last executing test programs:

8.266515765s ago: executing program 3 (id=1143):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x2355, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x3023, 0x4000, 0x40, 0x0, 0x28)
r8 = open(&(0x7f00009e1000)='./file0\x00', 0x1040, 0x1d2)
fcntl$setlease(r8, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x234, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x220, 0x4, 0x0, 0x1, [{0x16c, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x15c, 0x2, 0x0, 0x1, [@NFTA_DYNSET_EXPRESSIONS={0x158, 0xa, 0x0, 0x1, [{0x154, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x148, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CMP_DATA={0x12c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xac, 0x1, "5cde0e22ad255e4b649715576bee8326137719c702b83c0baf0c8c87cd3be10e869c3b79e0cc64794fdeb64b78b0225cd2649f6b48c5ee0bb0e3465a00fcd0ea27faa9c4c69d801ca6fef1e677597a8f37514e812509c1acb1c393638f2198b3526ae7373aad13dd50b343a77979e0c5dfa53d2305423b791a83c6bc57c40896aee0f35d4ce19288e0c6e458e043486a4193489c17b740f40582c513b428501c5ae837cb7c4080b2"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x18}]}}}]}]}}}, {0x5c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x401}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x44, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xea}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8ec}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x2a4}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r9 = socket$kcm(0x10, 0x400000002, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r13, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r13, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

7.240413949s ago: executing program 3 (id=1148):
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
listen(0xffffffffffffffff, 0x7fff)
openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r2, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
dup(r3)
socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

6.244075128s ago: executing program 0 (id=1152):
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r2, 0x7fff)
openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
connect$phonet_pipe(r2, 0x0, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r3, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x3)
dup(r4)
socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

4.776991339s ago: executing program 2 (id=1153):
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r2, 0x7fff)
openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
connect$phonet_pipe(r2, 0x0, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r3, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
dup(0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

4.274685087s ago: executing program 3 (id=1154):
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x4, 0x3, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0x0, &(0x7f0000000100)='mountstats\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20008004, &(0x7f0000000180)={0xa, 0x4e20, 0xc, @private2, 0x10000007}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, 0x0)
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000dc0), r4)
sendmsg$IEEE802154_START_REQ(r5, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000e00)={0x2c, r6, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x1}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xf}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000081}, 0x880)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f00000001c0)=ANY=[@ANYBLOB="64796e2c0069e37bf4b94eeacd22"])
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0xb)

4.268475199s ago: executing program 1 (id=1162):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c"], 0x30}}, 0x0)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@rand_addr=' \x01\x00', 0x101, 0x1, 0xfd, 0x3, 0x0, 0x6}, 0x20)
r4 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r4, 0xf504, 0x0)
sendfile(r4, r4, 0x0, 0x1)
r5 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x1ffffe, 0x10100, 0x0, 0xfffffffd, 0x0, r2}, &(0x7f0000000080)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000640)={0x1f, 0x38a, @none}, 0xe)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0e00000004000000080000000b000000000000003ad11daa62449d9ae5ab31266a1f981eddea5767c49ca1f6922e69e452c9", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r9}, 0x18)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r11, 0xc018620c, &(0x7f0000000700)={0x1})
r12 = inotify_init()
readv(r12, &(0x7f0000000140)=[{&(0x7f0000000340)=""/263, 0x107}], 0x1)
r13 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0)
openat$dsp1(0xffffff9c, &(0x7f0000000680), 0x442102, 0x0)
r14 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), r2)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000480)={0x1ac, r14, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffaafd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd0}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4746}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}, @TIPC_NLA_BEARER={0x64}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1a}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9c}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9a}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8000f}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x24000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_ADDR={0x25, 0x2, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x40090}, 0x40801)
write$sysctl(r13, 0x0, 0x2b)

3.394658273s ago: executing program 3 (id=1155):
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000340), 0xff, 0x102)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc01c7c02, &(0x7f0000000700)={0x80000000, 0x0, &(0x7f0000000780)})
socket$kcm(0x10, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008841}, 0x10)
tkill(0x0, 0xb)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r6 = accept4$alg(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="3663ff3ac7333d1d", 0x8}, {&(0x7f0000000280)="e02584eeb69ae6b342b68d8be5414b8bad9da292edc320246d439cbe99d5435fcc9f629a115737e05b", 0x29}], 0x2, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x2004001)
io_setup(0xff, &(0x7f0000000380)=<r7=>0x0)
io_submit(r7, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r6, &(0x7f0000000340), 0x41}])
socket$alg(0x26, 0x5, 0x0)

3.386954272s ago: executing program 0 (id=1156):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfeac, 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = dup(0xffffffffffffffff)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x2355, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD)
io_uring_enter(r4, 0x3023, 0x4000, 0x40, 0x0, 0x28)
r7 = open(&(0x7f00009e1000)='./file0\x00', 0x1040, 0x1d2)
fcntl$setlease(r7, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x234, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x220, 0x4, 0x0, 0x1, [{0x16c, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x15c, 0x2, 0x0, 0x1, [@NFTA_DYNSET_EXPRESSIONS={0x158, 0xa, 0x0, 0x1, [{0x154, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x148, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CMP_DATA={0x12c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xac, 0x1, "5cde0e22ad255e4b649715576bee8326137719c702b83c0baf0c8c87cd3be10e869c3b79e0cc64794fdeb64b78b0225cd2649f6b48c5ee0bb0e3465a00fcd0ea27faa9c4c69d801ca6fef1e677597a8f37514e812509c1acb1c393638f2198b3526ae7373aad13dd50b343a77979e0c5dfa53d2305423b791a83c6bc57c40896aee0f35d4ce19288e0c6e458e043486a4193489c17b740f40582c513b428501c5ae837cb7c4080b2"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x18}]}}}]}]}}}, {0x5c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x401}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x44, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xea}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8ec}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x2a4}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r8 = socket$kcm(0x10, 0x400000002, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r12, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
sendmsg$inet(r8, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

3.386526215s ago: executing program 1 (id=1157):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfeac, 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x2355, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x3023, 0x4000, 0x40, 0x0, 0x28)
r8 = open(&(0x7f00009e1000)='./file0\x00', 0x1040, 0x1d2)
fcntl$setlease(r8, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x234, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x220, 0x4, 0x0, 0x1, [{0x16c, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x15c, 0x2, 0x0, 0x1, [@NFTA_DYNSET_EXPRESSIONS={0x158, 0xa, 0x0, 0x1, [{0x154, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x148, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CMP_DATA={0x12c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xac, 0x1, "5cde0e22ad255e4b649715576bee8326137719c702b83c0baf0c8c87cd3be10e869c3b79e0cc64794fdeb64b78b0225cd2649f6b48c5ee0bb0e3465a00fcd0ea27faa9c4c69d801ca6fef1e677597a8f37514e812509c1acb1c393638f2198b3526ae7373aad13dd50b343a77979e0c5dfa53d2305423b791a83c6bc57c40896aee0f35d4ce19288e0c6e458e043486a4193489c17b740f40582c513b428501c5ae837cb7c4080b2"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x18}]}}}]}]}}}, {0x5c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x401}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x44, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xea}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8ec}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x2a4}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r9 = socket$kcm(0x10, 0x400000002, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r13, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r13, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

2.892568516s ago: executing program 2 (id=1158):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfeac, 0xd)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x2355, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x3023, 0x4000, 0x40, 0x0, 0x28)
r8 = open(&(0x7f00009e1000)='./file0\x00', 0x1040, 0x1d2)
fcntl$setlease(r8, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x234, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x220, 0x4, 0x0, 0x1, [{0x16c, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x15c, 0x2, 0x0, 0x1, [@NFTA_DYNSET_EXPRESSIONS={0x158, 0xa, 0x0, 0x1, [{0x154, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x148, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CMP_DATA={0x12c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xac, 0x1, "5cde0e22ad255e4b649715576bee8326137719c702b83c0baf0c8c87cd3be10e869c3b79e0cc64794fdeb64b78b0225cd2649f6b48c5ee0bb0e3465a00fcd0ea27faa9c4c69d801ca6fef1e677597a8f37514e812509c1acb1c393638f2198b3526ae7373aad13dd50b343a77979e0c5dfa53d2305423b791a83c6bc57c40896aee0f35d4ce19288e0c6e458e043486a4193489c17b740f40582c513b428501c5ae837cb7c4080b2"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x18}]}}}]}]}}}, {0x5c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x401}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x44, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xea}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8ec}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x2a4}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r9 = socket$kcm(0x10, 0x400000002, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r13, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r13, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

2.685075947s ago: executing program 1 (id=1159):
syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_tables_matches\x00')
syz_open_procfs(0x0, 0x0)
io_setup(0x6, &(0x7f0000000380))
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00'}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x1c1121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0, 0x0, 0x8}}], 0x48}, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0xaee3, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$cgroup_int(r3, &(0x7f00000003c0)=0x2, 0x12)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000ff0000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c000280050003001b000000080002400000001108000440000000040900010073797a30000000000900020073797a32"], 0x80}}, 0x0)

2.534894534s ago: executing program 2 (id=1160):
syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_tables_matches\x00')
syz_open_procfs(0x0, &(0x7f0000000040)='mountstats\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00'}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x1c1121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0, 0x0, 0x8}}], 0x48}, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0xaee3, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$cgroup_int(r4, &(0x7f00000003c0)=0x2, 0x12)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000ff0000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c000280050003001b000000080002400000001108000440000000040900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
syz_io_uring_submit(r2, r3, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

2.333425316s ago: executing program 3 (id=1161):
socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
socket(0x18, 0x4, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x5, 0x0, 0x1, '\x00', 0xfffffffffffffffc})
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x5, 0x2, 0x2)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000019400)="2e0417ba1071c69e4017a7ff6a5c67481893017007463b8609091ba8f23295c6269b88196491db127901b653fb784067", 0x30)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, 0x0, 0xfffffffffffffd48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r9 = syz_usbip_server_init(0x1)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000994bd740f60d5600b5a0000000010902"], 0x0)
write$usbip_server(r9, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000300000001"], 0x35)
socket$kcm(0x11, 0x3, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)

2.331138024s ago: executing program 0 (id=1170):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfeac, 0xd)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x2355, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x3023, 0x4000, 0x40, 0x0, 0x28)
r8 = open(&(0x7f00009e1000)='./file0\x00', 0x1040, 0x1d2)
fcntl$setlease(r8, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x234, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x220, 0x4, 0x0, 0x1, [{0x16c, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x15c, 0x2, 0x0, 0x1, [@NFTA_DYNSET_EXPRESSIONS={0x158, 0xa, 0x0, 0x1, [{0x154, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x148, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CMP_DATA={0x12c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xac, 0x1, "5cde0e22ad255e4b649715576bee8326137719c702b83c0baf0c8c87cd3be10e869c3b79e0cc64794fdeb64b78b0225cd2649f6b48c5ee0bb0e3465a00fcd0ea27faa9c4c69d801ca6fef1e677597a8f37514e812509c1acb1c393638f2198b3526ae7373aad13dd50b343a77979e0c5dfa53d2305423b791a83c6bc57c40896aee0f35d4ce19288e0c6e458e043486a4193489c17b740f40582c513b428501c5ae837cb7c4080b2"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x18}]}}}]}]}}}, {0x5c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x401}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x44, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xea}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8ec}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x2a4}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r9 = socket$kcm(0x10, 0x400000002, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r13, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r13, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

1.935043056s ago: executing program 2 (id=1163):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f0000001000)=@raw={'raw\x00', 0x8, 0x3, 0x234, 0x0, 0x11, 0x148, 0xd0, 0x0, 0x1a0, 0x2a8, 0x2a8, 0x1a0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x5, 0x9, 0x3, 0x1]}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2], 0x0, 0x4}}}}, {{@ip={@broadcast, @private=0xa010102, 0xffffffff, 0xffffff00, 'veth1_to_batadv\x00', 'macsec0\x00', {0xff}, {}, 0x6, 0x2, 0x5c}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x1, 0x0, 0x4, 0x6, 0x0, 0x6], 0x4, 0x6}, {0x3, [0x6, 0x4, 0x4, 0x2, 0x1, 0x1], 0x1, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x290)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x16042, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r5, &(0x7f0000000140)={{0x6, @rose}, [@bcast, @default, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @bcast]}, 0x48)
pipe(&(0x7f00000045c0)={<r6=>0xffffffffffffffff})
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x8)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000100)={'nr0\x00', 0x2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000c4bfef4c36a154d7616bd6b480ad331a00953e607a83b97439be8ad815ba5839092ba84783182f8e6e1008352d7748db5deb558bdbab9dd50c94cfa19e3ea8e1586361ce75af4a381158f9bec44fe538d6cd3e01f8cdc75bab760765bbae0c697a6e0999390dea"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5bd, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500))
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[], 0x48)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0)
write$P9_RSTATu(r8, &(0x7f00000000c0)=ANY=[@ANYRES16=r6, @ANYRES16=r4, @ANYRES32=0x0, @ANYRESDEC=r0], 0xfd85)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r9, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r9, 0x100000001)
accept4(r9, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r9, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x101}, &(0x7f00000002c0)=0x8)

1.812667699s ago: executing program 2 (id=1164):
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000a000000000000000a22fc980d2e12ada5f9268cfa3df1b78ae862a0e94b839e884cae967bca4fac895c2dada2e233e3d8e3a994a36525819dbb6462ea628baa6e37181bcbf602b527daec886a56a529a04203626bfbbcda46dbaac6300e03a8d9d2e347eb454fac06000000000000005f06e3c761f7fe72745fbad2af35fdc582264bad7bef405afd", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r0 = io_uring_setup(0x70fb, &(0x7f0000000140)={0x0, 0x1000, 0x10, 0x4800004, 0x3b7})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x20000000}, 0x18)
openat$dlm_monitor(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newtaction={0x194, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x180, 0x1, [@m_nat={0x148, 0x1d, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x3, 0x0, 0x3, 0xffffffc8}, @multicast2, @empty, 0x0, 0x1}}]}, {0xf5, 0x6, "2fda2f9eacd7fbdf906a489d216e75cc9ed03ecf242274c0321a194e25461fc58f34ed84e0cc91b04dc4b52c80d710f7364f495b70459dbc1f66d125f6a93e70b253e581ecd39a8668e845b4929933cc8de61672ce71c15d5fafc7a0c0a43b893bd067c26676803a8bd714500f5cbab27483ace081c25f19e235e3e6fb1f087450157be9fc6c47e525efbcbffed1c900fa4b22346aee7df5e2a0e946efe3d860bd704b75c9113ac6a981a9b6a6fe1054fd3ee056a787bb01166ef1f22cffde63dd497f6353fd1fd345dc15f5f31dad342ff07a7a7e8aa135689fe56f8338adedf63d97c75b66856476f415e82c7901cd2f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0xe7fdf428ba148843}}}}, @m_ife={0x34, 0x1, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x3ff}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x194}, 0x1, 0x0, 0x0, 0x4800}, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r5, &(0x7f0000000980)=[{0x0}, {&(0x7f0000000500)="be81e1310fb465f31a42f6efa58772d291c57be2782f6ff63ea3517e50771580447f7d195ee15e186027d518b2c77a051895fece1dc014c33d6928ab0376cf4077399b51451472f53be50af6897bc0fa353cad9156d19de3665191fdf17a2f07f4286cea5c10fbb81feb85e406524a47b1978139eaa8", 0x76}, {0x0}], 0x3, 0x5, 0xa, 0x14)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='Od=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
llistxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/227, 0xe3)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000efc6062cce187a848dfee424ecb171848373d1ee91450e319a5bdf72eb18d654567bfc591af9900529a0b3e9d4e03576cd802a9a64b99e46f7feeae8bd10d0fd81d1150b80fb9f5c9080f2a8a5b9a18354841afa65bff5ee06ce2398a6b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

1.811963272s ago: executing program 1 (id=1165):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f00000ff000/0x14000)=nil, 0x14000, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QUERYBUF(r4, 0xc044560f, &(0x7f0000000080)=@mmap={0x7f, 0x1, 0x4, 0x10, 0xb200, {}, {0x5, 0x0, 0x3, 0x0, 0x81, 0x2, "e43d8daa"}, 0x1, 0x1, {}, 0x10})
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000040)=@ipv4_delroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80, 0x0, 0x0, 0x2}, [@RTA_IP_PROTO={0x5, 0x1b, 0x3a}]}, 0x24}}, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, 0x0)
r7 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r8, 0x0, 0x4000004)
landlock_restrict_self(r7, 0x0)

1.585104228s ago: executing program 0 (id=1166):
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x4, 0x3, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs(0x0, &(0x7f0000000100)='mountstats\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20008004, &(0x7f0000000180)={0xa, 0x4e20, 0xc, @private2, 0x10000007}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, 0x0)
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000dc0), r4)
sendmsg$IEEE802154_START_REQ(r5, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000e00)={0x2c, r6, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0x1}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xf}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000081}, 0x880)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f00000001c0)=ANY=[@ANYBLOB="64796e2c0069e37bf4b94eeacd22"])
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0xb)

870.076256ms ago: executing program 1 (id=1167):
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r2, 0x7fff)
openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
connect$phonet_pipe(r2, 0x0, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r3, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
dup(0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

804.690356ms ago: executing program 2 (id=1168):
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, &(0x7f0000000080))
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r1, 0x7fff)
openat$vimc0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
connect$phonet_pipe(r1, 0x0, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r2, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
dup(r3)
socket$inet6_tcp(0xa, 0x1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

686.216959ms ago: executing program 0 (id=1169):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x2, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfeac, 0xd)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x2355, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x3023, 0x4000, 0x40, 0x0, 0x28)
r8 = open(&(0x7f00009e1000)='./file0\x00', 0x1040, 0x1d2)
fcntl$setlease(r8, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x234, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x220, 0x4, 0x0, 0x1, [{0x16c, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x15c, 0x2, 0x0, 0x1, [@NFTA_DYNSET_EXPRESSIONS={0x158, 0xa, 0x0, 0x1, [{0x154, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x148, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CMP_DATA={0x12c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xac, 0x1, "5cde0e22ad255e4b649715576bee8326137719c702b83c0baf0c8c87cd3be10e869c3b79e0cc64794fdeb64b78b0225cd2649f6b48c5ee0bb0e3465a00fcd0ea27faa9c4c69d801ca6fef1e677597a8f37514e812509c1acb1c393638f2198b3526ae7373aad13dd50b343a77979e0c5dfa53d2305423b791a83c6bc57c40896aee0f35d4ce19288e0c6e458e043486a4193489c17b740f40582c513b428501c5ae837cb7c4080b2"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x18}]}}}]}]}}}, {0x5c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x401}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x44, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xea}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8ec}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0x8}, @NFTA_NG_TYPE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x2a4}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r9 = socket$kcm(0x10, 0x400000002, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r13, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r13, {0x0, 0xf}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

2.514691ms ago: executing program 1 (id=1171):
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000340), 0xff, 0x102)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc01c7c02, &(0x7f0000000700)={0x80000000, 0x0, &(0x7f0000000780)})
socket$kcm(0x10, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008841}, 0x10)
tkill(0x0, 0xb)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r6 = accept4$alg(r5, 0x0, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="3663ff3ac7333d1d", 0x8}, {&(0x7f0000000280)="e02584eeb69ae6b342b68d8be5414b8bad9da292edc320246d439cbe99d5435fcc9f629a115737e05b", 0x29}], 0x2, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x2004001)
io_setup(0xff, &(0x7f0000000380)=<r7=>0x0)
io_submit(r7, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r6, &(0x7f0000000340), 0x41}])
socket$alg(0x26, 0x5, 0x0)

2.12699ms ago: executing program 3 (id=1172):
syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_tables_matches\x00')
io_setup(0x6, &(0x7f0000000380))
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00'}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x1c1121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0, 0x0, 0x8}}], 0x48}, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0xaee3, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$cgroup_int(r4, &(0x7f00000003c0)=0x2, 0x12)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000ff0000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c000280050003001b000000080002400000001108000440000000040900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
syz_io_uring_submit(r2, r3, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

0s ago: executing program 0 (id=1173):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00', @ANYRES16=0x0, @ANYBLOB="2000000141000000180017000007ff00036966cec65bb7bc027a3200000000"], 0x34}, 0x1, 0x0, 0x0, 0x20}, 0x4000000)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x14)
r4 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xd, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x13, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x6, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x8000)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000300)={'bond0\x00', <r12=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r12, 0x0, 0x2}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bond={{0x9}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x40004}, @IFLA_BOND_USE_CARRIER={0x5}, @IFLA_BOND_RESEND_IGMP={0x8}, @IFLA_BOND_FAIL_OVER_MAC={0x5, 0xd, 0x1}]}}}]}, 0x54}}, 0x0)
sendmsg$kcm(r9, 0x0, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x7, 0x800, 0xb12a, 0x8, 0x1, 0x3}}}}]}, 0x4c}}, 0x44080)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x1, 0x2, 0x0, 0x1, 0x80000000, 0xfffffff7}}, {0x4}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r5}, 0x18)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000f0f000000000700000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a31000000003c000000050a01020000000000000000010000000c00024000000000000000010900010073797a3100000000040004800b0007"], 0xc4}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x3d6fc80, 0x380, 0x0})
openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000000), 0x149240, 0x0)

kernel console output (not intermixed with test programs):

="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[   99.564665][   T40] audit: type=1326 audit(2000000028.729:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6798 comm="syz.3.158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[   99.571918][   T40] audit: type=1326 audit(2000000028.729:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6798 comm="syz.3.158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[   99.591046][   T40] audit: type=1326 audit(2000000028.729:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6798 comm="syz.3.158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[   99.599202][   T40] audit: type=1326 audit(2000000028.729:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6798 comm="syz.3.158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[   99.608973][   T40] audit: type=1326 audit(2000000028.729:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6798 comm="syz.3.158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[   99.616178][   T40] audit: type=1326 audit(2000000028.729:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6798 comm="syz.3.158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[   99.623472][   T40] audit: type=1326 audit(2000000028.729:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6798 comm="syz.3.158" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7fc00000
[  100.653926][ T6821] netlink: 32 bytes leftover after parsing attributes in process `syz.3.162'.
[  100.666216][ T6821] netlink: 'syz.3.162': attribute type 10 has an invalid length.
[  101.402755][ T6829] random: crng reseeded on system resumption
[  101.493498][ T6830] lo speed is unknown, defaulting to 1000
[  101.498966][ T6830] lo speed is unknown, defaulting to 1000
[  101.503438][ T6830] lo speed is unknown, defaulting to 1000
[  101.743693][ T6830] infiniband s
z1: set active
[  101.745446][ T6830] infiniband s
z1: added lo
[  101.752505][ T5987] lo speed is unknown, defaulting to 1000
[  101.776506][ T6830] RDS/IB: s
z1: added
[  101.777857][ T6830] smc: adding ib device s
z1 with port count 1
[  101.780181][ T6830] smc:    ib device s
z1 port 1 has pnetid 
[  101.784183][ T6830] lo speed is unknown, defaulting to 1000
[  101.878873][ T6830] lo speed is unknown, defaulting to 1000
[  102.009136][ T6830] lo speed is unknown, defaulting to 1000
[  102.125645][ T6830] lo speed is unknown, defaulting to 1000
[  102.272314][   T29] lo speed is unknown, defaulting to 1000
[  102.288656][ T6824] netlink: 'syz.1.164': attribute type 4 has an invalid length.
[  102.307321][ T6824] netlink: 'syz.1.164': attribute type 4 has an invalid length.
[  102.317064][   T65] lo speed is unknown, defaulting to 1000
[  102.319704][   T65] syz2: Port: 1 Link ACTIVE
[  102.521064][ T5987] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  102.692712][ T5987] usb 8-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  102.696023][ T5987] usb 8-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  102.698998][ T5987] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  102.711063][ T5987] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.977956][   T10] usb 8-1: USB disconnect, device number 2
[  103.346605][ T6850] random: crng reseeded on system resumption
[  104.867688][ T6865] random: crng reseeded on system resumption
[  105.025441][ T6867] kernel read not supported for file /eth0 (pid: 6867 comm: syz.1.175)
[  105.031379][   T40] kauditd_printk_skb: 117 callbacks suppressed
[  105.031392][   T40] audit: type=1800 audit(2000000034.209:376): pid=6867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.175" name="eth0" dev="mqueue" ino=11129 res=0 errno=0
[  105.109571][ T6869] cifs: Unknown parameter 'mode'
[  105.804834][ T6877] random: crng reseeded on system resumption
[  105.860679][ T6878] Bluetooth: MGMT ver 1.23
[  107.459230][ T6897] random: crng reseeded on system resumption
[  107.606121][ T6901] netlink: 104 bytes leftover after parsing attributes in process `syz.3.181'.
[  107.609324][ T6901] netlink: 104 bytes leftover after parsing attributes in process `syz.3.181'.
[  107.615794][ T6901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.181'.
[  107.619466][ T6901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.181'.
[  108.771040][  T835] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  108.933872][  T835] usb 8-1: config 0 has no interfaces?
[  108.939780][  T835] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  108.943858][  T835] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.948884][  T835] usb 8-1: Product: syz
[  108.950562][  T835] usb 8-1: Manufacturer: syz
[  108.954085][  T835] usb 8-1: SerialNumber: syz
[  108.961776][  T835] usb 8-1: config 0 descriptor??
[  109.393981][   T40] audit: type=1804 audit(2000000038.579:377): pid=6924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.194" name="/newroot/42/file0" dev="tmpfs" ino=250 res=1 errno=0
[  109.624131][   T40] audit: type=1326 audit(2000000038.809:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6916 comm="syz.2.185" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0
[  109.683340][ T6924] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  109.686718][ T6924] ref_ctr decrement failed for inode: 0xfa offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801b47bc00
[  109.691403][ T6924] uprobe: syz.0.194:6924 failed to unregister, leaking uprobe
[  109.740347][ T5985] usb 8-1: USB disconnect, device number 3
[  110.243072][ T6927] tipc: Started in network mode
[  110.244954][ T6927] tipc: Node identity ac14140f, cluster identity 4711
[  110.247618][ T6927] tipc: New replicast peer: 255.255.255.255
[  110.250213][ T6927] tipc: Enabled bearer <udp:syz2>, priority 10
[  110.589097][   T40] audit: type=1804 audit(2000000039.769:379): pid=6942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.198" name="/newroot/43/file0" dev="tmpfs" ino=256 res=1 errno=0
[  110.600718][ T6942] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  110.603342][ T6942] ref_ctr decrement failed for inode: 0x100 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804dbe1400
[  110.606856][ T6942] uprobe: syz.0.198:6942 failed to unregister, leaking uprobe
[  110.715255][ T6944] random: crng reseeded on system resumption
[  111.372157][ T5987] tipc: Node number set to 2886997007
[  112.362354][ T6963] random: crng reseeded on system resumption
[  113.228539][ T6978] raw_sendmsg: syz.0.200 forgot to set AF_INET. Fix it!
[  113.236215][ T6979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.199'.
[  113.241027][ T6979] netlink: 12 bytes leftover after parsing attributes in process `syz.2.199'.
[  114.002205][ T6991] random: crng reseeded on system resumption
[  114.171392][   T40] audit: type=1804 audit(2000000043.359:380): pid=6994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.203" name="/newroot/46/file0" dev="tmpfs" ino=273 res=1 errno=0
[  114.257026][ T6994] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  114.259622][ T6994] ref_ctr decrement failed for inode: 0x111 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804dbe0000
[  114.265554][ T6994] uprobe: syz.0.203:6994 failed to unregister, leaking uprobe
[  115.029198][ T7010] random: crng reseeded on system resumption
[  116.027208][ T7023] random: crng reseeded on system resumption
[  117.017639][ T7041] random: crng reseeded on system resumption
[  117.149326][ T7043] syz.0.219 uses obsolete (PF_INET,SOCK_PACKET)
[  117.164622][ T7043] trusted_key: encrypted_key: insufficient parameters specified
[  117.167505][ T7043] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  118.187082][ T7064] random: crng reseeded on system resumption
[  119.701908][ T7084] ip6t_srh: unknown srh invflags 6BE9
[  119.710499][ T7084] ubi31: attaching mtd0
[  119.716540][ T7084] ubi31: scanning is finished
[  119.718129][ T7084] ubi31: empty MTD device detected
[  119.863859][ T7084] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  119.866970][ T7084] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  119.869783][ T7084] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  119.872053][ T7084] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  119.874388][ T7084] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  119.876777][ T7084] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  119.879248][ T7084] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 841751011
[  119.882407][ T7084] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  119.895384][ T7088] ubi31: background thread "ubi_bgt31d" started, PID 7088
[  120.101021][ T5941] Bluetooth: hci3: command 0x0406 tx timeout
[  120.383645][ T7093] random: crng reseeded on system resumption
[  120.699611][ T7099] input: syz1 as /devices/virtual/input/input6
[  121.296299][ T7108] random: crng reseeded on system resumption
[  121.408431][   T40] audit: type=1804 audit(2000000050.589:381): pid=7109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.235" name="/newroot/58/file0" dev="tmpfs" ino=342 res=1 errno=0
[  121.428821][ T7109] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  121.431643][ T7109] ref_ctr decrement failed for inode: 0x156 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026720000
[  121.435815][ T7109] uprobe: syz.0.235:7109 failed to unregister, leaking uprobe
[  121.756168][   T40] audit: type=1804 audit(2000000050.939:382): pid=7117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.237" name="/newroot/59/file0" dev="tmpfs" ino=343 res=1 errno=0
[  121.777323][ T7117] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  121.780035][ T7117] ref_ctr decrement failed for inode: 0x157 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806b40b200
[  121.784912][ T7117] uprobe: syz.3.237:7117 failed to unregister, leaking uprobe
[  122.639409][ T7134] random: crng reseeded on system resumption
[  123.554715][ T7146] random: crng reseeded on system resumption
[  124.386374][   T40] audit: type=1804 audit(2000000053.569:383): pid=7154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.247" name="/newroot/60/file0" dev="tmpfs" ino=342 res=1 errno=0
[  124.399221][ T7154] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  124.401947][ T7154] ref_ctr decrement failed for inode: 0x156 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801f075000
[  124.405480][ T7154] uprobe: syz.2.247:7154 failed to unregister, leaking uprobe
[  124.734017][   T40] audit: type=1804 audit(2000000053.919:384): pid=7163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.249" name="/newroot/62/file0" dev="tmpfs" ino=360 res=1 errno=0
[  124.775814][ T7163] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  124.778367][ T7163] ref_ctr decrement failed for inode: 0x168 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026726400
[  124.783582][ T7163] uprobe: syz.3.249:7163 failed to unregister, leaking uprobe
[  126.000418][ T7180] random: crng reseeded on system resumption
[  126.887638][ T7190] kernel read not supported for file /eth0 (pid: 7190 comm: syz.3.258)
[  126.892822][   T40] audit: type=1800 audit(2000000056.079:385): pid=7190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.258" name="eth0" dev="mqueue" ino=14441 res=0 errno=0
[  126.953764][ T7196] cifs: Unknown parameter 'mode'
[  127.631626][   T40] audit: type=1804 audit(2000000056.819:386): pid=7206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.260" name="/newroot/63/file0" dev="tmpfs" ino=359 res=1 errno=0
[  127.648173][ T7206] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  127.648247][ T7206] ref_ctr decrement failed for inode: 0x167 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026723200
[  127.648373][ T7206] uprobe: syz.2.260:7206 failed to unregister, leaking uprobe
[  129.546573][ T7237] random: crng reseeded on system resumption
[  129.619820][ T7240] xt_CT: You must specify a L4 protocol and not use inversions on it
[  130.726292][ T7259] netlink: 20 bytes leftover after parsing attributes in process `syz.0.274'.
[  132.124385][ T7274] random: crng reseeded on system resumption
[  132.345608][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  132.348954][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  133.061962][ T7285] random: crng reseeded on system resumption
[  134.130192][ T7300] random: crng reseeded on system resumption
[  134.311480][ T7304] tun0: tun_chr_ioctl cmd 1074025677
[  134.314789][ T7304] tun0: linktype set to 773
[  135.041104][ T7310] random: crng reseeded on system resumption
[  136.385166][ T7327] random: crng reseeded on system resumption
[  137.801749][   T40] audit: type=1804 audit(2000000066.989:387): pid=7338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.294" name="/newroot/73/file0" dev="tmpfs" ino=422 res=1 errno=0
[  137.832082][ T7338] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  137.835630][ T7338] ref_ctr decrement failed for inode: 0x1a6 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806b40ee00
[  137.840159][ T7338] uprobe: syz.1.294:7338 failed to unregister, leaking uprobe
[  138.377551][ T7346] random: crng reseeded on system resumption
[  138.467264][   T40] audit: type=1804 audit(2000000067.649:388): pid=7349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.298" name="/" dev="pidfs" ino=7345 res=1 errno=0
[  138.603092][ T7342] 9pnet_fd: Insufficient options for proto=fd
[  140.157667][ T7367] lo speed is unknown, defaulting to 1000
[  140.367535][ T7367] lo speed is unknown, defaulting to 1000
[  140.370015][ T7367] lo speed is unknown, defaulting to 1000
[  140.569003][ T7374] random: crng reseeded on system resumption
[  141.827615][ T7399] random: crng reseeded on system resumption
[  142.116667][ T7402] netlink: 'syz.0.309': attribute type 4 has an invalid length.
[  142.171234][ T7402] netlink: 'syz.0.309': attribute type 4 has an invalid length.
[  142.736313][   T40] audit: type=1326 audit(2000000071.919:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.752077][   T40] audit: type=1326 audit(2000000071.929:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.760229][   T40] audit: type=1326 audit(2000000071.929:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.767030][   T40] audit: type=1326 audit(2000000071.929:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.779474][   T40] audit: type=1326 audit(2000000071.929:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.786447][   T40] audit: type=1326 audit(2000000071.929:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.797183][   T40] audit: type=1326 audit(2000000071.929:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.804709][   T40] audit: type=1326 audit(2000000071.929:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.832053][   T40] audit: type=1326 audit(2000000071.929:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.839157][   T40] audit: type=1326 audit(2000000071.929:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.846823][   T40] audit: type=1326 audit(2000000071.929:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.853606][   T40] audit: type=1326 audit(2000000071.929:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.860173][   T40] audit: type=1326 audit(2000000071.929:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.881119][   T40] audit: type=1326 audit(2000000071.929:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.892808][   T40] audit: type=1326 audit(2000000071.929:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.899824][   T40] audit: type=1326 audit(2000000071.929:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.906487][   T40] audit: type=1326 audit(2000000071.929:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  142.913615][   T40] audit: type=1326 audit(2000000071.929:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7406 comm="syz.1.311" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  143.148360][   T68] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  143.177177][ T7414] syz.2.313 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  144.350314][ T7434] netlink: 96 bytes leftover after parsing attributes in process `syz.2.316'.
[  144.358957][ T7438] netlink: 20 bytes leftover after parsing attributes in process `syz.3.326'.
[  144.420671][ T7434] trusted_key: syz.2.316 sent an empty control message without MSG_MORE.
[  145.123579][ T7446] syz.2.317: attempt to access beyond end of device
[  145.123579][ T7446] loop5: rw=0, sector=0, nr_sectors = 1 limit=0
[  145.127931][ T7446] FAT-fs (loop5): unable to read boot sector
[  145.140762][ T7446] overlay: ./file0 is not a directory
[  145.347221][ T7449] random: crng reseeded on system resumption
[  146.063753][ T7460] ref_ctr_offset mismatch. inode: 0x1c5 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa
[  146.067397][ T7460] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  146.069902][ T7460] ref_ctr decrement failed for inode: 0x1c5 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801f073c00
[  146.076070][ T7460] uprobe: syz.2.323:7460 failed to unregister, leaking uprobe
[  146.574587][ T7468] ref_ctr_offset mismatch. inode: 0x1d4 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa
[  146.578214][ T7468] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  146.580730][ T7468] ref_ctr decrement failed for inode: 0x1d4 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026721400
[  146.584305][ T7468] uprobe: syz.3.324:7468 failed to unregister, leaking uprobe
[  147.210869][ T7477] random: crng reseeded on system resumption
[  147.356059][ T7481] xt_bpf: check failed: parse error
[  147.361077][ T6003] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  147.362365][ T7472] pim6reg1
[  147.951347][   T40] kauditd_printk_skb: 46 callbacks suppressed
[  147.951357][   T40] audit: type=1326 audit(2000000077.139:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  147.989871][   T40] audit: type=1326 audit(2000000077.139:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  147.998668][   T40] audit: type=1326 audit(2000000077.169:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.011231][   T40] audit: type=1326 audit(2000000077.169:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.020289][   T40] audit: type=1326 audit(2000000077.169:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.030193][   T40] audit: type=1326 audit(2000000077.199:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.039179][   T40] audit: type=1326 audit(2000000077.199:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.048360][   T40] audit: type=1326 audit(2000000077.199:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.089863][   T40] audit: type=1326 audit(2000000077.199:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.099588][   T40] audit: type=1326 audit(2000000077.199:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7487 comm="syz.1.332" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  148.228426][ T7496] random: crng reseeded on system resumption
[  149.611218][ T7509] 9pnet_fd: Insufficient options for proto=fd
[  150.192761][ T7528] random: crng reseeded on system resumption
[  150.194361][ T7526] ref_ctr_offset mismatch. inode: 0x1ed offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa
[  150.198596][ T7526] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  150.201378][ T7526] ref_ctr decrement failed for inode: 0x1ed offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026720a00
[  150.205217][ T7526] uprobe: syz.0.341:7526 failed to unregister, leaking uprobe
[  152.494069][ T7550] random: crng reseeded on system resumption
[  152.527348][ T7551] tun0: tun_chr_ioctl cmd 1074025677
[  152.529718][ T7551] tun0: linktype set to 773
[  154.409379][ T7574] hfs: unable to load iocharset "io#harset"
[  154.685319][ T7579] random: crng reseeded on system resumption
[  156.423152][ T7615] lo speed is unknown, defaulting to 1000
[  156.425039][ T7615] lo speed is unknown, defaulting to 1000
[  156.440535][ T7615] lo speed is unknown, defaulting to 1000
[  156.471962][ T7615] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  156.518092][ T7615] lo speed is unknown, defaulting to 1000
[  156.533672][ T7616] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  156.554622][ T7615] lo speed is unknown, defaulting to 1000
[  156.568236][ T7615] lo speed is unknown, defaulting to 1000
[  156.571955][ T7615] lo speed is unknown, defaulting to 1000
[  156.827599][ T7621] random: crng reseeded on system resumption
[  157.776731][   T40] kauditd_printk_skb: 295 callbacks suppressed
[  157.776748][   T40] audit: type=1326 audit(2000000086.959:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.794518][   T40] audit: type=1326 audit(2000000086.959:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.806445][ T7631] random: crng reseeded on system resumption
[  157.811050][   T40] audit: type=1326 audit(2000000086.959:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.821814][   T40] audit: type=1326 audit(2000000086.959:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.830296][   T40] audit: type=1326 audit(2000000086.959:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.838293][   T40] audit: type=1326 audit(2000000086.959:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.845318][   T40] audit: type=1326 audit(2000000086.959:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.852538][   T40] audit: type=1326 audit(2000000086.959:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.859082][   T40] audit: type=1326 audit(2000000086.959:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf706e579 code=0x7ffc0000
[  157.866706][   T40] audit: type=1326 audit(2000000086.959:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.364" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  160.698504][ T7669] ref_ctr_offset mismatch. inode: 0x21f offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa
[  160.702277][ T7669] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  160.712123][ T7669] ref_ctr decrement failed for inode: 0x21f offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806b40ee00
[  160.726089][ T7669] uprobe: syz.0.372:7669 failed to unregister, leaking uprobe
[  162.691762][ T7701] netlink: 44 bytes leftover after parsing attributes in process `syz.2.382'.
[  163.041806][ T7721] bridge_slave_0: left allmulticast mode
[  163.043648][ T7721] bridge_slave_0: left promiscuous mode
[  163.045754][ T7721] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.052546][ T7721] bridge_slave_1: left allmulticast mode
[  163.054430][ T7721] bridge_slave_1: left promiscuous mode
[  163.056414][ T7721] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.070703][ T7721] bond0: (slave bond_slave_0): Releasing backup interface
[  163.105561][ T7721] bond0: (slave bond_slave_1): Releasing backup interface
[  163.215965][ T7721] team0: Port device team_slave_0 removed
[  163.249265][ T7721] team0: Port device team_slave_1 removed
[  163.279823][ T7725] kernel read not supported for file /.pending_reads (pid: 7725 comm: syz.2.385)
[  163.287540][   T40] kauditd_printk_skb: 293 callbacks suppressed
[  163.287555][   T40] audit: type=1800 audit(2000000092.469:1061): pid=7725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.385" name=".pending_reads" dev="mqueue" ino=15007 res=0 errno=0
[  163.313855][ T7721] batman_adv: batadv0: Removing interface: batadv_slave_0
[  163.329640][ T7721] batman_adv: batadv0: Removing interface: batadv_slave_1
[  163.425540][ T7721] batman_adv: batadv0: Removing interface: ip6gretap1
[  163.796441][ T7738] random: crng reseeded on system resumption
[  164.967572][ T7761] rdma_rxe: rxe_newlink: failed to add lo
[  165.416054][   T40] audit: type=1804 audit(2000000094.599:1062): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.391" name="/newroot/98/file0" dev="tmpfs" ino=550 res=1 errno=0
[  165.454969][ T7779] ref_ctr_offset mismatch. inode: 0x226 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa
[  165.460043][ T7779] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  165.462994][ T7779] ref_ctr decrement failed for inode: 0x226 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026720000
[  165.467580][ T7779] uprobe: syz.2.391:7779 failed to unregister, leaking uprobe
[  165.502589][  T836] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  165.680165][  T836] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  165.683479][  T836] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  165.688667][  T836] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  165.696059][  T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.855045][ T7792] random: crng reseeded on system resumption
[  165.956015][ T6010] usb 5-1: USB disconnect, device number 2
[  166.025213][ T7793] netlink: 44 bytes leftover after parsing attributes in process `syz.3.395'.
[  168.278611][  T836] IPVS: starting estimator thread 0...
[  168.381120][ T7823] IPVS: using max 30 ests per chain, 72000 per kthread
[  169.342503][   T40] audit: type=1804 audit(2000000098.529:1063): pid=7842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.405" name="/newroot/103/file0" dev="tmpfs" ino=576 res=1 errno=0
[  169.380333][ T7842] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  169.385256][ T7842] ref_ctr decrement failed for inode: 0x240 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bd1da00
[  169.390264][ T7842] uprobe: syz.2.405:7842 failed to unregister, leaking uprobe
[  169.510134][ T7841] netlink: 44 bytes leftover after parsing attributes in process `syz.1.406'.
[  169.593225][ T7845] random: crng reseeded on system resumption
[  170.736794][ T7853] random: crng reseeded on system resumption
[  170.885046][ T7864] kernel read not supported for file /.pending_reads (pid: 7864 comm: syz.0.410)
[  170.888293][   T40] audit: type=1800 audit(2000000100.069:1064): pid=7864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.410" name=".pending_reads" dev="mqueue" ino=14291 res=0 errno=0
[  171.171071][ T7860] hfs: unable to load iocharset "io#harset"
[  171.732314][ T7858] geneve1: entered promiscuous mode
[  171.778160][ T7858] netlink: 4 bytes leftover after parsing attributes in process `syz.2.412'.
[  172.011868][ T7879] netlink: 20 bytes leftover after parsing attributes in process `syz.3.414'.
[  172.761158][ T7889] random: crng reseeded on system resumption
[  173.207823][ T7893] netlink: 44 bytes leftover after parsing attributes in process `syz.2.419'.
[  173.699135][   T40] audit: type=1804 audit(2000000102.879:1065): pid=7901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.421" name="/newroot/107/file0" dev="tmpfs" ino=614 res=1 errno=0
[  173.699549][ T7903] random: crng reseeded on system resumption
[  173.724164][ T7901] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  173.726939][ T7901] ref_ctr decrement failed for inode: 0x266 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801f076e00
[  173.732856][ T7901] uprobe: syz.0.421:7901 failed to unregister, leaking uprobe
[  174.573422][ T7910] fuse: Bad value for 'fd'
[  175.830603][ T7927] random: crng reseeded on system resumption
[  175.898952][ T7921] hfs: unable to load iocharset "io#harset"
[  176.300128][ T7933] geneve1: entered promiscuous mode
[  176.326911][ T7933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.426'.
[  177.911142][   T40] audit: type=1804 audit(2000000107.089:1066): pid=7953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.432" name="/newroot/111/file0" dev="tmpfs" ino=637 res=1 errno=0
[  177.944481][ T7953] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  177.949267][ T7953] ref_ctr decrement failed for inode: 0x27d offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801f071400
[  177.963339][ T7953] uprobe: syz.0.432:7953 failed to unregister, leaking uprobe
[  179.716041][ T7970] fuse: Bad value for 'fd'
[  180.060597][ T6004] libceph: connect (1)[c::]:6789 error -101
[  180.063817][ T6004] libceph: mon0 (1)[c::]:6789 connect error
[  180.351809][ T7974] ceph: No mds server is up or the cluster is laggy
[  180.355827][ T6004] libceph: connect (1)[c::]:6789 error -101
[  180.360725][ T6004] libceph: mon0 (1)[c::]:6789 connect error
[  181.390254][ T7982] random: crng reseeded on system resumption
[  181.398921][ T7985] Unknown options in mask 7
[  182.097135][   T40] audit: type=1804 audit(2000000111.279:1067): pid=7992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.442" name="/newroot/111/bus/bus" dev="overlay" ino=636 res=1 errno=0
[  182.105899][   T40] audit: type=1804 audit(2000000111.289:1068): pid=7992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.442" name="/newroot/111/bus/bus" dev="overlay" ino=636 res=1 errno=0
[  182.165289][   T40] audit: type=1804 audit(2000000111.349:1069): pid=7996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.443" name="/newroot/105/file0" dev="tmpfs" ino=597 res=1 errno=0
[  182.179360][ T7996] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  182.183185][ T7996] ref_ctr decrement failed for inode: 0x255 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026726e00
[  182.188390][ T7996] uprobe: syz.1.443:7996 failed to unregister, leaking uprobe
[  183.190819][ T8004] random: crng reseeded on system resumption
[  186.084798][ T8019] random: crng reseeded on system resumption
[  186.125788][ T6003] IPVS: starting estimator thread 0...
[  186.221078][ T8022] IPVS: using max 46 ests per chain, 110400 per kthread
[  186.897266][   T40] audit: type=1326 audit(2000000116.079:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  186.908498][   T40] audit: type=1326 audit(2000000116.079:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  186.926379][   T40] audit: type=1326 audit(2000000116.079:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf706e579 code=0x7ffc0000
[  186.941692][   T40] audit: type=1326 audit(2000000116.079:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  186.951225][   T40] audit: type=1326 audit(2000000116.079:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  186.960002][   T40] audit: type=1326 audit(2000000116.079:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf706e579 code=0x7ffc0000
[  186.982876][   T40] audit: type=1326 audit(2000000116.079:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  187.001016][   T40] audit: type=1326 audit(2000000116.079:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  187.011117][   T40] audit: type=1326 audit(2000000116.089:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf706e579 code=0x7ffc0000
[  187.017690][   T40] audit: type=1326 audit(2000000116.089:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8029 comm="syz.0.450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  187.097515][ T8036] random: crng reseeded on system resumption
[  187.376690][ T8044] Unknown options in mask 7
[  187.796608][ T8048] block nbd3: shutting down sockets
[  188.338513][ T8056] netlink: 104 bytes leftover after parsing attributes in process `syz.2.456'.
[  188.341474][ T8056] netlink: 104 bytes leftover after parsing attributes in process `syz.2.456'.
[  188.345278][ T8056] netlink: 28 bytes leftover after parsing attributes in process `syz.2.456'.
[  188.348061][ T8056] netlink: 28 bytes leftover after parsing attributes in process `syz.2.456'.
[  190.231144][ T8078] random: crng reseeded on system resumption
[  191.424946][ T8097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.475'.
[  191.501542][ T8098] hub 6-0:1.0: USB hub found
[  191.503401][ T8098] hub 6-0:1.0: 1 port detected
[  191.702733][ T8097] bridge_slave_1: left allmulticast mode
[  191.706112][ T8097] bridge_slave_1: left promiscuous mode
[  191.709678][ T8097] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.734371][ T8097] bridge_slave_0: left allmulticast mode
[  191.736767][ T8097] bridge_slave_0: left promiscuous mode
[  191.740561][ T8097] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.089745][ T8105] netlink: 104 bytes leftover after parsing attributes in process `syz.0.468'.
[  192.093662][ T8105] netlink: 104 bytes leftover after parsing attributes in process `syz.0.468'.
[  192.099438][ T8105] netlink: 28 bytes leftover after parsing attributes in process `syz.0.468'.
[  192.103339][ T8105] netlink: 28 bytes leftover after parsing attributes in process `syz.0.468'.
[  192.392926][ T8108] netlink: 32 bytes leftover after parsing attributes in process `syz.2.469'.
[  192.401316][ T8108] netlink: 'syz.2.469': attribute type 10 has an invalid length.
[  192.405047][ T8108] veth0_vlan: left promiscuous mode
[  192.410343][ T8108] veth0_vlan: entered promiscuous mode
[  192.417796][ T8108] team0: Device veth0_vlan failed to register rx_handler
[  193.057633][ T8117] netlink: 'syz.3.472': attribute type 10 has an invalid length.
[  193.123856][ T8117] team0: Port device wlan1 added
[  193.237717][ T8122] Cannot find del_set index 3 as target
[  193.513048][ T8124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.479'.
[  193.575764][ T8125] hub 6-0:1.0: USB hub found
[  193.579862][ T8125] hub 6-0:1.0: 1 port detected
[  193.786930][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  193.789418][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  194.485108][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  194.487169][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  194.491956][   T66] Bluetooth: hci4: Frame reassembly failed (-84)
[  194.543970][ T8139] random: crng reseeded on system resumption
[  194.565897][ T8131] netlink: 44 bytes leftover after parsing attributes in process `syz.3.473'.
[  196.100430][ T8157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.481'.
[  196.501010][   T68] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  197.304721][ T8163] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  197.307084][ T8163] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  197.310040][ T8163] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  197.415892][ T8169] Unknown options in mask 7
[  198.457841][ T8175] netlink: 'syz.0.484': attribute type 10 has an invalid length.
[  198.478471][ T8175] team0: Port device wlan1 added
[  198.590993][   T68] Bluetooth: hci1: command 0x0c1a tx timeout
[  198.952250][   T40] kauditd_printk_skb: 127 callbacks suppressed
[  198.952260][   T40] audit: type=1804 audit(2000000128.139:1207): pid=8178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.483" name="/newroot/123/bus/bus" dev="overlay" ino=694 res=1 errno=0
[  198.964583][   T40] audit: type=1804 audit(2000000128.139:1208): pid=8178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.483" name="/newroot/123/bus/bus" dev="overlay" ino=694 res=1 errno=0
[  199.381117][   T68] Bluetooth: hci3: command 0x0406 tx timeout
[  199.383059][   T68] Bluetooth: hci2: command 0x0c1a tx timeout
[  199.429147][ T8184] netlink: 60 bytes leftover after parsing attributes in process `syz.1.487'.
[  200.022688][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.486'.
[  200.025591][ T8185] bridge_slave_1: left allmulticast mode
[  200.027377][ T8185] bridge_slave_1: left promiscuous mode
[  200.029458][ T8185] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.048668][ T8185] bridge_slave_0: left allmulticast mode
[  200.050804][ T8185] bridge_slave_0: left promiscuous mode
[  200.058197][ T8185] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.181921][ T8191] hub 6-0:1.0: USB hub found
[  200.183804][ T8191] hub 6-0:1.0: 1 port detected
[  201.865375][   T40] audit: type=1326 audit(2000000131.049:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  201.872995][   T40] audit: type=1326 audit(2000000131.049:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  201.882275][   T40] audit: type=1326 audit(2000000131.049:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf704e579 code=0x7ffc0000
[  201.890407][   T40] audit: type=1326 audit(2000000131.049:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  201.900672][   T40] audit: type=1326 audit(2000000131.049:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  201.910073][   T40] audit: type=1326 audit(2000000131.049:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf704e579 code=0x7ffc0000
[  201.921043][   T40] audit: type=1326 audit(2000000131.049:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  201.928017][   T40] audit: type=1326 audit(2000000131.049:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8204 comm="syz.2.492" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  202.262487][ T8220] Cannot find del_set index 3 as target
[  202.984335][ T6003] IPVS: starting estimator thread 0...
[  203.091114][ T8225] IPVS: using max 45 ests per chain, 108000 per kthread
[  203.125679][ T8229] net_ratelimit: 25 callbacks suppressed
[  203.125696][ T8229] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  203.144880][ T8229] netlink: 4 bytes leftover after parsing attributes in process `syz.2.497'.
[  203.381102][ T8218] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  203.382925][ T8218] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  203.384743][ T8218] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  203.500830][ T8236] netlink: 60 bytes leftover after parsing attributes in process `syz.1.499'.
[  203.503367][ T8235] Unknown options in mask 7
[  204.607198][   T40] kauditd_printk_skb: 127 callbacks suppressed
[  204.607268][   T40] audit: type=1804 audit(2000000133.789:1344): pid=8246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.498" name="/newroot/125/bus/bus" dev="overlay" ino=722 res=1 errno=0
[  204.645198][   T40] audit: type=1804 audit(2000000133.809:1345): pid=8246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.498" name="/newroot/125/bus/bus" dev="overlay" ino=722 res=1 errno=0
[  204.981229][ T5941] Bluetooth: hci1: command 0x0c1a tx timeout
[  205.461138][ T5941] Bluetooth: hci3: command 0x0406 tx timeout
[  205.463187][   T68] Bluetooth: hci2: command 0x0c1a tx timeout
[  205.576905][ T8263] netlink: 'syz.1.504': attribute type 10 has an invalid length.
[  205.579527][ T8263] veth0_vlan: left promiscuous mode
[  205.582300][ T8263] veth0_vlan: entered promiscuous mode
[  205.589505][ T8263] team0: Device veth0_vlan failed to register rx_handler
[  205.720214][ T8263] dlm: plock device version mismatch: kernel (1.2.0), user (2.0.0)
[  206.297953][ T8277] netlink: 60 bytes leftover after parsing attributes in process `syz.0.509'.
[  206.958751][ T8287] netlink: 60 bytes leftover after parsing attributes in process `syz.1.519'.
[  207.604267][ T8291] Unknown options in mask 7
[  207.769187][ T8300] netlink: 'syz.2.511': attribute type 10 has an invalid length.
[  207.790071][ T8300] team0: Port device wlan1 added
[  207.881091][   T40] audit: type=1804 audit(2000000137.049:1346): pid=8303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.512" name="/newroot/128/bus/bus" dev="overlay" ino=748 res=1 errno=0
[  207.888298][   T40] audit: type=1804 audit(2000000137.059:1347): pid=8303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.512" name="/newroot/128/bus/bus" dev="overlay" ino=748 res=1 errno=0
[  208.990805][   T40] audit: type=1804 audit(2000000138.169:1348): pid=8310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.525" name="/newroot/129/file0" dev="tmpfs" ino=754 res=1 errno=0
[  209.014680][ T8313] netlink: 'syz.0.527': attribute type 10 has an invalid length.
[  209.061005][   T68] Bluetooth: hci3: command 0x0406 tx timeout
[  209.108139][ T8310] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  209.119253][ T8310] ref_ctr decrement failed for inode: 0x2f2 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804dbe5a00
[  209.134658][ T8310] uprobe: syz.3.525:8310 failed to unregister, leaking uprobe
[  210.621145][   T40] audit: type=1804 audit(2000000139.799:1349): pid=8333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.520" name="/newroot/132/file0" dev="tmpfs" ino=743 res=1 errno=0
[  210.631626][ T8333] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  210.635124][ T8333] ref_ctr decrement failed for inode: 0x2e7 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804dbe2800
[  210.639728][ T8333] uprobe: syz.2.520:8333 failed to unregister, leaking uprobe
[  210.824141][ T8337] netlink: 4 bytes leftover after parsing attributes in process `syz.0.522'.
[  210.877166][ T8337] bridge_slave_1: left allmulticast mode
[  210.879079][ T8337] bridge_slave_1: left promiscuous mode
[  210.881354][ T8337] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.902125][ T8337] bridge_slave_0: left allmulticast mode
[  210.904335][ T8337] bridge_slave_0: left promiscuous mode
[  210.906285][ T8337] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.960016][ T8336] hub 6-0:1.0: USB hub found
[  210.965928][ T8336] hub 6-0:1.0: 1 port detected
[  211.734829][ T8350] netlink: 60 bytes leftover after parsing attributes in process `syz.3.524'.
[  211.810314][   T40] audit: type=1804 audit(2000000140.989:1350): pid=8346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.534" name="/newroot/124/file0" dev="tmpfs" ino=702 res=1 errno=0
[  211.820247][ T8346] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  211.823343][ T8346] ref_ctr decrement failed for inode: 0x2be offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026721e00
[  212.081116][ T8346] uprobe: syz.1.534:8346 failed to unregister, leaking uprobe
[  212.172764][ T8345] netlink: 'syz.2.523': attribute type 10 has an invalid length.
[  212.175395][ T8345] veth0_vlan: left promiscuous mode
[  212.177565][ T8345] veth0_vlan: entered promiscuous mode
[  212.180282][ T8345] team0: Device veth0_vlan failed to register rx_handler
[  212.205405][ T8345] dlm: plock device version mismatch: kernel (1.2.0), user (2.0.0)
[  212.710437][   T40] audit: type=1804 audit(2000000141.889:1351): pid=8376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.531" name="/newroot/132/file0" dev="tmpfs" ino=773 res=1 errno=0
[  212.804177][ T8376] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  212.806678][ T8376] ref_ctr decrement failed for inode: 0x305 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804eb55a00
[  212.817230][ T8376] uprobe: syz.3.531:8376 failed to unregister, leaking uprobe
[  215.143923][ T8404] geneve2: entered promiscuous mode
[  215.146302][ T8404] geneve2: entered allmulticast mode
[  215.315151][ T8417] random: crng reseeded on system resumption
[  215.557156][ T8427] "syz.0.537" (8427) uses obsolete ecb(arc4) skcipher
[  217.692529][   T40] audit: type=1804 audit(2000000146.879:1352): pid=8444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.543" name="/newroot/141/file0" dev="tmpfs" ino=808 res=1 errno=0
[  217.702757][ T8444] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  217.705527][ T8444] ref_ctr decrement failed for inode: 0x328 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801f076e00
[  217.709740][ T8444] uprobe: syz.0.543:8444 failed to unregister, leaking uprobe
[  219.466832][ T8478] random: crng reseeded on system resumption
[  219.603208][ T8484] AppArmor: change_hat: Invalid input, NULL hat and NULL magic
[  219.603750][ T8484] netlink: 32 bytes leftover after parsing attributes in process `syz.3.546'.
[  219.613902][ T8484] netlink: 'syz.3.546': attribute type 10 has an invalid length.
[  221.966282][ T8509] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.969595][ T8509] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.972239][ T8509] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.974852][ T8509] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.977417][ T8509] geneve2: entered promiscuous mode
[  221.979438][ T8509] geneve2: entered allmulticast mode
[  221.983762][ T8509] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  221.986283][ T8509] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  221.988796][ T8509] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  221.992701][ T8509] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  222.899466][ T8529] random: crng reseeded on system resumption
[  223.098880][ T8532] netlink: 'syz.0.552': attribute type 10 has an invalid length.
[  223.103970][ T8532] veth0_vlan: left promiscuous mode
[  223.120987][ T8532] veth0_vlan: entered promiscuous mode
[  223.127128][ T8532] team0: Device veth0_vlan failed to register rx_handler
[  223.391147][ T8532] dlm: plock device version mismatch: kernel (1.2.0), user (2.0.0)
[  223.925955][   T40] audit: type=1804 audit(2000000153.109:1353): pid=8548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.557" name="/newroot/131/file0" dev="tmpfs" ino=740 res=1 errno=0
[  223.963816][ T8548] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  223.967805][ T8556] netlink: 'syz.2.558': attribute type 10 has an invalid length.
[  223.977495][ T8548] ref_ctr decrement failed for inode: 0x2e4 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804f80bc00
[  223.991294][ T8548] uprobe: syz.1.557:8548 failed to unregister, leaking uprobe
[  224.186015][ T8568] netlink: 4 bytes leftover after parsing attributes in process `syz.2.558'.
[  225.871337][   T40] audit: type=1800 audit(2000000155.049:1354): pid=8594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.2.560" name="/newroot/144/bus" dev="tmpfs" ino=807 res=0 errno=0
[  225.972875][ T8596] block nbd2: shutting down sockets
[  229.723767][ T8627] netlink: 44 bytes leftover after parsing attributes in process `syz.2.571'.
[  229.895623][ T8635] netlink: 'syz.0.572': attribute type 10 has an invalid length.
[  230.114110][ T8633] netlink: 4 bytes leftover after parsing attributes in process `syz.0.572'.
[  231.003849][ T8654] netlink: 44 bytes leftover after parsing attributes in process `syz.3.579'.
[  232.246070][ T8663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.582'.
[  232.261682][ T8663] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  232.264281][ T8663] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  232.266813][ T8663] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  232.269420][ T8663] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  232.312407][ T8666] random: crng reseeded on system resumption
[  232.320725][ T8666] Restarting kernel threads ... done.
[  232.684456][ T8663] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  232.687538][ T8663] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  232.690847][ T8663] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  232.694096][ T8663] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  232.931058][ T8675] random: crng reseeded on system resumption
[  233.126915][ T8671] netlink: 44 bytes leftover after parsing attributes in process `syz.3.584'.
[  233.874257][ T8677] wireguard0: entered promiscuous mode
[  233.876085][ T8677] wireguard0: entered allmulticast mode
[  233.965408][ T8690] netlink: 'syz.1.588': attribute type 10 has an invalid length.
[  234.038732][ T8692] netlink: 44 bytes leftover after parsing attributes in process `syz.3.589'.
[  234.102338][ T8694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.588'.
[  236.144823][ T8716] random: crng reseeded on system resumption
[  238.897761][ T8738] netlink: 4 bytes leftover after parsing attributes in process `syz.3.598'.
[  239.618545][ T8750] random: crng reseeded on system resumption
[  240.889107][ T8765] netlink: 60 bytes leftover after parsing attributes in process `syz.2.605'.
[  241.325379][ T8773] netlink: 44 bytes leftover after parsing attributes in process `syz.0.616'.
[  242.496450][ T8788] xt_CT: You must specify a L4 protocol and not use inversions on it
[  243.134761][ T8791] random: crng reseeded on system resumption
[  243.692907][ T8804] netlink: 44 bytes leftover after parsing attributes in process `syz.0.621'.
[  243.756556][ T8806] geneve2: entered promiscuous mode
[  243.768830][ T8806] geneve2: entered allmulticast mode
[  244.766268][   T40] audit: type=1804 audit(2000000173.949:1355): pid=8810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.625" name="/newroot/160/file0" dev="tmpfs" ino=911 res=1 errno=0
[  244.905983][ T8813] rdma_rxe: rxe_newlink: failed to add lo
[  245.083500][ T8810] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  245.086057][ T8810] ref_ctr decrement failed for inode: 0x38f offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026726400
[  245.089464][ T8810] uprobe: syz.0.625:8810 failed to unregister, leaking uprobe
[  245.238704][ T8821] random: crng reseeded on system resumption
[  245.321049][ T5987] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  245.484382][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  245.512880][ T5987] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  245.516856][ T5987] usb 7-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  245.520532][ T5987] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  245.524087][ T5987] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.761404][  T834] usb 7-1: USB disconnect, device number 7
[  246.380617][ T8829] netlink: 44 bytes leftover after parsing attributes in process `syz.1.618'.
[  247.158285][ T8841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.622'.
[  247.168672][ T8841] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  247.172493][ T8841] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  247.175940][ T8841] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  247.179349][ T8841] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  247.187866][ T8841] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.191643][ T8841] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.194456][ T8841] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.197320][ T8841] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.215527][ T8842] random: crng reseeded on system resumption
[  247.226891][ T8842] Restarting kernel threads ... done.
[  247.542627][ T5941] Bluetooth: hci4: command 0x1003 tx timeout
[  247.542942][   T68] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  248.520424][ T8850] netlink: 4 bytes leftover after parsing attributes in process `syz.2.624'.
[  248.757437][ T8860] s
z1: rxe_newlink: already configured on lo
[  249.081014][ T5987] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  249.221071][ T8867] random: crng reseeded on system resumption
[  249.289043][   T40] audit: type=1804 audit(2000000178.469:1356): pid=8865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.628" name="/newroot/158/file0" dev="tmpfs" ino=889 res=1 errno=0
[  249.299742][ T8865] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  249.302533][ T8865] ref_ctr decrement failed for inode: 0x379 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804f3abc00
[  249.306039][ T8865] uprobe: syz.2.628:8865 failed to unregister, leaking uprobe
[  249.313490][ T5987] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  249.317025][ T5987] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  249.320149][ T5987] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  249.323247][ T5987] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.334103][ T8861] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  249.337973][ T5987] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  249.567165][   T64] usb 8-1: USB disconnect, device number 4
[  249.737748][ T8878] xt_CT: You must specify a L4 protocol and not use inversions on it
[  250.687257][ T8884] random: crng reseeded on system resumption
[  255.583415][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  255.585508][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  255.831129][ T8930] netlink: 44 bytes leftover after parsing attributes in process `syz.2.644'.
[  256.042026][ T8932] random: crng reseeded on system resumption
[  256.951289][ T8943] netlink: 44 bytes leftover after parsing attributes in process `syz.3.648'.
[  257.749038][   T40] audit: type=1804 audit(2000000186.929:1357): pid=8947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.649" name="/newroot/157/file0" dev="tmpfs" ino=916 res=1 errno=0
[  257.770755][ T8949] random: crng reseeded on system resumption
[  257.778288][ T8947] ref_ctr_offset mismatch. inode: 0x394 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa
[  257.783255][ T8947] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  257.786493][ T8947] ref_ctr decrement failed for inode: 0x394 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804f3aa800
[  257.792236][ T8947] uprobe: syz.3.649:8947 failed to unregister, leaking uprobe
[  258.761075][ T5985] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  258.921011][ T5985] usb 8-1: Using ep0 maxpacket: 8
[  258.929810][ T5985] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  258.938953][ T5985] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  258.950890][ T5985] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  258.977357][ T5985] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  258.990366][ T5985] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  259.009629][ T5985] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.053638][ T8964] netlink: 44 bytes leftover after parsing attributes in process `syz.0.654'.
[  259.104646][ T5985] hub 8-1:1.0: bad descriptor, ignoring hub
[  259.107098][ T5985] hub 8-1:1.0: probe with driver hub failed with error -5
[  259.111280][ T5985] cdc_wdm 8-1:1.0: skipping garbage
[  259.115927][ T5985] cdc_wdm 8-1:1.0: skipping garbage
[  259.122018][ T5985] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  259.124892][ T5985] cdc_wdm 8-1:1.0: Unknown control protocol
[  259.340816][ T8971] random: crng reseeded on system resumption
[  259.698573][ T8979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.705985][ T8979] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.721437][ T8976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.727421][ T8976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.815329][ T8978] netlink: 44 bytes leftover after parsing attributes in process `syz.0.657'.
[  259.841216][  T836] usb 8-1: USB disconnect, device number 5
[  260.470992][ T5985] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  261.745537][ T8990] random: crng reseeded on system resumption
[  262.347533][   T40] audit: type=1804 audit(2000000191.529:1358): pid=8996 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.661" name="/newroot/172/file0" dev="tmpfs" ino=977 res=1 errno=0
[  262.356250][ T8996] ref_ctr_offset mismatch. inode: 0x3d1 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0xa
[  262.359694][ T8996] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  262.362518][ T8996] ref_ctr decrement failed for inode: 0x3d1 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801f076400
[  262.367395][ T8996] uprobe: syz.0.661:8996 failed to unregister, leaking uprobe
[  263.102540][ T9002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.662'.
[  263.182088][   T66] Bluetooth: hci4: Frame reassembly failed (-84)
[  264.294549][ T9012] random: crng reseeded on system resumption
[  265.221082][ T5947] Bluetooth: hci4: command 0x1003 tx timeout
[  265.225260][   T68] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  265.806909][ T9021] netlink: 44 bytes leftover after parsing attributes in process `syz.3.667'.
[  266.340966][ T9025] netlink: 44 bytes leftover after parsing attributes in process `syz.1.676'.
[  266.536912][ T9032] fuse: Unknown parameter '0xffffffffffffffff017777777777777777777770000000000000000000000000000000000000000'
[  266.543139][ T9032] netlink: 40 bytes leftover after parsing attributes in process `syz.2.668'.
[  266.546652][ T9032] fuse: Bad value for 'fd'
[  267.191364][    T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  267.432494][    T9] usb 6-1: Using ep0 maxpacket: 8
[  267.459281][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  267.469574][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  267.475586][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  267.480530][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  267.488408][    T9] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  267.493562][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.614483][ T9053] random: crng reseeded on system resumption
[  267.672657][ T9051] xt_CT: You must specify a L4 protocol and not use inversions on it
[  267.963286][    T9] hub 6-1:1.0: bad descriptor, ignoring hub
[  267.965376][    T9] hub 6-1:1.0: probe with driver hub failed with error -5
[  267.969531][    T9] cdc_wdm 6-1:1.0: skipping garbage
[  267.971682][    T9] cdc_wdm 6-1:1.0: skipping garbage
[  267.987168][    T9] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  267.989339][    T9] cdc_wdm 6-1:1.0: Unknown control protocol
[  268.850102][ T9061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  268.853754][ T9061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  268.861174][ T9061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  268.864710][ T9061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  268.931401][    T9] usb 6-1: USB disconnect, device number 3
[  269.224531][ T9070] netlink: 44 bytes leftover after parsing attributes in process `syz.0.678'.
[  269.571234][ T5987] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  269.721090][ T5987] usb 6-1: device descriptor read/64, error -71
[  269.972372][ T5987] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  270.007660][   T40] audit: type=1804 audit(2000000003.449:1359): pid=9083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.682" name="/newroot/165/file0" dev="tmpfs" ino=960 res=1 errno=0
[  270.018564][ T9083] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  270.021584][ T9083] ref_ctr decrement failed for inode: 0x3c0 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bd19400
[  270.025002][ T9083] uprobe: syz.3.682:9083 failed to unregister, leaking uprobe
[  270.101254][ T5987] usb 6-1: device descriptor read/64, error -71
[  270.212467][ T5987] usb usb6-port1: attempt power cycle
[  270.376979][ T9089] netlink: 44 bytes leftover after parsing attributes in process `syz.2.683'.
[  272.276902][ T9101] random: crng reseeded on system resumption
[  274.967354][ T9114] netlink: 44 bytes leftover after parsing attributes in process `syz.2.690'.
[  275.109387][ T9121] random: crng reseeded on system resumption
[  276.956198][   T40] audit: type=1804 audit(2000000010.399:1360): pid=9145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.694" name="/newroot/178/file0" dev="tmpfs" ino=1000 res=1 errno=0
[  276.967669][ T9145] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  276.971386][ T9145] ref_ctr decrement failed for inode: 0x3e8 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026722800
[  276.976524][ T9145] uprobe: syz.2.694:9145 failed to unregister, leaking uprobe
[  277.274959][ T9151] random: crng reseeded on system resumption
[  277.349710][ T9154] netlink: 44 bytes leftover after parsing attributes in process `syz.1.695'.
[  278.127719][ T9163] Cannot find del_set index 3 as target
[  278.139305][ T9163] netlink: 'syz.2.698': attribute type 11 has an invalid length.
[  278.142099][ T9163] netlink: 224 bytes leftover after parsing attributes in process `syz.2.698'.
[  279.081647][ T9186] netlink: 44 bytes leftover after parsing attributes in process `syz.0.703'.
[  280.841176][ T9206] netlink: 44 bytes leftover after parsing attributes in process `syz.0.713'.
[  286.336681][ T9253] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  286.371880][ T9253] netlink: zone id is out of range
[  286.373589][ T9253] netlink: zone id is out of range
[  286.375225][ T9253] netlink: zone id is out of range
[  286.376884][ T9253] netlink: zone id is out of range
[  286.378655][ T9253] netlink: zone id is out of range
[  286.380665][ T9253] netlink: zone id is out of range
[  286.389594][ T9253] netlink: zone id is out of range
[  286.398816][ T9253] netlink: zone id is out of range
[  286.400512][ T9253] netlink: zone id is out of range
[  286.403589][ T9253] netlink: zone id is out of range
[  288.243628][ T9258] netlink: 44 bytes leftover after parsing attributes in process `syz.2.717'.
[  288.654682][ T9263] random: crng reseeded on system resumption
[  289.056715][ T9268] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  289.270452][ T9268] /dev/sr0: Can't open blockdev
[  289.679296][ T9269] /dev/sr0: Can't open blockdev
[  289.813171][ T9274] lo speed is unknown, defaulting to 1000
[  289.885394][ T9274] lo speed is unknown, defaulting to 1000
[  289.887850][ T9274] lo speed is unknown, defaulting to 1000
[  289.961989][ T9274] lo speed is unknown, defaulting to 1000
[  291.170182][ T9304] random: crng reseeded on system resumption
[  293.978602][ T9326] wg1: entered promiscuous mode
[  293.980826][ T9326] wg1: entered allmulticast mode
[  294.052559][ T9331] ip6t_srh: unknown srh invflags 6BE9
[  294.059328][ T9331] ubi: mtd0 is already attached to ubi31
[  295.228121][   T40] audit: type=1804 audit(2000000028.669:1361): pid=9343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.734" name="/newroot/189/file0" dev="tmpfs" ino=1059 res=1 errno=0
[  295.241717][ T9343] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  295.245274][ T9343] ref_ctr decrement failed for inode: 0x423 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026725a00
[  295.249948][ T9343] uprobe: syz.2.734:9343 failed to unregister, leaking uprobe
[  295.876567][ T9350] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  295.907820][ T9350] net_ratelimit: 25 callbacks suppressed
[  295.907838][ T9350] netlink: zone id is out of range
[  295.913409][ T9350] netlink: zone id is out of range
[  295.915612][ T9350] netlink: zone id is out of range
[  295.917823][ T9350] netlink: zone id is out of range
[  295.920042][ T9350] netlink: zone id is out of range
[  295.922572][ T9350] netlink: zone id is out of range
[  295.925481][ T9350] netlink: zone id is out of range
[  295.929503][ T9350] netlink: zone id is out of range
[  295.932442][ T9350] netlink: zone id is out of range
[  295.934693][ T9350] netlink: zone id is out of range
[  296.515807][   T24] libceph: connect (1)[c::]:6789 error -101
[  296.517800][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  296.545859][ T9353] ceph: No mds server is up or the cluster is laggy
[  296.793012][  T834] libceph: connect (1)[c::]:6789 error -101
[  296.807060][  T834] libceph: mon0 (1)[c::]:6789 connect error
[  298.249258][ T9368] batadv_slave_0: entered promiscuous mode
[  298.301762][ T9370] random: crng reseeded on system resumption
[  298.885266][ T9365] batadv_slave_0: left promiscuous mode
[  299.150303][ T9383] netlink: 44 bytes leftover after parsing attributes in process `syz.0.744'.
[  300.453925][ T9403] netlink: 44 bytes leftover after parsing attributes in process `syz.3.749'.
[  301.658747][ T9422] input: syz1 as /devices/virtual/input/input7
[  302.101428][   T24] libceph: connect (1)[c::]:6789 error -101
[  302.104206][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  302.401949][ T9425] ceph: No mds server is up or the cluster is laggy
[  302.515350][   T24] libceph: connect (1)[c::]:6789 error -101
[  302.687047][ T9439] random: crng reseeded on system resumption
[  302.991291][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  303.854265][ T9453] random: crng reseeded on system resumption
[  304.913689][ T9469] netlink: 44 bytes leftover after parsing attributes in process `syz.3.763'.
[  305.990989][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  306.534654][ T9490] random: crng reseeded on system resumption
[  306.708919][    T9] usb 5-1: config 1 interface 0 altsetting 231 endpoint 0x81 has an invalid bInterval 33, changing to 9
[  307.769271][    T9] usb 5-1: config 1 interface 0 has no altsetting 0
[  307.832861][    T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.40
[  307.835702][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.838185][    T9] usb 5-1: Product: syz
[  307.839515][    T9] usb 5-1: Manufacturer: syz
[  307.841684][    T9] usb 5-1: SerialNumber: syz
[  307.966396][ T9498] random: crng reseeded on system resumption
[  309.428094][    T9] usbhid 5-1:1.0: can't add hid device: -71
[  309.431082][    T9] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  309.447790][    T9] usb 5-1: USB disconnect, device number 3
[  310.586604][   T64] libceph: connect (1)[c::]:6789 error -101
[  310.588607][   T64] libceph: mon0 (1)[c::]:6789 connect error
[  310.695753][ T9546] ceph: No mds server is up or the cluster is laggy
[  314.552273][ T9584] ptrace attach of "/syz-executor exec"[5939] was attempted by "/syz-executor exec"[9584]
[  316.798483][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  316.805660][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  318.921129][ T9622] netlink: 44 bytes leftover after parsing attributes in process `syz.1.798'.
[  319.593315][ T9634] random: crng reseeded on system resumption
[  319.716277][   T64] libceph: connect (1)[c::]:6789 error -101
[  319.720991][   T64] libceph: mon0 (1)[c::]:6789 connect error
[  319.834401][ T9643] program syz.2.801 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  319.981236][   T64] libceph: connect (1)[c::]:6789 error -101
[  319.983877][   T64] libceph: mon0 (1)[c::]:6789 connect error
[  320.131200][ T9637] ceph: No mds server is up or the cluster is laggy
[  320.371945][ T9650] net_ratelimit: 25 callbacks suppressed
[  320.372034][ T9650] openvswitch: netlink: Port 10289156 exceeds max allowable 65535
[  320.449092][ T9651] fuse: Bad value for 'fd'
[  321.634202][ T9662] random: crng reseeded on system resumption
[  323.722100][ T9667] netlink: 44 bytes leftover after parsing attributes in process `syz.3.809'.
[  324.134830][ T9673] netlink: 44 bytes leftover after parsing attributes in process `syz.1.810'.
[  324.971499][   T29] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  325.231105][   T29] usb 7-1: Using ep0 maxpacket: 8
[  325.235087][   T29] usb 7-1: config 92 has an invalid interface number: 120 but max is 3
[  325.238597][   T29] usb 7-1: config 92 has an invalid interface number: 136 but max is 3
[  325.242593][   T29] usb 7-1: config 92 has an invalid interface number: 22 but max is 3
[  325.246009][   T29] usb 7-1: config 92 has 3 interfaces, different from the descriptor's value: 4
[  325.249837][   T29] usb 7-1: config 92 has no interface number 0
[  325.266405][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  325.268316][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  325.268504][   T29] usb 7-1: config 92 has no interface number 1
[  325.270600][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  325.275377][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  325.278332][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  325.287453][   T29] usb 7-1: config 92 has no interface number 2
[  325.291145][   T29] usb 7-1: config 92 interface 120 altsetting 9 has an invalid endpoint descriptor of length 6, skipping
[  325.295978][   T29] usb 7-1: config 92 interface 120 altsetting 9 has 4 endpoint descriptors, different from the interface descriptor's value: 0
[  325.308882][   T29] usb 7-1: config 92 interface 136 altsetting 175 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  325.439185][ T6004] libceph: connect (1)[c::]:6789 error -101
[  325.442081][ T6004] libceph: mon0 (1)[c::]:6789 connect error
[  325.448402][ T6004] libceph: connect (1)[c::]:6789 error -101
[  325.451905][ T6004] libceph: mon0 (1)[c::]:6789 connect error
[  325.463700][   T29] usb 7-1: config 92 interface 136 altsetting 175 has an invalid descriptor for endpoint zero, skipping
[  325.468314][   T29] usb 7-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x4, skipping
[  325.489296][ T9692] ceph: No mds server is up or the cluster is laggy
[  325.591008][   T29] usb 7-1: config 92 interface 136 altsetting 175 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  325.595569][   T29] usb 7-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x3, skipping
[  325.600240][   T29] usb 7-1: config 92 interface 136 altsetting 175 endpoint 0xC has invalid maxpacket 512, setting to 64
[  325.625807][   T29] usb 7-1: config 92 interface 136 altsetting 175 bulk endpoint 0x6 has invalid maxpacket 64
[  325.632132][   T29] usb 7-1: config 92 interface 22 altsetting 129 has a duplicate endpoint with address 0xA, skipping
[  325.642147][   T29] usb 7-1: config 92 interface 120 has no altsetting 0
[  325.718412][   T29] usb 7-1: config 92 interface 136 has no altsetting 0
[  325.725441][   T29] usb 7-1: config 92 interface 22 has no altsetting 0
[  325.736298][   T29] usb 7-1: New USB device found, idVendor=0bb4, idProduct=0a52, bcdDevice=a0.d0
[  325.740311][   T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.747169][   T29] usb 7-1: Product: syz
[  325.750229][   T29] usb 7-1: Manufacturer: syz
[  325.754662][   T29] usb 7-1: SerialNumber: syz
[  325.760348][ T9698] can0: slcan on ttyprintk.
[  325.764274][ T9679] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  326.224170][ T9707] bond0: Error: Cannot enslave bond to itself.
[  326.762327][ T9697] can0 (unregistered): slcan off ttyprintk.
[  327.302599][ T5947] Bluetooth: hci4: command 0x1003 tx timeout
[  327.306971][   T68] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  327.889804][   T29] usb 7-1: USB disconnect, device number 8
[  329.158457][ T9738] netlink: 44 bytes leftover after parsing attributes in process `syz.1.820'.
[  331.400091][ T9749] netlink: 44 bytes leftover after parsing attributes in process `syz.1.829'.
[  331.432548][   T65] libceph: connect (1)[c::]:6789 error -101
[  331.441250][   T65] libceph: mon0 (1)[c::]:6789 connect error
[  331.477686][ T9747] ceph: No mds server is up or the cluster is laggy
[  331.780223][ T9763] random: crng reseeded on system resumption
[  333.978953][ T9786] netlink: 44 bytes leftover after parsing attributes in process `syz.2.830'.
[  334.306264][ T9792] netlink: 8 bytes leftover after parsing attributes in process `syz.3.832'.
[  334.402511][ T9795] random: crng reseeded on system resumption
[  334.566359][ T9798] netlink: 44 bytes leftover after parsing attributes in process `syz.0.834'.
[  334.966587][ T9804] usb 2-1: USB disconnect, device number 2
[  335.290743][ T9807] netlink: 44 bytes leftover after parsing attributes in process `syz.3.836'.
[  337.845191][ T9835] random: crng reseeded on system resumption
[  339.570332][   T65] libceph: connect (1)[c::]:6789 error -101
[  339.572862][   T65] libceph: mon0 (1)[c::]:6789 connect error
[  339.575005][   T65] libceph: connect (1)[c::]:6789 error -101
[  339.576925][   T65] libceph: mon0 (1)[c::]:6789 connect error
[  339.653353][ T9849] ceph: No mds server is up or the cluster is laggy
[  340.125204][ T9858] random: crng reseeded on system resumption
[  340.251118][ T6004] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  340.400965][ T6004] usb 5-1: Using ep0 maxpacket: 8
[  340.404222][ T6004] usb 5-1: config 92 has an invalid interface number: 120 but max is 3
[  340.406954][ T6004] usb 5-1: config 92 has an invalid interface number: 136 but max is 3
[  340.410131][ T6004] usb 5-1: config 92 has an invalid interface number: 22 but max is 3
[  340.413481][ T6004] usb 5-1: config 92 has 3 interfaces, different from the descriptor's value: 4
[  340.417062][ T6004] usb 5-1: config 92 has no interface number 0
[  340.419621][ T6004] usb 5-1: config 92 has no interface number 1
[  340.422450][ T6004] usb 5-1: config 92 has no interface number 2
[  340.424907][ T6004] usb 5-1: config 92 interface 120 altsetting 9 has an invalid endpoint descriptor of length 6, skipping
[  340.429278][ T6004] usb 5-1: config 92 interface 120 altsetting 9 has 4 endpoint descriptors, different from the interface descriptor's value: 0
[  340.434466][ T6004] usb 5-1: config 92 interface 136 altsetting 175 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  340.439727][ T6004] usb 5-1: config 92 interface 136 altsetting 175 has an invalid descriptor for endpoint zero, skipping
[  340.444258][ T6004] usb 5-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x4, skipping
[  340.448478][ T6004] usb 5-1: config 92 interface 136 altsetting 175 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  340.452918][ T6004] usb 5-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x3, skipping
[  340.457327][ T6004] usb 5-1: config 92 interface 136 altsetting 175 endpoint 0xC has invalid maxpacket 512, setting to 64
[  340.461720][ T6004] usb 5-1: config 92 interface 136 altsetting 175 bulk endpoint 0x6 has invalid maxpacket 64
[  340.465645][ T6004] usb 5-1: config 92 interface 22 altsetting 129 has a duplicate endpoint with address 0xA, skipping
[  340.469876][ T6004] usb 5-1: config 92 interface 120 has no altsetting 0
[  340.472802][ T6004] usb 5-1: config 92 interface 136 has no altsetting 0
[  340.475475][ T6004] usb 5-1: config 92 interface 22 has no altsetting 0
[  340.479917][ T6004] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a52, bcdDevice=a0.d0
[  340.483600][ T6004] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.486717][ T6004] usb 5-1: Product: syz
[  340.488363][ T6004] usb 5-1: Manufacturer: syz
[  340.490207][ T6004] usb 5-1: SerialNumber: syz
[  340.497024][ T9855] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  340.774666][ T9864] bond0: Error: Cannot enslave bond to itself.
[  341.205513][ T9869] netlink: 44 bytes leftover after parsing attributes in process `syz.1.849'.
[  343.016165][ T9884] lo speed is unknown, defaulting to 1000
[  343.060964][ T9885] netlink: 12 bytes leftover after parsing attributes in process `syz.2.853'.
[  343.097562][ T9885] Cannot find add_set index 3 as target
[  343.099163][ T9884] lo speed is unknown, defaulting to 1000
[  343.103030][ T9884] lo speed is unknown, defaulting to 1000
[  343.214939][ T9884] lo speed is unknown, defaulting to 1000
[  344.407867][ T9899] random: crng reseeded on system resumption
[  344.757564][ T6004] usb 5-1: USB disconnect, device number 4
[  346.127220][ T9916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.859'.
[  346.133486][ T9917] netlink: 44 bytes leftover after parsing attributes in process `syz.1.860'.
[  346.136524][ T9916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.859'.
[  346.581782][ T9929] netlink: 44 bytes leftover after parsing attributes in process `syz.3.861'.
[  348.284091][ T9961] program syz.1.865 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  349.234892][ T9981] random: crng reseeded on system resumption
[  349.646973][ T9990] netlink: 44 bytes leftover after parsing attributes in process `syz.2.870'.
[  349.665205][ T9988] netlink: 44 bytes leftover after parsing attributes in process `syz.0.871'.
[  349.856755][ T9969] ALSA: mixer_oss: invalid index 40000
[  351.165322][T10004] netlink: 44 bytes leftover after parsing attributes in process `syz.0.882'.
[  351.272076][T10010] netlink: 44 bytes leftover after parsing attributes in process `syz.1.875'.
[  351.676053][T10016] netlink: 12 bytes leftover after parsing attributes in process `syz.0.877'.
[  351.800606][T10022] netlink: 14 bytes leftover after parsing attributes in process `syz.1.878'.
[  351.910198][T10027] 9pnet: Unknown protocol version 9p20\++}
[  351.935382][T10022] bond0 (unregistering): Released all slaves
[  351.949544][T10025] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  352.194053][T10033] rdma_rxe: rxe_newlink: failed to add lo
[  352.520990][   T29] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  352.611045][  T836] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  352.689771][T10043] input: syz1 as /devices/virtual/input/input9
[  352.695740][   T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  352.699288][   T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  352.703024][   T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  352.707465][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.712597][T10035] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  352.716911][   T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  352.736906][T10043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.881'.
[  352.851199][  T836] usb 8-1: Using ep0 maxpacket: 8
[  352.855271][  T836] usb 8-1: config 92 has an invalid interface number: 120 but max is 3
[  352.857855][  T836] usb 8-1: config 92 has an invalid interface number: 136 but max is 3
[  352.860426][  T836] usb 8-1: config 92 has an invalid interface number: 22 but max is 3
[  352.869247][  T836] usb 8-1: config 92 has 3 interfaces, different from the descriptor's value: 4
[  352.872617][  T836] usb 8-1: config 92 has no interface number 0
[  352.874644][  T836] usb 8-1: config 92 has no interface number 1
[  352.876689][  T836] usb 8-1: config 92 has no interface number 2
[  352.878904][  T836] usb 8-1: config 92 interface 120 altsetting 9 has an invalid endpoint descriptor of length 6, skipping
[  352.946590][ T6003] usb 7-1: USB disconnect, device number 9
[  352.959654][T10046] overlayfs: missing 'lowerdir'
[  353.209629][  T836] usb 8-1: config 92 interface 120 altsetting 9 has 4 endpoint descriptors, different from the interface descriptor's value: 0
[  353.219511][  T836] usb 8-1: config 92 interface 136 altsetting 175 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  353.228623][  T836] usb 8-1: config 92 interface 136 altsetting 175 has an invalid descriptor for endpoint zero, skipping
[  353.235421][  T836] usb 8-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x4, skipping
[  353.241157][  T836] usb 8-1: config 92 interface 136 altsetting 175 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  353.244887][  T836] usb 8-1: config 92 interface 136 altsetting 175 has a duplicate endpoint with address 0x3, skipping
[  353.248426][  T836] usb 8-1: config 92 interface 136 altsetting 175 endpoint 0xC has invalid maxpacket 512, setting to 64
[  353.252475][  T836] usb 8-1: config 92 interface 136 altsetting 175 bulk endpoint 0x6 has invalid maxpacket 64
[  353.255782][  T836] usb 8-1: config 92 interface 22 altsetting 129 has a duplicate endpoint with address 0xA, skipping
[  353.259474][  T836] usb 8-1: config 92 interface 120 has no altsetting 0
[  353.261783][  T836] usb 8-1: config 92 interface 136 has no altsetting 0
[  353.264055][  T836] usb 8-1: config 92 interface 22 has no altsetting 0
[  353.268124][  T836] usb 8-1: New USB device found, idVendor=0bb4, idProduct=0a52, bcdDevice=a0.d0
[  353.271539][  T836] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.352540][  T836] usb 8-1: Product: syz
[  353.354914][  T836] usb 8-1: Manufacturer: syz
[  353.357580][  T836] usb 8-1: SerialNumber: syz
[  353.363284][T10038] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  353.634889][T10052] bond0: Error: Cannot enslave bond to itself.
[  354.374773][T10057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.885'.
[  354.378266][T10057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.885'.
[  354.858967][T10063] netlink: 44 bytes leftover after parsing attributes in process `syz.1.886'.
[  355.151765][  T836] usb 8-1: USB disconnect, device number 7
[  355.159413][T10066] netlink: 44 bytes leftover after parsing attributes in process `syz.2.887'.
[  356.271208][   T40] audit: type=1326 audit(2000000089.715:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10069 comm="syz.1.889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  356.281962][   T40] audit: type=1326 audit(2000000089.715:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10069 comm="syz.1.889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  356.543090][   T40] audit: type=1326 audit(2000000089.995:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10069 comm="syz.1.889" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  356.551130][   T40] audit: type=1326 audit(2000000089.995:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10069 comm="syz.1.889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  356.558205][   T40] audit: type=1326 audit(2000000089.995:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10069 comm="syz.1.889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f74579 code=0x7ffc0000
[  356.665913][T10084] netlink: 44 bytes leftover after parsing attributes in process `syz.2.892'.
[  357.223774][T10093] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  357.223774][T10093]    program syz.0.894 not setting count and/or reply_len properly
[  357.259136][T10098] netlink: 8 bytes leftover after parsing attributes in process `syz.2.896'.
[  357.263918][T10098] netlink: 8 bytes leftover after parsing attributes in process `syz.2.896'.
[  358.380028][T10107] batadv_slave_1: entered promiscuous mode
[  359.089030][T10119] netlink: 44 bytes leftover after parsing attributes in process `syz.3.901'.
[  359.250760][T10106] batadv_slave_1: left promiscuous mode
[  359.260892][T10112] orangefs_mount: mount request failed with -4
[  359.546629][   T40] audit: type=1804 audit(2000000092.985:1367): pid=10123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.902" name="/newroot/225/file0" dev="tmpfs" ino=1243 res=1 errno=0
[  359.562289][T10130] netlink: 44 bytes leftover after parsing attributes in process `syz.0.904'.
[  359.573139][T10123] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  359.575659][T10123] ref_ctr decrement failed for inode: 0x4db offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804f80b200
[  359.584775][T10123] uprobe: syz.1.902:10123 failed to unregister, leaking uprobe
[  361.047746][T10148] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  361.051146][   T40] audit: type=1804 audit(2000000094.285:1368): pid=10148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.908" name="/newroot/230/file0" dev="tmpfs" ino=1287 res=1 errno=0
[  361.052192][T10148] ref_ctr decrement failed for inode: 0x507 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026721400
[  361.083016][T10148] uprobe: syz.0.908:10148 failed to unregister, leaking uprobe
[  361.532847][T10136] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  362.674856][T10162] lo speed is unknown, defaulting to 1000
[  362.689314][T10165] netlink: 12 bytes leftover after parsing attributes in process `syz.0.912'.
[  362.721188][T10165] Cannot find add_set index 3 as target
[  362.805562][T10162] lo speed is unknown, defaulting to 1000
[  362.809337][T10162] lo speed is unknown, defaulting to 1000
[  363.110577][   T29] libceph: connect (1)[c::]:6789 error -101
[  363.113659][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  363.117116][   T29] libceph: connect (1)[c::]:6789 error -101
[  363.119905][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  363.159313][T10170] ceph: No mds server is up or the cluster is laggy
[  363.173411][T10174] netlink: 12 bytes leftover after parsing attributes in process `syz.1.922'.
[  363.177419][T10177] netlink: 14 bytes leftover after parsing attributes in process `syz.3.914'.
[  363.328732][T10177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  363.336687][T10177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  363.346310][T10177] bond0 (unregistering): Released all slaves
[  363.378682][T10162] lo speed is unknown, defaulting to 1000
[  363.382773][T10182] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  363.722045][T10190] netlink: 20 bytes leftover after parsing attributes in process `syz.3.915'.
[  364.033367][T10192] 9pnet_virtio: no channels available for device ./file0/file0
[  364.163487][T10197] netlink: 44 bytes leftover after parsing attributes in process `syz.0.925'.
[  364.446453][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.2.917'.
[  364.677088][T10203] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  365.770879][T10219] batadv_slave_1: entered promiscuous mode
[  366.625649][T10217] batadv_slave_1: left promiscuous mode
[  366.629088][T10223] orangefs_mount: mount request failed with -4
[  367.177772][T10241] syz.1.924 (10241): drop_caches: 2
[  367.180795][T10241] syz.1.924 (10241): drop_caches: 2
[  367.409166][   T40] audit: type=1804 audit(2000000100.855:1369): pid=10243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.926" name="/newroot/235/file0" dev="tmpfs" ino=1314 res=1 errno=0
[  367.417421][T10243] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  367.421270][T10243] ref_ctr decrement failed for inode: 0x522 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804eb53c00
[  367.425896][T10243] uprobe: syz.0.926:10243 failed to unregister, leaking uprobe
[  367.533124][  T836] libceph: connect (1)[c::]:6789 error -101
[  367.535843][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  367.574591][T10244] ceph: No mds server is up or the cluster is laggy
[  368.305311][T10259] netlink: 20 bytes leftover after parsing attributes in process `syz.1.928'.
[  369.247973][T10266] random: crng reseeded on system resumption
[  369.712649][T10273] ip6t_srh: unknown srh invflags 6BE9
[  369.728288][T10273] ubi: mtd0 is already attached to ubi31
[  370.031047][T10276] 9pnet: Unknown protocol version 9p20\++}
[  370.193455][   T40] audit: type=1804 audit(2000000103.645:1370): pid=10272 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.933" name="/newroot/235/file0" dev="tmpfs" ino=1310 res=1 errno=0
[  370.203692][T10272] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  370.206963][T10272] ref_ctr decrement failed for inode: 0x51e offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026720000
[  370.211449][T10272] uprobe: syz.2.933:10272 failed to unregister, leaking uprobe
[  370.634187][T10278] s: rxe_newlink: already configured on lo
[  370.637656][T10281] syz.0.936: attempt to access beyond end of device
[  370.637656][T10281] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0
[  370.642620][T10281] hfsplus: unable to find HFS+ superblock
[  370.990987][   T65] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  371.152668][   T65] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  371.360239][   T40] audit: type=1804 audit(2000000104.805:1371): pid=10297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.938" name="/newroot/226/file0" dev="tmpfs" ino=1297 res=1 errno=0
[  371.369721][   T65] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  371.374549][T10297] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  371.377211][T10297] ref_ctr decrement failed for inode: 0x511 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bceb200
[  371.378575][   T65] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  371.380614][T10297] uprobe: syz.3.938:10297 failed to unregister, leaking uprobe
[  371.386109][   T65] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.391059][T10278] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  371.415720][   T65] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  371.601333][   T65] usb 6-1: USB disconnect, device number 7
[  371.958547][T10299] lo speed is unknown, defaulting to 1000
[  372.037533][T10299] lo speed is unknown, defaulting to 1000
[  372.040712][T10299] lo speed is unknown, defaulting to 1000
[  372.057802][T10306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.939'.
[  372.105111][T10306] Cannot find add_set index 3 as target
[  372.154306][T10299] lo speed is unknown, defaulting to 1000
[  372.430133][T10312] xt_CT: You must specify a L4 protocol and not use inversions on it
[  372.845899][T10316] netlink: 20 bytes leftover after parsing attributes in process `syz.2.941'.
[  373.096653][T10323] random: crng reseeded on system resumption
[  373.185104][T10321] netlink: 44 bytes leftover after parsing attributes in process `syz.3.942'.
[  373.824963][   T40] audit: type=1804 audit(2000000107.265:1372): pid=10329 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.944" name="/newroot/235/file0" dev="tmpfs" ino=1315 res=1 errno=0
[  373.906048][T10329] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  373.908744][T10329] ref_ctr decrement failed for inode: 0x523 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bceda00
[  373.912655][T10329] uprobe: syz.1.944:10329 failed to unregister, leaking uprobe
[  374.137957][T10339] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  374.611603][T10342] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  374.615701][T10342] ref_ctr decrement failed for inode: 0x535 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804fb33200
[  374.620464][T10342] uprobe: syz.2.945:10342 failed to unregister, leaking uprobe
[  374.632117][   T40] audit: type=1804 audit(2000000108.055:1373): pid=10342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.945" name="/newroot/239/file0" dev="tmpfs" ino=1333 res=1 errno=0
[  374.906488][T10346] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  374.909998][T10346] ref_ctr decrement failed for inode: 0x529 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bce8a00
[  374.914661][T10346] uprobe: syz.1.949:10346 failed to unregister, leaking uprobe
[  374.918995][   T40] audit: type=1804 audit(2000000108.355:1374): pid=10346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.949" name="/newroot/236/file0" dev="tmpfs" ino=1321 res=1 errno=0
[  375.527053][T10351] netlink: 14 bytes leftover after parsing attributes in process `syz.2.951'.
[  375.639794][T10351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  375.651722][T10351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  375.658120][T10351] bond0 (unregistering): Released all slaves
[  375.683870][T10355] netlink: 12 bytes leftover after parsing attributes in process `syz.1.952'.
[  375.694837][T10354] lo speed is unknown, defaulting to 1000
[  375.712024][T10355] Cannot find add_set index 3 as target
[  375.844656][T10361] netlink: 44 bytes leftover after parsing attributes in process `syz.0.953'.
[  375.906823][T10354] lo speed is unknown, defaulting to 1000
[  375.909918][T10354] lo speed is unknown, defaulting to 1000
[  375.997355][T10354] lo speed is unknown, defaulting to 1000
[  376.081548][T10367] netlink: 20 bytes leftover after parsing attributes in process `syz.2.954'.
[  376.981414][T10377] netlink: 44 bytes leftover after parsing attributes in process `syz.1.956'.
[  377.052290][  T836] libceph: connect (1)[c::]:6789 error -101
[  377.055373][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  377.085660][T10380] ceph: No mds server is up or the cluster is laggy
[  377.761651][   T40] audit: type=1804 audit(2000000111.205:1375): pid=10392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.959" name="/newroot/231/file0" dev="tmpfs" ino=1324 res=1 errno=0
[  377.769264][T10392] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  377.772025][T10392] ref_ctr decrement failed for inode: 0x52c offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bce8000
[  377.775536][T10392] uprobe: syz.3.959:10392 failed to unregister, leaking uprobe
[  378.103445][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  378.105569][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  378.341146][   T65] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  378.388492][T10403] netlink: 44 bytes leftover after parsing attributes in process `syz.0.963'.
[  378.492524][   T65] usb 7-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  378.496703][   T65] usb 7-1: config 1 interface 0 has no altsetting 0
[  378.503766][   T65] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  378.507395][   T65] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.511702][   T65] usb 7-1: Product: syz
[  378.513101][   T65] usb 7-1: Manufacturer: syz
[  378.514630][   T65] usb 7-1: SerialNumber: syz
[  379.103069][   T65] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  379.110175][   T65] usb 7-1: USB disconnect, device number 10
[  379.116859][   T65] usblp0: removed
[  379.391464][T10404] ALSA: mixer_oss: invalid index 40000
[  381.453238][T10427] netlink: 44 bytes leftover after parsing attributes in process `syz.2.968'.
[  381.765064][T10434] netlink: 44 bytes leftover after parsing attributes in process `syz.1.969'.
[  382.617244][   T40] audit: type=1804 audit(2000000116.065:1376): pid=10445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.972" name="/newroot/235/file0" dev="tmpfs" ino=1345 res=1 errno=0
[  382.633375][T10445] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  382.636148][T10445] ref_ctr decrement failed for inode: 0x541 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bce8a00
[  382.639511][T10445] uprobe: syz.3.972:10445 failed to unregister, leaking uprobe
[  382.857401][   T40] audit: type=1804 audit(2000000116.305:1377): pid=10450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.974" name="/newroot/249/file0" dev="tmpfs" ino=1399 res=1 errno=0
[  382.925874][T10452] netlink: 'syz.2.973': attribute type 10 has an invalid length.
[  382.941369][T10452] hsr_slave_0: left promiscuous mode
[  382.944832][T10452] hsr_slave_1: left promiscuous mode
[  382.948335][T10447] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  382.951667][T10447] ref_ctr decrement failed for inode: 0x577 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026720a00
[  382.955859][T10447] uprobe: syz.0.974:10447 failed to unregister, leaking uprobe
[  383.309768][T10454] xt_CT: You must specify a L4 protocol and not use inversions on it
[  385.315728][T10471] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  385.791171][ T5947] Bluetooth: hci3: command 0x0406 tx timeout
[  385.859712][T10487] ubi31: detaching mtd0
[  385.881587][T10487] ubi31: mtd0 is detached
[  386.647749][   T40] audit: type=1804 audit(2000000120.095:1378): pid=10496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.985" name="/newroot/247/file0" dev="tmpfs" ino=1378 res=1 errno=0
[  386.672858][T10496] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  386.676140][T10496] ref_ctr decrement failed for inode: 0x562 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bced000
[  386.680864][T10496] uprobe: syz.2.985:10496 failed to unregister, leaking uprobe
[  387.148724][T10500] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  387.148724][T10500]    program syz.3.986 not setting count and/or reply_len properly
[  387.514700][T10504] batadv_slave_1: entered promiscuous mode
[  388.366323][T10503] batadv_slave_1: left promiscuous mode
[  388.369039][T10507] orangefs_mount: mount request failed with -4
[  389.027589][T10521] syz.3.991 (10521): drop_caches: 2
[  389.074708][T10521] syz.3.991 (10521): drop_caches: 2
[  390.614676][   T40] audit: type=1326 audit(2000000123.895:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.683197][   T40] audit: type=1326 audit(2000000123.895:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.703140][   T40] audit: type=1326 audit(2000000123.895:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.745900][   T40] audit: type=1326 audit(2000000123.895:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.755195][   T40] audit: type=1326 audit(2000000123.905:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.763073][   T40] audit: type=1326 audit(2000000123.905:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.770260][   T40] audit: type=1326 audit(2000000123.905:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.778340][   T40] audit: type=1326 audit(2000000123.905:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.786074][   T40] audit: type=1326 audit(2000000123.905:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.793960][   T40] audit: type=1326 audit(2000000123.905:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.3.994" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  390.823357][T10546] netlink: 44 bytes leftover after parsing attributes in process `syz.0.995'.
[  391.188541][T10547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1002'.
[  391.747660][T10561] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  391.747660][T10561]    program syz.1.998 not setting count and/or reply_len properly
[  392.924049][T10568] batadv_slave_1: entered promiscuous mode
[  393.777606][T10567] batadv_slave_1: left promiscuous mode
[  393.780161][T10573] orangefs_mount: mount request failed with -4
[  394.083309][T10585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1004'.
[  394.534338][T10592] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1005'.
[  394.627843][T10593] fuseblk: Bad value for 'fd'
[  394.976785][T10598] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1007'.
[  395.510203][T10607] syz.2.1011: attempt to access beyond end of device
[  395.510203][T10607] loop2: rw=2048, sector=2, nr_sectors = 1 limit=0
[  395.516895][T10607] hfsplus: unable to find HFS+ superblock
[  395.721160][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  395.721172][   T40] audit: type=1804 audit(2000000129.145:1402): pid=10609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1010" name="/newroot/246/file0" dev="tmpfs" ino=1403 res=1 errno=0
[  395.746407][T10609] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  395.749897][T10609] ref_ctr decrement failed for inode: 0x57b offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bce9400
[  395.772625][T10609] uprobe: syz.3.1010:10609 failed to unregister, leaking uprobe
[  395.896083][T10610] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  396.688649][T10628] vivid-000: disconnect
[  397.431034][T10622] vivid-000: reconnect
[  397.469610][T10641] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1018'.
[  398.175702][T10652] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1021'.
[  398.182265][T10653] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1020'.
[  398.489031][T10661] netlink: 'syz.0.1023': attribute type 10 has an invalid length.
[  398.494005][T10661] hsr_slave_0: left promiscuous mode
[  398.497833][T10661] hsr_slave_1: left promiscuous mode
[  399.799629][   T40] audit: type=1804 audit(2000000133.235:1403): pid=10682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1027" name="/newroot/258/file0" dev="tmpfs" ino=1437 res=1 errno=0
[  399.804577][T10682] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  399.809217][T10682] ref_ctr decrement failed for inode: 0x59d offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804f816400
[  399.812773][T10682] uprobe: syz.2.1027:10682 failed to unregister, leaking uprobe
[  400.081223][T10684] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14)
[  400.083856][T10684] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  400.092087][T10684] vhci_hcd vhci_hcd.0: Device attached
[  400.101959][T10684] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(16)
[  400.104651][T10684] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  400.107829][T10684] vhci_hcd vhci_hcd.0: Device attached
[  400.111601][T10684] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  400.116191][T10684] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(20)
[  400.118848][T10684] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  400.122614][T10684] vhci_hcd vhci_hcd.0: Device attached
[  400.128105][T10684] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(22)
[  400.130769][T10684] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  400.134107][T10684] vhci_hcd vhci_hcd.0: Device attached
[  400.139348][T10684] vhci_hcd vhci_hcd.0: pdev(3) rhport(5) sockfd(24)
[  400.142040][T10684] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  400.145514][T10684] vhci_hcd vhci_hcd.0: Device attached
[  400.153178][T10684] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  400.161360][T10684] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  400.166340][T10684] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  400.197219][T10693] vhci_hcd: connection closed
[  400.198474][T10685] vhci_hcd: connection closed
[  400.200217][T10691] vhci_hcd: connection closed
[  400.202898][T10689] vhci_hcd: connection closed
[  400.205102][T10687] vhci_hcd: connection closed
[  400.208184][   T98] vhci_hcd: stop threads
[  400.212005][   T98] vhci_hcd: release socket
[  400.214166][   T98] vhci_hcd: disconnect device
[  400.216162][   T98] vhci_hcd: stop threads
[  400.217538][   T98] vhci_hcd: release socket
[  400.219006][   T98] vhci_hcd: disconnect device
[  400.220850][   T98] vhci_hcd: stop threads
[  400.222364][   T98] vhci_hcd: release socket
[  400.223832][   T98] vhci_hcd: disconnect device
[  400.225723][   T98] vhci_hcd: stop threads
[  400.227104][   T98] vhci_hcd: release socket
[  400.228575][   T98] vhci_hcd: disconnect device
[  400.230199][   T98] vhci_hcd: stop threads
[  400.232761][   T98] vhci_hcd: release socket
[  400.234237][   T98] vhci_hcd: disconnect device
[  400.281886][   T64] vhci_hcd: vhci_device speed not set
[  400.591217][T10701] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1031'.
[  401.683343][T10713] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1034'.
[  402.195517][ T5987] libceph: connect (1)[c::]:6789 error -101
[  402.198166][ T5987] libceph: mon0 (1)[c::]:6789 connect error
[  402.272223][T10727] ceph: No mds server is up or the cluster is laggy
[  404.853156][T10752] syz.0.1042 (10752): drop_caches: 2
[  404.871397][T10752] syz.0.1042 (10752): drop_caches: 2
[  405.988502][T10765] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1046'.
[  405.998886][T10775] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1048'.
[  406.017898][T10765] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  406.020063][T10765] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  406.028187][T10765] vhci_hcd vhci_hcd.0: Device attached
[  406.261059][   T65] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  406.281055][  T834] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  406.454493][  T834] usb 6-1: config 0 has no interfaces?
[  406.457134][  T834] usb 6-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[  406.461094][  T834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.467700][  T834] usb 6-1: config 0 descriptor??
[  406.677830][T10777] usb 39-1: recv xbuf, 0
[  406.679508][   T66] vhci_hcd: stop threads
[  406.680898][   T66] vhci_hcd: release socket
[  406.682489][   T66] vhci_hcd: disconnect device
[  406.682815][  T834] usb 6-1: string descriptor 0 read error: -71
[  406.690525][  T834] usb 6-1: USB disconnect, device number 8
[  406.741775][   T65] vhci_hcd: vhci_device speed not set
[  406.887448][   T68] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  407.349928][T10792] syz.0.1051: attempt to access beyond end of device
[  407.349928][T10792] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[  407.355968][T10792] XFS (nbd0): SB validate failed with error -5.
[  407.860314][T10803] block device autoloading is deprecated and will be removed.
[  408.248454][T10811] batadv_slave_0: entered promiscuous mode
[  408.970119][T10808] batadv_slave_0: left promiscuous mode
[  409.039216][T10822] vivid-000: disconnect
[  409.494033][T10830] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1059'.
[  409.778669][T10813] vivid-000: reconnect
[  410.620373][T10847] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1064'.
[  411.237534][T10846] hub 6-0:1.0: USB hub found
[  411.239803][T10846] hub 6-0:1.0: 1 port detected
[  411.565449][ T5987] libceph: connect (1)[c::]:6789 error -101
[  411.568338][ T5987] libceph: mon0 (1)[c::]:6789 connect error
[  411.824193][ T5987] libceph: connect (1)[c::]:6789 error -101
[  411.829530][ T5987] libceph: mon0 (1)[c::]:6789 connect error
[  411.840695][T10868] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1068'.
[  411.986111][T10857] ceph: No mds server is up or the cluster is laggy
[  412.473909][T10876] syz.0.1077: attempt to access beyond end of device
[  412.473909][T10876] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  412.479129][T10876] SQUASHFS error: Failed to read block 0x0: -5
[  412.482648][T10876] unable to read squashfs_super_block
[  412.886607][   T68] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  413.012274][ T5987] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  413.524866][ T5987] usb 5-1: config 1 interface 0 has no altsetting 0
[  413.536217][ T5987] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  413.540188][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.591409][ T5987] usb 5-1: Product: syz
[  413.593286][ T5987] usb 5-1: Manufacturer: syz
[  413.596742][ T5987] usb 5-1: SerialNumber: syz
[  413.807910][T10890] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1072'.
[  414.690763][   T68] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  415.747709][ T5987] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  415.754685][ T5987] usb 5-1: USB disconnect, device number 5
[  415.757990][ T5987] usblp0: removed
[  416.786708][T10930] netlink: 'syz.1.1084': attribute type 5 has an invalid length.
[  416.790209][T10930] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1084'.
[  417.539006][  T835] lo speed is unknown, defaulting to 1000
[  417.540835][  T835] syz2: Port: 1 Link DOWN
[  417.555979][T10937] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1086'.
[  417.718171][T10943] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1087'.
[  417.811733][T10940] hub 6-0:1.0: USB hub found
[  417.814121][T10940] hub 6-0:1.0: 1 port detected
[  418.711586][T10947] loop7: detected capacity change from 0 to 16383
[  420.195812][ T5987] libceph: connect (1)[c::]:6789 error -101
[  420.198396][ T5987] libceph: mon0 (1)[c::]:6789 connect error
[  420.402674][T10983] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1104'.
[  420.478402][ T5987] libceph: connect (1)[c::]:6789 error -101
[  420.480983][ T5987] libceph: mon0 (1)[c::]:6789 connect error
[  420.502269][T10984] fuseblk: Bad value for 'fd'
[  420.764477][T10974] ceph: No mds server is up or the cluster is laggy
[  420.871659][T10988] netlink: 'syz.1.1097': attribute type 10 has an invalid length.
[  420.874941][T10988] hsr_slave_0: left promiscuous mode
[  420.879195][T10988] hsr_slave_1: left promiscuous mode
[  423.319850][T11019] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1103'.
[  423.525980][T11023] xt_CT: You must specify a L4 protocol and not use inversions on it
[  424.467119][T11032] netlink: 'syz.1.1108': attribute type 1 has an invalid length.
[  424.533586][T11032] bond1: (slave gretap1): making interface the new active one
[  424.538086][T11032] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  424.712770][T11032] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  425.517502][T11042] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1109'.
[  427.092302][T11066] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1115'.
[  427.136598][T11065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1112'.
[  427.750862][T11075] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  428.820999][ T5947] Bluetooth: hci3: command 0x0406 tx timeout
[  429.241503][   T65] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  429.473976][T11094] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1120'.
[  429.491868][   T10] libceph: connect (1)[c::]:6789 error -101
[  429.494581][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  429.746205][T11096] ceph: No mds server is up or the cluster is laggy
[  429.825444][   T10] libceph: connect (1)[c::]:6789 error -101
[  429.827490][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  430.519429][   T10] libceph: connect (1)[c::]:6789 error -101
[  430.670940][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  430.911107][ T5947] Bluetooth: hci3: command 0x0406 tx timeout
[  431.182798][T11120] netlink: 'syz.3.1124': attribute type 10 has an invalid length.
[  431.199456][T11120] hsr_slave_0: left promiscuous mode
[  431.209694][T11120] hsr_slave_1: left promiscuous mode
[  431.224737][T11121] fuseblk: Bad value for 'fd'
[  432.333100][T11137] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1127'.
[  432.655931][T11143] tun0: tun_chr_ioctl cmd 1074025675
[  432.657680][T11143] tun0: persist enabled
[  433.547207][T11166] fuse: Bad value for 'group_id'
[  433.548912][T11166] fuse: Bad value for 'group_id'
[  433.712743][T11162] netlink: 'syz.2.1131': attribute type 12 has an invalid length.
[  434.248232][T11155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1130'.
[  434.259500][T11155] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  434.261614][T11155] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  434.265359][T11155] vhci_hcd vhci_hcd.0: Device attached
[  434.365211][T11174] ceph: No mds server is up or the cluster is laggy
[  434.511025][T10216] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  434.514178][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  434.662339][   T10] usb 5-1: config 0 has no interfaces?
[  434.664899][   T10] usb 5-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[  434.668187][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.676223][   T10] usb 5-1: config 0 descriptor??
[  434.808916][  T835] libceph: connect (1)[c::]:6789 error -101
[  434.924834][T11177] usb 37-1: recv xbuf, 0
[  434.928492][ T1137] vhci_hcd: stop threads
[  434.929913][ T1137] vhci_hcd: release socket
[  434.941293][ T1137] vhci_hcd: disconnect device
[  434.984633][T11187] netlink: 'syz.3.1135': attribute type 10 has an invalid length.
[  434.991094][T10216] vhci_hcd: vhci_device speed not set
[  435.328706][  T835] libceph: mon0 (1)[c::]:6789 connect error
[  436.311772][   T10] usb 5-1: string descriptor 0 read error: -71
[  436.315690][   T10] usb 5-1: USB disconnect, device number 6
[  437.842030][   T40] audit: type=1804 audit(2000000171.295:1404): pid=11209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1142" name="/newroot/278/file0" dev="tmpfs" ino=1577 res=1 errno=0
[  438.071728][T11209] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  438.074273][T11209] ref_ctr decrement failed for inode: 0x629 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804fb30a00
[  438.081381][T11209] uprobe: syz.3.1142:11209 failed to unregister, leaking uprobe
[  438.285174][   T40] audit: type=1804 audit(2000000171.735:1405): pid=11216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1140" name="/newroot/286/file0" dev="tmpfs" ino=1584 res=1 errno=0
[  438.295806][T11216] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1
[  438.298361][T11216] ref_ctr decrement failed for inode: 0x630 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888026726400
[  438.314903][T11216] uprobe: syz.1.1140:11216 failed to unregister, leaking uprobe
[  438.379626][T11219] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1143'.
[  438.567117][   T68] Bluetooth: hci2: unexpected event for opcode 0x2011
[  438.574233][T11221] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  439.469894][T11237] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1149'.
[  439.543840][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  439.546032][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  439.838625][T11247] netlink: 'syz.2.1150': attribute type 5 has an invalid length.
[  439.841603][T11247] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1150'.
[  442.300438][T11261] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1162'.
[  442.604456][   T68] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  442.608125][   T68] Bluetooth: hci2: Injecting HCI hardware error event
[  442.632719][   T68] Bluetooth: hci2: hardware error 0x00
[  442.700270][T11264] binder: 11260:11264 ioctl c018620c 80000700 returned -1
[  443.243820][T11275] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1156'.
[  443.263911][T11272] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1157'.
[  443.332507][  T836] libceph: connect (1)[c::]:6789 error -101
[  443.334909][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  443.341726][  T836] libceph: connect (1)[c::]:6789 error -101
[  443.344928][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  443.601301][  T836] libceph: connect (1)[c::]:6789 error -101
[  443.607863][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  443.689446][T11282] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1158'.
[  443.946930][T11276] ceph: No mds server is up or the cluster is laggy
[  444.309759][T11297] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1170'.
[  444.437978][T11298] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1161'.
[  444.471174][T11298] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  444.473757][T11298] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  444.483199][T11298] vhci_hcd vhci_hcd.0: Device attached
[  444.661945][   T68] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  444.721036][  T835] usb 43-1: new low-speed USB device number 3 using vhci_hcd
[  444.741050][ T6003] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  444.892149][ T6003] usb 8-1: config 0 has no interfaces?
[  444.894049][ T6003] usb 8-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[  444.896914][ T6003] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.904495][ T6003] usb 8-1: config 0 descriptor??
[  445.016009][T11316] syz.1.1165: attempt to access beyond end of device
[  445.016009][T11316] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  445.126076][T11316] XFS (nbd1): SB validate failed with error -5.
[  445.293961][T11302] usb 43-1: recv xbuf, 0
[  445.296175][ T1136] vhci_hcd: stop threads
[  445.297568][ T1136] vhci_hcd: release socket
[  445.303358][ T1136] vhci_hcd: disconnect device
[  445.314842][ T6003] usb 8-1: string descriptor 0 read error: -71
[  445.318874][ T6003] usb 8-1: USB disconnect, device number 8
[  445.364902][  T835] vhci_hcd: vhci_device speed not set
[  446.073695][T11336] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1169'.
[  446.476844][T11339] bond0: option fail_over_mac: unable to set because the bond device has slaves
[  446.480056][   T12] ------------[ cut here ]------------
[  446.482369][   T12] RTNL: assertion failed at ./include/net/netdev_lock.h (56)
[  446.486201][   T12] WARNING: CPU: 2 PID: 12 at ./include/net/netdev_lock.h:56 __linkwatch_sync_dev+0x1ed/0x230
[  446.490648][   T12] Modules linked in:
[  446.493555][   T12] CPU: 2 UID: 0 PID: 12 Comm: kworker/u32:0 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) 
[  446.499583][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  446.503273][   T12] Workqueue: bond0 bond_mii_monitor
[  446.504949][   T12] RIP: 0010:__linkwatch_sync_dev+0x1ed/0x230
[  446.506880][   T12] Code: 05 ff ff ff e8 94 e7 6b f8 c6 05 f7 d0 1e 07 01 90 ba 38 00 00 00 48 c7 c6 20 52 c1 8c 48 c7 c7 c0 51 c1 8c e8 74 c8 2b f8 90 <0f> 0b 90 90 e9 d6 fe ff ff 48 c7 c7 94 43 85 90 e8 ee 6a d0 f8 e9
[  446.513004][   T12] RSP: 0018:ffffc900001e7a00 EFLAGS: 00010282
[  446.514954][   T12] RAX: 0000000000000000 RBX: ffff8880697f2000 RCX: ffffffff817a7f78
[  446.517459][   T12] RDX: ffff88801da94880 RSI: ffffffff817a7f85 RDI: 0000000000000001
[  446.519960][   T12] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  446.522559][   T12] R10: 0000000000000001 R11: 0000000000000000 R12: 1ffff9200003cf4a
[  446.525066][   T12] R13: ffff8880697f2cc5 R14: ffffffff8c372aa0 R15: ffffffff89873400
[  446.528296][   T12] FS:  0000000000000000(0000) GS:ffff8880979ec000(0000) knlGS:0000000000000000
[  446.531431][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  446.533549][   T12] CR2: 000000002f219ffc CR3: 000000000e180000 CR4: 0000000000352ef0
[  446.536322][   T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  446.539696][   T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  446.543164][   T12] Call Trace:
[  446.544610][   T12]  <TASK>
[  446.545741][   T12]  ethtool_op_get_link+0x1d/0x70
[  446.547324][   T12]  bond_check_dev_link+0x3f9/0x710
[  446.549145][   T12]  ? __pfx_bond_check_dev_link+0x10/0x10
[  446.551331][   T12]  bond_mii_monitor+0x3c0/0x2dc0
[  446.552924][   T12]  ? __pfx_bond_mii_monitor+0x10/0x10
[  446.554630][   T12]  ? rcu_is_watching+0x12/0xc0
[  446.556597][   T12]  process_one_work+0x9cc/0x1b70
[  446.558400][   T12]  ? __pfx_process_one_work+0x10/0x10
[  446.560106][   T12]  ? assign_work+0x1a0/0x250
[  446.561758][   T12]  worker_thread+0x6c8/0xf10
[  446.563238][   T12]  ? __pfx_worker_thread+0x10/0x10
[  446.564853][   T12]  kthread+0x3c2/0x780
[  446.566183][   T12]  ? __pfx_kthread+0x10/0x10
[  446.567660][   T12]  ? __pfx_kthread+0x10/0x10
[  446.569124][   T12]  ? __pfx_kthread+0x10/0x10
[  446.570594][   T12]  ? __pfx_kthread+0x10/0x10
[  446.572148][   T12]  ? rcu_is_watching+0x12/0xc0
[  446.573663][   T12]  ? __pfx_kthread+0x10/0x10
[  446.575183][   T12]  ret_from_fork+0x45/0x80
[  446.576777][   T12]  ? __pfx_kthread+0x10/0x10
[  446.578741][   T12]  ret_from_fork_asm+0x1a/0x30
[  446.580809][   T12]  </TASK>
[  446.582410][   T12] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  446.585402][   T12] CPU: 2 UID: 0 PID: 12 Comm: kworker/u32:0 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) 
[  446.589908][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  446.594363][   T12] Workqueue: bond0 bond_mii_monitor
[  446.596288][   T12] Call Trace:
[  446.597509][   T12]  <TASK>
[  446.598791][   T12]  dump_stack_lvl+0x3d/0x1f0
[  446.600771][   T12]  panic+0x71c/0x800
[  446.602459][   T12]  ? __pfx_panic+0x10/0x10
[  446.604379][   T12]  ? show_trace_log_lvl+0x29b/0x3e0
[  446.606599][   T12]  ? check_panic_on_warn+0x1f/0xb0
[  446.608798][   T12]  ? __linkwatch_sync_dev+0x1ed/0x230
[  446.611125][   T12]  check_panic_on_warn+0xab/0xb0
[  446.613314][   T12]  __warn+0xf6/0x3c0
[  446.615000][   T12]  ? __linkwatch_sync_dev+0x1ed/0x230
[  446.616793][   T12]  report_bug+0x3c3/0x580
[  446.618248][   T12]  ? __linkwatch_sync_dev+0x1ed/0x230
[  446.620528][   T12]  handle_bug+0x184/0x210
[  446.622383][   T12]  exc_invalid_op+0x17/0x50
[  446.624318][   T12]  asm_exc_invalid_op+0x1a/0x20
[  446.626284][   T12] RIP: 0010:__linkwatch_sync_dev+0x1ed/0x230
[  446.628821][   T12] Code: 05 ff ff ff e8 94 e7 6b f8 c6 05 f7 d0 1e 07 01 90 ba 38 00 00 00 48 c7 c6 20 52 c1 8c 48 c7 c7 c0 51 c1 8c e8 74 c8 2b f8 90 <0f> 0b 90 90 e9 d6 fe ff ff 48 c7 c7 94 43 85 90 e8 ee 6a d0 f8 e9
[  446.636567][   T12] RSP: 0018:ffffc900001e7a00 EFLAGS: 00010282
[  446.639004][   T12] RAX: 0000000000000000 RBX: ffff8880697f2000 RCX: ffffffff817a7f78
[  446.642304][   T12] RDX: ffff88801da94880 RSI: ffffffff817a7f85 RDI: 0000000000000001
[  446.645530][   T12] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  446.648848][   T12] R10: 0000000000000001 R11: 0000000000000000 R12: 1ffff9200003cf4a
[  446.651395][   T12] R13: ffff8880697f2cc5 R14: ffffffff8c372aa0 R15: ffffffff89873400
[  446.653861][   T12]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  446.655709][   T12]  ? __warn_printk+0x198/0x350
[  446.657693][   T12]  ? __warn_printk+0x1a5/0x350
[  446.659680][   T12]  ethtool_op_get_link+0x1d/0x70
[  446.661722][   T12]  bond_check_dev_link+0x3f9/0x710
[  446.663874][   T12]  ? __pfx_bond_check_dev_link+0x10/0x10
[  446.666213][   T12]  bond_mii_monitor+0x3c0/0x2dc0
[  446.667908][   T12]  ? __pfx_bond_mii_monitor+0x10/0x10
[  446.669596][   T12]  ? rcu_is_watching+0x12/0xc0
[  446.671144][   T12]  process_one_work+0x9cc/0x1b70
[  446.672743][   T12]  ? __pfx_process_one_work+0x10/0x10
[  446.674430][   T12]  ? assign_work+0x1a0/0x250
[  446.675911][   T12]  worker_thread+0x6c8/0xf10
[  446.677385][   T12]  ? __pfx_worker_thread+0x10/0x10
[  446.679009][   T12]  kthread+0x3c2/0x780
[  446.680310][   T12]  ? __pfx_kthread+0x10/0x10
[  446.681784][   T12]  ? __pfx_kthread+0x10/0x10
[  446.683261][   T12]  ? __pfx_kthread+0x10/0x10
[  446.684729][   T12]  ? __pfx_kthread+0x10/0x10
[  446.686195][   T12]  ? rcu_is_watching+0x12/0xc0
[  446.687723][   T12]  ? __pfx_kthread+0x10/0x10
[  446.689196][   T12]  ret_from_fork+0x45/0x80
[  446.690615][   T12]  ? __pfx_kthread+0x10/0x10
[  446.692086][   T12]  ret_from_fork_asm+0x1a/0x30
[  446.693606][   T12]  </TASK>
[  446.695216][   T12] Kernel Offset: disabled
[  446.696592][   T12] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:27:54  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000d5e103 RBX=0000000000000000 RCX=ffffffff8b6953e9 RDX=0000000000000000
RSI=ffffffff8dbdb989 RDI=ffffffff8bf46d60 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10
R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90851410 R15=0000000000000000
RIP=ffffffff8b693c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3c08f0 CR3=000000006c208000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000003 RBX=ffff88802b332de8 RCX=ffffffff93b0dd60 RDX=0000000000000000
RSI=ffffffff8bf46ce0 RDI=ffffffff8dce4d08 RBP=0000000000000001 RSP=ffffc90007567128
R8 =106c24dd993de6be R9 =0000000000000001 R10=0000000000000002 R11=0000000000000000
R12=ffffffff8211241e R13=ffffc90007567300 R14=ffffc90007567314 R15=0000000000000008
RIP=ffffffff81a06451 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978ec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f4e36da4 CR3=000000004ae81000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000002e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c23b5 RDI=ffffffff9addfc00 RBP=ffffffff9addfbc0 RSP=ffffc900001e7370
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=000000000000002e R14=ffffffff9addfbc0 R15=ffffffff854c2350
RIP=ffffffff854c23df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f219ffc CR3=000000000e180000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000cdef69 RBX=0000000000000003 RCX=ffffffff8b6953e9 RDX=0000000000000000
RSI=ffffffff8dbdb989 RDI=ffffffff8bf46d60 RBP=ffffed1003b5a000 RSP=ffffc9000048fdf8
R8 =0000000000000001 R9 =ffffed10056a65bd R10=ffff88802b532deb R11=0000000000000000
R12=0000000000000003 R13=ffff88801dad0000 R14=ffffffff90851410 R15=0000000000000000
RIP=ffffffff8b693c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097aec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000022804000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000