last executing test programs:

3m45.992258862s ago: executing program 2 (id=241):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c080003400000000808000740000000310800064000000000780000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000004c0003804800008008000340000000023c00028035000100299246c8790c329b9b21c709e5bde740667dacbfa315d9435694f397a882b3f08e609ceb866040a2100c9ec9eac4261c6200000014000000020a01"], 0x128}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2002, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
close(r1)
ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000140))
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r8 = dup3(r7, r6, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r8}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/210, 0xd2, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})
sendmsg$nl_xfrm(r8, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=@newspdinfo={0x3c, 0x24, 0x320, 0x70bd2c, 0x25dfdbff, 0x0, [@XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xd804}, 0x80)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000180)=[@timestamp, @sack_perm, @window={0x3, 0xfffb, 0xc88}, @mss={0x2, 0x80000000}, @window={0x3, 0x6, 0xe9}, @timestamp], 0x6)
ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001000/0x1000)=nil})

3m45.902009708s ago: executing program 2 (id=242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x56, 0x0, 0x0)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000300)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m45.822787288s ago: executing program 2 (id=243):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000040)=@ccm_128={{0x303}, "79889565803eeec0", "8f5cf6426272a72d74c8ea4d22a03974", "3c81d22a", "3d6d2e1accdd96ab"}, 0x28)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000500)=@x86={0x8, 0x4, 0x14, 0x0, 0x0, 0x5, 0x5, 0x4, 0xed, 0x4, 0x12, 0x40, 0x0, 0x9, 0x8, 0x2, 0xa3, 0xf7, 0x7, '\x00', 0x8, 0x8})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8010, 0xffffffffffffffff, 0x7f8b4000)
gettid()
r4 = socket(0x1d, 0xa, 0xfffffffe)
sendto$inet(r4, 0x0, 0x0, 0x4084, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
getsockopt$packet_int(r4, 0x107, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3m45.642625572s ago: executing program 2 (id=244):
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2)
write$FUSE_INIT(r0, &(0x7f0000000140)={0x50}, 0xffd3)
r1 = syz_io_uring_setup(0x231, &(0x7f0000000140)={0x0, 0x0, 0x10100, 0x200}, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f00000079c0)={0x2020}, 0x2020)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

3m45.642328409s ago: executing program 2 (id=245):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0xc00)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd601823250008"], 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffc7, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x80}, 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_START_P2P_DEVICE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r5, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4004)
sendmsg$NL80211_CMD_TDLS_MGMT(r2, &(0x7f0000002a40)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000005c0)={&(0x7f0000002840)={0x200, r5, 0x2, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x79}}}}, [@NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_IE={0x1c9, 0x2a, [@tim={0x5, 0x98, {0x40, 0x1a, 0xba, "6523a8bfeac166ad801ea5ad413e482f8cfbd7d6bc0df99bcab802211e132737caee548c588ebf380a4398f9f7b8f9fdabd81b002a4cd3761093ec7adfb56267e45fdbd72a9f085ee1756cacb082bd15f65a7717b53f4c446412edf6806988ba23019ae776891d14ee4d383ebe84e37a017f78730cc39be13ab1729ad6f8ccac0b7d3c39f332998048eb6bffbf0aee71ed9b336c8e"}}, @fast_bss_trans={0x37, 0xba, {0x6, 0x4, "ac8cb732302bd71781ea5c485974110c", "2936fe07a745195bc0a63856d7a4b5263a9866da9c18d204880ebb2662eb3a37", "1383cb317d0902d0be2963334f9f6d3f19509d67596a9fb77a5cfc46b9dc5a92", [{0x3, 0x18, "37eb3c53b22c47728de54e6dd5e0a86d5617889f372ab250"}, {0x3, 0x28, "24f9b4bae9a0fc336aee1d258abda3280033f86ce06315870fa14c2d1ff56492bfa236073bd050b2"}, {0x3}, {0x3, 0x20, "533ea92102839a1a2f26b9005e05e0794410b8564ecff01391acf022e8154665"}]}}, @tim={0x5, 0x6d, {0xf8, 0x95, 0xfc, "efc04f8fc331f6d459ace2dda0dd11aa13eecf90f1d02336455f012eab818b3746ffb6388f94623470ba3a14e2e376c97de6e2cf31c51cdd4acb0408b7fa1d3d90996fc1f1f854dee2aa7ee626069432a6c32528857487109dea7a83a9a2dbffface8558fc627dc30876"}}]}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x1}, @NL80211_ATTR_IE={0x7, 0x2a, [@sec_chan_ofs={0x3e, 0x1, 0x2}]}]}, 0x200}, 0x1, 0x0, 0x0, 0x4}, 0x4000040)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r9, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000340)={r10, 0xe000000}, &(0x7f0000000380)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x6, &(0x7f0000002780)={r10, @in={{0x2, 0x4e23, @remote}}}, &(0x7f0000000040)=0x84)
readv(r0, &(0x7f0000000540)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000000100)=""/138, 0x8a}, {&(0x7f0000001680)=""/198, 0xc6}, {&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/115, 0x73}, {&(0x7f0000000300)=""/122, 0x7a}], 0x6)

3m45.403155025s ago: executing program 2 (id=252):
socket$netlink(0x10, 0x3, 0x10)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom(r0, 0x0, 0x0, 0x12000, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='projid_map\x00')
preadv(r3, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x80, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000003c0)={0x14, r2, 0x20, 0xfffffffc, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x20004010)
r4 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r4, 0x1, 0x10000000, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x2, 0x800, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x24008004}, 0x9004)

3m45.348293432s ago: executing program 32 (id=252):
socket$netlink(0x10, 0x3, 0x10)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom(r0, 0x0, 0x0, 0x12000, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='projid_map\x00')
preadv(r3, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x80, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000003c0)={0x14, r2, 0x20, 0xfffffffc, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x20004010)
r4 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r4, 0x1, 0x10000000, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x2, 0x800, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x24008004}, 0x9004)

3m13.578661967s ago: executing program 1 (id=823):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x6, 0x2)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0xf00)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f0000000180))
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="5400000010003b15000800"/20, @ANYRES32=0x0, @ANYBLOB="0431000000b401002c0012800b00010067726574617000001c000280050017000000000005000a0001000000080001004408"], 0x54}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
r4 = socket$inet_icmp(0x2, 0x2, 0x1)
r5 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x80080001, 0x3c0d43)
pread64(r5, &(0x7f00000003c0)=""/58, 0x3a, 0x4)
getsockopt$ARPT_SO_GET_INFO(r4, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x0, [0x5, 0x22c10d9c, 0x10]}, &(0x7f0000000100)=0x44)
syz_init_net_socket$ax25(0x3, 0x3, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x0)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
read$FUSE(r8, &(0x7f0000000700)={0x2020}, 0xeffd)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYBLOB="040e06006220"], 0x9)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x800000, 0x4010, r4, 0xbd098000)

3m12.702928215s ago: executing program 1 (id=826):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff000000bfa30000000000000703000018feffff720aa9fff8ffffff71a4f0ff0000000072030200000000131d400500000000004704000001ed00006b030000000000001d440000000000007a0a00fe00ffffffc303000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7109000000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e50002a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de5c028d6112a0c2d21b2dc98814106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c53218294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb118888876b617398d00a7526103ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e08b7ab6cd9c65ba55f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddc42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293d364b9effa9a9406ac2683e231d4774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479517dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a79e59e1712c8c546768e5722da19fcdb4c2890cda1f96b952511e3a49d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767987d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c32040098e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1be62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee07751532d5e7d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070f66b2b388f0f744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e2fa3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef907000000f01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e015cb56119df72c7533a48d028a3a981463f25c068d4410dad0c74e2a9478fa3be18a1a27bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb581012fd7a8139166fd5e59c84f4ab07001b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe293308b2a146f12a4c205235924cee765d94b1cc06641247c773ab8d1abbeb03ea68"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff11, 0x0, 0xffffffffffffffff, 0xfffffffffffffea5}, 0x48)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x1, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r5, 0x1008, 0x3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_LEARNING={0x5, 0x8, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x200404c1}, 0x40000)

3m12.060738423s ago: executing program 1 (id=843):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
add_key(&(0x7f0000000080)='user\x00', 0x0, &(0x7f00000008c0), 0x0, 0xfffffffffffffffe)
poll(0x0, 0x0, 0x7)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f00000000c0), &(0x7f0000000180)=0x68)

3m12.060579167s ago: executing program 1 (id=844):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0xe7}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x8}]}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1a8584c, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000300)=ANY=[@ANYBLOB="0180c2000000bbbbbbbbbbbb86a9c79bbb624bdd6a01a60000081100fe8000000000000000000000000000aaff0200abcbaebc0000000000b4e138a2b2623da507e580248c2cc79243ce7dc609b9e42315f1f2406c3be9cba66b4985e1f9fa850d0093e8515b273c62755f1ae0bd9cd697a1eef6206a2412efde35325ac63a1e4e9ea1f0d1f9853bab46f0b5ffa00953ad2f0bab10fdacc8471cf37908038c2d9b31451e0ee191c66b09662532e80054b923b322"], 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), &(0x7f00000002c0)='./file0\x00', 0x8, 0x5)

3m12.000262935s ago: executing program 1 (id=845):
mkdir(&(0x7f0000000580)='./file0\x00', 0x0) (async)
r0 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x7, 0x7fc00100}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000380)) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000100)) (async)
timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
timer_settime(r1, 0x1, &(0x7f0000000080), &(0x7f0000000180)) (async)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) (async)
r5 = syz_io_uring_setup(0x497, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) (async)
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) (async)
chdir(&(0x7f00000000c0)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
r8 = syz_open_procfs(0x0, &(0x7f0000000280)='coredump_filter\x00')
write$cgroup_pid(r8, &(0x7f0000000140), 0x12)

3m7.792490011s ago: executing program 1 (id=900):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x24, r1, 0x121, 0x20, 0x1000080, {{0x21, 0x0, 0x11}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x8}]}, 0x24}}, 0x4004050)

3m7.753141065s ago: executing program 33 (id=900):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x24, r1, 0x121, 0x20, 0x1000080, {{0x21, 0x0, 0x11}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x8}]}, 0x24}}, 0x4004050)

2m44.230798541s ago: executing program 5 (id=1260):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea0900bce100000000009ba56a", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
socket(0x2, 0x5, 0x737)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="40000000100001002bbd7000f4dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="10663ac68d225e7b300003006e657464657673696d3000000000e3ff0900008ab300000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x2040}, 0x10)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='vcan0\x00', 0x10)

2m44.151444261s ago: executing program 5 (id=1262):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'})
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="0f0006120000c300096642dc44fe04348573c08129a0c72bc365f785a6dc46f4ab0f3479b26fdc29d8e56de6e2e30f6dcc797f98f084a70c2f7e5c1a55b4f745c7d133458abee5d00f83"], 0x9)
socket$kcm(0x29, 0x5, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
syz_open_dev$sndmidi(&(0x7f0000001000), 0x0, 0x400)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0x5016, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000010000580"], 0x48}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00'}, 0x94)
syz_emit_vhci(&(0x7f00000013c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x1, 0x1, 0x2043}}}, 0x7)

2m44.151090117s ago: executing program 5 (id=1264):
r0 = socket$pptp(0x18, 0x1, 0x2)
unshare(0x6a040000)
r1 = fsopen(&(0x7f00000000c0)='cifs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000040)=0x1)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, 0x0)

2m44.042525631s ago: executing program 5 (id=1265):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000300)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x40000, 0x2)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000100)={r0, r0, 0x0, 0x0, 0x0, 0xc2, 0xff, 0x15c2, 0x5886, 0x6, 0x0, 0x8, 'syz1\x00'})
getpeername(r0, &(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback}, &(0x7f00000000c0)=0x80)

2m43.180892637s ago: executing program 5 (id=1272):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x0, r0}, 0x18) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x29, 0x1, 0xac, 0xa, 0x0, @mcast1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x7800, 0x7, 0xfffff800}})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1)
ioctl$TIOCGPTPEER(r2, 0x4004092b, 0x8) (async)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x48001)
syz_usb_disconnect(r3) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902"], 0x0) (async)
ioctl$EVIOCRMFF(r3, 0x5501, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r6}]}}}, @IFLA_MASTER={0x8, 0x3, r6}]}, 0x40}}, 0x4000000) (async)
r7 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
accept(r7, 0x0, 0x0)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x124, 0x124, 0x4, [@fwd={0xb}, @enum64={0x4, 0x8, 0x0, 0x13, 0x0, 0x1, [{0xd, 0x7, 0x7}, {0xb, 0x1, 0x81}, {0x3, 0x4, 0x5}, {0x9}, {0x9, 0x0, 0x80000001}, {0x9, 0x6, 0x8}, {0x2, 0xfffffffd, 0xfff}, {0x7, 0xb, 0x3}]}, @typedef={0x2, 0x0, 0x0, 0x8, 0x3}, @restrict={0x4, 0x0, 0x0, 0xb, 0x4}, @enum64={0x2, 0x5, 0x0, 0x13, 0x0, 0x1, [{0x8, 0x2cf36952, 0x2}, {0x6, 0x7f, 0x3346}, {0x4, 0x5, 0x10000}, {0x4, 0x6, 0x1}, {0xb, 0x401}]}, @var={0x5, 0x0, 0x0, 0xe, 0x4}, @struct={0x5, 0x4, 0x0, 0x4, 0x0, 0x5, [{0x6, 0x3, 0x1}, {0xb, 0x5}, {0xd, 0x1, 0x8}, {0xa, 0x1, 0x9}]}]}, {0x0, [0x5f, 0x30]}}, &(0x7f0000000040)=""/26, 0x140, 0x1a, 0x0, 0x1}, 0x28)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x12, 0x6, 0x10000, 0x10000, 0x8001, r1, 0x2, '\x00', r6, r8, 0x3, 0x2, 0x1, 0x0, @value=r2}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r9, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) (async, rerun: 64)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000007c0)={r9, &(0x7f0000000740), 0x0}, 0x20) (async, rerun: 64)
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x4b52, &(0x7f0000000000))

2m42.86242663s ago: executing program 5 (id=1277):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
sendmsg$sock(r0, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e21, 0x41d, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x24, 0x6}}], 0x18}, 0x4004880)

2m42.830274812s ago: executing program 34 (id=1277):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
sendmsg$sock(r0, &(0x7f0000000780)={&(0x7f0000000300)=@in6={0xa, 0x4e21, 0x41d, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x24, 0x6}}], 0x18}, 0x4004880)

2m40.452264963s ago: executing program 3 (id=1314):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000000))

2m40.379586302s ago: executing program 3 (id=1315):
r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001a00010000000000000000008180800000000000cfc3ad1514000100"], 0x30}}, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000200)="b107016b474388815ab4f4b99fcc946c1e9e3d1288703bb615076962a6262ec4d8253df8bd64d5fe00c8abe90917d2ea0742daa58ca6311a7f00660208bdb240aa22ec828e3baa6807330201952298ff40c2a344e9aaea4b0cc4293776cbcbc9322aec286554007e5419cf0b9da977f660ca3e00000000000000", 0x7a}, {&(0x7f0000000000)="23932b6589be6d2bb6c9ea63a7469c676a5e1b268a51e6cab0746813387c53f21b66f723991974fdde9011bc80647b848f4d2b7e488fce186c87bab97a9a92b74d7d2709000000653dc3d70f41d7aa3fe571b9dd484341ad2074b62c750132a5dc5d4cf8993efb7aab82f9aebd0e0e9fb5d951c39e36588cb6", 0x79}, {&(0x7f0000000180)="a5271fcd6cad7369ec7a26b933bddd94a17f7765d9a890a0d5aab74b5997310100000053474171e0d49bc1ae85bb2101092f88ecf58a39078a6af6f8460c73079fb1a7c5226129452921be0d2eefb3a1382a970476527a274c82051f1f3c0453cb959572a9", 0x65}, {&(0x7f0000000480)="441f80b89173548020a61ea5fa6fadac1238a791afd22a616afd504ff044dffc39b48810af4bca37065a4a9b0e3be7e29421e5cafd530728b051bf3f46d5fb868849ba154091f12febefc71d660ed0f879b64b640bccebac4bda11b2c266a7b7ed88908927ca49091d939158fa44268e679084ed7d9bd9be0d47df55e3dd61df810c34e11861ee20fa13158d8c2daedffa19ec4944be908f19c988660904a4994d37db826af33065c6be7798e84f7d3c2c6e418402e754e9b48b42a1692db57787ddcfd765ce9e46c542f00b34f815f216aaafce6b84e909e3ec2a8a30246d162bc4bb399d3694f072896f363f19f63ce7bb40a43be6e61b17a69f90d134448e6e12eb0853012da57177be1a227c16649aba2547caada20b5295776fdf57e2d14972a969aa15d348e749b7fc1ddf1600dc68d7d31d77b7278460b2241823f39c56b967dee6734e4e3cf7834575ad457d98f06e686081f487a66c1bc87e72a59e0c2e03c311ea01207c7a4efbbaa93307b2c62f2654d27c57946146633d6a0f597bb854cdc3d0cef5f25d18f0a0b378e77f3724556345035d9a7f6e0849a827ab0c77f3f708f670f588e0e0256e6e7a68472e27c061e2b0d29fda8f3102ba9637a38d5a90517dd6b01b8e02296429", 0x1ce}], 0x4)
r2 = userfaultfd(0x80000)
ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
sync_file_range(r0, 0x3, 0xd, 0x6)

2m39.999335199s ago: executing program 3 (id=1318):
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
epoll_create1(0x0)
sendto$inet(r2, &(0x7f0000001600)='\t&', 0x2, 0x11, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40001000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2m39.161268113s ago: executing program 3 (id=1338):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0x28})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r0, 0x0, 0xe, 0x0, &(0x7f0000000500)="05dd5050d38f47beb1383e2ebad9", 0x0, 0x8700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50)
r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000080)='1', 0xfffffff2)
r4 = syz_io_uring_setup(0xef4, &(0x7f0000000300)={0x0, 0x1c22, 0x10100, 0x0, 0x0, 0x0, r3}, 0x0, &(0x7f0000000440)=<r5=>0x0)
openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
readv(r7, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/6, 0x6}, {&(0x7f0000000200)=""/229, 0xe5}], 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6(0xa, 0x3, 0x1)

2m38.852402981s ago: executing program 3 (id=1346):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000200), 0x8, 0x200000)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000002fc0)=ANY=[@ANYBLOB="0010000007000000c9c200008fe20b072430f77523a28036988072a8e6410dc3174641d164da0401deac6dc63cc96296ef2e5935b5008a5d06af8dd7573ab2d5607964ca98ebd6f910212694a6ff8c758ebe740192d92e1b006c9260044ac467eeeac7416bc4a280ec07b2e82b6a09ddc454afbdf7b27bdbb6ac0a2e7eb35498f4e4f9e4cb6c03f31e0973e969851fb025bd34431bd573444d83c8f481bd74446ef7e75b551ee23f0de6a2038287c6708d483c304f433d6a1f7fe2fb7c15e9a86990037742b64475b3191d86d39d2634509d9bf2db19d9fe3dfb02833460cf2d25002fdabf4112596828127fd1791dc49a4318a9f698b29c01fe775dc44ce1afaee5cde9cdc9a2fdbe70ea90bd54457bd22ecd88c05bfad2ee9412540f1532dcbc890910258b628ccced034410e027a016ca38de93904af0b4efad9d8a088b7258997fa1e6accf20a78389ea3f4d5a76d51bab40e8c44873904e25ebc6b323cc5c6276a11a079a9139616489904fb94755a58ec2d65d655c59ed18b3843f42b168c06b2f846334ac4647294bd2b88cc9096156dc9f7676a4298083dd12dbc98e92645b9a1a9dd5b12352a8f0a5347d8fb4a1f35d6992c08fa8b96f31cd2a1be6e223e5b4e58c23c4dfc111571e42373f2e4a9bb90464acf1d04a53fd7e6028205e05c3b403e9ddc5ffd9d719a8478a5c3af1c109745aa067fb0bc12e4bb5c0e03cbe16ebbcbbf517b965313bd9496b90bff9aae000edc31e1d85639db6b188d68f335a9386a553621603e30cf253fe17ded1239cf0d1e8f22e15fc11e2122243cec922abff718938bb421aa5d2ed6987d9b62537a3dce5b71e12a9e0b83dcdbf89daf661def5350550f65bb4ced1bb47fd53d79a449a3e3211ab0a4aca9d12d18e9676f39dda5f4308c6b3557ce7d632dfc1f5212f0fc13b5bd41e8185848eed426e2beec8767086c64f142add9e51574d0666ed7449b8d61eb6b3ac3a6a9b6b7a7be25e210b13ac965ba29b9cd708e03a91e0dc676167da70e9ef900a73db2b24272f66260857cbfb4334bd829e114edd9348df8a762e2b49c7ce58d61d8bf953224c16285699ae4d9e0f44b612254d2878ee662efa2615969c60ad50c3f1d51fc371ec96456276373b0c373bdde5d9742a2636ac5fa4915e1887186cc18123180dace2dd022b501a4194cd8bffd6bd87e6731843b10d8b3633a0def1b39d186da6a0f20046d9a42709a36634fdb9a0ee5662b7bdd9c72499634b6bc900ad77d10763fc26a6270b2015ef1b2bf13d299bc6740a84e8cb1333b6633e5d08592ecc5f63dbceff2f69bee5bf5ecee0fb6309eeae14b210e900d4eb3bdadd006badbac4a880f50fdaf238823f43fbf4b2f011083db8bb87676c99af0e27dade8870a0a6c065409c0dae219a34c248973ce58d7a03cedd9cac804c7f2146994c2da3b3392e637c5f28517df1b8738d53ad409a4680b6a9e8e64267bdcfdd6fd1f808710d2cd3f352be05d6a8f37ff087021f20ba7c7550433733c18b388b9763fe44de38df291f8924a46a35312f5ff71ebc15d917203d7e69265cdc6fe0834be0127b9dd230d439c9c7f0676e79275c445d121787a1dfc364f72a8aa75a17bdd448d448e9e85c103cdd277d6f3ebec8188c49f4a354ce0effff201d26d22d4e340cf3be71747c0d2087564d5b362cc78f33e5f19606b8b4b64e7b68c5779b9c9f843eff508d09e71539f7309f09ab98486801925eec1b3342ec9e43cd09e10ec5408787fbdb921acb6f324d048b0eb011683196c7f07402d86982401cba46d7857f53b968cb454d2372d060a9fee5eaa47baa1a26a2ad35364707309ef2de28bf27bb7ca4a2c1bc957c9d09586bb477b1339951ea94355a2d2fefc638fef2cbb327464f21a37da80f3277f649bb2aa8b2dcd7271769a04db46d6b388e074debf071de61ef4077d72cb7c56c2126f3a899088a6a04012bfb4e5f645114bf3d1831632083031de7423a9c3337c1e238fd964973fa7f964801a19bf5ae95dc0040ec309af6d78156fa5fb497b5ebb2d1030bbcf367d7b525899856baf72b4de9c9dffcda86e4964c9258de571fcffa75553c8edaa0b60d66d10baf9d429b690a59101a70658f8492433f62018e5ef8fa1e386106fc9280c35e2eff26968b619368dfddc7947296efa46b974e419fea9a413a8e6e01cd1bdb2e4ef85e0b3b87ff51985e3f539b1cb288286ec946749ae69019d030f935602929282f2bac30324a3de852d959b72b3142094ec9248881952fb040a14a1eff402a285bb1983de208584c6515058b93c9c89f325e24ab1b5bfa2b8ab85e1898285d199374944990f7ebb00a16b73ef754e900240857d005474038511e9df954611e76fc286cc259463642758252239e206ca50bd027def5d41efc0109b11614ffc021bb9007966efdb115875ac598abeeee5188bd297153a92d27f2146127c45ab18a8268ff79e6b74a9e10d7c489131ea2ae332d0c815a3223e5590e13b95e932c995f7f28608b472f2b2c1f77700e8de3e5854c81ccb728239bc4cf5d9b2a4aa6f2e7ff14b93b873ac6788dbe8ed703f1684528fd15e71f48ba9af19d3fb750f475c6b1974f55a8acd0a0582cd4c87bf5995b7c2f373ee35ba519e8a14a2c2d09ac8b8fe6dfcf581aaf04f90a15634d639cf9bc5b9722cdacd4f7803ca838c9ff10a663fd1689441b21e6075c00d955bedab79dcdfffe08a91e4a5c004b73528119f0eb4155c3d1fa677ea1404076fc7150edf37128ed02f912199c99bcc4ecd5d911445e2f2be0c58fdb63f9f18eeb2c78e628b22dbee00844fd52f7e7fa8a5e07891797baa0f25ec7c3a63d4eb5dad2e8ae6cdb904775187f0e06954dbdb92ae2b1e44d94110a565bd114bf3da4e1c2e9819a1e537f4fe5941058f2e031156bda328e53eb1e93f72d95982539a07c78ceb581081f754ab4f4e8bda2844a06ce0e2f90c3c8a11943ccf5a80ea10588c4671f402f622aff8022d2fa8f57775510904a74e10dd69ceaac9726aaf4bff10891caa6c2396dae5a3739d099a0facd2ed1791093a91d05c626f1919c5cfa05f8e29773660b134a1b585ac0f16ed9edd797fd1a5deb52df3cbd2a027eed0663cdff4a3bf0fbf7a3142c7cb65bd0e31573c3ebf2813a09c8bf3f80a025cc0285305430464f5f281f272d858c8b083835ef7a8b250b50473a7b921aec04c0ed7a71422574c8a1d05730551baca762570daad72fefa42daee46e6ce02d7c92762a7c8428e726c216642ef47b3ebacb0eccbfb8be9f971f5d3166f994d179ae7038abd9d8e4a4db45e42ba21b84e9aef7c9eecc78e3a8fa34d672784f994725ed4a80b5c5792ed39f65a257ea975642ce12091e99422689713db9deb5fe93efd79fb69bd7799f0d2d4e0df8397b0b2f4141bebfb9ee428708cb4a8581dfc380a00f866958b4d70c36db949d29e3fae185f81adf01df2d00fcb18ad2a84f35b820703d2c3faaeafe447eb404381f9cd969369a0ce3a5e00ae499ee40598662e75fc9f4421b06a1863414de228de43d1e895d1c5222dd1a47df64c760f6859d326b364c79bea647f257a43a55e8d8c7bb5dba7a6f4bce9312fed1a3a3a89cc6984d98636ea82a5622ceee24e568517e6a85e8526a8621fa405faf20f2e15118cb0f6dfbeb98832f72835723f5e4c0495fd6226634f0709e44cda4abee4959d39f88c9b29c385474ef704c55817fe5e704df172c319a130d40def5c1746caad5fb2391fc8ab9b796a6d956d2c937a8dec504427ae82a2b65bea1247ba2905eb4acacba0f7441c20db7d2bcc0324224640e866e1db6fa1b7d78257aa889463884ff6a49603a20314258007dd35ccd38a6ad0d300087a121b8c19b2e2a4b2be2145bca71c765b2a6de4eb83fd02711f2265cb48e9a6e53afafbf8bfb3acfb429403824813fb4c688e82d91fbbc2220e7f4761f43cd4a941c9299d29461655866c6cd1e2abac4aa3bca8bb612fd1f59036da9aec15b4e612a6560eb8d2ea5868d1e80efb53c83b0d681225f87dda67f6d595001ffe78611a4d377acfeea3ee2e98036da47658ba9b8126f9bfdf9c69bf1bb2aad33a0e28bdc8123d4deb836aefc775e2f5b9b5519c1d623a40cea3cb22676e4c7e349ba2a50d7f4d73f50669ab0564ffdaf1b53ccce06aaa2cdc797277a0dac769a868857eabd428e44350fcc8a4a51580624e32f28ef1cdec8d293219c7a52127367fa7d47bab395ba5c895b61277e4cc3cbd801402ee510a82764c63712559c89318153f42de61903c45207d573c66b3bf8f2222abbe69b209964b3ae0bc5313e614193f489e5df1ccd657256a014e75d700df47e1ad61886999985f43f2f03b9379d6a8b45af24a45357a6bbeacd72a203775402b09975c9b0bc89c3aca8de0c085f60cb1d608627e7d42c1c9fc5864d79a62c58972b1be753d217a9a5ddf055b7b05a3cca10413ea1a163628a09c210a1490ce2fe5011f8c321882c66fd4681c62277130136d3c5ffcc8dcaf28651c2cee23d59c25a4bfb343526e4102d7264e30bc36b13d34e4ebc11f0fa1a95752837bedccbda2d8ee4c6b4f5b48e29688538bff63d68ce129f3c3e3df7989de30efe21b113ed930a688393313a262bc0c7acf60366fed00a8c4bb7c27be3bf10acfd734361acffa3d93507776ce3fa3589f1f20ea0a3e06043aadf9c37ae760e91798273d64c8a62b2799a9d1804ad44e8e4112eac40b50442d2c47c994f0aa1ca1fe94348dafeeef5cc644acc189f5b0c11572604c13c94b09964e5c9fcd0291ec0cee848f9af5b434908bc2093bf0854980dc2bef269c07d4cab38dd76c408aa1a62ec25c780233e5efaa5d10b38ca1e5f02737143e9de409d4aafa7ad55b2830477f8f83660bdb16c7e39e61bf3863949df8611d06e593639171ea71aea74d7f08cc4d5daaed048155802ac24c7c8160bc39b5deeae0b461b74b06c12bd8504da5180cd610ddbfddcef64b4db5f802dc828718908c5d35ace1e44888924dbdb1a79c40911a19dd1237232cf2859599634545d00a33b44d8e90191c1bd3c015a6c211afebd82a932d6cb7c168ac1ea768bf6c92d8ae144bf3cd4fbc596507110c0e6525c92515d2ca699fc8fefec93d24c72de712ff301b247d339bd9384da53ff3482e2ea5d5d2d144c13f18f2e0f8b5f54c2712ed8cb29a9bb5f5c347a1c79618c8cdc950af05916d2a0780c7a7d3f4884ee31d4ec25769605b6909e7edace95b405240bb8b38efc260e5c4f8c62bbe265421558bd87a485989bd8aca241ffdf75381e3deb55ad0850c0c4850b402c884ac98ee61bed71ea78ba8db5e7d86a5f18a699ae00a6cf68a4a1166a583f4c265165810334d2dac969b9563a2d214f0f068133e454c0088ff50354b5fb88bee7dee4d7dd60ef59e3146d4c659d8291551120372e31200a8ddeb620eb26c13919635e83ccd021e67114c314b46ecfe8983d0ab6c1944ac8536d0e22f057181e07c44d512c9cdda9e36915df4e0099904590d38b70d3cc37babf3f1db7c90dcc450dd426c24ba0070cb084c2679ebf880dd22a0efc918b44c447d4630a7963018b8f39cd929a4dc21e936bf082ae459c298bccc830c2e1f1dbe0d1ce2ff98aec25bcb8c7619f694cf3e2f00a2c79aa2289caad3bc4b400d1ad41b82e98b4f6d90da2342a87fd68a259402d37888db65a8f7470910f095a4c6c9049c5c57f06376dd38ae9838c414419174b4f6c1ddb44c31e4a9ce2c0e63f590350d54ac0676b2e961852a23d8afa1fae9d1d3f2ad2784babb3bf86aea99787336a1fde43f95e9123f90dd58a6302fa2ca5a2548bb2dacfc5c983ae57a957cdf2"])
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
clock_settime(0x0, &(0x7f0000009ac0))
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000380)={0x200, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0300000000000000140012800c0001006d6163766c616e0095e5028008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3], 0x44}}, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40086602, &(0x7f0000000000))
fstat(r5, &(0x7f0000000340))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r4}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc4740a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeadcd3641110bec4e93a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b900000000c52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2826b73323301b4bc94d0e4afde44867d71049a7c89bc617e215571ac910d8005000000000000006c34d2342806960b6bcb00000000000000000000000000113ee640b9ed0304a0bfb125204d30990361bf45ef45277a167cd2b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92000000000000000000000000000091bd1a7398248ed5a93752567682bbda235299fd8a7d447ecfe6a09c3afee6afa0d15522e81f28c3fc11fff52eb98cbe889bad6c2965dd2c08041fd7049803012b92030d3e64632cef321315e1c56dd531eed7af48"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r7 = socket$netlink(0x10, 0x3, 0x9)
syz_emit_ethernet(0x4a, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd6072a6af00fd6cbecda345518af800000000000000000000ff0200000000000000000000000000010000883e001090780200000000000000"], 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f00000017c0)=r6, 0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r8)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000001fc0)={0x4c, r9, 0xd55319eec59dfa33, 0xfffffffd, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x0, 0x1b}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'dummy0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}]}]]}, 0x4c}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010)
sendmsg$NL80211_CMD_SET_QOS_MAP(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001d80)=ANY=[@ANYBLOB="cc000000", @ANYRES16=0x0, @ANYBLOB="000327608b87f3b0d2d65b10fb0008000300fedb1f2f8eec1fed415e540ea4abf268d4270091a8ce9bcb05f3cdf3fba8e5a39ea2bd58868bb5cf192e853c1c993645098f2da70c882ff4b70e46958377440e370998085ab1b310e14eab0a63ce1951314682c74c6e64ab18365c0c2278b58404bdef5e9ad25cd3c0cf44c894d16ae7ba7294c39cb9f26bfdbb3bda81dad284582a8cf5503f45e7d941415ddf4d9a78703578579ad1a933d2655fd52d3007c3005ac7a5948aa884fa307ce7d64c76a5369ea2bbf58ff2f63fcf9a800cc6943b81f57f2bd701f3093b1f512cf2a27e76e14fd41a8c7ac39c23808a8094373eecff7759fb34e2e29832d166adcac4692cde7f560b0499ee575f72941c4c97f1cc57377d05b5ee73bacb4dee02ed0466f35b403e062b837082851ebdc71a7e1027c65eb2f64d592c83cfe00bc93e7804d4bde37e4443edbb1b4a7b89d0046f", @ANYRES32=r10, @ANYBLOB="2400c7000403070732055b04080705070904ff060302fa0101050400f9b93ab206cdfede3400c700010308070200630404030b0621006801010500000f06ff0006030d040800a00779050700020637003ce8f7a2f78aab450c00c7004fe1ce8c7358a43a0e00c7000904902374b16d65cde800001200c70004059e020206fd62806e378dfdf500001400c700000204034c0506044ade4db67dd60e0b1200c70009030000d90300000000810000000000"], 0xcc}, 0x1, 0x0, 0x0, 0x8000}, 0x20000040)
syz_clone3(&(0x7f0000000380)={0x2140280, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101040, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f00000004c0)=@newchain={0x18a8, 0x64, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x8}, {0x4, 0x5}, {0xb, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x4, 0xc}}, @TCA_RATE={0x6, 0x5, {0xff}}, @TCA_RATE={0x6, 0x5, {0x2, 0x7}}, @filter_kind_options=@f_route={{0xa}, {0x1860, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x1, 0x8}}, @TCA_ROUTE4_FROM={0x8, 0x3, 0xb7}, @TCA_ROUTE4_FROM={0x8, 0x3, 0xb4}, @TCA_ROUTE4_CLASSID={0x8, 0x1, {0x7ddf07d2dd148afc, 0x5}}, @TCA_ROUTE4_TO={0x8, 0x2, 0x3f}, @TCA_ROUTE4_POLICE={0xc, 0x5, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x7ff}]}, @TCA_ROUTE4_POLICE={0x1828, 0x5, [@TCA_POLICE_RATE64={0xc, 0x8, 0x6}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x4, 0x80, 0x8, 0x4, 0x2, 0x20, 0x0, 0x8, 0x7, 0x200, 0xc54, 0x7f, 0x0, 0x9, 0x80, 0x6, 0x9, 0x4e26, 0x10001, 0x6, 0xa1, 0x7, 0x6, 0xc00, 0x1, 0x0, 0x3, 0x2, 0x5, 0x4, 0x1, 0x4e86390f, 0x5, 0x2, 0x9, 0x2, 0x200, 0x7, 0xe05, 0x101, 0x2, 0x2, 0x81, 0x7, 0xb, 0x9, 0x7fffffff, 0x2, 0x6, 0x7, 0x1, 0xf, 0x42a3, 0x2, 0x39, 0x8000, 0xfffffff7, 0x304, 0xe2a, 0xc2, 0x5, 0x2, 0x5c, 0x0, 0x1, 0x5, 0x2e81cf3d, 0x8, 0x3, 0x3fd, 0x7fff, 0x1, 0x7fffffff, 0x1, 0x9064, 0x2, 0x2, 0x2c, 0x7fff, 0x0, 0x5, 0x4, 0x8, 0x4, 0x1, 0x3ff, 0xfffffffc, 0x8, 0x9, 0x71, 0x4, 0x1ff, 0x3, 0x0, 0x0, 0xffff, 0xc00, 0x6, 0x8, 0xffff, 0x9, 0x10, 0x4, 0xb, 0x7, 0x9, 0x30af, 0x6, 0x40, 0x6, 0x0, 0x8, 0x9, 0x9, 0x8, 0x3, 0x0, 0xfffffea7, 0x558, 0x6e07, 0x5, 0x6, 0x1, 0x7, 0xe, 0xd68, 0x7, 0x507e, 0xc, 0x8, 0x2, 0x10001, 0x0, 0x5, 0x3, 0x5dbb, 0x11, 0xf, 0x2, 0xc, 0x0, 0xffff8001, 0xfd, 0xb, 0xffffaf0d, 0x9, 0x2, 0x3ff, 0x7, 0x6, 0xd1a2, 0xa68, 0xa, 0x24, 0x4, 0x6, 0x80000001, 0x804, 0x1, 0x8, 0x8, 0x913, 0xfffffc01, 0xff, 0x3, 0x8, 0x6, 0x7, 0x2, 0xfffffffa, 0x1, 0x7, 0x9, 0xe7, 0x1, 0x8, 0x1b6, 0x0, 0x0, 0x3ff, 0x8, 0x9, 0x2, 0x6, 0x2, 0x2, 0x1, 0x1, 0x2, 0x400, 0x3, 0x0, 0x8cb, 0x1, 0xb90e, 0x1a, 0x9, 0x8000, 0x7fffffff, 0x8, 0x8, 0x401, 0x80, 0x17d, 0x3b18da74, 0x800, 0x9, 0x3, 0x200, 0x10000, 0x1, 0x81, 0x1, 0x0, 0x7c29, 0x3, 0x9, 0x3ff, 0x9, 0xfffffffb, 0xb028, 0x9, 0x3, 0x7, 0xd93, 0x6, 0x9, 0x6, 0x7ff, 0x1ff, 0x8000, 0xc, 0x0, 0x8, 0x1, 0x9e, 0x4, 0x6, 0x3, 0x9, 0x5, 0x4, 0xfff, 0x371, 0x0, 0x81, 0xcd, 0x2, 0x401, 0x3, 0x7, 0x3, 0x5, 0x4, 0x8, 0x7ff]}, @TCA_POLICE_RATE={0x404, 0x2, [0xb7, 0x9, 0x81, 0x2, 0x80, 0x200, 0x80000001, 0x81, 0x800, 0x6, 0x7f, 0x7, 0x4, 0x0, 0x0, 0x4000, 0xa, 0x9, 0x3, 0xffff8000, 0x5, 0x1ff, 0x6, 0x8, 0x4d5, 0x2, 0x80, 0x0, 0xb, 0x3, 0x5, 0x26fd18ca, 0x7, 0x2, 0x1000, 0xfffffffc, 0x2, 0x8, 0xffffffff, 0x9, 0x0, 0x6, 0xc, 0x4, 0x8, 0x1, 0x0, 0x4, 0x6, 0x2, 0x7, 0x1000, 0x80000001, 0x9, 0x9, 0x3e, 0xe9, 0xea56, 0x6, 0x6, 0x8bb0, 0x1, 0xe, 0x1, 0xffffffff, 0x67, 0x79, 0x8, 0x6, 0x2, 0x4, 0x100, 0x8, 0x8, 0x9, 0x6, 0x9, 0xa, 0x6, 0x0, 0x2dd5fe82, 0x5, 0x4, 0xc1, 0x3, 0x99, 0x9, 0x5, 0xa, 0xfffffff5, 0x62b, 0x63, 0xffff, 0x8, 0x0, 0xfffffffc, 0x2, 0xb10, 0x10001, 0x5, 0x87c7, 0x80000000, 0x3e70, 0x2, 0xfa1, 0x4, 0x1, 0x8001, 0x7594, 0xbb, 0x0, 0xa, 0x7fff, 0x4, 0x7, 0x1d, 0x8, 0x0, 0x63, 0x4, 0x10000, 0x6, 0x9, 0xfffffff0, 0x1, 0x5, 0x4, 0x7fffffff, 0x400, 0x2, 0x3, 0x7, 0x0, 0x8000, 0x8, 0x5, 0x9, 0x9, 0x3, 0x3, 0x8b3, 0xc8b, 0x8, 0x64f58fd8, 0x5, 0xcf9, 0x2, 0x2, 0x5, 0x1, 0x7, 0x4, 0x7920, 0x5, 0x3, 0x1b07, 0x7fffffff, 0x9, 0x256e, 0x800, 0x10001, 0x9, 0x1, 0x3, 0x9, 0x7, 0x5, 0xb3d, 0x32fa, 0xfff, 0x7fff, 0x530, 0x50, 0xfffffffc, 0xff, 0x3, 0x6, 0xa, 0x7, 0xdfef, 0x953, 0x7f, 0x0, 0x8, 0xfaa3, 0x0, 0x8, 0x6, 0x40, 0xfffffff8, 0x5, 0x5, 0x7, 0x53, 0x7d, 0x80000000, 0x2, 0xffff, 0x7, 0x8d9, 0x1, 0x0, 0xd, 0xe1, 0x3, 0x6, 0x7, 0x98c, 0xfff, 0xf, 0x1, 0x2, 0x5, 0x2, 0x3, 0x4, 0x5, 0x9, 0x9, 0x2, 0xb, 0x8, 0x2, 0x6, 0x8, 0x779, 0x7, 0xe, 0x4, 0x3, 0xac, 0xa6095f90, 0x1, 0x6, 0xffff, 0x6, 0x8000, 0x200000, 0xffffffff, 0x240, 0xb872, 0x1000, 0x3, 0x88, 0xffff, 0x5, 0x5, 0x86, 0x9, 0x100, 0xf4, 0xfe0, 0x7, 0x80000001, 0x40, 0x2]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x5, 0x4, 0x9, 0x4, 0x9a8, 0x4f5, 0x3, 0x5, 0x6, 0x8, 0x6, 0x80000000, 0xa, 0x5, 0x1, 0xf, 0x4, 0x1ff, 0xd, 0x43a10f10, 0x6, 0x7, 0x8, 0xd, 0x6, 0xfffffff9, 0xf, 0x9, 0x1, 0xffff5232, 0x2, 0x1, 0x367, 0x6, 0x0, 0x4, 0x7, 0x1000, 0x1, 0xff, 0xe127, 0x101, 0x0, 0x8, 0x27, 0x8, 0x4, 0x4, 0x9, 0x7fffffff, 0x2, 0x0, 0x1, 0x28, 0xd5e7, 0x1, 0x5, 0x6, 0x9, 0x1, 0x5, 0x9, 0x1, 0x1ff, 0x10, 0x5, 0x9, 0x80, 0x7fff, 0x5, 0x1, 0xfff, 0x1, 0x3, 0xae, 0x4, 0x2, 0x0, 0x1, 0x2, 0x2c1f, 0x10, 0x39c0, 0x3, 0x8, 0xba, 0x1, 0x7, 0xfffffff8, 0xee, 0xfff, 0x952, 0x8000, 0x5, 0x7, 0x10, 0x249a, 0x8000, 0x2, 0x400, 0x4800000, 0x4, 0x1, 0x9, 0x2, 0x916, 0x0, 0x7, 0x1, 0x0, 0x6, 0xfffffe00, 0x6, 0x2, 0x54c, 0xfff, 0x0, 0xc5, 0x127, 0x10001, 0x100, 0x8, 0xb, 0x100, 0x1, 0x1, 0x8001, 0x7, 0x2, 0xb, 0x8, 0x4, 0x40, 0x6, 0x5, 0x10000, 0x384, 0xffffffff, 0x3, 0x9, 0x1, 0x8, 0xd, 0x3, 0x8, 0x0, 0xffffff0e, 0x0, 0x81, 0xfffffff7, 0x1, 0xdee7, 0x8, 0x1, 0x2, 0x7fff, 0x0, 0xff, 0x7, 0xfffffff8, 0x9b89, 0x2c7527d7, 0x6, 0x8, 0x7fff, 0x4, 0x1, 0x3c, 0xfffffffe, 0x0, 0x4, 0x1, 0x5, 0xfffffffa, 0xfb57, 0x54d, 0x10, 0x7, 0x1000, 0xc438, 0x3ff, 0x0, 0x7, 0x1, 0x3, 0x11, 0x480, 0x4, 0x3ff, 0x2, 0x865, 0xd372000, 0xb1f, 0x5, 0x7, 0xfffffff8, 0xc, 0x101, 0xfffff800, 0x4, 0x6, 0x8e90, 0x10, 0x824a, 0x2159, 0x0, 0x3, 0x200, 0x100, 0x1ff, 0x5e8, 0x1, 0xc5e, 0x7fffffff, 0x6, 0xda, 0x2, 0x6c8d, 0xa900000, 0x6, 0x4, 0x7e28, 0x6, 0xd, 0xd, 0xc9dd, 0x5, 0x88bc, 0x8, 0x4, 0x8, 0x1, 0xe33a, 0xd363, 0x9, 0x0, 0x9, 0x7fffffff, 0x2, 0x6, 0x8, 0xc, 0x6, 0x80000000, 0x8, 0xffffffff, 0x8000, 0x2, 0x80000000, 0x7ff, 0x8, 0x9, 0x2, 0x6, 0x6]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xd, 0x7, 0x4, 0x2, 0xffff17fb, 0x9, 0x1, 0xf, 0xfffffff0, 0xac, 0x10000, 0x7fff, 0x7e, 0x96, 0x7fff, 0x10, 0x0, 0xe3, 0xf, 0x93, 0x80, 0x5, 0x4, 0x5, 0x1000, 0x347, 0x400, 0x1, 0x1, 0x51, 0x4000, 0x3, 0x4, 0x100, 0x401, 0x6e, 0x7, 0x80, 0x4, 0x9, 0x3, 0x1ff, 0x5, 0x8db, 0x3, 0x9, 0x9, 0x2, 0xfffff03b, 0x80000000, 0x4, 0x4, 0x6, 0x40, 0x2, 0x0, 0x3, 0xfc, 0x3, 0x4, 0x22c697c0, 0xffffffff, 0xd, 0x800, 0x6, 0x37, 0x10, 0x6, 0x2, 0x5, 0x3, 0xf, 0xffff, 0x10001, 0x1, 0x0, 0x4, 0xfffffff3, 0x7, 0x10000, 0x421, 0x7f, 0xfffffffe, 0xd5e, 0x0, 0x400, 0x2901, 0x0, 0x9, 0xb6ed, 0x1, 0x6, 0x2, 0xcfe, 0x5, 0x6, 0x433, 0x53, 0x3, 0x3, 0x8001, 0x1, 0x44184dd4, 0xfffffff9, 0x8f6, 0xe2c, 0x67, 0xc, 0xa, 0x0, 0xd, 0xb, 0x1e7f, 0x10, 0x5, 0xfffff800, 0xe, 0x3, 0x386, 0x7, 0x80, 0x5, 0x8, 0x6, 0x2, 0xfffffffc, 0x8, 0xfa, 0xfffffff9, 0xbc6, 0x6, 0x664, 0x9, 0x0, 0x7f, 0x1, 0x0, 0xc4, 0x4, 0x8001, 0x0, 0x5, 0x24, 0x6d, 0x0, 0x5, 0x2, 0x80000000, 0xc8b, 0x8001, 0x2, 0xb3a, 0x5, 0x2, 0xe, 0x6, 0x5, 0x5, 0x557e, 0x7, 0x6, 0x2, 0x3ff, 0x2, 0x43603973, 0x6, 0x4, 0x9, 0x0, 0x9, 0x8, 0xff, 0x5, 0x6, 0x400, 0x4, 0x1, 0x5, 0x7, 0x7, 0x3, 0x4, 0x0, 0xa000000, 0x7, 0x401, 0x0, 0x3, 0x8, 0x7, 0xd, 0x9, 0xd0f, 0x27c, 0x4, 0x200000, 0x3ff, 0x4, 0x32, 0xa2, 0x8, 0x9, 0xfffffffe, 0xe, 0x0, 0x1, 0x6, 0x5, 0x1ff, 0x4, 0xf, 0x2, 0xfff, 0x1, 0xa, 0x80, 0x7, 0x93, 0x101, 0xffffffff, 0x40, 0x9, 0x200, 0xffff, 0x7, 0xffff, 0x3, 0x600, 0x2, 0x2, 0xfffffffa, 0x10, 0x400, 0xd, 0x2, 0x10000, 0x7f, 0x1, 0x8000, 0x1, 0x1, 0x9b, 0x4, 0x3ff, 0x2, 0x7, 0x8, 0x0, 0x992a, 0xc, 0x8, 0x2, 0x0, 0x9, 0x81, 0x8]}, @TCA_POLICE_RATE={0x404, 0x2, [0xff, 0x7fffffff, 0x9, 0x7, 0x4, 0x2, 0x2, 0x6, 0x7, 0x3, 0xb97, 0x7, 0x6, 0x0, 0xff, 0x6, 0x2, 0x3, 0x9, 0x10001, 0x2, 0x657, 0x58, 0x2, 0x4, 0x6, 0x1b, 0x88, 0x36, 0x7, 0x8, 0x3, 0xcb, 0x40800009, 0x6, 0x3, 0xfff, 0x8, 0x40, 0x4, 0xd1, 0xfffffffc, 0x3, 0x7, 0x2, 0xffffffff, 0x0, 0x5, 0x7, 0x8, 0x0, 0x100, 0x3, 0x7, 0xff, 0x0, 0x7, 0x4, 0x4, 0x6, 0x9, 0x7, 0x7, 0x5, 0x200, 0x1, 0x1, 0x6, 0xf97, 0xd7de, 0xffff, 0x3, 0x7, 0x0, 0xd59, 0xfffffeff, 0x420, 0x6eef, 0x6, 0x63b8, 0x1, 0xeb4c, 0x2, 0x3, 0x3, 0x2, 0x6, 0x5, 0x101, 0x8, 0xf, 0x8, 0x800, 0x1000000, 0x0, 0x8, 0x980, 0x0, 0x7, 0x7, 0xceb, 0x9, 0x77, 0x6, 0x5, 0x1ff, 0x67fc, 0x81c0, 0x5, 0xfc, 0x3, 0x7, 0x20c, 0x741, 0x9, 0x2, 0x47, 0x8235, 0x6e80, 0x200, 0x1000, 0x1000, 0xe, 0x58, 0x54bc, 0x7, 0x6, 0x1, 0x2, 0xd8e, 0xff, 0xa, 0x6, 0xc8d, 0x80000000, 0x6, 0x6, 0x2, 0x6, 0x6, 0x6, 0x9, 0x1, 0x10, 0x8, 0xb9, 0x1, 0x10000, 0x1000, 0x2, 0x2, 0x0, 0x80000000, 0x1, 0x4, 0x0, 0xc2f, 0x60, 0x9, 0x9, 0x6b, 0x8, 0x4, 0x4, 0x954dc71, 0xfffffffb, 0x100, 0x77, 0x10001, 0xec80, 0x1, 0x8, 0x7, 0x4a98cec3, 0xe, 0x31c, 0x2, 0x9, 0x2, 0x5, 0x3, 0xea0, 0xb, 0x1, 0x2, 0x8, 0xfffffffc, 0x2, 0x9, 0x8, 0x2, 0x2, 0xffff, 0x9, 0x7, 0xa, 0x9d, 0x3102, 0x401, 0x9, 0x9, 0x8, 0x4, 0x5, 0x5c, 0x4, 0x1, 0x8, 0x7, 0x7, 0x5, 0x1ff, 0xb7, 0x7f, 0xa066, 0x5, 0xa258, 0x7, 0x8, 0x990, 0x5, 0x40, 0x9, 0x70, 0x94, 0x0, 0xc0000000, 0x200, 0x7ec6, 0x8, 0xb, 0x5, 0x7fff, 0x5, 0x8000, 0x2, 0x7, 0x8000, 0x7645d51c, 0xe, 0x80000000, 0x7, 0x7e6, 0x4, 0x2, 0x5d1e, 0x80000001, 0x5, 0x6, 0x95, 0x2, 0xfffffff0, 0x0, 0x7, 0x3eb4, 0x4]}, @TCA_POLICE_RATE={0x404, 0x2, [0x80, 0x8, 0x6, 0x1, 0x7, 0x4, 0x1b7a0, 0x6, 0x3, 0x9, 0xcd4, 0x4, 0x65e, 0x10001, 0x2d, 0x2, 0x8, 0x10, 0xf, 0x2, 0xfd, 0x5, 0x1, 0x5, 0xfffffff7, 0x1, 0x4, 0x6, 0x2, 0x2, 0xb98, 0x2, 0x1, 0xbc, 0x2, 0x9, 0x0, 0x1, 0x6, 0x4, 0x3, 0x0, 0x0, 0x8, 0x1, 0x3a1, 0x7, 0x47f5, 0x4, 0x81, 0x4c2, 0x9, 0x88d, 0x3, 0x40, 0xffffffd7, 0x8, 0x5, 0xd, 0x4, 0x6, 0x6, 0x4d, 0x800, 0x4402, 0x9, 0x80, 0xae5, 0x2, 0xffffffff, 0x9, 0x2400000, 0x6, 0x1, 0x8, 0x3, 0x3, 0x2, 0x8000, 0x6, 0x4, 0x6, 0x0, 0x1, 0x200, 0x7, 0x1, 0xfffffff8, 0x0, 0x6, 0x2, 0xd67, 0x5, 0x0, 0x12, 0x6, 0x1, 0x5, 0x8b4, 0x3a, 0x0, 0xfffffff7, 0x7, 0x80000001, 0x7d000000, 0x8, 0x4, 0x9, 0x2, 0x1, 0x2, 0xffffffff, 0xfff, 0x400, 0x2, 0x1, 0x8, 0xfffffff6, 0x9, 0x2, 0x33e6, 0x4, 0x0, 0xbff, 0x8, 0x2, 0x74a2, 0xffffffff, 0x0, 0x2, 0x3, 0x3, 0xc, 0x6, 0x4, 0x0, 0x3, 0x1, 0xffff, 0x3ff, 0x7, 0x9, 0xfffffff9, 0xfff, 0x7, 0x8, 0x9, 0x7, 0x8, 0xd10, 0x7ff, 0x7fffffff, 0xc0, 0x5, 0x2, 0x29, 0x9b3, 0x2, 0x1, 0xffff, 0x80, 0x4, 0x9, 0x8000, 0x8, 0x9, 0xb8, 0x80000001, 0x10000, 0x7fffffff, 0x80, 0xa, 0x10001, 0x55, 0x1, 0x3, 0x3, 0x6, 0x3, 0x9, 0x6, 0xd, 0x6, 0x6, 0xb, 0x9, 0x0, 0x1, 0xc4, 0x7, 0x1b7, 0x3800, 0x6f, 0x8001, 0xfffffffe, 0x3, 0x7, 0x1, 0xf, 0x1000, 0x7ff, 0x1, 0x100, 0x7, 0x0, 0x8cb, 0x7, 0xfffffff7, 0x0, 0x10001, 0x5, 0xe9, 0x200, 0x71, 0x101, 0x1, 0xfff, 0xe33, 0x6, 0xa, 0xcb, 0x6, 0x1, 0xa, 0x0, 0x0, 0x7, 0x2, 0x2, 0x66, 0x4, 0x1, 0x6e4, 0xab, 0x2, 0x1, 0x3c7, 0x68, 0x9, 0x9, 0x3, 0xfffffffb, 0x9, 0x1, 0x40, 0x4, 0x0, 0xe0000, 0x2, 0xba, 0x20, 0x1, 0x9, 0x2689, 0x81, 0x2]}]}]}}]}, 0x18a8}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

2m38.53826272s ago: executing program 3 (id=1348):
r0 = syz_clone(0x1000000, &(0x7f0000001f80), 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), r1)
sendmsg$L2TP_CMD_NOOP(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000827bd7000ffdbdf250000000005000700030000000600070000000c0016000e000000948ad2617f131c33040000001400909179e5080064766d7270310000000000000000000005001f00fe80000008000000000000000000002d1400080073797a6b616c6c657230000000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x8044)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000200)=0x40, 0x8)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f00000000c0)={0xf2, 0x5, 0x200, 0x2285, 0x836, 0x2ed, 0x7, 0x2, r6}, 0x20)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f0000000040)={r6}, 0x8)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00038018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
process_vm_readv(r0, &(0x7f0000002280)=[{&(0x7f0000002180)=""/62, 0x3e}], 0x1, &(0x7f0000002780)=[{&(0x7f00000022c0)=""/223, 0xdf}], 0x1, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'erspan0\x00', &(0x7f0000000080)={'erspan0\x00', <r8=>0x0, 0x20, 0x0, 0xfffffffa, 0x1ff, {{0x24, 0x4, 0x0, 0x5, 0x90, 0x66, 0x0, 0x4, 0x2f, 0x0, @broadcast, @private=0xa010102, {[@lsrr={0x83, 0xf, 0xf1, [@private=0xa010102, @private=0xa010102, @rand_addr=0x64010101]}, @timestamp={0x44, 0x24, 0x1e, 0x0, 0x4, [0x7fff, 0x1, 0x9, 0x4, 0x34c, 0x9, 0x9, 0x4]}, @timestamp_addr={0x44, 0xc, 0x98, 0x1, 0xe, [{@remote, 0x2}]}, @lsrr={0x83, 0xb, 0x2d, [@local, @local]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x20, 0x47, 0x0, 0x2, [0x6, 0xffff85a7, 0x2, 0x9, 0xffffffff, 0x81, 0x317]}, @timestamp_addr={0x44, 0xc, 0xf5, 0x1, 0x5, [{@remote, 0xfffffffe}]}]}}}}})
sendmsg$nl_xfrm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c010000100013040000000000000000ac14140f000000000000000000000000200100000000000000000000000000004e2000044e220000020080202b000000", @ANYRES32=r8, @ANYRES32=0xee00, @ANYBLOB="7f0000010000000000000000000000000000000032000000ac14140f00000000000000000000000000ab404425ca7df10900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000700000000000000000273b91b98403eeb4a0080000000000400000000000000cc00000000000000000000000000000000000000000a00010800000000000000004c0012004996153b61657329000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800100007579282ba052de8956f50ac97dfa5a7d62eaabf81cb0a1dac9a495886714a53b64852ea9f7eaf58d936e25eb8db99e539900b369405d9c96b8d06a21a8bf7435d7e2a4f84b53f582d4ef86d6bfe44fffedb6cb84f17ebf35920ef3697d2615c99cd11eef906a8a3768ecc0624a69c035b29e159b17da7b5c3a54ebceb51f8064e4b4c31c8a66e0603e0670030119d7a2434bac54c337b5bc3894bd30a8b487"], 0x13c}}, 0x0)

2m23.334882529s ago: executing program 35 (id=1348):
r0 = syz_clone(0x1000000, &(0x7f0000001f80), 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), r1)
sendmsg$L2TP_CMD_NOOP(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000827bd7000ffdbdf250000000005000700030000000600070000000c0016000e000000948ad2617f131c33040000001400909179e5080064766d7270310000000000000000000005001f00fe80000008000000000000000000002d1400080073797a6b616c6c657230000000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x8044)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000200)=0x40, 0x8)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f00000000c0)={0xf2, 0x5, 0x200, 0x2285, 0x836, 0x2ed, 0x7, 0x2, r6}, 0x20)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f0000000040)={r6}, 0x8)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00038018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
process_vm_readv(r0, &(0x7f0000002280)=[{&(0x7f0000002180)=""/62, 0x3e}], 0x1, &(0x7f0000002780)=[{&(0x7f00000022c0)=""/223, 0xdf}], 0x1, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'erspan0\x00', &(0x7f0000000080)={'erspan0\x00', <r8=>0x0, 0x20, 0x0, 0xfffffffa, 0x1ff, {{0x24, 0x4, 0x0, 0x5, 0x90, 0x66, 0x0, 0x4, 0x2f, 0x0, @broadcast, @private=0xa010102, {[@lsrr={0x83, 0xf, 0xf1, [@private=0xa010102, @private=0xa010102, @rand_addr=0x64010101]}, @timestamp={0x44, 0x24, 0x1e, 0x0, 0x4, [0x7fff, 0x1, 0x9, 0x4, 0x34c, 0x9, 0x9, 0x4]}, @timestamp_addr={0x44, 0xc, 0x98, 0x1, 0xe, [{@remote, 0x2}]}, @lsrr={0x83, 0xb, 0x2d, [@local, @local]}, @ra={0x94, 0x4}, @timestamp={0x44, 0x20, 0x47, 0x0, 0x2, [0x6, 0xffff85a7, 0x2, 0x9, 0xffffffff, 0x81, 0x317]}, @timestamp_addr={0x44, 0xc, 0xf5, 0x1, 0x5, [{@remote, 0xfffffffe}]}]}}}}})
sendmsg$nl_xfrm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c010000100013040000000000000000ac14140f000000000000000000000000200100000000000000000000000000004e2000044e220000020080202b000000", @ANYRES32=r8, @ANYRES32=0xee00, @ANYBLOB="7f0000010000000000000000000000000000000032000000ac14140f00000000000000000000000000ab404425ca7df10900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000700000000000000000273b91b98403eeb4a0080000000000400000000000000cc00000000000000000000000000000000000000000a00010800000000000000004c0012004996153b61657329000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800100007579282ba052de8956f50ac97dfa5a7d62eaabf81cb0a1dac9a495886714a53b64852ea9f7eaf58d936e25eb8db99e539900b369405d9c96b8d06a21a8bf7435d7e2a4f84b53f582d4ef86d6bfe44fffedb6cb84f17ebf35920ef3697d2615c99cd11eef906a8a3768ecc0624a69c035b29e159b17da7b5c3a54ebceb51f8064e4b4c31c8a66e0603e0670030119d7a2434bac54c337b5bc3894bd30a8b487"], 0x13c}}, 0x0)

23.850721912s ago: executing program 7 (id=2843):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x5}, 0x2, r3}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r0)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f00000001c0)={0x70, r4, 0x1, 0x70bd67, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x5}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x39}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x115}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r6, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r6], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r8 = socket(0x10, 0x3, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001240)=@newtfilter={0x43c, 0x28, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {}, {0x9, 0x7}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40c, 0x2, [@TCA_CGROUP_POLICE={0x408, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x6, 0x40, 0xffffff7f, 0x2, 0x4b7, 0x0, 0xa, 0x0, 0xe, 0x3b34, 0xc, 0x140000, 0x4, 0x7, 0x40000, 0x9, 0xfff, 0x17, 0x5, 0x7fff, 0x7ff00, 0x7fff, 0xa, 0x3, 0x3, 0x3, 0x8000, 0x3, 0x100, 0x8000, 0x7, 0x80000000, 0x40, 0x6, 0x1000, 0xe, 0x2, 0x7, 0x10000, 0xfffffff7, 0x3, 0x0, 0x2, 0xfffffffd, 0x6, 0xfffffffa, 0x5, 0xeeb4, 0x200, 0xfffff390, 0x7b0, 0x8, 0x2, 0x47c, 0x2, 0x7, 0x8, 0x36db9ca, 0x80, 0x10, 0x9, 0x101, 0x401, 0xf29, 0x9b, 0x6, 0x2, 0x9, 0x1000, 0x5, 0xf, 0x9, 0x4, 0x7, 0x0, 0x6, 0x9, 0xff, 0x7, 0xacc4, 0x4, 0xb, 0xfffff4e3, 0x1, 0xfffffff8, 0xa88, 0x7fff, 0x101, 0x0, 0xc4, 0x1ba3, 0x7, 0x1, 0x1, 0x8, 0xff, 0x1, 0x3, 0x7, 0xfff, 0x3, 0x1, 0x7, 0x3, 0x8000, 0x9, 0x2, 0xfff, 0x100, 0x200, 0x1000, 0x70, 0xffffffff, 0x0, 0x6968, 0x101, 0x881f, 0x1, 0x5, 0x1, 0x5, 0xfffffffe, 0x4, 0x1ff, 0x1, 0x2, 0x10, 0xfff, 0x5, 0x5, 0x9, 0x5, 0x7, 0x2, 0xffffffe2, 0x2, 0x6, 0x73b7, 0xfffffffd, 0xffff9264, 0x8, 0x800, 0xffffffff, 0x0, 0xffffffff, 0x8, 0x6, 0xc0, 0x6, 0xfffffff4, 0xca, 0x2, 0x1, 0x41, 0x8000000, 0x9, 0x7, 0x2, 0xfffffffd, 0x8, 0x3, 0x7, 0x0, 0x24, 0x0, 0x0, 0x3, 0x1000, 0x1, 0x87, 0x3, 0x6, 0x9, 0x3, 0x9, 0x7, 0x0, 0x4, 0xcaca, 0x7ff, 0x10, 0x7, 0x348, 0x7, 0x8, 0x3, 0x1, 0x4, 0xffffef35, 0x81, 0x403, 0x3, 0xfffffff4, 0x8, 0xa244, 0x0, 0x2, 0xe, 0xfff, 0x7, 0x7, 0xbf4c, 0x0, 0x2, 0x5, 0x7, 0xffffffff, 0xffffffff, 0x2, 0x3, 0x0, 0x96a, 0x3, 0x6, 0x8001, 0x1, 0x5, 0x855, 0xfffff200, 0x8e, 0x8000, 0x200, 0x7, 0x316f, 0x4, 0x1, 0x149c000, 0xffffffec, 0x5, 0x3000000, 0x5, 0x6, 0x6, 0x9, 0x3, 0x2, 0x67e7762b, 0x0, 0x2, 0x5, 0x1, 0x1, 0x383d, 0x2, 0x6a9d4313, 0xffff5b80, 0x0, 0x3, 0x4, 0x4, 0x10, 0x800, 0x3, 0x6, 0xfffffffc]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x810}, 0x40c4)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r10)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000001500010000000000000000000a000000080001"], 0x1c}}, 0x0)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r10, &(0x7f00000095c0)={0x0, 0x0, &(0x7f0000009580)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="010019bd7000ffdbdf2507000000080004007f000000"], 0x1c}, 0x1, 0x0, 0x0, 0x811}, 0x10)

23.67923224s ago: executing program 7 (id=2846):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x101403, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x80044d0d, &(0x7f0000000180)) (fail_nth: 3)

23.61946478s ago: executing program 7 (id=2848):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x4, 0x0, 0x541}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8044)

23.538893909s ago: executing program 7 (id=2849):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000740)={0x53, 0x0, 0xa, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000100)="a1f872478e76a81b13ce", 0x0, 0x0, 0x0, 0x0, 0x0})
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x315802)
write$sndseq(r1, &(0x7f0000000280)=[{0x0, 0x9, 0x1, 0x4, @tick=0x6, {0x88, 0x7}, {0x8, 0x8}, @ext={0x2c, &(0x7f00000001c0)="f7ec1215049865feb614457bb13d1e5bbc2e035f8e052faaa76501a91f6c60af7344f2c12f3253e9790239e8"}}, {0x0, 0x80, 0x6, 0x4, @tick=0x8001, {0x24, 0x9}, {0x1c, 0x5}, @note={0x2, 0x3, 0x4, 0x5, 0x10000}}, {0x9, 0x6, 0x0, 0x9, @tick=0x8, {0x8}, {0x0, 0x8}, @connect={{0x1, 0xb4}, {0x0, 0x4}}}, {0x8, 0x5, 0x1, 0x6, @time={0x86c, 0x2}, {0x4, 0x81}, {0x9, 0x7}, @time=@time={0x1, 0x4}}, {0x40, 0x36, 0xff, 0xff, @time={0x2, 0x6}, {0x0, 0x2}, {0x0, 0x7}, @quote={{0x2, 0x2}, 0x3, &(0x7f0000000200)={0xa1, 0x80, 0x8, 0x0, @tick=0x5, {0x4, 0x5}, {0x8, 0x1}, @note={0x7f, 0x0, 0x18, 0xf6, 0x400}}}}, {0x8e, 0x1, 0xfb, 0x2, @time={0x7, 0x89}, {0x7, 0x3}, {0x2}, @addr={0x0, 0x80}}, {0x80, 0x1, 0x7, 0x10, @tick=0x2, {0x7, 0x37}, {0x7, 0xb}, @connect={{0x2, 0x8}, {0xff, 0x7}}}, {0x4, 0x8, 0x3, 0x1, @tick=0xffff, {0x9, 0x6}, {0x8, 0xe}, @addr={0xff, 0x4}}], 0xe0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c00000034000701ffff0000080004800400498096031fdd84077c7ef86d0607650f31d4fe643c7596843cb39b45fbb12f71846f194e6bb536484830e713ca1477d56e90cd11ad595d22638f244ef87d5b9a220b"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000240)='./file0/../file0\x00')

23.419906144s ago: executing program 7 (id=2851):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e20, 0x6, @empty, 0x4}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, &(0x7f0000000940))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a"], 0x122}}, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000009c0)=0x5, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfff1, 0x3}, {0x6}, {0x4, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x24040080}, 0x40004)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34a9fc4a", @ANYRES16, @ANYBLOB="000829bd7000fedbdf253d00000008005d000100000008005d000100000061005d000000000008005d0001000000"], 0x34}, 0x1, 0x0, 0x0, 0x40014}, 0x0)
ppoll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x1100}], 0x1, 0x0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x7}, 0x8)
listen(r2, 0x5)
accept4(r2, &(0x7f0000000240)=@x25, 0x0, 0x80800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c)

23.300779691s ago: executing program 7 (id=2853):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000440)={0x7, 0x0, [{0x2, 0x8000, 0x0, 0x5}, {0x40000000, 0x5, 0xe, 0x0, 0xcdd, 0x2, 0x10000}, {0xc0000000, 0x0, 0x4, 0x0, 0x0, 0x1}, {0xa, 0xcf3f, 0x0, 0x4, 0x2, 0xfffd, 0xc}, {0x2, 0xffff, 0x6, 0xdd, 0xfff, 0x6, 0x10001}, {0x4, 0x0, 0x0, 0xc5, 0xa, 0xb77, 0x3}, {0x80000000, 0x9, 0x2, 0x3, 0x2cf, 0x2, 0x2}]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x99c7}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(r4, r3, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000200)='./file0\x00', 0x8, 0x1)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r9, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r9, 0x84, 0x73, &(0x7f0000000000)={r10, 0x4, 0x0, 0x200, 0x1}, &(0x7f0000000240)=0x18)
r11 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r11, 0xc008561c, &(0x7f0000000000)={0xf0f071, 0x1})
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
r12 = openat$nullb(0xffffffffffffff9c, 0x0, 0x840, 0x0)
dup(r12)
socket$inet_tcp(0x2, 0x1, 0x0)

23.258615427s ago: executing program 36 (id=2853):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000440)={0x7, 0x0, [{0x2, 0x8000, 0x0, 0x5}, {0x40000000, 0x5, 0xe, 0x0, 0xcdd, 0x2, 0x10000}, {0xc0000000, 0x0, 0x4, 0x0, 0x0, 0x1}, {0xa, 0xcf3f, 0x0, 0x4, 0x2, 0xfffd, 0xc}, {0x2, 0xffff, 0x6, 0xdd, 0xfff, 0x6, 0x10001}, {0x4, 0x0, 0x0, 0xc5, 0xa, 0xb77, 0x3}, {0x80000000, 0x9, 0x2, 0x3, 0x2cf, 0x2, 0x2}]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x99c7}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(r4, r3, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000200)='./file0\x00', 0x8, 0x1)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r9, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r9, 0x84, 0x73, &(0x7f0000000000)={r10, 0x4, 0x0, 0x200, 0x1}, &(0x7f0000000240)=0x18)
r11 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r11, 0xc008561c, &(0x7f0000000000)={0xf0f071, 0x1})
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
r12 = openat$nullb(0xffffffffffffff9c, 0x0, 0x840, 0x0)
dup(r12)
socket$inet_tcp(0x2, 0x1, 0x0)

2.290656001s ago: executing program 8 (id=3155):
r0 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x0, {0x1, 0x1, 0x4}, 0xff}, 0x18)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000380)="000101000040000000", 0x9}], 0x1}, 0x48005)
readv(r2, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/20, 0x14}], 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)

1.420779047s ago: executing program 6 (id=3171):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x48a82, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x88a, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000001c0)={0x19, 0x1, 0x0, "14a5593b595ccb9e289f1548f12ec9745f90084a013424cf6dc99d2466980300", 0x38414761})
syz_emit_ethernet(0x32, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaca7e9eaaaaaaaaaa0000000000889078000000000000000000000000000890780200000000000000b430c61cc5339550929ad2dfbbc0542e9a718efcddc4321969d4a64b449a"], 0x0)
write$sysctl(r0, &(0x7f0000000100)='0\x00', 0x2)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff}, './file0\x00'})
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000080)=r2, 0x4)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f000024a000/0x12000)=nil, 0x12000, 0xc)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
openat$cgroup_type(r7, &(0x7f0000000180), 0x2, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r4, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

1.419973343s ago: executing program 8 (id=3172):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e20, 0x6, @empty, 0x4}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, &(0x7f0000000940))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104"], 0x122}}, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000009c0)=0x5, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040080}, 0x40004)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34a9fc4a", @ANYRES16, @ANYBLOB="000829bd7000fedbdf253d00000008005d000100000008005d000100000061005d000000000008005d0001000000"], 0x34}, 0x1, 0x0, 0x0, 0x40014}, 0x0)
ppoll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x1100}], 0x1, 0x0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x7}, 0x8)
listen(r2, 0x5)
accept4(r2, &(0x7f0000000240)=@x25, 0x0, 0x80800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c)

1.270863107s ago: executing program 6 (id=3173):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340))
r3 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r3})
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r1})

1.100450015s ago: executing program 6 (id=3176):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x8008af26, &(0x7f0000000180)={0x1})
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e601bae74656e642c6163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000100)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
pread64(r2, &(0x7f00000003c0)=""/58, 0x3a, 0x4)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0'}, 0xb)

749.919369ms ago: executing program 0 (id=3187):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket(0x10, 0x803, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x6, 0xcb)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
syz_emit_ethernet(0xd2, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "00e70c", 0x9c, 0x11, 0x0, @remote, @local, {[], {0x4e21, 0x4e21, 0x9c, 0x0, @wg=@initiation={0x1, 0x2, "98558ced0561c369bdce17260aecf0d0ef8051f16a33d395bb9998e65920ac9e", "2d8a3f8f6b35bf2999f23cb4b717412f7761cd850d01a42ebc78bb36b631374a497bd8931167fb9a2bdb672fb36b2879", "f24b91ff3ac89b423d9c2632e77da5f229e21074e80d66883c395413", {"38b27b0047081c5ce5491f55d30a2224", "544c894ff9732ce4f1a601c017cf96f0"}}}}}}}}, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r5, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r5], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r8 = socket(0x10, 0x3, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x1feb2ce6be0af4e7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x800)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=@newtfilter={0x74, 0x28, 0xd27, 0x1003ffd, 0x0, {0x0, 0x0, 0x0, r9, {0xd, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x44, 0x2, [@TCA_CGROUP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x5, 0xfeb3, 0x0, 0x80000000, {0x5e, 0x0, 0x0, 0x6, 0x800, 0x2}, {0xe, 0x1, 0x2, 0xf001, 0xa, 0x6}, 0x8a, 0x28a, 0x7}}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x810}, 0x200008c0)
io_uring_setup(0x605b, &(0x7f0000000140)={0x0, 0x2d13, 0x20, 0x2, 0x263, 0x0, r0})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000380)={0x0}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[], 0x0}, 0x94)
setresuid(0x0, 0xee00, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x200000f0}, 0x20000000)
sendmsg$rds(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000400)=""/200, 0xc8}, {&(0x7f0000000500)=""/65, 0x41}, {&(0x7f0000000580)=""/75, 0x4b}, {&(0x7f00000001c0)=""/5, 0x5}, {&(0x7f0000000600)=""/159, 0x9f}], 0x5, 0x0, 0x0, 0x880}, 0x44000)
mq_open(&(0x7f00000000c0)=',):\x00', 0x40, 0xf4, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_conn_req={{0x17, 0x40, 0x8}, {0x6, 0x7f, 0xad52, 0x7}}}}, 0x15)

680.121871ms ago: executing program 0 (id=3189):
msgget(0x3, 0x202)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f000096c000/0x1000)=nil, 0x1000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r3, 0x3ba0, &(0x7f0000000640)={0x48, 0x8, r2, 0x0, 0xb, 0x245fd7, 0x1, &(0x7f0000000080)="f4", 0x10001})

620.544403ms ago: executing program 0 (id=3190):
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
chroot(&(0x7f00000001c0)='./file0\x00')
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000100)=0x22, 0x4)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="00022abd7005fedbdf25410000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f707300000000"], 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000480)={0x4, 0x2, {<r3=>0x0}, {0xffffffffffffffff}, 0x0, 0x5})
capset(&(0x7f0000000500)={0x20080522, r3}, &(0x7f0000000540)={0x10, 0xda3, 0x9e, 0xd631, 0x6, 0xd})
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000240)={0x1, @pix_mp={0x100, 0x0, 0xa0363159, 0x0, 0x0, [{0x3, 0x81}, {0xfffffffb, 0x5}, {0x8e5d, 0x4e670b6f}, {0x8, 0x3}, {0xd, 0xffffffff}, {0x7, 0xc000}, {0x60000000, 0x6}, {0x5ba, 0x10}], 0x10, 0xb, 0x1, 0x0, 0x6}})
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, &(0x7f0000000080)={0x1, 0x800, 0x1})
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ff9000/0x4000)=nil)
ioctl$I2C_SLAVE(r0, 0x703, 0x287)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x10)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000140), 0x4)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000000c0)={'veth1_to_team\x00', &(0x7f0000000040)=@ethtool_rxfh_indir={0x38}})
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000180)="3b52e010cf", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000ac0)="13a8892019f1989dcb3695d96b609322d26e29fc35fee071c96d80bd46d6966cbe6b7a2cae610580a28150f9f09c86ff97e05d454faac2546a34871e68f5cbd68fd4b71e2aac0dc7620672a5d97f2b82603a6f9c25d5b78524ab47fb3c477a39625e82d11bae649b50912c5c3749d587d40f3b177c88c8e1a95a9580e76e4915e7a4d9d1bac139a4c4b3ea19d86435997790b8f33ed64746f783dcbca965f77a4ebc4ee05aaa5e68d551b3cb668bb5be8cb0f5c6d64346d4aa329d80f904bee073", 0xc1}, {&(0x7f0000000bc0)='T[X!', 0x4}], 0x2}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000000f00)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647309d209558b1965ef7ea4576ec0e289b73c2089310271d0a67d88a312f4cb0194c4f28ec3c2fe269311d0cec1fe0efef17d376d183b08e392b6cb58e930e1f959dd4528ec95350fc86e5297e6d59af036b132df17833881238ba8692842a8da4d5b4a37c94915331143d9128a197495433c2f550b4455a9ae03b937305e192e861ca3a60f9b3a14288e3daeb6936593485388a4aaab39b3843ee2960d9c8728eafb904333e7b78a270480e8dd89bc4cf0b791013cff43bf314e11a44d5f9c4fdad8a2fcdb04f76de29a50a0428148f4bc3eff1e84d25ea95dabddfba6162860a3c3389ee366450b6bcf1409f920caf1be5702af0402e2cef4896d9544a26ebfab694d7a47eca55bd2f62e7d7eb1f6061f7e441df5ab31344f02179764822036ef706133ea1a6380e042f074b2b0ddcc578cb8a668a846b9d5792f8d434f8ec7b562594587c49e8e6b3450e545fc070644bd06a36106cdb63f9e8ad7ae50b5b44e47f377961f5e29392330fb40d63c911ffd13e094f0452cc5c77b0731b56211b2d8a7554f6077ae593626a54f56d6dea49058fd1d48db02a7b33d50474b58a7e14e6a4d935bfaf4865f00074d59ece4b2d5f5e768e952733ee2c34b3e4b0be230f792f8b16f872afbbd155fe5314d4f54ea7b747eb2cd2410db7464c73ecd4815cda0bcc839fb603bb3f0c04b2d233b54a78b7aa3db974e469c8788e155cc2ef39bcf8491101058093c842df8cd0ac03d29e6d6902187f31eaf960b306debf734d8d26cc34a7e62c64a98b5a8a61020d81f5213d4d5722088be5b5ea6b1ee19b148d1f8b7172cd507533360d2d668e85252463b1d61302a75a7e3dc5e8c607a1026c66c2e8a6cbd34e3e5e99890da6cf07ed1247a07f004a6b1d643e00be7c156127bd7b39326e84ea6963d0530a4538eea35cf8048440a65148f1fe6314020bbe9c9358242589360fa5b1425d24b9f59141d81c0dbdd2e802eb82849e6342a4ffd0dcf307e2c73c707f54d54a2d04f2e504cae3d17192", 0x3b1}], 0x1}}], 0x3, 0x4)
read$alg(r0, &(0x7f0000000440)=""/10, 0xa)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000400)=0x8, 0x4)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)

570.516273ms ago: executing program 0 (id=3192):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r1)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r2, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x4000000)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000040)={'wpan3\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xffff}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x2}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa0}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x4}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4802}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4008080}, 0x4008092)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x48, r2, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x9}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x4}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xff}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x4000080)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="c5c4b5f2", @ANYRES16, @ANYBLOB="01072bbd70000000000005000000"], 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0)

570.002808ms ago: executing program 8 (id=3194):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002640)={{r2, <r4=>0xffffffffffffffff}, &(0x7f00000025c0), &(0x7f0000002600)=r3}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002580)={{r4}, &(0x7f00000002c0), &(0x7f0000000300)=r3}, 0x20)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4, 0x0, '\x00', 0x0, 0xfffffffffffffffc})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000080)=@arm64={0x10, 0x1, 0x5, '\x00', 0x3})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000140)='dns_resolver\x00', 0x0, &(0x7f0000000080)='\x00\x00\x00\x00\x00\x00', 0x6, r8)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r10 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x3232, 0x100, 0x0, 0x3de}, &(0x7f0000000040), &(0x7f0000000180))
r11 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
io_uring_register$IORING_REGISTER_FILES(r10, 0x2, &(0x7f0000000300)=[r11], 0x1)
ioctl$SOUND_MIXER_READ_STEREODEVS(r11, 0x80044dfb, &(0x7f0000000040))
ioctl$KVM_GET_MSRS_cpu(r9, 0xc008ae88, &(0x7f0000000000)={0xffffffffffffe82})

567.923874ms ago: executing program 4 (id=3195):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x80, 0x2, 0x1dd}, &(0x7f0000000380)=<r2=>0x0, &(0x7f0000000180)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x80800})
listen(r0, 0x5)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreq(r4, 0x0, 0x20, &(0x7f0000000000)={@multicast2, @empty}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r5=>r1, {0x2}}, './file0\x00'})
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x1411, 0x100, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x28}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}]}, 0x28}}, 0x800)
io_uring_enter(r1, 0x3517, 0xc2de, 0x9, 0x0, 0x0)

460.425947ms ago: executing program 0 (id=3196):
keyctl$dh_compute(0x17, &(0x7f0000000d80), &(0x7f0000000dc0)=""/229, 0xe5, &(0x7f0000000f00)={&(0x7f0000000ec0)={'cryptd(blake2b-160)\x00'}})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f00000001c0)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x4004)

277.902194ms ago: executing program 4 (id=3197):
r0 = openat$fb1(0xffffff9c, &(0x7f00000000c0), 0x40a82, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000480)={0x13c0, 0xf0, 0x190, 0x30, 0xf0bd, 0x6, 0x10, 0x0, {0x4, 0x4, 0x1}, {0xf, 0x1}, {0x7, 0xd, 0x1}, {0x4, 0xfffffff7}, 0x1, 0x140, 0x8, 0x8, 0x0, 0x8, 0x2e9, 0x7f, 0xb, 0x7, 0xa, 0x0, 0x3, 0x4, 0x0, 0x6})
mknod(&(0x7f0000000000)='./file0\x00', 0x8000, 0x0)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='btrfs\x00', 0x10003, &(0x7f00000000c0)='norecovery')
lseek(r0, 0x0, 0x3)
ioctl$UFFDIO_MOVE(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2000, 0x1})

277.673383ms ago: executing program 8 (id=3198):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x24, 0x64, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0x9}, {0x8, 0x7}, {0xe, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x14, 0x15, 0x1, 0x0, 0x0, {0xd}}, 0x14}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x25dfdbf9, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x7}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a300000000005000500020000001400078005001500000000000800124000000001050004000000000011000300686173683a6970"], 0x60}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000013c0)={'veth1_macvtap\x00'})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="500000001000030500"/20, @ANYRESHEX=r0, @ANYBLOB="0000000000000000280012800b0001006d616373656300001800028005000800010000000c000100000000000000000008000500", @ANYRESOCT=r3], 0x50}}, 0x800)

210.246249ms ago: executing program 6 (id=3199):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x50, 0xff, 0x0, 0xffeffffd}, {0x6, 0x60, 0x0, 0x8}]})
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'pcl818\x00', [0x4f27, 0x84, 0x3, 0x4, 0x5, 0xcc9, 0xf, 0x7, 0xa, 0x0, 0xefb, 0x1, 0x6, 0x1, 0x6, 0x101, 0x1000, 0x1a449, 0x3, 0x40000007, 0x9d, 0xcaa7, 0x4, 0x20001e58, 0x4, 0xe69, 0x3c, 0x8, 0x5, 0x0, 0xfffffff8]})
write$ppp(r1, &(0x7f0000000300), 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$kcm(0x29, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r5, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000002c0)={0x1c, r9, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
r11 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r11, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r10, @ANYBLOB="0800051cf94e5d21e70eb3"], 0x24}}, 0x0)

209.98511ms ago: executing program 8 (id=3200):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005f00)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb2521000000080003", @ANYRES32=r2, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x28000)

209.823055ms ago: executing program 4 (id=3201):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r0, @ANYRES32=r2], 0x44}}, 0x0)

209.572218ms ago: executing program 0 (id=3202):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.sectors\x00', 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x4000000)
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r5, @ANYBLOB="200001"], 0x38}}, 0x40840)
r6 = socket(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000340)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x1})
sendmsg$NFT_BATCH(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES16=r8, @ANYRES8=r9, @ANYRES32=r6], 0x7c}, 0x1, 0x0, 0x0, 0x4008080}, 0x4c50)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a312000000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB="2c0000000a08050000000000000000000a0000090900012073797a31000000000900020073797a3100000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000)
sendmsg$NFC_CMD_START_POLL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4081}, 0x850)
r11 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[], 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0xa2000, 0x0)
syz_usb_control_io$cdc_ecm(r11, &(0x7f0000000180)={0x14, 0x0, 0x0}, 0x0)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r12, 0x0, 0x0)
preadv2(r1, &(0x7f0000000380)=[{&(0x7f0000000480)=""/213, 0xd5}], 0x1, 0x0, 0x0, 0x0)

140.009022ms ago: executing program 8 (id=3203):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e20, 0x6, @empty, 0x4}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, &(0x7f0000000940))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104"], 0x122}}, 0x0)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000009c0)=0x5, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x24040080}, 0x40004)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34a9fc4a", @ANYRES16, @ANYBLOB="000829bd7000fedbdf253d00000008005d000100000008005d000100000061005d000000000008005d0001000000"], 0x34}, 0x1, 0x0, 0x0, 0x40014}, 0x0)
ppoll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x1100}], 0x1, 0x0, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x7}, 0x8)
listen(r2, 0x5)
accept4(r2, &(0x7f0000000240)=@x25, 0x0, 0x80800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c)

139.763426ms ago: executing program 4 (id=3204):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000080)={<r1=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r0, 0xc00864c0, &(0x7f00000000c0)={r1})
r2 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bca, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x1000000, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r6, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x21a3, 0x0, {0x3}})
io_uring_enter(r2, 0x46f3, 0x1000003, 0x1, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'erspan0\x00', &(0x7f00000003c0)={'gretap0\x00', <r7=>0x0, 0x40, 0x7, 0x1ff, 0x1000, {{0x2e, 0x4, 0x3, 0x3, 0xb8, 0x65, 0x0, 0x1, 0x0, 0x0, @private=0xa010100, @multicast2, {[@noop, @lsrr={0x83, 0xf, 0xa7, [@rand_addr=0x64010101, @multicast1, @rand_addr=0x64010101]}, @cipso={0x86, 0x52, 0x1, [{0x7, 0xe, "5c0b8874b6cd9e661dff4b5c"}, {0x0, 0x10, "5793413ed7508636d788171f2e9c"}, {0x2, 0xf, "dcd954b0c3b2d845b9e5171227"}, {0x0, 0xb, "fdf882bd276d4fd1b7"}, {0x5, 0xd, "9f7784bbd330d470b44753"}, {0x2, 0x7, "1269f86167"}]}, @rr={0x7, 0x17, 0x8b, [@loopback, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @multicast1]}, @timestamp_prespec={0x44, 0x1c, 0xc7, 0x3, 0x9, [{@private=0xa010102, 0x7fff80}, {@broadcast, 0x5}, {@multicast1, 0x6}]}, @rr={0x7, 0xf, 0x8, [@dev={0xac, 0x14, 0x14, 0x3c}, @local, @dev={0xac, 0x14, 0x14, 0x2f}]}]}}}}})
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
pipe2(&(0x7f0000000000)={0x0, <r9=>0x0}, 0x0)
socket(0x22, 0x2, 0x24)
close_range(r9, 0xffffffffffffffff, 0x0)
bind$bt_hci(r8, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r10, 0x400448e2, 0x0)
recvfrom(r5, &(0x7f0000000200)=""/141, 0x8d, 0x21, &(0x7f0000000140)=@xdp={0x2c, 0x4, r7, 0x6}, 0x80)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2e, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6}]})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0100000010651fbe347b322b00000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

70.396012ms ago: executing program 6 (id=3205):
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x60, 0x0, 0x8}]})
write$ppp(r0, &(0x7f0000000300), 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000990000/0x1000)=nil)
socket$kcm(0x29, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000002c0)={0x1c, r4, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)

70.002443ms ago: executing program 6 (id=3206):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000580)={[0x2, 0xec, 0x401, 0x3, 0x7, 0x4, 0x8000000000000001, 0x80100000, 0x1, 0x200, 0x6, 0x2, 0x20, 0x10000000003a, 0x1, 0x9], 0x0, 0x83005})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000500)=@x86={0xf, 0x7, 0x5, 0x0, 0x5, 0x0, 0x75, 0x9, 0x10, 0x5, 0xf, 0x3, 0x0, 0x7, 0x4, 0x2, 0x6, 0x1, 0x2, '\x00', 0xfd})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x61, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r6 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r6, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1, 0x2, 0x3, 0xfffffff9, 0x9, 0x101, 0x2, 0xffff}}}}]}, 0x58}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000026c0)=@newtfilter={0x87c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xe, 0x6}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x84c, 0x2, [@TCA_BASIC_POLICE={0x848, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x5, 0x8, 0x401, 0x7, 0xffffffff, 0x6, 0x8, 0x7f, 0x101, 0x3, 0x9, 0x5, 0x4dc6, 0x7fff, 0x6, 0x8, 0x3, 0xd, 0x4, 0x3ae0, 0x5, 0x99, 0x1, 0xff, 0x1, 0x6, 0x80, 0x7f1b, 0x5, 0x5, 0x80000000, 0xfffffffa, 0xffffffff, 0x800, 0xf20d, 0x800, 0x0, 0x1, 0x4, 0x80000000, 0x6, 0x9, 0x3, 0xff, 0x0, 0x9f0, 0x1ff, 0xdf7a, 0x7fffffff, 0x0, 0x0, 0xc, 0x14, 0x2, 0xc, 0x401, 0xffff, 0x9bf, 0x6f3c, 0x8, 0x9, 0x7ff, 0x3, 0x9, 0x8000, 0x8, 0xffffffc0, 0x4, 0x1, 0x2, 0x8, 0x4, 0x9, 0x200, 0x3ff, 0x8000, 0x81, 0x3, 0x8, 0x800, 0x1, 0x5, 0x80000000, 0xfffffffe, 0x1e8, 0x5, 0x1, 0x0, 0x10001, 0x81, 0xc, 0x6, 0x80000001, 0x401, 0x6, 0x0, 0x3, 0x800, 0xf79, 0x6, 0x1, 0x4, 0xfff, 0x2, 0x1, 0x37800000, 0x0, 0x3, 0xae5, 0x0, 0x4, 0xae, 0xfffffffe, 0x1, 0x6, 0x8, 0x400, 0x1, 0x8000, 0xc, 0x1, 0x8, 0x1, 0x95, 0x1, 0x6, 0x3, 0xca, 0x0, 0x0, 0x3, 0x7, 0xffffb09a, 0x1, 0xe, 0x9, 0x5, 0x6, 0x4b, 0x9, 0x4, 0xfffffffe, 0xfffffffe, 0x4, 0x69, 0x2, 0x2, 0x6c, 0x0, 0x5, 0xffff, 0x4, 0x5, 0x2, 0x6, 0xffffffd1, 0x6, 0x1, 0xb3, 0x5, 0x5, 0x1, 0x9, 0x4, 0x3, 0x9, 0x0, 0x5, 0x2c9, 0x8bf, 0x0, 0xde39067, 0x1, 0x8, 0x6, 0x1534fe8b, 0x5, 0x0, 0x6, 0x2, 0x4, 0x81, 0xd16d, 0x0, 0xf9, 0x8, 0x401, 0xffffffff, 0x7fffffff, 0x80000000, 0x402, 0x81, 0x800, 0x9, 0x651, 0x10001, 0x6, 0x0, 0x5, 0x1d58, 0x401, 0x3, 0x8002, 0x8, 0x36, 0x15a, 0x2, 0x6, 0x5, 0x7, 0x6, 0x79, 0x8, 0x1da, 0x1, 0x9, 0x30, 0x0, 0xfffffff9, 0x9c06, 0x400007, 0x0, 0x27b, 0x5, 0x1001, 0x3, 0x1, 0x6, 0x5, 0x64c, 0x4, 0xfffffff7, 0x9, 0x4, 0x80000000, 0x8000, 0x7, 0x7, 0x7, 0x3, 0xa, 0x8, 0xffff, 0x22, 0x9, 0x4, 0x3, 0x3, 0x9, 0xfffffffa, 0x1, 0x6, 0x3321, 0x9, 0x5]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x80000001, 0x7, 0x3ff, 0x7, 0x4, 0x2, 0xffffffc0, 0x7ff, 0x86, 0x9, 0x9, 0x2, 0x8c, 0x1000200, 0x5, 0x5, 0x7, 0x5, 0x7, 0x1, 0x0, 0x4, 0x0, 0xc, 0xd, 0x3, 0x9, 0x49, 0x80000000, 0xd35, 0x25431060, 0xd2, 0x5, 0x9, 0xb5f0, 0x401, 0x7, 0x2, 0x6, 0x80000001, 0xa, 0x8, 0x9, 0x1, 0xccf1793, 0x2c800000, 0x5d, 0x1, 0x239, 0x2, 0x5a5057fd, 0x5, 0x4, 0x6, 0x8, 0x5, 0x200, 0x6, 0x10000, 0xf9, 0x6, 0x8, 0x7, 0x3, 0xfffffeff, 0x9, 0x1, 0x401, 0x1fb, 0x2, 0x0, 0x0, 0x800, 0x3, 0x0, 0x8, 0x10000, 0x6, 0x7c, 0x1, 0x9, 0xffffff01, 0x9, 0x8, 0x8052, 0x9, 0x5, 0x8, 0x142, 0x2d, 0x7, 0x8, 0xb, 0x81, 0x9, 0x3ff, 0x1, 0x10000, 0x9, 0x1, 0xb, 0xffffffff, 0x5, 0xe8, 0x6, 0x6, 0xf, 0x3, 0x0, 0xff, 0xfffffffa, 0xfffffff7, 0x8001, 0x5, 0x9, 0x8, 0x5, 0x9, 0x2, 0x2, 0x10001, 0x8, 0x0, 0x6, 0x4, 0x866, 0x7fff, 0xe0, 0x8, 0xd3a, 0x6000000, 0xfffffffc, 0x9, 0x7fff, 0x7, 0x10000, 0x3, 0x7fff, 0x40000000, 0x1, 0x7, 0xfffffffb, 0x3, 0x1, 0x9, 0x0, 0x7, 0x6, 0x4, 0x6fd, 0x4, 0x1, 0x2, 0x0, 0x5, 0x7, 0x4, 0x7, 0x8, 0x8, 0xc, 0x9, 0x6, 0x5, 0x0, 0x5, 0x2, 0x2, 0x8, 0x9, 0x9, 0x9, 0x5847cb5c, 0x9, 0x2, 0xffffffd8, 0x10001, 0xfffffffc, 0x5, 0x401, 0x8, 0x1, 0x2, 0x0, 0x0, 0x1200, 0x2, 0x0, 0xef2c, 0x80000001, 0xac5ae1dd, 0x0, 0x800, 0x1ff, 0x2, 0x3, 0x1, 0x8, 0x7785, 0x8001, 0x4, 0x5, 0x4, 0x7, 0x0, 0x6, 0xffffff2f, 0x8001, 0x3, 0x5, 0x3, 0x4, 0x7, 0x5, 0x7, 0xabd, 0x0, 0x10001, 0x6, 0x4, 0x30000000, 0x5, 0x13c1, 0x3, 0x7, 0x1, 0x8, 0x2, 0x6, 0x1, 0x2, 0x2, 0xb, 0x8, 0xa, 0x9, 0xfffffff9, 0x7, 0x7, 0x3, 0x8, 0x9, 0xfffffffc, 0x6, 0xe7a9, 0x10001, 0x6, 0x0, 0xb9, 0x8cca, 0xdda5, 0x1, 0xa, 0x7fffffff, 0x10, 0x31f]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x2, 0x4, 0x7f, 0x0, {0x6, 0x0, 0x6, 0x7ff, 0x6e6, 0xd74}, {0x8, 0x0, 0xffff, 0x8, 0x7f, 0x7fff}, 0x0, 0x8000, 0xbab2}}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x24000005}, 0x4000)
r8 = socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f0000000240))
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x4)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="043106ffffffffffffabb321c0d75893b134d15cd80536ef007ddd3ec1aa607f7b52909766ee727212659b7d9cf5fa"], 0x9)
r9 = socket$packet(0x11, 0x2, 0x300)
sendmmsg$sock(r9, &(0x7f0000000300)=[{{&(0x7f0000000640)=@tipc=@name={0x1e, 0x8, 0x3, {{0x41}}}, 0x80, 0x0}}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f00000000c0)="363e0f01cb0f01dbc744240000500000c744240256000000c7442406000000000f0114242e0fc7b700a00000b9760100000f320f23b1c744240015fc0000c7442402b0dc61f5c7442406000000000f011c2464f30f22210f20e035000004000f22e00f35", 0x64}], 0x1, 0x10, &(0x7f0000000240), 0x0)

298.104µs ago: executing program 4 (id=3207):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sm3)\x00'}, 0x58)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=@RTM_DELMDB={0x38, 0x55, 0x701, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x0, {@in6_addr=@loopback}}}]}, 0x38}}, 0x40080)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r0, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000040)={&(0x7f00000003c0)={0x598, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xfff, 0x4b}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xba0}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xab3}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x12, 0xcd, [0x7, 0x3, 0xfcd9, 0x6, 0x2, 0xfff5, 0x3]}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x0, 0x7ff]}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x5, 0x40e, 0x9]}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @NL80211_ATTR_FRAME={0x399, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x10}, @device_a, @device_b, @from_mac=@broadcast, {0x8, 0x5}, @value=@ver_80211n={0x0, 0xe, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, 0x8, @default, 0x8, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x6, [{0x6, 0x1}, {0x4}, {0x1b, 0x1}, {0x1}, {0x36}, {0x5}]}, @void, @val={0x4, 0x6, {0xdd, 0xf2, 0x1, 0x8c}}, @val={0x6, 0x2, 0x800}, @val={0x5, 0xa9, {0x6, 0x9c, 0x3, "df31e29badfcdd6bbb059dd652cdaf4bae2627bb6e46d1ec8f1121d0812a2eff1367174b0226a1728a8dec8aa43493b9fa7c67a5069138f4a36199621fa8d17040eb8f0e95f778245747b55937b3e38c352e756d5c3413129ff213a77a3b73d6e68d6749d1a8896e0e0690fdfab3272a3e71c082fda5bbf0a2918fc812f5bee1a4fa8a1da5965cefaacbf14422d28995f23c73af08eae4d902b62f07731582803994c78fb9da"}}, @val={0x25, 0x3, {0x0, 0xad, 0x56}}, @void, @void, @void, @void, @void, @val={0x76, 0x6, {0x4, 0x9, 0x5, 0x3}}, [{0xdd, 0x41, "7caa943bb43a7ef80eb3732c160c46202ed6c084ada8ba3859ed9282c3f4d55845ae59cf9b799428e1c5bf98445ec0ea2c8f2bfaeba0090c9d5b7eb81038903acf"}, {0xdd, 0xf3, "62cc3a920182d88493320589401e2b48ca958c9b670802621159c895999088199e2b7e0171cbfd94ec20050ddf01c9c6a157f3485f399d5028bae3af146d6ac446738224db38f8a133ae99561ccaebe15b84388d021bbf9422920ba71fe12bb31bf1b1ff8e96c48fe7d5f1a28b838219ce602633b1fb48eacab97523fed4716117a61586f25578a0d84b7ab068528d4ef94f6f9f6eef4b234047217ddbb09f0a4a71900824c234aefbd05315ec824bcc931ffaf7e61589e038d6c2d2dd6167530dd2973f367458e8be8a190d4d37cf6c03ecb841f0d96558003e5e15eee078a22e396f7a9fdd06b25ed1b89bd536127a8e9627"}, {0xdd, 0x35, "c65da1068aa921745e8834130c5e6f3119c760786e41dcf9fccf34919eef260223a5fd1c12f5137fbe22ee703807e8af5d6b4c24af"}, {0xdd, 0x2c, "3b2c6df9ad331de3aa2f7788ce01eb4bbccf6478aac0f8aae7c478e3292a8100fc7ce617f4ac53da4c5fb87e"}, {0xdd, 0xfa, "8f5479cee6296c21bc163cfcc7999ce013848c4c7d115ad0fed6af1ef56be91ab0dbc9cf2898d9163e3177603815aa3710736375be2150f9c83b0507221c223ad76093def64a23c6992dbde3c245c738cc523199128485c706662e381876ea71dc2d16bdd742cc807b07c654e7deacb6b7631e831446acc1b6adedb04e43f3cc8e6a8a6b0c242b7e7a929f1e497e3316e1d5cc5cea652b87fe9e2d36f139ae7dd3a1eaa354483260fc4a846b0063e5f6af06d8650cfe7e39be0cab96a341eaec7035b00ab289aca29a2f39b2433d41ccd3036ccba9a891f57a31215f217cf4cbab37d6a601228ef9dd7cef8d3872fb911645a86f6d85471b7662"}]}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @NL80211_ATTR_FRAME={0x160, 0x33, @assoc_resp={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x4e8}, @device_a, @broadcast, @from_mac, {0x4, 0x94c}, @value=@ver_80211n={0x0, 0x4, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0xc480, 0x26, @random=0x180, @val={0x1, 0x7, [{0x4, 0x1}, {0x60}, {0x60, 0x1}, {0x12}, {0x36, 0x1}, {0x4, 0x1}, {0x1}]}, @void, [{0xdd, 0x82, "f4798507f22f7711592b21447632a63a23476efc2d90f218bc522ade25c66dcd19a78cbf3a1df518e19470ef9f7abb7ccbf479343ec3706a4afbf2040d98efe60fd0f852d25cfda3b41b709e46c68f47626a40d28e6a4b44e1af9a68959a1c65fd9c65d0fd0a4b9e26ee96a6b3daf5cb8369a1fa79063e5b6e692a141ebad1cba436"}, {0xdd, 0xab, "22ed646271c8429e87a34183a50955c22916e88b4a782cf1cceb34a5e210f23bb4436f13d5b249bdc6250fbd2231fa3fc60b947442ecf48b8e39e6e894003d3f5ea8544e3a84a7ecbc5a24fe722c478781952c07ff2535e78631c271b99053eae4b2747478035ede5d0d4c6accaa4faf316a38da89f9a97c8628f1aa0deaa07e581978a37d1c8c454845c1ee72f418a61179f544700df611d31d0c65ab460c2963822cc63926ccc8c91bb6"}]}}]}, 0x598}, 0x1, 0x0, 0x0, 0x40000}, 0x20048800)
sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0xa, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x8000)

0s ago: executing program 4 (id=3208):
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000001000010025bd7000fedbdf2500000000", @ANYRES32=r1, @ANYBLOB="10080400030000000800040000010000140016"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x24000000)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000100))
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
r7 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', <r8=>0x0})
ioctl$RTC_WKALM_RD(r4, 0x80287010, &(0x7f00000000c0))
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xfff1, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0xe}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x3, [0x0, 0x0, 0xff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0xfd], 0x0, [0x5, 0x6, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x1, 0x2]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xfffffffc}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xac}}, 0x0)
bind$alg(r6, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(aegis128-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r6, 0x117, 0x5, 0x0, 0x6)

kernel console output (not intermixed with test programs):

ttributes in process `syz.6.2603'.
[  254.978896][T13660] comedi comedi0: Minor -2147450880 is invalid!
[  255.023101][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  255.293006][T13677] netlink: 80 bytes leftover after parsing attributes in process `syz.6.2608'.
[  255.447339][T13689] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  255.458557][T13689] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2613'.
[  255.461443][T13689] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2613'.
[  255.472280][T13689] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  255.515461][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  255.579681][T13692] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2614'.
[  255.585209][T13692] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[  255.798124][T13700] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  256.072998][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  256.323647][T13715] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  256.620030][T13729] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.2626'.
[  256.647676][ T5973] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  256.950549][T13740] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  257.113030][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  257.597199][   T24] hid_parser_main: 28 callbacks suppressed
[  257.597211][   T24] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  257.606046][   T24] hid-generic 0000:0000:0000.0008: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  257.920372][T13768] netlink: 'syz.6.2641': attribute type 4 has an invalid length.
[  257.942164][T13768] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2641'.
[  257.945798][T13768] macsec0: left allmulticast mode
[  257.947455][T13768] veth1_macvtap: left allmulticast mode
[  257.949273][T13768] macsec0: left promiscuous mode
[  257.951122][T13768] bridge0: port 3(macsec0) entered disabled state
[  257.957278][T13768] bridge_slave_1: left allmulticast mode
[  257.959191][T13768] bridge_slave_1: left promiscuous mode
[  257.961170][T13768] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.966714][T13768] bridge_slave_0: left allmulticast mode
[  257.968648][T13768] bridge_slave_0: left promiscuous mode
[  257.970599][T13768] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.078922][   T40] kauditd_printk_skb: 869 callbacks suppressed
[  258.078932][   T40] audit: type=1400 audit(1754409263.786:22547): avc:  denied  { unmount } for  pid=6775 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  258.099372][   T40] audit: type=1400 audit(1754409263.806:22548): avc:  denied  { read write } for  pid=6775 comm="syz-executor" name="loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  258.107039][   T40] audit: type=1400 audit(1754409263.806:22549): avc:  denied  { read write open } for  pid=6775 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  258.114953][   T40] audit: type=1400 audit(1754409263.806:22550): avc:  denied  { ioctl } for  pid=6775 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=662 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  258.135724][   T40] audit: type=1400 audit(1754409263.846:22551): avc:  denied  { read write } for  pid=9711 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  258.143469][   T40] audit: type=1400 audit(1754409263.846:22552): avc:  denied  { read write open } for  pid=9711 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  258.151228][   T40] audit: type=1400 audit(1754409263.846:22553): avc:  denied  { ioctl } for  pid=9711 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  258.160103][   T40] audit: type=1400 audit(1754409263.846:22554): avc:  denied  { create } for  pid=13770 comm="syz.4.2642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  258.169523][   T40] audit: type=1400 audit(1754409263.856:22555): avc:  denied  { create } for  pid=13770 comm="syz.4.2642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  258.177980][   T40] audit: type=1400 audit(1754409263.856:22556): avc:  denied  { read } for  pid=13770 comm="syz.4.2642" dev="nsfs" ino=4026533457 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  258.237804][T13780] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2645'.
[  258.241283][T13779] vlan2: entered promiscuous mode
[  258.243491][T13779] team0: entered promiscuous mode
[  258.245750][T13779] team_slave_0: entered promiscuous mode
[  258.248214][T13779] team_slave_1: entered promiscuous mode
[  258.250738][T13779] vlan2: entered allmulticast mode
[  258.252746][T13779] team0: entered allmulticast mode
[  258.255081][T13779] team_slave_0: entered allmulticast mode
[  258.257307][T13779] team_slave_1: entered allmulticast mode
[  258.261112][T13779] bond0: (slave vlan2): Enslaving as an active interface with an up link
[  258.315672][T13784] syz.7.2646: attempt to access beyond end of device
[  258.315672][T13784] loop7: rw=6144, sector=128, nr_sectors = 8 limit=0
[  258.320748][T13784] gfs2: error -5 reading superblock
[  258.418934][T13785] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=13785 comm=syz.4.2647
[  258.577005][T13808] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  258.620444][T13811] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2657'.
[  258.623530][T13811] openvswitch: netlink: nsh attr 8196 is out of range max 3
[  258.625952][T13811] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  258.883039][ T1332] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  259.038087][ T1332] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  259.041129][ T1332] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  259.044251][ T1332] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  259.054809][ T1332] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  259.057684][ T1332] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  259.060209][ T1332] usb 5-1: Product: syz
[  259.061544][ T1332] usb 5-1: Manufacturer: syz
[  259.063118][ T1332] usb 5-1: SerialNumber: syz
[  259.279210][ T1332] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 23 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  259.362488][T13819] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  259.366644][T13819] mac80211_hwsim hwsim16 syzkaller0: entered promiscuous mode
[  259.369011][T13819] mac80211_hwsim hwsim16 syzkaller0: entered allmulticast mode
[  259.390381][T13819] syzkaller0: mtu greater than device maximum
[  259.490840][T13829] random: crng reseeded on system resumption
[  259.553257][T13834] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.2661' resets device
[  259.705293][ T6196] usb 5-1: USB disconnect, device number 23
[  259.709548][ T6196] usblp0: removed
[  260.348590][T13862] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  260.474465][T13869] veth0_vlan: left promiscuous mode
[  260.811223][T13884] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  261.346091][T13908] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  261.790290][T13930] binder: BINDER_SET_CONTEXT_MGR already set
[  261.792277][T13930] binder: 13929:13930 ioctl 4018620d 2000000002c0 returned -16
[  262.464490][ T5979] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  262.468961][ T5979] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  262.471979][ T5979] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  262.476854][ T5979] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  262.480568][ T5979] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  262.692653][T12877] syz_tun (unregistering): left allmulticast mode
[  262.706051][T13953] chnl_net:caif_netlink_parms(): no params data found
[  262.815760][  T842] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.827332][T13953] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.829682][T13953] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.832061][T13953] bridge_slave_0: entered allmulticast mode
[  262.835029][T13953] bridge_slave_0: entered promiscuous mode
[  262.839465][T13953] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.842739][T13953] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.848514][T13953] bridge_slave_1: entered allmulticast mode
[  262.851259][T13953] bridge_slave_1: entered promiscuous mode
[  262.917832][  T842] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.927838][T13953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  262.938893][T13953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.980953][T13953] team0: Port device team_slave_0 added
[  262.992120][  T842] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.006082][T13953] team0: Port device team_slave_1 added
[  263.067234][T13953] batman_adv: batadv0: Adding interface: batadv_slave_0
[  263.070078][T13953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  263.081616][T13953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  263.085198][   T40] kauditd_printk_skb: 2002 callbacks suppressed
[  263.085209][   T40] audit: type=1400 audit(1754409268.786:24559): avc:  denied  { create } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.096386][   T40] audit: type=1400 audit(1754409268.786:24560): avc:  denied  { create } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.108780][   T40] audit: type=1400 audit(1754409268.786:24561): avc:  denied  { write } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.116251][  T842] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.123825][   T40] audit: type=1400 audit(1754409268.786:24562): avc:  denied  { read } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.132792][T13953] batman_adv: batadv0: Adding interface: batadv_slave_1
[  263.135633][   T40] audit: type=1400 audit(1754409268.796:24563): avc:  denied  { read } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.135662][   T40] audit: type=1400 audit(1754409268.796:24564): avc:  denied  { write } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.135683][   T40] audit: type=1400 audit(1754409268.796:24565): avc:  denied  { write } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.135704][   T40] audit: type=1400 audit(1754409268.796:24566): avc:  denied  { read } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.135725][   T40] audit: type=1400 audit(1754409268.796:24567): avc:  denied  { read } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.135746][   T40] audit: type=1400 audit(1754409268.796:24568): avc:  denied  { write } for  pid=13974 comm="syz.6.2710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  263.185575][T13953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  263.193345][   T10] page_pool_release_retry() stalled pool shutdown: id 57, 1 inflight 60 sec
[  263.198067][T13953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  263.248279][T13953] hsr_slave_0: entered promiscuous mode
[  263.250663][T13953] hsr_slave_1: entered promiscuous mode
[  263.635175][  T842] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  263.638111][  T842] bond_slave_0: left promiscuous mode
[  263.640660][  T842] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  263.643992][  T842] bond_slave_1: left promiscuous mode
[  263.647746][  T842] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  263.650600][  T842] mac80211_hwsim hwsim11 wlan1: left promiscuous mode
[  263.653038][  T842] bond0 (unregistering): Released all slaves
[  263.659688][  T842] bond1 (unregistering): (slave bond2): Releasing backup interface
[  263.662678][  T842] bond1 (unregistering): Released all slaves
[  263.760695][  T842] bond2 (unregistering): Released all slaves
[  263.842038][  T842] bond3 (unregistering): Released all slaves
[  263.848820][  T842] bond4 (unregistering): Released all slaves
[  263.969278][  T842] tipc: Disabling bearer <udp:s>
[  263.977496][  T842] tipc: Disabling bearer <eth:syzkaller0>
[  263.981229][  T842] tipc: Left network mode
[  264.100693][T13992] FAULT_INJECTION: forcing a failure.
[  264.100693][T13992] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.106349][T13992] CPU: 0 UID: 0 PID: 13992 Comm: syz.6.2717 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  264.106367][T13992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  264.106373][T13992] Call Trace:
[  264.106377][T13992]  <TASK>
[  264.106382][T13992]  dump_stack_lvl+0x16c/0x1f0
[  264.106411][T13992]  should_fail_ex+0x512/0x640
[  264.106427][T13992]  _copy_from_user+0x2e/0xd0
[  264.106439][T13992]  copy_folio_from_user+0x118/0x2f0
[  264.106459][T13992]  mfill_atomic_copy+0x19c4/0x1f50
[  264.106480][T13992]  ? __might_fault+0xe3/0x190
[  264.106490][T13992]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  264.106507][T13992]  userfaultfd_ioctl+0x2436/0x3930
[  264.106521][T13992]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  264.106531][T13992]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  264.106552][T13992]  ? hook_file_ioctl_common+0x145/0x410
[  264.106571][T13992]  ? selinux_file_ioctl+0x180/0x270
[  264.106584][T13992]  ? selinux_file_ioctl+0xb4/0x270
[  264.106597][T13992]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  264.106608][T13992]  ? __x64_sys_ioctl+0x18b/0x210
[  264.106623][T13992]  __x64_sys_ioctl+0x18b/0x210
[  264.106639][T13992]  do_syscall_64+0xcd/0x4c0
[  264.106667][T13992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.106678][T13992] RIP: 0033:0x7f837298eb69
[  264.106688][T13992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  264.106699][T13992] RSP: 002b:00007f837389f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  264.106710][T13992] RAX: ffffffffffffffda RBX: 00007f8372bb5fa0 RCX: 00007f837298eb69
[  264.106717][T13992] RDX: 0000200000000100 RSI: 00000000c028aa03 RDI: 0000000000000003
[  264.106723][T13992] RBP: 00007f837389f090 R08: 0000000000000000 R09: 0000000000000000
[  264.106729][T13992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  264.106735][T13992] R13: 0000000000000000 R14: 00007f8372bb5fa0 R15: 00007ffde15e2728
[  264.106748][T13992]  </TASK>
[  264.216765][T13996] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2719'.
[  264.325474][T14004] overlay: Unknown parameter 'subj_role'
[  264.329271][T14004] usb usb8: usbfs: process 14004 (syz.7.2722) did not claim interface 0 before use
[  264.417238][  T842] hsr_slave_0: left promiscuous mode
[  264.419348][  T842] hsr_slave_1: left promiscuous mode
[  264.555084][ T5973] Bluetooth: hci3: command tx timeout
[  265.112586][  T842] team_slave_0 (unregistering): left promiscuous mode
[  265.117655][  T842] team0 (unregistering): Port device team_slave_0 removed
[  265.353034][   T54] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  265.387653][T14018] comedi: valid board names for 8255 driver are:
[  265.389733][T14018]  8255
[  265.390652][T14018] comedi: valid board names for vmk80xx driver are:
[  265.392715][T14018]  vmk80xx
[  265.394230][T14018] comedi: valid board names for usbduxsigma driver are:
[  265.396411][T14018]  usbduxsigma
[  265.397552][T14018] comedi: valid board names for usbduxfast driver are:
[  265.399742][T14018]  usbduxfast
[  265.400794][T14018] comedi: valid board names for usbdux driver are:
[  265.402775][T14018]  usbdux
[  265.403880][T14018] comedi: valid board names for ni6501 driver are:
[  265.406690][T14018]  ni6501
[  265.407611][T14018] comedi: valid board names for dt9812 driver are:
[  265.409524][T14018]  dt9812
[  265.410530][T14018] comedi: valid board names for ni_labpc_cs driver are:
[  265.412610][T14018]  ni_labpc_cs
[  265.413819][T14018] comedi: valid board names for ni_daq_700 driver are:
[  265.416001][T14018]  ni_daq_700
[  265.417196][T14018] comedi: valid board names for labpc_pci driver are:
[  265.419910][T14018]  labpc_pci
[  265.421234][T14018] comedi: valid board names for adl_pci9118 driver are:
[  265.424252][T14018]  pci9118dg
[  265.425538][T14018]  pci9118hg
[  265.426866][T14018]  pci9118hr
[  265.428271][T14018] comedi: valid board names for 8255_pci driver are:
[  265.431017][T14018]  8255_pci
[  265.432317][T14018] comedi: valid board names for s526 driver are:
[  265.435241][T14018]  s526
[  265.436369][T14018] comedi: valid board names for multiq3 driver are:
[  265.438985][ T6050] usb 11-1: new high-speed USB device number 18 using dummy_hcd
[  265.442989][T14018]  multiq3
[  265.443939][T14018] comedi: valid board names for pcmuio driver are:
[  265.445866][T14018]  pcmuio48
[  265.446848][T14018]  pcmuio96
[  265.447861][T14018] comedi: valid board names for pcmmio driver are:
[  265.449758][T14018]  pcmmio
[  265.450804][T14018] comedi: valid board names for pcmda12 driver are:
[  265.452830][T14018]  pcmda12
[  265.454309][T14018] comedi: valid board names for pcmad driver are:
[  265.456192][T14018]  pcmad12
[  265.457144][T14018]  pcmad16
[  265.458134][T14018] comedi: valid board names for ni_labpc driver are:
[  265.460061][T14018]  lab-pc-1200
[  265.461100][T14018]  lab-pc-1200ai
[  265.462175][T14018]  lab-pc+
[  265.463132][T14018] comedi: valid board names for atmio16 driver are:
[  265.465127][T14018]  atmio16
[  265.466086][T14018]  atmio16d
[  265.467052][T14018] comedi: valid board names for ni_at_ao driver are:
[  265.468990][T14018]  at-ao-6
[  265.469948][T14018]  at-ao-10
[  265.470902][T14018] comedi: valid board names for ni_at_a2150 driver are:
[  265.472992][T14018]  ni_at_a2150
[  265.474034][T14018] comedi: valid board names for adq12b driver are:
[  265.475966][T14018]  adq12b
[  265.476873][T14018] comedi: valid board names for mpc624 driver are:
[  265.478761][T14018]  mpc624
[  265.479628][T14018] comedi: valid board names for c6xdigio driver are:
[  265.481612][T14018]  c6xdigio
[  265.482581][T14018] comedi: valid board names for aio_iiro_16 driver are:
[  265.484815][T14018]  aio_iiro_16
[  265.485845][T14018] comedi: valid board names for aio_aio12_8 driver are:
[  265.487850][T14018]  aio_aio12_8
[  265.488920][T14018]  aio_ai12_8
[  265.489947][T14018]  aio_ao12_4
[  265.490948][T14018] comedi: valid board names for fl512 driver are:
[  265.492813][T14018]  fl512
[  265.493882][T14018] comedi: valid board names for dmm32at driver are:
[  265.495960][T14018]  dmm32at
[  265.496906][T14018] comedi: valid board names for dt282x driver are:
[  265.498911][T14018]  dt2821
[  265.499809][T14018]  dt2821-f
[  265.500809][T14018]  dt2821-g
[  265.501782][T14018]  dt2823
[  265.502659][T14018]  dt2824-pgh
[  265.504673][T14018]  dt2824-pgl
[  265.505881][T14018]  dt2825
[  265.507011][T14018]  dt2827
[  265.508059][T14018]  dt2828
[  265.509003][T14018]  dt2829
[  265.510072][T14018]  dt21-ez
[  265.511099][T14018]  dt23-ez
[  265.512100][T14018]  dt24-ez
[  265.513352][T14018]  dt24-ez-pgl
[  265.514545][T14018] comedi: valid board names for dt2817 driver are:
[  265.516737][T14018]  dt2817
[  265.517812][T14018] comedi: valid board names for dt2815 driver are:
[  265.519889][T14018]  dt2815
[  265.520853][T14018] comedi: valid board names for dt2814 driver are:
[  265.523038][T14018]  dt2814
[  265.523066][   T54] usb 5-1: Using ep0 maxpacket: 16
[  265.524407][T14018] comedi: valid board names for dt2811 driver are:
[  265.524421][T14018]  dt2811-pgh
[  265.524427][T14018]  dt2811-pgl
[  265.524432][T14018] comedi: valid board names for dt2801 driver are:
[  265.532788][   T54] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  265.532864][T14018]  dt2801
[  265.536030][   T54] usb 5-1: config 0 has no interfaces?
[  265.536929][T14018] comedi: valid board names for das6402 driver are:
[  265.536938][T14018]  das6402-12
[  265.536942][T14018]  das6402-16
[  265.536946][T14018] comedi: valid board names for das1800 driver are:
[  265.536952][T14018]  das-1701st
[  265.536956][T14018]  das-1701st-da
[  265.536960][T14018]  das-1702st
[  265.536964][T14018]  das-1702st-da
[  265.536968][T14018]  das-1702hr
[  265.536972][T14018]  das-1702hr-da
[  265.548271][   T54] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  265.548580][T14018]  das-1701ao
[  265.549745][   T54] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  265.550813][T14018]  das-1702ao
[  265.550822][T14018]  das-1801st
[  265.550826][T14018]  das-1801st-da
[  265.550830][T14018]  das-1802st
[  265.550835][T14018]  das-1802st-da
[  265.550839][T14018]  das-1802hr
[  265.550842][T14018]  das-1802hr-da
[  265.550846][T14018]  das-1801hc
[  265.550851][T14018]  das-1802hc
[  265.550854][T14018]  das-1801ao
[  265.551926][   T54] usb 5-1: Product: syz
[  265.554955][T14018]  das-1802ao
[  265.555906][   T54] usb 5-1: SerialNumber: syz
[  265.558466][T14018] comedi: valid board names for das800 driver are:
[  265.558476][T14018]  das-800
[  265.558481][T14018]  cio-das800
[  265.558485][T14018]  das-801
[  265.558489][T14018]  cio-das801
[  265.564667][   T54] usb 5-1: config 0 descriptor??
[  265.565608][T14018]  das-802
[  265.565617][T14018]  cio-das802
[  265.565621][T14018]  cio-das802/16
[  265.565626][T14018] comedi: valid board names for isa-das08 driver are:
[  265.565631][T14018]  isa-das08
[  265.565635][T14018]  das08-pgm
[  265.565639][T14018]  das08-pgh
[  265.591453][T14018]  das08-pgl
[  265.592473][T14018]  das08-aoh
[  265.593664][T14018]  das08-aol
[  265.594734][T14018]  das08-aom
[  265.595726][T14018]  das08/jr-ao
[  265.596768][T14018]  das08jr-16-ao
[  265.597040][ T6050] usb 11-1: Using ep0 maxpacket: 8
[  265.597895][T14018]  pc104-das08
[  265.597902][T14018]  das08jr/16
[  265.597906][T14018] comedi: valid board names for das16m1 driver are:
[  265.597912][T14018]  das16m1
[  265.597916][T14018] comedi: valid board names for dac02 driver are:
[  265.597941][T14018]  dac02
[  265.605198][ T6050] usb 11-1: config 0 has an invalid interface number: 55 but max is 0
[  265.606933][T14018] comedi: valid board names for rti802 driver are:
[  265.607833][ T6050] usb 11-1: config 0 has no interface number 0
[  265.610489][T14018]  rti802
[  265.610500][T14018] comedi: valid board names for rti800 driver are:
[  265.610506][T14018]  rti800
[  265.610510][T14018]  rti815
[  265.610515][T14018] comedi: valid board names for pcm3724 driver are:
[  265.610521][T14018]  pcm3724
[  265.612436][ T6050] usb 11-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  265.614533][T14018] comedi: valid board names for pcl818 driver are:
[  265.615377][ T6050] usb 11-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  265.617368][T14018]  pcl818l
[  265.617376][T14018]  pcl818h
[  265.617380][T14018]  pcl818hd
[  265.617384][T14018]  pcl818hg
[  265.617388][T14018]  pcl818
[  265.617391][T14018]  pcl718
[  265.617395][T14018]  pcm3718
[  265.617400][T14018] comedi: valid board names for pcl816 driver are:
[  265.618318][ T6050] usb 11-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  265.619224][T14018]  pcl816
[  265.619230][T14018]  pcl814b
[  265.619235][T14018] comedi: valid board names for pcl812 driver are:
[  265.619240][T14018]  pcl812
[  265.619244][T14018]  pcl812pg
[  265.619248][T14018]  acl8112pg
[  265.619252][T14018]  acl8112dg
[  265.621183][ T6050] usb 11-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  265.622177][T14018]  acl8112hg
[  265.625438][ T6050] usb 11-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  265.627529][T14018]  a821pgl
[  265.627538][T14018]  a821pglnda
[  265.627542][T14018]  a821pgh
[  265.627546][T14018]  a822pgl
[  265.627550][T14018]  a822pgh
[  265.627554][T14018]  a823pgl
[  265.627558][T14018]  a823pgh
[  265.627562][T14018]  pcl813
[  265.627566][T14018]  pcl813b
[  265.627570][T14018]  acl8113
[  265.627573][T14018]  iso813
[  265.627578][T14018]  acl8216
[  265.630906][ T6050] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.631918][T14018]  a826pg
[  265.631927][T14018] comedi: valid board names for pcl730 driver are:
[  265.631932][T14018]  pcl730
[  265.631936][T14018]  iso730
[  265.631940][T14018]  acl7130
[  265.631944][T14018]  pcm3730
[  265.631948][T14018]  pcl725
[  265.635815][ T6050] usb 11-1: config 0 descriptor??
[  265.635980][T14018]  p8r8dio
[  265.646921][ T6050] ldusb 11-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  265.647384][T14018]  acl7225b
[  265.688508][T14018]  p16r16dio
[  265.689545][T14018]  pcl733
[  265.690501][T14018]  pcl734
[  265.691436][T14018]  opmm-1616-xt
[  265.692542][T14018]  pearl-mm-p
[  265.693678][T14018]  ir104-pbf
[  265.694752][T14018] comedi: valid board names for pcl726 driver are:
[  265.696814][T14018]  pcl726
[  265.697759][T14018]  pcl727
[  265.698715][T14018]  pcl728
[  265.699654][T14018]  acl6126
[  265.700642][T14018]  acl6128
[  265.701625][T14018] comedi: valid board names for pcl724 driver are:
[  265.703718][T14018]  pcl724
[  265.704708][T14018]  pcl722
[  265.705656][T14018]  pcl731
[  265.706654][T14018]  acl7122
[  265.707643][T14018]  acl7124
[  265.708634][T14018]  pet48dio
[  265.709648][T14018]  pcmio48
[  265.710658][T14018]  onyx-mm-dio
[  265.711750][T14018] comedi: valid board names for pcl711 driver are:
[  265.713879][T14018]  pcl711
[  265.714884][T14018]  pcl711b
[  265.715891][T14018]  acl8112hg
[  265.716933][T14018]  acl8112dg
[  265.717995][T14018] comedi: valid board names for amplc_pc263 driver are:
[  265.720152][T14018]  pc263
[  265.721108][T14018] comedi: valid board names for amplc_pc236 driver are:
[  265.723338][T14018]  pc36at
[  265.724323][T14018] comedi: valid board names for amplc_dio200 driver are:
[  265.726521][T14018]  pc212e
[  265.727503][T14018]  pc214e
[  265.728446][T14018]  pc215e
[  265.729384][T14018]  pc218e
[  265.730356][T14018]  pc272e
[  265.731334][T14018] comedi: valid board names for comedi_parport driver are:
[  265.733695][T14018]  comedi_parport
[  265.734895][T14018] comedi: valid board names for comedi_test driver are:
[  265.737044][T14018]  comedi_test
[  265.738181][T14018] comedi: valid board names for comedi_bond driver are:
[  265.740326][T14018]  comedi_bond
[  265.815536][ T6196] usb 5-1: USB disconnect, device number 24
[  265.848433][ T6050] usb 11-1: USB disconnect, device number 18
[  265.857103][ T6050] ldusb 11-1:0.55: LD USB Device #0 now disconnected
[  265.871721][T13953] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  265.877427][T13953] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  265.882901][T13953] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  265.890515][T13953] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  266.018490][T13953] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.039533][T13953] 8021q: adding VLAN 0 to HW filter on device team0
[  266.048570][   T89] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.050856][   T89] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.058874][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.061152][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.346841][T13953] 8021q: adding VLAN 0 to HW filter on device batadv0
[  266.623116][ T5973] Bluetooth: hci3: command tx timeout
[  266.769024][T13953] veth0_vlan: entered promiscuous mode
[  266.782738][T13953] veth1_vlan: entered promiscuous mode
[  266.820569][T13953] veth0_macvtap: entered promiscuous mode
[  266.821356][T14066] overlayfs: missing 'workdir'
[  266.829163][T13953] veth1_macvtap: entered promiscuous mode
[  266.853576][T13953] batman_adv: batadv0: Interface activated: batadv_slave_0
[  266.859898][T14066] netlink: 'syz.6.2740': attribute type 3 has an invalid length.
[  266.862732][T14066] netlink: 'syz.6.2740': attribute type 1 has an invalid length.
[  266.864576][T13953] batman_adv: batadv0: Interface activated: batadv_slave_1
[  266.866051][T14066] netlink: 212 bytes leftover after parsing attributes in process `syz.6.2740'.
[  266.870478][T14066] NCSI netlink: No device for ifindex 0
[  266.874672][ T1247] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  266.877624][ T1247] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  266.881181][ T1247] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  266.884581][ T1247] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  266.948945][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  266.951316][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  266.975948][   T89] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  266.978710][   T89] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.013266][T14077] sctp: [Deprecated]: syz.7.2743 (pid 14077) Use of int in maxseg socket option.
[  267.013266][T14077] Use struct sctp_assoc_value instead
[  267.018476][T14076] sctp: [Deprecated]: syz.7.2743 (pid 14076) Use of int in maxseg socket option.
[  267.018476][T14076] Use struct sctp_assoc_value instead
[  267.067348][T14080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2704'.
[  267.495322][T14099] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  267.499548][T14099] syzkaller0: entered promiscuous mode
[  267.501298][T14099] syzkaller0: entered allmulticast mode
[  267.509062][T14099] tipc: Resetting bearer <eth:syzkaller0>
[  267.512750][T14098] tipc: Resetting bearer <eth:syzkaller0>
[  267.522174][T14098] tipc: Disabling bearer <eth:syzkaller0>
[  268.072708][T14118] SELinux:  policydb magic number 0xf95aff8c does not match expected magic number 0xf97cff8c
[  268.076324][T14118] SELinux: failed to load policy
[  268.093833][   T40] kauditd_printk_skb: 891 callbacks suppressed
[  268.093844][   T40] audit: type=1400 audit(1754409273.806:25458): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.102557][   T40] audit: type=1400 audit(1754409273.806:25459): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.111512][   T40] audit: type=1400 audit(1754409273.806:25460): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.119439][   T40] audit: type=1400 audit(1754409273.806:25461): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.126038][   T40] audit: type=1400 audit(1754409273.806:25462): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.132465][   T40] audit: type=1400 audit(1754409273.806:25463): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.136977][T14114] audit: audit_backlog=65 > audit_backlog_limit=64
[  268.140563][   T40] audit: type=1400 audit(1754409273.806:25464): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.141799][T14114] audit: audit_lost=9 audit_rate_limit=0 audit_backlog_limit=64
[  268.148218][   T40] audit: type=1400 audit(1754409273.806:25465): avc:  denied  { read } for  pid=14111 comm="syz.6.2752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  268.376928][T14122] bridge0: port 3(syz_tun) entered blocking state
[  268.379647][T14122] bridge0: port 3(syz_tun) entered disabled state
[  268.381997][T14122] syz_tun: entered allmulticast mode
[  268.384733][T14122] syz_tun: entered promiscuous mode
[  268.388141][T14122] bridge0: port 3(syz_tun) entered blocking state
[  268.390815][T14122] bridge0: port 3(syz_tun) entered forwarding state
[  268.703138][ T5973] Bluetooth: hci3: command tx timeout
[  269.079085][T14140] random: crng reseeded on system resumption
[  269.293015][ T8987] usb 11-1: new high-speed USB device number 19 using dummy_hcd
[  269.443734][ T8987] usb 11-1: Using ep0 maxpacket: 16
[  269.454246][ T8987] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  269.459761][ T8987] usb 11-1: config 0 has no interfaces?
[  269.468980][ T8987] usb 11-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  269.473642][ T8987] usb 11-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  269.477189][ T8987] usb 11-1: Product: syz
[  269.478882][ T8987] usb 11-1: SerialNumber: syz
[  269.484120][ T8987] usb 11-1: config 0 descriptor??
[  269.566803][T14161] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5135 sclass=netlink_route_socket pid=14161 comm=syz.7.2770
[  269.690687][T14173] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  269.694781][T14173] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14173 comm=syz.7.2773
[  269.770933][ T8987] usb 11-1: USB disconnect, device number 19
[  270.382490][T14195] 8021q: adding VLAN 0 to HW filter on device bond5
[  270.388564][T14195] bond5: entered promiscuous mode
[  270.390871][T14195] bond0: (slave bond5): Enslaving as an active interface with an up link
[  270.405989][T14196] 8021q: adding VLAN 0 to HW filter on device bond6
[  270.408743][T14196] bond6: entered promiscuous mode
[  270.410568][T14196] bond0: (slave bond6): Enslaving as an active interface with an up link
[  270.435626][T14202] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2781'.
[  270.655505][T14213] comedi comedi0: Minor -2147450880 is invalid!
[  270.667645][T14211] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  270.773873][T14222] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2786'.
[  270.778089][T14221] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2787'.
[  270.783026][ T5973] Bluetooth: hci3: command tx timeout
[  270.942638][T14226] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2789'.
[  270.947536][T14226] nfs4: Bad value for 'source'
[  271.073179][ T8987] usb 12-1: new high-speed USB device number 17 using dummy_hcd
[  271.223229][ T8987] usb 12-1: Using ep0 maxpacket: 16
[  271.230405][ T8987] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  271.233939][   T10] usb 11-1: new high-speed USB device number 20 using dummy_hcd
[  271.236451][ T8987] usb 12-1: config 0 has no interfaces?
[  271.242282][ T8987] usb 12-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  271.245246][ T8987] usb 12-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  271.247772][ T8987] usb 12-1: Product: syz
[  271.249138][ T8987] usb 12-1: SerialNumber: syz
[  271.254488][ T8987] usb 12-1: config 0 descriptor??
[  271.363000][   T10] usb 11-1: device descriptor read/64, error -71
[  271.520379][ T6050] usb 12-1: USB disconnect, device number 17
[  271.603032][   T10] usb 11-1: new high-speed USB device number 21 using dummy_hcd
[  271.734656][   T10] usb 11-1: device descriptor read/64, error -71
[  271.843239][   T10] usb usb11-port1: attempt power cycle
[  272.120176][T14247] netlink: 13 bytes leftover after parsing attributes in process `syz.7.2796'.
[  272.183062][   T10] usb 11-1: new high-speed USB device number 22 using dummy_hcd
[  272.186875][T14253] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2797'.
[  272.202694][T14255] comedi comedi0: Minor -2147450880 is invalid!
[  272.206715][   T10] usb 11-1: device descriptor read/8, error -71
[  272.333997][T14261] netlink: 'syz.0.2800': attribute type 12 has an invalid length.
[  272.336563][T14261] netlink: 'syz.0.2800': attribute type 29 has an invalid length.
[  272.339030][T14261] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2800'.
[  272.341983][T14261] netlink: 'syz.0.2800': attribute type 2 has an invalid length.
[  272.345389][T14261] netlink: 23 bytes leftover after parsing attributes in process `syz.0.2800'.
[  272.352361][T14261] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2800'.
[  272.355523][T14261] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2800'.
[  272.443110][   T10] usb 11-1: new high-speed USB device number 23 using dummy_hcd
[  272.464591][   T10] usb 11-1: device descriptor read/8, error -71
[  272.573287][   T10] usb usb11-port1: unable to enumerate USB device
[  273.250736][   T40] kauditd_printk_skb: 1883 callbacks suppressed
[  273.250751][   T40] audit: type=1400 audit(1754409278.956:27324): avc:  denied  { read write } for  pid=12918 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  273.261268][   T40] audit: type=1400 audit(1754409278.966:27325): avc:  denied  { read write open } for  pid=12918 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  273.271131][   T40] audit: type=1400 audit(1754409278.966:27326): avc:  denied  { ioctl } for  pid=12918 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  273.280463][   T40] audit: type=1400 audit(1754409278.966:27327): avc:  denied  { execmem } for  pid=14273 comm="syz.4.2805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  273.358261][   T40] audit: type=1400 audit(1754409279.066:27328): avc:  denied  { read write } for  pid=12918 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  273.366039][   T40] audit: type=1400 audit(1754409279.066:27329): avc:  denied  { read write open } for  pid=12918 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  273.375732][   T40] audit: type=1400 audit(1754409279.066:27330): avc:  denied  { ioctl } for  pid=12918 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  273.386151][   T40] audit: type=1400 audit(1754409279.086:27331): avc:  denied  { create } for  pid=14281 comm="syz.0.2807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  273.392478][   T40] audit: type=1400 audit(1754409279.086:27332): avc:  denied  { create } for  pid=14281 comm="syz.0.2807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  273.403425][   T40] audit: type=1400 audit(1754409279.086:27333): avc:  denied  { write } for  pid=14281 comm="syz.0.2807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  273.496987][T14293] fuse: Bad value for 'fd'
[  274.078703][T14316] fuse: Bad value for 'fd'
[  274.212112][T14327] netlink: 'syz.6.2825': attribute type 3 has an invalid length.
[  274.687504][T14354] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  275.946696][T14378] __nla_validate_parse: 7 callbacks suppressed
[  275.946710][T14378] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2843'.
[  276.095660][ T5979] Bluetooth: hci4: unexpected event for opcode 0x2028
[  276.124446][T14389] bond2: entered promiscuous mode
[  276.126767][T14389] 8021q: adding VLAN 0 to HW filter on device bond2
[  276.188399][T14393] ata1.00: invalid multi_count 128 ignored
[  276.240943][T14393] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2849'.
[  276.627612][ T5973] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  276.633717][ T5973] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  276.633769][T14407] netlink: 'syz.0.2857': attribute type 2 has an invalid length.
[  276.636979][ T5973] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  276.638815][T14407] netlink: 'syz.0.2857': attribute type 1 has an invalid length.
[  276.644800][ T5973] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  276.644898][T14407] netlink: 'syz.0.2857': attribute type 1 has an invalid length.
[  276.647871][ T5973] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  276.699607][T14412] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2858'.
[  276.820319][T14408] chnl_net:caif_netlink_parms(): no params data found
[  276.900749][T14408] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.903288][T14408] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.905632][T14408] bridge_slave_0: entered allmulticast mode
[  276.908278][T14408] bridge_slave_0: entered promiscuous mode
[  276.912537][T14408] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.919699][T14408] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.922224][T14408] bridge_slave_1: entered allmulticast mode
[  276.926956][T14408] bridge_slave_1: entered promiscuous mode
[  276.963916][T14408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  276.969762][T14408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  277.006538][T14408] team0: Port device team_slave_0 added
[  277.011534][T14408] team0: Port device team_slave_1 added
[  277.048757][T14408] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.051591][T14408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.062810][T14408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.068388][T14408] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.070593][T14408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.078672][T14408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  277.129537][T14408] hsr_slave_0: entered promiscuous mode
[  277.131951][T14408] hsr_slave_1: entered promiscuous mode
[  277.135307][T14408] debugfs: 'hsr0' already exists in 'hsr'
[  277.137103][T14408] Cannot create hsr debugfs directory
[  277.330021][T14408] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  277.336499][T14408] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  277.343406][T14408] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  277.349381][T14408] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  277.465142][T14408] 8021q: adding VLAN 0 to HW filter on device bond0
[  277.495991][T14408] 8021q: adding VLAN 0 to HW filter on device team0
[  277.509021][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.511986][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  277.527881][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.530790][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  277.638267][T14444] FAULT_INJECTION: forcing a failure.
[  277.638267][T14444] name failslab, interval 1, probability 0, space 0, times 0
[  277.642724][T14444] CPU: 3 UID: 0 PID: 14444 Comm: syz.0.2863 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  277.642740][T14444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  277.642746][T14444] Call Trace:
[  277.642750][T14444]  <TASK>
[  277.642754][T14444]  dump_stack_lvl+0x16c/0x1f0
[  277.642791][T14444]  should_fail_ex+0x512/0x640
[  277.642804][T14444]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  277.642817][T14444]  should_failslab+0xc2/0x120
[  277.642829][T14444]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  277.642840][T14444]  ? __alloc_skb+0x2b2/0x380
[  277.642857][T14444]  __alloc_skb+0x2b2/0x380
[  277.642870][T14444]  ? __pfx___alloc_skb+0x10/0x10
[  277.642885][T14444]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  277.642903][T14444]  netlink_alloc_large_skb+0x69/0x130
[  277.642935][T14444]  netlink_sendmsg+0x6a1/0xdd0
[  277.642953][T14444]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.642974][T14444]  ____sys_sendmsg+0xa95/0xc70
[  277.642986][T14444]  ? copy_msghdr_from_user+0x10a/0x160
[  277.643000][T14444]  ? __pfx_____sys_sendmsg+0x10/0x10
[  277.643028][T14444]  ___sys_sendmsg+0x134/0x1d0
[  277.643046][T14444]  ? __pfx____sys_sendmsg+0x10/0x10
[  277.643072][T14444]  ? __mutex_unlock_slowpath+0x100/0x800
[  277.643097][T14444]  __sys_sendmsg+0x16d/0x220
[  277.643112][T14444]  ? __pfx___sys_sendmsg+0x10/0x10
[  277.643135][T14444]  do_syscall_64+0xcd/0x4c0
[  277.643152][T14444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.643163][T14444] RIP: 0033:0x7f9cfd98eb69
[  277.643171][T14444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.643181][T14444] RSP: 002b:00007f9cfe83b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.643192][T14444] RAX: ffffffffffffffda RBX: 00007f9cfdbb6080 RCX: 00007f9cfd98eb69
[  277.643198][T14444] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  277.643204][T14444] RBP: 00007f9cfe83b090 R08: 0000000000000000 R09: 0000000000000000
[  277.643210][T14444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.643216][T14444] R13: 0000000000000001 R14: 00007f9cfdbb6080 R15: 00007ffcabff9268
[  277.643229][T14444]  </TASK>
[  277.809826][T14451] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2865'.
[  277.816276][T14451] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2865'.
[  277.924801][T14456] FAULT_INJECTION: forcing a failure.
[  277.924801][T14456] name failslab, interval 1, probability 0, space 0, times 0
[  277.928891][T14456] CPU: 2 UID: 0 PID: 14456 Comm: syz.0.2867 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  277.928907][T14456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  277.928914][T14456] Call Trace:
[  277.928918][T14456]  <TASK>
[  277.928922][T14456]  dump_stack_lvl+0x16c/0x1f0
[  277.928941][T14456]  should_fail_ex+0x512/0x640
[  277.928952][T14456]  ? fs_reclaim_acquire+0xae/0x150
[  277.928967][T14456]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  277.928982][T14456]  should_failslab+0xc2/0x120
[  277.928994][T14456]  __kmalloc_noprof+0xd2/0x510
[  277.929008][T14456]  tomoyo_realpath_from_path+0xc2/0x6e0
[  277.929029][T14456]  ? tomoyo_profile+0x47/0x60
[  277.929054][T14456]  tomoyo_path_number_perm+0x245/0x580
[  277.929070][T14456]  ? tomoyo_path_number_perm+0x237/0x580
[  277.929087][T14456]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  277.929111][T14456]  ? find_held_lock+0x2b/0x80
[  277.929153][T14456]  ? find_held_lock+0x2b/0x80
[  277.929172][T14456]  ? hook_file_ioctl_common+0x145/0x410
[  277.929200][T14456]  ? __fget_files+0x20e/0x3c0
[  277.929221][T14456]  security_file_ioctl+0x9b/0x240
[  277.929243][T14456]  __x64_sys_ioctl+0xb7/0x210
[  277.929268][T14456]  do_syscall_64+0xcd/0x4c0
[  277.929287][T14456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.929298][T14456] RIP: 0033:0x7f9cfd98eb69
[  277.929307][T14456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.929317][T14456] RSP: 002b:00007f9cfe85c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  277.929327][T14456] RAX: ffffffffffffffda RBX: 00007f9cfdbb5fa0 RCX: 00007f9cfd98eb69
[  277.929334][T14456] RDX: 0000200000000100 RSI: 0000000000003ba0 RDI: 0000000000000003
[  277.929340][T14456] RBP: 00007f9cfe85c090 R08: 0000000000000000 R09: 0000000000000000
[  277.929346][T14456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.929354][T14456] R13: 0000000000000000 R14: 00007f9cfdbb5fa0 R15: 00007ffcabff9268
[  277.929367][T14456]  </TASK>
[  277.929372][T14456] ERROR: Out of memory at tomoyo_realpath_from_path.
[  277.968193][T14408] 8021q: adding VLAN 0 to HW filter on device batadv0
[  278.255002][   T40] kauditd_printk_skb: 715 callbacks suppressed
[  278.255015][   T40] audit: type=1400 audit(1754409283.966:28049): avc:  denied  { module_request } for  pid=14408 comm="syz-executor" kmod="netdev-netdevsim8" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  278.268449][   T40] audit: type=1400 audit(1754409283.976:28050): avc:  denied  { ioctl } for  pid=14463 comm="syz.0.2870" path="/dev/video8" dev="devtmpfs" ino=976 ioctlcmd=0x561c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  278.313711][   T40] audit: type=1400 audit(1754409284.026:28051): avc:  denied  { sys_module } for  pid=14408 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  278.320728][   T40] audit: type=1400 audit(1754409284.026:28052): avc:  denied  { module_request } for  pid=14408 comm="syz-executor" kmod="netdevsim8" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  278.414075][T14408] veth0_vlan: entered promiscuous mode
[  278.430538][T14408] veth1_vlan: entered promiscuous mode
[  278.483060][T14408] veth0_macvtap: entered promiscuous mode
[  278.490589][T14408] veth1_macvtap: entered promiscuous mode
[  278.510742][T14408] batman_adv: batadv0: Interface activated: batadv_slave_0
[  278.520603][T14408] batman_adv: batadv0: Interface activated: batadv_slave_1
[  278.529517][   T46] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.532762][   T46] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.536690][   T46] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  278.539963][   T46] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  278.570089][   T40] audit: type=1400 audit(1754409284.276:28053): avc:  denied  { create } for  pid=14408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  278.585729][   T40] audit: type=1400 audit(1754409284.286:28054): avc:  denied  { write } for  pid=14408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  278.592771][   T40] audit: type=1400 audit(1754409284.286:28055): avc:  denied  { read } for  pid=14408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  278.599806][   T40] audit: type=1400 audit(1754409284.286:28056): avc:  denied  { read } for  pid=14408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  278.609598][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.612168][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.613959][   T40] audit: type=1400 audit(1754409284.286:28057): avc:  denied  { write } for  pid=14408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  278.626431][   T40] audit: type=1400 audit(1754409284.286:28058): avc:  denied  { read } for  pid=14408 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  278.646959][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.649642][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.703184][ T5973] Bluetooth: hci0: command tx timeout
[  278.776168][T14477] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2854'.
[  278.843184][T14479] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2872'.
[  278.847354][T14479] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2872'.
[  278.931258][T14482] Sensor A: =================  START STATUS  =================
[  278.934243][T14482] Sensor A: Test Pattern: 75% Colorbar
[  278.936529][T14482] Sensor A: Show Information: All
[  278.938218][T14482] Sensor A: Vertical Flip: false
[  278.939783][T14482] Sensor A: Horizontal Flip: false
[  278.941430][T14482] Sensor A: Brightness: 255
[  278.942886][T14482] Sensor A: Contrast: 255
[  278.947510][T14482] Sensor A: Hue: 0
[  278.948752][T14482] Sensor A: Saturation: 128
[  278.950237][T14482] Sensor A: ==================  END STATUS  ==================
[  278.954647][T14482] netlink: 'syz.8.2873': attribute type 10 has an invalid length.
[  278.961934][T14482] team0: Cannot enslave team device to itself
[  278.977053][T14482] fuse: Bad value for 'user_id'
[  278.978804][T14482] fuse: Bad value for 'user_id'
[  279.056201][T14470] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  279.285944][T14497] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2880'.
[  279.332904][T14499] netlink: 'syz.4.2881': attribute type 1 has an invalid length.
[  279.351448][T14499] 8021q: adding VLAN 0 to HW filter on device bond1
[  279.387785][T14499] bond1: (slave veth3): Enslaving as an active interface with a down link
[  279.404976][T14499] bond1: (slave veth0_to_bond): making interface the new active one
[  279.408772][T14499] veth0_to_bond: entered promiscuous mode
[  279.411421][T14499] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  279.431710][T14499] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  279.579289][T14510] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2886'.
[  279.721515][T14525] FAULT_INJECTION: forcing a failure.
[  279.721515][T14525] name failslab, interval 1, probability 0, space 0, times 0
[  279.727598][T14525] CPU: 1 UID: 0 PID: 14525 Comm: syz.8.2891 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  279.727620][T14525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  279.727630][T14525] Call Trace:
[  279.727636][T14525]  <TASK>
[  279.727643][T14525]  dump_stack_lvl+0x16c/0x1f0
[  279.727689][T14525]  should_fail_ex+0x512/0x640
[  279.727706][T14525]  ? __kmalloc_noprof+0xbf/0x510
[  279.727724][T14525]  ? vb2_core_allocated_buffers_storage+0xc4/0x220
[  279.727742][T14525]  should_failslab+0xc2/0x120
[  279.727760][T14525]  __kmalloc_noprof+0xd2/0x510
[  279.727777][T14525]  vb2_core_allocated_buffers_storage+0xc4/0x220
[  279.727793][T14525]  vb2_core_reqbufs+0x398/0xfe0
[  279.727815][T14525]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  279.727847][T14525]  __vb2_init_fileio+0x3f1/0x1100
[  279.727869][T14525]  vb2_core_poll+0x5ec/0x700
[  279.727884][T14525]  vb2_poll+0x33/0x150
[  279.727909][T14525]  vb2_fop_poll+0x10f/0x2c0
[  279.727926][T14525]  ? __pfx_vb2_fop_poll+0x10/0x10
[  279.727940][T14525]  v4l2_poll+0x163/0x320
[  279.727958][T14525]  ? __pfx_v4l2_poll+0x10/0x10
[  279.727974][T14525]  do_sys_poll+0x559/0xdf0
[  279.728000][T14525]  ? __pfx_do_sys_poll+0x10/0x10
[  279.728039][T14525]  ? find_held_lock+0x2b/0x80
[  279.728066][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728083][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728101][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728118][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728135][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728147][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728163][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728181][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728198][T14525]  ? __pfx_pollwake+0x10/0x10
[  279.728213][T14525]  ? __mutex_unlock_slowpath+0x163/0x800
[  279.728242][T14525]  ? set_user_sigmask+0x21b/0x2b0
[  279.728261][T14525]  ? __pfx_set_user_sigmask+0x10/0x10
[  279.728279][T14525]  ? __fget_files+0x20e/0x3c0
[  279.728300][T14525]  __x64_sys_ppoll+0x254/0x2d0
[  279.728318][T14525]  ? __pfx___x64_sys_ppoll+0x10/0x10
[  279.728329][T14525]  ? ksys_write+0x1ac/0x250
[  279.728344][T14525]  ? __pfx_ksys_write+0x10/0x10
[  279.728368][T14525]  do_syscall_64+0xcd/0x4c0
[  279.728393][T14525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.728407][T14525] RIP: 0033:0x7f04a738eb69
[  279.728418][T14525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.728433][T14525] RSP: 002b:00007f04a826c038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  279.728449][T14525] RAX: ffffffffffffffda RBX: 00007f04a75b5fa0 RCX: 00007f04a738eb69
[  279.728460][T14525] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  279.728469][T14525] RBP: 00007f04a826c090 R08: 0000000000000000 R09: 0000000000000000
[  279.728478][T14525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.728487][T14525] R13: 0000000000000000 R14: 00007f04a75b5fa0 R15: 00007ffe029e4258
[  279.728504][T14525]  </TASK>
[  279.846912][    C1] vkms_vblank_simulate: vblank timer overrun
[  280.085031][T14549] FAULT_INJECTION: forcing a failure.
[  280.085031][T14549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.089255][T14549] CPU: 0 UID: 0 PID: 14549 Comm: syz.4.2901 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  280.089272][T14549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  280.089279][T14549] Call Trace:
[  280.089286][T14549]  <TASK>
[  280.089292][T14549]  dump_stack_lvl+0x16c/0x1f0
[  280.089315][T14549]  should_fail_ex+0x512/0x640
[  280.089329][T14549]  _copy_to_user+0x32/0xd0
[  280.089343][T14549]  simple_read_from_buffer+0xcb/0x170
[  280.089357][T14549]  proc_fail_nth_read+0x197/0x240
[  280.089372][T14549]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.089385][T14549]  ? rw_verify_area+0xcf/0x6c0
[  280.089401][T14549]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.089413][T14549]  vfs_read+0x1e4/0xc60
[  280.089425][T14549]  ? __pfx___mutex_lock+0x10/0x10
[  280.089442][T14549]  ? __pfx_vfs_read+0x10/0x10
[  280.089456][T14549]  ? __fget_files+0x20e/0x3c0
[  280.089472][T14549]  ksys_read+0x12a/0x250
[  280.089483][T14549]  ? __pfx_ksys_read+0x10/0x10
[  280.089497][T14549]  do_syscall_64+0xcd/0x4c0
[  280.089514][T14549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.089526][T14549] RIP: 0033:0x7f6a93d8d57c
[  280.089537][T14549] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  280.089548][T14549] RSP: 002b:00007f6a94b65030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  280.089559][T14549] RAX: ffffffffffffffda RBX: 00007f6a93fb5fa0 RCX: 00007f6a93d8d57c
[  280.089566][T14549] RDX: 000000000000000f RSI: 00007f6a94b650a0 RDI: 0000000000000003
[  280.089573][T14549] RBP: 00007f6a94b65090 R08: 0000000000000000 R09: 0000000000000000
[  280.089579][T14549] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  280.089585][T14549] R13: 0000000000000001 R14: 00007f6a93fb5fa0 R15: 00007ffeccd69958
[  280.089599][T14549]  </TASK>
[  280.783045][ T5973] Bluetooth: hci0: command 0x041b tx timeout
[  280.945752][T14570] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  280.953983][T14570] __nla_validate_parse: 9 callbacks suppressed
[  280.953995][T14570] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2909'.
[  280.960803][T14570] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2909'.
[  280.964018][T14570] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  281.087639][T14576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2912'.
[  281.210734][T14582] 9pnet_fd: Insufficient options for proto=fd
[  281.224088][T14583] 9pnet_virtio: no channels available for device syz
[  281.353124][ T7246] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  281.480721][T14594] Invalid logical block size (2)
[  281.486098][T14594] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2916'.
[  281.511597][ T7246] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  281.524949][ T7246] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  281.527902][ T7246] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  281.530474][ T7246] usb 5-1: Product: syz
[  281.532256][ T7246] usb 5-1: Manufacturer: syz
[  281.536210][ T7246] usb 5-1: SerialNumber: syz
[  281.677097][T14606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2921'.
[  281.763851][ T7246] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 25 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  281.835561][T14618] bond2: entered allmulticast mode
[  281.838123][T14618] 8021q: adding VLAN 0 to HW filter on device bond2
[  281.965824][ T7246] usb 5-1: USB disconnect, device number 25
[  281.970948][ T7246] usblp0: removed
[  282.395076][T14635] syz_tun: entered allmulticast mode
[  282.477733][T14637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2930'.
[  282.597125][T14646] program syz.4.2932 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  282.634273][T14650] netlink: 328 bytes leftover after parsing attributes in process `syz.0.2934'.
[  282.702890][T14656] geneve2: entered promiscuous mode
[  282.705578][T14656] geneve2: entered allmulticast mode
[  282.707016][T14657] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2937'.
[  282.833325][T14666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2940'.
[  282.863342][ T5973] Bluetooth: hci0: command 0x041b tx timeout
[  283.060590][T14676] FAULT_INJECTION: forcing a failure.
[  283.060590][T14676] name failslab, interval 1, probability 0, space 0, times 0
[  283.064736][T14676] CPU: 0 UID: 0 PID: 14676 Comm: syz.4.2943 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  283.064751][T14676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  283.064758][T14676] Call Trace:
[  283.064762][T14676]  <TASK>
[  283.064766][T14676]  dump_stack_lvl+0x16c/0x1f0
[  283.064786][T14676]  should_fail_ex+0x512/0x640
[  283.064796][T14676]  ? fs_reclaim_acquire+0xae/0x150
[  283.064813][T14676]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  283.064827][T14676]  should_failslab+0xc2/0x120
[  283.064839][T14676]  __kmalloc_noprof+0xd2/0x510
[  283.064853][T14676]  tomoyo_realpath_from_path+0xc2/0x6e0
[  283.064867][T14676]  ? tomoyo_profile+0x47/0x60
[  283.064884][T14676]  tomoyo_path_number_perm+0x245/0x580
[  283.064895][T14676]  ? tomoyo_path_number_perm+0x237/0x580
[  283.064907][T14676]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  283.064920][T14676]  ? find_held_lock+0x2b/0x80
[  283.064944][T14676]  ? find_held_lock+0x2b/0x80
[  283.064956][T14676]  ? hook_file_ioctl_common+0x145/0x410
[  283.064980][T14676]  ? __fget_files+0x20e/0x3c0
[  283.064995][T14676]  security_file_ioctl+0x9b/0x240
[  283.065010][T14676]  __x64_sys_ioctl+0xb7/0x210
[  283.065027][T14676]  do_syscall_64+0xcd/0x4c0
[  283.065044][T14676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.065055][T14676] RIP: 0033:0x7f6a93d8eb69
[  283.065064][T14676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.065075][T14676] RSP: 002b:00007f6a94b65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  283.065086][T14676] RAX: ffffffffffffffda RBX: 00007f6a93fb5fa0 RCX: 00007f6a93d8eb69
[  283.065092][T14676] RDX: 0000200000000240 RSI: 000000004008ae89 RDI: 0000000000000005
[  283.065099][T14676] RBP: 00007f6a94b65090 R08: 0000000000000000 R09: 0000000000000000
[  283.065105][T14676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.065111][T14676] R13: 0000000000000000 R14: 00007f6a93fb5fa0 R15: 00007ffeccd69958
[  283.065124][T14676]  </TASK>
[  283.065129][T14676] ERROR: Out of memory at tomoyo_realpath_from_path.
[  283.291908][   T40] kauditd_printk_skb: 1043 callbacks suppressed
[  283.291924][   T40] audit: type=1400 audit(1754409288.996:29102): avc:  denied  { allowed } for  pid=14678 comm="syz.4.2944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  283.302194][   T40] audit: type=1400 audit(1754409289.006:29103): avc:  denied  { create } for  pid=14678 comm="syz.4.2944" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  283.309465][   T40] audit: type=1400 audit(1754409289.006:29104): avc:  denied  { read write } for  pid=14678 comm="syz.4.2944" name="video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  283.316729][   T40] audit: type=1400 audit(1754409289.006:29105): avc:  denied  { read write open } for  pid=14678 comm="syz.4.2944" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  283.324331][   T40] audit: type=1400 audit(1754409289.006:29106): avc:  denied  { read } for  pid=14678 comm="syz.4.2944" name="v4l-subdev0" dev="devtmpfs" ino=965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  283.331411][   T40] audit: type=1400 audit(1754409289.016:29107): avc:  denied  { read open } for  pid=14678 comm="syz.4.2944" path="/dev/v4l-subdev0" dev="devtmpfs" ino=965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  283.338958][   T40] audit: type=1400 audit(1754409289.016:29108): avc:  denied  { ioctl } for  pid=14678 comm="syz.4.2944" path="/dev/v4l-subdev0" dev="devtmpfs" ino=965 ioctlcmd=0x5663 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  283.347175][   T40] audit: type=1400 audit(1754409289.016:29109): avc:  denied  { allowed } for  pid=14678 comm="syz.4.2944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  283.353390][   T40] audit: type=1400 audit(1754409289.016:29110): avc:  denied  { sqpoll } for  pid=14678 comm="syz.4.2944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  283.359979][   T40] audit: type=1400 audit(1754409289.016:29111): avc:  denied  { create } for  pid=14678 comm="syz.4.2944" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  284.019740][T14695] FAULT_INJECTION: forcing a failure.
[  284.019740][T14695] name failslab, interval 1, probability 0, space 0, times 0
[  284.023933][T14695] CPU: 2 UID: 0 PID: 14695 Comm: syz.0.2948 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  284.023960][T14695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  284.023969][T14695] Call Trace:
[  284.023975][T14695]  <TASK>
[  284.023980][T14695]  dump_stack_lvl+0x16c/0x1f0
[  284.024005][T14695]  should_fail_ex+0x512/0x640
[  284.024024][T14695]  should_failslab+0xc2/0x120
[  284.024038][T14695]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  284.024049][T14695]  ? skb_clone+0x190/0x3f0
[  284.024066][T14695]  skb_clone+0x190/0x3f0
[  284.024081][T14695]  netlink_deliver_tap+0xabd/0xd30
[  284.024099][T14695]  netlink_unicast+0x64c/0x870
[  284.024117][T14695]  ? __pfx_netlink_unicast+0x10/0x10
[  284.024133][T14695]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  284.024152][T14695]  netlink_sendmsg+0x8d1/0xdd0
[  284.024170][T14695]  ? __pfx_netlink_sendmsg+0x10/0x10
[  284.024191][T14695]  ____sys_sendmsg+0xa95/0xc70
[  284.024205][T14695]  ? copy_msghdr_from_user+0x10a/0x160
[  284.024220][T14695]  ? __pfx_____sys_sendmsg+0x10/0x10
[  284.024237][T14695]  ___sys_sendmsg+0x134/0x1d0
[  284.024252][T14695]  ? __pfx____sys_sendmsg+0x10/0x10
[  284.024278][T14695]  ? __mutex_unlock_slowpath+0x100/0x800
[  284.024299][T14695]  __sys_sendmsg+0x16d/0x220
[  284.024313][T14695]  ? __pfx___sys_sendmsg+0x10/0x10
[  284.024337][T14695]  do_syscall_64+0xcd/0x4c0
[  284.024354][T14695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.024364][T14695] RIP: 0033:0x7f9cfd98eb69
[  284.024374][T14695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.024385][T14695] RSP: 002b:00007f9cfe85c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  284.024396][T14695] RAX: ffffffffffffffda RBX: 00007f9cfdbb5fa0 RCX: 00007f9cfd98eb69
[  284.024403][T14695] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  284.024409][T14695] RBP: 00007f9cfe85c090 R08: 0000000000000000 R09: 0000000000000000
[  284.024415][T14695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.024422][T14695] R13: 0000000000000000 R14: 00007f9cfdbb5fa0 R15: 00007ffcabff9268
[  284.024434][T14695]  </TASK>
[  284.028646][T14695] geneve2: entered promiscuous mode
[  284.109233][T14695] geneve2: entered allmulticast mode
[  284.943026][ T5973] Bluetooth: hci0: command 0x041b tx timeout
[  285.417985][T14729] FAULT_INJECTION: forcing a failure.
[  285.417985][T14729] name failslab, interval 1, probability 0, space 0, times 0
[  285.421907][T14729] CPU: 0 UID: 0 PID: 14729 Comm: syz.8.2961 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  285.421922][T14729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  285.421928][T14729] Call Trace:
[  285.421932][T14729]  <TASK>
[  285.421937][T14729]  dump_stack_lvl+0x16c/0x1f0
[  285.421955][T14729]  should_fail_ex+0x512/0x640
[  285.421965][T14729]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  285.421982][T14729]  should_failslab+0xc2/0x120
[  285.421994][T14729]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  285.422004][T14729]  ? __kvm_mmu_topup_memory_cache+0x450/0x600
[  285.422020][T14729]  ? kvm_hv_setup_tsc_page+0x29a/0x8d0
[  285.422034][T14729]  ? __kvm_mmu_topup_memory_cache+0x18f/0x600
[  285.422052][T14729]  __kvm_mmu_topup_memory_cache+0x18f/0x600
[  285.422072][T14729]  mmu_topup_memory_caches+0x25/0x170
[  285.422084][T14729]  kvm_mmu_load+0xd6/0x23c0
[  285.422094][T14729]  ? kvm_apic_has_interrupt+0x106/0x1f0
[  285.422106][T14729]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  285.422118][T14729]  ? __pfx_vmx_flush_tlb_guest+0x10/0x10
[  285.422132][T14729]  ? __pfx_kvm_guest_time_update+0x10/0x10
[  285.422145][T14729]  ? __pfx_kvm_mmu_load+0x10/0x10
[  285.422154][T14729]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  285.422170][T14729]  ? kvm_check_and_inject_events+0x71c/0x1310
[  285.422188][T14729]  vcpu_run+0x358c/0x5580
[  285.422202][T14729]  ? __lock_acquire+0xb97/0x1ce0
[  285.422222][T14729]  ? __pfx_vcpu_run+0x10/0x10
[  285.422238][T14729]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  285.422251][T14729]  ? __local_bh_enable_ip+0xa4/0x120
[  285.422267][T14729]  ? kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  285.422281][T14729]  kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  285.422300][T14729]  kvm_vcpu_ioctl+0x5eb/0x1690
[  285.422315][T14729]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  285.422329][T14729]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  285.422342][T14729]  ? do_vfs_ioctl+0x128/0x14f0
[  285.422358][T14729]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  285.422374][T14729]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  285.422393][T14729]  ? hook_file_ioctl_common+0x145/0x410
[  285.422411][T14729]  ? selinux_file_ioctl+0x180/0x270
[  285.422423][T14729]  ? selinux_file_ioctl+0xb4/0x270
[  285.422437][T14729]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  285.422451][T14729]  __x64_sys_ioctl+0x18b/0x210
[  285.422467][T14729]  do_syscall_64+0xcd/0x4c0
[  285.422484][T14729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.422494][T14729] RIP: 0033:0x7f04a738eb69
[  285.422503][T14729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.422514][T14729] RSP: 002b:00007f04a826c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  285.422524][T14729] RAX: ffffffffffffffda RBX: 00007f04a75b5fa0 RCX: 00007f04a738eb69
[  285.422531][T14729] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  285.422536][T14729] RBP: 00007f04a826c090 R08: 0000000000000000 R09: 0000000000000000
[  285.422542][T14729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  285.422548][T14729] R13: 0000000000000000 R14: 00007f04a75b5fa0 R15: 00007ffe029e4258
[  285.422561][T14729]  </TASK>
[  285.770567][T14747] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2968'.
[  285.771648][T14748] openvswitch: netlink: nsh attr 0 has unexpected len 4 expected 0
[  285.774822][T14747] openvswitch: netlink: nsh attr 0 has unexpected len 4 expected 0
[  285.776118][T14748] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  285.778477][T14747] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  286.164372][T14779] __nla_validate_parse: 1 callbacks suppressed
[  286.164384][T14779] netlink: 76 bytes leftover after parsing attributes in process `syz.8.2980'.
[  286.431695][T14795] bridge1: entered allmulticast mode
[  286.466982][T14797] bond0: entered allmulticast mode
[  286.468729][T14797] bond_slave_0: entered allmulticast mode
[  286.470579][T14797] bond_slave_1: entered allmulticast mode
[  286.714818][T14816] : entered promiscuous mode
[  287.033143][ T5973] Bluetooth: hci0: command 0x041b tx timeout
[  287.053143][   T24] usb 9-1: new high-speed USB device number 29 using dummy_hcd
[  287.213116][   T24] usb 9-1: Using ep0 maxpacket: 8
[  287.222464][   T24] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  287.225353][   T24] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  287.228488][   T24] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  287.231684][   T24] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  287.234861][   T24] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  287.238946][   T24] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  287.241747][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.455116][   T24] usb 9-1: GET_CAPABILITIES returned 0
[  287.456927][   T24] usbtmc 9-1:16.0: can't read capabilities
[  287.589461][T14839] netlink: 'syz.8.3005': attribute type 10 has an invalid length.
[  287.600791][T14839] FAULT_INJECTION: forcing a failure.
[  287.600791][T14839] name failslab, interval 1, probability 0, space 0, times 0
[  287.605647][T14839] CPU: 1 UID: 0 PID: 14839 Comm: syz.8.3005 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  287.605664][T14839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.605670][T14839] Call Trace:
[  287.605674][T14839]  <TASK>
[  287.605678][T14839]  dump_stack_lvl+0x16c/0x1f0
[  287.605715][T14839]  should_fail_ex+0x512/0x640
[  287.605748][T14839]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  287.605762][T14839]  should_failslab+0xc2/0x120
[  287.605774][T14839]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  287.605786][T14839]  ? alloc_inode+0x61/0x240
[  287.605802][T14839]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  287.605813][T14839]  alloc_inode+0x61/0x240
[  287.605827][T14839]  new_inode+0x22/0x1c0
[  287.605843][T14839]  debugfs_create_dir+0xdd/0x5f0
[  287.605855][T14839]  ieee80211_debugfs_recreate_netdev+0x1d1/0x17e0
[  287.605873][T14839]  ? __pfx_ieee80211_debugfs_recreate_netdev+0x10/0x10
[  287.605889][T14839]  ? __pfx___might_resched+0x10/0x10
[  287.605906][T14839]  drv_remove_interface+0x2bf/0x640
[  287.605918][T14839]  ieee80211_do_stop+0x18a6/0x2520
[  287.605931][T14839]  ? __pfx___mutex_trylock_common+0x10/0x10
[  287.605954][T14839]  ? __pfx_ieee80211_do_stop+0x10/0x10
[  287.605969][T14839]  ? do_raw_spin_lock+0x12c/0x2b0
[  287.605986][T14839]  ? mark_held_locks+0x49/0x80
[  287.606003][T14839]  ? __pfx_ieee80211_stop+0x10/0x10
[  287.606016][T14839]  ieee80211_stop+0x169/0x320
[  287.606029][T14839]  ? __pfx_ieee80211_stop+0x10/0x10
[  287.606041][T14839]  __dev_close_many+0x29b/0x770
[  287.606054][T14839]  ? __pfx___dev_close_many+0x10/0x10
[  287.606066][T14839]  ? __local_bh_enable_ip+0xa4/0x120
[  287.606082][T14839]  __dev_change_flags+0x4d8/0x720
[  287.606098][T14839]  ? __pfx___dev_change_flags+0x10/0x10
[  287.606114][T14839]  ? __pfx_validate_linkmsg+0x10/0x10
[  287.606131][T14839]  netif_change_flags+0x8d/0x160
[  287.606147][T14839]  do_setlink.constprop.0+0xb53/0x4380
[  287.606164][T14839]  ? __pfx_console_unlock+0x10/0x10
[  287.606179][T14839]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  287.606198][T14839]  ? __lock_acquire+0xb97/0x1ce0
[  287.606223][T14839]  ? __mutex_trylock_common+0xe9/0x250
[  287.606239][T14839]  ? __pfx___mutex_trylock_common+0x10/0x10
[  287.606257][T14839]  ? __pfx___might_resched+0x10/0x10
[  287.606270][T14839]  ? rcu_is_watching+0x12/0xc0
[  287.606283][T14839]  ? trace_contention_end+0xdd/0x130
[  287.606292][T14839]  ? __mutex_lock+0x1c4/0x10b0
[  287.606317][T14839]  ? __pfx___mutex_lock+0x10/0x10
[  287.606332][T14839]  ? cap_capable+0xb3/0x250
[  287.606351][T14839]  rtnl_newlink+0x1446/0x2000
[  287.606371][T14839]  ? __pfx_rtnl_newlink+0x10/0x10
[  287.606385][T14839]  ? find_held_lock+0x2b/0x80
[  287.606398][T14839]  ? avc_has_perm_noaudit+0x117/0x3b0
[  287.606416][T14839]  ? avc_has_perm_noaudit+0x149/0x3b0
[  287.606435][T14839]  ? __lock_acquire+0x62e/0x1ce0
[  287.606458][T14839]  ? find_held_lock+0x2b/0x80
[  287.606470][T14839]  ? __pfx_rtnl_newlink+0x10/0x10
[  287.606485][T14839]  ? __pfx_rtnl_newlink+0x10/0x10
[  287.606499][T14839]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  287.606515][T14839]  ? __pfx_rtnl_newlink+0x10/0x10
[  287.606531][T14839]  rtnetlink_rcv_msg+0x95b/0xe90
[  287.606548][T14839]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  287.606567][T14839]  ? ref_tracker_free+0x37c/0x830
[  287.606579][T14839]  netlink_rcv_skb+0x155/0x420
[  287.606596][T14839]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  287.606612][T14839]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  287.606633][T14839]  ? netlink_deliver_tap+0x1ae/0xd30
[  287.606651][T14839]  netlink_unicast+0x5aa/0x870
[  287.606669][T14839]  ? __pfx_netlink_unicast+0x10/0x10
[  287.606685][T14839]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  287.606704][T14839]  netlink_sendmsg+0x8d1/0xdd0
[  287.606722][T14839]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.606743][T14839]  ____sys_sendmsg+0xa95/0xc70
[  287.606755][T14839]  ? copy_msghdr_from_user+0x10a/0x160
[  287.606769][T14839]  ? __pfx_____sys_sendmsg+0x10/0x10
[  287.606787][T14839]  ___sys_sendmsg+0x134/0x1d0
[  287.606802][T14839]  ? __pfx____sys_sendmsg+0x10/0x10
[  287.606829][T14839]  ? __mutex_unlock_slowpath+0x100/0x800
[  287.606848][T14839]  __sys_sendmsg+0x16d/0x220
[  287.606863][T14839]  ? __pfx___sys_sendmsg+0x10/0x10
[  287.606887][T14839]  do_syscall_64+0xcd/0x4c0
[  287.606904][T14839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.606917][T14839] RIP: 0033:0x7f04a738eb69
[  287.606927][T14839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.606937][T14839] RSP: 002b:00007f04a826c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  287.606948][T14839] RAX: ffffffffffffffda RBX: 00007f04a75b5fa0 RCX: 00007f04a738eb69
[  287.606954][T14839] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000006
[  287.606960][T14839] RBP: 00007f04a826c090 R08: 0000000000000000 R09: 0000000000000000
[  287.606966][T14839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  287.606972][T14839] R13: 0000000000000000 R14: 00007f04a75b5fa0 R15: 00007ffe029e4258
[  287.606985][T14839]  </TASK>
[  287.606989][T14839] debugfs: out of free dentries, can not create directory 'netdev:wlan1'
[  287.667053][ T6032] usb 9-1: USB disconnect, device number 29
[  287.672774][T14839] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  287.721540][T14844] overlayfs: missing 'workdir'
[  287.846930][T14851] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  287.948627][T14857] netlink: 248 bytes leftover after parsing attributes in process `syz.6.3009'.
[  288.483372][   T40] kauditd_printk_skb: 1038 callbacks suppressed
[  288.483384][   T40] audit: type=1400 audit(1754409294.186:30150): avc:  denied  { read write } for  pid=12918 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  288.492709][   T40] audit: type=1400 audit(1754409294.196:30151): avc:  denied  { read write open } for  pid=12918 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  288.500510][   T40] audit: type=1400 audit(1754409294.196:30152): avc:  denied  { ioctl } for  pid=12918 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=658 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  288.508669][   T40] audit: type=1400 audit(1754409294.206:30153): avc:  denied  { create } for  pid=14862 comm="syz.0.3013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  288.509838][T14863] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3013'.
[  288.515069][   T40] audit: type=1400 audit(1754409294.206:30154): avc:  denied  { create } for  pid=14862 comm="syz.0.3013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  288.515096][   T40] audit: type=1400 audit(1754409294.206:30155): avc:  denied  { write } for  pid=14862 comm="syz.0.3013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  288.515117][   T40] audit: type=1400 audit(1754409294.206:30156): avc:  denied  { read } for  pid=14862 comm="syz.0.3013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  288.515139][   T40] audit: type=1400 audit(1754409294.206:30157): avc:  denied  { read } for  pid=14862 comm="syz.0.3013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  288.515199][   T40] audit: type=1400 audit(1754409294.216:30158): avc:  denied  { ioctl } for  pid=14862 comm="syz.0.3013" path="socket:[81066]" dev="sockfs" ino=81066 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  288.552353][   T40] audit: type=1400 audit(1754409294.216:30159): avc:  denied  { write } for  pid=14862 comm="syz.0.3013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  288.827203][T14870] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3016'.
[  288.836554][T14870] openvswitch: netlink: Geneve opt len 62 is not a multiple of 4.
[  288.840382][T14870] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3016'.
[  288.841486][T14871] netlink: 'syz.8.3015': attribute type 10 has an invalid length.
[  289.756799][T14897] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3025'.
[  289.920863][T14909] fuse: Bad value for 'fd'
[  289.989891][T14911] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3030'.
[  290.000349][T14911] netlink: 'syz.8.3030': attribute type 13 has an invalid length.
[  290.003815][T14911] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3030'.
[  290.067190][T14917] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  290.141771][T14921] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3034'.
[  290.468954][T14931] syz.8.3039: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  290.474653][T14931] CPU: 2 UID: 0 PID: 14931 Comm: syz.8.3039 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  290.474669][T14931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.474676][T14931] Call Trace:
[  290.474680][T14931]  <TASK>
[  290.474684][T14931]  dump_stack_lvl+0x16c/0x1f0
[  290.474703][T14931]  warn_alloc+0x248/0x3a0
[  290.474716][T14931]  ? __pfx_warn_alloc+0x10/0x10
[  290.474731][T14931]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  290.474743][T14931]  ? __vmalloc_node_noprof+0xad/0xf0
[  290.474770][T14931]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  290.474790][T14931]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  290.474804][T14931]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  290.474824][T14931]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  290.474835][T14931]  vmalloc_user_noprof+0x9e/0xe0
[  290.474850][T14931]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  290.474862][T14931]  vb2_vmalloc_alloc+0x135/0x3f0
[  290.474873][T14931]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  290.474885][T14931]  __vb2_queue_alloc+0x8c9/0x1280
[  290.474902][T14931]  vb2_core_reqbufs+0xa90/0xfe0
[  290.474916][T14931]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  290.474927][T14931]  ? __pfx___mutex_trylock_common+0x10/0x10
[  290.474947][T14931]  ? trace_contention_end+0xdd/0x130
[  290.474957][T14931]  ? __mutex_lock+0x1c4/0x10b0
[  290.474978][T14931]  vb2_ioctl_reqbufs+0x291/0x450
[  290.474995][T14931]  ? __pfx_vb2_ioctl_reqbufs+0x10/0x10
[  290.475011][T14931]  ? __pfx___mutex_lock+0x10/0x10
[  290.475030][T14931]  vidioc_reqbufs+0x86/0x100
[  290.475046][T14931]  v4l_reqbufs+0x152/0x1e0
[  290.475060][T14931]  __video_do_ioctl+0xb40/0xfc0
[  290.475076][T14931]  ? __might_fault+0xe3/0x190
[  290.475086][T14931]  ? __pfx___video_do_ioctl+0x10/0x10
[  290.475106][T14931]  video_usercopy+0x4d0/0x1720
[  290.475121][T14931]  ? __pfx___video_do_ioctl+0x10/0x10
[  290.475135][T14931]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  290.475150][T14931]  ? __pfx_video_usercopy+0x10/0x10
[  290.475173][T14931]  v4l2_ioctl+0x1bd/0x250
[  290.475186][T14931]  ? __pfx_v4l2_ioctl+0x10/0x10
[  290.475200][T14931]  __x64_sys_ioctl+0x18b/0x210
[  290.475218][T14931]  do_syscall_64+0xcd/0x4c0
[  290.475234][T14931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.475246][T14931] RIP: 0033:0x7f04a738eb69
[  290.475255][T14931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.475266][T14931] RSP: 002b:00007f04a826c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.475275][T14931] RAX: ffffffffffffffda RBX: 00007f04a75b5fa0 RCX: 00007f04a738eb69
[  290.475282][T14931] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000006
[  290.475288][T14931] RBP: 00007f04a7411df1 R08: 0000000000000000 R09: 0000000000000000
[  290.475294][T14931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  290.475300][T14931] R13: 0000000000000000 R14: 00007f04a75b5fa0 R15: 00007ffe029e4258
[  290.475313][T14931]  </TASK>
[  290.475317][T14931] Mem-Info:
[  290.568083][T14931] active_anon:5458 inactive_anon:2250 isolated_anon:0
[  290.568083][T14931]  active_file:4838 inactive_file:16935 isolated_file:0
[  290.568083][T14931]  unevictable:1768 dirty:403 writeback:0
[  290.568083][T14931]  slab_reclaimable:8507 slab_unreclaimable:88070
[  290.568083][T14931]  mapped:24585 shmem:2411 pagetables:1437
[  290.568083][T14931]  sec_pagetables:318 bounce:0
[  290.568083][T14931]  kernel_misc_reclaimable:0
[  290.568083][T14931]  free:457655 free_pcp:17612 free_cma:0
[  290.582155][T14931] Node 0 active_anon:21832kB inactive_anon:9000kB active_file:19324kB inactive_file:67588kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:98324kB dirty:1612kB writeback:0kB shmem:6108kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14896kB pagetables:5336kB sec_pagetables:1272kB all_unreclaimable? yes Balloon:0kB
[  290.592101][T14931] Node 1 active_anon:0kB inactive_anon:0kB active_file:28kB inactive_file:152kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:112kB pagetables:412kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  290.601455][T14931] Node 0 DMA free:15088kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:216kB local_pcp:108kB free_cma:0kB
[  290.610485][T14931] lowmem_reserve[]: 0 1233 1233 1233 1233
[  290.612330][T14931] Node 0 DMA32 free:208528kB boost:40960kB min:68476kB low:75352kB high:82228kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21832kB inactive_anon:9000kB active_file:19324kB inactive_file:67588kB unevictable:3536kB writepending:1612kB present:2080628kB managed:1263560kB mlocked:0kB bounce:0kB free_pcp:62388kB local_pcp:19440kB free_cma:0kB
[  290.622467][T14931] lowmem_reserve[]: 0 0 0 0 0
[  290.627078][T14931] Node 1 Normal free:1607108kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:28kB inactive_file:152kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781892kB mlocked:0kB bounce:0kB free_pcp:7212kB local_pcp:2048kB free_cma:0kB
[  290.637757][T14931] lowmem_reserve[]: 0 0 0 0 0
[  290.639276][T14931] Node 0 DMA: 6*4kB (U) 7*8kB (U) 5*16kB (U) 9*32kB (U) 7*64kB (U) 7*128kB (U) 4*256kB (U) 4*512kB (U) 2*1024kB (U) 4*2048kB (UM) 0*4096kB = 15104kB
[  290.644406][T14931] Node 0 DMA32: 239*4kB (M) 157*8kB (ME) 264*16kB (ME) 49*32kB (ME) 38*64kB (ME) 51*128kB (UME) 64*256kB (UM) 68*512kB (UME) 43*1024kB (UM) 15*2048kB (UM) 16*4096kB (U) = 208452kB
[  290.650024][T14931] Node 1 Normal: 111*4kB (UME) 193*8kB (UME) 122*16kB (UME) 223*32kB (UME) 89*64kB (UME) 75*128kB (UME) 49*256kB (UME) 37*512kB (UM) 35*1024kB (UM) 21*2048kB (UME) 359*4096kB (UM) = 1607172kB
[  290.657011][T14931] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  290.659992][T14931] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  290.664194][T14931] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  290.667481][T14931] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  290.670372][T14931] 24180 total pagecache pages
[  290.671837][T14931] 0 pages in swap cache
[  290.673501][T14931] Free swap  = 124996kB
[  290.674896][T14931] Total swap = 124996kB
[  290.676362][T14931] 1048443 pages RAM
[  290.677619][T14931] 0 pages HighMem/MovableOnly
[  290.679125][T14931] 283240 pages reserved
[  290.680423][T14931] 0 pages cma reserved
[  290.795074][ T1144] veth0_to_bond: left promiscuous mode
[  290.857662][T14956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3049'.
[  291.114158][   T24] IPVS: starting estimator thread 0...
[  291.119714][T14973] FAULT_INJECTION: forcing a failure.
[  291.119714][T14973] name failslab, interval 1, probability 0, space 0, times 0
[  291.124084][T14973] CPU: 2 UID: 0 PID: 14973 Comm: syz.4.3053 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  291.124101][T14973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  291.124107][T14973] Call Trace:
[  291.124111][T14973]  <TASK>
[  291.124115][T14973]  dump_stack_lvl+0x16c/0x1f0
[  291.124144][T14973]  should_fail_ex+0x512/0x640
[  291.124156][T14973]  should_failslab+0xc2/0x120
[  291.124170][T14973]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  291.124183][T14973]  ? sidtab_sid2str_get+0x17a/0x680
[  291.124200][T14973]  kmemdup_noprof+0x29/0x60
[  291.124211][T14973]  sidtab_sid2str_get+0x17a/0x680
[  291.124227][T14973]  sidtab_entry_to_string+0x33/0x110
[  291.124241][T14973]  security_sid_to_context_core+0x35c/0x640
[  291.124256][T14973]  avc_audit_post_callback+0x1aa/0x8f0
[  291.124273][T14973]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  291.124288][T14973]  ? skb_put+0x138/0x1b0
[  291.124300][T14973]  ? audit_log_n_string+0x253/0x540
[  291.124315][T14973]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  291.124330][T14973]  common_lsm_audit+0x24e/0x300
[  291.124343][T14973]  ? __pfx_common_lsm_audit+0x10/0x10
[  291.124355][T14973]  ? avc_denied+0x14a/0x190
[  291.124373][T14973]  slow_avc_audit+0x186/0x210
[  291.124389][T14973]  ? __pfx_slow_avc_audit+0x10/0x10
[  291.124404][T14973]  ? find_held_lock+0x2b/0x80
[  291.124423][T14973]  avc_has_perm+0x1b5/0x1f0
[  291.124440][T14973]  ? __pfx_avc_has_perm+0x10/0x10
[  291.124456][T14973]  ? get_pid_task+0x106/0x250
[  291.124466][T14973]  ? proc_fail_nth_write+0x9f/0x220
[  291.124481][T14973]  sock_has_perm+0x252/0x2f0
[  291.124492][T14973]  ? __pfx_sock_has_perm+0x10/0x10
[  291.124503][T14973]  ? ksys_write+0x190/0x250
[  291.124518][T14973]  ? find_held_lock+0x2b/0x80
[  291.124533][T14973]  selinux_socket_setsockopt+0x41/0x80
[  291.124545][T14973]  security_socket_setsockopt+0x211/0x240
[  291.124557][T14973]  do_sock_setsockopt+0x53/0x1d0
[  291.124569][T14973]  __sys_setsockopt+0x1a0/0x230
[  291.124586][T14973]  __x64_sys_setsockopt+0xbd/0x160
[  291.124599][T14973]  ? do_syscall_64+0x91/0x4c0
[  291.124615][T14973]  ? lockdep_hardirqs_on+0x7c/0x110
[  291.124630][T14973]  do_syscall_64+0xcd/0x4c0
[  291.124646][T14973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.124657][T14973] RIP: 0033:0x7f6a93d8eb69
[  291.124666][T14973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.124677][T14973] RSP: 002b:00007f6a94b65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  291.124687][T14973] RAX: ffffffffffffffda RBX: 00007f6a93fb5fa0 RCX: 00007f6a93d8eb69
[  291.124694][T14973] RDX: 0000000000000485 RSI: 0000000000000000 RDI: 0000000000000003
[  291.124700][T14973] RBP: 00007f6a94b65090 R08: 0000000000000000 R09: 0000000000000000
[  291.124706][T14973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  291.124712][T14973] R13: 0000000000000000 R14: 00007f6a93fb5fa0 R15: 00007ffeccd69958
[  291.124725][T14973]  </TASK>
[  291.283121][T14974] IPVS: using max 40 ests per chain, 96000 per kthread
[  291.311475][T14979] mac80211_hwsim hwsim26 wlan1: entered allmulticast mode
[  291.883575][T14986] FAULT_INJECTION: forcing a failure.
[  291.883575][T14986] name failslab, interval 1, probability 0, space 0, times 0
[  291.888335][T14986] CPU: 1 UID: 0 PID: 14986 Comm: syz.8.3058 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  291.888350][T14986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  291.888357][T14986] Call Trace:
[  291.888362][T14986]  <TASK>
[  291.888367][T14986]  dump_stack_lvl+0x16c/0x1f0
[  291.888386][T14986]  should_fail_ex+0x512/0x640
[  291.888396][T14986]  ? fs_reclaim_acquire+0xae/0x150
[  291.888413][T14986]  should_failslab+0xc2/0x120
[  291.888425][T14986]  __kmalloc_cache_noprof+0x6a/0x3e0
[  291.888441][T14986]  ? nbd_add_socket+0x2f9/0xbe0
[  291.888454][T14986]  nbd_add_socket+0x2f9/0xbe0
[  291.888464][T14986]  ? __pfx_nbd_add_socket+0x10/0x10
[  291.888475][T14986]  ? __nla_parse+0x40/0x60
[  291.888488][T14986]  nbd_genl_connect+0x1196/0x1c60
[  291.888501][T14986]  ? __pfx_nbd_genl_connect+0x10/0x10
[  291.888515][T14986]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  291.888528][T14986]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  291.888542][T14986]  genl_family_rcv_msg_doit+0x206/0x2f0
[  291.888554][T14986]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  291.888565][T14986]  ? genl_get_cmd+0x194/0x580
[  291.888578][T14986]  ? netlink_alloc_large_skb+0x69/0x130
[  291.888593][T14986]  ? netlink_sendmsg+0x6a1/0xdd0
[  291.888607][T14986]  ? __radix_tree_lookup+0x21f/0x2c0
[  291.888623][T14986]  genl_rcv_msg+0x55c/0x800
[  291.888635][T14986]  ? __pfx_genl_rcv_msg+0x10/0x10
[  291.888646][T14986]  ? __pfx_nbd_genl_connect+0x10/0x10
[  291.888658][T14986]  ? __lock_acquire+0x62e/0x1ce0
[  291.888677][T14986]  netlink_rcv_skb+0x155/0x420
[  291.888692][T14986]  ? __pfx_genl_rcv_msg+0x10/0x10
[  291.888703][T14986]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  291.888725][T14986]  ? netlink_deliver_tap+0x1ae/0xd30
[  291.888739][T14986]  ? selinux_netlink_send+0x578/0x830
[  291.888750][T14986]  ? is_vmalloc_addr+0x86/0xa0
[  291.888762][T14986]  genl_rcv+0x28/0x40
[  291.888771][T14986]  netlink_unicast+0x5aa/0x870
[  291.888788][T14986]  ? __pfx_netlink_unicast+0x10/0x10
[  291.888804][T14986]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  291.888824][T14986]  netlink_sendmsg+0x8d1/0xdd0
[  291.888842][T14986]  ? __pfx_netlink_sendmsg+0x10/0x10
[  291.888863][T14986]  ____sys_sendmsg+0xa95/0xc70
[  291.888875][T14986]  ? copy_msghdr_from_user+0x10a/0x160
[  291.888889][T14986]  ? __pfx_____sys_sendmsg+0x10/0x10
[  291.888906][T14986]  ___sys_sendmsg+0x134/0x1d0
[  291.888922][T14986]  ? __pfx____sys_sendmsg+0x10/0x10
[  291.888954][T14986]  ? __mutex_unlock_slowpath+0x100/0x800
[  291.888975][T14986]  __sys_sendmsg+0x16d/0x220
[  291.888990][T14986]  ? __pfx___sys_sendmsg+0x10/0x10
[  291.889013][T14986]  do_syscall_64+0xcd/0x4c0
[  291.889030][T14986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.889041][T14986] RIP: 0033:0x7f04a738eb69
[  291.889051][T14986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.889061][T14986] RSP: 002b:00007f04a826c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  291.889071][T14986] RAX: ffffffffffffffda RBX: 00007f04a75b5fa0 RCX: 00007f04a738eb69
[  291.889077][T14986] RDX: 0000000000000000 RSI: 0000200000001f40 RDI: 0000000000000004
[  291.889084][T14986] RBP: 00007f04a826c090 R08: 0000000000000000 R09: 0000000000000000
[  291.889089][T14986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  291.889095][T14986] R13: 0000000000000000 R14: 00007f04a75b5fa0 R15: 00007ffe029e4258
[  291.889109][T14986]  </TASK>
[  291.998657][    C1] vkms_vblank_simulate: vblank timer overrun
[  292.207672][T15001] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  292.613040][ T6050] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  292.724338][T15024] netlink: 'syz.0.3068': attribute type 21 has an invalid length.
[  292.726948][T15024] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3068'.
[  292.730331][T15024] netlink: 'syz.0.3068': attribute type 6 has an invalid length.
[  292.732800][T15024] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3068'.
[  292.783202][ T6050] usb 9-1: Using ep0 maxpacket: 8
[  292.790276][ T6050] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  292.793918][ T6050] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  292.797084][ T6050] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  292.800608][ T6050] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  292.804774][ T6050] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  292.807639][ T6050] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.021266][ T6050] usb 9-1: GET_CAPABILITIES returned 0
[  293.023176][ T6050] usbtmc 9-1:16.0: can't read capabilities
[  293.247261][ T6032] usb 9-1: USB disconnect, device number 30
[  293.385525][T15058] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3081'.
[  293.388322][T15058] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3081'.
[  293.431478][T15060] FAULT_INJECTION: forcing a failure.
[  293.431478][T15060] name failslab, interval 1, probability 0, space 0, times 0
[  293.435632][T15060] CPU: 1 UID: 0 PID: 15060 Comm: syz.8.3082 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  293.435649][T15060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  293.435656][T15060] Call Trace:
[  293.435660][T15060]  <TASK>
[  293.435664][T15060]  dump_stack_lvl+0x16c/0x1f0
[  293.435696][T15060]  should_fail_ex+0x512/0x640
[  293.435708][T15060]  should_failslab+0xc2/0x120
[  293.435721][T15060]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  293.435734][T15060]  ? sidtab_sid2str_get+0x17a/0x680
[  293.435751][T15060]  kmemdup_noprof+0x29/0x60
[  293.435762][T15060]  sidtab_sid2str_get+0x17a/0x680
[  293.435778][T15060]  sidtab_entry_to_string+0x33/0x110
[  293.435792][T15060]  security_sid_to_context_core+0x35c/0x640
[  293.435807][T15060]  avc_audit_post_callback+0x1aa/0x8f0
[  293.435825][T15060]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  293.435839][T15060]  ? skb_put+0x138/0x1b0
[  293.435851][T15060]  ? audit_log_n_string+0x253/0x540
[  293.435866][T15060]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  293.435881][T15060]  common_lsm_audit+0x24e/0x300
[  293.435900][T15060]  ? __pfx_common_lsm_audit+0x10/0x10
[  293.435912][T15060]  ? avc_denied+0x14a/0x190
[  293.435930][T15060]  slow_avc_audit+0x186/0x210
[  293.435945][T15060]  ? __pfx_slow_avc_audit+0x10/0x10
[  293.435961][T15060]  ? find_held_lock+0x2b/0x80
[  293.435980][T15060]  avc_has_perm+0x1b5/0x1f0
[  293.435997][T15060]  ? __pfx_avc_has_perm+0x10/0x10
[  293.436013][T15060]  ? find_held_lock+0x2b/0x80
[  293.436028][T15060]  sock_has_perm+0x252/0x2f0
[  293.436039][T15060]  ? __pfx_sock_has_perm+0x10/0x10
[  293.436056][T15060]  ? ksys_write+0x190/0x250
[  293.436069][T15060]  security_socket_getsockopt+0x211/0x240
[  293.436081][T15060]  do_sock_getsockopt+0xf5/0x440
[  293.436092][T15060]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  293.436102][T15060]  ? __fget_files+0x204/0x3c0
[  293.436120][T15060]  __sys_getsockopt+0x12f/0x260
[  293.436137][T15060]  __x64_sys_getsockopt+0xbd/0x160
[  293.436150][T15060]  ? do_syscall_64+0x91/0x4c0
[  293.436165][T15060]  ? lockdep_hardirqs_on+0x7c/0x110
[  293.436180][T15060]  do_syscall_64+0xcd/0x4c0
[  293.436197][T15060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.436207][T15060] RIP: 0033:0x7f04a738eb69
[  293.436216][T15060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.436226][T15060] RSP: 002b:00007f04a826c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  293.436237][T15060] RAX: ffffffffffffffda RBX: 00007f04a75b5fa0 RCX: 00007f04a738eb69
[  293.436243][T15060] RDX: 000000000000271c RSI: 0000200000000114 RDI: 0000000000000003
[  293.436250][T15060] RBP: 00007f04a826c090 R08: 0000200000000040 R09: 0000000000000000
[  293.436256][T15060] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[  293.436262][T15060] R13: 0000000000000000 R14: 00007f04a75b5fa0 R15: 00007ffe029e4258
[  293.436275][T15060]  </TASK>
[  293.503188][ T6808] usb 11-1: new high-speed USB device number 24 using dummy_hcd
[  293.503861][    C1] vkms_vblank_simulate: vblank timer overrun
[  293.507461][   T40] kauditd_printk_skb: 938 callbacks suppressed
[  293.507470][   T40] audit: type=1400 audit(1754409555.209:31098): avc:  denied  { ioctl } for  pid=15046 comm="syz.6.3078" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  293.547237][   T40] audit: type=1400 audit(1754409555.229:31099): avc:  denied  { ioctl } for  pid=15046 comm="syz.6.3078" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  293.555048][   T40] audit: type=1400 audit(1754409555.229:31100): avc:  denied  { read write } for  pid=14408 comm="syz-executor" name="loop8" dev="devtmpfs" ino=666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  293.562406][   T40] audit: type=1400 audit(1754409555.229:31101): avc:  denied  { read write open } for  pid=14408 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  293.570282][   T40] audit: type=1400 audit(1754409555.229:31102): avc:  denied  { ioctl } for  pid=14408 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=666 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  293.578234][   T40] audit: type=1400 audit(1754409555.259:31103): avc:  denied  { ioctl } for  pid=15046 comm="syz.6.3078" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  293.586448][   T40] audit: type=1400 audit(1754409555.259:31104): avc:  denied  { create } for  pid=15062 comm="syz.8.3083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  293.593224][   T40] audit: type=1400 audit(1754409555.259:31105): avc:  denied  { create } for  pid=15062 comm="syz.8.3083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  293.599534][   T40] audit: type=1400 audit(1754409555.259:31106): avc:  denied  { write } for  pid=15062 comm="syz.8.3083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  293.600112][T15065] vivid-002: disconnect
[  293.605878][   T40] audit: type=1400 audit(1754409555.259:31107): avc:  denied  { read } for  pid=15062 comm="syz.8.3083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  293.615796][T15064] vivid-002: reconnect
[  293.697442][ T6808] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.700896][ T6808] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.705290][ T6808] usb 11-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  293.708169][ T6808] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.713304][ T6808] usb 11-1: config 0 descriptor??
[  293.783492][T15072] FAULT_INJECTION: forcing a failure.
[  293.783492][T15072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  293.787551][T15072] CPU: 2 UID: 0 PID: 15072 Comm: syz.8.3087 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  293.787565][T15072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  293.787571][T15072] Call Trace:
[  293.787575][T15072]  <TASK>
[  293.787580][T15072]  dump_stack_lvl+0x16c/0x1f0
[  293.787598][T15072]  should_fail_ex+0x512/0x640
[  293.787610][T15072]  _copy_from_user+0x2e/0xd0
[  293.787623][T15072]  snd_ctl_elem_add_user+0x9b/0x170
[  293.787639][T15072]  ? __pfx_snd_ctl_elem_add_user+0x10/0x10
[  293.787666][T15072]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  293.787684][T15072]  snd_ctl_ioctl+0x799/0xf80
[  293.787699][T15072]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  293.787716][T15072]  ? selinux_file_ioctl+0x180/0x270
[  293.787728][T15072]  ? selinux_file_ioctl+0xb4/0x270
[  293.787742][T15072]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  293.787757][T15072]  __x64_sys_ioctl+0x18b/0x210
[  293.787774][T15072]  do_syscall_64+0xcd/0x4c0
[  293.787790][T15072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.787801][T15072] RIP: 0033:0x7f04a738eb69
[  293.787810][T15072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.787820][T15072] RSP: 002b:00007f04a826c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  293.787830][T15072] RAX: ffffffffffffffda RBX: 00007f04a75b5fa0 RCX: 00007f04a738eb69
[  293.787836][T15072] RDX: 0000200000001b40 RSI: 00000000c1105517 RDI: 0000000000000003
[  293.787843][T15072] RBP: 00007f04a826c090 R08: 0000000000000000 R09: 0000000000000000
[  293.787849][T15072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.787854][T15072] R13: 0000000000000000 R14: 00007f04a75b5fa0 R15: 00007ffe029e4258
[  293.787867][T15072]  </TASK>
[  293.942715][T15081] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3090'.
[  294.139672][ T6808] usbhid 11-1:0.0: can't add hid device: -71
[  294.141768][ T6808] usbhid 11-1:0.0: probe with driver usbhid failed with error -71
[  294.146964][ T6808] usb 11-1: USB disconnect, device number 24
[  294.253898][T15099] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3095'.
[  294.356374][T15106] netem: incorrect gi model size
[  294.358479][T15106] netem: change failed
[  294.413138][ T6050] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[  294.585121][ T6050] usb 9-1: config 0 has no interfaces?
[  294.585618][T15112] netlink: 'syz.8.3100': attribute type 1 has an invalid length.
[  294.586927][ T6050] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  294.589345][T15112] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3100'.
[  294.595203][ T6050] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.600513][ T6050] usb 9-1: config 0 descriptor??
[  294.662814][T15124] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  294.665904][T15124] overlayfs: failed to set xattr on upper
[  294.667716][T15124] overlayfs: ...falling back to redirect_dir=nofollow.
[  294.669857][T15124] overlayfs: ...falling back to index=off.
[  294.671698][T15124] overlayfs: ...falling back to uuid=null.
[  294.812663][T15083] syz.4.3091: attempt to access beyond end of device
[  294.812663][T15083] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[  294.816708][T15083] vxfs: unable to read disk superblock at 1
[  294.818691][T15083] syz.4.3091: attempt to access beyond end of device
[  294.818691][T15083] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0
[  294.822638][T15083] vxfs: unable to read disk superblock at 8
[  294.825284][T15083] vxfs: can't find superblock.
[  294.829232][ T7254] usb 9-1: USB disconnect, device number 31
[  294.941494][T15144] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3109'.
[  295.076686][T15154] netlink: 'syz.8.3112': attribute type 28 has an invalid length.
[  295.079584][T15154] netlink: 'syz.8.3112': attribute type 3 has an invalid length.
[  295.082012][T15154] netlink: 132 bytes leftover after parsing attributes in process `syz.8.3112'.
[  295.087921][T15154] syz.8.3112(15154): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  295.143999][T15156] netlink: 'syz.8.3113': attribute type 1 has an invalid length.
[  295.151368][T15156] netlink: 224 bytes leftover after parsing attributes in process `syz.8.3113'.
[  295.386782][T15166] syzkaller1: entered promiscuous mode
[  295.388750][T15166] syzkaller1: entered allmulticast mode
[  295.551906][T15176] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1545 sclass=netlink_route_socket pid=15176 comm=syz.8.3122
[  295.720210][T15190] netlink: 'syz.0.3127': attribute type 1 has an invalid length.
[  295.734166][T15190] bond1: entered promiscuous mode
[  295.736036][T15190] 8021q: adding VLAN 0 to HW filter on device bond1
[  295.753755][T15190] 8021q: adding VLAN 0 to HW filter on device bond1
[  295.756216][T15190] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  295.759526][T15190] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  295.766510][T15190] bond1: (slave ip6gre1): making interface the new active one
[  295.769255][T15190] ip6gre1: entered promiscuous mode
[  295.771825][T15190] bond1: (slave ip6gre1): Enslaving as an active interface with an up link
[  295.777727][T15195] team0: Device gtp0 is of different type
[  296.086907][T15212] FAULT_INJECTION: forcing a failure.
[  296.086907][T15212] name failslab, interval 1, probability 0, space 0, times 0
[  296.090871][T15212] CPU: 3 UID: 0 PID: 15212 Comm: syz.0.3136 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  296.090886][T15212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  296.090893][T15212] Call Trace:
[  296.090897][T15212]  <TASK>
[  296.090901][T15212]  dump_stack_lvl+0x16c/0x1f0
[  296.090920][T15212]  should_fail_ex+0x512/0x640
[  296.090930][T15212]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  296.090943][T15212]  should_failslab+0xc2/0x120
[  296.090956][T15212]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  296.090966][T15212]  ? __alloc_skb+0x2b2/0x380
[  296.090983][T15212]  __alloc_skb+0x2b2/0x380
[  296.090996][T15212]  ? __pfx___alloc_skb+0x10/0x10
[  296.091009][T15212]  ? genl_rcv_msg+0x480/0x800
[  296.091019][T15212]  ? genl_rcv_msg+0x4bb/0x800
[  296.091034][T15212]  netlink_ack+0x15d/0xb80
[  296.091053][T15212]  netlink_rcv_skb+0x332/0x420
[  296.091068][T15212]  ? __pfx_genl_rcv_msg+0x10/0x10
[  296.091080][T15212]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  296.091101][T15212]  ? netlink_deliver_tap+0x1ae/0xd30
[  296.091118][T15212]  genl_rcv+0x28/0x40
[  296.091126][T15212]  netlink_unicast+0x5aa/0x870
[  296.091144][T15212]  ? __pfx_netlink_unicast+0x10/0x10
[  296.091160][T15212]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  296.091179][T15212]  netlink_sendmsg+0x8d1/0xdd0
[  296.091200][T15212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  296.091221][T15212]  ____sys_sendmsg+0xa95/0xc70
[  296.091233][T15212]  ? copy_msghdr_from_user+0x10a/0x160
[  296.091248][T15212]  ? __pfx_____sys_sendmsg+0x10/0x10
[  296.091265][T15212]  ___sys_sendmsg+0x134/0x1d0
[  296.091280][T15212]  ? __pfx____sys_sendmsg+0x10/0x10
[  296.091307][T15212]  ? __mutex_unlock_slowpath+0x100/0x800
[  296.091327][T15212]  __sys_sendmsg+0x16d/0x220
[  296.091342][T15212]  ? __pfx___sys_sendmsg+0x10/0x10
[  296.091366][T15212]  do_syscall_64+0xcd/0x4c0
[  296.091383][T15212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.091394][T15212] RIP: 0033:0x7f9cfd98eb69
[  296.091404][T15212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.091414][T15212] RSP: 002b:00007f9cfe85c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  296.091424][T15212] RAX: ffffffffffffffda RBX: 00007f9cfdbb5fa0 RCX: 00007f9cfd98eb69
[  296.091430][T15212] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  296.091437][T15212] RBP: 00007f9cfe85c090 R08: 0000000000000000 R09: 0000000000000000
[  296.091443][T15212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  296.091449][T15212] R13: 0000000000000000 R14: 00007f9cfdbb5fa0 R15: 00007ffcabff9268
[  296.091463][T15212]  </TASK>
[  297.109376][T15257] netlink: 'syz.8.3151': attribute type 1 has an invalid length.
[  297.112201][T15257] NCSI netlink: No device for ifindex 0
[  297.637705][T15280] netlink: 'syz.4.3158': attribute type 10 has an invalid length.
[  297.640930][T15280] macvlan0: entered promiscuous mode
[  297.642688][T15280] macvlan0: entered allmulticast mode
[  297.649695][T15280] veth1_vlan: entered allmulticast mode
[  297.653593][T15280] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  297.664700][T15280] netlink: 'syz.4.3158': attribute type 13 has an invalid length.
[  297.924600][T15282] netlink: 'syz.4.3159': attribute type 1 has an invalid length.
[  297.927162][T15282] __nla_validate_parse: 7 callbacks suppressed
[  297.927170][T15282] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3159'.
[  298.081869][T15294] netlink: 'syz.6.3165': attribute type 72 has an invalid length.
[  298.084545][T15294] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3165'.
[  298.124908][T15299] 9pnet_virtio: no channels available for device syz
[  298.133200][T15299] FAULT_INJECTION: forcing a failure.
[  298.133200][T15299] name failslab, interval 1, probability 0, space 0, times 0
[  298.133220][T15299] CPU: 2 UID: 0 PID: 15299 Comm: syz.0.3167 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  298.133234][T15299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  298.133240][T15299] Call Trace:
[  298.133244][T15299]  <TASK>
[  298.133248][T15299]  dump_stack_lvl+0x16c/0x1f0
[  298.133268][T15299]  should_fail_ex+0x512/0x640
[  298.133278][T15299]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  298.133291][T15299]  should_failslab+0xc2/0x120
[  298.133303][T15299]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  298.133314][T15299]  ? locks_get_lock_context+0x243/0x410
[  298.133326][T15299]  locks_get_lock_context+0x243/0x410
[  298.133337][T15299]  posix_lock_inode+0xcc/0x2280
[  298.133349][T15299]  ? file_has_perm+0x27d/0x350
[  298.133361][T15299]  ? __pfx_posix_lock_inode+0x10/0x10
[  298.133372][T15299]  ? lockdep_init_map_type+0x5c/0x280
[  298.133382][T15299]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  298.133396][T15299]  vfs_lock_file+0xfb/0x150
[  298.133407][T15299]  fcntl_setlk+0x3ff/0xe20
[  298.133419][T15299]  ? __pfx_fcntl_setlk+0x10/0x10
[  298.133431][T15299]  ? __might_fault+0xe3/0x190
[  298.133441][T15299]  ? __might_fault+0xe3/0x190
[  298.133450][T15299]  ? __might_fault+0x13b/0x190
[  298.133464][T15299]  do_fcntl+0xbce/0x15a0
[  298.133479][T15299]  ? __pfx_do_fcntl+0x10/0x10
[  298.133495][T15299]  ? selinux_file_fcntl+0x93/0x170
[  298.133507][T15299]  __x64_sys_fcntl+0x163/0x200
[  298.133522][T15299]  do_syscall_64+0xcd/0x4c0
[  298.133539][T15299]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.133550][T15299] RIP: 0033:0x7f9cfd98eb69
[  298.133558][T15299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.133570][T15299] RSP: 002b:00007f9cfe85c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  298.133580][T15299] RAX: ffffffffffffffda RBX: 00007f9cfdbb5fa0 RCX: 00007f9cfd98eb69
[  298.133587][T15299] RDX: 0000200000000000 RSI: 0000000000000026 RDI: 0000000000000003
[  298.133593][T15299] RBP: 00007f9cfe85c090 R08: 0000000000000000 R09: 0000000000000000
[  298.133599][T15299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.133605][T15299] R13: 0000000000000000 R14: 00007f9cfdbb5fa0 R15: 00007ffcabff9268
[  298.133617][T15299]  </TASK>
[  298.137203][T15300] netlink: 'syz.6.3168': attribute type 1 has an invalid length.
[  298.153188][T15300] 8021q: adding VLAN 0 to HW filter on device bond7
[  298.221956][T15304] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  298.232452][T15300] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3168'.
[  298.242103][T15300] 8021q: adding VLAN 0 to HW filter on device batadv1
[  298.245959][T15300] bond7: (slave batadv1): making interface the new active one
[  298.249125][T15300] bond7: (slave batadv1): Enslaving as an active interface with an up link
[  298.522513][   T40] kauditd_printk_skb: 1292 callbacks suppressed
[  298.522526][   T40] audit: type=1400 audit(1754409560.219:32400): avc:  denied  { read write } for  pid=15320 comm="syz.4.3175" name="video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  298.532904][   T40] audit: type=1400 audit(1754409560.229:32401): avc:  denied  { read write open } for  pid=15320 comm="syz.4.3175" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  298.540567][   T40] audit: type=1400 audit(1754409560.229:32402): avc:  denied  { read } for  pid=15320 comm="syz.4.3175" name="iommu" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  298.549648][   T40] audit: type=1400 audit(1754409560.229:32403): avc:  denied  { read open } for  pid=15320 comm="syz.4.3175" path="/dev/iommu" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  298.559149][   T40] audit: type=1400 audit(1754409560.229:32404): avc:  denied  { ioctl } for  pid=15320 comm="syz.4.3175" path="/dev/iommu" dev="devtmpfs" ino=632 ioctlcmd=0x3b81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  298.569665][   T40] audit: type=1400 audit(1754409560.229:32405): avc:  denied  { ioctl } for  pid=15320 comm="syz.4.3175" path="/dev/iommu" dev="devtmpfs" ino=632 ioctlcmd=0x3ba0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  298.581456][   T40] audit: type=1400 audit(1754409560.279:32406): avc:  denied  { ioctl } for  pid=15320 comm="syz.4.3175" path="/dev/video7" dev="devtmpfs" ino=974 ioctlcmd=0x5605 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  298.602714][   T40] audit: type=1400 audit(1754409560.299:32407): avc:  denied  { read write } for  pid=9711 comm="syz-executor" name="loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  298.610329][   T40] audit: type=1400 audit(1754409560.309:32408): avc:  denied  { read write open } for  pid=9711 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  298.619064][   T40] audit: type=1400 audit(1754409560.309:32409): avc:  denied  { ioctl } for  pid=9711 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=664 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  298.668216][T15327] netlink: 'syz.0.3177': attribute type 72 has an invalid length.
[  298.670764][T15327] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3177'.
[  298.977765][T15352] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3187'.
[  299.050259][T15355] netlink: 'syz.4.3188': attribute type 72 has an invalid length.
[  299.052717][T15355] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3188'.
[  299.214438][T15366] dns_resolver: Unsupported server list version (0)
[  299.457040][T15379] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  299.468398][T15381] netlink: 48 bytes leftover after parsing attributes in process `syz.8.3198'.
[  299.491117][T15371] could not allocate digest TFM handle cryptd(blake2b-160)
[  299.520705][T15384] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3200'.
[  299.606776][T15394] delete_channel: no stack
[  299.771563][T15401] ------------[ cut here ]------------
[  299.773406][T15401] WARNING: CPU: 3 PID: 15401 at arch/x86/kvm/x86.c:11551 kvm_arch_vcpu_ioctl_run+0x14df/0x1980
[  299.776606][T15401] Modules linked in:
[  299.778421][T15401] CPU: 3 UID: 0 PID: 15401 Comm: syz.6.3206 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  299.783576][T15401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  299.787175][T15401] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x14df/0x1980
[  299.789218][T15401] Code: 0a 00 00 00 00 00 00 e8 cc 6a be 1e 31 ff 89 c5 89 c6 e8 e4 eb 79 00 85 ed 0f 8f d9 ef ff ff e9 25 f0 ff ff e8 92 f0 79 00 90 <0f> 0b 90 e9 81 ef ff ff e8 84 f0 79 00 90 0f 0b 90 e9 b8 ef ff ff
[  299.795334][T15401] RSP: 0018:ffffc90003877c30 EFLAGS: 00010283
[  299.797279][T15401] RAX: 0000000000000713 RBX: ffff888055e98000 RCX: ffffc90029b2c000
[  299.799767][T15401] RDX: 0000000000080000 RSI: ffffffff8141a27e RDI: 0000000000000007
[  299.802364][T15401] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  299.804989][T15401] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804657c000
[  299.807772][T15401] R13: ffff888055e980d8 R14: 0000000000000000 R15: ffff888055e98334
[  299.810301][T15401] FS:  00007f837389f6c0(0000) GS:ffff8880d69c6000(0000) knlGS:0000000000000000
[  299.812434][T15406] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3208'.
[  299.813140][T15401] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  299.813162][T15401] CR2: 000000005200000c CR3: 0000000059a4a000 CR4: 0000000000352ef0
[  299.813171][T15401] Call Trace:
[  299.821746][T15401]  <TASK>
[  299.822732][T15401]  kvm_vcpu_ioctl+0x5eb/0x1690
[  299.824526][T15401]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  299.826205][T15401]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  299.828083][T15401]  ? do_vfs_ioctl+0x128/0x14f0
[  299.829653][T15401]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  299.831293][T15401]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  299.833546][T15401]  ? hook_file_ioctl_common+0x145/0x410
[  299.835356][T15401]  ? selinux_file_ioctl+0x180/0x270
[  299.837026][T15401]  ? selinux_file_ioctl+0xb4/0x270
[  299.838655][T15401]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  299.840329][T15401]  __x64_sys_ioctl+0x18b/0x210
[  299.841920][T15401]  do_syscall_64+0xcd/0x4c0
[  299.843467][T15401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.845362][T15401] RIP: 0033:0x7f837298eb69
[  299.846808][T15401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.852802][T15401] RSP: 002b:00007f837389f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  299.855534][T15401] RAX: ffffffffffffffda RBX: 00007f8372bb5fa0 RCX: 00007f837298eb69
[  299.858084][T15401] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  299.860557][T15401] RBP: 00007f8372a11df1 R08: 0000000000000000 R09: 0000000000000000
[  299.863101][T15401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  299.865629][T15401] R13: 0000000000000000 R14: 00007f8372bb5fa0 R15: 00007ffde15e2728
[  299.868107][T15401]  </TASK>
[  299.869089][T15401] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  299.871381][T15401] CPU: 3 UID: 0 PID: 15401 Comm: syz.6.3206 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) 
[  299.875081][T15401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  299.878420][T15401] Call Trace:
[  299.879519][T15401]  <TASK>
[  299.880478][T15401]  dump_stack_lvl+0x3d/0x1f0
[  299.881964][T15401]  vpanic+0x6e8/0x7a0
[  299.883241][T15401]  ? __pfx_vpanic+0x10/0x10
[  299.884777][T15401]  ? kvm_arch_vcpu_ioctl_run+0x14df/0x1980
[  299.886643][T15401]  panic+0xca/0xd0
[  299.887859][T15401]  ? __pfx_panic+0x10/0x10
[  299.889309][T15401]  check_panic_on_warn+0xab/0xb0
[  299.890895][T15401]  __warn+0xf6/0x3c0
[  299.892161][T15401]  ? kvm_arch_vcpu_ioctl_run+0x14df/0x1980
[  299.894009][T15401]  report_bug+0x3c3/0x580
[  299.895402][T15401]  ? kvm_arch_vcpu_ioctl_run+0x14df/0x1980
[  299.897250][T15401]  handle_bug+0x184/0x210
[  299.898637][T15401]  exc_invalid_op+0x17/0x50
[  299.900092][T15401]  asm_exc_invalid_op+0x1a/0x20
[  299.901635][T15401] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x14df/0x1980
[  299.903641][T15401] Code: 0a 00 00 00 00 00 00 e8 cc 6a be 1e 31 ff 89 c5 89 c6 e8 e4 eb 79 00 85 ed 0f 8f d9 ef ff ff e9 25 f0 ff ff e8 92 f0 79 00 90 <0f> 0b 90 e9 81 ef ff ff e8 84 f0 79 00 90 0f 0b 90 e9 b8 ef ff ff
[  299.909638][T15401] RSP: 0018:ffffc90003877c30 EFLAGS: 00010283
[  299.911550][T15401] RAX: 0000000000000713 RBX: ffff888055e98000 RCX: ffffc90029b2c000
[  299.914059][T15401] RDX: 0000000000080000 RSI: ffffffff8141a27e RDI: 0000000000000007
[  299.916547][T15401] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[  299.919051][T15401] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88804657c000
[  299.921521][T15401] R13: ffff888055e980d8 R14: 0000000000000000 R15: ffff888055e98334
[  299.924029][T15401]  ? kvm_arch_vcpu_ioctl_run+0x14de/0x1980
[  299.925920][T15401]  kvm_vcpu_ioctl+0x5eb/0x1690
[  299.927468][T15401]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  299.929121][T15401]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  299.931003][T15401]  ? do_vfs_ioctl+0x128/0x14f0
[  299.932547][T15401]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  299.934169][T15401]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  299.936334][T15401]  ? hook_file_ioctl_common+0x145/0x410
[  299.938136][T15401]  ? selinux_file_ioctl+0x180/0x270
[  299.939791][T15401]  ? selinux_file_ioctl+0xb4/0x270
[  299.941427][T15401]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  299.943086][T15401]  __x64_sys_ioctl+0x18b/0x210
[  299.944673][T15401]  do_syscall_64+0xcd/0x4c0
[  299.946238][T15401]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.948205][T15401] RIP: 0033:0x7f837298eb69
[  299.949635][T15401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.955597][T15401] RSP: 002b:00007f837389f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  299.958211][T15401] RAX: ffffffffffffffda RBX: 00007f8372bb5fa0 RCX: 00007f837298eb69
[  299.960679][T15401] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  299.963167][T15401] RBP: 00007f8372a11df1 R08: 0000000000000000 R09: 0000000000000000
[  299.965663][T15401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  299.968175][T15401] R13: 0000000000000000 R14: 00007f8372bb5fa0 R15: 00007ffde15e2728
[  299.970658][T15401]  </TASK>
[  299.972348][T15401] Kernel Offset: disabled
[  299.973739][T15401] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:50:49  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000307fcb RBX=0000000000000000 RCX=ffffffff8b927c29 RDX=0000000000000000
RSI=ffffffff8de4d20b RDI=ffffffff8c160d00 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08
R8 =0000000000000001 R9 =ffffed100d486655 R10=ffff88806a4332ab R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90aaec90 R15=0000000000000000
RIP=ffffffff8b92678f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
GS =0000 ffff8880d66c6000 ffffffff 00c09300 DPL=0 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000003b00d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000015 000000000003bf12
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556f48566b 000055556f484e10
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055556f47149e 000055556f471340
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffe3080684034c04 000680030010001f 8004010000120806 060168e20008001f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0006a80300080006 a003000000000000 0000000064616561 01ffffffffffffff
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3832317369676561 2839303334636672 01ffffffffffffff feff0806b0030008
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0029696e7365612d
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010c10000008000a 080004ae08000100 000c08060a0169f4 01b0100006800401
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000c0806060101 ba00000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000029696e736561 2d38323173696765
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6128393033346366 7201ffffffffffff fffeff0806b00300 080006a803000800
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000d33077e5 RBX=00000000d33077e5 RCX=ffff88805365afd0 RDX=ffffffff81000130
RSI=0000000000000001 RDI=00000000d4826090 RBP=000000000000000b RSP=ffffc900039779d0
R8 =0000000000000001 R9 =ffff88816ca77e50 R10=00000000ad8e1edd R11=0000000000000000
R12=0000000000000001 R13=0000000000002000 R14=000000000000000b R15=ffffc90003977a48
RIP=ffffffff85160869 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6a94b656c0 ffffffff 00c00000
GS =0000 ffff8880d67c6000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005555605fc808 CR3=0000000050dc0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=0000000002fefcf8 Opmask02=0000000002fefcfe Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde15e2ab0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde15e2c36
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde15e2c36 00007ffde15e2c3c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e0a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e17
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e11
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e25
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12eab
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12f89
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000002abba3 RBX=0000000000000002 RCX=ffffffff8b927c29 RDX=0000000000000000
RSI=ffffffff8de4d20b RDI=ffffffff8c160d00 RBP=ffffed1003bd7910 RSP=ffffc90000187df8
R8 =0000000000000001 R9 =ffffed100d4c6655 R10=ffff88806a6332ab R11=0000000000000000
R12=0000000000000002 R13=ffff88801debc880 R14=ffffffff90aaec90 R15=0000000000000000
RIP=ffffffff8b92678f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c01300
GS =0000 ffff8880d68c6000 ffffffff 00c01300
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c291fab CR3=00000000296db000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe029e4766
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe029e4766 00007ffe029e476c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a7412e0a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a7412e17
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a7412e11
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a7412e25
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a7412eab
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a7412f89
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a75874a8 00007f04a75874a0 00007f04a7587498 00007f04a7587470
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a80ed100 00007f04a7587460 00007f04a7580004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f04a75874b8 00007f04a75874b0 00007f04a75874a8 00007f04a75874a0
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85635355 RDI=ffffffff9b104160 RBP=ffffffff9b104120 RSP=ffffc900038775a0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000064 R14=ffffffff9b104120 R15=ffffffff856352f0
RIP=ffffffff8563537f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
FS =0000 00007f837389f6c0 ffffffff 00c09300 DPL=0 DS   [-WA]
GS =0000 ffff8880d69c6000 ffffffff 00c09300 DPL=0 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000005200000c CR3=0000000059a4a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde15e2c36
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde15e2c36 00007ffde15e2c3c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e0a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e17
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e11
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12e25
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12eab
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8372a12f89
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000