7d853f4e20dc1cac32b42a995da861ee19c52e8387528db1ff0245807a1fb19c1670bc3c56f44db0333d7568eef79964f00d6d242a3735cf372c844d6cfcd9bd8934f14dbd5cb907108190fb7ed919840429d4da052d95a242e93db7f07c2c1f8f141026e15a767cc9386b31a18ecc82c4603354236446e9c79ad6899049648b4244446dad02225c5837fb8b033ce4db1fb044df7131bc99316434f232b8049701d33235e581341c5bb08208703e4daa83c0d4e1ab73e8c0724d0e9d6be114927acd0b792ab9464dd3b67963ed235243ebbc16e6af057e984fffc2554582cdd6548d9a929a89b39650a12511ea208ea9553703ec994318d50cea6a632724b08b0af3c11a4ca9d95dba675112563fbd166463cde649917402548547d54cede66d711d805060beed06c79be0c682dde2548a899bb121926ac690ecf1220764874c37810abc3c64291fef538f8959ed50a4b9f6058b8c45735fc783f3ec592c022b066583950037fed74e12f0fc8f04db78cae682c706fdc3783a206167336ff9e4707ce741893beec04916626c4ed07db0a73bfa5d786e3f3585e4b7b37f3968f08f8971963fefa07b7311d4bef7b5a5d72d3c40297da80d995d866220e005713d69b5dec9a4481301e9aa6ba8a6bb1f911c1d9f827838edb81348231f3da450c1044c9c722d31a1fadccbbac0d82de32f2a46c0a083ec89e2baf21b2b1655702e7d58b950df5904f76f129d15c93f95550e3b52c72eb79a1e09aa253c35fce97977f881f61acc6268c2596b755f18d1c95be938b390565d780929c4c6ba4c8d417775facfffce5c0bcc1f075913f5477563d06b3583c3bdcc7330bd6d1a8bdcce29f8452668a9f2a613f21d5195ba1a1bf134e80be88ee8fdd994936b1b40a0f2e98723d8bc53aef7b5af884f5fccd3eaf2dda01278be0b26eccd63cf68278e06e59889b8b9327550b615df368d99bd6d19636477c4d592e365b0c8c43a23d434ec3d622184f325d6d1c8b704aeac87359d9c09012deb32db9bc034fbf10b4662d6618b4d849a9546f00ed3265c22807072482b0ea4eacad35e10bded78ddc4e4025c7ba521b709e4923cfa8b6964fff4ef513965c4c71a77447daf08f7ddd10f2319b57c8075046ed4820e135f883fd4358edf30fc9965b16885aeb0f82cef2556f67bd33c44edad1a2e3bafe648f5e3797a62931218a468f637832f7ec481526824ebb8de5c207733c54313add8a24131f6de8eb8ddab462b5ac7693f7b278b38728449c9d595af99ba5b1548fd942b7b8538456a261a3ee3a7d18fb3e6180b6cfc9adc76a1defa797b57bcbcb9cb47fdeb2316fd2d913dd4aa0239638fc5c3d29df965aec2ade1f556ad58c9159c9f1b6e05691f476c5ff73230eb74a891f7b285de923d1cab7cf1fe2c82cc6ebcee9dd0be04bbc4d01b2ba8c2525fc4120ffae3df6bfe44663ee532ceb5a21db4f2204386f84e2f51666af55cda90dba169a9cd1adeadd7c90322af2656c3166fee2dc39b2db56e2e18b6f7a24bb7b0494320d2000d629e93427d224587dedb5c196b1796fec0c526a8a0355951045677733b33cb42ec170f137b934c4c6e141a8f8ebbeb1970797a29225901780f96521939b2edf85b1a456e9f97d02782104583757126159f264d9ed95e801561d63f0ca075543813c732e75deb01e585fb5b7bdbd7311d9f346e512b36e972489988f53f42118bbfefd3a52ff1fb97f47eaab7f8baa8e1f397bf877588c1c898690885273e47c1bdce3f220f80828fb7489283d5529756514842974a55cd95aa5a75a18627897836311486300bde4fec1c312c735e5ba3419028cbeeaef709d97752a12f83650aec7305232f22f90b8718113f06b3cf48cae0b365c456aa17610a78454fb81020c84ab51e27891dfe6e3820bb8c4ce0a5f72c72f2523b10be64a3c05f76e7bcb7b6c9aab9e49bc0c2b6044b66c475988f0a078f53912a9c442a40243da943376c8f75e74eac306c61004f6a88a818e3e992c0ccadf44e48c95472359c79f04462598dd467cc140e665e57b9b98702096750b82f291ee11b80a9064dc4a0c790107ac0aca2166e4a964aeadab9ec1ed1ca686b36ff00f75a3a131c09e3297d0471b689475941d09e09c62d94840a6083b1e8d80c22c9e10f3575cf53fe80702e0ef82f43bb13a1128a4f76a1728da93d86a5c86fe831334442deb1e003c96cc40a65ee721e219c06c01e75176d1035ec855258d3fc565f0d6eb31910c3c4e4450c65755ca563f0d877861df816160dbccce49865e0c6e9dc7cc281481b9f6bb8dee95d6a572421f1b2dc1995e0a3fde00ae6073015ae4176519e586ef434df534667d30ab103b7815f5a992e51004471ecdbbd8d9d464e7c24124a928b5aa925458825024ad03ad526a5b08ba1b30fef04288035749c266612bdd5caf4ed5245f67f5fccaabc6b2d8994c395dc7f8ce00089f4eacefb18e65a2d9d04136cd9172ce5aedad596d11fdd4b599f7f544f92a398042821b7c1e6ffdf053a35f95f9997791bbf6a0ecbc69531d14b2fd6b18dce4267816ef2fc135b24d76be1b59e35fd76796e9fd92dcb38c08968d9be724eb8a22575e7a7e2649f2a27fb3fac57f6aa53917ae27cd8efc4b6469de6155c3b9654a70ca7fa318682d1fbbf7e3e9f85f3fdf91f96eba538c899f3aebb79fa0ff96f122859061c2aca2a2fbac5640807cc7dec2a5f37a84cfe69af9775a703281d271a38ce08adcfe26ad3df7d0a1065393791dcb526634ceb5c33061fd83b4e1c72fa175585e0f839c9651002896fc7a6ced33919105de91d17083c8f6985e24ffd0fb35dd558af58cab9003e1fb7f87075704396ff677ae7a99725ac2c50c3a9edb15cce24de9a734f81f5187099b2ec316c6cf536c628445799bfc13803c6e94fa844de4b294b6f9b7f96ecf666c1088eee0997dc3d925e45fe9157ff86699e68ad786e973468de54ca6c9156c2e30541e97fb7b845ec2acdbfab05a03009de8260b444c48c0e64940a441d56446b33c698631f480dbcd6f8726e4c287c262bbb6de251c930e717797af777283e0575e8e1304af50cdc493f429dcbfa518e592550e980bf4516ff177a725c59ed0f8d9384bf9bbfe024560062eaf58bc6dd4ad29d71a39f02e00f6ca44ea68b9019387add513c767693d5535e46b3ff697aaeaeffe8e85b86ae877586fd706fbdcc492208c1b61556b80af1f80b018391a4d42e030d89e57c8c8c323c23805551954bcfeffb2c08f9043f24db22a9285f9edb6c66e1091b9dd8e51a228dac137df945491c53014a79b3e033305b1678d7664afc79bd04b0c397c0fb4a12fe3116b24e4d42830e3fb611b337f449c1e0e9667b09690b37789e45cc3007f4a56539c782fa41cbc30f8b213f36e03a1bcee413ae9b4706561c5c68e0ad645423eb5e799ca52a0cbb7e9468a7a0e253b5ea76f6a79a5dc9d72d5aab07703a814922f1fbe1eba0336659ae0acc46b46088b895846435a02bbacd4663f652c0e1289411bada43f1335d48d8ca7a021a60c8a19a8a894aa3375758a140bd040e24aabb0736f79ad95f2090a78418360cfba57398dbf3645bd6c964e53923ded0751512e8cadb650ab833ec3167e8bf385bfbbba46e0845e745810d0133cea434ddab18ef066caea680f16604baf0ee56b1f631f5ccf754fc79285af9d17d99346f7bcd7048dcbb3f0fbd6c2aaa415821f73e4ef5c09fffa911a7ecda2961342d0db95a92d597e8755e41fda1e39c65efc82ca82b22172b3e2017ec5bfbbdbecccc318190eca29ca4dfe393afbbaede3fbc53aa54fde14a1d98a3f0e673bd710d73a978cd7b37901915811c1a8478c61c4021792bd07d42a0e4f7f367139fd78ad1b6cc23c94bfc98bf73c8891c5c69c00c0aa4ba3d76472543fd8d2fef44f4fa928906a60f726a7aed2c6435ea80ffa1d91efc4a605b48845a1e66a7a79c92a869549383256e7724f796aa893c3a86c8c501dcef329d79d7ad5836cd41d48d0ddee68cd5dce8e59724bcf7a0d6872deae7dd15939db46b978fdb77158c3076ecc720b3fe3fefff15b28f7f1304c375a435f20c714576dfc8c9f53af9b6dd7d7ba14d8fe4408f8ffbd61aa0f1194e3c57d63519f96e42fdc97e7adfd686fdbef39bdca9a2716b337e406a909f3b2eed19e24408e8dbe91b5aa98fa62b6fb6f9f13dee6a5da24b24cd2cd859029aabb2bace5492de4985a19c508d2062e6b580bac1a55a41aecabf0d63f48315a6497f11a5a09bdfd1649203eedcd03069cac0bde4f7691e57e2a054e1c192f6d78f2647af7cfffc4daad033521b87103c5bbb81eafb0ff72c4cfc7beab3cd7074ed50f23021e917e85a0ea2dec4dd0d7f8efa68f15a1296ca768fac34f630014743eeeed57f80165e268c1cef7d5d385edb955195a3e44b8b388dcab72083fc2dc23d71913bb98ef2a34ad6df1675b936e294ebba47dbd74daa8098fcb627a1e17616d8775cf1fdec8676d57ce31bd4bfbe821a03ef251f651ce97dbae57f99c6755470e9cdd17699c568ada69a64621dd5625d95b0b550c596292b1816b9516cc7d8f02f8be32afda1f4357419b28363ced9bf7429e7687531fb00de4d2e03fe4ca448e66ad17c58d909df244f4f7ed265164b42273187816e0872e6818b8bdf48097d108f4c67ffa10038f7d2a705b4489c9af1284a7b34dec3e5b56f350c880277fca26427e0746eece173de1ae1104b7822a9fd45b262e5f3ce16a64dfa69e84f077296144f0c119bd2aac2251f463b3e8177dc259088c8a1794953b248b95e7c6e6f91ed45a7d3bce7e91ec72b98c06ba6c625bfdefc69c7416d89a0b1f3bcab5aed96370d74c6812ef0338368756f83f4be0331cde6d11d9a917483f25beda96af71882c3d4d1b3785932fa0bc93d611c919dcb116699db1a3d26ad6826937a984fa121fac7a45ff220520f702ee942793dbf7023b98c9cca4f150bccd29f26aff58e2255aa73fb7a7abd24b501bd403f24900d42e88c57494ab5ef8bacc07ff9904b100d709cc9b1018cacfa42d839476b7aeceeb2236e2c1151d441b167036bef84069401d67a1473d5d11cc109bd39a1fca5d5aa347c4fd5f6f3c12a8f5d1ec344dc1717f5e8e1aae6d7b7c42aa633ffdcb46c32ac667d933cb9fdaf6d83eefe77d8733a59fcf394d063efa474df67697f881991a34fa79bb78f3b19e9b29cc7b03ca7390b0ca6064a961f3fed249db4ff2c01840373b6242034cbac645d59743f1a90f372ee0c17efade2cef03e3f0edc640dfb629c6b98dc2f28ce06aff3574a2cbdb4b06fba31b2dfe34bba7e34e02a786fa4473d5ba847f4f1e644c1bad62ebd5ca9306219ad6beacb8a54ba299e1bad887293f1b65ff956ea2a562e290df607a608503afee3ae180d600f1d14a9459cd5a399c7e2c7bbde19c11ac869d34ea5e990a759e346c3d538108a277894d6ec7bc6fcd65862a2d9d0696551a4a37379feafb313a09f2575c52641db9f46f4cc5e851f67ce633572b6ffcea7b7c24b44b40d32e55e4f3b426e464c07741648f30d51fe3eb162cadcecf21b7182cc915ffd887e85c385b5989f87910c5c990d639f8d2cd9234c534400088ef49733c94f39131fd51d784a407a07eae6d5359acfa35994ec3760ca3866404a5faed0fb210ce1b849868a6007c8e839ac7518172928277bf2dc43d163d2a0f6146cca1738ec3526762e8e2caf69606a3980bd08fba42ec7cbf48d315e45b834bfb14221de8259250c4ae9590520288c73bfc7d8076d3fe46b772491173ea0daa76cb5cb40637a038ce734d72c0c020494062843715e762d71a8f8518fa7d837391c06b62c96efc17651158657db8ea9a57634b0b5628b06fd5d568fb02185a63a6beb56013cfb4fd1695b102fb58f39161232af39f6d87c5ff6af247df3d549b7f6f81cddf4e3cb12b18634e69df5af55127f72670a3104ce5aba7877c32ee4b0cfa076247a95750e830a240b092baec2f473e83581e5799d69593247f0e78ad8e44c0e0d09fc55888107c4badcdb20b2c82d5915b3b03060e53d199b20b29ad6742655bf62343421f826daf1a3c0c493c96bf719bdf0a8dc9a4fc3f75bcebec3aebfd898ef161cd4e2e33a142c36f673cd8da72edae4f691a4271881d326d77fca0af396bc1eaf9e9d2a047562f91f0e87972e3ae5abb75e352f28c81351c4be6a34e5a01b8ed8461f14e21d1afc9260d838b43e9e2ae078d64b6c718232bcd2b26d3c57beb3c605e00c6f9c1031a3bae4b1872ba5d6c23199253929f1cf57a2e961d798ca9d315fa6b9855c8e7efcc24ccde498a3f1ba23755360044f024753f886f97016bd45a56d802f3e9e040a84f6c46cd5aa99fd4471b97cdb0bd8d265853fb79c42b4cad7eda49ca08d3cefffee2d3f1b5f083a06ea4be4b0acf84ca27e5a8d579d3135f3e59bd5b823b2bef7708189f54c8f0d576e4c6bdbf932b55bc792bb302cddc5c555e4903eff45b493f9498f7bf184035335ad1ba1547795a443c9afb30f932e7d1b042fe1690cd34d98e2331cbe38108be26f8ed615590e8bd99fd01b700b21e6ed61de92297d8b447c723089cee359ccd4517328d54ebc43a3f9173698c4362a6130508c9a0ea57b9a8a74a997a21e3e2a7223ad3debd80f70aff2eba5a862aa667052462bf6635eca2dd3350ef70fda58f8492d34c5b819c802f97b8765680c39fcab3b92f8a8be88a93b5bfc1dbba3fbfd3051c4443e766f4cc6a9d0f96b66a081e9316a44efe5973479ae74bf13c18711218f75d7f4e6f70b0a34ff2a1aec8d1e3181a65b4d5f21f0c19789a2ff90ae5e1298e707628e97e6a5048ac29d916193577506a7f5a9cfb0c73d16a67a2e1f872c8026891e98df07579877460c845bf967f87d75295ed29ddf626340f313bb35a04f9304e34773eda19650f25a08b2bd603297d9edd7f7d1b88d0b18e7bc35b0593961e7403a03550a20a0eab83cb00e659f5fccc189d14b28f11b8f55db517ab124b3718e70868d2131c74640bc682ee785a75cf960a79fead7965d0798d98e386598efb5ce92b0ceeec4e63e2eee3a15642ac72691517c4197a667de3e57a56e2d6e4ecb5a2bc401f90ec2239baf6a9a418267fe2228f7776c7f932a048cd9aada01c2e6d9466ecc434ba61eb97a0d6eb00e719940b3dca3ae25b94e9040ee238184eeaf46e51b61d855ce476d10dd9cb09df18c585304bc4f9e88060e4bdd6e624dd90d7ae8874c0af1e17e67d3bb27babd15880cc61f22b6a0b24df6d03faa13f0c918a7b960f47d939934d9ae90edc40251fb53c9fde3ee255e49c8541d995a644d35b46ab202e56ad1de3da1c5ee587f167b398392d0fba4a43eedeaccb0ba16f571055381fe3885490c71e0805b1b3186bf2652b9a9df69d8d1232cf704fddfb5e7d3ff78ba5ae3b843f4f9b82161e223343240c33a9cd21eb312806163ebb2e60bc98b68b3d95bdd923f6ea831083c13ca65e4a06e999b2d014d0ed218d72c5b776fd21ae21d14e23e9074de20d6d16520b1061aa4db3b5b8077b1c43aa375c68a6243ad582a148dc6878ceb2ab6792cac38ef21765df51171436a412f60f5dc68fba51aae8c4909efa690340fd8a63cbfa4af6235c1c904a20578f54b9c91b1fb8017d05321e0bb9eda1502c1506f3d2939977af87d1f9329e237c129d5cb65e093396f016eb0c2f0aa5cab92a00259f6056532ef188be500fec4cd4614e29daf5b41da2b4742b02999e651c42d2f405344a232e36278785dc7a681d0ee2014ce3214f44ff9d2c3e083e18c299cd7cc8ddea4b805c673cb7479a553f28349235d37874ae3da878a5b6321e501c2b77470dd15b35ace69b1b8e3ba20cce47acb8350f206d136dfdcea697bf558bf3426bb1e0ebcf2797a1c7a181fad43b8c68633b361d40868c279896eb1c628656a9b57dcde8444ff92f2cc1d2dfa1998054487d8fcf11b852019ac21ae0582b1c8f4ff90f31d862e20740d7b803b0f109a8d1506137ca58167e8be1d13e6a5590e2bf2af5cbb7e79db2f4cdec83983463e1e830f54f8534e4c660039c0d372c7c757be3498f6be9ff6b6d13b88ca0ee07a0fd4df8cb13de0fa094cd3b9eb87032a6aaa757a6391ccf98fa7f9d99065b4f747e70ca497af77fbad520c589445d3401c67972ff7e274571b8c35a17ae78de90c81f791a69d70975208153f94ac7199c45de1ca5746887ec677452fd1a018b7287ac45e14ecdf1876229964153cfe6b39f1d50a9be63a0eb10016607ff338751cf9bb97c917d532be1174d0410e26dcfab873769b71db87758c0ad015b1db4b7565e244925ea0dc24313ac65f0355abcfa96c786b8ab7b32166bbf4c7ddae0d3f63d1aad63a9b105e05825aa012e075ba3e1c20b757e1dce75f6fe14e891a20988d365cb5e69206a1b7d8caf2effc73eb577330cb56495fbeaa6b7aef3467a32f53634e468208a8e55d626f98a2b51d39b48341c27306e59c0fc5c8058719b526eac245ce857288976abdfc9be1d4f220817f879c15cf0a258f89cd8269113821b0a1073165923748c6e8e0331ae9e7df11e62a80bf28559850cce385a98e0f48209ebcf69e8938a7605e96f4ffcf580b6c1df742766458763dc91b34035c12396b06ca5995b8feee35e1a3891cca0402fb9e739d8f8aa1a637b7c8c2c458493a323fbe5a76f866e2d9adf0d1d76950bc527a969f61c8519508eb5a93447d212e209c724aa16a949d8be1b14c8711d4c85e728e9d50b5b78b76242f9d59d866a86da0f129201a5b665611360ab3f4b678746cbba1b47884d2bfe4d3e38bf441fac354654c5077620cdf5870fda1fd5ca2bf4780d474a27cb660dd9d7ea83d423240c7ffe743dbefa3b922ac6d5f9544a7d5477dc44761a1d47633f67fe220f37630d678daeb62360b5f4f5d40493169f6554897c5d05c4909834fb2ef1494f8bbbf9e986761b931a26b0ab76b88d4f9b9bd9a024dc39819e0a139eefba8f617401811b4a7b97212aa82965e6008447979d19bfeacceedd48a24d65b8a1705d686fa8c44100d27dca9bc764b74345e1da71bfd9604e2f5bfdd28097f90e98f91ca81b08e827f7a3e742e6c019691afb612042a375985b01b94b3eb61a484fc2ece84f53ba5738273c80047663ec335d31f1ce43c6205a78fe7712626e8e6ff691b5bb9fe1a41909db60d8644d73936c4eb663bbfef030499c8c7d31f4eacae3cbf736a1eba6f85008139ba7eaf5f1ef8804f617e56c820c24f139b7036887f2ed2de32fd63574d0359ad4026e67c550b4ae960a2ce234a20e076da3f91a7ed60bd59a38e1acd7941a66bf3e755a431cead3f01600c6e47564167340f3f853efae37b036988bf4b30849d9dd5d0d09b1799bf9fadca76c497a1345018c8724065291bd8cc633e06359b72040a7673ffe5e86c240d043963bf2d76a0fbf50243a63d45d7f3358e1b9d1f3cbffd7e60429afee778f305e7d8f07c3e49a104f3a4e92118ce84cd11839f507656757d6e89ff296cf792ca2f1429aa80c8092b970d6f065eda3fb25b6b8a699561f8fe5236bbbc96f15860e29326a5a2671a88545a65e587d986615998a124a97820a65f81779b3101086e6f261177a66858d788c5c66521408a9e70238719614aa6232a3ef7a33e99d3b1dcdc20c33e8124b1dabe50ce9e4eadf34685560039e7d7e08f038f2004da7703bc4a30a28409719092e6640e743ee8a4e75dea106314a26ed5cae5d02bf9c8b0e96020a6b7941db7f0c311476f377a992caccff7f1919062f9db36ba72b29e9dc0880fb8eb24f41e0a6cbaa487058c6fbe6b062b372e0b84c9fcfd64d84724b6cda7fb3f582abaa6757782b20f9c1fad78f98273129caaa9496c1dbbbd167b52bae60dc327d1e18d82450ff9b6b108a0f20cbee5", 0x2000, &(0x7f0000004b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000045c0)={0x78, 0x0, 0x10006, {0x8, 0x7, 0x0, {0x0, 0x8001, 0x1, 0x40000000000, 0x4, 0x100000000004, 0xe767, 0x8, 0x10000, 0x4000, 0xffffffff, r3, r4, 0x80000001}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = socket$isdn_base(0x22, 0x2, 0x10)
ioctl$IMGETVERSION(r7, 0x80044942, &(0x7f0000000040))

0s ago: executing program 1 (id=3398):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x300, 0x168, 0x1170, 0x1170, 0x0, 0x1170, 0x390, 0x1398, 0x1398, 0x390, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x88}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@inet=@multiport={{0x50}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x360)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = dup(r4)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="8200000000000000f1000040"])
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r6, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r7, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r7, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYBLOB="9309979318cea90f0fa80c9abe9a9a5b7ab27d8837e2b2be7f3cd5bb883be2a07eb3c7878f6df0100091949d46416cb849c67f59783dd556ed9c8083ea6b0994f1bfc321b75e07ea6322770d4a40eb42623aed7c265f200286df25e0f39a8e8f090bbf9313415dd1171f0aa7dc0546323e064bf44530fbbef48f3a89bee9d42309156f917dad4e8ab2de1028f6f717a3cb8d3399e3250fff6a01348646ef1ef9", @ANYBLOB=',rootmode=0000040000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESHEX, @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r8, {0x7, 0x29, 0x0, 0x809000}}, 0x50)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
ioctl$FIBMAP(r9, 0x401070cd, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.630954][ T6057] usb 6-1: config 0 has no interfaces?
[  659.633830][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.637103][ T6057] usb 6-1: config 0 has no interfaces?
[  659.640130][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.644102][ T6057] usb 6-1: config 0 has no interfaces?
[  659.648099][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.651968][ T6057] usb 6-1: config 0 has no interfaces?
[  659.655768][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.659470][ T6057] usb 6-1: config 0 has no interfaces?
[  659.663266][ T6057] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  659.666076][ T6057] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  659.669140][ T6057] usb 6-1: Product: syz
[  659.670902][ T6057] usb 6-1: Manufacturer: syz
[  659.673472][ T6057] usb 6-1: SerialNumber: syz
[  659.677461][ T6057] usb 6-1: config 0 descriptor??
[  659.941477][ T6111] usb 6-1: USB disconnect, device number 77
[  660.056101][ T5998] Bluetooth: hci2: command tx timeout
[  660.181135][ T6029] team0 (unregistering): Port device team_slave_1 removed
[  660.266524][ T6029] team0 (unregistering): Port device team_slave_0 removed
[  660.849674][   T40] audit: type=1400 audit(1751036870.142:866): avc:  denied  { unmount } for  pid=12439 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  660.883433][T14914] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  660.889279][T14914] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  660.893618][T14914] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  660.899456][T14914] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  660.961237][T14914] 8021q: adding VLAN 0 to HW filter on device bond0
[  660.967740][T15022] FAULT_INJECTION: forcing a failure.
[  660.967740][T15022] name failslab, interval 1, probability 0, space 0, times 0
[  660.971184][T14914] 8021q: adding VLAN 0 to HW filter on device team0
[  660.973394][T15022] CPU: 2 UID: 0 PID: 15022 Comm: syz.2.3092 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  660.973419][T15022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  660.973430][T15022] Call Trace:
[  660.973436][T15022]  <TASK>
[  660.973443][T15022]  dump_stack_lvl+0x16c/0x1f0
[  660.973471][T15022]  should_fail_ex+0x512/0x640
[  660.973493][T15022]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  660.973515][T15022]  should_failslab+0xc2/0x120
[  660.973539][T15022]  __kmalloc_cache_noprof+0x6a/0x3e0
[  660.973557][T15022]  ? mark_held_locks+0x49/0x80
[  660.973581][T15022]  ? ovs_ct_limit_cmd_set+0x30a/0xa90
[  660.973604][T15022]  ovs_ct_limit_cmd_set+0x30a/0xa90
[  660.973627][T15022]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  660.973647][T15022]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  660.973669][T15022]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  660.973695][T15022]  genl_family_rcv_msg_doit+0x206/0x2f0
[  660.973716][T15022]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  660.973745][T15022]  ? bpf_lsm_capable+0x9/0x10
[  660.973761][T15022]  ? security_capable+0x7e/0x260
[  660.973782][T15022]  ? ns_capable+0xd7/0x110
[  660.973802][T15022]  genl_rcv_msg+0x55c/0x800
[  660.973825][T15022]  ? __pfx_genl_rcv_msg+0x10/0x10
[  660.973845][T15022]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  660.973872][T15022]  netlink_rcv_skb+0x155/0x420
[  660.973889][T15022]  ? __pfx_genl_rcv_msg+0x10/0x10
[  660.973910][T15022]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  660.973937][T15022]  ? netlink_deliver_tap+0x1ae/0xd30
[  660.973968][T15022]  genl_rcv+0x28/0x40
[  660.973984][T15022]  netlink_unicast+0x53d/0x7f0
[  660.974004][T15022]  ? __pfx_netlink_unicast+0x10/0x10
[  660.974018][T15022]  ? __build_skb_around+0x278/0x3b0
[  660.974044][T15022]  netlink_sendmsg+0x8d1/0xdd0
[  660.974065][T15022]  ? __pfx_netlink_sendmsg+0x10/0x10
[  660.974092][T15022]  ____sys_sendmsg+0xa95/0xc70
[  660.974110][T15022]  ? copy_msghdr_from_user+0x10a/0x160
[  660.974133][T15022]  ? __pfx_____sys_sendmsg+0x10/0x10
[  660.974162][T15022]  ___sys_sendmsg+0x134/0x1d0
[  660.974192][T15022]  ? __pfx____sys_sendmsg+0x10/0x10
[  660.974213][T15022]  ? __lock_acquire+0x622/0x1c90
[  660.974269][T15022]  __sys_sendmsg+0x16d/0x220
[  660.974293][T15022]  ? __pfx___sys_sendmsg+0x10/0x10
[  660.974332][T15022]  do_syscall_64+0xcd/0x4c0
[  660.974359][T15022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.974376][T15022] RIP: 0033:0x7f21a5f8e929
[  660.974389][T15022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  660.974406][T15022] RSP: 002b:00007f21a6d94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  660.974422][T15022] RAX: ffffffffffffffda RBX: 00007f21a61b5fa0 RCX: 00007f21a5f8e929
[  660.974433][T15022] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000004
[  660.974443][T15022] RBP: 00007f21a6d94090 R08: 0000000000000000 R09: 0000000000000000
[  660.974453][T15022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  660.974463][T15022] R13: 0000000000000000 R14: 00007f21a61b5fa0 R15: 00007ffe2f04a958
[  660.974486][T15022]  </TASK>
[  661.090016][ T6063] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.092340][ T6063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  661.102930][ T6063] bridge0: port 2(bridge_slave_1) entered blocking state
[  661.105261][ T6063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  661.136341][T15030] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3096'.
[  661.236358][T14914] 8021q: adding VLAN 0 to HW filter on device batadv0
[  661.387342][T14914] veth0_vlan: entered promiscuous mode
[  661.410949][T14914] veth1_vlan: entered promiscuous mode
[  661.427070][T14914] veth0_macvtap: entered promiscuous mode
[  661.430984][T14914] veth1_macvtap: entered promiscuous mode
[  661.439402][T14914] batman_adv: batadv0: Interface activated: batadv_slave_0
[  661.452992][T14914] batman_adv: batadv0: Interface activated: batadv_slave_1
[  661.457681][T14914] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  661.460502][T14914] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  661.463991][T14914] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  661.467200][T14914] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  661.532289][ T6063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  661.538173][ T6063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  661.551920][T11121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  661.554593][T11121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  662.259784][ T6595] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0
[  662.271735][ T6595] hid-generic 0000:0000:0000.004C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  662.301021][T15059] FAULT_INJECTION: forcing a failure.
[  662.301021][T15059] name failslab, interval 1, probability 0, space 0, times 0
[  662.307222][T15059] CPU: 0 UID: 0 PID: 15059 Comm: syz.2.3101 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  662.307239][T15059] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  662.307246][T15059] Call Trace:
[  662.307250][T15059]  <TASK>
[  662.307254][T15059]  dump_stack_lvl+0x16c/0x1f0
[  662.307274][T15059]  should_fail_ex+0x512/0x640
[  662.307288][T15059]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  662.307305][T15059]  should_failslab+0xc2/0x120
[  662.307321][T15059]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  662.307334][T15059]  ? __kvm_mmu_topup_memory_cache+0x450/0x600
[  662.307349][T15059]  ? kvm_hv_setup_tsc_page+0x29a/0x8d0
[  662.307362][T15059]  ? __kvm_mmu_topup_memory_cache+0x18f/0x600
[  662.307380][T15059]  __kvm_mmu_topup_memory_cache+0x18f/0x600
[  662.307399][T15059]  mmu_topup_memory_caches+0x25/0x170
[  662.307418][T15059]  kvm_mmu_load+0xd9/0x22a0
[  662.307436][T15059]  ? kvm_apic_has_interrupt+0x106/0x1f0
[  662.307456][T15059]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  662.307475][T15059]  ? __pfx_kvm_guest_time_update+0x10/0x10
[  662.307486][T15059]  ? __pfx_kvm_mmu_load+0x10/0x10
[  662.307498][T15059]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  662.307514][T15059]  ? kvm_check_and_inject_events+0x71c/0x1310
[  662.307530][T15059]  vcpu_run+0x34eb/0x5500
[  662.307541][T15059]  ? kvm_mmu_post_init_vm+0x269/0x370
[  662.307556][T15059]  ? __lock_acquire+0xb8a/0x1c90
[  662.307577][T15059]  ? __pfx_vcpu_run+0x10/0x10
[  662.307591][T15059]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  662.307604][T15059]  ? __local_bh_enable_ip+0xa4/0x120
[  662.307620][T15059]  ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  662.307632][T15059]  kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  662.307649][T15059]  kvm_vcpu_ioctl+0x5eb/0x1690
[  662.307664][T15059]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  662.307687][T15059]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  662.307711][T15059]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  662.307739][T15059]  ? hook_file_ioctl_common+0x145/0x410
[  662.307773][T15059]  ? selinux_file_ioctl+0x180/0x270
[  662.307794][T15059]  ? selinux_file_ioctl+0xb4/0x270
[  662.307819][T15059]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  662.307836][T15059]  __x64_sys_ioctl+0x18b/0x210
[  662.307850][T15059]  do_syscall_64+0xcd/0x4c0
[  662.307868][T15059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.307879][T15059] RIP: 0033:0x7f21a5f8e929
[  662.307889][T15059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.307900][T15059] RSP: 002b:00007f21a6d94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  662.307911][T15059] RAX: ffffffffffffffda RBX: 00007f21a61b5fa0 RCX: 00007f21a5f8e929
[  662.307918][T15059] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  662.307924][T15059] RBP: 00007f21a6d94090 R08: 0000000000000000 R09: 0000000000000000
[  662.307931][T15059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  662.307937][T15059] R13: 0000000000000000 R14: 00007f21a61b5fa0 R15: 00007ffe2f04a958
[  662.307951][T15059]  </TASK>
[  662.626711][T15065] sp0: Synchronizing with TNC
[  662.692788][ T6030] usb 6-1: new full-speed USB device number 78 using dummy_hcd
[  662.864705][ T6030] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  662.868342][ T6030] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  662.871137][ T6030] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  662.875179][ T6030] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.879067][ T6030] usb 6-1: config 0 descriptor??
[  662.883446][ T6030] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  662.885899][ T6030] dvb-usb: bulk message failed: -22 (3/0)
[  662.889246][ T6030] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  662.893643][ T6030] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  662.896074][ T6030] usb 6-1: media controller created
[  662.898621][ T6030] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  662.904920][ T6030] dvb-usb: bulk message failed: -22 (6/0)
[  662.907091][ T6030] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  662.911583][ T6030] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input56
[  662.917086][ T6030] dvb-usb: schedule remote query interval to 150 msecs.
[  662.919335][ T6030] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  663.073176][ T6083] dvb-usb: bulk message failed: -22 (1/0)
[  663.075733][ T6083] dvb-usb: error while querying for an remote control event.
[  663.084253][ T6083] usb 6-1: USB disconnect, device number 78
[  663.100203][ T6083] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  663.340382][T15070] Driver unsupported XDP return value 0 on prog  (id 140) dev N/A, expect packet loss!
[  663.582772][ T6057] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[  663.668427][T11121] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.742761][ T6057] usb 7-1: Using ep0 maxpacket: 8
[  663.745775][ T6057] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  663.748720][ T6057] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  663.751630][ T6057] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  663.754661][ T6057] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  663.758562][ T6057] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  663.761305][ T6057] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.967356][ T6057] usb 7-1: usb_control_msg returned -32
[  663.969264][ T6057] usbtmc 7-1:16.0: can't read capabilities
[  664.343591][T15072] usbtmc 7-1:16.0: usb_control_msg returned -32
[  664.349261][ T6111] usb 7-1: USB disconnect, device number 60
[  664.860589][   T96] Bluetooth: hci2: Frame reassembly failed (-84)
[  664.899272][   T63] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  664.903922][   T63] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  664.908294][   T63] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  664.915826][   T63] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  664.919052][   T63] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  664.984046][T15088] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  665.022911][ T6057] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[  665.058215][T15083] chnl_net:caif_netlink_parms(): no params data found
[  665.104676][T15100] SET target dimension over the limit!
[  665.118251][T15083] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.120691][T15083] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.123555][T15083] bridge_slave_0: entered allmulticast mode
[  665.126827][T15083] bridge_slave_0: entered promiscuous mode
[  665.130512][T15083] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.133763][T15083] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.136048][T15083] bridge_slave_1: entered allmulticast mode
[  665.138954][T15083] bridge_slave_1: entered promiscuous mode
[  665.167967][T15083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  665.172496][T15083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  665.174333][ T6057] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  665.178353][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.181552][ T6057] usb 6-1: config 0 has no interfaces?
[  665.184417][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.188186][ T6057] usb 6-1: config 0 has no interfaces?
[  665.191405][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.195284][ T6057] usb 6-1: config 0 has no interfaces?
[  665.198150][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.201733][ T6057] usb 6-1: config 0 has no interfaces?
[  665.204520][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.207613][ T6057] usb 6-1: config 0 has no interfaces?
[  665.210123][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.213479][ T6057] usb 6-1: config 0 has no interfaces?
[  665.215903][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.219100][ T6057] usb 6-1: config 0 has no interfaces?
[  665.221216][T11121] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.221520][ T6057] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.227674][ T6057] usb 6-1: config 0 has no interfaces?
[  665.233535][T15083] team0: Port device team_slave_0 added
[  665.237809][T15083] team0: Port device team_slave_1 added
[  665.243181][ T6057] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  665.246030][ T6057] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  665.248696][ T6057] usb 6-1: Product: syz
[  665.250030][ T6057] usb 6-1: Manufacturer: syz
[  665.251515][ T6057] usb 6-1: SerialNumber: syz
[  665.255276][ T6057] usb 6-1: config 0 descriptor??
[  665.278605][T15083] batman_adv: batadv0: Adding interface: batadv_slave_0
[  665.280813][T15083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  665.290786][T15083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  665.303743][T11121] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.309586][T15083] batman_adv: batadv0: Adding interface: batadv_slave_1
[  665.311803][T15083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  665.319708][T15083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  665.357356][T15083] hsr_slave_0: entered promiscuous mode
[  665.359605][T15083] hsr_slave_1: entered promiscuous mode
[  665.361655][T15083] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  665.364153][T15083] Cannot create hsr debugfs directory
[  665.408999][T11121] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  665.459652][ T6057] usb 6-1: USB disconnect, device number 79
[  665.523795][T11121] bridge_slave_1: left allmulticast mode
[  665.525662][T11121] bridge_slave_1: left promiscuous mode
[  665.527553][T11121] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.531133][T11121] bridge_slave_0: left allmulticast mode
[  665.533143][T11121] bridge_slave_0: left promiscuous mode
[  665.534964][T11121] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.782387][T11121] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  665.786681][T11121] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  665.790381][T11121] bond0 (unregistering): Released all slaves
[  666.124234][T11121] hsr_slave_0: left promiscuous mode
[  666.126398][T11121] hsr_slave_1: left promiscuous mode
[  666.129386][T11121] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  666.132005][T11121] batman_adv: batadv0: Removing interface: batadv_slave_0
[  666.139207][T11121] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  666.141561][T11121] batman_adv: batadv0: Removing interface: batadv_slave_1
[  666.159711][T11121] veth1_macvtap: left promiscuous mode
[  666.161734][T11121] veth0_macvtap: left promiscuous mode
[  666.163729][T11121] veth1_vlan: left promiscuous mode
[  666.165526][T11121] veth0_vlan: left promiscuous mode
[  666.204740][ T6111] hid-generic 0000:0000:0000.004D: unknown main item tag 0x0
[  666.216726][ T6111] hid-generic 0000:0000:0000.004D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  666.642732][ T2300] usb 7-1: new full-speed USB device number 61 using dummy_hcd
[  666.821910][ T2300] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  666.825322][ T2300] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  666.828204][ T2300] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  666.831078][ T2300] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.839382][ T2300] usb 7-1: config 0 descriptor??
[  666.842627][ T2300] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  666.844774][ T2300] dvb-usb: bulk message failed: -22 (3/0)
[  666.857094][ T2300] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  666.861716][ T2300] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  666.864061][ T2300] usb 7-1: media controller created
[  666.866493][ T2300] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  666.877230][ T2300] dvb-usb: bulk message failed: -22 (6/0)
[  666.879516][ T2300] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  666.885994][T11121] team0 (unregistering): Port device team_slave_1 removed
[  666.887043][ T2300] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input57
[  666.899961][ T2300] dvb-usb: schedule remote query interval to 150 msecs.
[  666.911310][ T2300] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  666.943835][ T5998] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  666.943875][   T63] Bluetooth: hci2: command 0x1003 tx timeout
[  666.943917][ T5988] Bluetooth: hci3: command tx timeout
[  666.998908][T11121] team0 (unregistering): Port device team_slave_0 removed
[  667.045009][ T6083] usb 7-1: USB disconnect, device number 61
[  667.060887][ T6083] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  667.272167][   T40] audit: type=1400 audit(1751036876.562:867): avc:  denied  { accept } for  pid=15126 comm="syz.3.3121" laddr=172.20.20.67 lport=57906 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  667.691895][ T5998] Bluetooth: Frame is too long (len 12, expected len 4)
[  667.703087][T15130] IPVS: Unknown mcast interface: nicvf0
[  667.717732][T15132] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3123'.
[  667.742732][T15130] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3122'.
[  667.758730][T15083] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  667.772402][T15083] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  667.782261][T15083] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  667.790502][T15083] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  667.864093][T15144] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  667.905343][T15083] 8021q: adding VLAN 0 to HW filter on device bond0
[  667.916479][T15083] 8021q: adding VLAN 0 to HW filter on device team0
[  667.922616][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.925553][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  667.936187][ T6028] bridge0: port 2(bridge_slave_1) entered blocking state
[  667.938455][ T6028] bridge0: port 2(bridge_slave_1) entered forwarding state
[  668.069084][T15083] 8021q: adding VLAN 0 to HW filter on device batadv0
[  668.095867][T15160] fuse: Bad value for 'fd'
[  668.210016][T15083] veth0_vlan: entered promiscuous mode
[  668.215081][T15083] veth1_vlan: entered promiscuous mode
[  668.235360][T15083] veth0_macvtap: entered promiscuous mode
[  668.239308][T15083] veth1_macvtap: entered promiscuous mode
[  668.248620][T15083] batman_adv: batadv0: Interface activated: batadv_slave_0
[  668.254690][T15083] batman_adv: batadv0: Interface activated: batadv_slave_1
[  668.259491][T15083] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  668.262471][T15083] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  668.265977][T15083] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  668.268801][T15083] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  668.318627][ T6063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.321584][ T6063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.347793][ T6028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  668.350523][ T6028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  668.695342][ T6083] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0
[  668.701833][ T6083] hid-generic 0000:0000:0000.004E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  669.017936][T15174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3134'.
[  669.064276][T15177] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  669.112913][  T837] usb 7-1: new full-speed USB device number 62 using dummy_hcd
[  669.150542][T15182] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  669.172258][T15181] kvm: pic: non byte read
[  669.180842][T15181] kvm: pic: non byte read
[  669.278644][  T837] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  669.283124][  T837] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  669.286858][  T837] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  669.290484][  T837] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.295106][  T837] usb 7-1: config 0 descriptor??
[  669.300375][  T837] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  669.303379][  T837] dvb-usb: bulk message failed: -22 (3/0)
[  669.307639][  T837] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  669.310816][  T837] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  669.314387][  T837] usb 7-1: media controller created
[  669.317342][  T837] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  669.323956][  T837] dvb-usb: bulk message failed: -22 (6/0)
[  669.325807][  T837] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  669.336157][  T837] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input58
[  669.342163][  T837] dvb-usb: schedule remote query interval to 150 msecs.
[  669.346056][  T837] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  669.503605][T14848] usb 7-1: USB disconnect, device number 62
[  669.524481][T14848] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  669.588399][T15194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3141'.
[  669.591139][T15194] tipc: Enabling of bearer <eth:syz_tun> rejected, already enabled
[  669.594589][T15194] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3141'.
[  669.729463][T15196] vivid-000: =================  START STATUS  =================
[  669.732827][T15196] vivid-000: Test Pattern: 75% Colorbar
[  669.735131][T15196] vivid-000: Fill Percentage of Frame: 100
[  669.737550][T15196] vivid-000: Horizontal Movement: No Movement
[  669.739790][T15196] vivid-000: Vertical Movement: No Movement
[  669.741680][T15196] vivid-000: OSD Text Mode: All
[  669.743411][T15196] vivid-000: Show Border: false
[  669.745013][T15196] vivid-000: Show Square: false
[  669.746975][T15196] vivid-000: Sensor Flipped Horizontally: false
[  669.749068][T15196] vivid-000: Sensor Flipped Vertically: false
[  669.750991][T15196] vivid-000: Insert SAV Code in Image: false
[  669.753019][T15196] vivid-000: Insert EAV Code in Image: false
[  669.754916][T15196] vivid-000: Insert Video Guard Band: false
[  669.756798][T15196] vivid-000: Reduced Framerate: false
[  669.758628][T15196] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  669.761033][T15196] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  669.763600][T15196] vivid-000: Enable Capture Cropping: true
[  669.765469][T15196] vivid-000: Enable Capture Composing: true
[  669.767337][T15196] vivid-000: Enable Capture Scaler: false
[  669.769301][T15196] vivid-000: Timestamp Source: End of Frame
[  669.771801][T15196] vivid-000: Colorspace: Rec. 709
[  669.774040][T15196] vivid-000: Transfer Function: Default
[  669.776276][T15196] vivid-000: Y'CbCr Encoding: Default
[  669.777967][T15196] vivid-000: HSV Encoding: Hue 0-179
[  669.780141][T15196] vivid-000: Quantization: Default
[  669.782233][T15196] vivid-000: Apply Alpha To Red Only: false
[  669.784411][T15196] vivid-000: Standard Aspect Ratio: 4x3
[  669.786175][T15196] vivid-000: DV Timings Signal Mode: Current DV Timings
[  669.788344][T15196] vivid-000: DV Timings: 640x480p59 inactive
[  669.790322][T15196] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  669.793524][T15196] vivid-000: Maximum EDID Blocks: 2
[  669.795184][T15196] vivid-000: Limited RGB Range (16-235): true
[  669.797108][T15196] vivid-000: Rx RGB Quantization Range: RGB Full Range (0-255)
[  669.799482][T15196] vivid-000: Power Present: 0x00000001
[  669.801341][T15196] tpg source WxH: 1280x720 (Y'CbCr)
[  669.803066][T15196] tpg field: 1
[  669.804182][T15196] tpg crop: (0,0)/1280x16
[  669.805578][T15196] tpg compose: (0,0)/1280x16
[  669.807044][T15196] tpg colorspace: 5
[  669.808273][T15196] tpg transfer function: 0/1
[  669.809736][T15196] tpg Y'CbCr encoding: 0/1
[  669.811177][T15196] tpg quantization: 0/2
[  669.812978][T15196] tpg RGB range: 2/1
[  669.814253][T15196] vivid-000: ==================  END STATUS  ==================
[  670.419533][ T6063] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.714550][T15207] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  671.837770][   T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  671.841471][   T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  671.845497][   T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  671.849477][   T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  671.852225][   T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  671.934563][   T40] audit: type=1400 audit(1751036881.232:868): avc:  denied  { bind } for  pid=15227 comm="syz.1.3152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  671.941958][   T40] audit: type=1400 audit(1751036881.232:869): avc:  denied  { name_bind } for  pid=15227 comm="syz.1.3152" src=28326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  671.992191][T15218] chnl_net:caif_netlink_parms(): no params data found
[  672.092003][T15218] bridge0: port 1(bridge_slave_0) entered blocking state
[  672.095019][T15218] bridge0: port 1(bridge_slave_0) entered disabled state
[  672.097597][T15218] bridge_slave_0: entered allmulticast mode
[  672.100972][T15218] bridge_slave_0: entered promiscuous mode
[  672.104553][T15218] bridge0: port 2(bridge_slave_1) entered blocking state
[  672.107485][T15218] bridge0: port 2(bridge_slave_1) entered disabled state
[  672.110406][T15218] bridge_slave_1: entered allmulticast mode
[  672.114298][T15218] bridge_slave_1: entered promiscuous mode
[  672.162809][T15218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  672.169456][T15218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  672.209201][T15218] team0: Port device team_slave_0 added
[  672.221768][ T6063] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  672.229591][T15218] team0: Port device team_slave_1 added
[  672.263836][T15218] batman_adv: batadv0: Adding interface: batadv_slave_0
[  672.266025][T15218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.274619][T15218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  672.290451][ T6063] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  672.296173][T15218] batman_adv: batadv0: Adding interface: batadv_slave_1
[  672.298286][T15218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.307181][T15218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  672.347054][ T6083] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[  672.351784][ T6063] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  672.359515][T15218] hsr_slave_0: entered promiscuous mode
[  672.361769][T15218] hsr_slave_1: entered promiscuous mode
[  672.363948][T15218] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  672.366303][T15218] Cannot create hsr debugfs directory
[  672.488197][ T6063] bridge_slave_1: left allmulticast mode
[  672.490078][ T6063] bridge_slave_1: left promiscuous mode
[  672.491936][ T6063] bridge0: port 2(bridge_slave_1) entered disabled state
[  672.497058][ T6063] bridge_slave_0: left allmulticast mode
[  672.498918][ T6063] bridge_slave_0: left promiscuous mode
[  672.500774][ T6063] bridge0: port 1(bridge_slave_0) entered disabled state
[  672.522812][ T6083] usb 7-1: Using ep0 maxpacket: 16
[  672.525986][ T6083] usb 7-1: config 0 has no interfaces?
[  672.528530][ T6083] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  672.531483][ T6083] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  672.535071][ T6083] usb 7-1: SerialNumber: syz
[  672.538107][ T6083] usb 7-1: config 0 descriptor??
[  672.752237][ T6083] usb 7-1: USB disconnect, device number 63
[  672.769942][ T6063] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  672.774690][ T6063] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  672.778506][ T6063] bond0 (unregistering): Released all slaves
[  672.843638][  T838] tipc: Node number set to 43690
[  673.105486][T15244] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3156'.
[  673.144965][T15225] md2: using deprecated bitmap file support
[  673.147743][T15225] md2: error: bitmap file must be a regular file
[  673.161467][ T6063] hsr_slave_0: left promiscuous mode
[  673.165825][ T6063] hsr_slave_1: left promiscuous mode
[  673.168860][ T6063] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  673.172290][ T6063] batman_adv: batadv0: Removing interface: batadv_slave_0
[  673.176420][ T6063] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  673.179452][ T6063] batman_adv: batadv0: Removing interface: batadv_slave_1
[  673.212249][ T6063] veth1_macvtap: left promiscuous mode
[  673.214289][ T6063] veth0_macvtap: left promiscuous mode
[  673.216137][ T6063] veth1_vlan: left promiscuous mode
[  673.217883][ T6063] veth0_vlan: left promiscuous mode
[  673.891347][ T6063] team0 (unregistering): Port device team_slave_1 removed
[  673.892984][   T63] Bluetooth: hci2: command tx timeout
[  673.995944][ T6063] team0 (unregistering): Port device team_slave_0 removed
[  674.022752][ T6111] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[  674.182752][ T6111] usb 7-1: Using ep0 maxpacket: 8
[  674.188017][ T6111] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  674.190659][ T6111] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  674.193785][ T6111] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  674.196814][ T6111] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  674.200014][ T6111] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  674.204808][ T6111] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  674.207684][ T6111] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.415003][ T6111] usb 7-1: GET_CAPABILITIES returned 0
[  674.417374][ T6111] usbtmc 7-1:16.0: can't read capabilities
[  674.619290][T15218] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  674.624624][T15218] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  674.629889][T15218] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  674.635717][T15218] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  674.687382][T15218] 8021q: adding VLAN 0 to HW filter on device bond0
[  674.697334][T15218] 8021q: adding VLAN 0 to HW filter on device team0
[  674.702940][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  674.705319][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  674.712508][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  674.715131][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  674.855303][T15218] 8021q: adding VLAN 0 to HW filter on device batadv0
[  674.885646][ T6030] usb 7-1: USB disconnect, device number 64
[  675.020510][T15218] veth0_vlan: entered promiscuous mode
[  675.025753][T15218] veth1_vlan: entered promiscuous mode
[  675.046859][T15218] veth0_macvtap: entered promiscuous mode
[  675.052522][T15218] veth1_macvtap: entered promiscuous mode
[  675.065464][T15218] batman_adv: batadv0: Interface activated: batadv_slave_0
[  675.073905][T15218] batman_adv: batadv0: Interface activated: batadv_slave_1
[  675.079987][T15218] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  675.086142][T15218] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  675.089953][T15218] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  675.093758][T15218] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  675.163507][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.166867][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.175280][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.178514][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.247621][T15285] fuse: Bad value for 'fd'
[  675.854454][T15291] FAULT_INJECTION: forcing a failure.
[  675.854454][T15291] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.858512][T15291] CPU: 3 UID: 0 PID: 15291 Comm: syz.3.3167 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  675.858528][T15291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  675.858536][T15291] Call Trace:
[  675.858541][T15291]  <TASK>
[  675.858546][T15291]  dump_stack_lvl+0x16c/0x1f0
[  675.858583][T15291]  should_fail_ex+0x512/0x640
[  675.858605][T15291]  _copy_from_iter+0x29f/0x16f0
[  675.858624][T15291]  ? __pfx__copy_from_iter+0x10/0x10
[  675.858640][T15291]  ? _kstrtoull+0x145/0x200
[  675.858651][T15291]  ? __pfx__kstrtoull+0x10/0x10
[  675.858665][T15291]  tun_get_user+0x240/0x3b80
[  675.858688][T15291]  ? __pfx_tun_get_user+0x10/0x10
[  675.858703][T15291]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  675.858723][T15291]  ? find_held_lock+0x2b/0x80
[  675.858737][T15291]  ? tun_get+0x191/0x370
[  675.858755][T15291]  tun_chr_write_iter+0xdc/0x210
[  675.858772][T15291]  vfs_write+0x6c4/0x1150
[  675.858787][T15291]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  675.858805][T15291]  ? __pfx_vfs_write+0x10/0x10
[  675.858817][T15291]  ? find_held_lock+0x2b/0x80
[  675.858838][T15291]  ksys_write+0x12a/0x250
[  675.858852][T15291]  ? __pfx_ksys_write+0x10/0x10
[  675.858865][T15291]  ? fput+0x70/0xf0
[  675.858884][T15291]  do_syscall_64+0xcd/0x4c0
[  675.858902][T15291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.858913][T15291] RIP: 0033:0x7ff666b8e929
[  675.858923][T15291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.858933][T15291] RSP: 002b:00007ff667a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  675.858944][T15291] RAX: ffffffffffffffda RBX: 00007ff666db5fa0 RCX: 00007ff666b8e929
[  675.858951][T15291] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000004
[  675.858957][T15291] RBP: 00007ff667a07090 R08: 0000000000000000 R09: 0000000000000000
[  675.858963][T15291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.858970][T15291] R13: 0000000000000000 R14: 00007ff666db5fa0 R15: 00007ffd160322e8
[  675.858983][T15291]  </TASK>
[  676.012786][ T6057] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[  676.059602][T15293] loop6: detected capacity change from 0 to 524287999
[  676.069816][T15293] xt_l2tp: v2 tid > 0xffff: 150994944
[  676.172789][ T6057] usb 7-1: Using ep0 maxpacket: 16
[  676.176643][ T6057] usb 7-1: config 0 has no interfaces?
[  676.181242][ T6057] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  676.184367][ T6057] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  676.187179][ T6057] usb 7-1: SerialNumber: syz
[  676.195313][ T6057] usb 7-1: config 0 descriptor??
[  676.399726][ T6057] usb 7-1: USB disconnect, device number 65
[  676.677531][T15315] xt_connbytes: Forcing CT accounting to be enabled
[  676.702891][ T3231] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[  676.729902][T15314] block device autoloading is deprecated and will be removed.
[  676.782903][T15289] md2: using deprecated bitmap file support
[  676.785085][T15289] md2: error: bitmap file must be a regular file
[  676.884222][ T3231] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  676.887547][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.890693][ T3231] usb 6-1: config 0 has no interfaces?
[  676.893442][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.896595][ T3231] usb 6-1: config 0 has no interfaces?
[  676.899078][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.902236][ T3231] usb 6-1: config 0 has no interfaces?
[  676.906136][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.910099][ T3231] usb 6-1: config 0 has no interfaces?
[  676.912846][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.916304][ T3231] usb 6-1: config 0 has no interfaces?
[  676.919209][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.922364][ T3231] usb 6-1: config 0 has no interfaces?
[  676.925152][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.928405][ T3231] usb 6-1: config 0 has no interfaces?
[  676.931206][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.934865][ T3231] usb 6-1: config 0 has no interfaces?
[  676.938125][ T3231] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  676.941031][ T3231] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  676.943921][ T3231] usb 6-1: Product: syz
[  676.945278][ T3231] usb 6-1: Manufacturer: syz
[  676.946710][ T3231] usb 6-1: SerialNumber: syz
[  676.949592][ T3231] usb 6-1: config 0 descriptor??
[  677.154727][ T6024] usb 6-1: USB disconnect, device number 80
[  677.192174][   T46] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.621936][T15322] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3179'.
[  678.663541][T15325] FAULT_INJECTION: forcing a failure.
[  678.663541][T15325] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  678.668079][T15325] CPU: 1 UID: 0 PID: 15325 Comm: syz.2.3180 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  678.668094][T15325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  678.668102][T15325] Call Trace:
[  678.668106][T15325]  <TASK>
[  678.668115][T15325]  dump_stack_lvl+0x16c/0x1f0
[  678.668135][T15325]  should_fail_ex+0x512/0x640
[  678.668153][T15325]  should_fail_alloc_page+0xe7/0x130
[  678.668171][T15325]  prepare_alloc_pages+0x3c2/0x610
[  678.668184][T15325]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  678.668199][T15325]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  678.668215][T15325]  ? look_up_lock_class+0x59/0x150
[  678.668231][T15325]  ? register_lock_class+0x41/0x4c0
[  678.668248][T15325]  ? find_held_lock+0x2b/0x80
[  678.668261][T15325]  ? ima_match_policy+0x7ed/0x22d0
[  678.668272][T15325]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  678.668286][T15325]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  678.668309][T15325]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  678.668323][T15325]  ? policy_nodemask+0xea/0x4e0
[  678.668340][T15325]  alloc_pages_mpol+0x1fb/0x550
[  678.668356][T15325]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  678.668371][T15325]  ? do_raw_spin_lock+0x12c/0x2b0
[  678.668382][T15325]  ? find_held_lock+0x2b/0x80
[  678.668397][T15325]  alloc_pages_noprof+0x131/0x390
[  678.668413][T15325]  __pmd_alloc+0x3b/0x930
[  678.668423][T15325]  ? __pud_alloc+0x526/0x750
[  678.668433][T15325]  __handle_mm_fault+0xaac/0x5490
[  678.668450][T15325]  ? __pfx___handle_mm_fault+0x10/0x10
[  678.668461][T15325]  ? __pfx_mt_find+0x10/0x10
[  678.668485][T15325]  ? find_vma+0xbf/0x140
[  678.668501][T15325]  ? __pfx_find_vma+0x10/0x10
[  678.668518][T15325]  handle_mm_fault+0x589/0xd10
[  678.668531][T15325]  ? __pkru_allows_pkey+0x41/0xb0
[  678.668548][T15325]  do_user_addr_fault+0x7a6/0x1370
[  678.668565][T15325]  ? rcu_is_watching+0x12/0xc0
[  678.668580][T15325]  exc_page_fault+0x5c/0xb0
[  678.668596][T15325]  asm_exc_page_fault+0x26/0x30
[  678.668607][T15325] RIP: 0010:__put_user_4+0xd/0x20
[  678.668623][T15325] Code: 66 89 01 31 c9 0f 01 ca e9 d0 5a 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90
[  678.668633][T15325] RSP: 0018:ffffc90003267b38 EFLAGS: 00050206
[  678.668643][T15325] RAX: 0000000000000006 RBX: 0000000000000000 RCX: 00002000000000c0
[  678.668650][T15325] RDX: ffff888024694880 RSI: ffffffff8556a20f RDI: ffffffff8c157ee0
[  678.668656][T15325] RBP: dffffc0000000000 R08: f9f0d9a003d2eb8b R09: 0000000000000000
[  678.668663][T15325] R10: 0000000000000000 R11: 0000000000000001 R12: 00002000000000c0
[  678.668669][T15325] R13: 0000000000000006 R14: ffffffff8f2e0428 R15: 0000000000000006
[  678.668680][T15325]  ? vt_do_diacrit+0x5ef/0xa00
[  678.668700][T15325]  vt_do_diacrit+0x5fa/0xa00
[  678.668718][T15325]  vt_ioctl+0x505/0x30a0
[  678.668729][T15325]  ? lockdep_hardirqs_on+0x7c/0x110
[  678.668745][T15325]  ? __pfx_vt_ioctl+0x10/0x10
[  678.668760][T15325]  ? tomoyo_path_number_perm+0x18d/0x580
[  678.668776][T15325]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  678.668789][T15325]  ? do_vfs_ioctl+0x523/0x1a60
[  678.668801][T15325]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  678.668814][T15325]  ? tty_jobctrl_ioctl+0x152/0xe00
[  678.668827][T15325]  ? __pfx_vt_ioctl+0x10/0x10
[  678.668837][T15325]  tty_ioctl+0x661/0x1640
[  678.668853][T15325]  ? __pfx_tty_ioctl+0x10/0x10
[  678.668868][T15325]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  678.668889][T15325]  ? hook_file_ioctl_common+0x145/0x410
[  678.668910][T15325]  ? selinux_file_ioctl+0x180/0x270
[  678.668924][T15325]  ? selinux_file_ioctl+0xb4/0x270
[  678.668939][T15325]  ? __pfx_tty_ioctl+0x10/0x10
[  678.668955][T15325]  __x64_sys_ioctl+0x18b/0x210
[  678.668968][T15325]  do_syscall_64+0xcd/0x4c0
[  678.668985][T15325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.668995][T15325] RIP: 0033:0x7f21a5f8e929
[  678.669004][T15325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  678.669014][T15325] RSP: 002b:00007f21a6d94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  678.669024][T15325] RAX: ffffffffffffffda RBX: 00007f21a61b5fa0 RCX: 00007f21a5f8e929
[  678.669031][T15325] RDX: 00002000000000c0 RSI: 0000000000004b4a RDI: 0000000000000003
[  678.669037][T15325] RBP: 00007f21a6d94090 R08: 0000000000000000 R09: 0000000000000000
[  678.669044][T15325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  678.669050][T15325] R13: 0000000000000000 R14: 00007f21a61b5fa0 R15: 00007ffe2f04a958
[  678.669064][T15325]  </TASK>
[  678.706759][ T5998] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  678.825567][ T5998] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  678.836493][ T5998] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  678.841052][   T46] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.845726][ T5998] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  678.848568][ T5998] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  678.898969][T15333] netlink: 232 bytes leftover after parsing attributes in process `syz.2.3182'.
[  678.913689][   T46] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.988785][   T46] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.997663][T15327] chnl_net:caif_netlink_parms(): no params data found
[  679.079515][T15327] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.081893][T15327] bridge0: port 1(bridge_slave_0) entered disabled state
[  679.085134][T15327] bridge_slave_0: entered allmulticast mode
[  679.087778][T15327] bridge_slave_0: entered promiscuous mode
[  679.090844][T15327] bridge0: port 2(bridge_slave_1) entered blocking state
[  679.093360][T15327] bridge0: port 2(bridge_slave_1) entered disabled state
[  679.095757][T15327] bridge_slave_1: entered allmulticast mode
[  679.098391][T15327] bridge_slave_1: entered promiscuous mode
[  679.129110][T15327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  679.139311][T15327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  679.196108][T15327] team0: Port device team_slave_0 added
[  679.208536][T15327] team0: Port device team_slave_1 added
[  679.211308][   T46] bridge_slave_1: left allmulticast mode
[  679.214617][   T46] bridge_slave_1: left promiscuous mode
[  679.217127][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  679.222187][   T46] bridge_slave_0: left allmulticast mode
[  679.224942][   T46] bridge_slave_0: left promiscuous mode
[  679.226972][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  679.332920][ T6024] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[  679.498263][ T6024] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  679.502354][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  679.502778][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.508293][ T6024] usb 6-1: config 0 has no interfaces?
[  679.510900][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  679.511319][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.517098][ T6024] usb 6-1: config 0 has no interfaces?
[  679.518637][   T46] bond0 (unregistering): Released all slaves
[  679.519585][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.524096][ T6024] usb 6-1: config 0 has no interfaces?
[  679.533328][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.536502][ T6024] usb 6-1: config 0 has no interfaces?
[  679.539033][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.542158][ T6024] usb 6-1: config 0 has no interfaces?
[  679.544874][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.548125][ T6024] usb 6-1: config 0 has no interfaces?
[  679.550720][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.554580][ T6024] usb 6-1: config 0 has no interfaces?
[  679.565780][ T6024] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.569033][ T6024] usb 6-1: config 0 has no interfaces?
[  679.572347][ T6024] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  679.576192][ T6024] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  679.578815][ T6024] usb 6-1: Product: syz
[  679.580190][ T6024] usb 6-1: Manufacturer: syz
[  679.581654][ T6024] usb 6-1: SerialNumber: syz
[  679.586244][ T6024] usb 6-1: config 0 descriptor??
[  679.598919][T15327] batman_adv: batadv0: Adding interface: batadv_slave_0
[  679.601397][T15327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  679.611293][T15327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  679.615722][T15327] batman_adv: batadv0: Adding interface: batadv_slave_1
[  679.618090][T15327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  679.626534][T15327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  679.678571][T15327] hsr_slave_0: entered promiscuous mode
[  679.680983][T15327] hsr_slave_1: entered promiscuous mode
[  679.683153][T15327] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  679.685519][T15327] Cannot create hsr debugfs directory
[  679.793778][ T6024] usb 6-1: USB disconnect, device number 81
[  679.834669][   T46] hsr_slave_0: left promiscuous mode
[  679.836694][   T46] hsr_slave_1: left promiscuous mode
[  679.839226][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  679.841535][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  679.845191][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  679.847497][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  679.866966][   T46] veth1_macvtap: left promiscuous mode
[  679.868752][   T46] veth0_macvtap: left promiscuous mode
[  679.870965][   T46] veth1_vlan: left promiscuous mode
[  679.873290][   T46] veth0_vlan: left promiscuous mode
[  680.524413][T15369] FAULT_INJECTION: forcing a failure.
[  680.524413][T15369] name failslab, interval 1, probability 0, space 0, times 0
[  680.528429][T15369] CPU: 2 UID: 0 PID: 15369 Comm: syz.1.3195 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  680.528445][T15369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  680.528453][T15369] Call Trace:
[  680.528456][T15369]  <TASK>
[  680.528461][T15369]  dump_stack_lvl+0x16c/0x1f0
[  680.528481][T15369]  should_fail_ex+0x512/0x640
[  680.528496][T15369]  ? fs_reclaim_acquire+0xae/0x150
[  680.528508][T15369]  ? tomoyo_encode2+0x100/0x3e0
[  680.528522][T15369]  should_failslab+0xc2/0x120
[  680.528539][T15369]  __kmalloc_noprof+0xd2/0x510
[  680.528557][T15369]  tomoyo_encode2+0x100/0x3e0
[  680.528573][T15369]  tomoyo_encode+0x29/0x50
[  680.528587][T15369]  tomoyo_realpath_from_path+0x18f/0x6e0
[  680.528604][T15369]  ? tomoyo_profile+0x47/0x60
[  680.528622][T15369]  tomoyo_path_number_perm+0x245/0x580
[  680.528634][T15369]  ? tomoyo_path_number_perm+0x237/0x580
[  680.528648][T15369]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  680.528662][T15369]  ? find_held_lock+0x2b/0x80
[  680.528700][T15369]  ? find_held_lock+0x2b/0x80
[  680.528714][T15369]  ? hook_file_ioctl_common+0x145/0x410
[  680.528735][T15369]  ? __fget_files+0x20e/0x3c0
[  680.528753][T15369]  security_file_ioctl+0x9b/0x240
[  680.528769][T15369]  __x64_sys_ioctl+0xb7/0x210
[  680.528782][T15369]  do_syscall_64+0xcd/0x4c0
[  680.528799][T15369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.528810][T15369] RIP: 0033:0x7f8ddcb8e929
[  680.528819][T15369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.528830][T15369] RSP: 002b:00007f8ddd9b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  680.528841][T15369] RAX: ffffffffffffffda RBX: 00007f8ddcdb5fa0 RCX: 00007f8ddcb8e929
[  680.528848][T15369] RDX: 0000200000000040 RSI: 00000000000089e7 RDI: 0000000000000004
[  680.528855][T15369] RBP: 00007f8ddd9b1090 R08: 0000000000000000 R09: 0000000000000000
[  680.528855][   T46] team0 (unregistering): Port device team_slave_1 removed
[  680.528861][T15369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.528868][T15369] R13: 0000000000000000 R14: 00007f8ddcdb5fa0 R15: 00007fff82edeec8
[  680.528886][T15369]  </TASK>
[  680.528938][T15369] ERROR: Out of memory at tomoyo_realpath_from_path.
[  680.669453][   T46] team0 (unregistering): Port device team_slave_0 removed
[  680.943202][ T5998] Bluetooth: hci2: command tx timeout
[  681.277237][T15384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3201'.
[  681.377743][T15396] loop6: detected capacity change from 0 to 7
[  681.380777][ T5993] Dev loop6: unable to read RDB block 7
[  681.382580][ T5993]  loop6: unable to read partition table
[  681.384625][ T5993] loop6: partition table beyond EOD, truncated
[  681.388344][T15396] Dev loop6: unable to read RDB block 7
[  681.390720][T15396]  loop6: unable to read partition table
[  681.394326][T15396] loop6: partition table beyond EOD, truncated
[  681.399010][T15396] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  681.522862][ T3231] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[  681.545841][T15327] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  681.549890][T15327] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  681.553899][T15327] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  681.557897][T15327] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  681.598697][T15327] 8021q: adding VLAN 0 to HW filter on device bond0
[  681.608062][T15327] 8021q: adding VLAN 0 to HW filter on device team0
[  681.613142][ T6134] bridge0: port 1(bridge_slave_0) entered blocking state
[  681.615406][ T6134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  681.621080][ T6028] bridge0: port 2(bridge_slave_1) entered blocking state
[  681.623646][ T6028] bridge0: port 2(bridge_slave_1) entered forwarding state
[  681.694096][ T3231] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  681.698893][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.703621][ T3231] usb 6-1: config 0 has no interfaces?
[  681.707081][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.710876][ T3231] usb 6-1: config 0 has no interfaces?
[  681.715106][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.719292][ T3231] usb 6-1: config 0 has no interfaces?
[  681.722850][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.726998][ T3231] usb 6-1: config 0 has no interfaces?
[  681.730110][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.734749][ T3231] usb 6-1: config 0 has no interfaces?
[  681.738690][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.741875][ T3231] usb 6-1: config 0 has no interfaces?
[  681.744931][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.748193][ T3231] usb 6-1: config 0 has no interfaces?
[  681.750788][ T3231] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  681.755029][ T3231] usb 6-1: config 0 has no interfaces?
[  681.758505][ T3231] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  681.761322][ T3231] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  681.764102][ T3231] usb 6-1: Product: syz
[  681.765680][ T3231] usb 6-1: Manufacturer: syz
[  681.766348][T15327] 8021q: adding VLAN 0 to HW filter on device batadv0
[  681.767152][ T3231] usb 6-1: SerialNumber: syz
[  681.773393][ T3231] usb 6-1: config 0 descriptor??
[  681.903853][T15327] veth0_vlan: entered promiscuous mode
[  681.908637][T15327] veth1_vlan: entered promiscuous mode
[  681.925649][T15327] veth0_macvtap: entered promiscuous mode
[  681.930262][T15327] veth1_macvtap: entered promiscuous mode
[  681.941404][T15327] batman_adv: batadv0: Interface activated: batadv_slave_0
[  681.948660][T15327] batman_adv: batadv0: Interface activated: batadv_slave_1
[  681.953116][T15327] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  681.955821][T15327] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  681.958928][T15327] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  681.962328][T15327] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  681.979164][ T6030] usb 6-1: USB disconnect, device number 82
[  682.010362][ T6028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.016683][ T6028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.035442][ T6029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.038043][ T6029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.762868][ T6595] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[  682.922960][ T6595] usb 7-1: Using ep0 maxpacket: 16
[  682.926308][ T6595] usb 7-1: config 0 has no interfaces?
[  682.928860][ T6595] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  682.931880][ T6595] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  682.934629][ T6595] usb 7-1: SerialNumber: syz
[  682.937324][ T6595] usb 7-1: config 0 descriptor??
[  683.145619][ T6024] usb 7-1: USB disconnect, device number 66
[  683.884347][T15450] [U] 
[  683.886407][   T40] audit: type=1400 audit(1751036893.182:870): avc:  denied  { setopt } for  pid=15449 comm="syz.1.3220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  683.892630][   T40] audit: type=1400 audit(1751036893.182:871): avc:  denied  { getopt } for  pid=15449 comm="syz.1.3220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  684.166295][ T6029] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.504651][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  685.506702][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  685.678928][ T6029] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.730079][T15476] fuse: Bad value for 'fd'
[  685.748158][   T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  685.752545][   T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  685.756654][   T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  685.761189][   T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  685.764324][   T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  685.791870][ T6029] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.893010][T14848] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[  685.916121][ T6029] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.924833][T15477] chnl_net:caif_netlink_parms(): no params data found
[  685.991217][T15477] bridge0: port 1(bridge_slave_0) entered blocking state
[  685.993700][T15477] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.995980][T15477] bridge_slave_0: entered allmulticast mode
[  685.998587][T15477] bridge_slave_0: entered promiscuous mode
[  686.001743][T15477] bridge0: port 2(bridge_slave_1) entered blocking state
[  686.004282][T15477] bridge0: port 2(bridge_slave_1) entered disabled state
[  686.006565][T15477] bridge_slave_1: entered allmulticast mode
[  686.009167][T15477] bridge_slave_1: entered promiscuous mode
[  686.046830][T15477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  686.063611][T14848] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  686.064522][T15477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  686.066811][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.072903][T14848] usb 6-1: config 0 has no interfaces?
[  686.075447][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.078663][T14848] usb 6-1: config 0 has no interfaces?
[  686.081651][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.086086][T14848] usb 6-1: config 0 has no interfaces?
[  686.089289][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.093496][T14848] usb 6-1: config 0 has no interfaces?
[  686.096794][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.101031][T14848] usb 6-1: config 0 has no interfaces?
[  686.107261][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.110445][T15477] team0: Port device team_slave_0 added
[  686.111356][T14848] usb 6-1: config 0 has no interfaces?
[  686.112285][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.116821][T15477] team0: Port device team_slave_1 added
[  686.120086][T14848] usb 6-1: config 0 has no interfaces?
[  686.124834][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  686.129066][T14848] usb 6-1: config 0 has no interfaces?
[  686.133112][T14848] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  686.136071][T14848] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  686.138723][T14848] usb 6-1: Product: syz
[  686.140187][T14848] usb 6-1: Manufacturer: syz
[  686.141695][T14848] usb 6-1: SerialNumber: syz
[  686.145582][T14848] usb 6-1: config 0 descriptor??
[  686.173510][ T6029] bridge_slave_1: left allmulticast mode
[  686.175314][ T6029] bridge_slave_1: left promiscuous mode
[  686.177162][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state
[  686.181614][ T6029] bridge_slave_0: left allmulticast mode
[  686.184209][ T6029] bridge_slave_0: left promiscuous mode
[  686.186120][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state
[  686.350242][T14848] usb 6-1: USB disconnect, device number 83
[  686.462818][ T6029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  686.466849][ T6029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  686.470456][ T6029] bond0 (unregistering): Released all slaves
[  686.477799][T15477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  686.480065][T15477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.488785][T15477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  686.500688][T15477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  686.502998][T15477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.510974][T15477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  686.556239][T15477] hsr_slave_0: entered promiscuous mode
[  686.558589][T15477] hsr_slave_1: entered promiscuous mode
[  686.560724][T15477] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  686.563239][T15477] Cannot create hsr debugfs directory
[  686.713745][T15503] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3236'.
[  686.717103][T15503] FAULT_INJECTION: forcing a failure.
[  686.717103][T15503] name failslab, interval 1, probability 0, space 0, times 0
[  686.721181][T15503] CPU: 0 UID: 0 PID: 15503 Comm: syz.2.3236 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  686.721197][T15503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  686.721208][T15503] Call Trace:
[  686.721213][T15503]  <TASK>
[  686.721218][T15503]  dump_stack_lvl+0x16c/0x1f0
[  686.721237][T15503]  should_fail_ex+0x512/0x640
[  686.721251][T15503]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  686.721267][T15503]  should_failslab+0xc2/0x120
[  686.721282][T15503]  __kmalloc_cache_noprof+0x6a/0x3e0
[  686.721295][T15503]  ? __asan_memset+0x23/0x50
[  686.721305][T15503]  ? alloc_netdev_mqs+0xece/0x1570
[  686.721322][T15503]  ? __xdp_rxq_info_reg+0x14e/0x2d0
[  686.721334][T15503]  alloc_netdev_mqs+0xece/0x1570
[  686.721353][T15503]  rtnl_create_link+0xc08/0xf90
[  686.721371][T15503]  rtnl_newlink+0xb69/0x2000
[  686.721391][T15503]  ? __pfx_rtnl_newlink+0x10/0x10
[  686.721407][T15503]  ? find_held_lock+0x2b/0x80
[  686.721421][T15503]  ? avc_has_perm_noaudit+0x117/0x3b0
[  686.721434][T15503]  ? avc_has_perm_noaudit+0x149/0x3b0
[  686.721446][T15503]  ? cred_has_capability.isra.0+0x193/0x2f0
[  686.721472][T15503]  ? find_held_lock+0x2b/0x80
[  686.721484][T15503]  ? __pfx_rtnl_newlink+0x10/0x10
[  686.721499][T15503]  ? __pfx_rtnl_newlink+0x10/0x10
[  686.721514][T15503]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  686.721530][T15503]  ? __pfx_rtnl_newlink+0x10/0x10
[  686.721547][T15503]  rtnetlink_rcv_msg+0x95b/0xe90
[  686.721565][T15503]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  686.721584][T15503]  ? __lock_acquire+0x622/0x1c90
[  686.721603][T15503]  netlink_rcv_skb+0x155/0x420
[  686.721614][T15503]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  686.721631][T15503]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  686.721648][T15503]  ? netlink_deliver_tap+0x1ae/0xd30
[  686.721664][T15503]  ? is_vmalloc_addr+0x86/0xa0
[  686.721680][T15503]  netlink_unicast+0x53d/0x7f0
[  686.721693][T15503]  ? __pfx_netlink_unicast+0x10/0x10
[  686.721708][T15503]  netlink_sendmsg+0x8d1/0xdd0
[  686.721722][T15503]  ? __pfx_netlink_sendmsg+0x10/0x10
[  686.721738][T15503]  ____sys_sendmsg+0xa95/0xc70
[  686.721750][T15503]  ? copy_msghdr_from_user+0x10a/0x160
[  686.721765][T15503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  686.721783][T15503]  ___sys_sendmsg+0x134/0x1d0
[  686.721800][T15503]  ? __pfx____sys_sendmsg+0x10/0x10
[  686.721813][T15503]  ? __lock_acquire+0x622/0x1c90
[  686.721847][T15503]  __sys_sendmsg+0x16d/0x220
[  686.721862][T15503]  ? __pfx___sys_sendmsg+0x10/0x10
[  686.721887][T15503]  do_syscall_64+0xcd/0x4c0
[  686.721904][T15503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.721916][T15503] RIP: 0033:0x7f21a5f8e929
[  686.721926][T15503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  686.721936][T15503] RSP: 002b:00007f21a6d94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  686.721947][T15503] RAX: ffffffffffffffda RBX: 00007f21a61b5fa0 RCX: 00007f21a5f8e929
[  686.721956][T15503] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  686.721963][T15503] RBP: 00007f21a6d94090 R08: 0000000000000000 R09: 0000000000000000
[  686.721969][T15503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  686.721975][T15503] R13: 0000000000000000 R14: 00007f21a61b5fa0 R15: 00007ffe2f04a958
[  686.721989][T15503]  </TASK>
[  686.862298][T15506] fuse: Bad value for 'fd'
[  686.904245][ T6029] hsr_slave_0: left promiscuous mode
[  686.906495][ T6029] hsr_slave_1: left promiscuous mode
[  686.908482][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  686.910789][ T6029] batman_adv: batadv0: Removing interface: batadv_slave_0
[  686.913705][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  686.916467][ T6029] batman_adv: batadv0: Removing interface: batadv_slave_1
[  686.934543][ T6029] veth1_macvtap: left promiscuous mode
[  686.936454][ T6029] veth0_macvtap: left promiscuous mode
[  686.938250][ T6029] veth1_vlan: left promiscuous mode
[  686.939982][ T6029] veth0_vlan: left promiscuous mode
[  687.183016][T15520] overlay: Unknown parameter 'func'
[  687.588815][ T6029] team0 (unregistering): Port device team_slave_1 removed
[  687.663308][ T6029] team0 (unregistering): Port device team_slave_0 removed
[  687.823179][ T5998] Bluetooth: hci2: command tx timeout
[  688.201821][T15509] sch_tbf: burst 21990 is lower than device lo mtu (65550) !
[  688.474250][T15477] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  688.479618][T15477] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  688.483776][T15477] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  688.488008][T15477] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  688.527665][T15477] 8021q: adding VLAN 0 to HW filter on device bond0
[  688.538021][T15477] 8021q: adding VLAN 0 to HW filter on device team0
[  688.542985][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  688.545376][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  688.551284][ T6063] bridge0: port 2(bridge_slave_1) entered blocking state
[  688.554104][ T6063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  688.682776][ T6030] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[  688.703664][T15477] 8021q: adding VLAN 0 to HW filter on device batadv0
[  688.852964][ T6030] usb 6-1: Using ep0 maxpacket: 8
[  688.863331][ T6030] usb 6-1: config 1 interface 0 altsetting 224 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  688.868638][ T6030] usb 6-1: config 1 interface 0 has no altsetting 0
[  688.873635][ T6030] usb 6-1: New USB device found, idVendor=1b96, idProduct=0014, bcdDevice= 0.40
[  688.877305][ T6030] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.878795][T15477] veth0_vlan: entered promiscuous mode
[  688.880505][ T6030] usb 6-1: Product: syz
[  688.884874][ T6030] usb 6-1: Manufacturer: syz
[  688.886801][ T6030] usb 6-1: SerialNumber: syz
[  688.888476][T15477] veth1_vlan: entered promiscuous mode
[  688.919946][T15477] veth0_macvtap: entered promiscuous mode
[  688.925939][T15477] veth1_macvtap: entered promiscuous mode
[  688.938591][T15477] batman_adv: batadv0: Interface activated: batadv_slave_0
[  688.950142][T15477] batman_adv: batadv0: Interface activated: batadv_slave_1
[  688.957623][T15477] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  688.960665][T15477] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  688.963960][T15477] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  688.966660][T15477] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  689.019139][ T6029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  689.021763][ T6029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  689.042239][ T6029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  689.044768][ T6029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  689.103645][ T6030] usbhid 6-1:1.0: can't add hid device: -71
[  689.105721][ T6030] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  689.110325][ T6030] usb 6-1: USB disconnect, device number 84
[  689.281157][T15552] FAULT_INJECTION: forcing a failure.
[  689.281157][T15552] name failslab, interval 1, probability 0, space 0, times 0
[  689.287500][T15552] CPU: 2 UID: 0 PID: 15552 Comm: syz.3.3248 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  689.287526][T15552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  689.287538][T15552] Call Trace:
[  689.287545][T15552]  <TASK>
[  689.287552][T15552]  dump_stack_lvl+0x16c/0x1f0
[  689.287582][T15552]  should_fail_ex+0x512/0x640
[  689.287605][T15552]  ? __kvmalloc_node_noprof+0x124/0x620
[  689.287630][T15552]  should_failslab+0xc2/0x120
[  689.287656][T15552]  __kvmalloc_node_noprof+0x137/0x620
[  689.287678][T15552]  ? seq_read_iter+0x826/0x12c0
[  689.287705][T15552]  ? seq_read_iter+0x826/0x12c0
[  689.287750][T15552]  seq_read_iter+0x826/0x12c0
[  689.287771][T15552]  ? get_pid_task+0xfc/0x250
[  689.287810][T15552]  kernfs_fop_read_iter+0x40f/0x5a0
[  689.287830][T15552]  ? rw_verify_area+0xcf/0x680
[  689.287853][T15552]  vfs_read+0x8bc/0xc60
[  689.287880][T15552]  ? __pfx_vfs_read+0x10/0x10
[  689.287900][T15552]  ? find_held_lock+0x2b/0x80
[  689.287939][T15552]  __x64_sys_pread64+0x1eb/0x250
[  689.287963][T15552]  ? __pfx___x64_sys_pread64+0x10/0x10
[  689.287994][T15552]  do_syscall_64+0xcd/0x4c0
[  689.288028][T15552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.288046][T15552] RIP: 0033:0x7ff666b8e929
[  689.288062][T15552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.288079][T15552] RSP: 002b:00007ff667a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  689.288097][T15552] RAX: ffffffffffffffda RBX: 00007ff666db5fa0 RCX: 00007ff666b8e929
[  689.288109][T15552] RDX: 000000000000004e RSI: 0000200000000100 RDI: 0000000000000003
[  689.288120][T15552] RBP: 00007ff667a07090 R08: 0000000000000000 R09: 0000000000000000
[  689.288132][T15552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  689.288142][T15552] R13: 0000000000000000 R14: 00007ff666db5fa0 R15: 00007ffd160322e8
[  689.288168][T15552]  </TASK>
[  689.422855][ T6083] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[  689.583525][ T6083] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  689.586899][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.590114][ T6083] usb 7-1: config 0 has no interfaces?
[  689.592615][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.595935][ T6083] usb 7-1: config 0 has no interfaces?
[  689.598543][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.601780][ T6083] usb 7-1: config 0 has no interfaces?
[  689.604480][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.607624][ T6083] usb 7-1: config 0 has no interfaces?
[  689.610313][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.614008][ T6083] usb 7-1: config 0 has no interfaces?
[  689.616504][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.619986][ T6083] usb 7-1: config 0 has no interfaces?
[  689.622437][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.625645][ T6083] usb 7-1: config 0 has no interfaces?
[  689.628154][ T6083] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  689.631365][ T6083] usb 7-1: config 0 has no interfaces?
[  689.635346][ T6083] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  689.638949][ T6083] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  689.642473][ T6083] usb 7-1: Product: syz
[  689.644745][ T6083] usb 7-1: Manufacturer: syz
[  689.646687][ T6083] usb 7-1: SerialNumber: syz
[  689.650684][ T6083] usb 7-1: config 0 descriptor??
[  689.857017][ T6083] usb 7-1: USB disconnect, device number 67
[  690.685279][T15569] fuse: Bad value for 'fd'
[  690.767689][   T40] audit: type=1800 audit(1751036900.062:872): pid=15571 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.3255" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  690.769388][T15571] netlink: 'syz.1.3255': attribute type 1 has an invalid length.
[  690.777499][T15571] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  691.034594][T15579] fuse: Bad value for 'user_id'
[  691.036418][T15579] fuse: Bad value for 'user_id'
[  691.127452][ T6029] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  692.692802][   T63] Bluetooth: hci0: command 0x0401 tx timeout
[  692.715428][T15586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3263'.
[  692.806745][T15586] hsr_slave_1 (unregistering): left promiscuous mode
[  692.823844][   T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  692.830426][   T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  692.833632][   T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  692.837249][   T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  692.840650][   T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  692.943765][ T6029] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  692.946949][   T40] audit: type=1400 audit(1751036902.242:873): avc:  denied  { append } for  pid=15603 comm="syz.3.3266" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  692.959129][T15595] chnl_net:caif_netlink_parms(): no params data found
[  693.037700][ T6029] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.043761][T15595] bridge0: port 1(bridge_slave_0) entered blocking state
[  693.046080][T15595] bridge0: port 1(bridge_slave_0) entered disabled state
[  693.048575][T15595] bridge_slave_0: entered allmulticast mode
[  693.051515][T15595] bridge_slave_0: entered promiscuous mode
[  693.056661][T15595] bridge0: port 2(bridge_slave_1) entered blocking state
[  693.059389][T15595] bridge0: port 2(bridge_slave_1) entered disabled state
[  693.061918][T15595] bridge_slave_1: entered allmulticast mode
[  693.065143][T15595] bridge_slave_1: entered promiscuous mode
[  693.110822][ T6029] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.121167][T15595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  693.127379][T15595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  693.136049][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.142952][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.152801][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.155658][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.158550][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.162197][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.170212][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.170884][T15595] team0: Port device team_slave_0 added
[  693.173765][T14848] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[  693.177982][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.180839][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.186207][T15595] team0: Port device team_slave_1 added
[  693.188440][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.191733][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.194878][ T6595] hid-generic 00A9:0008:0003.004F: unknown main item tag 0x0
[  693.198889][ T6595] hid-generic 00A9:0008:0003.004F: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  693.234041][T15595] batman_adv: batadv0: Adding interface: batadv_slave_0
[  693.236298][T15595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  693.244472][T15595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  693.248618][T15595] batman_adv: batadv0: Adding interface: batadv_slave_1
[  693.250927][T15595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  693.251052][T15617] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3271'.
[  693.260826][T15595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  693.263005][T15617] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  693.263022][T15617] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  693.334004][T14848] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  693.343399][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.346496][T14848] usb 6-1: config 0 has no interfaces?
[  693.353198][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.356301][T14848] usb 6-1: config 0 has no interfaces?
[  693.361350][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.368813][T15595] hsr_slave_0: entered promiscuous mode
[  693.371017][T15595] hsr_slave_1: entered promiscuous mode
[  693.373077][T14848] usb 6-1: config 0 has no interfaces?
[  693.375528][T15595] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  693.377978][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.381124][T14848] usb 6-1: config 0 has no interfaces?
[  693.382815][T15595] Cannot create hsr debugfs directory
[  693.384629][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.389279][T14848] usb 6-1: config 0 has no interfaces?
[  693.392378][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.396617][T14848] usb 6-1: config 0 has no interfaces?
[  693.399103][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.402313][T14848] usb 6-1: config 0 has no interfaces?
[  693.405055][T14848] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.408135][T14848] usb 6-1: config 0 has no interfaces?
[  693.409373][ T6029] bridge_slave_1: left allmulticast mode
[  693.411569][T14848] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  693.411615][ T6029] bridge_slave_1: left promiscuous mode
[  693.415017][T14848] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  693.416600][ T6029] bridge0: port 2(bridge_slave_1) entered disabled state
[  693.419041][T14848] usb 6-1: Product: syz
[  693.423604][T14848] usb 6-1: Manufacturer: syz
[  693.425182][T14848] usb 6-1: SerialNumber: syz
[  693.425921][ T6029] bridge_slave_0: left allmulticast mode
[  693.428365][T14848] usb 6-1: config 0 descriptor??
[  693.430268][ T6029] bridge_slave_0: left promiscuous mode
[  693.432427][ T6029] bridge0: port 1(bridge_slave_0) entered disabled state
[  693.586172][T15621] tipc: Can't bind to reserved service type 2
[  693.588413][   T40] audit: type=1400 audit(1751036902.882:874): avc:  denied  { setattr } for  pid=15620 comm="syz.2.3272" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  693.591087][T15621] netlink: 48 bytes leftover after parsing attributes in process `+}[@'.
[  693.637820][ T3231] usb 6-1: USB disconnect, device number 85
[  693.644537][T15623] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  693.644547][T15622] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  693.709622][ T6029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  693.715447][ T6029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  693.720018][ T6029] bond0 (unregistering): Released all slaves
[  693.843300][T15625] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3273'.
[  693.887202][T15629] netlink: 'syz.2.3274': attribute type 3 has an invalid length.
[  693.890253][T15629] netlink: 'syz.2.3274': attribute type 1 has an invalid length.
[  693.893696][T15629] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.3274'.
[  694.074456][ T6029] hsr_slave_0: left promiscuous mode
[  694.076804][ T6029] hsr_slave_1: left promiscuous mode
[  694.078724][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  694.081341][ T6029] batman_adv: batadv0: Removing interface: batadv_slave_0
[  694.084546][ T6029] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  694.087045][ T6029] batman_adv: batadv0: Removing interface: batadv_slave_1
[  694.099536][   T40] audit: type=1326 audit(1751036903.392:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15638 comm="syz.3.3279" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff666b8e929 code=0x0
[  694.108728][ T6029] veth1_macvtap: left promiscuous mode
[  694.110578][ T6029] veth0_macvtap: left promiscuous mode
[  694.112503][ T6029] veth1_vlan: left promiscuous mode
[  694.114333][ T6029] veth0_vlan: left promiscuous mode
[  694.207875][T15642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3279'.
[  694.280045][T15643] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3280'.
[  694.291139][T15643] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3280'.
[  694.405404][T15649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3282'.
[  694.512839][T15651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3282'.
[  694.782594][ T6029] team0 (unregistering): Port device team_slave_1 removed
[  694.855955][   T63] Bluetooth: hci2: command tx timeout
[  694.868661][ T6029] team0 (unregistering): Port device team_slave_0 removed
[  695.510536][T15651] hsr_slave_1 (unregistering): left promiscuous mode
[  695.614915][T15595] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  695.619092][T15595] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  695.623063][T15595] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  695.628666][T15595] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  695.693690][T15595] 8021q: adding VLAN 0 to HW filter on device bond0
[  695.702333][T15595] 8021q: adding VLAN 0 to HW filter on device team0
[  695.705032][T15677] fuse: Bad value for 'group_id'
[  695.706570][T15677] fuse: Bad value for 'group_id'
[  695.707533][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  695.710451][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  695.723498][T11121] bridge0: port 2(bridge_slave_1) entered blocking state
[  695.725802][T11121] bridge0: port 2(bridge_slave_1) entered forwarding state
[  695.855942][T15595] 8021q: adding VLAN 0 to HW filter on device batadv0
[  696.004597][T15595] veth0_vlan: entered promiscuous mode
[  696.009501][T15595] veth1_vlan: entered promiscuous mode
[  696.027647][T15595] veth0_macvtap: entered promiscuous mode
[  696.033215][T15595] veth1_macvtap: entered promiscuous mode
[  696.041528][T15595] batman_adv: batadv0: Interface activated: batadv_slave_0
[  696.049364][T15595] batman_adv: batadv0: Interface activated: batadv_slave_1
[  696.054410][T15595] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  696.057195][T15595] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  696.060008][T15595] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  696.063368][T15595] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  696.113609][ T6063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  696.116003][ T6063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  696.134320][T11121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  696.136808][T11121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  696.343862][ T6111] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[  696.512796][ T6111] usb 6-1: Using ep0 maxpacket: 16
[  696.515700][ T6111] usb 6-1: config 0 has no interfaces?
[  696.518374][ T6111] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  696.521375][ T6111] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  696.524350][ T6111] usb 6-1: SerialNumber: syz
[  696.524848][   T40] audit: type=1400 audit(1751036905.822:876): avc:  denied  { accept } for  pid=15720 comm="syz.2.3305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  696.527426][ T6111] usb 6-1: config 0 descriptor??
[  696.743253][ T6111] usb 6-1: USB disconnect, device number 86
[  696.866842][T15731] FAULT_INJECTION: forcing a failure.
[  696.866842][T15731] name failslab, interval 1, probability 0, space 0, times 0
[  696.870990][T15731] CPU: 1 UID: 0 PID: 15731 Comm: syz.2.3309 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  696.871006][T15731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  696.871012][T15731] Call Trace:
[  696.871017][T15731]  <TASK>
[  696.871022][T15731]  dump_stack_lvl+0x16c/0x1f0
[  696.871042][T15731]  should_fail_ex+0x512/0x640
[  696.871056][T15731]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  696.871075][T15731]  should_failslab+0xc2/0x120
[  696.871091][T15731]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  696.871106][T15731]  ? kobject_init_and_add+0xe7/0x190
[  696.871116][T15731]  ? rpc_sysfs_xprt_switch_setup+0x189/0x370
[  696.871134][T15731]  ? xprt_switch_alloc+0x28e/0x3c0
[  696.871146][T15731]  ? kstrdup_const+0x63/0x80
[  696.871161][T15731]  ? rpcb_create_local+0x1ee/0x270
[  696.871178][T15731]  kstrdup+0x53/0x100
[  696.871192][T15731]  kstrdup_const+0x63/0x80
[  696.871205][T15731]  __kernfs_new_node+0x9b/0x8e0
[  696.871222][T15731]  ? __pfx_number+0x10/0x10
[  696.871233][T15731]  ? __pfx___kernfs_new_node+0x10/0x10
[  696.871252][T15731]  ? find_held_lock+0x2b/0x80
[  696.871266][T15731]  ? kernfs_root+0xee/0x2a0
[  696.871285][T15731]  kernfs_new_node+0x13c/0x1e0
[  696.871298][T15731]  kernfs_create_dir_ns+0x4c/0x1a0
[  696.871310][T15731]  sysfs_create_dir_ns+0x13a/0x2b0
[  696.871326][T15731]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  696.871340][T15731]  ? find_held_lock+0x2b/0x80
[  696.871355][T15731]  ? rpc_sysfs_xprt_switch_namespace+0xd/0x40
[  696.871372][T15731]  kobject_add_internal+0x2c4/0x9b0
[  696.871385][T15731]  kobject_init_and_add+0x11b/0x190
[  696.871397][T15731]  ? __pfx_kobject_init_and_add+0x10/0x10
[  696.871415][T15731]  rpc_sysfs_xprt_switch_setup+0x189/0x370
[  696.871435][T15731]  xprt_switch_alloc+0x28e/0x3c0
[  696.871449][T15731]  rpc_create_xprt+0x2dc/0x440
[  696.871465][T15731]  rpc_create+0x469/0x7f0
[  696.871479][T15731]  ? __pfx_rpc_create+0x10/0x10
[  696.871497][T15731]  ? __lock_acquire+0xb8a/0x1c90
[  696.871526][T15731]  ? __pfx___might_resched+0x10/0x10
[  696.871540][T15731]  ? rcu_is_watching+0x12/0xc0
[  696.871556][T15731]  rpcb_create_af_local+0x11b/0x310
[  696.871567][T15731]  ? __pfx_rpcb_create_af_local+0x10/0x10
[  696.871594][T15731]  ? find_held_lock+0x2b/0x80
[  696.871614][T15731]  ? rpcb_create_local+0x1da/0x270
[  696.871639][T15731]  rpcb_create_local+0x1ee/0x270
[  696.871681][T15731]  svc_bind+0x1e8/0x260
[  696.871700][T15731]  nfsd_create_serv+0x2d2/0x480
[  696.871712][T15731]  ? __pfx_nfsd_create_serv+0x10/0x10
[  696.871728][T15731]  nfsd_nl_listener_set_doit+0xe5/0x1a40
[  696.871747][T15731]  ? rcu_is_watching+0x12/0xc0
[  696.871760][T15731]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  696.871775][T15731]  ? __nla_parse+0x40/0x60
[  696.871793][T15731]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  696.871809][T15731]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  696.871826][T15731]  genl_family_rcv_msg_doit+0x206/0x2f0
[  696.871840][T15731]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  696.871859][T15731]  ? bpf_lsm_capable+0x9/0x10
[  696.871870][T15731]  ? security_capable+0x7e/0x260
[  696.871886][T15731]  genl_rcv_msg+0x55c/0x800
[  696.871900][T15731]  ? __pfx_genl_rcv_msg+0x10/0x10
[  696.871915][T15731]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  696.871932][T15731]  ? __lock_acquire+0x622/0x1c90
[  696.871950][T15731]  netlink_rcv_skb+0x155/0x420
[  696.871961][T15731]  ? __pfx_genl_rcv_msg+0x10/0x10
[  696.871975][T15731]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  696.871992][T15731]  ? netlink_deliver_tap+0x1ae/0xd30
[  696.872008][T15731]  ? is_vmalloc_addr+0x86/0xa0
[  696.872024][T15731]  genl_rcv+0x28/0x40
[  696.872035][T15731]  netlink_unicast+0x53d/0x7f0
[  696.872048][T15731]  ? __pfx_netlink_unicast+0x10/0x10
[  696.872063][T15731]  netlink_sendmsg+0x8d1/0xdd0
[  696.872077][T15731]  ? __pfx_netlink_sendmsg+0x10/0x10
[  696.872094][T15731]  ____sys_sendmsg+0xa95/0xc70
[  696.872112][T15731]  ? copy_msghdr_from_user+0x10a/0x160
[  696.872135][T15731]  ? __pfx_____sys_sendmsg+0x10/0x10
[  696.872173][T15731]  ___sys_sendmsg+0x134/0x1d0
[  696.872201][T15731]  ? __pfx____sys_sendmsg+0x10/0x10
[  696.872217][T15731]  ? __lock_acquire+0x622/0x1c90
[  696.872252][T15731]  __sys_sendmsg+0x16d/0x220
[  696.872267][T15731]  ? __pfx___sys_sendmsg+0x10/0x10
[  696.872292][T15731]  do_syscall_64+0xcd/0x4c0
[  696.872310][T15731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.872321][T15731] RIP: 0033:0x7f21a5f8e929
[  696.872331][T15731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  696.872342][T15731] RSP: 002b:00007f21a6d94038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  696.872354][T15731] RAX: ffffffffffffffda RBX: 00007f21a61b5fa0 RCX: 00007f21a5f8e929
[  696.872361][T15731] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  696.872367][T15731] RBP: 00007f21a6d94090 R08: 0000000000000000 R09: 0000000000000000
[  696.872374][T15731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  696.872380][T15731] R13: 0000000000000000 R14: 00007f21a61b5fa0 R15: 00007ffe2f04a958
[  696.872397][T15731]  </TASK>
[  696.872404][T15731] kobject: kobject_add_internal failed for switch-0 (error: -12 parent: xprt-switches)
[  697.334614][T15747] FAULT_INJECTION: forcing a failure.
[  697.334614][T15747] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.338909][T15747] CPU: 3 UID: 0 PID: 15747 Comm: syz.2.3315 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  697.338926][T15747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  697.338933][T15747] Call Trace:
[  697.338938][T15747]  <TASK>
[  697.338943][T15747]  dump_stack_lvl+0x16c/0x1f0
[  697.338962][T15747]  should_fail_ex+0x512/0x640
[  697.338979][T15747]  _copy_from_iter+0x29f/0x16f0
[  697.338998][T15747]  ? __pfx__copy_from_iter+0x10/0x10
[  697.339015][T15747]  ? _kstrtoull+0x145/0x200
[  697.339025][T15747]  ? __pfx__kstrtoull+0x10/0x10
[  697.339039][T15747]  tun_get_user+0x13da/0x3b80
[  697.339061][T15747]  ? __pfx_tun_get_user+0x10/0x10
[  697.339077][T15747]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  697.339096][T15747]  ? find_held_lock+0x2b/0x80
[  697.339110][T15747]  ? tun_get+0x191/0x370
[  697.339128][T15747]  tun_chr_write_iter+0xdc/0x210
[  697.339145][T15747]  vfs_write+0x6c4/0x1150
[  697.339160][T15747]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  697.339177][T15747]  ? __pfx_vfs_write+0x10/0x10
[  697.339189][T15747]  ? find_held_lock+0x2b/0x80
[  697.339231][T15747]  ksys_write+0x12a/0x250
[  697.339272][T15747]  ? __pfx_ksys_write+0x10/0x10
[  697.339286][T15747]  ? fput+0x70/0xf0
[  697.339311][T15747]  do_syscall_64+0xcd/0x4c0
[  697.339334][T15747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.339350][T15747] RIP: 0033:0x7f21a5f8e929
[  697.339365][T15747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.339384][T15747] RSP: 002b:00007f21a6d94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  697.339400][T15747] RAX: ffffffffffffffda RBX: 00007f21a61b5fa0 RCX: 00007f21a5f8e929
[  697.339409][T15747] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000004
[  697.339416][T15747] RBP: 00007f21a6d94090 R08: 0000000000000000 R09: 0000000000000000
[  697.339423][T15747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.339429][T15747] R13: 0000000000000000 R14: 00007f21a61b5fa0 R15: 00007ffe2f04a958
[  697.339443][T15747]  </TASK>
[  697.563452][ T1122] sr 2:0:0:0: [sr0] tag#12 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  697.566580][ T1122] sr 2:0:0:0: [sr0] tag#12 Sense Key : Illegal Request [current] 
[  697.569064][ T1122] sr 2:0:0:0: [sr0] tag#12 Add. Sense: Invalid command operation code
[  697.571481][ T1122] sr 2:0:0:0: [sr0] tag#12 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00
[  697.574463][ T1122] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  697.577675][ T1122] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  697.614406][T15753] syz.2.3317: attempt to access beyond end of device
[  697.614406][T15753] sr0: rw=0, sector=0, nr_sectors = 4 limit=0
[  697.618955][T15753] hfs: can't find a HFS filesystem on dev sr0
[  697.815239][ T5998] Bluetooth: hci4: command 0x0406 tx timeout
[  698.382816][ T6063] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.093880][ T6063] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.148438][T14848] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0
[  700.151906][T14848] hid-generic 0000:0000:0000.0050: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  700.179319][ T6063] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.206008][ T5998] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  700.210764][ T5998] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  700.214778][ T5998] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  700.217609][ T5998] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  700.220082][ T5998] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  700.330907][ T6063] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.351773][T15765] chnl_net:caif_netlink_parms(): no params data found
[  700.445288][T15765] bridge0: port 1(bridge_slave_0) entered blocking state
[  700.447599][T15765] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.449912][T15765] bridge_slave_0: entered allmulticast mode
[  700.452556][T15765] bridge_slave_0: entered promiscuous mode
[  700.456505][T15765] bridge0: port 2(bridge_slave_1) entered blocking state
[  700.458774][T15765] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.461035][T15765] bridge_slave_1: entered allmulticast mode
[  700.464399][T15765] bridge_slave_1: entered promiscuous mode
[  700.498407][T15779] syz.3.3324: attempt to access beyond end of device
[  700.498407][T15779] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  700.503021][T15779] syz.3.3324: attempt to access beyond end of device
[  700.503021][T15779] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  700.509670][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  700.516217][T15765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  700.516305][T15779] syz.3.3324: attempt to access beyond end of device
[  700.516305][T15779] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  700.522245][T15765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  700.525383][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  700.531455][T15779] syz.3.3324: attempt to access beyond end of device
[  700.531455][T15779] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  700.536792][T15779] syz.3.3324: attempt to access beyond end of device
[  700.536792][T15779] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  700.541709][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  700.546984][T15779] syz.3.3324: attempt to access beyond end of device
[  700.546984][T15779] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  700.551347][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  700.555057][T15779] syz.3.3324: attempt to access beyond end of device
[  700.555057][T15779] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  700.559114][T15779] syz.3.3324: attempt to access beyond end of device
[  700.559114][T15779] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  700.564256][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  700.567289][T15779] syz.3.3324: attempt to access beyond end of device
[  700.567289][T15779] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  700.572459][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  700.575958][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  700.579039][T15779] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  700.581327][T15765] team0: Port device team_slave_0 added
[  700.582071][T15779] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  700.592808][  T838] usb 6-1: new full-speed USB device number 87 using dummy_hcd
[  700.596388][T15765] team0: Port device team_slave_1 added
[  700.616396][T15779] kvm: kvm [15778]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x1a0000000003
[  700.641090][T15779] kvm: kvm [15778]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x186) = 0x1a0000000003
[  700.644947][T15779] kvm: kvm [15778]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x187) = 0x3
[  700.654205][ T6063] bridge_slave_1: left allmulticast mode
[  700.662140][T15779] kvm_intel: kvm [15778]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x1d9) = 0x3
[  700.663190][ T6063] bridge_slave_1: left promiscuous mode
[  700.667303][ T6063] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.671849][ T6063] bridge_slave_0: left allmulticast mode
[  700.674744][ T6063] bridge_slave_0: left promiscuous mode
[  700.676832][ T6063] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.776876][  T838] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  700.780175][  T838] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  700.792693][  T838] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  700.795910][  T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.806131][  T838] usb 6-1: config 0 descriptor??
[  700.811084][  T838] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  700.815304][  T838] dvb-usb: bulk message failed: -22 (3/0)
[  700.823341][  T838] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  700.827682][  T838] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  700.830632][  T838] usb 6-1: media controller created
[  700.835192][T15786] __nla_validate_parse: 3 callbacks suppressed
[  700.835202][T15786] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3325'.
[  700.836120][  T838] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  700.852009][  T838] dvb-usb: bulk message failed: -22 (6/0)
[  700.857709][  T838] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  700.863200][  T838] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input59
[  700.870630][  T838] dvb-usb: schedule remote query interval to 150 msecs.
[  700.873657][  T838] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  700.990030][ T6063] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  700.997483][ T6063] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  701.002993][ T6063] bond0 (unregistering): Released all slaves
[  701.010791][T15765] batman_adv: batadv0: Adding interface: batadv_slave_0
[  701.013987][T15765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  701.024577][ T6055] usb 6-1: USB disconnect, device number 87
[  701.024937][T15765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  701.063931][ T6055] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  701.106283][T15765] batman_adv: batadv0: Adding interface: batadv_slave_1
[  701.109318][T15765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  701.122596][T15765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  701.225895][T15765] hsr_slave_0: entered promiscuous mode
[  701.228596][T15765] hsr_slave_1: entered promiscuous mode
[  701.434493][ T6063] hsr_slave_0: left promiscuous mode
[  701.437270][ T6063] hsr_slave_1: left promiscuous mode
[  701.439395][ T6063] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  701.441749][ T6063] batman_adv: batadv0: Removing interface: batadv_slave_0
[  701.446491][ T6063] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  701.449384][ T6063] batman_adv: batadv0: Removing interface: batadv_slave_1
[  701.469408][ T6063] veth1_macvtap: left promiscuous mode
[  701.471405][ T6063] veth0_macvtap: left promiscuous mode
[  701.473689][ T6063] veth1_vlan: left promiscuous mode
[  701.475494][ T6063] veth0_vlan: left promiscuous mode
[  701.893613][ T6111] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[  702.057186][ T6111] usb 7-1: Using ep0 maxpacket: 16
[  702.060080][ T6111] usb 7-1: config 0 has no interfaces?
[  702.062626][ T6111] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  702.065478][ T6111] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  702.067927][ T6111] usb 7-1: SerialNumber: syz
[  702.070802][ T6111] usb 7-1: config 0 descriptor??
[  702.278471][ T6111] usb 7-1: USB disconnect, device number 68
[  702.295088][ T5998] Bluetooth: hci2: command tx timeout
[  702.310697][ T6063] team0 (unregistering): Port device team_slave_1 removed
[  702.382599][ T6063] team0 (unregistering): Port device team_slave_0 removed
[  703.031588][T15823] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3334'.
[  703.108340][T15838] veth0: entered promiscuous mode
[  703.116715][T15837] veth0: left promiscuous mode
[  703.328562][T15765] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  703.334448][T15765] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  703.339146][T15765] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  703.343796][T15765] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  703.382547][T15765] 8021q: adding VLAN 0 to HW filter on device bond0
[  703.392152][T15765] 8021q: adding VLAN 0 to HW filter on device team0
[  703.398789][T11121] bridge0: port 1(bridge_slave_0) entered blocking state
[  703.401137][T11121] bridge0: port 1(bridge_slave_0) entered forwarding state
[  703.413581][ T6134] bridge0: port 2(bridge_slave_1) entered blocking state
[  703.415956][ T6134] bridge0: port 2(bridge_slave_1) entered forwarding state
[  703.420050][T15860] FAULT_INJECTION: forcing a failure.
[  703.420050][T15860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  703.426069][T15860] CPU: 0 UID: 0 PID: 15860 Comm: syz.1.3345 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  703.426086][T15860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  703.426094][T15860] Call Trace:
[  703.426099][T15860]  <TASK>
[  703.426103][T15860]  dump_stack_lvl+0x16c/0x1f0
[  703.426143][T15860]  should_fail_ex+0x512/0x640
[  703.426165][T15860]  _copy_from_user+0x2e/0xd0
[  703.426181][T15860]  ax25_rt_ioctl+0x917/0x1190
[  703.426207][T15860]  ? __pfx_ax25_rt_ioctl+0x10/0x10
[  703.426226][T15860]  ? bpf_lsm_capable+0x9/0x10
[  703.426238][T15860]  ? security_capable+0x7e/0x260
[  703.426252][T15860]  ax25_ioctl+0x979/0xb20
[  703.426265][T15860]  ? lockdep_hardirqs_on+0x7c/0x110
[  703.426281][T15860]  ? __pfx_ax25_ioctl+0x10/0x10
[  703.426295][T15860]  ? find_held_lock+0x2b/0x80
[  703.426314][T15860]  ? tomoyo_path_number_perm+0x18d/0x580
[  703.426332][T15860]  sock_do_ioctl+0x115/0x280
[  703.426345][T15860]  ? __pfx_sock_do_ioctl+0x10/0x10
[  703.426359][T15860]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  703.426375][T15860]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  703.426391][T15860]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  703.426409][T15860]  sock_ioctl+0x227/0x6b0
[  703.426421][T15860]  ? __pfx_sock_ioctl+0x10/0x10
[  703.426432][T15860]  ? hook_file_ioctl_common+0x145/0x410
[  703.426471][T15860]  ? selinux_file_ioctl+0x180/0x270
[  703.426485][T15860]  ? selinux_file_ioctl+0xb4/0x270
[  703.426500][T15860]  ? __pfx_sock_ioctl+0x10/0x10
[  703.426512][T15860]  __x64_sys_ioctl+0x18b/0x210
[  703.426526][T15860]  do_syscall_64+0xcd/0x4c0
[  703.426547][T15860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.426558][T15860] RIP: 0033:0x7f8ddcb8e929
[  703.426572][T15860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  703.426583][T15860] RSP: 002b:00007f8ddd9b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  703.426594][T15860] RAX: ffffffffffffffda RBX: 00007f8ddcdb5fa0 RCX: 00007f8ddcb8e929
[  703.426604][T15860] RDX: 0000200000000040 RSI: 00000000000089e7 RDI: 0000000000000004
[  703.426611][T15860] RBP: 00007f8ddd9b1090 R08: 0000000000000000 R09: 0000000000000000
[  703.426617][T15860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  703.426624][T15860] R13: 0000000000000000 R14: 00007f8ddcdb5fa0 R15: 00007fff82edeec8
[  703.426638][T15860]  </TASK>
[  703.525044][T15765] 8021q: adding VLAN 0 to HW filter on device batadv0
[  703.707862][T15765] veth0_vlan: entered promiscuous mode
[  703.719938][T15765] veth1_vlan: entered promiscuous mode
[  703.740227][T15765] veth0_macvtap: entered promiscuous mode
[  703.746357][T15765] veth1_macvtap: entered promiscuous mode
[  703.759662][T15765] batman_adv: batadv0: Interface activated: batadv_slave_0
[  703.767166][T15765] batman_adv: batadv0: Interface activated: batadv_slave_1
[  703.773491][T15765] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  703.777368][T15765] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  703.780296][T15765] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  703.783961][T15765] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  703.832580][ T6134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  703.835114][ T6134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  703.851878][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  703.859342][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  704.148941][   T40] audit: type=1400 audit(1751036913.442:877): avc:  denied  { read } for  pid=15894 comm="syz.1.3355" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  704.977808][T15895] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  704.982143][T15895] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  704.990806][T15895] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  704.993093][T15895] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  705.132756][T15906] loop6: detected capacity change from 0 to 7
[  705.135544][T15906] Dev loop6: unable to read RDB block 7
[  705.137308][T15906]  loop6: unable to read partition table
[  705.139184][T15906] loop6: partition table beyond EOD, truncated
[  705.141100][T15906] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  705.240587][T15912] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3363'.
[  705.412385][T15920] netlink: 'syz.1.3365': attribute type 10 has an invalid length.
[  705.903514][ T6024] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[  706.052874][ T6024] usb 6-1: Using ep0 maxpacket: 16
[  706.064289][ T6024] usb 6-1: config 0 has no interfaces?
[  706.068360][ T6024] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  706.071170][ T6024] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  706.075721][ T6024] usb 6-1: SerialNumber: syz
[  706.079675][ T6024] usb 6-1: config 0 descriptor??
[  706.093887][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.291316][ T6024] usb 6-1: USB disconnect, device number 88
[  706.292931][ T5998] Bluetooth: hci0: command 0x0401 tx timeout
[  707.012883][ T5998] Bluetooth: hci4: command 0x0406 tx timeout
[  707.853478][T15929] tmpfs: Bad value for 'mpol'
[  707.935629][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.013183][   T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  708.015925][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.018779][   T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  708.025973][   T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  708.030045][   T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  708.034735][   T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  708.079789][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.215595][T15958] sd 0:0:0:0: PR command failed: 1026
[  708.217821][T15958] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  708.220546][T15958] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  708.246193][T15941] chnl_net:caif_netlink_parms(): no params data found
[  708.348801][   T13] bridge_slave_1: left allmulticast mode
[  708.351999][   T13] bridge_slave_1: left promiscuous mode
[  708.357433][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.361824][   T13] bridge_slave_0: left allmulticast mode
[  708.363979][   T13] bridge_slave_0: left promiscuous mode
[  708.365841][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.372809][   T63] Bluetooth: hci0: command 0x0401 tx timeout
[  708.671714][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  708.676273][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  708.680707][   T13] bond0 (unregistering): Released all slaves
[  708.749917][T15941] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.752176][T15941] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.758961][T15941] bridge_slave_0: entered allmulticast mode
[  708.762376][T15941] bridge_slave_0: entered promiscuous mode
[  708.767247][T15941] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.769513][T15941] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.771743][T15941] bridge_slave_1: entered allmulticast mode
[  708.775351][T15941] bridge_slave_1: entered promiscuous mode
[  708.832976][T15941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  708.839076][T15941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  708.877445][T15941] team0: Port device team_slave_0 added
[  708.887037][T15941] team0: Port device team_slave_1 added
[  708.935230][T15941] batman_adv: batadv0: Adding interface: batadv_slave_0
[  708.937477][T15941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  708.946175][T15941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  708.950551][T15941] batman_adv: batadv0: Adding interface: batadv_slave_1
[  708.952888][T15941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  708.960801][T15941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  709.008018][   T13] hsr_slave_0: left promiscuous mode
[  709.010959][   T13] hsr_slave_1: left promiscuous mode
[  709.014951][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  709.017388][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  709.021200][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  709.024655][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  709.051157][   T13] veth1_macvtap: left promiscuous mode
[  709.052997][   T13] veth0_macvtap: left promiscuous mode
[  709.054776][   T13] veth1_vlan: left promiscuous mode
[  709.056418][   T13] veth0_vlan: left promiscuous mode
[  709.092854][   T63] Bluetooth: hci4: command 0x0406 tx timeout
[  709.850065][   T13] team0 (unregistering): Port device team_slave_1 removed
[  709.931711][   T13] team0 (unregistering): Port device team_slave_0 removed
[  710.053123][   T63] Bluetooth: hci2: command tx timeout
[  710.192851][ T6111] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[  710.342880][ T6111] usb 6-1: Using ep0 maxpacket: 16
[  710.347842][ T6111] usb 6-1: config 0 has no interfaces?
[  710.350475][ T6111] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  710.353661][ T6111] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  710.356068][ T6111] usb 6-1: SerialNumber: syz
[  710.359499][ T6111] usb 6-1: config 0 descriptor??
[  710.494668][T15979] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  710.502356][T15941] hsr_slave_0: entered promiscuous mode
[  710.504964][T15941] hsr_slave_1: entered promiscuous mode
[  710.566132][ T6111] usb 6-1: USB disconnect, device number 89
[  710.852872][ T6083] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[  711.007905][T15941] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  711.013027][ T6083] usb 7-1: Using ep0 maxpacket: 8
[  711.016998][T15941] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  711.017640][ T6083] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  711.022913][ T6083] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  711.026461][ T6083] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  711.029404][T15941] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  711.029509][ T6083] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  711.035852][ T6083] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  711.037628][T15941] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  711.041034][ T6083] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  711.047771][ T6083] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  711.083694][T15941] 8021q: adding VLAN 0 to HW filter on device bond0
[  711.095252][T15941] 8021q: adding VLAN 0 to HW filter on device team0
[  711.100548][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  711.102795][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  711.109980][T15948] bridge0: port 2(bridge_slave_1) entered blocking state
[  711.112220][T15948] bridge0: port 2(bridge_slave_1) entered forwarding state
[  711.230284][T15941] 8021q: adding VLAN 0 to HW filter on device batadv0
[  711.258707][ T6083] usb 7-1: GET_CAPABILITIES returned 0
[  711.260473][ T6083] usbtmc 7-1:16.0: can't read capabilities
[  711.361921][T15941] veth0_vlan: entered promiscuous mode
[  711.367012][T15941] veth1_vlan: entered promiscuous mode
[  711.384000][T15941] veth0_macvtap: entered promiscuous mode
[  711.387983][T15941] veth1_macvtap: entered promiscuous mode
[  711.396853][T15941] batman_adv: batadv0: Interface activated: batadv_slave_0
[  711.402248][T15941] batman_adv: batadv0: Interface activated: batadv_slave_1
[  711.407236][T15941] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  711.409966][T15941] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  711.412813][T15941] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  711.415503][T15941] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  711.450705][ T6063] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  711.454645][ T6063] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  711.469218][ T6063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  711.471694][ T6063] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  711.491316][ T6024] usb 7-1: USB disconnect, device number 69
[  712.127185][T16019] netlink: 'syz.3.3391': attribute type 7 has an invalid length.
[  712.301827][T16030] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3394'.
[  712.306437][T16030] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  712.817264][T16043] ==================================================================
[  712.820270][T16043] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x549/0x640
[  712.822697][T16043] Read of size 1 at addr ffff888032784030 by task syz.1.3398/16043
[  712.826295][T16043] 
[  712.827754][T16043] CPU: 2 UID: 0 PID: 16043 Comm: syz.1.3398 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  712.827771][T16043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  712.827783][T16043] Call Trace:
[  712.827789][T16043]  <TASK>
[  712.827795][T16043]  dump_stack_lvl+0x116/0x1f0
[  712.827816][T16043]  print_report+0xcd/0x680
[  712.827833][T16043]  ? __virt_addr_valid+0x81/0x610
[  712.827847][T16043]  ? __phys_addr+0xe8/0x180
[  712.827861][T16043]  ? rose_get_neigh+0x549/0x640
[  712.827875][T16043]  kasan_report+0xe0/0x110
[  712.827890][T16043]  ? rose_get_neigh+0x549/0x640
[  712.827907][T16043]  rose_get_neigh+0x549/0x640
[  712.827923][T16043]  rose_connect+0x2d4/0x1540
[  712.827935][T16043]  ? __pfx_rose_connect+0x10/0x10
[  712.827946][T16043]  ? selinux_netlbl_socket_connect+0x30/0x40
[  712.827962][T16043]  ? rcu_is_watching+0x12/0xc0
[  712.827975][T16043]  ? __local_bh_enable_ip+0xa4/0x120
[  712.827988][T16043]  ? lockdep_hardirqs_on+0x7c/0x110
[  712.828004][T16043]  ? selinux_netlbl_socket_connect+0x30/0x40
[  712.828018][T16043]  ? __local_bh_enable_ip+0xa4/0x120
[  712.828033][T16043]  ? selinux_netlbl_socket_connect+0x30/0x40
[  712.828048][T16043]  ? selinux_socket_connect+0x6b/0x80
[  712.828062][T16043]  ? __pfx_rose_connect+0x10/0x10
[  712.828072][T16043]  __sys_connect_file+0x141/0x1a0
[  712.828087][T16043]  __sys_connect+0x13b/0x160
[  712.828100][T16043]  ? __pfx___sys_connect+0x10/0x10
[  712.828115][T16043]  ? dnotify_flush+0x79/0x4c0
[  712.828133][T16043]  __x64_sys_connect+0x72/0xb0
[  712.828145][T16043]  ? lockdep_hardirqs_on+0x7c/0x110
[  712.828160][T16043]  do_syscall_64+0xcd/0x4c0
[  712.828176][T16043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.828187][T16043] RIP: 0033:0x7f8ddcb8e929
[  712.828197][T16043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  712.828208][T16043] RSP: 002b:00007f8ddd9b1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  712.828219][T16043] RAX: ffffffffffffffda RBX: 00007f8ddcdb5fa0 RCX: 00007f8ddcb8e929
[  712.828226][T16043] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000d
[  712.828232][T16043] RBP: 00007f8ddcc10b39 R08: 0000000000000000 R09: 0000000000000000
[  712.828239][T16043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  712.828246][T16043] R13: 0000000000000000 R14: 00007f8ddcdb5fa0 R15: 00007fff82edeec8
[  712.828256][T16043]  </TASK>
[  712.828261][T16043] 
[  712.915315][T16043] Allocated by task 13:
[  712.917080][T16043]  kasan_save_stack+0x33/0x60
[  712.918909][T16043]  kasan_save_track+0x14/0x30
[  712.920912][T16043]  __kasan_kmalloc+0xaa/0xb0
[  712.922126][T16045] fuse: Bad value for 'fd'
[  712.922839][T16043]  __kmalloc_noprof+0x223/0x510
[  712.922867][T16043]  fib6_info_alloc+0x40/0x160
[  712.928345][T16043]  ip6_route_info_create+0x14c/0x870
[  712.930590][T16043]  ip6_route_add.part.0+0x22/0x1d0
[  712.932698][T16043]  ip6_route_add+0x45/0x60
[  712.934520][T16043]  addrconf_add_mroute+0x1dd/0x350
[  712.936602][T16043]  addrconf_add_dev+0x14e/0x1c0
[  712.938640][T16043]  addrconf_init_auto_addrs+0x3f3/0x8f0
[  712.940947][T16043]  addrconf_notify+0x6e2/0x19e0
[  712.943003][T16043]  notifier_call_chain+0xb9/0x410
[  712.945181][T16043]  call_netdevice_notifiers_info+0xbe/0x140
[  712.947632][T16043]  netif_state_change+0x165/0x3b0
[  712.949757][T16043]  linkwatch_do_dev+0x12b/0x160
[  712.951825][T16043]  __linkwatch_run_queue+0x2aa/0x8a0
[  712.954041][T16043]  linkwatch_event+0x8f/0xc0
[  712.955922][T16043]  process_one_work+0x9cc/0x1b70
[  712.957512][T16043]  worker_thread+0x6c8/0xf10
[  712.959024][T16043]  kthread+0x3c2/0x780
[  712.960357][T16043]  ret_from_fork+0x5d4/0x6f0
[  712.961860][T16043]  ret_from_fork_asm+0x1a/0x30
[  712.963405][T16043] 
[  712.964201][T16043] Freed by task 23:
[  712.965481][T16043]  kasan_save_stack+0x33/0x60
[  712.967000][T16043]  kasan_save_track+0x14/0x30
[  712.968528][T16043]  kasan_save_free_info+0x3b/0x60
[  712.970174][T16043]  __kasan_slab_free+0x51/0x70
[  712.971723][T16043]  kfree+0x2b4/0x4d0
[  712.972984][T16043]  rcu_core+0x799/0x14e0
[  712.974354][T16043]  handle_softirqs+0x216/0x8e0
[  712.975906][T16043]  run_ksoftirqd+0x3a/0x60
[  712.977345][T16043]  smpboot_thread_fn+0x3f4/0xae0
[  712.978961][T16043]  kthread+0x3c2/0x780
[  712.980305][T16043]  ret_from_fork+0x5d4/0x6f0
[  712.981755][T16043]  ret_from_fork_asm+0x1a/0x30
[  712.983293][T16043] 
[  712.984089][T16043] Last potentially related work creation:
[  712.985909][T16043]  kasan_save_stack+0x33/0x60
[  712.987406][T16043]  kasan_record_aux_stack+0xa7/0xc0
[  712.989021][T16043]  __call_rcu_common.constprop.0+0xa5/0xa10
[  712.990857][T16043]  fib6_del+0xf3c/0x1770
[  712.992227][T16043]  fib6_clean_node+0x424/0x5b0
[  712.993693][T16043]  fib6_walk_continue+0x452/0x8d0
[  712.995270][T16043]  fib6_walk+0x182/0x370
[  712.996632][T16043]  fib6_clean_tree+0xd4/0x110
[  712.998085][T16043]  __fib6_clean_all+0x107/0x2d0
[  712.999669][T16043]  rt6_disable_ip+0x2ec/0x990
[  713.001181][T16043]  addrconf_ifdown.isra.0+0x11d/0x1a90
[  713.002912][T16043]  addrconf_notify+0x220/0x19e0
[  713.004449][T16043]  notifier_call_chain+0xb9/0x410
[  713.006050][T16043]  call_netdevice_notifiers_info+0xbe/0x140
[  713.007930][T16043]  dev_close_many+0x319/0x630
[  713.009433][T16043]  unregister_netdevice_many_notify+0x578/0x2700
[  713.011441][T16043]  default_device_exit_batch+0x853/0xaf0
[  713.013245][T16043]  ops_undo_list+0x363/0xab0
[  713.014728][T16043]  cleanup_net+0x408/0x890
[  713.016143][T16043]  process_one_work+0x9cc/0x1b70
[  713.017726][T16043]  worker_thread+0x6c8/0xf10
[  713.019209][T16043]  kthread+0x3c2/0x780
[  713.020524][T16043]  ret_from_fork+0x5d4/0x6f0
[  713.022008][T16043]  ret_from_fork_asm+0x1a/0x30
[  713.023546][T16043] 
[  713.024329][T16043] The buggy address belongs to the object at ffff888032784000
[  713.024329][T16043]  which belongs to the cache kmalloc-512 of size 512
[  713.028653][T16043] The buggy address is located 48 bytes inside of
[  713.028653][T16043]  freed 512-byte region [ffff888032784000, ffff888032784200)
[  713.032875][T16043] 
[  713.033662][T16043] The buggy address belongs to the physical page:
[  713.035733][T16043] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888032785000 pfn:0x32784
[  713.038897][T16043] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  713.041550][T16043] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  713.044214][T16043] page_type: f5(slab)
[  713.045514][T16043] raw: 00fff00000000240 ffff88801b842c80 ffffea0000e2f010 ffff88801b8407c8
[  713.048224][T16043] raw: ffff888032785000 0000000000100008 00000000f5000000 0000000000000000
[  713.050934][T16043] head: 00fff00000000240 ffff88801b842c80 ffffea0000e2f010 ffff88801b8407c8
[  713.053673][T16043] head: ffff888032785000 0000000000100008 00000000f5000000 0000000000000000
[  713.056409][T16043] head: 00fff00000000002 ffffea0000c9e101 00000000ffffffff 00000000ffffffff
[  713.059163][T16043] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  713.061970][T16043] page dumped because: kasan: bad access detected
[  713.064022][T16043] page_owner tracks the page as allocated
[  713.065841][T16043] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 46, tgid 46 (kworker/u32:2), ts 372665041761, free_ts 372636635367
[  713.071818][T16043]  post_alloc_hook+0x1c0/0x230
[  713.073378][T16043]  get_page_from_freelist+0x1321/0x3890
[  713.075155][T16043]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  713.077051][T16043]  alloc_pages_mpol+0x1fb/0x550
[  713.078643][T16043]  new_slab+0x23b/0x330
[  713.079998][T16043]  ___slab_alloc+0xd9c/0x1940
[  713.081503][T16043]  __slab_alloc.constprop.0+0x56/0xb0
[  713.083216][T16043]  __kmalloc_noprof+0x2f2/0x510
[  713.084798][T16043]  switchdev_deferred_enqueue+0x2b/0x2a0
[  713.086592][T16043]  switchdev_port_attr_set+0xb5/0x120
[  713.088316][T16043]  br_set_state+0x235/0x880
[  713.089803][T16043]  br_init_port+0xc6/0x250
[  713.091245][T16043]  br_stp_enable_port+0x15/0x50
[  713.092820][T16043]  br_port_carrier_check+0x264/0x4c0
[  713.094524][T16043]  br_device_event+0x6a6/0xa00
[  713.096066][T16043]  notifier_call_chain+0xb9/0x410
[  713.097684][T16043] page last free pid 5984 tgid 5984 stack trace:
[  713.099693][T16043]  __free_frozen_pages+0x7fe/0x1180
[  713.101355][T16043]  __put_partials+0x16d/0x1c0
[  713.102862][T16043]  qlist_free_all+0x4d/0x120
[  713.104351][T16043]  kasan_quarantine_reduce+0x195/0x1e0
[  713.106100][T16043]  __kasan_slab_alloc+0x69/0x90
[  713.107678][T16043]  kmem_cache_alloc_lru_noprof+0x1d0/0x3b0
[  713.109555][T16043]  sock_alloc_inode+0x25/0x1c0
[  713.111100][T16043]  alloc_inode+0x61/0x240
[  713.112507][T16043]  sock_alloc+0x40/0x280
[  713.113875][T16043]  __sock_create+0xc1/0x8d0
[  713.115328][T16043]  __sys_socket+0x14d/0x260
[  713.116799][T16043]  __x64_sys_socket+0x72/0xb0
[  713.118304][T16043]  do_syscall_64+0xcd/0x4c0
[  713.119794][T16043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.121668][T16043] 
[  713.122449][T16043] Memory state around the buggy address:
[  713.124228][T16043]  ffff888032783f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  713.126735][T16043]  ffff888032783f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  713.129233][T16043] >ffff888032784000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  713.131698][T16043]                                      ^
[  713.133400][T16043]  ffff888032784080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  713.135857][T16043]  ffff888032784100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  713.138324][T16043] ==================================================================
[  713.140909][T16043] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  713.143102][T16043] CPU: 2 UID: 0 PID: 16043 Comm: syz.1.3398 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(full) 
[  713.146806][T16043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  713.150130][T16043] Call Trace:
[  713.151197][T16043]  <TASK>
[  713.152143][T16043]  dump_stack_lvl+0x3d/0x1f0
[  713.153626][T16043]  panic+0x71c/0x800
[  713.154864][T16043]  ? __pfx_panic+0x10/0x10
[  713.156297][T16043]  ? irqentry_exit+0x3b/0x90
[  713.157998][T16043]  ? lockdep_hardirqs_on+0x7c/0x110
[  713.159695][T16043]  ? rose_get_neigh+0x549/0x640
[  713.161246][T16043]  ? rose_get_neigh+0x549/0x640
[  713.162764][T16043]  check_panic_on_warn+0xab/0xb0
[  713.164349][T16043]  end_report+0x107/0x170
[  713.165723][T16043]  kasan_report+0xee/0x110
[  713.167143][T16043]  ? rose_get_neigh+0x549/0x640
[  713.168724][T16043]  rose_get_neigh+0x549/0x640
[  713.170197][T16043]  rose_connect+0x2d4/0x1540
[  713.171695][T16043]  ? __pfx_rose_connect+0x10/0x10
[  713.173287][T16043]  ? selinux_netlbl_socket_connect+0x30/0x40
[  713.175144][T16043]  ? rcu_is_watching+0x12/0xc0
[  713.176662][T16043]  ? __local_bh_enable_ip+0xa4/0x120
[  713.178309][T16043]  ? lockdep_hardirqs_on+0x7c/0x110
[  713.180299][T16043]  ? selinux_netlbl_socket_connect+0x30/0x40
[  713.182296][T16043]  ? __local_bh_enable_ip+0xa4/0x120
[  713.183954][T16043]  ? selinux_netlbl_socket_connect+0x30/0x40
[  713.185821][T16043]  ? selinux_socket_connect+0x6b/0x80
[  713.187530][T16043]  ? __pfx_rose_connect+0x10/0x10
[  713.189167][T16043]  __sys_connect_file+0x141/0x1a0
[  713.190786][T16043]  __sys_connect+0x13b/0x160
[  713.192281][T16043]  ? __pfx___sys_connect+0x10/0x10
[  713.193859][T16043]  ? dnotify_flush+0x79/0x4c0
[  713.195291][T16043]  __x64_sys_connect+0x72/0xb0
[  713.196808][T16043]  ? lockdep_hardirqs_on+0x7c/0x110
[  713.198440][T16043]  do_syscall_64+0xcd/0x4c0
[  713.199920][T16043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  713.201796][T16043] RIP: 0033:0x7f8ddcb8e929
[  713.203233][T16043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  713.209337][T16043] RSP: 002b:00007f8ddd9b1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  713.211946][T16043] RAX: ffffffffffffffda RBX: 00007f8ddcdb5fa0 RCX: 00007f8ddcb8e929
[  713.214469][T16043] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000d
[  713.216965][T16043] RBP: 00007f8ddcc10b39 R08: 0000000000000000 R09: 0000000000000000
[  713.219353][T16043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  713.221837][T16043] R13: 0000000000000000 R14: 00007f8ddcdb5fa0 R15: 00007fff82edeec8
[  713.224261][T16043]  </TASK>
[  713.225912][T16043] Kernel Offset: disabled
[  713.227298][T16043] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:08:42  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000579b53 RBX=0000000000000000 RCX=ffffffff8b80dc59 RDX=0000000000000000
RSI=ffffffff8de1a49e RDI=ffffffff8c157ee0 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08
R8 =0000000000000001 R9 =ffffed100d486645 R10=ffff88806a43322b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a81650 R15=0000000000000000
RIP=ffffffff8b80c7bf RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6752000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c309e4e CR3=000000004e646000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd16032670 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffff88806a642080 RCX=ffffffff81b001cd RDX=ffff888032158000
RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc90003f67510
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed100d4c8411 R15=ffff88806a53b580
RIP=ffffffff81bc1a01 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6852000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f9ca74e7d60 CR3=000000002b157000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000004144 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca69846a3 00007f9ca69846a3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff76921030 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555576e26f28 0000555576e26e60
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555576e40e53 0000555576e40140
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555576e25604 0000555576e25600
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0001900302e80800 400301d604003c03 1004003803000000 0608063003060400
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0108100004800401 000002080606015c f808080004e00300 100004d003001000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04c00302100004b0 0348100001900302 e80800400301d604 003c031004003803
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000608063003 0604002c03100400 2803000400240300 0200220301b80200
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 200304ddfeefe808 0018030785f4ca08 0010030204000c03 0000000804060803
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855bfa95 RDI=ffffffff9b088320 RBP=ffffffff9b0882e0 RSP=ffffc90003c77688
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3330383838666666
R12=0000000000000000 R13=0000000000000037 R14=ffffffff9b0882e0 R15=ffffffff855bfa30
RIP=ffffffff855bfabf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8ddd9b16c0 ffffffff 00c00000
GS =0000 ffff8880d6952000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555585251808 CR3=0000000054371000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcc11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcc11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcc11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcc11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcc11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcc11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcd84488 00007f8ddcd84480 00007f8ddcd84478 00007f8ddcd84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddd8ed100 00007f8ddcd84440 00007f8ddcd84458 00007f8ddcd844a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8ddcd84498 00007f8ddcd84490 00007f8ddcd84488 00007f8ddcd84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000009 0000000000000000 0000000000000000 00000000000003ac
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000004ec7f9 RBX=0000000000000003 RCX=ffffffff8b80dc59 RDX=0000000000000000
RSI=ffffffff8de1a49e RDI=ffffffff8c157ee0 RBP=ffffed1003c56000 RSP=ffffc90000197df8
R8 =0000000000000001 R9 =ffffed100d4e6645 R10=ffff88806a73322b R11=0000000000000001
R12=0000000000000003 R13=ffff88801e2b0000 R14=ffffffff90a81650 R15=0000000000000000
RIP=ffffffff8b80c7bf RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6a52000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f8ddd9b0f98 CR3=000000005feef000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000004090001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666c11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666d84488 00007ff666d84480 00007ff666d84478 00007ff666d84450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6678ed100 00007ff666d84440 00007ff666d80004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff666d84498 00007ff666d84490 00007ff666d84488 00007ff666d84480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000