last executing test programs:

1m27.531949829s ago: executing program 2 (id=1340):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x700, @mcast1, 0x4}, 0x80, 0x0}, 0x0)

1m27.531798595s ago: executing program 2 (id=1342):
r0 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r4, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103})
r5 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f00000001c0), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000140)="d8", 0x1, r5)
request_key(&(0x7f0000000400)='user\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, r5)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0)
write(r3, &(0x7f0000000200)='~', 0x1)

1m27.377356454s ago: executing program 2 (id=1344):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xccffffff, 0x12, r3, 0x0)

1m27.242204088s ago: executing program 2 (id=1352):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000680)='./file0/file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x3891018, 0x0)
r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES8=r1, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000980)=ANY=[@ANYRES32=r4, @ANYRES16=r5, @ANYRESHEX=0x0, @ANYRESOCT=r5, @ANYRESOCT=r0, @ANYRESOCT=r4, @ANYRES8], 0x14}}, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'wg0\x00', <r7=>0x0})
bind$packet(r6, &(0x7f00000001c0)={0x11, 0xf6, r7, 0x1, 0x9, 0x6, @random="9af4d6f4a291"}, 0x14)
sendto$packet(r6, &(0x7f0000000580)="0b03feff4f0002120200dc3a42080447124f96a13bb1000011000088ca1a08", 0x1f, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f0000000840)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000826bd7000fbdbdf250b00000008000300080000001c000680080003000000000008000700", @ANYRES32=r7, @ANYBLOB="080099ac", @ANYRES32=0x0, @ANYBLOB="08000400a80b0000"], 0x40}, 0x1, 0x0, 0x0, 0x48884}, 0x90)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', <r8=>0x0})
r9 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x82)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x5, 0x12, r9, 0x0)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000007c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000780)={&(0x7f00000006c0)=ANY=[@ANYBLOB="b4080001", @ANYRES16=0x0, @ANYBLOB="000427bd7000ffdbdf25010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0xb4}, 0x1, 0x0, 0x0, 0x44890}, 0x20000000)
ioctl$SG_SET_RESERVED_SIZE(r9, 0x2275, &(0x7f0000000040))
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000003c0)=ANY=[@ANYRESHEX=r5, @ANYRESOCT=r2, @ANYRESHEX=r8, @ANYRES16=r2, @ANYRES8=r0, @ANYRESDEC=r8, @ANYRES32=r8], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(0xffffffffffffffff, 0x7b0, &(0x7f0000000080)={@my=0x0, 0x2})

1m27.142874918s ago: executing program 2 (id=1354):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x3, 0xe4)
sendmmsg$inet6(r0, &(0x7f0000000ac0)=[{{&(0x7f0000000140)={0xa, 0x4e22, 0x7000000, @dev}, 0x1c, 0x0}}], 0x1, 0x0)

1m26.643791274s ago: executing program 2 (id=1359):
bpf$MAP_CREATE(0x80ffffffffffff, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

1m26.621192433s ago: executing program 32 (id=1359):
bpf$MAP_CREATE(0x80ffffffffffff, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

41.78111999s ago: executing program 0 (id=2105):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil)
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000)
munmap(&(0x7f000060f000/0x4000)=nil, 0x4000)
r0 = syz_open_procfs(0x0, &(0x7f00000020c0)='net/psched\x00')
pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x80000000000000)
read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020)
madvise(&(0x7f0000492000/0x2000)=nil, 0x2000, 0x12)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x2, 0x0, &(0x7f0000f5b000/0x10000)=nil})
munmap(&(0x7f0000694000/0x3000)=nil, 0x3000)
mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x8800, 0x48)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x2000)=nil, 0x0, 0x1000000, 0x50, r2, 0x0)
mlock(&(0x7f0000002000/0x1000)=nil, 0x1000)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

41.711403818s ago: executing program 0 (id=2106):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
prctl$PR_SET_DUMPABLE(0x4, 0x3)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x6, 0x34324142, 0xb, 0x8000, 0x1, @discrete={0x1000, 0x9}})

41.710956968s ago: executing program 0 (id=2107):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r1, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x60}, 0x4000054)

40.842063487s ago: executing program 0 (id=2130):
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), 0xffffffffffffffff)
syz_emit_ethernet(0x7e, &(0x7f0000000000)={@random="0f539af21094", @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x48, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0x4, 0x0, 0x0, 0x1, '\x00', {0x0, 0x6, '\x00', 0x0, 0x2c, 0x0, @private1, @rand_addr=' \x01\x00', [@hopopts={0x2f, 0x1, '\x00', [@calipso={0x7, 0x8, {0x22ebffff, 0x0, 0xfc}}]}]}}}}}}}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000ec0)={0x40, r0, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0xe}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x804}, 0x4040000)
r1 = msgget$private(0x0, 0x80)
msgctl$MSG_INFO(r1, 0xc, 0x0)
msgctl$MSG_STAT(r1, 0xb, &(0x7f0000005740)=""/66)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000380), 0x80, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045540, &(0x7f00000003c0)=0x608)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
ptrace(0x11, r4)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlinkat(r3, &(0x7f0000000000)='./file1\x00', 0x0)
unlink(&(0x7f0000000040)='./file0\x00')
open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x1c, r6, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004004}, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x28000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x270, r6, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5}, {0x5, 0x3, 0x7}, {0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSLVLLST={0x28, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x33be3ead}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3e5f900f}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x6d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5f038111}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xa0, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x49ed}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5e3865f8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa519}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd4}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb8a3}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x11f1b9f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x528a2de6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x59cc}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8284}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdc8e}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6d14019}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4f1c}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x7215}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x32a2}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0xe0, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x39397fd0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbb4f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe43e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa04d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x10ba}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x476c}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4170}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc0fd}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb02c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x69a28548}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x244d6f2e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb8c8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x60f0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x589c}]}, {0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xce3a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1c2664d7}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x68aa}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1fc768de}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1d27}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x244}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1c407e12}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x348}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xeb17}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6c8f1fcd}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1064}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x44, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x35f8fe481500bdfd}, {0x5}, {0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x18, 0x8, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xcc}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2602a29c}]}]}]}, 0x270}, 0x1, 0x0, 0x0, 0x800}, 0x4004)
statx(r3, &(0x7f0000000580)='./file1\x00', 0x6000, 0x8, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000780)={{0x0, 0x0, 0x0, 0x0, r7, 0x80, 0x4}, 0x0, 0x0, 0x7, 0x7ff, 0xffff, 0x5, 0x92c, 0x8, 0x6, 0x2, r4, r4})

40.841700548s ago: executing program 0 (id=2131):
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001600)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee61e00bf150000000000000f5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233bff7f0000000000009fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874c9a0c6c04b96360d6f499d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f4205ebf9a98a0d9f18135cb1d8d567c3436fa697b72c3b0200000000000079c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff68e84d7b130906f17f6aa075a257310f2d92cb1d1e16468949f5675262ee318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0fde97a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee807fc081e004ffb7d3104af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a40fde69c350e59f11f1d26a4d04d8c8b2c4a4d23ec931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d4e93882bdd6ccea97f3a08d3565b0000000000000000000000000000d35fb97c2d7a9374294dcec3da3df9a13c4fc63b00426682534d894caee0b963a3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x65, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {}, {0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x2, [0x2], [0x2000], [0x7fffffff, 0x0, 0x0, 0x2], [0x400000000000001]})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x20, 0xf, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x61bf}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x61, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r6, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r7, 0x895b, &(0x7f0000000040)={'sit0\x00', @ifru_names='ip6erspan0\x00'})
ioctl$sock_ifreq(r7, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_ivalue=0x8})
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))

40.671913687s ago: executing program 0 (id=2133):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000003800050003030000000a0000005dc00000000001080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

40.619057233s ago: executing program 33 (id=2133):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000003800050003030000000a0000005dc00000000001080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

1.34855411s ago: executing program 3 (id=3039):
syz_open_dev$video(0x0, 0x20000000005, 0x8100)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x50}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34c8, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x200000000000000}}, 0x1c)

929.072359ms ago: executing program 5 (id=3051):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0)

928.837224ms ago: executing program 5 (id=3052):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x8d, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x6)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
dup(r2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000104000000000000000000002000", @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006ef0200010000001ffe0200001f000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010)

759.025276ms ago: executing program 1 (id=3055):
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000001c0)={0x22ed, &(0x7f0000000040)=[{0x40, 0x0, 0x0, 0x3334}, {0x20, 0x1, 0x0, 0xfffff038}, {0x6, 0x6, 0x0, 0x5}]}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x42600, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x7, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
getsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f00000001c0)={<r5=>0x0, 0x3}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000440)={r5, @in6={{0xa, 0x4e24, 0xdcc5, @dev={0xfe, 0x80, '\x00', 0x35}, 0xe34}}, 0xe93c, 0x7, 0x8001, 0x6, 0x0, 0x609, 0x10}, &(0x7f0000000280)=0x9c)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000300)={0x70001, 0x0, [0x40000000000, 0x64f, 0x6, 0x6, 0xfffffffffffffffc, 0x4ffff, 0x29]})
bind$inet6(r3, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x5b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r7 = syz_open_dev$audion(&(0x7f0000000000), 0x4, 0x100200)
read(r7, &(0x7f0000000040)=""/216, 0xd8)
openat$dir(0xffffffffffffff9c, 0x0, 0x10900, 0x118)
ioctl$KVM_SET_NESTED_STATE(r7, 0x4080aebf, &(0x7f0000000a80)={{0x4, 0x0, 0x80, {0x181e0000, 0x0, 0x2}}, "60838d30bdcf77c591bd2eef8fdf0adfa2ecce1328e7ffbdf4eff7574e72d1b19e8689ee4457f4bad3cb45ae3a060696180693c62ddb1292ea66503905c0e61b516985b1f40ecd7c095ebc8bf22412f66904985382857755279cb4030f2616fc2b26b756a4728fe5a60c8fb2d175fa6f87ed660840c3bf6d805e877ee85f9ca0c0c16d1c501e402e09a3c152654fc10d99ac6648fdb9adb1554186bd859b9b84922cd7673638bd9e04ac920e0a55b675b09d61b82102ddd7940ff8797c3e5f4086decf63e3f9df57dc09f022fd266ec02c65f666cb5a1689785797b4abfef00b5c2d02e83ff0c03c9a665753cd7979348b0d2a10e21b2665e698239288f9c077fc0bc29cd06cbe7b4730c54fec2f571275f9b432b0a04a0acc4c442ede89b19fae7f642f16da7d2ae9f8df8aecebb18004a8ba8be4437c740b7e7c90a7be5711aef8e01f3734b5146ad81259aec7ed95a3531011ddfed7df5741aa4250b86bfe222d74c531506c1e0fe9fb7d15ea98576ebe4ad532c4f996996385f6085915a84f645074cb5cb78c1a458aa64362fd41095c5f04bff50557676c6cf2d7b1aedd6075487660b7f0e18841415c906e48b8d1d2bc9dff9cfb14cb262cca9519c721ec53813c840125a2794de2598401d804bb1136fd255797fc49a546c72b183e23a510a404f89c4f61a3c1cc5f0fb26bf2862f1ba083b32d165a6eca342b1810e37545055c2d368d35d04391cf197b8ecf9207b592e256f0a48560a76ff5f062c3e31b71ee69f6a3d54b9f449007bda0eb283ed615d991251b556b7aa6fd7df0f616f489f43b2f85894b7d28455e82764302652c696ed4e62c0c64f09b202c864d183083cee155c4689d85313a225b970debf1419cad310e610e064049efe69c37def7ad8e2c267fcc61df12c0fc0eef2daee22b7d50ddeea2f36a7e8f67297e4fab8f0d54128c720fb624f85e17e9a717e2f9c9cafbd80d187d3d445083a76b74de892960108e81a2205bd8fd4090884e0f535cc1ff436fa60101cbcab921a199c6282d871b6586a19f0bf8ab17ec26d8d00c58a2bea54ea4a22a7f52faab36fd1e5e9752d9405232c3ed7cd58ae28dc081d6fe265e0b0e2144c8bd0e0d78bc15ae626a988bc1adcdae7583a49564b08e29d9813c497f801b2de353ef8ff8c9fc192b26160699cebf82adbe472077b17b0440046b0f61946c216e10b03f1ef9724fc401fdd52c4f2d5dd1b3dccb773ffb47cd62336f2c5f90b4e1b310c3d3fa468c502158762a5bf75aee902d34a167a0df988391d2a99b8a4bdd70b97f541f9e258f0162b205f2597b05c32c5655bf21a2bca0ea52e96cc9516167481782e8c94556bffa1b68f71c0279ba5a3b1cfeda32285e5b2509251b06a652e0565538d8b35fc7281eb7d089eb8ba80f2db662abf5252ced7c21bded0d0cfed05cc5ca874d1883b959af87d6e6e3870fc1436307d0dafb96efd5541d58efb812ee51047a140213822884ae886f2622420fe67d7726e55f8fef23bef773f43daebdd487569fcede7ad898e023ddf94263a2faea502b34cca9c934b0282d4ce1ea60305a26c1099c32a29c9665b0b33d292bcdee8c790456e353c6d1d48e0440a9cc2d3b2316b8bccc2a1201aa30f872bacd63bf22846365fae99b46b063d4948daa25977d95688cbec05832e6087323ce3cf597210352f870369832febd6ba1e359dca2d752268b813f1651094f829b89a3ae90d4ba86f26c2b29ca052343c3aa41d753dcd1dfb78b82a4d586fb19664fee4683e7bbdedd17060d59c3f3691b1039ab060e3a02793f79ef317412066b15b903ddac8116e37e9267c705132a340ab72db74291f93b0b257178757930edf8a277a014cd71c312c6972ab08a3bf1dc63b17f43a0546c7bf575c55e026ba0549be4ac5863f8709c20273d834e5c4c3d0ed8f808aec287a5ea1c667316aa216bcdedf1dbfdbf30fb3eb1bedb2e6dc14ba2e7e39deee49ce2a50093804a11a9d60e7dbc64fd98f4054caa2e2e8d84e801b39760d84eab796c94b75bc85d221cb5055ba19cbe99d49c1f55c45455192362ec3567e6e5054fcd9c86c58fd071476c5b98d8eaa5b459faad9fa706ea02925f5d9ef51d24dbde6897872124f3b370f74ba8783374557189351d2f20646bd2e5a30de5a976bc418f1df866d5c9b6967165f8cda9cadbedcb28e5b982d5794e8298a2cd23024011fee78983c97ece857027b507ea6aef5461154a8c7e1ccb11444edb4f5374949ae2ca9620163b324a1f92c65c7468cc41e99cb363d26b003bfc1a666bfa70e6b1ca4ba7fd2367d56c0e8072e0c8e3aa59767b3f39be63cebc10bcd16806de1142587fec392d0151afd0321f5f09824e738c0663f8067587c067ab96d35b32db13cd9e2dcd0c28cfe88bfb9de78c0d1a5543a044e089153f0c7ce65f8263a65bcb7739b6ba750793434f2fdbc1e1ea3ce9a3936e5b5494111b139996bceea36181830daf49d8ff5cbd60c31cc17a808ad6c804dd3885f988411a1de3260e9c011331e26704389487390fda3a2fe9fc6e2c78284ff724406a9aef4e08d01fcf565c2de27aef08057102f231287688a9f5ac3d28b18ea60c4178c6487a92d9ca217bd705ead18798821aff8bd1c20a3252aba0ef235a137f564284ca99d49777e20bbbd8cd2775d8d616f500f812ec105365443113ac114e9be0233b37b471c21fb67fe8f3b4b3ef51c65e875de63578a22308f0aa9cc369f32d1282b263ff5eefc96902cbc1fa7215dc5c4b57ee3753a27834f4dbb01b69750df663f3a5964f95c03f5f06b8f73337aada6ad83b8023d6560928f891e8e2c8dfe5371378b0c5871f8ea427eea5653ee8299156fab9879767cd2e3bded75ce85e70f723f50f25faf66a8060a595a7163d4776bf7fe4a7709d3386a7bc5951b8ea2644422115ee4c3cc9ffeedfc79587d7f58826f275d429500acc8980d90b98d05f9127459b63885e43c44ad6815a7d39c36fc1ae062e3babb0f4340b36f26b67bd0d707b39c774e2c89955f923ca15c8a87c98439f7265ae34a19150fdee2759ae98ce1b152d21524ccdb4dd2bdfd30c07d943211f611680ccc97472d07f00951439d6b15aca1284ee9f10c0d8f6b312c0d8de27cbcca0d8661c659e2cfbad12f7c2b7525e1d056cc4dbf2ff17f1d6838d6943bb8941a80c3b7e99c51bc5ef4767acd2df1991652fd6f66226933a91991105971dfafe391425f19c2d632d26a593bf65b12d959b6505fafc4807a74473590edeaf032a7a3d97ae60e9bbd5b49323a6f923253f73e8d7ea401cc3ed95081a0106230c51d7efd0385a4274d9b19b718b441595d655ad5dba16618036c8f8937c52a1c6263a516320fccfcf0a9c9857a795cf4a08426c8d18f96da0be2c7a42f83c5a77a7f4ed0a189079398e650516b04cb712f5cf9290ae909a556ef01a8bd70e56c50bd95e7bfe5b5be96d579954826b1deb41dced86b79bfc0a53990021e6fce1e3ac76b37312fa24402f3937dd59ad759faed85bb13444da760311a313f0d5a462b282499dd888034db3d1f9bfc41eb57da8f827f42f334db56d8c4ecec4920857bcb56e1f8193258f8767a41bc468977be9c8a216f1b396a0790a82f1ebae9c05d00dcf5ae1aa18b17cb43bd64cb475fe98eaba9d9e66571df27f8efdfbe27a46fc967d11cf7c29fe8ccc7b402d79b7e994706693f72600a7b2c1da2dc786fd9d2d3d22db9998eebe689439f0b67262c6c01da4d1c3c69276e547e30e16277a76bba676f234d453be58a852bf841a5149c4e4bdecf8f8580fc1655a8d3da3c18c3c45da5f1a2f6aa5ed3f50abb21caaba4e691d23c5d4ddb667a61b091530724c26ec8ce2bbc2d1ef75bb570e916235a8588e3f4cc80b1eee56f7e1b4759c4ce8045c0dfd438441c99e5cbf3be10bebd18405ce1752b5b4e220bfd8d303e53d169429c4f169a104ccb602a088a575ecd26a40a40e30416c1c4399277dfaeb34631bc22ebf7c8fe0924d8b0244a93d0db90b3cd2ab4ce0c209870041a51a083db6a7a426383664821d0d39e73ad0dafc0cac2c6c7373f50f639025de80d74a73b522a896582f248a2dce58549a9279b3923893421dd7e2a09503dced47cf66758c41fdb45331ad81672a796b8a083a4cb9e9a37d61335197405361c253c5a826a320b3b4f6463a6c31c05dd6e6d1533998e1e9a394767bb0a16ee6d2cdfe53e2d0f49fcc3e2094a4e753fffec39ee57b7a8f927aa4dc28638f1beffd504bebdadd9c459857dd4244ac535b0e92012daf41b797ecbc8edddab0bab9e8964a37d1f6abe380cc73ae9f213aba145a3e20d17ff282af7b8d65ac5765b7248785865999481eb3b60854829b557b77812b708ae23c777462035605e4a3f19ef2194d9fbf3c55daaa34502d75da81c005c3cf86e6aecf99556c831aefa95b07abccd932b8c21a4cee07998496cb3541a2e86ec55d7dc5bf870cc6c4033850493f492e7f83a007ed24c7ef941d493eb23afb44640e77fb9b53ba89ca73e7b876676d8380495067b44cdd5d4f230ccfa1efcc7d92bb148746ab1c46e21ef29b8a9e6ccff067d504c43d2d643a1835a7d78940601aa3ed99708f04b20a8a2f360e15ea195c36210585af792fe6bc386eaf826a9d349ec15a31914f35510612aee84c35c3b9eb8792f606ebf883c8ef0a649ab3f4f21f5fc80745a1516506c856c32a8bb16cf76c7f656a3e5f552212bdc5b5eaba2eb227876b7cc12642d893372fed1e77588f3e4975b7e64420a441632d7ffd051e24c40b6c2d5fe8334d35b254c3eb01e61b1072c002f77050d0f24ae4ac21b9ac9df866297c2f74b5c730f2b33b8d1dd1e120ac853b16ec58128e3a95f37c56e88ac073b23a0489f81c1e8be4cd4339fa0cb39d33d1b73ca7d7adcef24742698f2c75bdda2742edc1e049ea4f783a4033b563aadf76cfa774b07646361c18206129fa18219b1fcdf93df423efa6efb5ec5ba0a2eca23d861a35039ac1164f37d345da9e66b900106f3a1dfac1742b91405551755078ccbb661163e994ba9f6f5b9bd52b266d829c99f1aec2d862ee96c5e6be2c0627d94538b805c619620f062cfc8ae6244193a1ef7112100e11a1c498caf7c0df48be06d39634a1c9301bcdb910262a050395c1f5da5d29fa77b7cffbca0844d8dfdcff096d084a0d93e4bc81d89ec0ed4e67a4c8b68816d269327b52f4bbac1c31d0b20f0a42a874deab18ff0e59940e88921cd1fc042d2caf401c1525df9b1de68a31ffd29dde91a79dca20a9db4cf39f55d12c5033b57abf2174225247c2abe2c1c6838c158a8d38e6009eb17a2232eb3c94aaad01c0867f4b97a30230e83ce98bb3eb437ca75eebeb54c463563bf5a62c07fa01ed7a022e99cf8023ad8eeb431650347c09beea8ef2bd4c54dd98206dbeafda58aded87008990d631a0996854d1bcb4cf99854b18c20839b27f2ebc0bdae4cf68ef13db047b6b3d4d0110959d707a5d27dfc19378aed663592529512f7d100ce5441cedfff3d5b940a21d31f1fb1889e4e5c2c4ae6caaee5b920f8979304105d2c4cb74984551b4ed57032a2cadbdc6db734eccbc24612d797c2628de58138aa2417295925504a73d57ce4cf5cdb2c1125f31ad2ab45f41da304cc87dcfbe7f3585f2a27ca983e5301b9c4eeb10a5a21f9b17619c78cd121ab8703edb56768eb47fc8c51b55b8e1be5dff5e48d895a739e796b303d533216475e323417383cf09ce6075a125e66177018a0dace3d3dea7d0e0c2449829fcf6", "2d31d8307d67593624cf2572b0ffbc0ff0143360519fe30a9f20ebb9d149c1358721cafaa9f2892c3bceaf63da546cd0f991f419d303b02a2a3b4eb117eb68c996aee0b47a22a135bf0aee2cb4cf75a11eebe3226fced8d78d6e4f708e6bc98ab38d950a37a6bd25b2443190ac87993763bf69f90b98de2e849f714d3fd37c45becd9c2ed8eb815f6e80bc2c253a5c6fe7e42caabe440ba3b1600e14ce685cd1e1b6c28c1e3c5aa964f9af294a1f082ba47cd92b887f928687392a5c84f009eab68fd85b2a366d819418cac2cec7d5a20e8d6681d15df3a6713355c63b526c88f065a991ab661345f41feb5801ff93caae7372566de86008136c458f3cc3f42a637e0f23125c4b9fe3b9ba7b43b88c6a77f4b5654508f4921d246dd6edd331a84c85bfe0611226625536c4eeeaba86abc03b0d0e7651517418909213ba164912fc008cf6064d05dfc4fabc725ea6d7ace0e6e25cbe390c2f277c5743094defe260cdc53ccf5d56d9601d45801028d31d5b704264a3bdf2d6e8ba7ee310db43a411478fd2e81f74e2a9efdcbf4f4f6919b6382bc40e997ffa0d45e316514f8c8becf7f012eedb320a96861a4fb7eb994dcdfa3fa771e10008150fe70bbb5aa9825ce682abf053f32bcbd9ee17b4871b35987355b3cf780229a6f645443ff4efb3fb221709c344f286fc75db931e0a9e6156a226bcf0dd133efa5361c6894ec7119a6cf2a7db608adcb2965175abd812e03a09202fbe2abee718b0cbd534b4f767c1ee8369e40ece0fe8d6062c33ed317a80e12df8c8f8c6293888582863ceddc71e440b16ddd7c7f39afef10a144424f6f6d0df34c7e70f4a77edf6b352e65d04ddb81660c4187031ff4def0842c65ce0f7942d17dcb367f6fa4cd617c9d25d5b3f266aec572cea2ea4971d59387dac3c36066062d598499e1df8a1f4abb718ffc796eca6e6b0cf3e05fc7198e5c7f1aa76d0195fe1c7b3bf79e5f6a8ba80754ddb6304774d2f06b24d47a0949254910c42c6df8e44ce8177cb3d262deb30cdd90334a22d9f51d770aa62226b7f9b63d79727ccd64ecee7a3e60a8aa9fb7adb8018182e45f84a867837aa7dabe592796c8e73987a266ee61216dcf3d666b5c3c86f13654a652cab53ffe273999c095605f4286f54c6d8b53f433d9d427e9f7521df2a72d95fdc3eba4824e15a27f7998c3a909a78ff3ddfda5fdf8e2ece096f887405f4f1911287f20332693a6cde51d5f8921e5c68b8aa8e566c23dddb746ea966b6748e290216bc2dbe3ac1d1507d1e964c35e13ea8a102bf37aad76f828fa93dc2fc67afdb780e98da6a009a8264f9e6a9f3abdff3e0f7bb5d3f7be6d5a951773c0ce9bc37a113dcbf6507d18e9dd1bd1dc8a8354005ef6ccb2bb070d6f9a354d198c7adb8b02b67a7fc767c554983112ef9b1c61e4ce5b58e7973bb0b2750ce8739bbb280d97e2a005a419495c8a97a58bfa026f8539c881fb538058e14d652101e88ce1a9ab2eb04f4a75d81eb5b3cc4c635c3675551494527b28e8cbd51280c313298b95fb1b51ed0bc4c1d01ccc405e663b6731a380ea9ea6aa8ef0833f82d3876d98a1a9271b1553906e0e9a9919535b31b4ffa9fa3cf079dee634613c37bfc036a36c892645c9856ca0deeef8a93ae3d86ef2b4e4586e69e8faf189c62a26312b9059c3c01b041bf1c947885791cf7c34fbf25effc8f8dbde7f78641b1fc0ab7c45025df44aa65824243b5a1e5a453e89c232d9b60b3d62fda2ee9dcf7280a1fd5206eaa878924632e1d122fa9b5336e60f756ce24099ca72d95541119fed4df61955c51e127275e3aacb59e20e8e71a82653f536321a914c10ae2a40c7fd00dd02daaa0e328b4488d969b569c329f6356509265f01231e0d82a5bee90dff266869bd800b46cb1a64df2635479f4e37f00805d45bc40c7cc36289d19e4f24bdeae3dec52e28b55cffc225b96a690a85fe5c09c306f6487bceec9a958bdf7e09adfc7a3f9821669a4a744693b3b33d0c3db1f760bd0029f17f6402fce19fd6c0e19c5aa737226e00e95283b532dfd1a624f99dffb1b8fde10c88b1ced8b6d0e88d6d6b2292165c9f99c38cd7ed4d05972706fde7b4b678741f6b0ec1c575a337deab2e05a599a74a880584d80282c0948c877232de1316194e6bec64ff2a51ce349d905efa88e093629928e3bba0daab4d3418d17ae21a30e33e4fe2dda2dd2a35224791b12c9297aa25edba0c2d528064dd51c166b0ed9251e8739ef2835fa4c1b077cf90dec88ae3521ae6c1d8990b984d2808e8e2ddf6cb1754232dcb3af9500dafe884616815c62ffd11872a49371d701da747298c45a5d11f9aea7c51977797f728735630ce53dd924e51d842ca3023519ed3faac9f731649691486d65697d3ad12c29a0beeb34f70cf3d4ff60238133fdb81d5c9189fd9e5b33816574f4ec692b50ac71c8e5f0b235ae83c1212ad7d07655f82903b85ce24b90fad0d3c3a9380143d8e4be524ee5a077af0697ba6d150125e14038035798f4b0238c3fc34d65b324de23f17d285f44406ce9696ca36ec8017f354bf12eb0d34038c5c46e04f820d1c214a3e551e985e4d22e156ec780bfd9cee9f903a98c3bd3c8ccf5fe26bb7fa3a09072074231b6e3a45ba35b4371d5a003a994b6438a33c76bf169f14ee12461b6b68c1a196713631ac3ce32fa3f2d62a9f02b436644a4de9842b1639f81a2be9c27e052f1f86895e0462870c80be463996744e40f99c8b5c40feab33edb35ce59f15016ea94b910852bed66e9da808d6cf16df513d211f1e61fde0f606d86e044722c8eac593502c429c559b4889a9ab5332db7af9a0bf2a5635b00f27bcaf96c61ceabfdc51e87c4cb93afe32043d14577fcb5927eb3b9741c14b17f1789744cc14ece2c93ec21ae3dee8e5c2d60cfb3bd33ba09454ccfae7a7140435598ea67482ee829fb2fa810913834dde2746c3849559a963e05dd3f05ac0021a7db19734391795cf70d6400d214be7549e961d5022458c50880a989c13fec3449617d2e0de0be48d1c5eed415a63c33dbf9d38259c4bfff1795ee90ec672156735b402cd26bcda242e566b3c148ff38bb980dcd754cfed92be890cada9343774405f24f21157906be05e53e55c86e86be6ac4fc395d028b2cc795c334c0ed40e863c7a4ee4dcff5e5eb83957991b5113be1f87908cd8a9fa508dcc7dda13ed92710cffec1186b91d3802876d2065d350b6909a33559ff0f935666f4293410eab54d6d72046231ac9e7187b9d53f96e47dd0a7d1dd4b4c6d88c76d872232dbf8877d0c407ba2246c3ef3cf90cfa54910b9ab90136b018bca758c2978e355e26cdf264c51f79ba47f36b5b4e4d7c0191622cdbc5aac47e81250a730f03f956223286ec784c6804db70949ed93f32de25bfc4ae0b37afe0e6e1c11fdb39984ab3554adbbe7263f15a985fb671ca55b2fa1164d2a2925d6155add15ad33a8bf6fbbb85f399e3f7c8f30900e8ceb6e35d7b54de4089be4d85804398571d7a7471750ab20207a8854776a9f90e1599267bb2c6e4a0cb8cf32b41499c384c547dc3037b3f97e20595bbe82083be823f04e694abe8aaa3642a5280459894538608645396adac2faf44c4393c9a4dc91e1901eeb6a43ba5edff97603be9058a798e4a0046b5e141afd6cf7a6a28a8b974c7ce663932133406e3351be77309933eccf97c5dab318f2e216fe50e9fc51f50c923902b0b16bc44dac2e2233f029d0f9884031a096197ea97b737cfe72566edecef18f83f82184b780899204d9f76804337038f3e7b229e263280a9dc4218febce628ea9c1e6053cc0d554ae623a6dc9a67cd77c2fc16dba9f320c68421680476634b9a419353bc3984198b039974d2b5a692017ca13167ca22029c9275a877ee47af3497ea37a3e48538eff8d20cec0b3bd2f88ae76de239dd4f6f90077450e4715eccfc1c6f36c5834e96b9805c3b733c5ad4fb0d9cc4cbcabe60a3fc79a01cf0c04a32fd6fc58f7d8705a5e671152ced0064e32e7a8acafef5bef4126d1384ef6dbe663d71de7870c9cae7f5169388b550d746320f458d9c5253ea0a76c394a05a32ee4574d4be12692a74ff07a2a1d7cee501d2370267e59cd94bba9fe108f6cbd014767f7c9f5e9fb436bf978a0b9c7790d8f399d27dbedc786d46ac70d4e432ae384fb1d2a6d2e9d97c73c05e4cd3a42b4f612dda1e1400b0a6347112de2bc9fa439896db4a3b183b498325515aa895d276c9efbbb10504be19ecc8a7a0eb5666bf87e8e148b113c3bc7daf40b291acfa10566c9b954f1d98a67aac62aef54d37cb2d79bb439f7b20ca73320047d02ce4b085f0570fb88c5f8f78473f98ee91292584cbea4a4c0e46c7b166fe11920b724c4a95f51cf6277003cb7fa780efb3f515beab6da60c3891f73076eae6985a9d464843178a60a14d797a341b7a1d513971e9a639981de1eae83d908f27f83707df0de4b9a8e75ef3683e0d20a4808e7310a7c03699d82175dec6242e3b093d81b16626463c09b8b85ce0246f5861d5a9b40d0a7d0799a64f81f075696a4131eddfb76dd3329be179ae8bc49971dd0ebf320ba608ad00373fb3334409a6d135d35bdb733e9271fb0f50a07112407390d5648f1557c44a35524d806d1beeb46a94d1d2160f13c95ae015c56c6c26eb7c390870ba38a8fa99f3bc5d4736ca7c6d1033d1f923be74560f422277b863936a7e88144229eb19439fe9044afce63ae00dda66ec861c4cd8a0cc70394545c0d6a36c83fe8a7a45e6205200b78ad353d83edc7390d54af57bc8996b915b5c455546a9b58f089ad9075acdd5b5a757d4f25c471eae61f4567e85e761edbd7fe83279f54ed374373ffcf4e9e9433a1db4f571918b328b259f8715984bd9b90d98c7a3bf3334aec6f5c4a0bd7383bd14b9491bdbb342881959fd8059f8b41a09c4841023449c2be59bb66668b63e666130b20081790e1dee49d972ea53244cf072b14a59db48128d223621cef83a7caeb80469c8fe518316a0c29298e9f13200115292e493a4ccd1fda2d763e613b93fdb06cbaa265ac84ca9ab30382d7025529466b0b8dabd335ed6afaf826783d2510975d13867dff33eefd75d7cb1bbfbd84ca19f85c35835372010851e7bb0ebe6e2cae6f9c92f93c987de9c9afe636680209ba35c463ee464c626363bdb6be93b892a15dcaa1c8ec1272886c305154e85f90e27d102f8e8ae02ad46474e5fff4f8b6a8eb49b43e07a5ebff0c05980c419d1aa0b204cf8e8976e217e561f26c04158261dec024acf0f68334e1ae19f0dca65e2baf571fcea95fb44d5cdea77ec0240cc632e180e3513349f1e9465d6e2f6efb3d2b841bfa7e60fbfb8491e716f563df472b07021741c45ea8311e36782ee8461c866d36b692cbcf044931e536b83320f224a4266e758c3774163287f95864e8a48c7403ef7c873e96e637c3717069867c28c2c095fb559d6005ff379c455e1deda605dcf944d643214edd9dd9aa042e18371abc26c0e9200265a8ad7d7d7532bc367a3f1c88e538b9af9e2253dd2fd30cf855579ed58cac56858b393df8ca5f7b22a1ec3f7a804b7118b1e01fb7975f6e88ecd89053586a369b6709395c0262ec702a315be36507f01f187e45427f210868ec12233de1326cae9e77a830596aedfc36b1ae5a806b2f113c098e6d2ccb239c9a3e3e13114812c47ab97f7c434bac1b1f19c357500397907e7afe4a7ec61455deadce5376d2557f412c78ef81dd1b3a5f51ee879e0f69806959"})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
alarm(0x709abc910000)
alarm(0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x9ffc)

589.946481ms ago: executing program 1 (id=3057):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010100, @in6=@mcast1, 0x3, 0xbf, 0x4, 0x3, 0x2, 0x0, 0x0, 0x1, 0x0, 0xee01}, {0xfffffffffffffffc, 0x0, 0xffffffffffffffbd, 0x0, 0x6, 0x9, 0x9}, {0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@loopback, 0x0, 0x32}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0xff, 0xb19}}, 0xe8) (async)
r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000280)={'#! ', './file0', [{0x20, '-&%+'}], 0xa, "7055996aa3809fd4832935ad36e770be8477712e144f65796cbedaa11a86667532c3d33834842542c392e0d2cb603dce4b3eef419bae590f54744201d51aa68ce722532e3b426c3e3bfdad3c84f261a61e4ab42b15b2bb45a23ec3e79569bd8e0b48116b880e51a622da2a908eede542d6c40191e904caed179936356916bb95e7e5f8d5ea5ca3337076ac64d55aa70581c844401878c5ef0cc4bbd2311284bde38923ac84aaf40134ac69390bb7dbd2a916213c20ce6dfb3988486ff6d6444f64ef01da4a52b3b592136330146e1de181da"}, 0xe2) (async)
socket$nl_route(0x10, 0x3, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={0x2b4, 0x16, 0x200, 0x70bd2a, 0x25dfdbff, {0x18}, [@nested={0x141, 0x144, 0x0, 0x1, [@generic="ee4050f85005d1ca1138c0d5bf5be6d8e2255d325fb3263c6401cde649fda6827082830d2ea84662d774d5ced9a6631540ae9a34362b04f027718ae985c6e5034a0472fe826e5f8a6033df02f35d86a00ea7da7898f6c8f7c6fa4b61ace9ecaa8d55957dce18df144e0012cb608bd8d6e0975db9cea118f1ff7cb12833332b5f4ca332e848f661882eeb4e92663ea227989116a2395aa5ec528572fed7aa2b33a7d357d3f783dcf22ca22d0a48714509b187332ef8b7b2cd326fa182360a0218b0aa37b8faa96f48af716a9d234c", @generic="36619df8665a84e63e1eba10ec22deb602c7", @generic="8a948d850ca5f9adb172e62d2c75ac1352ba08cba688a4437392a1c5f09fea2fb997418b8f4ed10dc08c22d78ab4600fc7b6ab767ec619f41d28fe01cb3b6e9f202c34b2502ffff362", @typed={0x8, 0x136, 0x0, 0x0, @fd=r0}, @nested={0x4, 0x131}, @typed={0x8, 0xdf, 0x0, 0x0, @str='-&%+'}]}, @generic="61df0d298bcafe2fcf86efac7e8b6020f5bb9c631d038f9cc12570df4c19e16d78605b883a442db7f395726f290d8827254aee14ab3d5a01004dace1e0ea80267f5fc865eefdbd0d81507ecd065d386245b93959a0f3bd8c31d53689de3fe7f14ae98d9e97c60859fd26697b78c515809160002a378cf08ae3621358bdbee4677321b54ae3a893c2c9ae1121cf47ef0e7e2e4ff2a0b6c9a5da13f5e63aba552302b9fb7842bce216f93c59d686f5d2d95ebdcbb193b754550845ccfc7e0025c02d", @typed={0x52, 0x11b, 0x0, 0x0, @binary="f2ceb6d4c46e8183c93b00fb64bde2ca409cdbf26ff05d14291bd1cc9282de552131c98a92b557d6ac2a2cdb120628384f8af08b5f400b040fbd63068a4d45ad6ad7e22014054a8e8d97e578cd2d"}, @nested={0xc, 0xf5, 0x0, 0x1, [@typed={0x8, 0x140, 0x0, 0x0, @ipv4=@multicast2}]}, @nested={0x38, 0x8e, 0x0, 0x1, [@typed={0x8, 0x7e, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="e8491fba6a3c295b5bf3b6305d984da8a10689edbdad0d69769da1c0eb017f9d1377318d3151c9c71bf7fec8"]}]}, 0x2b4}, 0x1, 0x0, 0x0, 0x20040001}, 0x800)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
write$sndseq(r3, 0x0, 0x0)
poll(&(0x7f00000001c0)=[{r3}], 0x1, 0x100) (async)
fchdir(r0)

589.716194ms ago: executing program 4 (id=3058):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000bc0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="25000000faffffffffff0500000008000380", @ANYRES32=r2], 0x24}}, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)={0x2cc, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x40}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8400}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7ff}]}, @TIPC_NLA_NODE={0x140, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x77, 0x3, "3d1050ccfabf977565a00c8716722b26fd29d4a34889d0ce2ef42c08f0f150a838cc07994b257f0fff77845c496172467cd6b3ac9fc2461cb99ac26f0509bc1374e793258a000211115d6a27dd244088abe9109aa1c3be11ed0f19451706907ca9d4cf95fb9cacf7f998c41c26d4bf6bddbc27"}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "2d45d94feb0dcf458fd3ef2ea45143de685d18eb6e24aa6deb52a57724a570"}}, @TIPC_NLA_NODE_ID={0x6a, 0x3, "c7dc14ffbe2ed99885e6868b8a1942a0875d40cf3f0a8c3660234b54568900d0a5d035607dfda52b744ff5fd2e4d4bd9f9a2ad6dabb78dcb4d63ba835c32ceae0732f43710a1b4b16220d27bd393099c2c697fff6901399b8bc3ad327add1bb4ec5a535f6305"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER={0xc0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'xfrm0\x00'}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3b8d2f37}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'sit0\x00'}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'ip_vti0\x00'}}]}, @TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x38, 0x3, "ad3267ca2202617b153c3aaad832d36f7210083dbc15cc0de957c83f00597c19ee1c1b6806dbf73a12a1738e7c509dc8a18c33dc"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3}]}, @TIPC_NLA_NET={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffe00}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc}]}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x4050015}, 0x4000091)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg(r3, &(0x7f0000005ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="37a9", 0x2}], 0x1}}], 0x1, 0x1)
r5 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r5, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

510.132249ms ago: executing program 5 (id=3059):
r0 = syz_open_dev$vim2m(&(0x7f0000000400), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
close_range(r1, 0xffffffffffffffff, 0x0)

508.014297ms ago: executing program 4 (id=3060):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[@ANYRES32], 0x4c}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

507.90656ms ago: executing program 4 (id=3061):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000000)={0x0, 0x1, 0x8, 0x5, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010081007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})

507.838081ms ago: executing program 5 (id=3062):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x8000000000000001)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2c, r2, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0)

504.450884ms ago: executing program 3 (id=3063):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(r0, 0x0)
syz_open_procfs(0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="c4c1fbe65c52000f01d166baf80cb8409b148cef66bafc0c66edb9800000c00f3235010000000f30660f3881969f00000048b800004001ffffffff0f23c00f21f835020004000f23f8cd0766baf80cb89030e686ef66bafc0c66b8007866ef65460f20810f21f9", 0x67}], 0x1, 0x6, &(0x7f0000000140), 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', <r3=>0x0})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r3})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', <r5=>0x0})
socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c642d, &(0x7f00000001c0)={0x0, 0x80000, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r9})
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000540)={@dev={0xfe, 0x80, '\x00', 0x27}, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, r5})

418.450871ms ago: executing program 4 (id=3064):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

418.201516ms ago: executing program 4 (id=3065):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
syz_open_dev$tty20(0xc, 0x4, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x5c}}, 0x0)

417.861619ms ago: executing program 3 (id=3066):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc080}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x40, 0x2c, 0xd2b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x1}, {}, {0xe, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x5}]}}]}, 0x40}, 0x1, 0x200000000000000}, 0x4000084)

417.583513ms ago: executing program 5 (id=3067):
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x21a5bc3eddf77060)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000680)='./cgroup\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_off}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = socket$inet6(0xa, 0x5, 0x80)
accept4$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @local}, &(0x7f0000000540)=0xffffffffffffff41, 0x80800)
setxattr$incfs_size(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), &(0x7f0000000600)=0xffffffff, 0x8, 0x1)
chdir(&(0x7f00000001c0)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x101000, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
lseek(r1, 0x0, 0x1)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x80049367, &(0x7f0000000640))
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000200)='efs\x00', 0x2000802, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e21, @loopback}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0x12}, 0x99}, @in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e23, @multicast2}, @in={0x2, 0x4e21, @rand_addr=0x64010101}, @in={0x2, 0x4e24, @rand_addr=0x64010101}], 0x7c)
r3 = socket$kcm(0x2, 0xa, 0x2)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="140100001f0001000000000000000000020100800c0001000000000000000000140003002001000000000000000000000000000250bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555e0c23c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c43be82fddb00007a1865a2a68cbc390a3b7bf11901fcb4a3914c5be74e804e147e69a9839cddca6d125c72e7f1931f08becac555c09d86e64abce7"], 0x114}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000ff7f00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r5, &(0x7f0000000080)=""/237, 0xed, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f00000002c0)=ANY=[@ANYRES8=r1], 0x9e)
r6 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = gettid()
kcmp(r7, r6, 0x6, 0xffffffffffffffff, 0xffffffffffffffff)
syz_open_procfs(r7, &(0x7f0000000700)='net/udplite6\x00')
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10)

360.110607ms ago: executing program 3 (id=3068):
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, 0x0, 0x0, 0xc0c0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x890)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a000100696e6e657200000040000280080002"], 0xa8}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0xa000}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x404c810}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d8005000600ff9e000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)

306.764556ms ago: executing program 3 (id=3069):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0285628, &(0x7f0000000240)={0x1, @vbi={0x0, 0x4, 0x4, 0x0, [0x5, 0x4], [0x1, 0x6], 0x109}})
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x2}, 0x4)

306.566409ms ago: executing program 1 (id=3070):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000200)={0x60, 0x1, &(0x7f0000245000/0x2000)=nil, &(0x7f0000994000/0x2000)=nil, 0xb, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x9})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r5, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000280)={r4, 0x83, {0x0, 0x0, 0x0, 0x5, 0x10000, 0x0, 0x5, 0x1d, 0x11, "1bdc9fb60d0f547cf3ed5129a07fa8c08ad41f07e8e633610ea1a862c9715105fda448430a5646e4d20d53ee4ed14f68cca213ceaa3b04f472c755af4d029094", "e3ad2aab0372f1f8ce85c9d16b8f9e66d41aebb23fc4e3f5e8a38985db5e7ae17dda96d31ef4520f51168e8469072fa856c5d98fb2b3970fd3e62fca75224172", "2192d9d01504719f2afab8fdc8984630d7c9d46dfbe2ad74c288d01d61bd8512", [0x40, 0x5]}})
sendmsg$can_raw(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@can={{0x2, 0x0, 0x1}, 0x3, 0x0, 0x0, 0x0, "505baf7db0db82bc"}, 0x10}}, 0x4044031)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010028bd7000ffdb06000000000000000380080001000100000043d8bfc4c829faaa642ecc9779"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r10=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r10, @ANYBLOB='\b\x009'], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
sendmsg$BATADV_CMD_GET_VLAN(r5, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x4c, r9, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xc9ae}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xf}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x8002)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000440)={0x60, 0x1, &(0x7f000040f000/0x4000)=nil, &(0x7f000000a000/0x3000)=nil, 0xf0c3e08, &(0x7f00000003c0)=[{0x0, 0x4, 0xfffffffffffffff8}], 0x1, 0x40, 0x4, 0x52, 0x8, 0x20})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

306.357369ms ago: executing program 3 (id=3071):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000bc0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="25000000faffffffffff0500000008000380", @ANYRES32=r2], 0x24}}, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)={0x2cc, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x40}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8400}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7ff}]}, @TIPC_NLA_NODE={0x140, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x77, 0x3, "3d1050ccfabf977565a00c8716722b26fd29d4a34889d0ce2ef42c08f0f150a838cc07994b257f0fff77845c496172467cd6b3ac9fc2461cb99ac26f0509bc1374e793258a000211115d6a27dd244088abe9109aa1c3be11ed0f19451706907ca9d4cf95fb9cacf7f998c41c26d4bf6bddbc27"}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "2d45d94feb0dcf458fd3ef2ea45143de685d18eb6e24aa6deb52a57724a570"}}, @TIPC_NLA_NODE_ID={0x6a, 0x3, "c7dc14ffbe2ed99885e6868b8a1942a0875d40cf3f0a8c3660234b54568900d0a5d035607dfda52b744ff5fd2e4d4bd9f9a2ad6dabb78dcb4d63ba835c32ceae0732f43710a1b4b16220d27bd393099c2c697fff6901399b8bc3ad327add1bb4ec5a535f6305"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER={0xc0, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'xfrm0\x00'}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3b8d2f37}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'sit0\x00'}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'ip_vti0\x00'}}]}, @TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x38, 0x3, "ad3267ca2202617b153c3aaad832d36f7210083dbc15cc0de957c83f00597c19ee1c1b6806dbf73a12a1738e7c509dc8a18c33dc"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3}]}, @TIPC_NLA_NET={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffe00}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc}]}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x4050015}, 0x4000091)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg(r3, &(0x7f0000005ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="37a9", 0x2}], 0x1}}], 0x1, 0x1)
r5 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r5, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

169.038034ms ago: executing program 5 (id=3072):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000000100)='./file0\x00')
utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x90)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)

168.768445ms ago: executing program 4 (id=3073):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x20842, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000480)=[0xfffffffffffffffe, 0x8], 0x0, 0x0, 0x2, 0x1}}, 0x40)
r2 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect(0x4, 0x24, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x18, r3, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}}, 0x0)
ioctl$EVIOCRMFF(r2, 0x40095505, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='rxrpc_rx_abort\x00', r1, 0x0, 0x401}, 0x18)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
getsockopt(r6, 0x200000000114, 0x2715, 0x0, &(0x7f0000000000))
r7 = io_uring_setup(0x605a, &(0x7f0000000240)={0x0, 0x409a, 0x8, 0x3, 0x38f, 0x0, r1})
syz_io_uring_setup(0x401f, &(0x7f0000000300)={0x0, 0xa3ae, 0x0, 0x0, 0x135, 0x0, r7}, &(0x7f00000001c0), 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x10012, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
sendmsg$nl_route(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x20}}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000020a000000000000030000000008001e0001"], 0x24}}, 0x0)
sendmsg$nl_route(r8, 0x0, 0x0)

78.811021ms ago: executing program 1 (id=3074):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(r0, 0x0)
syz_open_procfs(0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="c4c1fbe65c52000f01d166baf80cb8409b148cef66bafc0c66edb9800000c00f3235010000000f30660f3881969f00000048b800004001ffffffff0f23c00f21f835020004000f23f8cd0766baf80cb89030e686ef66bafc0c66b8007866ef65460f20810f21f9", 0x67}], 0x1, 0x6, &(0x7f0000000140), 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'veth1_to_bridge\x00', <r3=>0x0})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r3})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', <r5=>0x0})
socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r7, 0xc00c642d, &(0x7f00000001c0)={0x0, 0x80000, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r9})
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000540)={@dev={0xfe, 0x80, '\x00', 0x27}, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, r5})

70.640953ms ago: executing program 1 (id=3075):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

0s ago: executing program 1 (id=3076):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x8d, 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x6)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
dup(r2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000104000000000000000000002000", @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006ef0200010000001ffe02000081000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010)

kernel console output (not intermixed with test programs):

=netlink_route_socket pid=11201 comm=syz.1.1858
[  139.008941][ T1335] usb 9-1: new low-speed USB device number 5 using dummy_hcd
[  139.179048][ T1335] usb 9-1: Invalid ep0 maxpacket: 64
[  139.270279][T11232] netlink: 'syz.1.1870': attribute type 1 has an invalid length.
[  139.273050][T11232] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1870'.
[  139.329063][ T1335] usb 9-1: new low-speed USB device number 6 using dummy_hcd
[  139.499557][ T1335] usb 9-1: Invalid ep0 maxpacket: 64
[  139.501927][ T1335] usb usb9-port1: attempt power cycle
[  139.769006][   T29] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  139.839062][ T1335] usb 9-1: new low-speed USB device number 7 using dummy_hcd
[  139.859461][ T1335] usb 9-1: Invalid ep0 maxpacket: 64
[  139.920882][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  139.924304][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  139.927425][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  139.931016][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  139.936397][   T29] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  139.939354][   T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.941829][   T29] usb 6-1: Product: syz
[  139.943323][   T29] usb 6-1: Manufacturer: syz
[  139.944848][   T29] usb 6-1: SerialNumber: syz
[  139.947893][   T29] usb 6-1: config 0 descriptor??
[  139.989061][ T1335] usb 9-1: new low-speed USB device number 8 using dummy_hcd
[  140.019495][ T1335] usb 9-1: Invalid ep0 maxpacket: 64
[  140.021357][ T1335] usb usb9-port1: unable to enumerate USB device
[  140.153313][   T29] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  140.173476][T11254] could not allocate digest TFM handle rmd128
[  140.243915][T11265] SET target dimension over the limit!
[  140.353784][   T24] usb 6-1: USB disconnect, device number 15
[  140.459092][ T5306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  140.459173][ T5947] Bluetooth: hci4: command 0x1003 tx timeout
[  140.518817][T11282] netlink: 'syz.3.1891': attribute type 1 has an invalid length.
[  140.521360][T11282] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1891'.
[  140.558370][T11245] adutux: No device or device unplugged -19
[  140.566050][   T40] audit: type=1400 audit(1745588128.730:710): avc:  denied  { mount } for  pid=11244 comm="syz.1.1875" name="/" dev="rpc_pipefs" ino=44414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  140.575836][T11291] xt_time: unknown flags 0xc
[  140.596476][T11295] FAULT_INJECTION: forcing a failure.
[  140.596476][T11295] name failslab, interval 1, probability 0, space 0, times 0
[  140.601679][T11295] CPU: 0 UID: 0 PID: 11295 Comm: syz.3.1894 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  140.601695][T11295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  140.601702][T11295] Call Trace:
[  140.601706][T11295]  <TASK>
[  140.601710][T11295]  dump_stack_lvl+0x16c/0x1f0
[  140.601728][T11295]  should_fail_ex+0x512/0x640
[  140.601740][T11295]  ? __kvmalloc_node_noprof+0x122/0x600
[  140.601751][T11295]  should_failslab+0xc2/0x120
[  140.601764][T11295]  __kvmalloc_node_noprof+0x135/0x600
[  140.601774][T11295]  ? bucket_table_alloc.isra.0+0x83/0x460
[  140.601788][T11295]  ? bucket_table_alloc.isra.0+0x83/0x460
[  140.601797][T11295]  bucket_table_alloc.isra.0+0x83/0x460
[  140.601809][T11295]  rhashtable_init_noprof+0x41a/0x7e0
[  140.601818][T11295]  ? __init_waitqueue_head+0xca/0x150
[  140.601833][T11295]  rhltable_init_noprof+0x20/0x60
[  140.601844][T11295]  sta_info_init+0x5f/0x160
[  140.601859][T11295]  ieee80211_alloc_hw_nm+0x840/0x2260
[  140.601877][T11295]  ? __local_bh_enable_ip+0xa4/0x120
[  140.601893][T11295]  mac80211_hwsim_new_radio+0x1d4/0x54d0
[  140.601912][T11295]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  140.601925][T11295]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  140.601941][T11295]  hwsim_new_radio_nl+0xb51/0x12c0
[  140.601954][T11295]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.601969][T11295]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  140.601987][T11295]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  140.602006][T11295]  genl_family_rcv_msg_doit+0x206/0x2f0
[  140.602023][T11295]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  140.602044][T11295]  ? bpf_lsm_capable+0x9/0x10
[  140.602053][T11295]  ? security_capable+0x7e/0x260
[  140.602066][T11295]  ? ns_capable+0xd7/0x110
[  140.602080][T11295]  genl_rcv_msg+0x55c/0x800
[  140.602097][T11295]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.602112][T11295]  ? __pfx___dev_queue_xmit+0x10/0x10
[  140.602123][T11295]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.602135][T11295]  ? __lock_acquire+0xaa4/0x1ba0
[  140.602147][T11295]  netlink_rcv_skb+0x16a/0x440
[  140.602161][T11295]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.602178][T11295]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  140.602198][T11295]  ? __pfx_down_read+0x10/0x10
[  140.602214][T11295]  ? netlink_deliver_tap+0x1ae/0xd30
[  140.602230][T11295]  genl_rcv+0x28/0x40
[  140.602270][T11295]  netlink_unicast+0x53a/0x7f0
[  140.602291][T11295]  ? __pfx_netlink_unicast+0x10/0x10
[  140.602313][T11295]  netlink_sendmsg+0x8d1/0xdd0
[  140.602330][T11295]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.602349][T11295]  ____sys_sendmsg+0xa95/0xc70
[  140.602366][T11295]  ? copy_msghdr_from_user+0x10a/0x160
[  140.602378][T11295]  ? __pfx_____sys_sendmsg+0x10/0x10
[  140.602400][T11295]  ___sys_sendmsg+0x134/0x1d0
[  140.602413][T11295]  ? __pfx____sys_sendmsg+0x10/0x10
[  140.602442][T11295]  __sys_sendmsg+0x16d/0x220
[  140.602460][T11295]  ? __pfx___sys_sendmsg+0x10/0x10
[  140.602483][T11295]  ? rcu_is_watching+0x12/0xc0
[  140.602511][T11295]  do_syscall_64+0xcd/0x260
[  140.602536][T11295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.602567][T11295] RIP: 0033:0x7f1326f8e969
[  140.602576][T11295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.602586][T11295] RSP: 002b:00007f1327da2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.602597][T11295] RAX: ffffffffffffffda RBX: 00007f13271b5fa0 RCX: 00007f1326f8e969
[  140.602603][T11295] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  140.602610][T11295] RBP: 00007f1327da2090 R08: 0000000000000000 R09: 0000000000000000
[  140.602615][T11295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  140.602621][T11295] R13: 0000000000000000 R14: 00007f13271b5fa0 R15: 00007ffc266dc408
[  140.602634][T11295]  </TASK>
[  140.765679][T11304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1898'.
[  140.913334][T11314] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1902'.
[  141.085588][   T40] audit: type=1400 audit(1745588129.250:711): avc:  denied  { unmount } for  pid=5951 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  141.190624][   T40] audit: type=1326 audit(1745588129.360:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1909" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b618e969 code=0x7ffc0000
[  141.197893][   T40] audit: type=1326 audit(1745588129.360:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1909" exe="/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f39b618e969 code=0x7ffc0000
[  141.205495][   T40] audit: type=1326 audit(1745588129.360:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1909" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b618e969 code=0x7ffc0000
[  141.212738][   T40] audit: type=1326 audit(1745588129.360:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1909" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39b618e969 code=0x7ffc0000
[  141.221051][   T40] audit: type=1326 audit(1745588129.360:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.1.1909" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b618e969 code=0x7ffc0000
[  141.436297][T11350] netlink: 'syz.1.1916': attribute type 5 has an invalid length.
[  141.440625][T11350] syz.1.1916: attempt to access beyond end of device
[  141.440625][T11350] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  141.444487][T11350] (syz.1.1916,11350,3):ocfs2_get_sector:1714 ERROR: status = -5
[  141.446882][T11350] (syz.1.1916,11350,3):ocfs2_sb_probe:753 ERROR: status = -5
[  141.450671][T11350] (syz.1.1916,11350,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  141.453602][T11350] (syz.1.1916,11350,0):ocfs2_fill_super:1177 ERROR: status = -5
[  141.552957][    C3] vxcan1: j1939_tp_rxtimer: 0xffff8880510a8c00: rx timeout, send abort
[  141.567216][T11358] FAULT_INJECTION: forcing a failure.
[  141.567216][T11358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.571305][T11358] CPU: 0 UID: 0 PID: 11358 Comm: syz.1.1920 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  141.571320][T11358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  141.571326][T11358] Call Trace:
[  141.571330][T11358]  <TASK>
[  141.571334][T11358]  dump_stack_lvl+0x16c/0x1f0
[  141.571364][T11358]  should_fail_ex+0x512/0x640
[  141.571382][T11358]  _copy_from_user+0x2e/0xd0
[  141.571395][T11358]  copy_msghdr_from_user+0x98/0x160
[  141.571408][T11358]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  141.571427][T11358]  ___sys_sendmsg+0xfe/0x1d0
[  141.571440][T11358]  ? __pfx____sys_sendmsg+0x10/0x10
[  141.571467][T11358]  __sys_sendmsg+0x16d/0x220
[  141.571480][T11358]  ? __pfx___sys_sendmsg+0x10/0x10
[  141.571500][T11358]  do_syscall_64+0xcd/0x260
[  141.571516][T11358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.571527][T11358] RIP: 0033:0x7f39b618e969
[  141.571536][T11358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.571546][T11358] RSP: 002b:00007f39b706f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.571556][T11358] RAX: ffffffffffffffda RBX: 00007f39b63b5fa0 RCX: 00007f39b618e969
[  141.571563][T11358] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  141.571569][T11358] RBP: 00007f39b706f090 R08: 0000000000000000 R09: 0000000000000000
[  141.571575][T11358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.571581][T11358] R13: 0000000000000000 R14: 00007f39b63b5fa0 R15: 00007ffdb9de9068
[  141.571593][T11358]  </TASK>
[  141.601899][T11360] netem: change failed
[  141.633389][T11360] ptrace attach of "/syz-executor exec"[5951] was attempted by "/syz-executor exec"[11360]
[  141.727475][T11362] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1922' sets config #1
[  142.053037][    C3] vxcan1: j1939_tp_rxtimer: 0xffff8880510ab400: rx timeout, send abort
[  142.056807][    C3] vxcan1: j1939_tp_rxtimer: 0xffff8880510a8c00: abort rx timeout. Force session deactivation
[  142.359275][ T6009] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  142.499209][   T57] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  142.519255][ T6009] usb 6-1: Using ep0 maxpacket: 8
[  142.522323][ T6009] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  142.525350][ T6009] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  142.528346][ T6009] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  142.531388][ T6009] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  142.535298][ T6009] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  142.538099][ T6009] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.556373][    C3] vxcan1: j1939_tp_rxtimer: 0xffff8880510ab400: abort rx timeout. Force session deactivation
[  142.650488][   T57] usb 8-1: Using ep0 maxpacket: 8
[  142.655687][   T57] usb 8-1: config 0 has an invalid interface number: 186 but max is 0
[  142.658207][   T57] usb 8-1: config 0 has no interface number 0
[  142.668715][   T57] usb 8-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  142.672376][   T57] usb 8-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  142.676509][   T57] usb 8-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  142.680074][   T57] usb 8-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  142.685901][   T57] usb 8-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  142.686749][T11390] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  142.688740][   T57] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.693537][   T40] kauditd_printk_skb: 40 callbacks suppressed
[  142.693538][T11390] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  142.693546][   T40] audit: type=1400 audit(1745588130.860:757): avc:  denied  { firmware_load } for  pid=11389 comm="syz.4.1933" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  142.694182][   T57] usb 8-1: Product: syz
[  142.706446][   T57] usb 8-1: Manufacturer: syz
[  142.707905][   T57] usb 8-1: SerialNumber: syz
[  142.710967][   T57] usb 8-1: config 0 descriptor??
[  142.743659][ T6009] usb 6-1: GET_CAPABILITIES returned 0
[  142.745457][ T6009] usbtmc 6-1:16.0: can't read capabilities
[  142.869302][ T5947] Bluetooth: hci4: command 0x1003 tx timeout
[  142.869319][ T5306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  142.916222][   T57] iowarrior 8-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior1
[  142.977708][T11397] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1936'.
[  143.118166][   T57] usb 8-1: USB disconnect, device number 7
[  143.762098][T11412] FAULT_INJECTION: forcing a failure.
[  143.762098][T11412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.766119][T11412] CPU: 1 UID: 0 PID: 11412 Comm: syz.3.1943 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  143.766133][T11412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.766140][T11412] Call Trace:
[  143.766143][T11412]  <TASK>
[  143.766147][T11412]  dump_stack_lvl+0x16c/0x1f0
[  143.766166][T11412]  should_fail_ex+0x512/0x640
[  143.766179][T11412]  _copy_from_user+0x2e/0xd0
[  143.766192][T11412]  core_sys_select+0x35a/0xbe0
[  143.766219][T11412]  ? __pfx_core_sys_select+0x10/0x10
[  143.766251][T11412]  ? set_user_sigmask+0x21b/0x2b0
[  143.766264][T11412]  ? __pfx_set_user_sigmask+0x10/0x10
[  143.766279][T11412]  do_pselect.constprop.0+0x19f/0x1e0
[  143.766289][T11412]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  143.766305][T11412]  __x64_sys_pselect6+0x182/0x240
[  143.766315][T11412]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  143.766323][T11412]  ? rcu_is_watching+0x12/0xc0
[  143.766340][T11412]  do_syscall_64+0xcd/0x260
[  143.766355][T11412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.766366][T11412] RIP: 0033:0x7f1326f8e969
[  143.766374][T11412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.766384][T11412] RSP: 002b:00007f1327da2038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  143.766393][T11412] RAX: ffffffffffffffda RBX: 00007f13271b5fa0 RCX: 00007f1326f8e969
[  143.766399][T11412] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  143.766405][T11412] RBP: 00007f1327da2090 R08: 0000000000000000 R09: 0000000000000000
[  143.766411][T11412] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  143.766417][T11412] R13: 0000000000000000 R14: 00007f13271b5fa0 R15: 00007ffc266dc408
[  143.766430][T11412]  </TASK>
[  144.412373][T11419] FAULT_INJECTION: forcing a failure.
[  144.412373][T11419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  144.416680][T11419] CPU: 0 UID: 0 PID: 11419 Comm: syz.4.1945 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  144.416694][T11419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.416701][T11419] Call Trace:
[  144.416705][T11419]  <TASK>
[  144.416709][T11419]  dump_stack_lvl+0x16c/0x1f0
[  144.416728][T11419]  should_fail_ex+0x512/0x640
[  144.416742][T11419]  _copy_from_user+0x2e/0xd0
[  144.416755][T11419]  kstrtouint_from_user+0xd6/0x1d0
[  144.416774][T11419]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  144.416789][T11419]  ? __lock_acquire+0xaa4/0x1ba0
[  144.416805][T11419]  proc_fail_nth_write+0x83/0x250
[  144.416822][T11419]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  144.416842][T11419]  vfs_write+0x25c/0x1180
[  144.416857][T11419]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  144.416875][T11419]  ? __pfx___mutex_lock+0x10/0x10
[  144.416890][T11419]  ? __pfx_vfs_write+0x10/0x10
[  144.416909][T11419]  ? __fget_files+0x20e/0x3c0
[  144.416924][T11419]  ksys_write+0x12a/0x240
[  144.416932][T11419]  ? __pfx_ksys_write+0x10/0x10
[  144.416945][T11419]  do_syscall_64+0xcd/0x260
[  144.416960][T11419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.416971][T11419] RIP: 0033:0x7efed4b8d41f
[  144.416980][T11419] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  144.416989][T11419] RSP: 002b:00007efed5abe030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  144.416999][T11419] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efed4b8d41f
[  144.417006][T11419] RDX: 0000000000000001 RSI: 00007efed5abe0a0 RDI: 0000000000000007
[  144.417012][T11419] RBP: 00007efed5abe090 R08: 0000000000000000 R09: 0000000000000000
[  144.417017][T11419] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  144.417023][T11419] R13: 0000000000000000 R14: 00007efed4db5fa0 R15: 00007ffc5dbbb198
[  144.417036][T11419]  </TASK>
[  144.690629][ T5947] Bluetooth: hci4: sending frame failed (-49)
[  144.693606][ T5306] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  144.906030][T11442] loop6: detected capacity change from 0 to 524287999
[  145.077914][   T57] usb 6-1: USB disconnect, device number 16
[  145.115619][T11459] SET target dimension over the limit!
[  145.154228][T11462] xt_time: invalid argument - start or stop time greater than 23:59:59
[  145.194354][T11467] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1963'.
[  145.194367][T11467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1963'.
[  145.194382][T11467] netlink: 'syz.3.1963': attribute type 15 has an invalid length.
[  145.242943][T11475] program syz.4.1968 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  145.267971][T11479] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1970' sets config #8
[  145.365080][T11491] netlink: 'syz.4.1975': attribute type 21 has an invalid length.
[  145.386664][T11491] netlink: 'syz.4.1975': attribute type 6 has an invalid length.
[  145.389194][T11491] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1975'.
[  145.460520][T11494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1976'.
[  145.463311][T11494] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1976'.
[  145.468743][T11494] geneve3: entered promiscuous mode
[  145.470805][T11494] geneve3: entered allmulticast mode
[  145.560966][T11506] FAULT_INJECTION: forcing a failure.
[  145.560966][T11506] name failslab, interval 1, probability 0, space 0, times 0
[  145.564946][T11506] CPU: 2 UID: 0 PID: 11506 Comm: syz.4.1980 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  145.564961][T11506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.564967][T11506] Call Trace:
[  145.564971][T11506]  <TASK>
[  145.564975][T11506]  dump_stack_lvl+0x16c/0x1f0
[  145.564993][T11506]  should_fail_ex+0x512/0x640
[  145.565005][T11506]  ? fs_reclaim_acquire+0xae/0x150
[  145.565021][T11506]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  145.565037][T11506]  should_failslab+0xc2/0x120
[  145.565049][T11506]  __kmalloc_noprof+0xd2/0x510
[  145.565062][T11506]  tomoyo_realpath_from_path+0xc2/0x6e0
[  145.565079][T11506]  ? tomoyo_profile+0x47/0x60
[  145.565090][T11506]  tomoyo_path_number_perm+0x245/0x580
[  145.565102][T11506]  ? tomoyo_path_number_perm+0x237/0x580
[  145.565116][T11506]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  145.565130][T11506]  ? find_held_lock+0x2b/0x80
[  145.565154][T11506]  ? find_held_lock+0x2b/0x80
[  145.565166][T11506]  ? hook_file_ioctl_common+0x145/0x410
[  145.565179][T11506]  ? __fget_files+0x20e/0x3c0
[  145.565191][T11506]  security_file_ioctl+0x9b/0x240
[  145.565207][T11506]  __x64_sys_ioctl+0xb7/0x200
[  145.565223][T11506]  do_syscall_64+0xcd/0x260
[  145.565238][T11506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.565248][T11506] RIP: 0033:0x7efed4b8e969
[  145.565257][T11506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.565267][T11506] RSP: 002b:00007efed5abe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  145.565277][T11506] RAX: ffffffffffffffda RBX: 00007efed4db5fa0 RCX: 00007efed4b8e969
[  145.565283][T11506] RDX: 0000200000000040 RSI: 00000000c034564b RDI: 0000000000000003
[  145.565289][T11506] RBP: 00007efed5abe090 R08: 0000000000000000 R09: 0000000000000000
[  145.565295][T11506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.565301][T11506] R13: 0000000000000000 R14: 00007efed4db5fa0 R15: 00007ffc5dbbb198
[  145.565314][T11506]  </TASK>
[  145.565318][T11506] ERROR: Out of memory at tomoyo_realpath_from_path.
[  146.255648][   T40] audit: type=1400 audit(1745588902.415:758): avc:  denied  { accept } for  pid=11539 comm="syz.1.1994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  146.267936][T11544] netlink: 'syz.0.1995': attribute type 15 has an invalid length.
[  146.270711][T11544] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1995'.
[  146.294609][T11540] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.317589][T11549] trusted_key: encrypted_key: insufficient parameters specified
[  146.463182][ T5947] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  146.468912][ T5947] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  146.476081][ T5947] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  146.482701][ T5947] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  146.486293][ T5947] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  146.498033][T11560] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  146.518710][T11563] lo speed is unknown, defaulting to 1000
[  146.542779][   T40] audit: type=1400 audit(1745588902.705:759): avc:  denied  { remove_name } for  pid=11566 comm="syz.3.2003" name="file1" dev="9p" ino=36831326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  146.550007][   T40] audit: type=1400 audit(1745588902.705:760): avc:  denied  { rename } for  pid=11566 comm="syz.3.2003" name="file1" dev="9p" ino=36831326 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  146.619774][    C1] syz_tun: tun_net_xmit 86
[  146.633382][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.639488][ T5917] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  146.647453][T11563] chnl_net:caif_netlink_parms(): no params data found
[  146.714798][T11579] FAULT_INJECTION: forcing a failure.
[  146.714798][T11579] name failslab, interval 1, probability 0, space 0, times 0
[  146.719594][T11579] CPU: 3 UID: 0 PID: 11579 Comm: syz.3.2006 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  146.719617][T11579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.719627][T11579] Call Trace:
[  146.719634][T11579]  <TASK>
[  146.719641][T11579]  dump_stack_lvl+0x16c/0x1f0
[  146.719667][T11579]  should_fail_ex+0x512/0x640
[  146.719683][T11579]  ? fs_reclaim_acquire+0xae/0x150
[  146.719707][T11579]  ? tomoyo_encode2+0x100/0x3e0
[  146.719728][T11579]  should_failslab+0xc2/0x120
[  146.719747][T11579]  __kmalloc_noprof+0xd2/0x510
[  146.719762][T11579]  ? d_absolute_path+0x136/0x1a0
[  146.719788][T11579]  tomoyo_encode2+0x100/0x3e0
[  146.719813][T11579]  tomoyo_encode+0x29/0x50
[  146.719835][T11579]  tomoyo_realpath_from_path+0x18f/0x6e0
[  146.719865][T11579]  tomoyo_path_number_perm+0x245/0x580
[  146.719884][T11579]  ? tomoyo_path_number_perm+0x237/0x580
[  146.719905][T11579]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  146.719927][T11579]  ? find_held_lock+0x2b/0x80
[  146.719968][T11579]  ? find_held_lock+0x2b/0x80
[  146.719988][T11579]  ? hook_file_ioctl_common+0x145/0x410
[  146.720011][T11579]  ? __fget_files+0x20e/0x3c0
[  146.720031][T11579]  security_file_ioctl+0x9b/0x240
[  146.720055][T11579]  __x64_sys_ioctl+0xb7/0x200
[  146.720078][T11579]  do_syscall_64+0xcd/0x260
[  146.720103][T11579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.720116][T11579] RIP: 0033:0x7f1326f8e969
[  146.720125][T11579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.720135][T11579] RSP: 002b:00007f1327da2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  146.720146][T11579] RAX: ffffffffffffffda RBX: 00007f13271b5fa0 RCX: 00007f1326f8e969
[  146.720152][T11579] RDX: 0000200000000040 RSI: 00000000c034564b RDI: 0000000000000003
[  146.720158][T11579] RBP: 00007f1327da2090 R08: 0000000000000000 R09: 0000000000000000
[  146.720164][T11579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.720170][T11579] R13: 0000000000000000 R14: 00007f13271b5fa0 R15: 00007ffc266dc408
[  146.720183][T11579]  </TASK>
[  146.720194][T11579] ERROR: Out of memory at tomoyo_realpath_from_path.
[  146.720625][T11563] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.789572][ T5917] usb 5-1: Using ep0 maxpacket: 32
[  146.790890][T11563] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.794714][ T5917] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  146.795226][T11563] bridge_slave_0: entered allmulticast mode
[  146.799277][ T5917] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  146.800698][T11563] bridge_slave_0: entered promiscuous mode
[  146.804622][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  146.806650][T11563] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.808399][ T5917] usb 5-1: Product: syz
[  146.810630][T11563] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.813619][ T5917] usb 5-1: Manufacturer: syz
[  146.815310][T11563] bridge_slave_1: entered allmulticast mode
[  146.816781][ T5917] usb 5-1: SerialNumber: syz
[  146.818723][ T5917] usb 5-1: config 0 descriptor??
[  146.819830][T11563] bridge_slave_1: entered promiscuous mode
[  146.821147][T11558] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  146.830420][ T5917] hub 5-1:0.0: bad descriptor, ignoring hub
[  146.832301][ T5917] hub 5-1:0.0: probe with driver hub failed with error -5
[  146.841191][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.881350][T11563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.887314][T11563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.927499][T11563] team0: Port device team_slave_0 added
[  146.940417][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.951224][T11563] team0: Port device team_slave_1 added
[  146.978942][T11563] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.981297][T11563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.989109][T11563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.993434][T11563] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.996166][T11563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  147.006118][T11563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  147.030846][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.073514][T11563] hsr_slave_0: entered promiscuous mode
[  147.075733][T11563] hsr_slave_1: entered promiscuous mode
[  147.077768][T11563] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  147.080183][T11563] Cannot create hsr debugfs directory
[  147.150106][ T6009] usb 5-1: USB disconnect, device number 8
[  147.205525][   T12] bridge_slave_1: left allmulticast mode
[  147.208100][   T12] bridge_slave_1: left promiscuous mode
[  147.210099][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.346979][   T12] team0: Port device geneve0 removed
[  147.515102][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  147.520427][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  147.524620][   T12] bond0 (unregistering): (slave `ëÿÿ): Releasing backup interface
[  147.531757][   T12] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface
[  147.536341][   T12] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  147.539976][   T12] bond0 (unregistering): Released all slaves
[  147.546739][   T12] bond1 (unregistering): (slave wireguard0): Releasing backup interface
[  147.551085][   T12] bond1 (unregistering): Released all slaves
[  147.557731][   T12] bond2 (unregistering): Released all slaves
[  147.565380][   T12] bond3 (unregistering): Released all slaves
[  147.637064][T11615] ipt_REJECT: TCP_RESET invalid for non-tcp
[  147.853477][T11648] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2030'.
[  147.928780][   T40] audit: type=1400 audit(1745588904.085:761): avc:  denied  { create } for  pid=11662 comm="syz.0.2035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  147.934892][   T40] audit: type=1400 audit(1745588904.085:762): avc:  denied  { bind } for  pid=11662 comm="syz.0.2035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  147.941426][   T40] audit: type=1400 audit(1745588904.085:763): avc:  denied  { getopt } for  pid=11662 comm="syz.0.2035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  147.951677][T11664] FAULT_INJECTION: forcing a failure.
[  147.951677][T11664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.957103][T11664] CPU: 3 UID: 0 PID: 11664 Comm: syz.3.2034 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  147.957118][T11664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.957125][T11664] Call Trace:
[  147.957128][T11664]  <TASK>
[  147.957132][T11664]  dump_stack_lvl+0x16c/0x1f0
[  147.957150][T11664]  should_fail_ex+0x512/0x640
[  147.957164][T11664]  _copy_from_user+0x2e/0xd0
[  147.957177][T11664]  video_usercopy+0xedd/0x1720
[  147.957194][T11664]  ? __pfx___video_do_ioctl+0x10/0x10
[  147.957209][T11664]  ? selinux_bprm_creds_for_exec+0xc40/0xc60
[  147.957225][T11664]  ? __pfx_video_usercopy+0x10/0x10
[  147.957249][T11664]  v4l2_ioctl+0x1ba/0x250
[  147.957264][T11664]  ? __pfx_v4l2_ioctl+0x10/0x10
[  147.957278][T11664]  __x64_sys_ioctl+0x190/0x200
[  147.957294][T11664]  do_syscall_64+0xcd/0x260
[  147.957309][T11664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.957320][T11664] RIP: 0033:0x7f1326f8e969
[  147.957329][T11664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.957339][T11664] RSP: 002b:00007f1327da2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  147.957349][T11664] RAX: ffffffffffffffda RBX: 00007f13271b5fa0 RCX: 00007f1326f8e969
[  147.957355][T11664] RDX: 0000200000000040 RSI: 00000000c034564b RDI: 0000000000000003
[  147.957361][T11664] RBP: 00007f1327da2090 R08: 0000000000000000 R09: 0000000000000000
[  147.957366][T11664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.957372][T11664] R13: 0000000000000000 R14: 00007f13271b5fa0 R15: 00007ffc266dc408
[  147.957385][T11664]  </TASK>
[  147.962063][T11669] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  148.001697][T11676] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  148.003204][T11669] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  148.004926][T11676] overlayfs: failed to set xattr on upper
[  148.025282][T11676] overlayfs: ...falling back to redirect_dir=nofollow.
[  148.027644][T11676] overlayfs: ...falling back to index=off.
[  148.030291][T11676] overlayfs: ...falling back to uuid=null.
[  148.088385][T11563] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  148.097707][T11563] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  148.103682][T11563] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  148.107513][T11563] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  148.144113][T11563] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.155016][T11563] 8021q: adding VLAN 0 to HW filter on device team0
[  148.160933][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.163216][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.170374][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.172615][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.262146][T11563] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.283158][T11563] veth0_vlan: entered promiscuous mode
[  148.288011][T11563] veth1_vlan: entered promiscuous mode
[  148.302619][T11563] veth0_macvtap: entered promiscuous mode
[  148.306228][T11563] veth1_macvtap: entered promiscuous mode
[  148.315457][T11563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.319395][T11563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.323600][T11563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.327533][T11563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.332013][T11563] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.337617][T11563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  148.341693][T11563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.345468][T11563] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  148.350591][T11563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.355375][T11563] batman_adv: batadv0: Interface activated: batadv_slave_1
[  148.361649][T11563] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.361728][T11704] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.2044' sets config #1
[  148.365014][T11563] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.371846][T11563] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.375211][T11563] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  148.403412][T11563] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: macsec1
[  148.407200][T11563] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.416763][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.420315][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.435281][   T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  148.437805][   T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.465950][   T40] audit: type=1400 audit(1745588904.625:764): avc:  denied  { mounton } for  pid=11563 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  148.501165][T11710] netlink: 'syz.1.1999': attribute type 12 has an invalid length.
[  148.503719][T11710] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1999'.
[  148.539934][ T5306] Bluetooth: hci4: command tx timeout
[  148.556641][T11712] netlink: 'syz.1.2046': attribute type 7 has an invalid length.
[  148.559174][T11712] netlink: 'syz.1.2046': attribute type 8 has an invalid length.
[  148.901998][   T40] audit: type=1400 audit(1745588905.065:765): avc:  denied  { ioctl } for  pid=11742 comm="syz.3.2057" path="socket:[49480]" dev="sockfs" ino=49480 ioctlcmd=0x8915 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  148.911445][   T40] audit: type=1400 audit(1745588905.065:766): avc:  denied  { map } for  pid=11732 comm="syz.0.2055" path="socket:[49477]" dev="sockfs" ino=49477 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  149.005209][T11759] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2063'.
[  149.011408][T11759] bond0: entered promiscuous mode
[  149.013040][T11759] bond_slave_1: entered promiscuous mode
[  149.017677][T11759] bond0: left promiscuous mode
[  149.019327][T11759] bond_slave_1: left promiscuous mode
[  149.259750][  T833] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  149.296229][T11772] netlink: 'syz.3.2069': attribute type 1 has an invalid length.
[  149.299277][T11772] netlink: 'syz.3.2069': attribute type 1 has an invalid length.
[  149.303855][T11772] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2069'.
[  149.370337][   T40] audit: type=1400 audit(1745588905.535:767): avc:  denied  { setopt } for  pid=11782 comm="syz.4.2072" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  149.370450][T11783] tmpfs: Unknown parameter 'uszquota_blordlimit'
[  149.429704][  T833] usb 5-1: Using ep0 maxpacket: 32
[  149.442339][  T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  149.442359][  T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.442377][  T833] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  149.442389][  T833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.444496][  T833] usb 5-1: config 0 descriptor??
[  149.473825][T11791] syz.4.2076: attempt to access beyond end of device
[  149.473825][T11791] loop4: rw=6144, sector=128, nr_sectors = 8 limit=0
[  149.481367][T11791] gfs2: error -5 reading superblock
[  149.487767][T11791] 9pnet_fd: p9_fd_create_unix (11791): problem connecting socket: ./file0: -40
[  149.493147][   T12] batman_adv: batadv0: Interface deactivated: macsec1
[  149.495741][   T12] mac80211_hwsim hwsim8 wlan0 (unregistering): left allmulticast mode
[  149.508678][   T12] batman_adv: batadv0: Removing interface: macsec1
[  149.535560][T11799] /dev/nullb0: Can't open blockdev
[  149.594959][   T12] hsr_slave_0: left promiscuous mode
[  149.598484][   T12] hsr_slave_1: left promiscuous mode
[  149.620747][   T12] veth1_macvtap: left promiscuous mode
[  149.623359][   T12] veth1_vlan: left promiscuous mode
[  149.625061][   T12] veth0_vlan: left promiscuous mode
[  149.688629][   T40] audit: type=1400 audit(1745588905.845:768): avc:  denied  { ioctl } for  pid=11805 comm="syz.4.2082" path="socket:[49741]" dev="sockfs" ino=49741 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  150.109067][   T12] team0 (unregistering): Port device team_slave_1 removed
[  150.171601][   T12] team0 (unregistering): Port device team_slave_0 removed
[  150.605858][T11707] lo speed is unknown, defaulting to 1000
[  150.607452][T11811] netlink: 'syz.1.2084': attribute type 12 has an invalid length.
[  150.607725][T11707] syz0: Port: 1 Link DOWN
[  150.610303][T11811] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2084'.
[  150.615220][  T833] usbhid 5-1:0.0: can't add hid device: -71
[  150.619742][ T5306] Bluetooth: hci4: command tx timeout
[  150.622517][  T833] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  150.626232][  T833] usb 5-1: USB disconnect, device number 9
[  150.654238][T11816] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2085'.
[  150.657312][T11822] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.2086' sets config #1
[  150.663095][T11822] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=11822 comm=syz.1.2086
[  150.694055][T11823] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2087'.
[  150.699607][T11823] bond0: entered promiscuous mode
[  150.703426][T11823] bond_slave_1: entered promiscuous mode
[  150.706826][T11823] bond0: left promiscuous mode
[  150.708871][T11823] bond_slave_1: left promiscuous mode
[  151.103337][T11841] Cannot find add_set index 31 as target
[  151.131359][   T12] IPVS: stop unused estimator thread 0...
[  151.357733][T11870] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  151.360832][T11870] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  151.560811][T11874] netlink: 'syz.1.2110': attribute type 12 has an invalid length.
[  151.563601][T11874] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2110'.
[  151.603497][T11880] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.2112' sets config #1
[  151.785711][T11905] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2119'.
[  151.896853][T11919] program syz.4.2123 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  151.968393][T11923] 9pnet_fd: Insufficient options for proto=fd
[  152.029080][T11927] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  152.042922][   T40] audit: type=1400 audit(1745588908.205:769): avc:  denied  { mounton } for  pid=11926 comm="syz.4.2127" path="/184/file0" dev="proc" ino=4026533910 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1
[  152.302577][ T6349] bond0: (slave syz_tun): Releasing backup interface
[  152.379567][ T1139] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.448122][ T1139] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.537321][ T1139] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.594538][ T5947] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  152.598986][ T5947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  152.604838][ T5947] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  152.613939][ T5947] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  152.620186][ T5947] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  152.622653][ T1139] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.653475][ T5306] Bluetooth: hci3: sending frame failed (-49)
[  152.655946][ T5947] Bluetooth: hci3: Opcode 0x1003 failed: -49
[  152.699439][T11966] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2143'.
[  152.699898][ T5947] Bluetooth: hci4: command tx timeout
[  152.742259][T11956] chnl_net:caif_netlink_parms(): no params data found
[  152.761229][   T40] audit: type=1800 audit(1745589676.927:770): pid=11970 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2144" name="bus" dev="9p" ino=36831500 res=0 errno=0
[  152.761823][T11970] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2144'.
[  152.772122][T11970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2144'.
[  152.792982][ T1139] bridge0: port 1(batadv0) entered disabled state
[  152.796946][ T1139] bridge_slave_1: left allmulticast mode
[  152.798734][ T1139] bridge_slave_1: left promiscuous mode
[  152.801435][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.045492][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  153.049426][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  153.053316][ T1139] bond0 (unregistering): Released all slaves
[  153.059423][ T1139] bond1 (unregistering): Released all slaves
[  153.145956][T11984] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2147'.
[  153.154090][T11956] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.156984][T11956] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.159251][T11956] bridge_slave_0: entered allmulticast mode
[  153.163250][T11956] bridge_slave_0: entered promiscuous mode
[  153.184431][T11956] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.186751][T11956] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.189133][T11956] bridge_slave_1: entered allmulticast mode
[  153.192685][T11956] bridge_slave_1: entered promiscuous mode
[  153.209686][T11988] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  153.220921][T11988] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  153.231815][T11956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.236032][T11956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.264689][T12001] Cannot find add_set index 584 as target
[  153.284143][T11956] team0: Port device team_slave_0 added
[  153.287791][T11956] team0: Port device team_slave_1 added
[  153.350987][T11956] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.353092][T11956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.361654][T11956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.367074][T11956] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.370402][T11956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.380620][T11956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.454110][T11956] hsr_slave_0: entered promiscuous mode
[  153.456271][T11956] hsr_slave_1: entered promiscuous mode
[  153.458274][T11956] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  153.461813][T11956] Cannot create hsr debugfs directory
[  153.556412][ T1139] hsr_slave_0: left promiscuous mode
[  153.558622][ T1139] hsr_slave_1: left promiscuous mode
[  153.560891][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.563262][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0
[  153.566093][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.568454][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1
[  153.586795][ T1139] veth1_macvtap: left promiscuous mode
[  153.588586][ T1139] veth0_macvtap: left promiscuous mode
[  153.591399][ T1139] veth1_vlan: left promiscuous mode
[  153.593051][ T1139] veth0_vlan: left promiscuous mode
[  154.189543][ T1139] team0 (unregistering): Port device team_slave_1 removed
[  154.258934][ T1139] team0 (unregistering): Port device team_slave_0 removed
[  154.701408][ T5306] Bluetooth: hci0: command tx timeout
[  154.780015][ T5306] Bluetooth: hci4: command tx timeout
[  154.844730][T11956] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  154.852308][T11956] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  154.859757][T11956] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  154.873742][T11956] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  154.957686][T11956] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.963659][T12054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2165'.
[  154.967194][   T40] audit: type=1400 audit(1745590447.126:771): avc:  denied  { setopt } for  pid=12053 comm="syz.1.2165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  154.974543][T11956] 8021q: adding VLAN 0 to HW filter on device team0
[  154.981746][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.984400][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.995689][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.998038][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  155.114694][T11956] 8021q: adding VLAN 0 to HW filter on device batadv0
[  155.222457][ T1139] IPVS: stop unused estimator thread 0...
[  155.273172][T11956] veth0_vlan: entered promiscuous mode
[  155.277558][T11956] veth1_vlan: entered promiscuous mode
[  155.295256][T11956] veth0_macvtap: entered promiscuous mode
[  155.299403][T11956] veth1_macvtap: entered promiscuous mode
[  155.308203][T11956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.314288][T11956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.317898][T11956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.321640][T11956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.322057][   T40] audit: type=1400 audit(1745591215.488:772): avc:  denied  { append } for  pid=12091 comm="syz.4.2171" name="usbmon5" dev="devtmpfs" ino=753 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  155.326665][T11956] batman_adv: batadv0: Interface activated: batadv_slave_0
[  155.334305][   T40] audit: type=1400 audit(1745591215.498:773): avc:  denied  { ioctl } for  pid=12091 comm="syz.4.2171" path="/dev/usbmon5" dev="devtmpfs" ino=753 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  155.343373][T11956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.346694][T11956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.349682][T11956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.354622][T11956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.358509][T11956] batman_adv: batadv0: Interface activated: batadv_slave_1
[  155.371379][T11956] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.374130][T11956] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.377711][T11956] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.384119][T11956] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.389060][T12099] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[  155.433184][T12102] Cannot find add_set index 1792 as target
[  155.434531][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.437655][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.457785][ T1196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  155.461479][ T1196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  155.639706][T12131] __nla_validate_parse: 2 callbacks suppressed
[  155.639723][T12131] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2180'.
[  155.706141][T12138] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  155.709100][T12138] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  155.807718][T12149] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=12149 comm=syz.4.2185
[  155.814809][T12149] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=12149 comm=syz.4.2185
[  155.866907][T12154] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  155.869098][T12154] overlayfs: failed to set xattr on upper
[  155.871118][T12154] overlayfs: ...falling back to redirect_dir=nofollow.
[  155.873299][T12154] overlayfs: ...falling back to metacopy=off.
[  155.875315][T12154] overlayfs: ...falling back to index=off.
[  155.877340][T12154] overlayfs: ...falling back to uuid=null.
[  156.035818][T12169] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2192'.
[  156.042125][T12169] pim6reg: entered allmulticast mode
[  156.247989][T12179] ntfs3(nbd1): try to read out of volume at offset 0x0
[  156.324528][T12183] overlayfs: missing 'lowerdir'
[  156.443630][   T40] audit: type=1400 audit(1745591216.608:774): avc:  denied  { create } for  pid=12190 comm="syz.5.2200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  156.554498][   T40] audit: type=1400 audit(6982390144.720:775): avc:  denied  { map } for  pid=12198 comm="syz.5.2202" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  156.624819][T12210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2206'.
[  156.632716][T12210] macsec0: entered promiscuous mode
[  156.643858][T12212] netlink: 'syz.5.2207': attribute type 12 has an invalid length.
[  156.646360][T12212] netlink: 'syz.5.2207': attribute type 29 has an invalid length.
[  156.648961][T12212] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2207'.
[  156.652439][T12212] netlink: 'syz.5.2207': attribute type 2 has an invalid length.
[  156.654904][T12212] netlink: 43 bytes leftover after parsing attributes in process `syz.5.2207'.
[  156.715069][T12220] 8021q: VLANs not supported on xfrm0
[  156.718975][T12220] misc userio: No port type given on /dev/userio
[  156.722385][   T40] audit: type=1400 audit(6982390144.890:776): avc:  denied  { execute } for  pid=12219 comm="syz.5.2211" path="/selinux/status" dev="selinuxfs" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1
[  156.774220][T12225] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2214'.
[  156.779603][T12225] bond0: entered promiscuous mode
[  156.783094][T12225] bond_slave_1: entered promiscuous mode
[  156.786271][T12225] bond0: left promiscuous mode
[  156.787830][T12225] bond_slave_1: left promiscuous mode
[  156.790188][ T5306] Bluetooth: hci0: command tx timeout
[  156.999134][T12250] netlink: 'syz.5.2223': attribute type 1 has an invalid length.
[  157.002139][T12250] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2223'.
[  157.076091][T12266] netlink: 'syz.5.2228': attribute type 21 has an invalid length.
[  157.079252][T12266] netlink: 'syz.5.2228': attribute type 6 has an invalid length.
[  157.083917][T12266] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2228'.
[  157.125013][   T40] audit: type=1804 audit(6982390145.280:777): pid=12274 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.5.2232" name="/newroot/21/file0" dev="tmpfs" ino=124 res=1 errno=0
[  157.243120][T12291] xt_nfacct: accounting object `syz1' does not exists
[  157.251106][T12293] netlink: 'syz.1.2238': attribute type 12 has an invalid length.
[  157.253621][T12293] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2238'.
[  157.292031][T12301] NILFS (nbd1): device size too small
[  157.303209][T12301] netlink: 'syz.1.2241': attribute type 7 has an invalid length.
[  157.305708][T12301] netlink: 'syz.1.2241': attribute type 8 has an invalid length.
[  157.622781][ T1196] Bluetooth: (null): Invalid header checksum
[  157.625334][ T1196] Bluetooth: (null): Invalid header checksum
[  157.866008][   T40] audit: type=1400 audit(6982390146.030:778): avc:  denied  { bind } for  pid=12332 comm="syz.1.2250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  157.866722][T12333] netlink: 'syz.1.2250': attribute type 11 has an invalid length.
[  157.872411][   T40] audit: type=1400 audit(6982390146.030:779): avc:  denied  { connect } for  pid=12332 comm="syz.1.2250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  157.874743][T12333] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2250'.
[  157.972066][   T40] audit: type=1804 audit(6982390146.140:780): pid=12339 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.2252" name="/newroot/46/file0" dev="tmpfs" ino=256 res=1 errno=0
[  158.173220][T12347] bond0: entered promiscuous mode
[  158.174873][T12347] bond_slave_0: entered promiscuous mode
[  158.176914][T12347] bond_slave_1: entered promiscuous mode
[  158.179600][T12347] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  158.183166][T12347] bond0: left promiscuous mode
[  158.184752][T12347] bond_slave_0: left promiscuous mode
[  158.186588][T12347] bond_slave_1: left promiscuous mode
[  158.243207][T12353] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  158.246219][T12353] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  158.369983][ T1335] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  158.466475][T12360] Cannot find del_set index 31 as target
[  158.519975][ T1335] usb 10-1: Using ep0 maxpacket: 32
[  158.523279][ T1335] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  158.527488][ T1335] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  158.534560][ T1335] usb 10-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  158.537424][ T1335] usb 10-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  158.540579][ T1335] usb 10-1: Product: syz
[  158.541986][ T1335] usb 10-1: Manufacturer: syz
[  158.543583][ T1335] usb 10-1: SerialNumber: syz
[  158.549006][ T1335] input: appletouch as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:1.0/input/input19
[  158.750192][T12343] trusted_key: syz.5.2254 sent an empty control message without MSG_MORE.
[  158.820905][ T5998] usb 10-1: USB disconnect, device number 2
[  158.835522][ T5998] appletouch 10-1:1.0: input: appletouch disconnected
[  158.860105][ T5947] Bluetooth: hci0: command tx timeout
[  159.500072][ T5306] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  159.641855][T12431] Cannot find add_set index 0 as target
[  159.656832][T12433] bridge2: the hash_elasticity option has been deprecated and is always 16
[  159.680961][ T5998] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  159.834318][T12444] ubi31: attaching mtd0
[  159.837526][T12444] ubi31: scanning is finished
[  159.839051][T12444] ubi31: empty MTD device detected
[  159.851951][ T5998] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  159.855542][ T5998] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  159.858963][ T5998] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  159.862086][ T5998] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  159.866325][ T5998] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  159.868963][ T5998] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.873164][ T5998] usb 9-1: config 0 descriptor??
[  159.931180][T12444] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  159.933934][T12444] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  159.936329][T12444] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  159.938491][T12444] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  159.940935][T12444] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  159.943920][T12444] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  159.947314][T12444] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2637519038
[  159.951664][T12444] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  159.955893][T12446] ubi31: background thread "ubi_bgt31d" started, PID 12446
[  160.092375][ T5998] usbhid 9-1:0.0: can't add hid device: -71
[  160.098369][ T5998] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  160.106164][ T5998] usb 9-1: USB disconnect, device number 9
[  160.189890][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  160.189901][   T40] audit: type=1804 audit(6982390148.350:782): pid=12468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.2302" name="/newroot/596/file0" dev="tmpfs" ino=3095 res=1 errno=0
[  160.383939][   T40] audit: type=1400 audit(6982390148.550:783): avc:  denied  { append } for  pid=12482 comm="syz.3.2308" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  160.530084][   T40] audit: type=1804 audit(6982390148.690:784): pid=12498 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.2315" name="/newroot/252/file0" dev="tmpfs" ino=1306 res=1 errno=0
[  160.755158][ T9719] bond0: (slave syz_tun): Releasing backup interface
[  160.764837][ T5947] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  160.770706][ T5947] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  160.774645][ T5947] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  160.778438][ T5947] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  160.785001][ T5947] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  160.858975][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  160.863347][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.910819][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  160.914095][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.940055][ T5947] Bluetooth: hci0: command tx timeout
[  160.976312][T12516] chnl_net:caif_netlink_parms(): no params data found
[  161.063663][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  161.069873][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.077512][T12516] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.079736][T12516] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.082879][T12516] bridge_slave_0: entered allmulticast mode
[  161.085502][T12516] bridge_slave_0: entered promiscuous mode
[  161.088889][T12516] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.091244][T12516] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.093585][T12516] bridge_slave_1: entered allmulticast mode
[  161.096183][T12516] bridge_slave_1: entered promiscuous mode
[  161.126565][T12516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.130926][T12516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.179187][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  161.184146][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.191905][T12516] team0: Port device team_slave_0 added
[  161.197233][T12516] team0: Port device team_slave_1 added
[  161.228117][T12516] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.230426][T12516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.238141][T12516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.243588][T12516] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.245701][T12516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.254727][T12516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.298526][T12516] hsr_slave_0: entered promiscuous mode
[  161.300821][T12516] hsr_slave_1: entered promiscuous mode
[  161.400768][   T12] bridge0: port 3(batadv0) entered disabled state
[  161.403901][   T12] bridge_slave_1: left allmulticast mode
[  161.405665][   T12] bridge_slave_1: left promiscuous mode
[  161.407488][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.546723][   T12] bond1 (unregistering): (slave gretap1): Releasing active interface
[  161.894414][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  161.898197][   T12] bond0 (unregistering): Released all slaves
[  161.964189][   T12] bond1 (unregistering): Released all slaves
[  161.976255][T12555] xfrm1: entered allmulticast mode
[  162.041874][   T12] : left promiscuous mode
[  162.273417][T12582] __nla_validate_parse: 9 callbacks suppressed
[  162.273427][T12582] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2337'.
[  162.467292][T12600] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2342'.
[  162.544259][   T40] audit: type=1400 audit(6982390150.710:785): avc:  denied  { getattr } for  pid=12607 comm="syz.5.2344" path="socket:[55509]" dev="sockfs" ino=55509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  162.553817][T12516] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  162.558557][T12516] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  162.564285][T12516] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  162.568163][T12516] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  162.623494][T12516] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.636486][T12516] 8021q: adding VLAN 0 to HW filter on device team0
[  162.644334][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.647322][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.655757][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.655826][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.797118][T12516] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.823892][T12516] veth0_vlan: entered promiscuous mode
[  162.832363][T12516] veth1_vlan: entered promiscuous mode
[  162.849274][   T12] hsr_slave_0: left promiscuous mode
[  162.852680][   T12] hsr_slave_1: left promiscuous mode
[  162.855295][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  162.857619][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  162.859982][ T5947] Bluetooth: hci1: command tx timeout
[  162.864422][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  162.867227][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  162.885554][   T12] veth1_macvtap: left promiscuous mode
[  162.887474][   T12] veth0_macvtap: left promiscuous mode
[  162.889507][   T12] veth1_vlan: left promiscuous mode
[  162.892274][   T12] veth0_vlan: left promiscuous mode
[  162.939857][ T5306] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  163.532804][   T12] team0 (unregistering): Port device team_slave_1 removed
[  163.612192][   T12] team0 (unregistering): Port device team_slave_0 removed
[  164.031418][T12516] veth0_macvtap: entered promiscuous mode
[  164.039782][T12516] veth1_macvtap: entered promiscuous mode
[  164.052967][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.056744][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.060620][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.064691][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.069165][T12516] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.078884][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.083447][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.086541][T12516] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.089914][T12516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.093726][T12516] batman_adv: batadv0: Interface activated: batadv_slave_1
[  164.099311][T12516] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.103325][T12516] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.106070][T12516] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.109208][T12516] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  164.172224][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.174597][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.195344][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.197784][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.322040][   T40] audit: type=1400 audit(6982390152.490:786): avc:  denied  { connect } for  pid=12655 comm="syz.3.2319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  164.389399][T12663] loop2: detected capacity change from 0 to 7
[  164.394783][T11108] Dev loop2: unable to read RDB block 7
[  164.396849][T11108]  loop2: unable to read partition table
[  164.398772][T11108] loop2: partition table beyond EOD, truncated
[  164.403844][T12663] Dev loop2: unable to read RDB block 7
[  164.405918][T12663]  loop2: unable to read partition table
[  164.408446][T12663] loop2: partition table beyond EOD, truncated
[  164.410806][T12663] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  164.611764][T12683] validate_nla: 3 callbacks suppressed
[  164.611775][T12683] netlink: 'syz.3.2369': attribute type 72 has an invalid length.
[  164.615903][T12683] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2369'.
[  164.647828][   T40] audit: type=1400 audit(6982390152.810:787): avc:  denied  { write } for  pid=12686 comm="syz.3.2370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  164.678247][   T40] audit: type=1400 audit(6982390152.840:788): avc:  denied  { bind } for  pid=12689 comm="syz.3.2371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  164.685852][   T40] audit: type=1400 audit(6982390152.850:789): avc:  denied  { ioctl } for  pid=12689 comm="syz.3.2371" path="socket:[56957]" dev="sockfs" ino=56957 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  164.839109][T12701] syz.3.2375 (12701) used greatest stack depth: 21064 bytes left
[  164.862644][T12703] netlink: 'syz.3.2376': attribute type 12 has an invalid length.
[  164.865398][T12703] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2376'.
[  164.892213][T12705] Cannot find add_set index 0 as target
[  164.949834][ T5306] Bluetooth: hci1: command tx timeout
[  165.152672][T12719] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  165.156942][T12718] fuse: Bad value for 'fd'
[  165.240968][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2384'.
[  165.247340][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2384'.
[  165.249725][ T5998] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  165.252889][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2384'.
[  165.257760][T12725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2384'.
[  165.401141][ T5998] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  165.404808][ T5998] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  165.407924][ T5998] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  165.412309][ T5998] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  165.415718][ T5998] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.419354][ T5998] usb 9-1: config 0 descriptor??
[  165.491274][T12744] netlink: 'syz.5.2388': attribute type 12 has an invalid length.
[  165.493788][T12744] netlink: 248 bytes leftover after parsing attributes in process `syz.5.2388'.
[  165.827087][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.829450][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.832941][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.835278][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.837637][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.840349][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.842687][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.844948][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.847247][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.849673][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.852279][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.854866][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.857520][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.860413][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.863226][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.865553][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.867923][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.870398][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.872679][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.874978][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.877301][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.879770][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.882396][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.884655][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.887145][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.889423][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.891944][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.894421][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.896749][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.899079][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.902160][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.904521][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.906840][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.909123][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.911762][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.914079][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.916374][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.918671][ T5998] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  165.921879][ T5998] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  165.928908][ T5998] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  166.084526][   T40] audit: type=1326 audit(6982390154.251:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12711 comm="syz.4.2379" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efed4b8e969 code=0x0
[  166.178438][ T1139] Bluetooth: hci3: Frame reassembly failed (-84)
[  166.263845][T12770] netlink: 'syz.1.2396': attribute type 12 has an invalid length.
[  166.266972][T12770] netlink: 'syz.1.2396': attribute type 29 has an invalid length.
[  166.270599][T12770] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2396'.
[  166.274353][T12770] netlink: 'syz.1.2396': attribute type 2 has an invalid length.
[  166.416686][T12779] hpfs: hpfs_map_sector(): read error
[  166.471443][   T40] audit: type=1400 audit(6982390922.643:791): avc:  denied  { remount } for  pid=12778 comm="syz.1.2399" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  167.029727][ T5947] Bluetooth: hci1: command tx timeout
[  167.190241][   T34] usb 9-1: reset high-speed USB device number 10 using dummy_hcd
[  167.291775][T12811] vcan0: entered allmulticast mode
[  167.294755][T12811] netlink: 'syz.1.2403': attribute type 1 has an invalid length.
[  167.480577][   T40] audit: type=1400 audit(6982390923.653:792): avc:  denied  { read } for  pid=12838 comm="syz.1.2411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  167.536012][T12842] syz.1.2411: attempt to access beyond end of device
[  167.536012][T12842] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  167.540176][T12842] gfs2: error -5 reading superblock
[  167.555615][   T40] audit: type=1400 audit(6982390923.723:793): avc:  denied  { connect } for  pid=12838 comm="syz.1.2411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  167.834878][T12853] lo: entered allmulticast mode
[  167.913359][T12856] Cannot find add_set index 0 as target
[  168.121109][T12870] nfs: Unknown parameter 'ŸrûEæ/'
[  168.147204][T12872] fuse: Bad value for 'fd'
[  168.229808][ T5947] Bluetooth: hci3: command 0x1003 tx timeout
[  168.231404][ T5306] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  168.283737][T12882] Cannot find add_set index 0 as target
[  168.368825][T12891] trusted_key: encrypted_key: master key parameter is missing
[  168.439386][T12901] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  168.442661][T12901] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  168.503636][T12910] SET target dimension over the limit!
[  168.665232][T12928] fuse: Bad value for 'user_id'
[  168.667474][T12928] fuse: Bad value for 'user_id'
[  168.785355][T12936] __nla_validate_parse: 1 callbacks suppressed
[  168.785367][T12936] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2447'.
[  168.796793][T12936] netlink: 'syz.4.2447': attribute type 3 has an invalid length.
[  168.872897][ T5998] usb 9-1: USB disconnect, device number 10
[  169.100615][ T5306] Bluetooth: hci1: command tx timeout
[  169.113407][   T40] audit: type=1400 audit(6982391693.279:794): avc:  denied  { connect } for  pid=12965 comm="syz.3.2460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  169.120681][   T40] audit: type=1400 audit(6982391693.289:795): avc:  denied  { read } for  pid=12965 comm="syz.3.2460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  169.178831][   T40] audit: type=1400 audit(6982391693.339:796): avc:  denied  { mount } for  pid=12971 comm="syz.4.2463" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  169.181593][T12972] devtmpfs: Unknown parameter '_'
[  169.186209][   T40] audit: type=1400 audit(6982391693.349:797): avc:  denied  { remount } for  pid=12971 comm="syz.4.2463" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  169.704931][   T40] audit: type=1400 audit(6982391693.869:798): avc:  denied  { unmount } for  pid=9673 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  169.890935][T12998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2472'.
[  169.893538][T12998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2472'.
[  169.896112][T12998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2472'.
[  170.055402][T13012] netlink: 'syz.1.2479': attribute type 12 has an invalid length.
[  170.057875][T13012] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2479'.
[  170.238843][   T40] audit: type=1400 audit(6982391694.399:799): avc:  denied  { listen } for  pid=13042 comm="syz.4.2491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  170.262963][ T5998] IPVS: starting estimator thread 0...
[  170.350035][T13046] IPVS: using max 44 ests per chain, 105600 per kthread
[  170.690657][T13072] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=48187 sclass=netlink_route_socket pid=13072 comm=syz.3.2501
[  171.090918][   T40] kauditd_printk_skb: 41 callbacks suppressed
[  171.090929][   T40] audit: type=1400 audit(6982392463.262:841): avc:  denied  { unmount } for  pid=9673 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  171.199045][T13114] netlink: 'syz.3.2515': attribute type 12 has an invalid length.
[  171.205038][T13114] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2515'.
[  171.294258][   T40] audit: type=1400 audit(6982393231.462:842): avc:  denied  { map } for  pid=13119 comm="syz.3.2518" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  171.326514][T13122] netlink: 'syz.3.2519': attribute type 12 has an invalid length.
[  171.328977][T13122] netlink: 'syz.3.2519': attribute type 29 has an invalid length.
[  171.332528][T13122] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2519'.
[  171.335335][T13122] netlink: 'syz.3.2519': attribute type 2 has an invalid length.
[  171.337761][T13122] netlink: 43 bytes leftover after parsing attributes in process `syz.3.2519'.
[  171.455301][T13127] netlink: zone id is out of range
[  171.733246][T13148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2531'.
[  171.736178][   T40] audit: type=1400 audit(6982393999.903:843): avc:  denied  { bind } for  pid=13147 comm="syz.5.2530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  171.744575][   T40] audit: type=1400 audit(6982393999.903:844): avc:  denied  { name_bind } for  pid=13147 comm="syz.5.2530" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  171.749144][T13143] tmpfs: Unknown parameter 'ÿÿrqu*ta_bloclimit5'
[  171.761045][   T40] audit: type=1400 audit(6982393999.903:845): avc:  denied  { node_bind } for  pid=13147 comm="syz.5.2530" saddr=ff01::1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  171.807093][T13157] Cannot find add_set index 0 as target
[  171.811659][T13159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2533'.
[  171.828954][T13161] netlink: 'syz.5.2535': attribute type 12 has an invalid length.
[  171.854236][T13166] netlink: 'syz.5.2537': attribute type 2 has an invalid length.
[  171.950191][T13180] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  171.953357][T13180] IPv6: NLM_F_CREATE should be set when creating new route
[  171.966289][T13180] lo: entered allmulticast mode
[  171.977579][T13180] tunl0: entered allmulticast mode
[  171.979770][T13184] Cannot find add_set index 0 as target
[  171.983367][T13186] tmpfs: Bad value for 'mpol'
[  171.984831][T13180] gre0: entered allmulticast mode
[  171.995251][T13180] gretap0: entered allmulticast mode
[  172.003988][T13180] erspan0: entered allmulticast mode
[  172.007949][T13189] netlink: 'syz.5.2547': attribute type 1 has an invalid length.
[  172.009225][T13180] ip_vti0: entered allmulticast mode
[  172.015267][T13180] ip6_vti0: entered allmulticast mode
[  172.018412][T13180] sit0: entered allmulticast mode
[  172.023781][T13180] ip6tnl0: entered allmulticast mode
[  172.027046][T13180] ip6gre0: entered allmulticast mode
[  172.033601][T13180] syz_tun: entered allmulticast mode
[  172.038262][T13180] ip6gretap0: entered allmulticast mode
[  172.044012][T13180] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.046339][T13180] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.049378][T13180] bridge0: entered allmulticast mode
[  172.053230][T13180] vcan0: entered allmulticast mode
[  172.056460][T13180] bond0: entered allmulticast mode
[  172.058021][T13180] bond_slave_0: entered allmulticast mode
[  172.059725][T13180] bond_slave_1: entered allmulticast mode
[  172.065048][T13180] team0: entered allmulticast mode
[  172.066639][T13180] team_slave_0: entered allmulticast mode
[  172.068302][T13180] team_slave_1: entered allmulticast mode
[  172.073617][T13180] dummy0: entered allmulticast mode
[  172.081827][T13180] nlmon0: entered allmulticast mode
[  172.084120][T13180] caif0: entered allmulticast mode
[  172.085831][T13180] batadv0: entered allmulticast mode
[  172.089229][T13180] vxcan0: entered allmulticast mode
[  172.091739][T13180] vxcan1: entered allmulticast mode
[  172.094301][T13180] veth0: entered allmulticast mode
[  172.097713][T13180] veth1: entered allmulticast mode
[  172.101354][T13180] wg0: entered allmulticast mode
[  172.104699][T13180] wg1: entered allmulticast mode
[  172.109650][T13180] wg2: entered allmulticast mode
[  172.113570][T13180] veth0_to_bridge: entered allmulticast mode
[  172.118671][T13180] veth1_to_bridge: entered allmulticast mode
[  172.125313][T13180] veth0_to_bond: entered allmulticast mode
[  172.133227][T13180] veth1_to_bond: entered allmulticast mode
[  172.137735][T13180] veth0_to_team: entered allmulticast mode
[  172.142715][T13180] veth1_to_team: entered allmulticast mode
[  172.148951][T13180] veth0_to_batadv: entered allmulticast mode
[  172.155764][T13180] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.159795][T13180] batadv_slave_0: entered allmulticast mode
[  172.168003][T13180] veth1_to_batadv: entered allmulticast mode
[  172.173560][T13180] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.182403][T13180] batadv_slave_1: entered allmulticast mode
[  172.188410][T13180] xfrm0: entered allmulticast mode
[  172.194474][T13180] veth0_to_hsr: entered allmulticast mode
[  172.199153][T13180] hsr_slave_0: entered allmulticast mode
[  172.204247][T13180] veth1_to_hsr: entered allmulticast mode
[  172.209437][T13180] hsr_slave_1: entered allmulticast mode
[  172.215692][T13180] hsr0: entered allmulticast mode
[  172.221871][T13180] veth1_virt_wifi: entered allmulticast mode
[  172.227651][T13180] veth0_virt_wifi: entered allmulticast mode
[  172.232283][T13180] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  172.236761][T13180] veth1_vlan: entered allmulticast mode
[  172.243492][T13180] veth0_vlan: entered allmulticast mode
[  172.256031][T13180] vlan0: entered allmulticast mode
[  172.258039][T13180] vlan1: entered allmulticast mode
[  172.261350][T13180] macvlan0: entered allmulticast mode
[  172.266168][T13180] macvlan1: entered allmulticast mode
[  172.270553][T13180] ipvlan0: entered allmulticast mode
[  172.272534][   T40] audit: type=1400 audit(6982394000.442:846): avc:  denied  { mounton } for  pid=13199 comm="syz.5.2551" path="/92/file0" dev="gadgetfs" ino=6804 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  172.280163][T13180] ipvlan1: entered allmulticast mode
[  172.283567][T13180] veth1_macvtap: entered allmulticast mode
[  172.289169][T13180] veth0_macvtap: entered allmulticast mode
[  172.294043][T13180] macvtap0: entered allmulticast mode
[  172.297455][T13180] macsec0: entered allmulticast mode
[  172.301430][T13180] geneve0: entered allmulticast mode
[  172.304825][T13180] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.307700][T13180] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.310710][T13180] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.313768][T13180] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.317534][T13180] geneve1: entered allmulticast mode
[  172.321826][T13180] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  172.327994][T13180] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  172.331694][T13180] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  172.335255][T13180] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  172.343320][T13180] mac80211_hwsim hwsim31 wlan0: entered allmulticast mode
[  172.350232][T13180] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode
[  172.354205][T13180] mac80211_hwsim hwsim33 wlan2: entered allmulticast mode
[  172.356597][T13180] mac80211_hwsim hwsim34 wlan3: entered allmulticast mode
[  172.358926][T13180] mac80211_hwsim hwsim35 wlan4: entered allmulticast mode
[  172.375012][   T40] audit: type=1400 audit(6982394000.542:847): avc:  denied  { unmount } for  pid=11956 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  172.417465][T13209] only policy match revision 0 supported
[  172.417477][T13209] unable to load match
[  172.538476][T13219] netlink: 'syz.3.2558': attribute type 1 has an invalid length.
[  172.580608][T13229] Bluetooth: MGMT ver 1.23
[  172.601264][T13234] syz.3.2564: attempt to access beyond end of device
[  172.601264][T13234] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0
[  172.605765][T13234] syz.3.2564: attempt to access beyond end of device
[  172.605765][T13234] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0
[  172.634523][T13238] netlink: 'syz.4.2566': attribute type 10 has an invalid length.
[  172.643702][T13238] 8021q: adding VLAN 0 to HW filter on device team0
[  172.647001][T13238] bond0: (slave team0): Enslaving as an active interface with an up link
[  172.759326][T13245] FAULT_INJECTION: forcing a failure.
[  172.759326][T13245] name failslab, interval 1, probability 0, space 0, times 0
[  172.764153][T13245] CPU: 0 UID: 0 PID: 13245 Comm: syz.1.2569 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  172.764171][T13245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  172.764178][T13245] Call Trace:
[  172.764182][T13245]  <TASK>
[  172.764186][T13245]  dump_stack_lvl+0x16c/0x1f0
[  172.764219][T13245]  should_fail_ex+0x512/0x640
[  172.764236][T13245]  ? __kmalloc_noprof+0xbf/0x510
[  172.764254][T13245]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  172.764273][T13245]  should_failslab+0xc2/0x120
[  172.764286][T13245]  __kmalloc_noprof+0xd2/0x510
[  172.764298][T13245]  ? avc_has_perm_noaudit+0x149/0x3b0
[  172.764311][T13245]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  172.764333][T13245]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  172.764351][T13245]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  172.764373][T13245]  ? bpf_lsm_capable+0x9/0x10
[  172.764383][T13245]  ? security_capable+0x7e/0x260
[  172.764396][T13245]  ? ns_capable+0xd7/0x110
[  172.764411][T13245]  genl_rcv_msg+0x55c/0x800
[  172.764430][T13245]  ? __pfx_genl_rcv_msg+0x10/0x10
[  172.764446][T13245]  ? __pfx___dev_queue_xmit+0x10/0x10
[  172.764458][T13245]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  172.764472][T13245]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  172.764481][T13245]  ? __pfx_nl80211_post_doit+0x10/0x10
[  172.764497][T13245]  ? __lock_acquire+0xaa4/0x1ba0
[  172.764510][T13245]  netlink_rcv_skb+0x16a/0x440
[  172.764525][T13245]  ? __pfx_genl_rcv_msg+0x10/0x10
[  172.764543][T13245]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  172.764579][T13245]  ? __pfx_down_read+0x10/0x10
[  172.764597][T13245]  ? netlink_deliver_tap+0x1ae/0xd30
[  172.764614][T13245]  genl_rcv+0x28/0x40
[  172.764629][T13245]  netlink_unicast+0x53a/0x7f0
[  172.764645][T13245]  ? __pfx_netlink_unicast+0x10/0x10
[  172.764664][T13245]  netlink_sendmsg+0x8d1/0xdd0
[  172.764682][T13245]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.764702][T13245]  ____sys_sendmsg+0xa95/0xc70
[  172.764720][T13245]  ? copy_msghdr_from_user+0x10a/0x160
[  172.764733][T13245]  ? __pfx_____sys_sendmsg+0x10/0x10
[  172.764757][T13245]  ___sys_sendmsg+0x134/0x1d0
[  172.764771][T13245]  ? __pfx____sys_sendmsg+0x10/0x10
[  172.764801][T13245]  __sys_sendmsg+0x16d/0x220
[  172.764815][T13245]  ? __pfx___sys_sendmsg+0x10/0x10
[  172.764832][T13245]  ? rcu_is_watching+0x12/0xc0
[  172.764850][T13245]  do_syscall_64+0xcd/0x260
[  172.764867][T13245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.764878][T13245] RIP: 0033:0x7f201d38e969
[  172.764887][T13245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.764898][T13245] RSP: 002b:00007f201e11d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  172.764908][T13245] RAX: ffffffffffffffda RBX: 00007f201d5b5fa0 RCX: 00007f201d38e969
[  172.764915][T13245] RDX: 0000000000000010 RSI: 0000200000000240 RDI: 0000000000000003
[  172.764921][T13245] RBP: 00007f201e11d090 R08: 0000000000000000 R09: 0000000000000000
[  172.764927][T13245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.764933][T13245] R13: 0000000000000000 R14: 00007f201d5b5fa0 R15: 00007ffe37f53748
[  172.764946][T13245]  </TASK>
[  172.868932][    C0] vkms_vblank_simulate: vblank timer overrun
[  172.985420][T13270] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  172.988606][T13270] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  173.166388][T13286] lo speed is unknown, defaulting to 1000
[  173.168283][T13286] lo speed is unknown, defaulting to 1000
[  173.170680][T13286] lo speed is unknown, defaulting to 1000
[  173.177509][T13286] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  173.189080][T13286] lo speed is unknown, defaulting to 1000
[  173.193053][T13286] lo speed is unknown, defaulting to 1000
[  173.195851][T13286] lo speed is unknown, defaulting to 1000
[  173.198393][T13286] lo speed is unknown, defaulting to 1000
[  173.217730][   T40] audit: type=1400 audit(6982394001.382:848): avc:  denied  { read } for  pid=13289 comm="syz.1.2589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  173.792737][   T40] audit: type=1400 audit(6982394001.962:849): avc:  denied  { create } for  pid=13309 comm="syz.4.2597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  173.809195][   T40] audit: type=1400 audit(6982394001.972:850): avc:  denied  { getopt } for  pid=13309 comm="syz.4.2597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  173.854910][T13313] fuse: Bad value for 'fd'
[  174.122766][T13337] fuse: Bad value for 'fd'
[  174.147747][T13340] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  174.152563][T13340] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  174.209839][T13344] tmpfs: Unknown parameter 'ÿÿrqu*ta_bloclimit5'
[  174.435245][T13352] Cannot find add_set index 0 as target
[  175.202681][T13376] validate_nla: 2 callbacks suppressed
[  175.202697][T13376] netlink: 'syz.3.2623': attribute type 1 has an invalid length.
[  175.206824][T13376] __nla_validate_parse: 9 callbacks suppressed
[  175.206830][T13376] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2623'.
[  175.262084][T13384] tipc: Started in network mode
[  175.263680][T13384] tipc: Node identity 56957574fa7, cluster identity 4711
[  175.265996][T13384] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  175.287559][T13384] can: request_module (can-proto-0) failed.
[  175.291726][T13384] syzkaller0: MTU too low for tipc bearer
[  175.293546][T13384] tipc: Disabling bearer <eth:syzkaller0>
[  175.335209][T13392] netlink: 'syz.5.2628': attribute type 12 has an invalid length.
[  175.340669][T13392] netlink: 248 bytes leftover after parsing attributes in process `syz.5.2628'.
[  175.473324][T13411] netlink: 'syz.5.2638': attribute type 1 has an invalid length.
[  175.475869][T13411] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2638'.
[  175.572576][T13423] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  175.577833][T13423] qnx6: wrong signature (magic) in superblock #1.
[  175.580971][T13423] qnx6: unable to read the first superblock
[  175.584770][T13425] netlink: 'syz.5.2644': attribute type 12 has an invalid length.
[  175.585040][T13423] Invalid logical block size (2)
[  175.587229][T13425] netlink: 248 bytes leftover after parsing attributes in process `syz.5.2644'.
[  175.624339][T13429] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  175.631073][T13429] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  175.740539][ T5306] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  175.743505][ T5306] Bluetooth: hci4: Injecting HCI hardware error event
[  175.747498][ T5947] Bluetooth: hci4: hardware error 0x00
[  175.815569][T13436] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2648'.
[  176.054474][T13449] netlink: 'syz.5.2654': attribute type 1 has an invalid length.
[  176.056885][T13449] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2654'.
[  176.463942][T13482] netlink: 'syz.3.2667': attribute type 1 has an invalid length.
[  176.466266][T13482] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2667'.
[  176.571183][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  176.571194][   T40] audit: type=1400 audit(6982396308.726:859): avc:  denied  { create } for  pid=13491 comm="syz.5.2672" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1
[  176.586753][   T40] audit: type=1400 audit(6982396308.736:860): avc:  denied  { rename } for  pid=13491 comm="syz.5.2672" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="ramfs" ino=58335 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1
[  176.769844][T13505] netlink: 'syz.1.2677': attribute type 1 has an invalid length.
[  176.772509][T13505] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2677'.
[  176.804680][T13507] netlink: 'syz.1.2678': attribute type 12 has an invalid length.
[  176.807676][T13507] netlink: 'syz.1.2678': attribute type 29 has an invalid length.
[  176.810188][T13507] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2678'.
[  176.813588][T13507] netlink: 'syz.1.2678': attribute type 2 has an invalid length.
[  176.816025][T13507] netlink: 43 bytes leftover after parsing attributes in process `syz.1.2678'.
[  177.039436][   T40] audit: type=1400 audit(6982397077.199:861): avc:  denied  { mount } for  pid=13523 comm="syz.1.2686" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  177.050700][   T40] audit: type=1400 audit(6982397077.209:862): avc:  denied  { unmount } for  pid=11563 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  177.097555][T13538] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  177.189098][   T40] audit: type=1400 audit(6982397077.349:863): avc:  denied  { module_load } for  pid=13545 comm="syz.5.2694" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="hugetlbfs" ino=61593 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=system permissive=1
[  177.211350][T13546] Invalid ELF header magic: != ELF
[  177.386344][   T40] audit: type=1400 audit(6982397077.549:864): avc:  denied  { setopt } for  pid=13556 comm="syz.5.2698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  177.830671][ T5947] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  178.150083][   T40] audit: type=1400 audit(6982397078.309:865): avc:  denied  { create } for  pid=13618 comm="syz.1.2722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  178.156867][   T40] audit: type=1400 audit(6982397078.319:866): avc:  denied  { ioctl } for  pid=13618 comm="syz.1.2722" path="socket:[59790]" dev="sockfs" ino=59790 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  178.158836][T13622] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  178.167682][T13622] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  178.291186][T13631] mkiss: ax0: crc mode is auto.
[  178.305461][T13635] SET target dimension over the limit!
[  178.467281][T13644] fuse: Bad value for 'fd'
[  178.619821][T13659] input input20: cannot allocate more than FF_MAX_EFFECTS effects
[  179.038378][T13669] fuse: Bad value for 'fd'
[  179.065726][T13671] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[  179.544386][   T40] audit: type=1326 audit(6982397847.711:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13691 comm="syz.5.2752" exe="/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7f5244b2ab39 code=0x0
[  179.595328][   T40] audit: type=1400 audit(6982397847.761:868): avc:  denied  { mounton } for  pid=13691 comm="syz.5.2752" path="/153/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  179.898448][T13717] futex_wake_op: syz.1.2761 tries to shift op by 32; fix this program
[  180.123747][T13727] SET target dimension over the limit!
[  180.260211][T13746] validate_nla: 11 callbacks suppressed
[  180.260222][T13746] netlink: 'syz.1.2775': attribute type 12 has an invalid length.
[  180.265004][T13746] netlink: 'syz.1.2775': attribute type 29 has an invalid length.
[  180.267522][T13746] __nla_validate_parse: 11 callbacks suppressed
[  180.267530][T13746] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2775'.
[  180.272765][T13746] netlink: 'syz.1.2775': attribute type 2 has an invalid length.
[  180.275253][T13746] netlink: 43 bytes leftover after parsing attributes in process `syz.1.2775'.
[  180.445365][T13756] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13756 comm=syz.1.2779
[  180.476797][T13759] Cannot find add_set index 0 as target
[  180.575412][T13764] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2782'.
[  180.587063][T13764] bond0: entered promiscuous mode
[  180.589286][T13764] bond_slave_0: entered promiscuous mode
[  180.593992][T13764] bond_slave_1: entered promiscuous mode
[  180.598446][T13764] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  180.603745][T13764] bond0: left promiscuous mode
[  180.605851][T13764] bond_slave_0: left promiscuous mode
[  180.609153][T13764] bond_slave_1: left promiscuous mode
[  180.994558][T13770] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2783'.
[  180.999870][T13770] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2783'.
[  181.155110][T13774] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  181.480520][T13785] fuse: Unknown parameter '000000000000000000000030x0000000000000003'
[  181.895147][T13800] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2795'.
[  181.902644][T13800] bond0: entered promiscuous mode
[  181.904520][T13800] bond_slave_0: entered promiscuous mode
[  181.906564][T13800] bond_slave_1: entered promiscuous mode
[  181.909383][T13800] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  181.915616][T13800] bond0: left promiscuous mode
[  181.917700][T13800] bond_slave_0: left promiscuous mode
[  181.920018][T13800] bond_slave_1: left promiscuous mode
[  182.191045][T13820] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2803'.
[  182.610483][T13846] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  182.615636][T13846] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  183.149398][T13859] netlink: 'syz.4.2817': attribute type 10 has an invalid length.
[  183.425568][T13873] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2822'.
[  183.488852][T13877] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2824'.
[  183.492224][T13877] bridge_slave_0: left allmulticast mode
[  183.494253][T13877] bridge_slave_0: left promiscuous mode
[  183.496643][T13877] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.501657][T13877] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  183.513021][T13881] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2825'.
[  183.518822][T13881] bond0: entered promiscuous mode
[  183.520558][T13881] bond_slave_0: entered promiscuous mode
[  183.523085][T13881] bond_slave_1: entered promiscuous mode
[  183.525626][T13881] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  183.529024][T13881] bond0: left promiscuous mode
[  183.532329][T13881] bond_slave_0: left promiscuous mode
[  183.534101][T13881] bond_slave_1: left promiscuous mode
[  183.827072][T13889] lo speed is unknown, defaulting to 1000
[  184.284829][T13900] netlink: 'syz.3.2831': attribute type 1 has an invalid length.
[  184.375200][T13912] netlink: 'syz.3.2837': attribute type 12 has an invalid length.
[  184.377784][T13912] netlink: 'syz.3.2837': attribute type 29 has an invalid length.
[  184.380051][T13912] netlink: 'syz.3.2837': attribute type 2 has an invalid length.
[  184.444189][T13923] bond0: entered promiscuous mode
[  184.445898][T13923] bond_slave_0: entered promiscuous mode
[  184.447678][T13923] bond_slave_1: entered promiscuous mode
[  184.450058][T13923] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  184.454196][T13923] bond0: left promiscuous mode
[  184.455556][T13923] bond_slave_0: left promiscuous mode
[  184.457279][T13923] bond_slave_1: left promiscuous mode
[  184.474029][T13928] netlink: 'syz.3.2843': attribute type 12 has an invalid length.
[  184.648263][T13946] SET target dimension over the limit!
[  184.710262][T13952] netlink: 'syz.5.2855': attribute type 1 has an invalid length.
[  184.773920][T13958] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  184.854516][T13965] openvswitch: netlink: Unknown nsh attribute 0
[  184.856576][T13965] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  185.048636][T13977] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  185.477060][T14007] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  185.676481][T14014] SET target dimension over the limit!
[  185.701870][T14016] validate_nla: 4 callbacks suppressed
[  185.701882][T14016] netlink: 'syz.3.2881': attribute type 1 has an invalid length.
[  185.706729][T14016] __nla_validate_parse: 11 callbacks suppressed
[  185.706739][T14016] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2881'.
[  185.757057][T14021] netlink: 'syz.3.2882': attribute type 10 has an invalid length.
[  185.759543][T14021] mac80211_hwsim hwsim32 wlan1: left allmulticast mode
[  185.763070][T14021] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode
[  185.765466][T14021] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  185.888137][T14030] tipc: Started in network mode
[  185.889790][T14030] tipc: Node identity 080211000001, cluster identity 4711
[  185.892392][T14030] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  185.963760][T14035] fuse: Bad value for 'group_id'
[  185.965875][T14035] fuse: Bad value for 'group_id'
[  186.036517][T14041] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  186.227876][T14054] netlink: 'syz.5.2894': attribute type 1 has an invalid length.
[  186.230311][T14054] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2894'.
[  186.309063][T14061] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2897'.
[  186.316766][T14061] bond0: entered promiscuous mode
[  186.318660][T14061] bond_slave_0: entered promiscuous mode
[  186.320694][T14061] bond_slave_1: entered promiscuous mode
[  186.325059][T14061] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  186.328538][T14061] bond0: left promiscuous mode
[  186.330260][T14061] bond_slave_0: left promiscuous mode
[  186.332521][T14061] bond_slave_1: left promiscuous mode
[  186.616718][T14077] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  186.697465][T14086] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2907'.
[  186.704579][T14086] bond0: entered promiscuous mode
[  186.706183][T14086] bond_slave_0: entered promiscuous mode
[  186.708894][T14086] bond_slave_1: entered promiscuous mode
[  186.712732][T14086] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  186.716037][T14086] bond0: left promiscuous mode
[  186.717568][T14086] bond_slave_0: left promiscuous mode
[  186.719319][T14086] bond_slave_1: left promiscuous mode
[  186.774116][T14094] netlink: 'syz.4.2910': attribute type 1 has an invalid length.
[  186.776617][T14094] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2910'.
[  187.010227][T14109] FAULT_INJECTION: forcing a failure.
[  187.010227][T14109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  187.012507][   T58] tipc: Node number set to 134418688
[  187.014322][T14109] CPU: 1 UID: 0 PID: 14109 Comm: syz.3.2918 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  187.014338][T14109] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  187.014345][T14109] Call Trace:
[  187.014349][T14109]  <TASK>
[  187.014353][T14109]  dump_stack_lvl+0x16c/0x1f0
[  187.014384][T14109]  should_fail_ex+0x512/0x640
[  187.014403][T14109]  _copy_to_user+0x32/0xd0
[  187.014417][T14109]  simple_read_from_buffer+0xcb/0x170
[  187.014438][T14109]  proc_fail_nth_read+0x197/0x270
[  187.014455][T14109]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  187.014472][T14109]  ? rw_verify_area+0xcf/0x680
[  187.014486][T14109]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  187.014503][T14109]  vfs_read+0x1de/0xc70
[  187.014521][T14109]  ? __pfx___mutex_lock+0x10/0x10
[  187.014536][T14109]  ? __pfx_vfs_read+0x10/0x10
[  187.014555][T14109]  ? __fget_files+0x20e/0x3c0
[  187.014569][T14109]  ksys_read+0x12a/0x240
[  187.014578][T14109]  ? __pfx_ksys_read+0x10/0x10
[  187.014593][T14109]  ? rcu_is_watching+0x12/0xc0
[  187.014610][T14109]  do_syscall_64+0xcd/0x260
[  187.014626][T14109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.014637][T14109] RIP: 0033:0x7f2ee6b8d37c
[  187.014646][T14109] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  187.014656][T14109] RSP: 002b:00007f2ee49f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  187.014667][T14109] RAX: ffffffffffffffda RBX: 00007f2ee6db5fa0 RCX: 00007f2ee6b8d37c
[  187.014673][T14109] RDX: 000000000000000f RSI: 00007f2ee49f60a0 RDI: 0000000000000005
[  187.014679][T14109] RBP: 00007f2ee49f6090 R08: 0000000000000000 R09: 0000000000000000
[  187.014685][T14109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.014692][T14109] R13: 0000000000000000 R14: 00007f2ee6db5fa0 R15: 00007ffd7d3ba668
[  187.014705][T14109]  </TASK>
[  187.045092][T14115] program syz.3.2921 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  187.087400][T14123] SET target dimension over the limit!
[  187.114559][T14125] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2925'.
[  187.152933][T14133] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  187.156238][T14133] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  187.174579][T14135] netlink: 'syz.4.2930': attribute type 1 has an invalid length.
[  187.177012][T14135] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2930'.
[  187.375778][T14150] netlink: 'syz.4.2936': attribute type 1 has an invalid length.
[  187.378311][T14150] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2936'.
[  187.474812][T14158] netlink: 'syz.4.2938': attribute type 1 has an invalid length.
[  187.477435][T14158] nbd: error processing sock list
[  187.479947][T14158] block nbd0: shutting down sockets
[  187.565171][T14164] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  188.005083][T14173] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  188.022069][T14173] 9pnet: Could not find request transport: sdma
[  188.028005][T14178] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  188.038790][T14177] 9pnet: Could not find request transport: sdma
[  188.043498][T14181] SET target dimension over the limit!
[  188.138095][T14194] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2951'.
[  188.461088][ T5947] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  188.461190][ T5306] Bluetooth: hci3: command 0x1003 tx timeout
[  188.602173][T14235] SET target dimension over the limit!
[  188.924866][T14254] fuse: Unknown parameter 'P¡)VvêÀÏØÜ-ʆå^Pž\aÕ—ëT½ê¶ù<â½ÅíÑsŽ'
[  189.045299][T14260] nd_bus ndbus0: __nd_ioctl:bus unknown input size cmd: cmd_call field: 1
[  189.049780][T14260] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14260 comm=syz.4.2980
[  189.310466][T14272] Cannot find add_set index 0 as target
[  189.689352][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  189.689367][   T40] audit: type=1400 audit(6982403233.850:875): avc:  denied  { load_policy } for  pid=14278 comm="syz.5.2988" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  189.692350][T14279] SELinux: security policydb version 18 (MLS) not backwards compatible
[  189.703077][T14279] SELinux: failed to load policy
[  189.798707][T14287] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  190.078638][   T40] audit: type=1400 audit(6982403234.240:876): avc:  denied  { accept } for  pid=14294 comm="syz.5.2994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  190.139498][T14301] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2997'.
[  190.186916][T14305] netlink: set zone limit has 8 unknown bytes
[  190.471640][T14335] bond0: entered promiscuous mode
[  190.473296][T14335] bond_slave_0: entered promiscuous mode
[  190.475193][T14335] bond_slave_1: entered promiscuous mode
[  190.477082][T14335] team0: entered promiscuous mode
[  190.478653][T14335] team_slave_0: entered promiscuous mode
[  190.480824][T14335] team_slave_1: entered promiscuous mode
[  190.484195][T14335] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  190.487273][T14335] bond0: left promiscuous mode
[  190.488811][T14335] bond_slave_0: left promiscuous mode
[  190.490595][T14335] bond_slave_1: left promiscuous mode
[  190.492708][T14335] team0: left promiscuous mode
[  190.494328][T14335] team_slave_0: left promiscuous mode
[  190.496126][T14335] team_slave_1: left promiscuous mode
[  191.283197][T14393] __nla_validate_parse: 3 callbacks suppressed
[  191.283210][T14393] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3031'.
[  191.295920][T14393] bond0: entered promiscuous mode
[  191.298092][T14393] bond_slave_0: entered promiscuous mode
[  191.300501][T14393] bond_slave_1: entered promiscuous mode
[  191.303426][T14393] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  191.308261][T14393] bond0: left promiscuous mode
[  191.310322][T14393] bond_slave_0: left promiscuous mode
[  191.312980][T14393] bond_slave_1: left promiscuous mode
[  191.330374][   T40] audit: type=1400 audit(6982403235.490:877): avc:  denied  { accept } for  pid=14394 comm="syz.4.3032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  191.532123][   T40] audit: type=1400 audit(6982403235.700:878): avc:  denied  { ioctl } for  pid=14394 comm="syz.4.3032" path="socket:[65202]" dev="sockfs" ino=65202 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  191.545166][T14404] FAULT_INJECTION: forcing a failure.
[  191.545166][T14404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  191.550634][T14404] CPU: 0 UID: 0 PID: 14404 Comm: syz.1.3035 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  191.550659][T14404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  191.550671][T14404] Call Trace:
[  191.550678][T14404]  <TASK>
[  191.550686][T14404]  dump_stack_lvl+0x16c/0x1f0
[  191.550715][T14404]  should_fail_ex+0x512/0x640
[  191.550739][T14404]  _copy_to_user+0x32/0xd0
[  191.550763][T14404]  video_usercopy+0xf3e/0x1720
[  191.550792][T14404]  ? __pfx___video_do_ioctl+0x10/0x10
[  191.550818][T14404]  ? selinux_bprm_creds_for_exec+0xc41/0xc60
[  191.550847][T14404]  ? __pfx_video_usercopy+0x10/0x10
[  191.550889][T14404]  v4l2_ioctl+0x1ba/0x250
[  191.550915][T14404]  ? __pfx_v4l2_ioctl+0x10/0x10
[  191.550940][T14404]  __x64_sys_ioctl+0x190/0x200
[  191.550969][T14404]  do_syscall_64+0xcd/0x260
[  191.550996][T14404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.551014][T14404] RIP: 0033:0x7f201d38e969
[  191.551030][T14404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.551047][T14404] RSP: 002b:00007f201e11d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  191.551063][T14404] RAX: ffffffffffffffda RBX: 00007f201d5b5fa0 RCX: 00007f201d38e969
[  191.551073][T14404] RDX: 0000200000000240 RSI: 00000000c0285628 RDI: 0000000000000003
[  191.551082][T14404] RBP: 00007f201e11d090 R08: 0000000000000000 R09: 0000000000000000
[  191.551092][T14404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.551102][T14404] R13: 0000000000000000 R14: 00007f201d5b5fa0 R15: 00007ffe37f53748
[  191.551124][T14404]  </TASK>
[  191.572202][ T5998] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  191.781530][T14418] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  191.974026][T14422] netlink: 'syz.1.3042': attribute type 1 has an invalid length.
[  191.976905][T14422] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3042'.
[  192.166473][T14444] FAULT_INJECTION: forcing a failure.
[  192.166473][T14444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  192.169703][T14442] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3052'.
[  192.170343][T14444] CPU: 1 UID: 0 PID: 14444 Comm: syz.1.3053 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  192.170359][T14444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  192.170366][T14444] Call Trace:
[  192.170370][T14444]  <TASK>
[  192.170374][T14444]  dump_stack_lvl+0x16c/0x1f0
[  192.170393][T14444]  should_fail_ex+0x512/0x640
[  192.170407][T14444]  _copy_to_user+0x32/0xd0
[  192.170421][T14444]  simple_read_from_buffer+0xcb/0x170
[  192.170439][T14444]  proc_fail_nth_read+0x197/0x270
[  192.170456][T14444]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  192.170473][T14444]  ? rw_verify_area+0xcf/0x680
[  192.170487][T14444]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  192.170503][T14444]  vfs_read+0x1de/0xc70
[  192.170521][T14444]  ? __pfx___mutex_lock+0x10/0x10
[  192.170536][T14444]  ? __pfx_vfs_read+0x10/0x10
[  192.170555][T14444]  ? __fget_files+0x20e/0x3c0
[  192.170569][T14444]  ksys_read+0x12a/0x240
[  192.170577][T14444]  ? __pfx_ksys_read+0x10/0x10
[  192.170592][T14444]  ? v4l2_ioctl+0x1c5/0x250
[  192.170612][T14444]  do_syscall_64+0xcd/0x260
[  192.170627][T14444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.170638][T14444] RIP: 0033:0x7f201d38d37c
[  192.170647][T14444] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  192.170657][T14444] RSP: 002b:00007f201e11d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  192.170667][T14444] RAX: ffffffffffffffda RBX: 00007f201d5b5fa0 RCX: 00007f201d38d37c
[  192.170674][T14444] RDX: 000000000000000f RSI: 00007f201e11d0a0 RDI: 0000000000000004
[  192.170680][T14444] RBP: 00007f201e11d090 R08: 0000000000000000 R09: 0000000000000000
[  192.170686][T14444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.170692][T14444] R13: 0000000000000000 R14: 00007f201d5b5fa0 R15: 00007ffe37f53748
[  192.170705][T14444]  </TASK>
[  192.223492][T14446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3054'.
[  192.239616][T14446] bridge_slave_0: left allmulticast mode
[  192.242080][T14446] bridge_slave_0: left promiscuous mode
[  192.246494][T14446] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.253146][T14446] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  192.262940][T14442] bond0: entered promiscuous mode
[  192.264624][T14442] bond_slave_0: entered promiscuous mode
[  192.266474][T14442] bond_slave_1: entered promiscuous mode
[  192.269008][T14442] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  192.272277][T14442] bond0: left promiscuous mode
[  192.273838][T14442] bond_slave_0: left promiscuous mode
[  192.275615][T14442] bond_slave_1: left promiscuous mode
[  192.343647][T14449] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3055'.
[  192.347393][T14449] netlink: 'syz.1.3055': attribute type 30 has an invalid length.
[  192.356052][T14449] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  192.359416][T14449] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  192.362359][T14449] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  192.365083][T14449] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  192.496232][T14458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3058'.
[  192.678341][T14480] overlayfs: failed to resolve './file1': -2
[  192.697872][T14483] netlink: 'syz.3.3068': attribute type 12 has an invalid length.
[  192.700251][T14483] netlink: 'syz.3.3068': attribute type 29 has an invalid length.
[  192.705069][T14483] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3068'.
[  192.707901][T14483] netlink: 'syz.3.3068': attribute type 2 has an invalid length.
[  192.710583][T14483] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3068'.
[  192.735932][T14480] netlink: 'syz.5.3067': attribute type 1 has an invalid length.
[  192.739056][T14480] netlink: 'syz.5.3067': attribute type 3 has an invalid length.
[  192.743343][T14480] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3067'.
[  192.747040][T14480] NCSI netlink: No device for ifindex 0
[  192.786697][T14492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3071'.
[  193.088361][T14506] bond0: entered promiscuous mode
[  193.090171][T14506] bond_slave_0: entered promiscuous mode
[  193.092627][T14506] bond_slave_1: entered promiscuous mode
[  193.095274][T14506] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  193.098571][T14506] bond0: left promiscuous mode
[  193.100188][T14506] bond_slave_0: left promiscuous mode
[  193.102569][T14506] bond_slave_1: left promiscuous mode
[  193.207729][   T45] BUG: sleeping function called from invalid context at mm/util.c:743
[  193.211165][   T45] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 45, name: kcompactd0
[  193.214757][   T45] preempt_count: 1, expected: 0
[  193.216745][   T45] RCU nest depth: 0, expected: 0
[  193.218376][   T45] 1 lock held by kcompactd0/45:
[  193.219874][   T45]  #0: ffff88810448e5c8 (&mapping->i_private_lock){+.+.}-{3:3}, at: __buffer_migrate_folio+0x25b/0x690
[  193.223381][   T45] Preemption disabled at:
[  193.223387][   T45] [<0000000000000000>] 0x0
[  193.226213][   T45] CPU: 2 UID: 0 PID: 45 Comm: kcompactd0 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) 
[  193.226227][   T45] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  193.226234][   T45] Call Trace:
[  193.226238][   T45]  <TASK>
[  193.226242][   T45]  dump_stack_lvl+0x16c/0x1f0
[  193.226259][   T45]  __might_resched+0x3c0/0x5e0
[  193.226274][   T45]  ? __free_frozen_pages+0x72a/0xff0
[  193.226291][   T45]  ? __pfx___might_resched+0x10/0x10
[  193.226308][   T45]  folio_mc_copy+0xfb/0x190
[  193.226323][   T45]  __migrate_folio.constprop.0+0xa1/0x3d0
[  193.226338][   T45]  __buffer_migrate_folio+0x5cd/0x690
[  193.226356][   T45]  ? __pfx_buffer_migrate_folio_norefs+0x10/0x10
[  193.226370][   T45]  move_to_new_folio+0x1d9/0x700
[  193.226384][   T45]  migrate_pages_batch+0x201d/0x31a0
[  193.226400][   T45]  ? __pfx_compaction_free+0x10/0x10
[  193.226419][   T45]  ? __pfx_migrate_pages_batch+0x10/0x10
[  193.226437][   T45]  migrate_pages_sync+0x12d/0x8a0
[  193.226451][   T45]  ? __pfx_compaction_alloc+0x10/0x10
[  193.226465][   T45]  ? __pfx_compaction_free+0x10/0x10
[  193.226483][   T45]  ? __pfx_migrate_pages_sync+0x10/0x10
[  193.226498][   T45]  ? find_held_lock+0x2b/0x80
[  193.226511][   T45]  ? isolate_movable_page+0x124/0x750
[  193.226526][   T45]  migrate_pages+0x1b28/0x2350
[  193.226540][   T45]  ? __pfx_compaction_alloc+0x10/0x10
[  193.226555][   T45]  ? __pfx_compaction_free+0x10/0x10
[  193.226573][   T45]  ? __pfx_migrate_pages+0x10/0x10
[  193.226588][   T45]  ? __pfx_isolate_migratepages_block+0x10/0x10
[  193.226606][   T45]  ? __pfx___might_resched+0x10/0x10
[  193.226622][   T45]  compact_zone+0x1f6c/0x45f0
[  193.226642][   T45]  ? __lock_acquire+0xaa4/0x1ba0
[  193.226657][   T45]  ? __pfx_compact_zone+0x10/0x10
[  193.226677][   T45]  compact_node+0x1a4/0x2d0
[  193.226693][   T45]  ? __pfx_compact_node+0x10/0x10
[  193.226708][   T45]  ? __pfx___might_resched+0x10/0x10
[  193.226731][   T45]  ? __pfx_extfrag_for_order+0x10/0x10
[  193.226744][   T45]  ? rcu_is_watching+0x12/0xc0
[  193.226759][   T45]  kcompactd+0x762/0xea0
[  193.226777][   T45]  ? __pfx_kcompactd+0x10/0x10
[  193.226792][   T45]  ? find_held_lock+0x2b/0x80
[  193.226806][   T45]  ? __pfx_autoremove_wake_function+0x10/0x10
[  193.226821][   T45]  ? lockdep_hardirqs_on+0x7c/0x110
[  193.226836][   T45]  ? __kthread_parkme+0x19e/0x250
[  193.226852][   T45]  ? __pfx_kcompactd+0x10/0x10
[  193.226868][   T45]  kthread+0x3c2/0x780
[  193.226878][   T45]  ? __pfx_kthread+0x10/0x10
[  193.226888][   T45]  ? __pfx_kthread+0x10/0x10
[  193.226897][   T45]  ? __pfx_kthread+0x10/0x10
[  193.226907][   T45]  ? __pfx_kthread+0x10/0x10
[  193.226916][   T45]  ? rcu_is_watching+0x12/0xc0
[  193.226929][   T45]  ? __pfx_kthread+0x10/0x10
[  193.226940][   T45]  ret_from_fork+0x45/0x80
[  193.226951][   T45]  ? __pfx_kthread+0x10/0x10
[  193.226961][   T45]  ret_from_fork_asm+0x1a/0x30
[  193.226983][   T45]  </TASK>
[  193.986271][ T1421] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
10:11:32  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000007 RBX=0000000000000028 RCX=0000000000000007 RDX=0000000000000000
RSI=ffff88802357d370 RDI=ffffffff8e3bf5c0 RBP=ffff88802357d370 RSP=ffffc9000363e9d0
R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000000 R11=ffffffff8e3bf5c0
R12=0000000000000000 R13=0000000000000002 R14=ffff88802357c880 R15=0000000000000000
RIP=ffffffff81980c87 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000555581819500 ffffffff 00c00000
GS =0000 ffff8880d69b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b2fc20008 CR3=0000000052b5e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c1fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000015 000000000001df8a
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558c413cba 000055558c4139c0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558c3fd324 000055558c3fd320
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558c40e9cc 000055558c40dd20
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558c3fe134 000055558c3fe130
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0ba0030008000b90 030fffffffffffff 040b800318080006 1000201000060c6f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000040100100000 005c280807800307 8004018003018004
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 63616d0001000c80 12002c0000000000 000003700807b003 00080007a8030020
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0081000002fe1f00 0000010002ef0600 0000080001000880 02001c006e616c76
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010680a010000b80 040100000a080606 0167b20808000be0 030010000bd00300
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 10000bc003021000 0bb00301b8100001 900301080008b003 000a0008080808a8
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030100000c080608 a003000500080000 81000002fe1f0000 00010002ef060000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008000100088002 001c006e616c7663 616d0001000c8012 002c000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000001e569f RBX=0000000000000001 RCX=ffffffff8b72c419 RDX=0000000000000000
RSI=ffffffff8dbef83e RDI=ffffffff8bf46580 RBP=ffffed1003ad0488 RSP=ffffc90000177df8
R8 =0000000000000001 R9 =ffffed100d4a65bd R10=ffff88806a532deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801d682440 R14=ffffffff90864b10 R15=0000000000000000
RIP=ffffffff8b72acaf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6ab2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffe37f52f40 CR3=000000004f95c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 a359233542b9bde9 fedb1c464ad95a00 36254523d346bfd0 68b0c5a627acc555
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 800000d82c79c8ff 0cecd151a3592335 42b9bde9fedb0004 0000000b000c000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d346bfd068b0c5a6 27acc555c08cc838 0003000000000000 024078a5000ac09a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff854e4ac5 RDI=ffffffff9ae264a0 RBP=ffffffff9ae26460 RSP=ffffc90000a2ee70
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=ffffffff9ae26460 R15=ffffffff9ae26720
RIP=ffffffff854e4aef RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6bb2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c3f07e1 CR3=0000000028906000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc5dbbb520 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007efed4c11a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007efed4c11a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007efed4c11a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007efed4c11aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007efed4c11b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007efed4c11c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000004c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 000000000000004c
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000001c53ed RBX=0000000000000003 RCX=ffffffff8b72c419 RDX=0000000000000000
RSI=ffffffff8dbef83e RDI=ffffffff8bf46580 RBP=ffffed1003bd3000 RSP=ffffc90000197df8
R8 =0000000000000001 R9 =ffffed100d4e65bd R10=ffff88806a732deb R11=0000000000000000
R12=0000000000000003 R13=ffff88801de98000 R14=ffffffff90864b10 R15=0000000000000000
RIP=ffffffff8b72acaf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6cb2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c460f48 CR3=0000000032548000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000040000400 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd7d3ba9f0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11a8a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11a97
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11a91
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11aa5
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11b2b
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2ee6c11c09
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000