last executing test programs:

1m52.007851256s ago: executing program 0 (id=2807):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}], 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x24, r2, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_IFINDEX={0x8}]}, 0x24}}, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1, {0x0, r6}})
io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_int(r7, &(0x7f0000000080)='cpu.idle\x00', 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000640)=ANY=[@ANYBLOB='-', @ANYRESHEX], 0x8b)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000880)=@newtaction={0x84, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x70, 0x1, [@m_tunnel_key={0x6c, 0x1, 0x0, 0x0, {{0xf}, {0x3c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000000000000}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r11=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000000)={0x48, 0x5, r11})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r11, 0x0, <r12=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r9, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r11, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r9, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r12, 0x0, 0x0, 0x0, 0x0, 0x1000})
ioctl$IOMMU_IOAS_UNMAP$ALL(r9, 0x3b86, &(0x7f0000000c00)={0x18, r11})
close(0xffffffffffffffff)

1m49.750937384s ago: executing program 0 (id=2819):
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
recvmsg$unix(r0, &(0x7f00000000c0)={&(0x7f00000005c0), 0x6e, &(0x7f0000000040)=[{&(0x7f0000000640)=""/190, 0xbe}, {&(0x7f0000000700)=""/4096, 0x1000}], 0x2, &(0x7f0000001700)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x58}, 0x2121)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pread64(0xffffffffffffffff, &(0x7f00000001c0)=""/73, 0x49, 0x400000000000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x0, 0x0)
pread64(r4, &(0x7f0000001440)=""/126, 0x7e, 0x41)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)

1m48.48340754s ago: executing program 0 (id=2826):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000010380713170000000d0001090224000100004000090400000103000002000000000001220500090581032000000000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000440)={0x14, &(0x7f0000000080)={0x40, 0x23, 0x7a, {0x7a, 0x10, "9c77399caa394dfcfad6736db7ecdb212fdd105a359d944f09233b0d80cb37a1fdbe5f8c51dbefb6c1584066706191aa3f4dbd253e121890061ea0a7cabced5251aaea9281d9823328a652214ed362463121f00dad1dbc98793a9bcea926f11eb3d58bcd00bbf6e20a855bc6191e905209b4301a2ffa9eb9"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40e}}}, &(0x7f0000000940)={0x34, &(0x7f0000000480)={0x40, 0xf, 0x24, "944f1ebe6ee1dde79683b9b249f18549fc0cf82ad8349350509b7300d1b3c1d7f184fba5"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000580)={0x20, 0x0, 0x95, {0x93, "2fe713839e6811087da676d5372de6a8aecdb834b7da497731a950b4c842e1a46b0402ed2c3a67fcb3d22ee22d47fa8abcde17c087a4ef82b0f1388507503017cb5db948328aaa4e81bc7628312fa1a218b8a1793ec66dd2c2271a8eb59d75f38e9ee34fb05a1cdbbe55a01d9c56521fab9aa7dd2b989fae56284a9dda2d3dcff0753ad5e94e178a6a8cda1888aad3bcbc59c8"}}, &(0x7f00000008c0)={0x20, 0x1, 0x1, 0x4}, &(0x7f0000000900)={0x20, 0x0, 0x1, 0x60}})
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
listen(r2, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6000000000140601fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8f000000"], 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7ffe, 0x1, 0x4, 0x9, 0xa5, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x2, 0x1c00, 0x2211, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x7, 0x79b, 0x6, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0xfff, 0x2, 0x180000, 0x7, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4005, 0xba27, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x0, 0x4, 0x401, 0x3, 0x8, 0x8, 0x1, 0x1fc, 0xc5d, 0xffffffff]}})
poll(0x0, 0x0, 0x9)
syz_emit_ethernet(0x55, &(0x7f0000000680)=ANY=[@ANYBLOB="0180c200000001802d4a0b0f23e6fa3f7ff3a14de5c200000086dd60010120001f3afffe80000000000000000000000000000000b73d000000000186009078000000000040000000000000000100000275d364439038170001200000000000000000876f04a26022e1ce4f6861cc080d0e9c1810c2441563e5a0b2d1878177139098951e2de35460d7085a76bafc22723de8758981aabcee728202a1b3fba4f6978c596dacf1b07bcf792a72c9bc0885b666e6e168da139fb4c6f59fb11a065626ffe3a2dba7c3fad90f9bf40be81348e0edc82015d271e346526cee2920b3df4f63213c3cb3b312793348e32d35dcf0b890303fd7dd6bf1fd817fa2ada9904f5eac96b4a0c61a77ca642f300fb77995cab5b8f8400880553d0ff0fcb19c6b4bb27e58d6139eced1719f2bc2f69f1f3254ff22cee09e4b0530db298ae826eec39024ec97973a7e0a9e17e0d5911056588d9649a7a24f333518eecc91bbc60185d6b1082d807d0b8189b70cce933216122ace703c2eda3f22044d5ae618d5fc698013a82aa90059642b7ac12478c34a8e3b006c6286ae2e8faca900593e3063d5d4f500000000000000000000000000000000562f38aca90c4f01896cb7e09e4b31af4a8c2b588153af10a6c8bfcc547eb42861ab4fd4671a319336281c81b2796ac95d6a031614d8d49ed6e890426578f777d7bac0888d7e52863a5ef991c36bd76b02f2b3c7e3a36a4e28b4499648fa7ff69051651a73abba6fa074eaf98693fd2400d7c0"], 0x0)
bind$802154_raw(r1, &(0x7f0000000000)={0x24, @short={0x2, 0x3, 0xaaa3}}, 0x14)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)

1m45.215897734s ago: executing program 0 (id=2838):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = syz_open_dev$video4linux(&(0x7f0000000300), 0x6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xa9}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2a}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xbb, &(0x7f00000000c0)=""/187, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$VIDIOC_S_EDID(r2, 0xc0285629, &(0x7f00000001c0)={0x0, 0xfffffe01, 0x80, '\x00', &(0x7f0000000180)=0x5})
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040f0200b70604"], 0x7)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x800)
close(r3)

1m44.487421013s ago: executing program 0 (id=2840):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, r4, 0x49887000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
fstat(0xffffffffffffffff, 0x0)
ptrace$ARCH_SET_GS(0x1e, r2, &(0x7f00000002c0), 0x1001)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r5 = semget$private(0x0, 0x6, 0x0)
semctl$SETALL(r5, 0x0, 0x11, 0x0)
msync(&(0x7f0000246000/0x3000)=nil, 0x3000, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', <r6=>0x0})
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x20000, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r7, 0x4610, &(0x7f0000000380)={0xc})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r8=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r6}, @IFLA_HSR_SLAVE2={0x8, 0x2, r8}]}}}]}, 0x40}}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r9 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f7", 0xf4240}], 0x1}], 0x1, 0x0)

1m44.212018551s ago: executing program 0 (id=2843):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1080800, &(0x7f0000000400)=ANY=[@ANYRES32=r1, @ANYRES64=r1, @ANYRES32, @ANYRESDEC=r2, @ANYRES64, @ANYRESHEX=r0, @ANYRES8, @ANYRESHEX=r0, @ANYRESDEC=r2])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0\x00'})
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x20000000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)

1m43.696087311s ago: executing program 32 (id=2843):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1080800, &(0x7f0000000400)=ANY=[@ANYRES32=r1, @ANYRES64=r1, @ANYRES32, @ANYRESDEC=r2, @ANYRES64, @ANYRESHEX=r0, @ANYRES8, @ANYRESHEX=r0, @ANYRESDEC=r2])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0\x00'})
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r6 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4050}, 0x20000000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)

44.29400294s ago: executing program 2 (id=2990):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = semget$private(0x0, 0x4, 0x589)
semtimedop(r1, &(0x7f0000000300)=[{0x3, 0xfff7, 0x1000}], 0x1, 0x0)
semctl$SETVAL(r1, 0x3, 0x10, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xe, 0x4, 0x4, 0x10, 0x0, 0xffffffffffffffff, 0x1000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffff, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@bloom_filter={0x1e, 0x3, 0x0, 0x3, 0xa184, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x0, 0x9, @value, @void, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)

42.628210181s ago: executing program 2 (id=2992):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00'}, 0x10)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x9, 0x101, 0x1, 0x1, 0x2, 0x9, 0x391, {0x0, @in={{0x2, 0x8001, @multicast1}}, 0x2, 0x80000001, 0x5a, 0x8, 0x80}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r2)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010326bd6000000000002d9300000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x20040814)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

41.472247918s ago: executing program 2 (id=2995):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xffffffffffffff1b, 0x24, 0xf, 0x1, 0x0, 0x4, 0x4}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0})
bind$nfc_llcp(r0, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f0000000140))
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x22a101, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000140)="d8", 0x1, r2)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000480)=@keyring={'key_or_keyring:', r3})
request_key(&(0x7f0000000400)='user\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, r2)
r4 = syz_open_dev$loop(&(0x7f0000000040), 0x7, 0x143a81)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x41e43, 0xf0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, 0x0)
ioctl$BLKFLSBUF(r4, 0x1261, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r6, 0x84, 0x24, &(0x7f0000000040)=ANY=[], 0x1000f)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_pts(r5, 0x8000)
ioctl$TIOCSERGETLSR(r7, 0x5459, &(0x7f0000000180))

40.780382722s ago: executing program 2 (id=2999):
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa0, @void, @value}, 0x94)
ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f0000000180)={0x1, 0x3})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = inotify_init()
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r3 = inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x8c7)
write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYRES64=r3], 0x69)
close(r2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
clock_gettime(0x0, &(0x7f0000002100)={<r8=>0x0, <r9=>0x0})
syz_open_dev$dmmidi(&(0x7f0000002180), 0x2, 0x519802)
recvmmsg$unix(r5, &(0x7f0000002000)=[{{&(0x7f00000003c0), 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/164, 0xa4}, {&(0x7f00000005c0)=""/200, 0xc8}], 0x2, &(0x7f00000006c0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f00000007c0), 0x6e, &(0x7f0000000280)=[{&(0x7f0000000840)=""/82, 0x52}, {&(0x7f00000008c0)=""/180, 0xb4}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x3, &(0x7f0000001980)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}}, {{0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000001a80)=""/94, 0x5e}, {&(0x7f0000001b00)=""/235, 0xeb}, {&(0x7f0000001c00)=""/83, 0x53}], 0x3, &(0x7f0000001cc0)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x130}}, {{&(0x7f0000001e00), 0x6e, &(0x7f0000001f80)=[{&(0x7f0000001e80)=""/159, 0x9f}, {&(0x7f0000001f40)=""/12, 0xc}], 0x2, &(0x7f0000001fc0)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}], 0x4, 0x10040, &(0x7f0000002140)={r8, r9+60000000})
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @multicast2}, 0x2}}, 0x26)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

39.737043038s ago: executing program 2 (id=3002):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x50, 0xa5, 0x9b, 0x20, 0x46d, 0x8b7, 0x99db, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6b, 0x7e, 0x7c}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
r2 = socket(0x1, 0x803, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100)
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0)
r6 = dup2(r3, r2)
ioctl$sock_inet_tcp_SIOCINQ(r6, 0x541b, 0x0)
r7 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r7, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000680)="4ba72c4cfd81685544f46c3f0800b90dba34442e7f46464db2e3b341a4ca632d139a", 0x22}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)

38.868150238s ago: executing program 2 (id=3004):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"/15], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r3, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0xfffffed4, 0x1}}, 0x20)
writev(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, 0x0, 0xe00)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0)

13.033626182s ago: executing program 3 (id=3066):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x2}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fedbdf2505000000080009000200000008000c00aa0a0000060001000500000008000b0004000000050005"], 0x3c}, 0x1, 0x0, 0x0, 0x20006911}, 0xb0)

12.700332991s ago: executing program 5 (id=3067):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x60400)
syz_io_uring_setup(0x4d67, &(0x7f0000000440)={0x0, 0x4c25, 0x4000, 0x2, 0x3f79}, &(0x7f00000004c0), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000540)={{}, {0x4}}, 0x24, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000380)={0x3, 0x1, 0x6, 0x7, 0x1, 0x81, 0x6, 0x152})
bpf$MAP_CREATE(0x1800000000000000, &(0x7f0000004080)=ANY=[@ANYBLOB="0400000004000000040000000100000000080000", @ANYRES32, @ANYBLOB="0000000000ffff00"/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x48)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="60000000020600060000000000000000070000090900020073797a300000000005000100070000000500010007000000050001000700000005000100070000000500050001000005000a0000000500050007000000"], 0x60}}, 0x44000)
socket(0x2, 0x3, 0x67)

12.181158257s ago: executing program 3 (id=3069):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x25, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x64010102}}, 0x0, 0x4}, 0x90)
socket(0x1, 0x803, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x14)
getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000300)=""/233, &(0x7f0000000040)=0xe9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa6ee6000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
msgctl$IPC_RMID(0x0, 0x1000000)
rt_sigqueueinfo(r2, 0x6, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f0000000300)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100030c100000000000224e0000", 0x58}], 0x1)
syz_usb_connect(0x2, 0x24, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r0], &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0})

11.091594226s ago: executing program 5 (id=3070):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x4}}, './file0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000021c0)={0x0, 0xfffffffa}, &(0x7f0000002200)=0x8)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xc00, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_CPUID2(r3, 0xc008ae91, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0xa4, &(0x7f0000002080)={@empty, @remote, @val={@val={0x88a8, 0x5, 0x1, 0x2}, {0x8100, 0x7, 0x0, 0x1}}, {@mpls_uc={0x8847, {[{0xd, 0x0, 0x1}, {0x7691, 0x0, 0x1}, {0x58d6}, {0x5, 0x0, 0x1}, {0x4}], @generic="81e636a6114e33417d217d38dfb63fdd1c6752fa7718052dfe1e9b16dd6898660296cc98d26a542ccbd8a496ca51358921a68b80fb4d91bc0f16d5abc11edc4d55bfd340fb7ee3a0a21aa213df439b1b985b870a1f8ad8b4e4b861a95cd833e5e2eee9c84e9ce666ba69b430f2624cb15e938ee6aef3f27e25c5"}}}}, &(0x7f0000002140)={0x1, 0x1, [0x4d1, 0x93d, 0x2ce, 0x1cb]})
fanotify_mark(0xffffffffffffffff, 0xc4, 0x8000038, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
r8 = epoll_create(0x6)
r9 = dup3(r7, r8, 0x0)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSNPMODE(r10, 0x4008744b, &(0x7f0000001300)={0x57, 0x2})
read$FUSE(r9, &(0x7f0000000040)={0x2020}, 0x2020)

9.483863262s ago: executing program 5 (id=3074):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1, {0x0, r5}})
io_uring_enter(r2, 0x3516, 0x0, 0x4, 0x0, 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_int(r6, &(0x7f0000000080)='cpu.idle\x00', 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000640)=ANY=[@ANYBLOB='-', @ANYRESHEX], 0x8b)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000880)=@newtaction={0x84, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x70, 0x1, [@m_tunnel_key={0x6c, 0x1, 0x0, 0x0, {{0xf}, {0x3c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000000000000}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f0000000000)={0x48, 0x5, r10})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r10, 0x0, <r11=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r8, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r10, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r8, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r11, 0x0, 0x0, 0x0, 0x0, 0x1000})
ioctl$IOMMU_IOAS_UNMAP$ALL(r8, 0x3b86, &(0x7f0000000c00)={0x18, r10})
close(0xffffffffffffffff)

6.134272765s ago: executing program 1 (id=3076):
open(0x0, 0x143142, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000200)={@local, @random="6a2ddcf6177a", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x68, 0x700, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x0, 0x2}}}}}}, 0x0)
bind$802154_dgram(0xffffffffffffffff, &(0x7f0000000000)={0x24, @none={0x0, 0x3}}, 0x14)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}], 0x0)

4.604412772s ago: executing program 4 (id=3077):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000850000002a000000180100002025642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000089cdc832850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000000400)="b9ff03316844268cb89914f088a8ae410e73", 0x0, 0x2005, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r0)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f00000001c0)={0x1c, r2, 0x1, 0x70bd67, 0x255fdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800)

4.602560368s ago: executing program 1 (id=3078):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x805}}, './file0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x7, [@enum64={0x3, 0x5, 0x0, 0x13, 0x1, 0x1, [{0xfffffffd, 0x9}, {0x7, 0xd2, 0x3}, {0xc, 0x1, 0xe7}, {0x42, 0x7fff, 0xffff3c36}, {0x5, 0x7, 0x9}]}]}, {0x0, [0x61, 0x2e, 0x5f, 0x61, 0x4f]}}, &(0x7f0000000c40)=""/3, 0x67, 0x3, 0x1, 0x1, 0x0, @void, @value}, 0x28)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r6, 0x4122, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
readv(r5, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1)
r7 = epoll_create(0x6)
r8 = dup3(r3, r7, 0x0)
read$FUSE(r8, &(0x7f0000000040)={0x2020}, 0x2020)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x18, 0x1401, 0x1, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x4044080)
socket(0x10, 0x3, 0x0)
r10 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030017000b63d25a80648c2594f92e24fc60100c034002000009053582c137153e370248078000", 0x29}], 0x1}, 0x0)

4.571977725s ago: executing program 3 (id=3079):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x60400)
syz_io_uring_setup(0x4d67, &(0x7f0000000440)={0x0, 0x4c25, 0x4000, 0x2, 0x3f79}, &(0x7f00000004c0), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000540)={{}, {0x4}}, 0x24, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0)
bpf$MAP_CREATE(0x1800000000000000, &(0x7f0000004080)=ANY=[@ANYBLOB="0400000004000000040000000100000000080000", @ANYRES32, @ANYBLOB="0000000000ffff00"/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x48)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="60000000020600060000000000000000070000090900020073797a300000000005000100070000000500010007000000050001000700000005000100070000000500050001000005000a0000000500050007000000"], 0x60}}, 0x44000)
socket(0x2, 0x3, 0x67)

3.858796747s ago: executing program 5 (id=3080):
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000f00)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) (fail_nth: 6)

3.855198316s ago: executing program 4 (id=3081):
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0xffe)

3.715326985s ago: executing program 4 (id=3082):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r0}, 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="24000e28", @ANYRES32, @ANYRES64], 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x8800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r6)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="cf040000000000f100001300000008000300", @ANYRES32=r9, @ANYBLOB="0400130006001200000000000600b500850100000a00060008021100000100003c0081"], 0x78}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00'})
listen(r0, 0xda90)
r10 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r10, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
socket(0x2, 0x2, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00e1ff", 0x8, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x3}, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0xbc64, 0xf801}}}}}}, 0x0)

3.20812396s ago: executing program 5 (id=3083):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xffffffffffffff1b, 0x24, 0xf, 0x1, 0x0, 0x4, 0x4}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0})
bind$nfc_llcp(r0, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abff005597c8ef039a5be42200", 0x38}, 0x60)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f0000000140))
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x22a101, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000140)="d8", 0x1, r2)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000480)=@keyring={'key_or_keyring:', r3})
request_key(&(0x7f0000000400)='user\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, r2)
r4 = syz_open_dev$loop(&(0x7f0000000040), 0x7, 0x143a81)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x41e43, 0xf0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, 0x0)
ioctl$BLKFLSBUF(r4, 0x1261, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r6, 0x84, 0x24, &(0x7f0000000040)=ANY=[], 0x1000f)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_pts(r5, 0x8000)
ioctl$TIOCSERGETLSR(r7, 0x5459, &(0x7f0000000180))

3.207494595s ago: executing program 3 (id=3084):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000044e22008d31324320dcb010c03010902120001040020000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000a00)={0x34, &(0x7f0000000040)={0x0, 0x14, 0xc, "0862bf9a7aeab2d54e32e280"}, 0x0, 0x0, 0x0, 0x0, 0x0})

3.159550479s ago: executing program 1 (id=3085):
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa0, @void, @value}, 0x94)
ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f0000000180)={0x1, 0x3})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = inotify_init()
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r3 = inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x8c7)
write$binfmt_elf32(r2, &(0x7f0000000040)=ANY=[@ANYRES64=r3], 0x69)
close(r2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
clock_gettime(0x0, &(0x7f0000002100)={<r8=>0x0, <r9=>0x0})
syz_open_dev$dmmidi(&(0x7f0000002180), 0x2, 0x519802)
recvmmsg$unix(r5, &(0x7f0000002000)=[{{&(0x7f00000003c0), 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/164, 0xa4}, {&(0x7f00000005c0)=""/200, 0xc8}], 0x2, &(0x7f00000006c0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f00000007c0), 0x6e, &(0x7f0000000280)=[{&(0x7f0000000840)=""/82, 0x52}, {&(0x7f00000008c0)=""/180, 0xb4}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x3, &(0x7f0000001980)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}}, {{0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000001a80)=""/94, 0x5e}, {&(0x7f0000001b00)=""/235, 0xeb}, {&(0x7f0000001c00)=""/83, 0x53}], 0x3, &(0x7f0000001cc0)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x130}}, {{&(0x7f0000001e00), 0x6e, &(0x7f0000001f80)=[{&(0x7f0000001e80)=""/159, 0x9f}, {&(0x7f0000001f40)=""/12, 0xc}], 0x2, &(0x7f0000001fc0)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}], 0x4, 0x10040, &(0x7f0000002140)={r8, r9+60000000})
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @multicast2}, 0x2}}, 0x26)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

2.241660756s ago: executing program 4 (id=3086):
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000040)={0x2})
close(0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020100000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)="140000001d000b63d25a80648c2594", 0xf}, {&(0x7f0000000580)="3f1c2725e7", 0x5}], 0x2}, 0x4000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a60000000160a01010000000000000000020000000900020073797a31000000000900010073797a30000000002c000380080002400000000008000140000000001800038014000100776c616e3000000000000000000000000800074000000001"], 0x88}}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x200000000000000)

2.121427829s ago: executing program 3 (id=3087):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000400)=""/228, &(0x7f0000000000)=0xe4)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)=0x80000003)
r2 = dup2(r1, r1)
read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020)
syz_io_uring_submit(0x0, 0x0, 0x0)
prlimit64(0xffffffffffffffff, 0x9, &(0x7f0000000240)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8)
r4 = openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x200, 0x0)
ioctl$IMCLEAR_L2(r4, 0x80044946, &(0x7f0000000500)=0x3)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a"], 0x64}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendto$inet6(r0, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)

1.971948s ago: executing program 3 (id=3088):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x40049366, &(0x7f0000000040))
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000600)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000200)}}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
dup(r0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x19, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000200002020207b1af8ff93995dbfbfa100000000000007010000f8ed06c2cb279673802b7f4c02bb9c00000000b7030000000000008500000070000000952e0b191ec363e6de7bea555b5b48b3d06b58e81422ff70cbb07bcacb6b52be59668693f9ea27b611a9e72d8a171b30aab2ba41e1a493b6bee32fc18edb59f43631e4516781bb407c958c54bd13a3592b2052ef4e1b3821d1c76edca825a76f58da35b90b623c3d46cc69912906314506fc1e8bcdd1a45917d38cac11bb55088b397e55bf6c780b3de8d3559d34a5bce8deda96e3357cea251e912a23aa45ff351e174f8a9fbaa4a022c73d7e4f7c254e906355"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r2, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000440)='xprtrdma_frwr_alloc\x00', r3}, 0x18)
socket(0x2a, 0x2, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e21, @rand_addr=0x64010102}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x22}}, {0x2, 0x4e21, @broadcast}, 0x2, 0x0, 0x0, 0x0, 0x80, &(0x7f0000000380)='ip_vti0\x00', 0x1, 0x2, 0x7fff})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
keyctl$session_to_parent(0x12)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
pipe(&(0x7f0000000080))
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a0102000000b3066dc6a50fa9b7515819b7b0f6c9310000000000ff7f00000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000014000000"], 0x88}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[], 0x4c}}, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x41}, 0x8)
r7 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x400000, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(r7, &(0x7f0000000680)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="000051af", @ANYRES16=0x0, @ANYBLOB="000425bd7000fddbdf2501000000080001003800000008000300", @ANYRES64=0x0, @ANYBLOB="05b655ff5f837fbfb00ee9c24e492300"/29], 0x24}, 0x1, 0x0, 0x0, 0x4004011}, 0x24004000)

1.90970015s ago: executing program 1 (id=3089):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x805}}, './file0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x7, [@enum64={0x3, 0x5, 0x0, 0x13, 0x1, 0x1, [{0xfffffffd, 0x9}, {0x7, 0xd2, 0x3}, {0xc, 0x1, 0xe7}, {0x42, 0x7fff, 0xffff3c36}, {0x5, 0x7, 0x9}]}]}, {0x0, [0x61, 0x2e, 0x5f, 0x61, 0x4f]}}, &(0x7f0000000c40)=""/3, 0x67, 0x3, 0x1, 0x1, 0x0, @void, @value}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r4 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r4, 0x105, 0x5000003a, r3, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r5, 0x4122, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r6 = epoll_create(0x6)
r7 = dup3(0xffffffffffffffff, r6, 0x0)
read$FUSE(r7, &(0x7f0000000040)={0x2020}, 0x2020)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x18, 0x1401, 0x1, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x4044080)
socket(0x10, 0x3, 0x0)
r9 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r9, 0x0, 0x0)

1.818637219s ago: executing program 4 (id=3090):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400, 0x1, {0x0, r5}})
io_uring_enter(r2, 0x3516, 0x0, 0x4, 0x0, 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_int(r6, &(0x7f0000000080)='cpu.idle\x00', 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000640)=ANY=[@ANYBLOB='-', @ANYRESHEX], 0x8b)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000880)=@newtaction={0x84, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x70, 0x1, [@m_tunnel_key={0x6c, 0x1, 0x0, 0x0, {{0xf}, {0x3c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000000000000}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f0000000000)={0x48, 0x5, r10})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r10, 0x0, <r11=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r8, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r10, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r8, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r11, 0x0, 0x0, 0x0, 0x0, 0x1000})
ioctl$IOMMU_IOAS_UNMAP$ALL(r8, 0x3b86, &(0x7f0000000c00)={0x18, r10})
close(0xffffffffffffffff)

632.12318ms ago: executing program 1 (id=3091):
r0 = socket(0x10, 0x2, 0x0)
recvmmsg(r0, &(0x7f00000003c0), 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r2=>0x0})
r3 = syz_open_dev$usbmon(&(0x7f0000000340), 0x0, 0x101)
r4 = syz_io_uring_setup(0xfc5, &(0x7f00000010c0)={0x0, 0x0, 0x2}, &(0x7f0000001080)=<r5=>0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x0, 0x10a5, 0x3, &(0x7f0000000040)={[0xcb]}, 0x8)
ioctl$MON_IOCG_STATS(r3, 0x80089203, &(0x7f0000000380))
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0xfffffffffffffdee, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7fb}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x2}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x0, 0x6, r2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x400400c4}, 0x40)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001cc0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000003c0)="063056fddb28f1c02a8de34193f2a9501a657c0eb102e043d55fc945a5af470251d80ad58ab1199134411f47f8e7b6bbd369c094a09cadb9249509cbe98ec56db68dfa17", 0x44}, {&(0x7f0000000440)="dfea99f303412de802a31db9fbe5fb038a15c32af34d018bf72eece018144957fe77f141e044198836b73c66e54b8506f4b15f758c87ab206e97023ce2b442e27d40cefd3300e960151b0b7f18e9ec754f59336d577a4e42a88da871fb8c680bcf9cd99104c54d21713a8db886daae189ffa7004abbd35b9fbd2553964f791ff8940166c3f2ecf2fd15d2f5aee9c5fd2f1fa73dfb85a3210c3441f84f048cc9c2b4b1f5235be94de82f6f688951be7de25468cc28ecac51b8845512daa263e5f096e7001d1893ae317814431909ef8d444b11f965b2523898ee7b2ff316100b2d4536ae3f464bd0bcf956c20917515e176207a993a63bcb2f0453712b902", 0xfe}], 0x2, &(0x7f0000000580)=[@timestamping={{0x14, 0x1, 0x25, 0xe}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0xe2a3}}, @txtime={{0x18, 0x1, 0x3d, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @txtime={{0x18}}], 0xd8}}, {{&(0x7f0000000680)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000700)="6d1697e6", 0x4}, {&(0x7f0000000740)="4dcf839e61902e716f5559b17e93fda46b447aafa6e328f550a97e42728ba09466bb6d40d8d344e0e9823d71364c767f80fcb7d87ab4e5480dd82735cc19f9ae52634e0d9bcf5632fbcfeecdab3dd1d92e80e361a71fc24480d3670c57a86ee4d6248fc784e15a996a694980", 0x6c}], 0x2, &(0x7f0000000800)=[@txtime={{0x18, 0x1, 0x3d, 0x800}}, @txtime={{0x18, 0x1, 0x3d, 0x8000000000000001}}, @txtime={{0x18, 0x1, 0x3d, 0xc8e2}}, @timestamping={{0x14, 0x1, 0x25, 0x80000001}}, @mark={{0x14, 0x1, 0x24, 0x7}}, @mark={{0x14, 0x1, 0x24, 0xfffffff7}}], 0x90}}, {{&(0x7f00000008c0)=@nl=@unspec, 0x80, &(0x7f0000000dc0)=[{&(0x7f0000000940)="b00c417518b4f296678f8f97052f366e039182799d36ddab3ba9fc8f3d0caa3617fe09fbe696a7323ab866818a2cdf2c240a41a4d188320d6eace7e2201d63d677a5aa01f6d4caf00aa0753feefd6d9cd885e920ee81997a7a63a06a12252d08e3719177ba3571ed29031f63cf3145da045d7db515732d515aef4db4c0c0e6a70e6233aa8cde2b80656da936c08c2b8c94a84e58ec1d9cde60737e517b66feb537391dbdc53aeb3dbe389cc254c4191d", 0xb0}, {&(0x7f0000000a00)="f0501138b03b9dec00ac2732ef498b6379900c3793d906d464d1f7b08d63cc00c3114a65680643db85a1e1ffa2057afe612925dc98bcbf71f2bf29b4a22b0e10e2ccace605dbee2d78cd7065bcb84e3377509d05d7e675a64bc947941bf5d09032bde5511de286e2c555990db964f91a1895851402f2c76b8b5a0327327c692bb32125f6b0a1abba380bc5", 0x8b}, {&(0x7f0000000ac0)="683cd143ca5d76bf8d42420744a7f1bd29a5db63f6869e4375846aa4ab083d3145a57b950462109af5fddbceced81e4d1a834a79dbb2ce5ec54e4aa9b74f1ec5ab53def763b84b55fb7c796e451d26d402a7059439136c2c5fb6f75b5a13d86bdf0b1ed9d663be5f838ebdc9c87506861a53b681f93f5954551e3f42c011e9a088c71c1ec2818e0aec1c7ffe51937769f93246a1855ce1111c785f05665d6cfaa4a5d408f134e8a5777a27fc2062", 0xae}, {&(0x7f0000000b80)="f4b3477232b4c0f28b8beb6e7c18f038aae038ffa7b5f3a89a6b4aa79ee5a019f55239951dd83ef3cd4fbaae1db8abbc54728d564fbb67626276a38564f9ff3e4891dc8e47636f38c95f86005ce109f93f469a9dc0ce71da4a5b6ef61f2fcf361d7a0429b65f3e53fd56c65ff458feff9fbd90558dee2ed20c8999db1a0bcfb3be43b172af9db997843be77805f01c56166ae1200eec87c547d97788e37329064f2567297126f83cdd9d97d21b95cc7e049ed95e2a1d0da29fa5f4c8f7eb5d5500fa9f7250de22ffeea0e2f6d0597818910eebf3e6685c74b8ee71879a", 0xdd}, {&(0x7f0000000c80)="3edd8f4b13db7e57a1dc40e5f8a1d99da3bf24cd06c24eba5238ec31f3f2", 0x1e}, {&(0x7f0000000cc0)="91f2a4cf945b24c9f58efbd69936779bb9ed33b0f1ed5db4df4f058b657e7c28faf171afe353dfa847937c96e7710393855f7128f7de12579f466b3b8185ab8065bcf3bf56ff42e80358a2276974fda071b6b8270322e12b88893ba288f019dc0cf381a29bbd9f5218cbd3b3d77d03ad6e1709009dd5e49fc79e5a7aea288e325ca3e273707510986122a6957e04e9cc54c8c575a2652523df3f0fab815a480a3890d8d1b09741fd529e877f91dc65d893efc4a031b43a7fe4e13ec4d8bf7259679560fd6d93910c4351fd06283103d095fe0283ebd31fdbbd6fba151e73fb620bea9dc1452dabbe61a5c0a660c19afc3540479769d7fad010215e0c", 0xfc}], 0x6, &(0x7f0000000e40)}}, {{&(0x7f0000000e80)=@ethernet={0x306, @multicast}, 0x80, &(0x7f00000010c0)=[{&(0x7f0000000f00)="d12167d56756622e18e9e192bd04015db48a2d1db32c8c04460c9df7a061ef2cee469847bc7300bad06f5fa79826f300e1a349350bbb523a1457725d06a4d836252a808857f0db65ce796ae424ba9f814768b0e7e4e86ce7f5ae6c17f705", 0x5e}, {&(0x7f0000000f80)="9bf9140b9b379644580a9cc069b953f17356e70335e13f90a3345976bb1325a77d01bfb3f29edbd2d7873be786a094bd4d7aa8e20f29e5db2e84a9e09bf0b47b998fa5d550a6438ae29c6b49beb74fc8fadfdcbca624de84b1914543d696c2d75e30eabd234e2b409f1ba61f6b09d5dcef468208aea03c83585ac23675ab32758a66442cf88a480a748436ea8934cf6710bf635eb26e90a5b49767e23df4d84aa7207b97235548d4c0aba6768aeb67b4d21b0748b834852e078ac4898e5d7a75", 0xc0}, {&(0x7f0000001040)="109994e979fffa0e7e3b77364a2c232793d04f7e11714ba08c", 0x19}, {&(0x7f0000001080)}], 0x4, &(0x7f0000001100)=[@txtime={{0x18, 0x1, 0x3d, 0x400}}, @txtime={{0x18, 0x1, 0x3d, 0x449}}], 0x30}}, {{&(0x7f0000001140)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1}, [@default, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x80, &(0x7f0000001280)=[{&(0x7f00000011c0)="6ad20fe995eb86bb7e8b75ed9f9e1957512a5784f8b5582c2dc052e8427bc5b13d98d127e3bdb373489d1ebbdadfde0ff014915dbe306009134cc706b70de58223e1ce57a5832678ec64e2ddfb683ffc9635527669f6e6bd43fac323792fa0bdc0bf5009bbd3cd3093c33cd8013d4cb4ea0ebea8440f487e500662a63799d1e1f605", 0x82}], 0x1}}, {{&(0x7f00000012c0)=@in6={0xa, 0x4e22, 0x4, @private2, 0x6}, 0x80, &(0x7f0000001680)=[{&(0x7f0000001340)="b44aa40fb5db9490e8dae104fca47db31c6a84681909", 0x16}, {&(0x7f0000001380)="a409c4fa7f9fac", 0x7}, {&(0x7f0000001480)="5183b6d1dfc2943861a0cf259b38d04761646f2a392678e2826dfe985c6b4e40bd5ca63d449fa7a614235e9857680ee6f824c98f559e206c2a2cfde157086026ffd5caa7992066e1a12f1e0caf5819a831525f86754ffad59437c40c5732cea0ba0470ab664117c545481f9de863c351af3aae8ed81717889ffe997d90377d4245a319cdf109fb341dae123916e47cc86cb11e5e0e30bced79bbd2f85087a8a85d6c2cc7fcd49df77defebb3e3673c51c96ec56b0b669ac314e8c4ed48a75b3951261f71632b34e74f1735c296719f0a249846c341330527", 0xd8}, {&(0x7f0000001580)="75b9e40b141d60564dde68d45c6adc4f3d68ee127a8fccd82ac0d187f5872368ad528f0cb10770c7aa082760ffccfb6f2ad1215bdc1c7d7b411aea37196e4b2903f403498fabc016ddbadfdb104a64abf371a7136ebb547ffb86195f524d8bae4aff0b3a29ed41dcfd1484a5ab30b4ba5b5bcd4ef93f106e5e90122060f01f6a9642f9843dd0c423ae0487c0467521c78cdaf4b7310fbd15ed4c5ba8a824d342b58a67857fc4dc6034c563ae86827ef9ed53891a9fe06037f32735b389f03a317d0c26ce12b3f26c9de9841d5b8b93122423a70ca15db59959884ebce07242a029", 0xe1}], 0x4, &(0x7f00000016c0)=[@txtime={{0x18, 0x1, 0x3d, 0xb0}}, @mark={{0x14, 0x1, 0x24, 0x7}}, @mark={{0x14, 0x1, 0x24, 0x81}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @mark={{0x14, 0x1, 0x24, 0xdd09}}], 0x90}}, {{&(0x7f0000001780)=@pptp={0x18, 0x2, {0x3, @empty}}, 0x80, &(0x7f00000018c0)=[{0x0}], 0x1, &(0x7f0000001900)=[@mark={{0x14, 0x1, 0x24, 0x7fff}}, @mark={{0x14, 0x1, 0x24, 0x980d}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000001a40)}, {&(0x7f0000001b40)}], 0x2}}], 0x8, 0x4000001)
mount$cgroup(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000040)={[{@name={'name', 0x3d, 'user_.'}}, {@name={'name', 0x3d, 'user_.'}}]})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002f000b12d25a80648c2594f90324fc601000084002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

490.679287ms ago: executing program 4 (id=3092):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x20a02, 0x0)
ioctl$TIOCCONS(r3, 0x541d)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0x80184132, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="8500000052000000040000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
link(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000280)='./bus\x00')
chdir(&(0x7f00000003c0)='./bus\x00')
mknod(&(0x7f0000000500)='./bus\x00', 0x1000, 0x0)
r4 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
r5 = inotify_init1(0x0)
inotify_add_watch(r5, &(0x7f00000006c0)='.\x00', 0xaa)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
dup3(r5, r6, 0x0)
readv(r6, &(0x7f0000000400)=[{&(0x7f0000000340)=""/40, 0x28}, {&(0x7f00000002c0)=""/27, 0x1b}], 0x2)
write$UHID_INPUT(r4, &(0x7f0000005cc0)={0x8, {"d218b51452f99aeb6fc6d18f670f187ccc5c62398979ae3fd684f7536b8f103d1286ac9b3f26da84636a27ace45245e6bdb499a880ef3bd7b98b8119ab4f5f357ce7eb885e2a2266c23720e9da5da361b51aec2b6f7c76a66d279c88f4263968eb72872142b7093d78d6248ca1f6856826540c2e85c7e439b11a3cd5e1188d7e9bee35a7811e1d43d72337afa82b61097c58973836e88ae3f67f91be74df93205613abd0495d02a24cde64d696ac31d632c586dc8256a562f2ddcaf0c3a3177b6c612d2a5a6e89b025be95beb9564ef3e12bb6e7029ee4054ed085a40fc811dff796eadebf973e473301fa26b5cebe532397c51c9860c9feb3ad52003e22ea942018cfb663722878beb5c9a901af60c369cecb16a289e94480714543e4b8abfe1cc3d8300f779a0008bec275c9c30ab61b3215d1dc1015af8ba3b6652d82a2ba30a47e3fccebeec4ad11cb6cfd010183d1c4e0d86671f422169b603f4db38c4e03b7e88b4f90ed1ce5f82dc620b4bc8d16167352cb95d06024a7b73e9597ff17d2255731612bf22a26faeddbcbfc0f5f54931afc393a8196110ddc0e231dbcc7cdc9877e527c8b32817912c7ae88e1164496a66d614d7aa9dd087fd27ac2a08b193070b366212581637eab6521b60518ec4bf0864e35818cc4a315339796330e6a78b10cd38c319789e479813959f44bde4314dceeda41a70a171a1a693224f36e84397ffb3f8bf1a39e0838478b0eaf881342434cc3a42d68e4dd3c98acc737f69960240dffc1e9c3de9e02189c782d76e18daf47e546914e4059f29895a049121d31a3d2d494de073ad7a6e641144b21c48ebf20f85934a0bc6e46364326d49c87d933d2015d63e9e82bc84f663059ab65f17104fed0c3a1dd4b995630f1ce13c2b2b278a51a33ca4c549b91da7dbccb6ccdd8209c02acb6a713992a2a318b463f1b79275ba043cd32f6b66cc77e71e2b9f4f6fbc922f95a1e0206ede7f0cc88ccb8e9246b8af37f019420c8ff2ac7e0255ff67b4a5bd69c9f548c7daf34a10621f271a46c7859b0fb53bd5ff8a0b06701b0e7f55d6f28171aa2ee60cd7a4a5e89145e3af07d8d866eedb0c69b0856b9f461bcd5a1a27dcf6d8eccdc5f077a10b53e9cb2d573c9ebfda39792e7a0a963ac8062c3f10410ba4983adcb2a7b70c461bf4c46862d799249670fc057e8c4e1d839ca039cd3478c593b16c9d1d53463f07af232487018ea6a6570f6960690a2689e7bbdbc45ddd52e2b0f80fb654c1d839600e99fffd9816352155d60e70c0029938ec28d55a6d681b1811e3494ad604aab99c40f61b0be8114109a2bae0350261882eb1c7eb6df2d71446af9168229ca454487e8e508f188e523baa97506e2fb1e837ef4cbae9b374029b7c716fded3857c0216e7581d08a7a1f888c0e8835211d2cac260289668d0a76da1bc06d79ee800363808ff1a229e2507642e3bfe105f776abb59a5a9506406873672722862aa8c7defb2205fc7bd3b082e177f3c6013b8dd13462386d01313b2dc6f60a2114b954eff5898ef434cabd07bf7559b4d83dad27872e3790ad63d041e44a57491a58350a8f8e77e6959282a2d7805e48a634c7b5d676d8fcc8a6fe1dbecdfd2a038cab7b7ea508bc743143abf928db2daa32dee62f314d19db55eaaafeaafa2932cc6662576c5ce0ae2797c3327fb572ef09cc911d44026c2dc84a53c1ff4a8a295aeb83487f679f0af6c1aa9a53c1e81b3c494257ab86e53d223b54ab7788c894ae9729992796faf0d3d1043484e26aba10785d241a2b29e424a44ab91855c8509a45884c6ad0bc5d43763e598da2276ee57ccd867aea0fa430cf38670e6c8b9aee1be136a81a5b292609679e2f0748e521231239d1bfa55107505fb7837e15b873e0f94a8d1333c0be9134cd765d0cd2fcaeb15e1da0a997222b8a810ad4e3c837779ea415b5a67e5e2a6c4a3b044caad62dd6ac0d5ee574626ee1a95290148742e79d29a062d6a05f38e5bd6730a9ab66509d808f60514021fc6e2769ec3cecf6796513a8c49780ea164293c38bd263fcd002369ef8b51cc4f1689966e3a6ede23c1402352e6cd19dbfe15a52a2b229a517a7c9265596ca1a76bc10e770447e1c25e941302dea37537f9c3bb878b25c2371247e3ffe17ac72f10598e2e52c1654d487bed4d9ad3df4bed0f9bc697ce1d38561060349fe2da1ae7054dcb76d6cb36c64b38e6c72f5c8ea78ad6df168aa1d6d0face543519b53ded17e9b1c3f9fa6429188baa2491f708fdd6d3fb89f33e41f06fcd4f4a03d3799acf53bf04b8dd65f2f4150c0c98be7986d6e40ecdada3ee22c38ffabbbe6e6d191936cc12ef472b429f9b10ad9b824e55058a718914f14141bff610d6308dc8dfedbc8894563ff5545260e84941cfd28bce3801ec5799a1d01934b3971fa512cfb8cea0ca52a98076091ae848e489e66c9e8f8af89dab497128bdb32f712cfba7daf577ca63fd521964dd2e3c9c70ec56fe5eb141a775c02541a8f4a094022fd7e4636e2aa7fc386c891da20ac3f443523844e55d436e2e6f1cbc0400676884880d0434793d6cc57cee16da254f4ee4c49c315c4d2a9b6f6c4103a73a994311c96f0363686164146063742df33246d5713556006d750180366acb4e3866dc4bb49f5c308093a786d6b71cc9051e4b475f23a97635f3009a3e6aa2b6064f95a20007cdbcc86c8f62018d5525bd4e2f04e70c19ab4a74f1884edfbb8565be008839cd3d6b2d104300e5ea91295ce2199105a7538d55b4112b0b463c6b81bb74888aac7b864e6fcf139c21749f1b7d025bd77369136b67c586fb36def93f9f0b67f0f1b790c36cbc251c1b2edb2d3564bb578e5e001280c9072a125ae2423ebc47cecd9d2270110f1c216fdde26caf456649042d20945a750c6bc678a903c7030accf8a67f442b672f7e827fa2c11a4356aa3d372f67138ed7421f436036d6e6aab5c30335a43efcea038f43e24abfd14ce584f68e893a98866c446355a8ca51572f0f63b8d1c2b259fc23b8561217b2c94b4065e3fe9dcc0d9736fbbcbbef39224cacff105cf139d6e5674169e552ce4d3cd6e6e4376a43605ccfd19a4f628c0c1cc0bddda544d92aa0da89d0276cb70e5f1db8b76e5b624370a339db3d306ba46059666846231a141f1042390430250b6f7eab3923f25df1e71c1c204d79ea1b750e3f7bf2b283082686577c84b1dd507d8ac340b5c4bdfdd5123c051baafe34a91416e25642761d699b0a94240211381606df797a19c2ef256613750211c2052f17b4e7734deaeb0576aec18d8dad6f995c839f0cff64e8582c459f13fe15eb319fb501836465984c1f3d700cb7c33da9047454dd1a0f123bac83e4764cdfa93148e311267562f51f79f66e299d0db39f63f4b0fc4fe12176b827b8cd8a9c3ad64f84ef215b6348ebae1110fbfad3fdbe7df93c4af8609617e90e8c03286497bc303a5f55ab8eb3d3d0edd4dc96380d3172d11b42b6c51f956c18b24703a87badbb4e495b05d238fa8d7c3ee97877cad819df9c6b56bd487eb1d64888a9e235032d2b63a5b3545f7f4c41c97e7c8ec1178eb989f0e43ad1e7d20bcd2a854a171dbaf5e06108c593e8663b88f7254c03ec0ca16ca6677d816396068c4f989aabd4818d2de9493d5f0099f53ee2046d9988882b105f48c4d621d46fde6098f5ae6150fd470bc91470f3870762c488a97d798f9fc7825c6b8fba96f17fbeb8ff820b3626f475ec262082199ee093bbb318bd5e79777bab71decb8812fa352ca7dabc45e338dc636f5fa3e66af8d300d146780d7efbf2a032a5583f0e47f7d2a589b0b1b39d6b37d264256bcb593bd4754a1ca2bec389ee21eb083736869f2dfd670c952bb2ee0500b1334dc23ac9f9ccf3bc03af4cd71713697fe63a281e12aac467d72a3c9d952d92bfc02bbb9b56e71f0bea1162dde913b12f50d6913bfa789b91d55c6ececa1eebbc61b22329e1939934d672543bd34c4647123178b952d9bc6d4264e78fb07b8ca1a5df0acc7493fa1a8fcab110474b247b2cba42b8dc2fd2a7b8041dd2e250fb5c7950f4904df9733924a1b31bb9b6f9833f8c131db2cd42819061f61a0879c52ab53b2581dff10598eabfa11e38db5b86a58ea10265c0d2307245ecb5568687457a59a087d29c41273fd4f038414bb78bf9758ee6e8fc02d62d0f025058487ec485bf1b0fbb105e9e351680b76a5a1e10a94041a60b8da692ffc3e548fce34164fea55023ace18cdaf15627f2cf2677795af68fb56634a34340f2c0983a5fff0781073622f210594251037524fe3b358bce4c2ee40feea35f4639670e5c9ce7820d35a32773f7ba1e62f0af1583d9a457c523f936d26d3144832fcd6a1e0c46d3b3512af1311db1c63ceec03e4d08ea4e77ee57b4aeb9a72745f360646496ca60cce628bf379d47515131f5021db438cd68368b79da55172e2f1502bbe15daf5fceb8834869c6a95f22fd085d9789dd6b21418ace1c7bd597260898fa5b97dbf57bd470a56fff496a5b9295358a2ca86bb558ba497d80fd922486e0b95cb24f3e835c4a079066658275f4815ecbe80315b6056dc3ff4d1b94b5398c7ced8aec37bf89e40d69243b050c773f80bacbbed987f8da7ccb77adc2be3a228b522eda6de453c98086acbca0c23cf570daefa82e15c8ff08d87bd11af5fe7ebd07625091572777f35949fb461e09c3553037951eb893d4d124db045f3a15eea416450ce21a0ffdf2f3d62944f3cff6d47d777c3d0deb6f4d9c057588f0797c656befc8aa6a2379be9bcdb58138a8c1498825b61b475e222337c33f2cbdb000bf10f960aa7f9b607d1d7399ed907350d6082794b1914771d6122623fbb41a8cc8d9142b733a3c0e0f6216965551d718d0357002f8bfbe8d4cd54297016e79657786758911bca9e8f832e0ba2233d7929a7046458eca967a0cd4e2e7f5f46c1e99d89102c840eb873dc504d606446657c548491181b6508c49ce4b54ad4af92c8617321129233870bd190c9eeda7be7263d719aac3d3633ab27c9982d9bfc49d5db949a43ded20d8ba19270a063186a5e9171572f9e198cd83710fecfb19f342c03871ac83b408c771c2a1a605a55218adda9dce67d8a9b56437a7196a37b46831347c7efd34441e615df547d69c759e7a90a16b86f69917799d4f1d0bcaafb71de66fa7c340fa85962af1d1a21d6cd59498c54135ce78c232da4ec81d0d6ded6ee24efb5802cc38a2f3d3ec60ea8458c9c1c362a35191e0bcb9093ddc58b24b8d76ffe0cfeee87db4ea1ca3f843538b733bbf42f1584823c35d4a1ee947469373e81fa614375dded3c37e321af30cc9a613a60c3409cbb9a3b99aac0c0eed50a35d243e8d662705fc4917a5a03fd02eb6b2bf9dc671ed71fe3e06aec3648867df2626582e202d7adb28e21bf8de41236935cc5f6a334af4d7f734bbcf4fbdf39373f35d3283d59636a7bc04e96249840d9be74b247c9e8582e96074644fd7ed7acca4fba2bba22a4c00e447eba72d253310ecaa94c6334ce6dd2f003dd50b2295dce142b2ae7e8c60c398953b058df4e7557b8e506715cbaa712f411bb7fc10ebd9a5a76b35cc7bc618f383bbed04426ad66e7c09437209c4a8795cecda66f9b4a99a7ddcd6db408c7a6e8a76851a0bc3a33d1b281e111bb588193961b844029c6c9c69c28cb8b53136e727bf6c982c9bab8cc1475bb923f0f9e779f6357fc592ca4f29466017cb1bca4feffde327cd8623502cfe4be363eb4ee0190419a557a", 0x1000}}, 0x1006)
syz_usb_connect(0x0, 0xf5, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505240600010524007f000d240f0104000000080000000006241a03000a052404010704ac18831e"], 0x0)

109.952922ms ago: executing program 1 (id=3093):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, r3)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r4 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r5, 0x0)
write$UHID_INPUT(r4, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006)

0s ago: executing program 5 (id=3094):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x805}}, './file0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000bc0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x7, [@enum64={0x3, 0x5, 0x0, 0x13, 0x1, 0x1, [{0xfffffffd, 0x9}, {0x7, 0xd2, 0x3}, {0xc, 0x1, 0xe7}, {0x42, 0x7fff, 0xffff3c36}, {0x5, 0x7, 0x9}]}]}, {0x0, [0x61, 0x2e, 0x5f, 0x61, 0x4f]}}, &(0x7f0000000c40)=""/3, 0x67, 0x3, 0x1, 0x1, 0x0, @void, @value}, 0x28)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r6, 0x4122, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
readv(r5, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1)
r7 = epoll_create(0x6)
r8 = dup3(r3, r7, 0x0)
read$FUSE(r8, &(0x7f0000000040)={0x2020}, 0x2020)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x18, 0x1401, 0x1, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x4044080)
socket(0x10, 0x3, 0x0)
r10 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030017000b63d25a80648c2594f92e24fc60100c034002000009053582c137153e370248078000", 0x29}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

295 subj=_ pid=10527 comm="syz.4.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  400.567211][   T30] audit: type=1326 audit(2000000545.798:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10527 comm="syz.4.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  400.652474][   T30] audit: type=1326 audit(2000000545.798:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10527 comm="syz.4.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  400.741471][   T30] audit: type=1326 audit(2000000545.798:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10527 comm="syz.4.1347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  404.731095][T10613] ceph: No mds server is up or the cluster is laggy
[  404.751446][T10606] ceph: No mds server is up or the cluster is laggy
[  407.959134][ T5871] libceph: connect (1)[c::]:6789 error -101
[  407.969429][ T5871] libceph: mon0 (1)[c::]:6789 connect error
[  408.241813][ T5871] libceph: connect (1)[c::]:6789 error -101
[  408.245860][T10688] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1386'.
[  408.268378][T10689] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1385'.
[  408.280732][ T5871] libceph: mon0 (1)[c::]:6789 connect error
[  409.176192][T10678] ceph: No mds server is up or the cluster is laggy
[  409.418814][ T5940] libceph: connect (1)[c::]:6789 error -101
[  409.456239][ T5940] libceph: mon0 (1)[c::]:6789 connect error
[  411.365896][T10731] netlink: 'syz.0.1398': attribute type 3 has an invalid length.
[  411.373937][T10731] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1398'.
[  411.702267][ T5940] libceph: connect (1)[c::]:6789 error -101
[  411.719898][ T5940] libceph: mon0 (1)[c::]:6789 connect error
[  411.989579][ T5940] libceph: connect (1)[c::]:6789 error -101
[  412.016361][ T5940] libceph: mon0 (1)[c::]:6789 connect error
[  412.949412][T10739] ceph: No mds server is up or the cluster is laggy
[  413.053774][ T5871] libceph: connect (1)[c::]:6789 error -101
[  413.065876][ T5871] libceph: mon0 (1)[c::]:6789 connect error
[  413.478476][T10768] netlink: 'syz.0.1413': attribute type 3 has an invalid length.
[  413.486373][T10768] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1413'.
[  414.720269][T10782] /dev/nullb0: Can't lookup blockdev
[  416.372421][T10803] lo speed is unknown, defaulting to 1000
[  416.790853][T10812] IPVS: stopping master sync thread 7432 ...
[  416.839433][T10803] lo speed is unknown, defaulting to 1000
[  416.890105][T10803] lo speed is unknown, defaulting to 1000
[  416.936666][T10803] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  417.040403][T10803] lo speed is unknown, defaulting to 1000
[  417.066711][T10803] lo speed is unknown, defaulting to 1000
[  417.093405][T10803] lo speed is unknown, defaulting to 1000
[  417.106012][T10803] lo speed is unknown, defaulting to 1000
[  417.127676][T10803] lo speed is unknown, defaulting to 1000
[  418.155445][T10835] netlink: 'syz.0.1429': attribute type 3 has an invalid length.
[  418.163333][T10835] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1429'.
[  418.657292][T10846] afs: Unknown parameter 'dPHõ'
[  418.920375][T10854] netlink: 'syz.0.1437': attribute type 2 has an invalid length.
[  418.967033][T10856] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1436'.
[  419.078289][T10858] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1438'.
[  420.662816][T10883] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1444'.
[  421.621884][T10899] bridge0: port 3(batadv1) entered blocking state
[  421.633480][T10897] netlink: 'syz.1.1448': attribute type 3 has an invalid length.
[  421.635154][T10899] bridge0: port 3(batadv1) entered disabled state
[  421.641551][T10897] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1448'.
[  421.652290][T10899] batadv1: entered allmulticast mode
[  421.664006][T10899] batadv1: entered promiscuous mode
[  421.863320][T10910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1454'.
[  422.091963][T10919] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1457'.
[  422.122981][   T64] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  422.132869][   T64] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  422.370054][T10927] 9pnet_fd: Insufficient options for proto=fd
[  422.555856][T10934] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  422.563196][T10934] IPv6: NLM_F_CREATE should be set when creating new route
[  422.602818][T10934] lo: entered allmulticast mode
[  422.620648][T10934] tunl0: entered allmulticast mode
[  422.636052][T10934] gre0: entered allmulticast mode
[  422.829210][T10934] gretap0: entered allmulticast mode
[  422.848678][T10934] erspan0: entered allmulticast mode
[  423.330498][T10934] ip_vti0: entered allmulticast mode
[  423.376693][T10934] ip6_vti0: entered allmulticast mode
[  423.466163][T10934] sit0: entered allmulticast mode
[  423.700670][T10934] ip6tnl0: entered allmulticast mode
[  423.758394][T10934] ip6gre0: entered allmulticast mode
[  423.939088][T10934] syz_tun: entered allmulticast mode
[  424.683558][T10934] ip6gretap0: entered allmulticast mode
[  424.735906][T10934] bridge0: port 2(bridge_slave_1) entered disabled state
[  424.744646][T10934] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.802968][T10934] bridge0: entered allmulticast mode
[  424.868810][T10934] vcan0: entered allmulticast mode
[  424.896671][T10934] bond0: entered allmulticast mode
[  424.910616][T10934] bond_slave_1: entered allmulticast mode
[  424.940533][T10934] team0: entered allmulticast mode
[  424.977186][T10934] team_slave_0: entered allmulticast mode
[  424.991882][T10934] team_slave_1: entered allmulticast mode
[  425.015948][T10934] dummy0: entered allmulticast mode
[  425.131774][T10934] nlmon0: entered allmulticast mode
[  425.148347][T10974] netlink: 'syz.0.1473': attribute type 3 has an invalid length.
[  425.156180][T10974] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1473'.
[  425.196719][T10934] caif0: entered allmulticast mode
[  425.225014][T10934] batadv0: entered allmulticast mode
[  425.265705][T10934] vxcan0: entered allmulticast mode
[  425.303217][T10934] vxcan1: entered allmulticast mode
[  425.330242][T10934] veth0: entered allmulticast mode
[  425.426766][T10934] veth1: entered allmulticast mode
[  425.811201][T10934] wg0: entered allmulticast mode
[  426.028425][T10934] wg1: entered allmulticast mode
[  426.042261][T10934] wg2: entered allmulticast mode
[  426.062156][T10934] veth0_to_bridge: entered allmulticast mode
[  426.082723][T10934] veth1_to_bridge: entered allmulticast mode
[  426.108780][T10934] veth1_to_bond: entered allmulticast mode
[  426.124866][T10934] veth0_to_team: entered allmulticast mode
[  426.136031][T10934] veth1_to_team: entered allmulticast mode
[  426.158105][T10934] veth0_to_batadv: entered allmulticast mode
[  426.241379][T10934] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  426.265014][T10934] batadv_slave_0: entered allmulticast mode
[  426.278365][T10934] veth1_to_batadv: entered allmulticast mode
[  426.286729][T10934] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  426.297971][T10934] batadv_slave_1: entered allmulticast mode
[  426.306810][T10934] xfrm0: entered allmulticast mode
[  426.315691][T10934] veth0_to_hsr: entered allmulticast mode
[  426.324988][T10934] hsr_slave_0: entered allmulticast mode
[  426.336488][T10934] veth1_to_hsr: entered allmulticast mode
[  426.351085][T10934] hsr_slave_1: entered allmulticast mode
[  426.360126][T10934] hsr0: entered allmulticast mode
[  426.372382][T10934] veth1_virt_wifi: entered allmulticast mode
[  426.390865][T10934] veth0_virt_wifi: entered allmulticast mode
[  426.410110][T10934] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  426.443765][T10934] veth1_vlan: entered allmulticast mode
[  426.467145][T10934] veth0_vlan: entered allmulticast mode
[  426.488114][T10934] vlan0: entered allmulticast mode
[  426.493621][T10934] vlan1: entered allmulticast mode
[  426.514528][T10934] macvlan0: entered allmulticast mode
[  426.529150][T10934] macvlan1: entered allmulticast mode
[  426.564461][T10934] ipvlan0: entered allmulticast mode
[  426.594415][T10934] ipvlan1: entered allmulticast mode
[  426.615453][T10934] veth1_macvtap: entered allmulticast mode
[  426.676111][T10934] veth0_macvtap: entered allmulticast mode
[  426.712478][T10934] macvtap0: entered allmulticast mode
[  426.759282][T10934] macsec0: entered allmulticast mode
[  426.776417][T10934] geneve0: entered allmulticast mode
[  426.794709][T10934] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  427.645466][T10934] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  427.747459][T10934] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  427.779441][T10934] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  427.898283][T10934] geneve1: entered allmulticast mode
[  427.913138][T10934] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  427.963404][T10934] netdevsim netdevsim4 netdevsim1: entered allmulticast mode
[  427.981488][T10934] netdevsim netdevsim4 netdevsim2: entered allmulticast mode
[  427.992477][T10934] netdevsim netdevsim4 netdevsim3: entered allmulticast mode
[  428.041006][T10934] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode
[  428.085241][T10934] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  428.101913][T10934] erspan1: entered allmulticast mode
[  428.116645][T10934] bridge1: entered allmulticast mode
[  428.128979][T10934] geneve2: entered allmulticast mode
[  428.145053][T10934] veth2: entered allmulticast mode
[  428.160071][T10934] veth3: entered allmulticast mode
[  428.701205][T11037] netlink: 'syz.1.1490': attribute type 21 has an invalid length.
[  430.993931][T11085] netlink: 'syz.0.1507': attribute type 10 has an invalid length.
[  431.037743][T11085] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1507'.
[  433.630485][T11103] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1511'.
[  433.639494][T11103] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1511'.
[  434.013130][T11116] netlink: 'syz.0.1513': attribute type 3 has an invalid length.
[  434.020929][T11116] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1513'.
[  434.781099][T11127] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1516'.
[  434.790462][T11127] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1516'.
[  435.375958][T11136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1520'.
[  437.788253][T11163] 
@ÿ: renamed from veth0_vlan
[  437.797522][T11158] netlink: 'syz.3.1529': attribute type 3 has an invalid length.
[  437.805289][T11158] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1529'.
[  440.087535][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.099081][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  440.171256][T11179] ceph: No mds server is up or the cluster is laggy
[  440.507715][T11192] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1539'.
[  440.612614][T11208] netlink: 'syz.0.1543': attribute type 3 has an invalid length.
[  440.620493][T11208] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1543'.
[  441.842010][T11220] wlan0 speed is unknown, defaulting to 1000
[  441.958890][T11220] lo speed is unknown, defaulting to 1000
[  443.525868][T11250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1555'.
[  444.269976][T11259] netlink: 'syz.2.1557': attribute type 3 has an invalid length.
[  444.278285][T11259] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1557'.
[  445.253667][T11266] 9pnet_fd: Insufficient options for proto=fd
[  446.087212][T11237] Process accounting resumed
[  446.397825][T11279] wlan0 speed is unknown, defaulting to 1000
[  446.507070][T11279] lo speed is unknown, defaulting to 1000
[  446.771603][T11289] netlink: 'syz.0.1564': attribute type 7 has an invalid length.
[  446.864551][T11289] netlink: 'syz.0.1564': attribute type 8 has an invalid length.
[  446.965538][T11289] netlink: 'syz.0.1564': attribute type 13 has an invalid length.
[  448.267720][T11306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1569'.
[  449.752856][T11315] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1573'.
[  450.585358][T11323] wlan0 speed is unknown, defaulting to 1000
[  450.698728][T11323] lo speed is unknown, defaulting to 1000
[  451.103502][T11340] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1582'.
[  451.309968][T11345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1581'.
[  451.635857][T11348] : entered promiscuous mode
[  452.240744][T11356] netlink: 'syz.1.1585': attribute type 29 has an invalid length.
[  452.260668][T11356] netlink: 'syz.1.1585': attribute type 29 has an invalid length.
[  452.331945][T11360] netlink: 'syz.1.1585': attribute type 29 has an invalid length.
[  452.598126][T11365] wlan0 speed is unknown, defaulting to 1000
[  452.705472][T11365] lo speed is unknown, defaulting to 1000
[  453.666715][T11384] overlayfs: failed to clone upperpath
[  456.080949][T11412] openvswitch: netlink: Key 0 has unexpected len 20 expected 0
[  456.435194][T11421] wlan0 speed is unknown, defaulting to 1000
[  456.540103][T11421] lo speed is unknown, defaulting to 1000
[  457.968489][T11441] netlink: 'syz.0.1611': attribute type 10 has an invalid length.
[  457.976566][T11441] vlan0: entered allmulticast mode
[  458.338835][T11441] 
@ÿ: entered allmulticast mode
[  458.648469][T11464] wlan0 speed is unknown, defaulting to 1000
[  458.755604][T11464] lo speed is unknown, defaulting to 1000
[  461.034832][T11498] wlan0 speed is unknown, defaulting to 1000
[  461.140073][T11498] lo speed is unknown, defaulting to 1000
[  463.648752][T11535] netlink: 'syz.1.1640': attribute type 3 has an invalid length.
[  463.656732][T11535] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1640'.
[  464.186554][T11538] wlan0 speed is unknown, defaulting to 1000
[  464.292059][T11538] lo speed is unknown, defaulting to 1000
[  465.282839][T11539] ceph: No mds server is up or the cluster is laggy
[  465.850310][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  465.850324][   T30] audit: type=1400 audit(2000000611.566:222): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=11564 comm="syz.2.1648" saddr=100.1.1.1 daddr=172.20.20.170 dest=20002 netif=wpan0
[  465.974110][   T30] audit: type=1400 audit(2000000611.566:223): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=11564 comm="syz.2.1648" saddr=100.1.1.1 daddr=172.20.20.170 dest=20002 netif=wpan0
[  467.011457][T11583] netlink: 'syz.2.1654': attribute type 3 has an invalid length.
[  467.019341][T11583] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1654'.
[  467.566525][T11585] wlan0 speed is unknown, defaulting to 1000
[  467.679002][T11585] lo speed is unknown, defaulting to 1000
[  468.341693][T11601] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1660'.
[  469.366343][T11612] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1662'.
[  470.833163][T11626] netlink: 'syz.3.1667': attribute type 3 has an invalid length.
[  470.840975][T11626] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1667'.
[  472.118271][T11657] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1677'.
[  472.165122][T11659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1679'.
[  472.278812][T11659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1679'.
[  472.315395][T11659] netlink: 'syz.1.1679': attribute type 1 has an invalid length.
[  472.325430][T11659] netlink: 'syz.1.1679': attribute type 1 has an invalid length.
[  472.699080][T11674] netlink: 'syz.4.1681': attribute type 3 has an invalid length.
[  472.706993][T11674] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1681'.
[  473.159873][T11676] /dev/nullb0: Can't lookup blockdev
[  475.096645][T11702] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1690'.
[  475.171622][T11704] x_tables: duplicate underflow at hook 1
[  475.188442][T11704] overlay: ./bus is not a directory
[  476.731455][T11730] ip6t_srh: unknown srh invflags 7D00
[  476.930268][T11736] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1702'.
[  477.314675][T11745] /dev/nullb0: Can't lookup blockdev
[  478.301743][T11755] netlink: 'syz.2.1708': attribute type 2 has an invalid length.
[  478.848995][   T30] audit: type=1800 audit(2000000624.598:224): pid=11763 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1710" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  478.880436][T11763] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1710'.
[  479.633432][T11778] netlink: 'syz.2.1715': attribute type 33 has an invalid length.
[  479.674401][T11778] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1715'.
[  479.748489][T11778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1715'.
[  481.331500][T11812] netlink: 'syz.2.1725': attribute type 2 has an invalid length.
[  481.514863][T11821] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1728'.
[  482.438436][T11841] bridge0: port 2(batadv1) entered blocking state
[  482.444988][T11841] bridge0: port 2(batadv1) entered disabled state
[  482.451615][T11841] batadv1: entered allmulticast mode
[  482.457973][T11841] batadv1: entered promiscuous mode
[  483.000736][ T1162] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled
[  483.010027][ T1162] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled
[  485.910463][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  485.940931][T11882] netlink: 'syz.4.1750': attribute type 2 has an invalid length.
[  486.035510][T11887] netlink: 'syz.0.1751': attribute type 2 has an invalid length.
[  486.074958][T11892] netlink: 'syz.3.1753': attribute type 3 has an invalid length.
[  486.092680][T11892] netlink: 'syz.3.1753': attribute type 1 has an invalid length.
[  486.107568][T11892] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1753'.
[  486.245995][T11891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1752'.
[  488.365997][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  489.262280][T11938] netlink: 'syz.3.1768': attribute type 3 has an invalid length.
[  489.278640][T11938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1768'.
[  489.317346][T11941] netlink: 'syz.4.1769': attribute type 2 has an invalid length.
[  490.032850][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 173
[  490.585142][T11966] netlink: 'syz.4.1777': attribute type 3 has an invalid length.
[  490.593193][T11966] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1777'.
[  491.343817][   T30] audit: type=1800 audit(2000000637.089:225): pid=11989 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.1787" name="nullb0" dev="tmpfs" ino=1031 res=0 errno=0
[  491.391931][ T5132] Bluetooth: hci3: ACL packet for unknown connection handle 173
[  491.774802][T12008] /dev/nullb0: Can't lookup blockdev
[  493.551046][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  493.648480][T12039] overlayfs: missing 'workdir'
[  495.279754][T12064] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1810'.
[  495.937153][T12070] wlan0 speed is unknown, defaulting to 1000
[  496.051510][T12070] lo speed is unknown, defaulting to 1000
[  497.350925][T12087] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1818'.
[  497.652741][T12092] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1819'.
[  498.930362][T12108] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  498.992132][T12110] wlan0 speed is unknown, defaulting to 1000
[  499.100985][T12110] lo speed is unknown, defaulting to 1000
[  502.164594][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  502.174180][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  502.680067][T12140] overlayfs: missing 'lowerdir'
[  502.710349][T12140] netlink: 'syz.1.1834': attribute type 3 has an invalid length.
[  502.944776][T12149] wlan0 speed is unknown, defaulting to 1000
[  503.052836][T12149] lo speed is unknown, defaulting to 1000
[  504.058524][T12161] xt_nat: multiple ranges no longer supported
[  504.545198][T12179] trusted_key: syz.4.1846 sent an empty control message without MSG_MORE.
[  504.647467][T12183] overlayfs: failed to clone upperpath
[  504.698776][T12185] cgroup2: Unknown parameter 'uid'
[  506.078549][T12203] overlayfs: failed to clone upperpath
[  506.085937][T12203] cgroup2: Unknown parameter 'uid'
[  506.224673][T12205] overlayfs: failed to clone lowerpath
[  506.573064][T12218] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1859'.
[  510.095005][T12279] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1877'.
[  510.164387][T12283] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1878'.
[  511.245797][T12311] netlink: 'syz.0.1886': attribute type 3 has an invalid length.
[  511.253762][T12311] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1886'.
[  512.484816][T12332] netlink: 'syz.0.1893': attribute type 3 has an invalid length.
[  512.492738][T12332] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1893'.
[  513.738563][T12355] netlink: 15702 bytes leftover after parsing attributes in process `syz.0.1900'.
[  514.431854][   T30] audit: type=1804 audit(2000000660.151:226): pid=12370 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1906" name="file0" dev="tmpfs" ino=2064 res=1 errno=0
[  514.521298][   T30] audit: type=1804 audit(2000000660.271:227): pid=12373 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1907" name="file0" dev="tmpfs" ino=1931 res=1 errno=0
[  515.086184][T12373] ref_ctr_offset mismatch. inode: 0x78b offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6
[  515.097545][T12373] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: 0, delta: -1
[  515.106261][T12373] ref_ctr decrement failed for inode: 0x78b offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802f39bc00
[  515.117687][T12373] uprobe: syz.2.1907:12373 failed to unregister, leaking uprobe
[  515.846411][T12388] cgroup: release_agent respecified
[  516.558428][T12407] wlan0 speed is unknown, defaulting to 1000
[  516.666114][T12407] lo speed is unknown, defaulting to 1000
[  517.898452][T12436] lo speed is unknown, defaulting to 1000
[  517.906907][T12436] lo speed is unknown, defaulting to 1000
[  518.068493][T12436] lo speed is unknown, defaulting to 1000
[  518.105665][   T30] audit: type=1326 audit(2000000663.851:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.153174][   T30] audit: type=1326 audit(2000000663.851:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.224285][   T30] audit: type=1326 audit(2000000663.851:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.301943][   T30] audit: type=1326 audit(2000000663.851:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.373620][   T30] audit: type=1326 audit(2000000663.851:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.439995][   T30] audit: type=1326 audit(2000000663.851:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.491788][   T30] audit: type=1326 audit(2000000663.851:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.567485][   T30] audit: type=1326 audit(2000000663.891:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12440 comm="syz.2.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  518.945837][T12436] infiniband s
z1: set active
[  519.432799][T10984] lo speed is unknown, defaulting to 1000
[  519.494241][T12436] infiniband s
z1: added lo
[  519.943356][T12436] RDS/IB: s
z1: added
[  519.954487][T12436] smc: adding ib device s
z1 with port count 1
[  519.960927][T12436] smc:    ib device s
z1 port 1 has pnetid 
[  519.979551][T12436] lo speed is unknown, defaulting to 1000
[  519.987321][T10984] lo speed is unknown, defaulting to 1000
[  519.996042][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  519.996058][   T30] audit: type=1326 audit(2000000665.741:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12473 comm="syz.4.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  520.061846][   T30] audit: type=1326 audit(2000000665.801:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12473 comm="syz.4.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  520.064441][T12472] tipc: Invalid UDP bearer configuration
[  520.117134][   T30] audit: type=1326 audit(2000000665.801:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12473 comm="syz.4.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  520.192360][T12472] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  520.213802][   T30] audit: type=1326 audit(2000000665.801:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12473 comm="syz.4.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  520.900514][   T30] audit: type=1326 audit(2000000665.801:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12473 comm="syz.4.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  521.105890][   T30] audit: type=1326 audit(2000000665.801:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12473 comm="syz.4.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  521.173161][   T30] audit: type=1326 audit(2000000665.801:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12473 comm="syz.4.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  521.378901][T12493] bond0: entered promiscuous mode
[  521.407756][T12493] bond_slave_0: entered promiscuous mode
[  521.421001][T12498] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1949'.
[  521.430211][T12493] bond_slave_1: entered promiscuous mode
[  521.518834][T12436] lo speed is unknown, defaulting to 1000
[  521.663639][T12504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1952'.
[  521.950478][T12436] lo speed is unknown, defaulting to 1000
[  522.018205][T12515] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  522.018205][T12515] The task syz.0.1957 (12515) triggered the difference, watch for misbehavior.
[  522.148477][T12518] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1959'.
[  522.226952][T12521] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1960'.
[  522.597359][T12526] netlink: 'syz.2.1961': attribute type 3 has an invalid length.
[  522.605366][T12526] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1961'.
[  523.135608][T12436] lo speed is unknown, defaulting to 1000
[  523.719315][T12536] netlink: 'syz.3.1963': attribute type 3 has an invalid length.
[  523.727274][T12536] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1963'.
[  524.745143][T12436] lo speed is unknown, defaulting to 1000
[  525.331935][T12561] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1971'.
[  525.542914][T12563] wlan0 speed is unknown, defaulting to 1000
[  525.600018][T12568] overlayfs: failed to clone upperpath
[  525.679939][T12569] Cannot find map_set index 0 as target
[  526.247648][T12436] lo speed is unknown, defaulting to 1000
[  527.613793][T12563] lo speed is unknown, defaulting to 1000
[  527.835343][T12589] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1979'.
[  528.015913][T12597] netlink: 'syz.3.1977': attribute type 3 has an invalid length.
[  528.023956][T12597] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1977'.
[  529.785408][T12627] netlink: 'syz.1.1990': attribute type 2 has an invalid length.
[  533.186772][T12632] Process accounting resumed
[  533.418054][T12669] netlink: 'syz.2.2005': attribute type 2 has an invalid length.
[  533.505984][T12673] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'.
[  533.828691][T12686] wlan0 speed is unknown, defaulting to 1000
[  533.937624][T12686] lo speed is unknown, defaulting to 1000
[  533.944383][T12686] lo speed is unknown, defaulting to 1000
[  535.069378][T12706] netlink: 'syz.2.2011': attribute type 3 has an invalid length.
[  535.077346][T12706] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2011'.
[  535.551622][T12702] overlayfs: failed to clone upperpath
[  537.414957][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  537.719227][T12735] wlan0 speed is unknown, defaulting to 1000
[  537.826858][T12735] lo speed is unknown, defaulting to 1000
[  537.833676][T12735] lo speed is unknown, defaulting to 1000
[  538.206703][T12742] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2021'.
[  538.795459][T12755] netlink: 'syz.0.2025': attribute type 3 has an invalid length.
[  538.803501][T12755] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2025'.
[  540.099513][T12712] Process accounting resumed
[  541.237289][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  542.574107][T12797] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2038'.
[  543.104966][T12796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2037'.
[  543.410512][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  546.187788][T12813] Process accounting resumed
[  546.406410][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 173
[  546.723097][T12854] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2053'.
[  547.207575][T12852] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2055'.
[  547.327031][T12856] netlink: 'syz.3.2056': attribute type 2 has an invalid length.
[  547.729153][T12872] overlayfs: failed to clone upperpath
[  548.705639][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 173
[  549.141869][T12891] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2067'.
[  549.150951][T12891] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2067'.
[  550.118929][T12904] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2071'.
[  551.122154][T12879] Process accounting resumed
[  551.137209][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 173
[  551.849675][T12933] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2082'.
[  551.858830][T12933] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2082'.
[  552.579207][   T30] audit: type=1326 audit(2000000698.333:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  552.659144][   T30] audit: type=1326 audit(2000000698.333:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  552.745288][   T30] audit: type=1326 audit(2000000698.333:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  552.788181][   T30] audit: type=1326 audit(2000000698.333:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  553.514551][   T30] audit: type=1326 audit(2000000698.333:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  553.551049][   T30] audit: type=1326 audit(2000000698.353:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  553.586307][T12953] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2090'.
[  553.663656][   T30] audit: type=1326 audit(2000000698.353:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  553.793900][   T30] audit: type=1326 audit(2000000698.363:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  553.816098][   T30] audit: type=1326 audit(2000000698.363:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12942 comm="syz.1.2087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  553.884266][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  554.216885][T12967] netlink: 'syz.1.2093': attribute type 3 has an invalid length.
[  554.224712][T12967] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2093'.
[  554.576597][T12958] Process accounting resumed
[  555.072199][T12979] overlayfs: failed to clone upperpath
[  555.193251][T12979] cgroup2: Unknown parameter 'uid'
[  555.309459][T12981] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2099'.
[  555.391194][   T30] audit: type=1326 audit(2000000701.143:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12982 comm="syz.1.2100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  555.866976][T12992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2101'.
[  556.365144][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  557.883311][T13014] netlink: 'syz.4.2107': attribute type 3 has an invalid length.
[  557.891157][T13014] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2107'.
[  557.922001][T13019] netlink: 'syz.1.2108': attribute type 3 has an invalid length.
[  557.930035][T13019] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2108'.
[  558.664591][T13033] /dev/nullb0: Can't lookup blockdev
[  559.215448][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  559.290373][T13040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2115'.
[  560.063751][T13049] netlink: 'syz.2.2117': attribute type 3 has an invalid length.
[  560.071550][T13049] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2117'.
[  560.415754][T13013] Process accounting resumed
[  561.423216][T13068] netlink: 'syz.2.2124': attribute type 3 has an invalid length.
[  561.431237][T13068] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2124'.
[  562.044001][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 173
[  562.346994][T13085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2130'.
[  562.895659][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  562.902164][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  563.471829][T13098] netlink: 'syz.4.2133': attribute type 3 has an invalid length.
[  563.479655][T13098] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2133'.
[  563.490575][T13097] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2134'.
[  563.499806][T13097] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2134'.
[  564.950057][T13113] netlink: 'syz.1.2138': attribute type 3 has an invalid length.
[  564.958103][T13113] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2138'.
[  565.705058][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  566.285514][T13087] Process accounting resumed
[  566.390045][T13134] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'.
[  567.406806][T13148] netlink: 'syz.1.2148': attribute type 3 has an invalid length.
[  567.414673][T13148] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2148'.
[  569.687259][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  570.392033][T13175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2158'.
[  571.059646][T13179] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2159'.
[  572.047889][T13190] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2160'.
[  572.057037][T13190] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2160'.
[  572.632650][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  573.586570][T13178] Process accounting resumed
[  573.680560][T13221] /dev/nullb0: Can't lookup blockdev
[  574.489310][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  575.307714][T13235] netlink: 'syz.2.2178': attribute type 2 has an invalid length.
[  575.610485][T13241] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2177'.
[  575.619726][T13241] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2177'.
[  576.946855][T13263] /dev/nullb0: Can't lookup blockdev
[  579.144031][T13290] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2191'.
[  579.277578][T13293] overlayfs: failed to clone upperpath
[  579.486791][T13297] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2194'.
[  579.656772][T13299] netlink: 'syz.3.2195': attribute type 2 has an invalid length.
[  579.666979][T13300] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2193'.
[  579.703459][T13264] Process accounting resumed
[  580.732694][T13319] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2202'.
[  580.753350][T13316] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2200'.
[  581.078098][T13323] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2203'.
[  581.348760][T13329] overlayfs: failed to clone upperpath
[  583.282913][T13359] netlink: 'syz.2.2213': attribute type 2 has an invalid length.
[  583.308653][T13360] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2210'.
[  583.974854][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  584.501618][T13373] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2216'.
[  584.584914][T13376] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2218'.
[  585.114930][T13391] netlink: 'syz.4.2221': attribute type 3 has an invalid length.
[  585.123797][T13391] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2221'.
[  585.843254][T13350] Process accounting resumed
[  586.250550][T13403] netlink: 'syz.3.2225': attribute type 3 has an invalid length.
[  586.258448][T13403] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2225'.
[  586.987318][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  587.686903][T13416] netlink: 'syz.1.2229': attribute type 3 has an invalid length.
[  587.694825][T13416] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2229'.
[  588.378774][T13418] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2230'.
[  588.635909][T13423] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2232'.
[  588.705960][T13426] netlink: 'syz.1.2233': attribute type 3 has an invalid length.
[  588.714003][T13426] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2233'.
[  589.751934][T13435] wlan0 speed is unknown, defaulting to 1000
[  589.826815][T13440] /dev/nullb0: Can't lookup blockdev
[  590.477738][T13435] lo speed is unknown, defaulting to 1000
[  590.484503][T13435] lo speed is unknown, defaulting to 1000
[  591.055108][T13444] /dev/nullb0: Can't lookup blockdev
[  591.152573][T13444] wlan0 speed is unknown, defaulting to 1000
[  591.294203][T13444] lo speed is unknown, defaulting to 1000
[  591.300989][T13444] lo speed is unknown, defaulting to 1000
[  591.725935][T13453] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2240'.
[  592.136998][T13465] netlink: 'syz.1.2243': attribute type 3 has an invalid length.
[  592.144939][T13465] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2243'.
[  593.050737][T13471] netlink: 'syz.0.2246': attribute type 3 has an invalid length.
[  593.058718][T13471] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2246'.
[  593.659968][T13473] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2248'.
[  595.616633][T13490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2253'.
[  595.646002][T13445] Process accounting resumed
[  595.854265][T13493] wlan0 speed is unknown, defaulting to 1000
[  595.966799][T13493] lo speed is unknown, defaulting to 1000
[  595.974206][T13493] lo speed is unknown, defaulting to 1000
[  596.191589][T13499] overlayfs: failed to clone upperpath
[  596.882144][T13511] netlink: 'syz.3.2260': attribute type 3 has an invalid length.
[  596.890161][T13511] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2260'.
[  597.856580][T13516] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2262'.
[  599.003100][T13531] batadv0: entered promiscuous mode
[  599.388432][T13531] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  599.430094][T13531] macvlan2: entered allmulticast mode
[  599.444532][T13531] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  599.493013][T13533] wlan0 speed is unknown, defaulting to 1000
[  599.606343][T13533] lo speed is unknown, defaulting to 1000
[  599.613107][T13533] lo speed is unknown, defaulting to 1000
[  599.861728][T13543] overlayfs: failed to clone upperpath
[  603.055441][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2278'.
[  603.811668][T13538] Process accounting resumed
[  603.964368][T13590] overlayfs: failed to clone upperpath
[  604.157997][T13594] /dev/nullb0: Can't lookup blockdev
[  604.175658][T13594] wlan0 speed is unknown, defaulting to 1000
[  604.282858][T13594] lo speed is unknown, defaulting to 1000
[  604.289592][T13594] lo speed is unknown, defaulting to 1000
[  605.190577][T13611] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2288'.
[  605.200156][T13611] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2288'.
[  605.733306][T13620] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2292'.
[  606.217231][T13626] overlayfs: failed to clone upperpath
[  606.443397][T13634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2295'.
[  607.071760][T13639] wlan0 speed is unknown, defaulting to 1000
[  607.185287][T13639] lo speed is unknown, defaulting to 1000
[  607.192354][T13639] lo speed is unknown, defaulting to 1000
[  608.356141][T13663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2305'.
[  608.813031][T13666] overlayfs: failed to clone upperpath
[  608.866687][T13672] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2306'.
[  608.875937][T13672] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2306'.
[  609.986844][T13683] /dev/nullb0: Can't lookup blockdev
[  610.004373][T13683] wlan0 speed is unknown, defaulting to 1000
[  610.111387][T13683] lo speed is unknown, defaulting to 1000
[  610.118197][T13683] lo speed is unknown, defaulting to 1000
[  610.531668][T13687] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2313'.
[  612.275192][T13711] overlayfs: failed to clone upperpath
[  613.394081][T13724] wlan0 speed is unknown, defaulting to 1000
[  614.496331][T13740] wlan0 speed is unknown, defaulting to 1000
[  614.523227][T13724] lo speed is unknown, defaulting to 1000
[  614.554059][T13724] lo speed is unknown, defaulting to 1000
[  614.692751][T13746] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2330'.
[  614.852327][T13748] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  615.205035][T13740] lo speed is unknown, defaulting to 1000
[  615.274857][T13753] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2332'.
[  615.558017][T13740] lo speed is unknown, defaulting to 1000
[  615.576755][T13755] overlayfs: failed to clone upperpath
[  618.411215][T13794] overlayfs: failed to clone upperpath
[  618.507051][T13796] /dev/nullb0: Can't lookup blockdev
[  618.526201][T13796] wlan0 speed is unknown, defaulting to 1000
[  618.650746][T13796] lo speed is unknown, defaulting to 1000
[  618.657656][T13796] lo speed is unknown, defaulting to 1000
[  620.870964][T13833] /dev/nullb0: Can't lookup blockdev
[  620.895817][T13833] wlan0 speed is unknown, defaulting to 1000
[  621.008496][T13833] lo speed is unknown, defaulting to 1000
[  621.015342][T13833] lo speed is unknown, defaulting to 1000
[  622.031900][T13855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2366'.
[  623.239438][T13865] overlayfs: failed to clone upperpath
[  624.046892][T13875] netlink: 'syz.1.2370': attribute type 3 has an invalid length.
[  624.054833][T13875] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2370'.
[  624.314031][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  624.444967][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  624.711451][T13878] /dev/nullb0: Can't lookup blockdev
[  624.878176][T13882] netlink: 'syz.4.2373': attribute type 3 has an invalid length.
[  624.886100][T13882] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2373'.
[  625.148506][T13878] wlan0 speed is unknown, defaulting to 1000
[  625.261868][T13878] lo speed is unknown, defaulting to 1000
[  625.268681][T13878] lo speed is unknown, defaulting to 1000
[  626.114871][T13892] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  626.137020][T13893] 9pnet_fd: Insufficient options for proto=fd
[  626.422822][T13904] overlayfs: failed to clone upperpath
[  628.315485][T13934] /dev/nullb0: Can't lookup blockdev
[  628.858928][T13934] wlan0 speed is unknown, defaulting to 1000
[  628.978974][T13934] lo speed is unknown, defaulting to 1000
[  628.985880][T13934] lo speed is unknown, defaulting to 1000
[  629.390422][T13941] /dev/nullb0: Can't lookup blockdev
[  629.962637][T13951] overlayfs: failed to clone upperpath
[  630.952304][ T5132] Bluetooth: hci3: ACL packet for unknown connection handle 173
[  630.988898][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  631.355469][T13978] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2403'.
[  631.770449][T13985] netlink: 'syz.2.2405': attribute type 3 has an invalid length.
[  631.778359][T13985] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2405'.
[  632.280252][T13986] wlan0 speed is unknown, defaulting to 1000
[  632.459898][T13986] lo speed is unknown, defaulting to 1000
[  632.466666][T13986] lo speed is unknown, defaulting to 1000
[  632.646291][T13990] overlayfs: failed to clone upperpath
[  632.903376][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  633.395947][T14008] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  634.400985][T14008] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  635.202866][T14025] netlink: 'syz.1.2418': attribute type 3 has an invalid length.
[  635.210812][T14025] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2418'.
[  635.971243][T14030] netlink: 'syz.3.2419': attribute type 3 has an invalid length.
[  635.979017][T14030] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2419'.
[  636.129781][T14035] /dev/nullb0: Can't lookup blockdev
[  636.145977][T14035] wlan0 speed is unknown, defaulting to 1000
[  636.252064][T14035] lo speed is unknown, defaulting to 1000
[  636.258853][T14035] lo speed is unknown, defaulting to 1000
[  636.752947][T14043] overlayfs: failed to clone upperpath
[  636.853744][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  636.958817][T14047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2426'.
[  637.250341][T14057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2428'.
[  637.538164][T14061] netlink: 'syz.2.2430': attribute type 3 has an invalid length.
[  637.546033][T14061] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2430'.
[  638.432925][T14069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2431'.
[  638.813922][T14077] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2432'.
[  638.840076][T14076] wlan0 speed is unknown, defaulting to 1000
[  638.946790][T14076] lo speed is unknown, defaulting to 1000
[  638.953581][T14076] lo speed is unknown, defaulting to 1000
[  639.392044][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 173
[  639.520204][T14090] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2439'.
[  639.909339][T14098] netlink: 'syz.3.2442': attribute type 3 has an invalid length.
[  639.917256][T14098] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2442'.
[  640.679429][T14104] netlink: 'syz.4.2444': attribute type 3 has an invalid length.
[  640.687478][T14104] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2444'.
[  642.396642][ T5132] Bluetooth: hci3: ACL packet for unknown connection handle 173
[  642.695039][T14129] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2451'.
[  642.758565][T14134] overlayfs: failed to clone upperpath
[  642.981875][T14138] netlink: 'syz.4.2455': attribute type 3 has an invalid length.
[  643.205510][T14138] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2455'.
[  643.862656][T14150] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2461'.
[  643.928960][ T5132] Bluetooth: hci3: ACL packet for unknown connection handle 173
[  644.561207][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2467'.
[  645.633289][T14177] netlink: 'syz.3.2470': attribute type 3 has an invalid length.
[  645.641204][T14177] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2470'.
[  645.675809][T14178] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2469'.
[  646.742244][T14191] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2475'.
[  647.455365][T14206] overlay: ./file0 is not a directory
[  647.478691][T14206] netlink: 'syz.2.2481': attribute type 7 has an invalid length.
[  647.837340][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  647.951464][T14216] netlink: 'syz.1.2483': attribute type 3 has an invalid length.
[  647.959564][T14216] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2483'.
[  650.134344][T14192] Process accounting resumed
[  650.531143][T14235] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2490'.
[  650.687588][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  651.068756][T14256] netlink: 'syz.3.2497': attribute type 3 has an invalid length.
[  651.076688][T14256] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2497'.
[  651.554380][T14255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2499'.
[  652.211847][T14268] netlink: 'syz.3.2501': attribute type 3 has an invalid length.
[  652.219681][T14268] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2501'.
[  652.286839][T14269] tmpfs: Bad value for 'mpol'
[  652.755110][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  653.113371][T14284] /dev/nullb0: Can't lookup blockdev
[  653.496800][T14297] netlink: 'syz.4.2513': attribute type 3 has an invalid length.
[  653.504672][T14297] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2513'.
[  654.613589][T14310] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2516'.
[  655.194702][T14319] overlayfs: failed to clone upperpath
[  655.301255][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  655.531016][T14328] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2522'.
[  655.746606][T14332] /dev/nullb0: Can't lookup blockdev
[  656.665165][T14345] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2528'.
[  657.249899][ T5132] Bluetooth: hci4: ACL packet for unknown connection handle 173
[  657.494507][T14361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2533'.
[  657.957985][T14368] netlink: 'syz.1.2537': attribute type 2 has an invalid length.
[  658.337174][T14374] /dev/nullb0: Can't lookup blockdev
[  660.810270][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  661.231765][T14409] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2548'.
[  661.244293][T14406] overlayfs: failed to clone upperpath
[  661.584408][T14414] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2549'.
[  661.608832][T14417] netlink: 'syz.3.2551': attribute type 2 has an invalid length.
[  662.525935][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  663.278051][T14451] netlink: 'syz.2.2562': attribute type 3 has an invalid length.
[  663.285921][T14451] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2562'.
[  663.850869][T14462] netlink: 'syz.0.2566': attribute type 2 has an invalid length.
[  664.200539][T14468] netlink: 'syz.4.2568': attribute type 3 has an invalid length.
[  664.208367][T14468] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2568'.
[  664.884665][ T5132] Bluetooth: hci2: ACL packet for unknown connection handle 173
[  666.114067][T14426] Process accounting resumed
[  666.707620][T14498] netlink: 'syz.2.2578': attribute type 3 has an invalid length.
[  666.715582][T14498] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2578'.
[  668.077319][T14511] netlink: 'syz.1.2582': attribute type 2 has an invalid length.
[  668.202152][ T5132] Bluetooth: hci0: ACL packet for unknown connection handle 173
[  669.908925][T14539] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2595'.
[  670.241152][T14543] netlink: 'syz.4.2593': attribute type 3 has an invalid length.
[  670.249018][T14543] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2593'.
[  670.405597][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 173
[  671.485896][T14568] netlink: 'syz.1.2600': attribute type 2 has an invalid length.
[  672.361187][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  672.361207][   T30] audit: type=1326 audit(2000000818.110:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14576 comm="syz.3.2606" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f492078e969 code=0x0
[  672.506082][T14548] Process accounting resumed
[  673.024052][T14595] netlink: 'syz.0.2609': attribute type 3 has an invalid length.
[  673.032056][T14595] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2609'.
[  673.668630][   T30] audit: type=1326 audit(2000000819.380:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14600 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  673.767542][   T30] audit: type=1326 audit(2000000819.380:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14600 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  673.807406][   T30] audit: type=1326 audit(2000000819.380:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14600 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  673.893817][   T30] audit: type=1326 audit(2000000819.390:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14600 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  674.037874][   T30] audit: type=1326 audit(2000000819.390:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14600 comm="syz.2.2613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa9958e969 code=0x7ffc0000
[  674.845748][T14625] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2623'.
[  675.044885][T14631] trusted_key: encrypted_key: master key parameter 'trusted:' is invalid
[  675.449726][T14637] netlink: 'syz.2.2626': attribute type 3 has an invalid length.
[  675.457547][T14637] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2626'.
[  677.141999][   T30] audit: type=1326 audit(2000000822.900:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14651 comm="syz.1.2632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  677.214060][   T30] audit: type=1326 audit(2000000822.920:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14651 comm="syz.1.2632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  677.266748][   T30] audit: type=1326 audit(2000000822.920:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14651 comm="syz.1.2632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  677.308418][   T30] audit: type=1326 audit(2000000822.920:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14651 comm="syz.1.2632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  677.391156][   T30] audit: type=1326 audit(2000000822.920:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14651 comm="syz.1.2632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f5098e969 code=0x7ffc0000
[  677.467465][T14626] Process accounting resumed
[  677.864129][T14660] overlayfs: failed to clone upperpath
[  678.956285][T14685] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2643'.
[  679.825141][T14695] overlayfs: failed to clone upperpath
[  680.485998][T14707] netlink: 1472 bytes leftover after parsing attributes in process `syz.1.2652'.
[  681.864090][T14726] netlink: 'syz.1.2656': attribute type 3 has an invalid length.
[  681.872110][T14726] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2656'.
[  682.854425][T14735] overlayfs: failed to clone upperpath
[  683.295232][T14704] Process accounting resumed
[  683.818284][T14760] overlayfs: failed to clone upperpath
[  684.528091][T14771] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  685.250291][T14775] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2675'.
[  685.280055][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  685.296032][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.411620][T12727] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  685.434825][T12727] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  685.448357][T12727] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  685.463614][T12727] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  685.487137][T12727] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  685.554681][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  685.598152][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.766230][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.776056][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  685.812956][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  685.833915][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.864907][T14779] wlan0 speed is unknown, defaulting to 1000
[  686.405367][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  686.502962][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  687.203725][T14779] lo speed is unknown, defaulting to 1000
[  687.225568][   T36] bridge_slave_1: left allmulticast mode
[  687.262779][   T36] bridge_slave_1: left promiscuous mode
[  687.318647][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  687.343392][   T36] bridge_slave_0: left allmulticast mode
[  687.354001][   T36] bridge_slave_0: left promiscuous mode
[  687.361008][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  688.072221][ T5132] Bluetooth: hci4: command tx timeout
[  689.348252][T14794] Process accounting resumed
[  689.405835][   T36] bond1 (unregistering): (slave gretap1): Releasing active interface
[  689.824752][T14832] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2690'.
[  690.158926][ T5132] Bluetooth: hci4: command tx timeout
[  690.474664][   T36] bond0 (unregistering): left promiscuous mode
[  690.481041][   T36] bond_slave_0: left promiscuous mode
[  690.486844][   T36] bond_slave_1: left promiscuous mode
[  690.493109][   T36] team0: left promiscuous mode
[  690.498137][   T36] team_slave_0: left promiscuous mode
[  690.504211][   T36] team_slave_1: left promiscuous mode
[  690.526008][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  690.539508][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  690.551877][   T36] bond0 (unregistering): (slave team0): Releasing backup interface
[  690.566280][   T36] bond0 (unregistering): Released all slaves
[  690.669274][   T36] bond1 (unregistering): Released all slaves
[  690.683224][T14779] lo speed is unknown, defaulting to 1000
[  690.996673][T14840] 8021q: VLANs not supported on ipvlan1
[  691.663316][   T58] wlan0 speed is unknown, defaulting to 1000
[  691.673290][   T58] syz2: Port: 1 Link DOWN
[  692.227483][ T5132] Bluetooth: hci4: command tx timeout
[  692.273400][T14883] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2698'.
[  693.341088][T14779] chnl_net:caif_netlink_parms(): no params data found
[  693.784311][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  693.809637][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  693.905125][   T36] veth1_macvtap: left promiscuous mode
[  693.963448][   T36] veth0_macvtap: left promiscuous mode
[  693.994062][   T36] veth1_vlan: left promiscuous mode
[  694.018816][   T36] veth0_vlan: left promiscuous mode
[  694.322577][ T5132] Bluetooth: hci4: command tx timeout
[  694.770294][ T2136] batman_adv: batadv1: IGMP Querier appeared
[  694.776439][ T2136] batman_adv: batadv1: MLD Querier appeared
[  695.101964][T14885] Process accounting resumed
[  695.436253][   T36] team0 (unregistering): Port device team_slave_1 removed
[  695.578960][   T36] team0 (unregistering): Port device team_slave_0 removed
[  695.589061][   T13] smc: removing ib device syz!
[  695.985749][ T9525] smc: removing ib device s
z1
[  696.033242][   T58] lo speed is unknown, defaulting to 1000
[  696.042753][   T58] s
z1: Port: 1 Link DOWN
[  696.898992][T14968] netlink: 'syz.0.2718': attribute type 10 has an invalid length.
[  697.279939][   T30] audit: type=1326 audit(2000000843.031:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7fac985927 code=0x7ffc0000
[  697.345257][   T30] audit: type=1326 audit(2000000843.031:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7fac92ab39 code=0x7ffc0000
[  697.401177][   T30] audit: type=1326 audit(2000000843.031:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  697.448454][   T30] audit: type=1326 audit(2000000843.031:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7fac985927 code=0x7ffc0000
[  697.493404][   T30] audit: type=1326 audit(2000000843.031:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7fac92ab39 code=0x7ffc0000
[  697.527879][   T30] audit: type=1326 audit(2000000843.031:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7fac985927 code=0x7ffc0000
[  697.557167][   T30] audit: type=1326 audit(2000000843.041:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7fac92ab39 code=0x7ffc0000
[  697.606457][T14779] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.624281][T14779] bridge0: port 1(bridge_slave_0) entered disabled state
[  697.653050][   T30] audit: type=1326 audit(2000000843.041:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7f7fac98e969 code=0x7ffc0000
[  697.675098][T14779] bridge_slave_0: entered allmulticast mode
[  697.689837][   T30] audit: type=1326 audit(2000000843.041:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7fac985927 code=0x7ffc0000
[  697.711532][   T30] audit: type=1326 audit(2000000843.061:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.4.2719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7fac92ab39 code=0x7ffc0000
[  697.886771][T14779] bridge_slave_0: entered promiscuous mode
[  697.924589][T14968] team0: Port device bridge0 added
[  698.407230][T14779] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.414404][T14779] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.421768][T14779] bridge_slave_1: entered allmulticast mode
[  698.477767][T14779] bridge_slave_1: entered promiscuous mode
[  699.494777][T14779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  699.676436][T14779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  700.360886][T15019] macvtap0: left promiscuous mode
[  700.593123][T14779] team0: Port device team_slave_0 added
[  700.617487][T15025] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  700.696070][T15025] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[  700.837600][T14779] team0: Port device team_slave_1 added
[  700.933133][T15025] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2730'.
[  701.799704][T14779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  701.806695][T14779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  701.937167][T14779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  701.952391][T14779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  701.964015][T14779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  701.989980][T14779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  702.229523][T15053] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2739'.
[  702.308325][T15060] overlayfs: failed to clone lowerpath
[  702.330333][T15060] netlink: 136 bytes leftover after parsing attributes in process `syz.4.2741'.
[  702.752668][T14779] hsr_slave_0: entered promiscuous mode
[  702.853570][T14779] hsr_slave_1: entered promiscuous mode
[  702.863150][T14779] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  702.880500][T14779] Cannot create hsr debugfs directory
[  703.175628][T15081] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2745'.
[  703.303795][T15084] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2745'.
[  704.836956][   T36] IPVS: stop unused estimator thread 0...
[  705.506227][T14779] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  705.548731][T14779] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  705.711488][T14779] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  705.760468][T14779] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  705.804910][T15138] netlink: 'syz.0.2758': attribute type 1 has an invalid length.
[  705.819829][T15137] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2758'.
[  705.828941][T15137] netlink: 31 bytes leftover after parsing attributes in process `syz.0.2758'.
[  705.837986][T15137] netlink: 31 bytes leftover after parsing attributes in process `syz.0.2758'.
[  705.991608][ T5132] Bluetooth: hci1: unexpected event for opcode 0x1004
[  705.998811][ T5132] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  706.029362][   T30] kauditd_printk_skb: 88 callbacks suppressed
[  706.029380][   T30] audit: type=1800 audit(2000000851.772:379): pid=15144 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.2759" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=33665 res=0 errno=0
[  706.235359][T14779] 8021q: adding VLAN 0 to HW filter on device bond0
[  706.329895][T14779] 8021q: adding VLAN 0 to HW filter on device team0
[  706.373692][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  706.380923][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  706.448716][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  706.455999][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  706.949310][T14779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  707.886910][T14779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  708.035938][T14779] veth0_vlan: entered promiscuous mode
[  708.085986][T14779] veth1_vlan: entered promiscuous mode
[  708.184893][T15203] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2773'.
[  708.239434][T14779] veth0_macvtap: entered promiscuous mode
[  708.289096][T14779] veth1_macvtap: entered promiscuous mode
[  708.450967][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  708.528576][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  708.540398][T14779] batman_adv: batadv0: Interface activated: batadv_slave_0
[  708.550854][T14779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  708.568772][T14779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  708.602755][T14779] batman_adv: batadv0: Interface activated: batadv_slave_1
[  708.680420][T14779] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  708.721580][T14779] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  708.760066][T15220] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2776'.
[  708.769184][T14779] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  708.796171][T14779] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  708.810616][T15220] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  709.128863][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  709.360218][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  709.423202][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  709.431360][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  709.485126][T15239] lo speed is unknown, defaulting to 1000
[  709.509632][T15210] 9pnet_fd: Insufficient options for proto=fd
[  710.256152][T15258] netlink: 'syz.1.2670': attribute type 3 has an invalid length.
[  710.263986][T15258] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2670'.
[  710.359226][ T5132] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  710.369416][ T5132] Bluetooth: hci1: Injecting HCI hardware error event
[  710.382279][ T5132] Bluetooth: hci1: hardware error 0x00
[  710.506120][T15263] bridge0: port 3(syz_tun) entered blocking state
[  710.526614][T15263] bridge0: port 3(syz_tun) entered disabled state
[  710.533468][T15263] syz_tun: entered allmulticast mode
[  710.606485][T15263] syz_tun: entered promiscuous mode
[  710.613531][T15263] bridge0: port 3(syz_tun) entered blocking state
[  710.620118][T15263] bridge0: port 3(syz_tun) entered forwarding state
[  710.660997][T15266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2784'.
[  710.744813][T15273] netlink: 'syz.2.2787': attribute type 21 has an invalid length.
[  710.834901][T15266] syz_tun: left allmulticast mode
[  710.841799][T15266] syz_tun: left promiscuous mode
[  710.847407][T15266] bridge0: port 3(syz_tun) entered disabled state
[  710.860241][T15266] batadv1: left allmulticast mode
[  710.865654][T15266] batadv1: left promiscuous mode
[  710.887454][T15266] bridge0: port 2(batadv1) entered disabled state
[  710.939600][T15266] veth0_to_bridge: left allmulticast mode
[  710.950490][T15266] veth0_to_bridge: left promiscuous mode
[  710.961709][T15266] bridge0: port 1(veth0_to_bridge) entered disabled state
[  711.047342][T15273] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2787'.
[  711.057063][T15273] netlink: 'syz.2.2787': attribute type 1 has an invalid length.
[  711.273289][T15290] IPv6: Can't replace route, no match found
[  712.470802][ T5132] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  714.505340][T15340] netlink: 'syz.2.2798': attribute type 3 has an invalid length.
[  714.513254][T15340] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2798'.
[  715.460117][T15371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2805'.
[  716.458459][T15382] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2807'.
[  716.710632][T15397] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2812'.
[  718.095116][ T5132] Bluetooth: hci0: Malformed LE Event: 0x02
[  720.267094][T15475] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2830'.
[  722.023091][T15492] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2835'.
[  724.782577][T15521] netlink: 'syz.2.2847': attribute type 10 has an invalid length.
[  724.834913][T15521] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.842447][T15521] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.909200][T15524] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2847'.
[  724.954163][T15521] bridge0: left promiscuous mode
[  725.019254][T15521] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.026582][T15521] bridge0: port 2(bridge_slave_1) entered forwarding state
[  725.033997][T15521] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.041238][T15521] bridge0: port 1(bridge_slave_0) entered forwarding state
[  725.338635][T15521] bridge0: entered promiscuous mode
[  725.386496][T15521] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  725.631180][ T9525] bridge_slave_1: left promiscuous mode
[  725.637088][ T9525] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.877973][ T9525] bridge_slave_0: left allmulticast mode
[  725.883658][ T9525] bridge_slave_0: left promiscuous mode
[  725.965787][ T9525] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.159861][T12727] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  726.169571][T12727] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  726.177872][T12727] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  726.186045][T12727] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  726.195260][T12727] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  727.926984][ T9525] team0: Port device bridge0 removed
[  728.051461][T15552] netlink: 'syz.4.2854': attribute type 21 has an invalid length.
[  728.109658][T15553] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2853'.
[  728.226507][T12727] Bluetooth: hci2: command tx timeout
[  728.654349][ T9525] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  728.673924][ T9525] bond_slave_0: left promiscuous mode
[  728.682756][ T9525] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  728.696552][ T9525] bond_slave_1: left promiscuous mode
[  728.704658][ T9525] bond0 (unregistering): Released all slaves
[  728.722989][T15524] bridge_slave_1: left allmulticast mode
[  728.729039][T15524] bridge0: port 2(bridge_slave_1) entered disabled state
[  728.741045][T15524] bridge_slave_0: left allmulticast mode
[  728.747116][T15524] bridge0: port 1(bridge_slave_0) entered disabled state
[  728.803486][T15524] bond0: (slave bridge0): Releasing backup interface
[  728.812986][T15524] bridge0 (unregistering): left promiscuous mode
[  728.883825][T15552] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2854'.
[  728.914261][T15552] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2854'.
[  728.962778][T15559] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  728.972858][T15553] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2853'.
[  729.244716][T15540] lo speed is unknown, defaulting to 1000
[  730.007290][T15595] /dev/nullb0: Can't lookup blockdev
[  730.253035][ T9525] hsr_slave_0: left promiscuous mode
[  730.305596][T12727] Bluetooth: hci2: command tx timeout
[  730.392956][ T9525] hsr_slave_1: left promiscuous mode
[  730.418501][ T9525] batman_adv: batadv0: Removing interface: batadv_slave_0
[  730.588687][ T9525] batman_adv: batadv0: Removing interface: batadv_slave_1
[  732.386949][T12727] Bluetooth: hci2: command tx timeout
[  732.462152][ T9525] team0 (unregistering): Port device team_slave_1 removed
[  732.509790][ T9525] team0 (unregistering): Port device team_slave_0 removed
[  733.146179][T15613] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2868'.
[  733.227928][T15620] openvswitch: netlink: Key type 90 is out of range max 32
[  734.028245][ T9525] IPVS: stop unused estimator thread 0...
[  734.041176][T15540] chnl_net:caif_netlink_parms(): no params data found
[  734.465100][T12727] Bluetooth: hci2: command tx timeout
[  735.393284][T15540] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.434726][T15540] bridge0: port 1(bridge_slave_0) entered disabled state
[  735.465162][T15540] bridge_slave_0: entered allmulticast mode
[  735.483244][T15540] bridge_slave_0: entered promiscuous mode
[  735.518933][T15540] bridge0: port 2(bridge_slave_1) entered blocking state
[  735.539157][T15540] bridge0: port 2(bridge_slave_1) entered disabled state
[  735.557142][T15540] bridge_slave_1: entered allmulticast mode
[  735.575663][T15540] bridge_slave_1: entered promiscuous mode
[  735.766897][T15540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  735.806336][T15540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  735.977241][T15540] team0: Port device team_slave_0 added
[  736.037324][T15540] team0: Port device team_slave_1 added
[  736.321618][T15668] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2877'.
[  736.779939][T15540] batman_adv: batadv0: Adding interface: batadv_slave_0
[  736.843643][T15540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  736.989296][T15540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  737.002745][T15540] batman_adv: batadv0: Adding interface: batadv_slave_1
[  737.009834][T15540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  737.044962][T15540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  737.691482][T15674] /dev/nullb0: Can't lookup blockdev
[  737.730872][T15540] hsr_slave_0: entered promiscuous mode
[  737.754662][T15540] hsr_slave_1: entered promiscuous mode
[  737.772939][T15540] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  737.862149][T15540] Cannot create hsr debugfs directory
[  737.926249][T15687] netlink: 'syz.4.2881': attribute type 2 has an invalid length.
[  738.306347][T15694] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2882'.
[  738.528066][T15702] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  740.107314][T15723] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2886'.
[  740.440701][T15540] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  740.493249][T15540] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  740.557176][T15540] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  740.832937][T15734] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2888'.
[  741.259004][T15540] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  741.293200][T15734] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2888'.
[  741.685292][T15745] netlink: 'syz.4.2889': attribute type 3 has an invalid length.
[  741.693115][T15745] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2889'.
[  742.526182][T15752] netlink: 'syz.3.2890': attribute type 3 has an invalid length.
[  742.534009][T15752] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2890'.
[  742.998400][T15540] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.110300][T15540] 8021q: adding VLAN 0 to HW filter on device team0
[  743.196546][ T2136] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.203705][ T2136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  743.285874][   T64] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.294174][   T64] bridge0: port 2(bridge_slave_1) entered forwarding state
[  744.567312][T15540] 8021q: adding VLAN 0 to HW filter on device batadv0
[  744.780981][T15777] /dev/nullb0: Can't lookup blockdev
[  746.876897][T15540] veth0_vlan: entered promiscuous mode
[  746.914794][T15540] veth1_vlan: entered promiscuous mode
[  747.025122][ T5871] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  747.049092][T15540] veth0_macvtap: entered promiscuous mode
[  747.083334][T15540] veth1_macvtap: entered promiscuous mode
[  747.146508][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  747.175694][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.191870][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  747.198287][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  747.224525][ T5871] usb 2-1: Using ep0 maxpacket: 16
[  747.234512][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 73, changing to 10
[  747.264656][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 10179, setting to 1024
[  747.270106][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  747.314432][ T5871] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  747.345458][ T5871] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  747.367493][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.377425][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.396534][T15540] batman_adv: batadv0: Interface activated: batadv_slave_0
[  747.431273][ T5871] usb 2-1: config 0 descriptor??
[  747.449780][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  747.484723][T15804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  747.514336][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.539337][ T5871] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6
[  747.570940][T15540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  747.608726][T15540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.683588][T15540] batman_adv: batadv0: Interface activated: batadv_slave_1
[  747.755451][T15540] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  747.804848][T15540] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  747.813703][T15540] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  747.884446][T15540] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  748.770739][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.798765][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.192421][T15836] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  749.199653][T15836] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  749.208346][T15836] syztnl0: entered allmulticast mode
[  749.214034][T15836] : entered allmulticast mode
[  749.220199][T15836] batadv0: left promiscuous mode
[  749.228877][T15836] 
: entered allmulticast mode
[  749.364327][ T9525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.497045][ T9525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  750.895873][T10993] usb 2-1: USB disconnect, device number 3
[  752.772998][T15829] Process accounting resumed
[  752.930214][T15891] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2907'.
[  753.747313][T15899] batadv_slave_0: entered promiscuous mode
[  754.482024][T15899] batadv_slave_0: left promiscuous mode
[  754.867642][T15926] vxfs: WRONG superblock magic 00000000 at 1
[  754.982220][   T30] audit: type=1326 audit(2000000900.745:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa99585927 code=0x7ffc0000
[  755.010100][T15926] vxfs: WRONG superblock magic 00000000 at 8
[  755.060318][T15926] vxfs: can't find superblock.
[  755.079774][   T30] audit: type=1326 audit(2000000900.745:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa9952ab39 code=0x7ffc0000
[  755.140869][T15935] sctp: [Deprecated]: syz.4.2916 (pid 15935) Use of int in max_burst socket option.
[  755.140869][T15935] Use struct sctp_assoc_value instead
[  755.146131][   T30] audit: type=1326 audit(2000000900.745:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa99585927 code=0x7ffc0000
[  755.221476][   T30] audit: type=1326 audit(2000000900.745:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa9952ab39 code=0x7ffc0000
[  755.259804][   T30] audit: type=1326 audit(2000000900.745:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa99585927 code=0x7ffc0000
[  755.318504][   T30] audit: type=1326 audit(2000000900.745:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa9952ab39 code=0x7ffc0000
[  755.347341][   T30] audit: type=1326 audit(2000000900.745:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa99585927 code=0x7ffc0000
[  755.400619][   T30] audit: type=1326 audit(2000000900.745:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa9952ab39 code=0x7ffc0000
[  755.432563][   T30] audit: type=1326 audit(2000000900.745:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa99585927 code=0x7ffc0000
[  755.456170][   T30] audit: type=1326 audit(2000000900.745:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15921 comm="syz.2.2915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa9952ab39 code=0x7ffc0000
[  755.558849][T15917] syz.5.2912 (15917): drop_caches: 2
[  756.133958][T15949] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2920'.
[  758.332409][T15968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2927'.
[  758.815341][T15977] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2928'.
[  758.847802][T15977] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2928'.
[  759.123097][T15977] netlink: 'syz.4.2928': attribute type 11 has an invalid length.
[  759.532876][T15952] Process accounting resumed
[  760.104309][   T58] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  760.444846][T16002] /dev/nullb0: Can't lookup blockdev
[  760.985111][   T58] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  761.025520][   T58] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  761.069288][T16009] lo speed is unknown, defaulting to 1000
[  761.108126][   T58] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  761.133715][   T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  761.160131][   T58] usb 6-1: SerialNumber: syz
[  761.208026][   T58] cdc_ether 6-1:1.0: invalid descriptor buffer length
[  761.224991][   T58] usb 6-1: bad CDC descriptors
[  761.276397][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  761.276414][   T30] audit: type=1326 audit(2000000907.045:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16015 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492078e969 code=0x7ffc0000
[  762.220180][   T30] audit: type=1326 audit(2000000907.085:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16015 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f492078e969 code=0x7ffc0000
[  762.241816][   T30] audit: type=1326 audit(2000000907.085:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16015 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492078e969 code=0x7ffc0000
[  762.263641][   T30] audit: type=1326 audit(2000000907.085:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16015 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492078e969 code=0x7ffc0000
[  762.389591][   T30] audit: type=1326 audit(2000000907.085:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16015 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f492078e969 code=0x7ffc0000
[  762.389634][   T30] audit: type=1326 audit(2000000907.085:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16015 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492078e969 code=0x7ffc0000
[  762.389667][   T30] audit: type=1326 audit(2000000907.085:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16015 comm="syz.3.2938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f492078e969 code=0x7ffc0000
[  762.878331][T10993] usb 6-1: USB disconnect, device number 2
[  763.305960][T16026] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2940'.
[  763.345470][T16026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2940'.
[  763.405180][T16026] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2940'.
[  764.783655][ T5132] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  764.797023][ T5132] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  764.826463][ T5132] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  764.846603][ T5132] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  764.854772][ T5132] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  765.049815][T16064] lo speed is unknown, defaulting to 1000
[  765.353351][ T5871] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  765.499371][ T9525] batadv1: left promiscuous mode
[  765.529097][ T9525] bridge0: port 3(batadv1) entered disabled state
[  765.536525][ T5871] usb 2-1: config 0 has an invalid interface number: 106 but max is 0
[  765.545340][ T5871] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  765.563338][ T5871] usb 2-1: config 0 has no interface number 0
[  765.612414][ T5871] usb 2-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  765.629680][ T9525] bridge_slave_1: left promiscuous mode
[  765.651044][ T9525] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.658396][ T5871] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  765.703437][ T5871] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  765.755529][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  765.790826][ T9525] bridge_slave_0: left promiscuous mode
[  765.807200][ T5871] usb 2-1: config 0 descriptor??
[  765.814452][ T9525] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.822335][T16073] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  765.887877][ T5871] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  766.332022][T16094] vxfs: WRONG superblock magic 00000000 at 1
[  766.338231][T16094] vxfs: WRONG superblock magic 00000000 at 8
[  766.344301][T16094] vxfs: can't find superblock.
[  766.947009][T12727] Bluetooth: hci3: command tx timeout
[  766.955771][ T3521] usb 2-1: Failed to submit usb control message: -110
[  766.965101][ T3521] usb 2-1: unable to send the bmi data to the device: -110
[  767.047034][ T3521] usb 2-1: unable to get target info from device
[  767.096193][ T3521] usb 2-1: could not get target info (-110)
[  767.146113][ T3521] usb 2-1: could not probe fw (-110)
[  767.731940][ T9525] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  767.767633][ T9525] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  767.782632][ T9525] bond0 (unregistering): Released all slaves
[  768.488353][ T9525] : left promiscuous mode
[  768.783957][T16064] chnl_net:caif_netlink_parms(): no params data found
[  769.024520][T12727] Bluetooth: hci3: command tx timeout
[  769.255457][T16095] Process accounting resumed
[  769.260840][ T9525] hsr_slave_0: left promiscuous mode
[  769.294253][ T5819] usb 2-1: USB disconnect, device number 4
[  769.337341][ T9525] hsr_slave_1: left promiscuous mode
[  769.357009][ T9525] batman_adv: batadv0: Removing interface: batadv_slave_0
[  769.508638][ T9525] batman_adv: batadv0: Removing interface: batadv_slave_1
[  770.478566][T16144] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2957'.
[  771.113073][T12727] Bluetooth: hci3: command tx timeout
[  771.713796][T16154] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2959'.
[  772.913203][ T9525] team0 (unregistering): Port device team_slave_1 removed
[  772.981579][ T9525] team0 (unregistering): Port device team_slave_0 removed
[  773.194294][T12727] Bluetooth: hci3: command tx timeout
[  773.939481][T16144] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2957'.
[  773.940295][T16064] bridge0: port 1(bridge_slave_0) entered blocking state
[  773.958869][T16064] bridge0: port 1(bridge_slave_0) entered disabled state
[  773.969055][T16064] bridge_slave_0: entered allmulticast mode
[  774.089199][T16169] vxfs: WRONG superblock magic 00000000 at 1
[  774.095263][T16169] vxfs: WRONG superblock magic 00000000 at 8
[  774.101249][T16169] vxfs: can't find superblock.
[  774.496709][T16064] bridge_slave_0: entered promiscuous mode
[  774.519716][T16154] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2959'.
[  774.560888][T16064] bridge0: port 2(bridge_slave_1) entered blocking state
[  774.750661][T16175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2964'.
[  775.409811][T16064] bridge0: port 2(bridge_slave_1) entered disabled state
[  775.447934][T16064] bridge_slave_1: entered allmulticast mode
[  775.455684][T16064] bridge_slave_1: entered promiscuous mode
[  775.501735][T16180] netlink: 'syz.3.2966': attribute type 1 has an invalid length.
[  775.681850][T16183] Invalid ELF header magic: != ELF
[  775.924126][T16189] netlink: 'syz.5.2967': attribute type 3 has an invalid length.
[  775.932370][T16189] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.2967'.
[  776.184011][T16064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  776.216311][T16064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  776.371143][T16064] team0: Port device team_slave_0 added
[  776.427068][T16064] team0: Port device team_slave_1 added
[  777.579272][T16064] batman_adv: batadv0: Adding interface: batadv_slave_0
[  777.657204][T16064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  777.683906][T16064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  777.743136][T16218] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2974'.
[  777.755939][T16064] batman_adv: batadv0: Adding interface: batadv_slave_1
[  777.772688][T16064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  777.949373][T16064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  778.425156][T16064] hsr_slave_0: entered promiscuous mode
[  778.463573][T16064] hsr_slave_1: entered promiscuous mode
[  778.469917][T16064] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  778.513375][T16064] Cannot create hsr debugfs directory
[  780.762626][ T5819] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  780.964381][ T5819] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  781.130416][ T5819] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  781.165150][ T5819] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  781.197926][ T5819] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  781.226312][ T5819] usb 2-1: Product: syz
[  781.238048][ T5819] usb 2-1: Manufacturer: syz
[  781.247843][ T5819] usb 2-1: SerialNumber: syz
[  781.278131][ T5819] usb 2-1: config 0 descriptor??
[  781.389954][T16263] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  781.397830][T16263] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  781.517269][T16064] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  781.548669][T16064] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  781.627151][T16263] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  781.661927][T16064] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  781.662828][T16263] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  781.710317][T16064] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  781.876750][T16287] delete_channel: no stack
[  781.930915][T16277] netlink: 'syz.5.2983': attribute type 11 has an invalid length.
[  782.166939][T16064] 8021q: adding VLAN 0 to HW filter on device bond0
[  782.193378][ T5819] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  782.237170][T16064] 8021q: adding VLAN 0 to HW filter on device team0
[  782.267371][ T3430] bridge0: port 1(bridge_slave_0) entered blocking state
[  782.274620][ T3430] bridge0: port 1(bridge_slave_0) entered forwarding state
[  782.313905][ T9525] bridge0: port 2(bridge_slave_1) entered blocking state
[  782.321077][ T9525] bridge0: port 2(bridge_slave_1) entered forwarding state
[  782.608843][ T5819] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  782.646284][ T5819] usb 2-1: USB disconnect, device number 5
[  782.849822][T16310] overlay: ./file1 is not a directory
[  785.220679][T16064] 8021q: adding VLAN 0 to HW filter on device batadv0
[  785.888659][T16348] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2993'.
[  786.553802][T16064] veth0_vlan: entered promiscuous mode
[  786.614474][T16064] veth1_vlan: entered promiscuous mode
[  786.779261][T16064] veth0_macvtap: entered promiscuous mode
[  786.829132][T16064] veth1_macvtap: entered promiscuous mode
[  786.885625][T16064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  786.922209][T16064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  786.942305][T16064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  786.967924][T16064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  786.989066][T16064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  787.013924][T16064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  787.041301][T16064] batman_adv: batadv0: Interface activated: batadv_slave_0
[  787.235349][T16064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  787.245994][T16064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  787.255950][T16064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  787.266610][T16064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  787.660801][   T30] audit: type=1326 audit(2000000933.136:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16379 comm="syz.1.2998" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c7db8e969 code=0x0
[  787.744018][T16387] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2998'.
[  787.753174][T16387] nbd: must specify at least one socket
[  787.852837][T16064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  787.863534][T16064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  787.881493][   T30] audit: type=1326 audit(2000000933.536:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16379 comm="syz.1.2998" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9c7db8e969 code=0x0
[  787.896787][T16064] batman_adv: batadv0: Interface activated: batadv_slave_1
[  787.963506][T16064] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  788.097635][T16064] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  788.129457][T16064] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  788.162137][T16064] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  788.406949][T10984] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  788.555400][ T3430] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  788.592096][T10984] usb 6-1: Using ep0 maxpacket: 8
[  788.616303][T10984] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  788.618690][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  788.637069][ T3430] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  788.652683][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  788.652904][T10984] usb 6-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  788.688251][T10984] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.698379][T16397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3001'.
[  788.720209][T10984] usb 6-1: config 0 descriptor??
[  788.741505][T10984] gspca_main: vc032x-2.14.0 probing 046d:0892
[  789.195605][T10984] gspca_vc032x: reg_w err -71
[  789.242006][T10984] vc032x 6-1:0.0: probe with driver vc032x failed with error -71
[  789.302080][T10984] usb 6-1: USB disconnect, device number 3
[  790.646840][T16414] siw: device registration error -23
[  791.196616][ T5869] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  791.420493][ T5869] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  791.458400][ T5869] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  791.533605][ T5869] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  791.568870][ T5869] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  791.595058][ T5869] usb 6-1: SerialNumber: syz
[  791.647065][ T5869] cdc_ether 6-1:1.0: invalid descriptor buffer length
[  791.664435][ T5869] usb 6-1: bad CDC descriptors
[  791.728903][ T5132] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  791.748620][ T5132] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  791.758853][ T5132] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  791.772049][ T5132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  791.779827][ T5132] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  791.860952][T10984] usb 6-1: USB disconnect, device number 4
[  791.994093][ T9525] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  792.040041][T16420] lo speed is unknown, defaulting to 1000
[  792.247388][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3010'.
[  792.263909][ T9525] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  792.759924][ T9525] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  792.949246][ T9525] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  793.595649][T16459] vxfs: WRONG superblock magic 00000000 at 1
[  793.603236][T16459] vxfs: WRONG superblock magic 00000000 at 8
[  793.609279][T16459] vxfs: can't find superblock.
[  793.907054][T12727] Bluetooth: hci0: command tx timeout
[  794.878830][T16487] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3023'.
[  795.303426][T16495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3024'.
[  795.981846][T12727] Bluetooth: hci0: command tx timeout
[  796.978822][ T9525] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  797.000713][ T9525] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  797.025602][ T9525] bond0 (unregistering): Released all slaves
[  797.309061][ T9525] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[  797.368895][T16508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3027'.
[  797.387818][ T9525] veth0_to_bond: left allmulticast mode
[  797.395068][ T9525] bond1 (unregistering): Released all slaves
[  797.531793][T16420] chnl_net:caif_netlink_parms(): no params data found
[  797.759918][T16520] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3031'.
[  797.771518][T16520] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3031'.
[  798.111767][T12727] Bluetooth: hci0: command tx timeout
[  800.141434][T12727] Bluetooth: hci0: command tx timeout
[  800.991593][T16538] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3033'.
[  801.731819][T16522] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3030'.
[  801.790866][T16538] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3033'.
[  801.917709][T16539] tipc: Started in network mode
[  801.931391][T16539] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  801.990296][T16539] tipc: Enabled bearer <udp:s>, priority 10
[  802.035909][T16528] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3032'.
[  802.363021][T16420] bridge0: port 1(bridge_slave_0) entered blocking state
[  802.381453][T16420] bridge0: port 1(bridge_slave_0) entered disabled state
[  802.399033][T16420] bridge_slave_0: entered allmulticast mode
[  802.422823][T16420] bridge_slave_0: entered promiscuous mode
[  802.630140][T16420] bridge0: port 2(bridge_slave_1) entered blocking state
[  802.912449][T16558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3038'.
[  803.005559][T16420] bridge0: port 2(bridge_slave_1) entered disabled state
[  803.092563][T16420] bridge_slave_1: entered allmulticast mode
[  803.100478][T16420] bridge_slave_1: entered promiscuous mode
[  803.187560][   T58] tipc: Node number set to 4269801488
[  803.320561][T16420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  803.356444][T16420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  803.399318][ T9525] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  803.409283][ T9525] batman_adv: batadv0: Removing interface: batadv_slave_0
[  803.481868][ T9525] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  803.523781][ T9525] batman_adv: batadv0: Removing interface: batadv_slave_1
[  804.412576][T16584] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3042'.
[  804.423877][T16584] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3042'.
[  805.601482][T16415] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  805.743330][T16415] usb 6-1: device descriptor read/64, error -71
[  805.882859][   T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  805.981150][T16415] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  806.048555][   T10] usb 2-1: Using ep0 maxpacket: 16
[  806.055382][ T9525] team0 (unregistering): Port device team_slave_1 removed
[  806.056660][   T10] usb 2-1: config 0 has an invalid interface number: 111 but max is 0
[  806.072458][   T10] usb 2-1: config 0 has no interface number 0
[  806.078917][   T10] usb 2-1: config 0 interface 111 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  806.095886][   T10] usb 2-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=fc.66
[  806.105296][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.113727][T16415] usb 6-1: device descriptor read/64, error -71
[  806.114359][   T10] usb 2-1: Product: syz
[  806.128130][   T10] usb 2-1: Manufacturer: syz
[  806.134072][   T10] usb 2-1: SerialNumber: syz
[  806.143208][ T9525] team0 (unregistering): Port device team_slave_0 removed
[  806.149702][   T10] usb 2-1: config 0 descriptor??
[  806.244846][T16415] usb usb6-port1: attempt power cycle
[  806.303679][   T10] ushc 2-1:0.111: probe with driver ushc failed with error -110
[  806.379185][   T10] usb 2-1: USB disconnect, device number 6
[  806.601102][T16415] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  806.634356][T16415] usb 6-1: device descriptor read/8, error -71
[  806.744187][T10993] lo speed is unknown, defaulting to 1000
[  806.771188][T10993] infiniband syz0: ib_query_port failed (-19)
[  806.784919][T16420] team0: Port device team_slave_0 added
[  806.809757][T16420] team0: Port device team_slave_1 added
[  806.881652][T16415] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  806.921824][T16415] usb 6-1: device descriptor read/8, error -71
[  807.055710][T16415] usb usb6-port1: unable to enumerate USB device
[  807.083453][T16420] batman_adv: batadv0: Adding interface: batadv_slave_0
[  807.093440][T16420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  807.154910][T16420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  807.315422][T16420] batman_adv: batadv0: Adding interface: batadv_slave_1
[  807.336189][T16420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  807.362151][    C0] vkms_vblank_simulate: vblank timer overrun
[  807.443084][T16420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  808.772011][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  808.778691][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  808.994178][T16420] hsr_slave_0: entered promiscuous mode
[  809.006496][T16420] hsr_slave_1: entered promiscuous mode
[  809.415500][T16634] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3052'.
[  810.869198][ T5132] Bluetooth: hci4: command 0x0406 tx timeout
[  811.412234][T10983] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  812.227805][T10983] usb 2-1: config 0 has an invalid interface number: 106 but max is 0
[  812.240954][T10983] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  812.260847][T10983] usb 2-1: config 0 has no interface number 0
[  812.268574][T10983] usb 2-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  812.368698][T10983] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  812.415106][T10983] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  812.440718][T10983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  812.472962][T10983] usb 2-1: config 0 descriptor??
[  812.481441][T16650] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  812.507215][T10983] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  813.610264][ T8121] usb 2-1: Failed to submit usb control message: -110
[  813.642213][ T8121] usb 2-1: unable to send the bmi data to the device: -110
[  813.678828][ T8121] usb 2-1: unable to get target info from device
[  813.699893][ T8121] usb 2-1: could not get target info (-110)
[  813.737486][T16679] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3062'.
[  813.757606][ T8121] usb 2-1: could not probe fw (-110)
[  815.419521][T16420] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  815.456008][T16420] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  815.643503][T16420] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  816.804134][T16715] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.846440][T16715] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.905419][T16694] Process accounting resumed
[  816.917270][ T5819] usb 2-1: USB disconnect, device number 7
[  817.087322][T16420] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  818.286431][T16420] 8021q: adding VLAN 0 to HW filter on device bond0
[  818.379433][T16420] 8021q: adding VLAN 0 to HW filter on device team0
[  818.425731][ T6678] bridge0: port 1(bridge_slave_0) entered blocking state
[  818.432955][ T6678] bridge0: port 1(bridge_slave_0) entered forwarding state
[  821.565556][T16420] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  821.590307][T16420] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  821.674377][ T6678] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.681608][ T6678] bridge0: port 2(bridge_slave_1) entered forwarding state
[  822.036096][T16748] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3074'.
[  823.952934][T16420] 8021q: adding VLAN 0 to HW filter on device batadv0
[  824.085996][T16791] FAULT_INJECTION: forcing a failure.
[  824.085996][T16791] name failslab, interval 1, probability 0, space 0, times 0
[  824.139313][T16791] CPU: 1 UID: 0 PID: 16791 Comm: syz.5.3080 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  824.139337][T16791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  824.139347][T16791] Call Trace:
[  824.139353][T16791]  <TASK>
[  824.139361][T16791]  dump_stack_lvl+0x189/0x250
[  824.139389][T16791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  824.139410][T16791]  ? __pfx__printk+0x10/0x10
[  824.139439][T16791]  ? __pfx___might_resched+0x10/0x10
[  824.139465][T16791]  should_fail_ex+0x414/0x560
[  824.139503][T16791]  should_failslab+0xa8/0x100
[  824.139528][T16791]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  824.139550][T16791]  ? __alloc_skb+0x112/0x2d0
[  824.139565][T16791]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  824.139591][T16791]  __alloc_skb+0x112/0x2d0
[  824.139613][T16791]  __ip6_append_data+0x2b5a/0x3dc0
[  824.139648][T16791]  ? __pfx_raw6_getfrag+0x10/0x10
[  824.139683][T16791]  ? __pfx___ip6_append_data+0x10/0x10
[  824.139711][T16791]  ip6_append_data+0x1c4/0x380
[  824.139732][T16791]  ? __pfx_raw6_getfrag+0x10/0x10
[  824.139753][T16791]  rawv6_sendmsg+0x1245/0x17f0
[  824.139787][T16791]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  824.139810][T16791]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  824.139851][T16791]  ? sock_rps_record_flow+0x19/0x400
[  824.139874][T16791]  ? inet_sendmsg+0x2f4/0x370
[  824.139892][T16791]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  824.139911][T16791]  __sock_sendmsg+0x19c/0x270
[  824.139936][T16791]  sock_write_iter+0x258/0x330
[  824.139959][T16791]  ? __pfx_sock_write_iter+0x10/0x10
[  824.139988][T16791]  ? __lock_acquire+0xaac/0xd20
[  824.140014][T16791]  do_iter_readv_writev+0x56b/0x7f0
[  824.140039][T16791]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  824.140063][T16791]  ? bpf_lsm_file_permission+0x9/0x20
[  824.140077][T16791]  ? security_file_permission+0x75/0x290
[  824.140096][T16791]  ? rw_verify_area+0x258/0x650
[  824.140119][T16791]  vfs_writev+0x306/0x9a0
[  824.140133][T16791]  ? vfs_write+0x8d8/0xa90
[  824.140159][T16791]  ? __pfx_vfs_writev+0x10/0x10
[  824.140189][T16791]  ? __fget_files+0x2a/0x420
[  824.140215][T16791]  ? __fget_files+0x3a0/0x420
[  824.140236][T16791]  ? __fget_files+0x2a/0x420
[  824.140266][T16791]  do_writev+0x14d/0x2d0
[  824.140283][T16791]  ? __pfx_do_writev+0x10/0x10
[  824.140301][T16791]  ? do_syscall_64+0xba/0x210
[  824.140323][T16791]  do_syscall_64+0xf6/0x210
[  824.140342][T16791]  ? clear_bhb_loop+0x45/0xa0
[  824.140362][T16791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.140378][T16791] RIP: 0033:0x7f91b5b8e969
[  824.140393][T16791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  824.140407][T16791] RSP: 002b:00007f91b69db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  824.140425][T16791] RAX: ffffffffffffffda RBX: 00007f91b5db5fa0 RCX: 00007f91b5b8e969
[  824.140435][T16791] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[  824.140445][T16791] RBP: 00007f91b69db090 R08: 0000000000000000 R09: 0000000000000000
[  824.140454][T16791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  824.140463][T16791] R13: 0000000000000000 R14: 00007f91b5db5fa0 R15: 00007ffec39c8bc8
[  824.140493][T16791]  </TASK>
[  824.558879][T16420] veth0_vlan: entered promiscuous mode
[  824.679083][T16420] veth1_vlan: entered promiscuous mode
[  824.997578][T16809] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3082'.
[  825.006824][T16809] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3082'.
[  825.405195][T16420] veth0_macvtap: entered promiscuous mode
[  825.417521][T16420] veth1_macvtap: entered promiscuous mode
[  825.436390][T16420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  825.702390][T16420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.712325][T16420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  825.723290][T16420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.733642][T16420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  825.749244][T16420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.760055][T10984] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  825.777658][T16420] batman_adv: batadv0: Interface activated: batadv_slave_0
[  825.798286][T16420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  825.834433][T16420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.846590][T16420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  825.862949][T16420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.880182][T16420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  825.895935][T16420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  825.921385][T16420] batman_adv: batadv0: Interface activated: batadv_slave_1
[  825.984000][T16420] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  826.005509][T10984] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  826.015007][T16420] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  826.039998][T10984] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  826.041936][T16420] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  826.098029][T16420] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  826.251284][T10984] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  826.269912][T10984] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  826.277985][T10984] usb 6-1: SerialNumber: syz
[  826.312617][T10984] cdc_ether 6-1:1.0: invalid descriptor buffer length
[  826.328648][T10984] usb 6-1: bad CDC descriptors
[  827.239680][   T10] usb 6-1: USB disconnect, device number 9
[  827.259748][T16838] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3090'.
[  827.735823][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  827.769622][T16825] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3088'.
[  827.789895][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  827.797940][T16859] netfs: Couldn't get user pages (rc=-14)
[  827.890155][T10993] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  828.123121][T10993] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  828.219030][T10993] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 3
[  828.232978][T10993] usb 5-1: config 220 interface 0 has no altsetting 0
[  828.254179][T10993] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  828.343765][T10993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.457259][T16526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  828.658474][T10993] usb 5-1: Product: syz
[  828.691074][T16526] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  828.726922][T10993] usb 5-1: Manufacturer: syz
[  828.732551][T10993] usb 5-1: SerialNumber: syz
[  828.831969][ T9525] ==================================================================
[  828.840246][ T9525] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x1da/0x5f0
[  828.847885][ T9525] Read of size 4 at addr ffff88802afd9b78 by task kworker/u8:15/9525
[  828.855943][ T9525] 
[  828.858262][ T9525] CPU: 1 UID: 0 PID: 9525 Comm: kworker/u8:15 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  828.858279][ T9525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  828.858288][ T9525] Workqueue: events_unbound netfs_write_collection_worker
[  828.858311][ T9525] Call Trace:
[  828.858317][ T9525]  <TASK>
[  828.858323][ T9525]  dump_stack_lvl+0x189/0x250
[  828.858347][ T9525]  ? __kasan_check_byte+0x12/0x40
[  828.858366][ T9525]  ? __pfx_dump_stack_lvl+0x10/0x10
[  828.858380][ T9525]  ? lock_release+0x4b/0x3e0
[  828.858394][ T9525]  ? lock_release+0x4b/0x3e0
[  828.858410][ T9525]  ? __virt_addr_valid+0x469/0x540
[  828.858425][ T9525]  print_report+0xb4/0x290
[  828.858438][ T9525]  ? iov_iter_revert+0x1da/0x5f0
[  828.858451][ T9525]  kasan_report+0x118/0x150
[  828.858467][ T9525]  ? iov_iter_revert+0x1da/0x5f0
[  828.858486][ T9525]  iov_iter_revert+0x1da/0x5f0
[  828.858503][ T9525]  netfs_retry_writes+0x1645/0x1840
[  828.858516][ T9525]  ? do_raw_spin_unlock+0x122/0x240
[  828.858530][ T9525]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  828.858547][ T9525]  ? __pfx_netfs_retry_writes+0x10/0x10
[  828.858557][ T9525]  ? __lock_acquire+0xaac/0xd20
[  828.858573][ T9525]  ? do_raw_spin_lock+0x121/0x290
[  828.858588][ T9525]  netfs_write_collection_worker+0x2007/0x2bd0
[  828.858619][ T9525]  ? process_scheduled_works+0x9ec/0x17a0
[  828.858637][ T9525]  process_scheduled_works+0xadb/0x17a0
[  828.858661][ T9525]  ? __pfx_process_scheduled_works+0x10/0x10
[  828.858682][ T9525]  worker_thread+0x8a0/0xda0
[  828.858698][ T9525]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  828.858712][ T9525]  ? __kthread_parkme+0x7b/0x200
[  828.858726][ T9525]  kthread+0x70e/0x8a0
[  828.858739][ T9525]  ? __pfx_worker_thread+0x10/0x10
[  828.858758][ T9525]  ? __pfx_kthread+0x10/0x10
[  828.858772][ T9525]  ? __pfx_kthread+0x10/0x10
[  828.858783][ T9525]  ? _raw_spin_unlock_irq+0x23/0x50
[  828.858794][ T9525]  ? lockdep_hardirqs_on+0x9c/0x150
[  828.858806][ T9525]  ? __pfx_kthread+0x10/0x10
[  828.858818][ T9525]  ret_from_fork+0x4b/0x80
[  828.858828][ T9525]  ? __pfx_kthread+0x10/0x10
[  828.858840][ T9525]  ret_from_fork_asm+0x1a/0x30
[  828.858860][ T9525]  </TASK>
[  828.858865][ T9525] 
[  829.070286][ T9525] Allocated by task 16859:
[  829.074686][ T9525]  kasan_save_track+0x3e/0x80
[  829.079357][ T9525]  __kasan_kmalloc+0x93/0xb0
[  829.083931][ T9525]  __kmalloc_cache_noprof+0x230/0x3d0
[  829.089295][ T9525]  kmem_cache_free+0x169/0x3f0
[  829.094081][ T9525]  p9_req_put+0x19b/0x1f0
[  829.098401][ T9525]  p9_client_write+0x3f5/0x740
[  829.103155][ T9525]  v9fs_issue_write+0xdd/0x180
[  829.107904][ T9525]  netfs_end_issue_write+0x17d/0x410
[  829.113170][ T9525]  netfs_unbuffered_write+0x585/0x600
[  829.118523][ T9525]  netfs_unbuffered_write_iter_locked+0x443/0x990
[  829.124927][ T9525]  netfs_unbuffered_write_iter+0x4c4/0x660
[  829.130727][ T9525]  vfs_write+0x548/0xa90
[  829.134959][ T9525]  ksys_write+0x145/0x250
[  829.139272][ T9525]  do_syscall_64+0xf6/0x210
[  829.144288][ T9525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  829.150177][ T9525] 
[  829.152502][ T9525] Freed by task 23:
[  829.156291][ T9525]  kasan_save_track+0x3e/0x80
[  829.160961][ T9525]  kasan_save_free_info+0x46/0x50
[  829.165972][ T9525]  __kasan_slab_free+0x62/0x70
[  829.170728][ T9525]  kfree+0x193/0x440
[  829.174616][ T9525]  slab_free_after_rcu_debug+0x62/0x290
[  829.180152][ T9525]  rcu_core+0xca5/0x1710
[  829.184392][ T9525]  handle_softirqs+0x283/0x870
[  829.189141][ T9525]  run_ksoftirqd+0x9b/0x100
[  829.193626][ T9525]  smpboot_thread_fn+0x53f/0xa60
[  829.198550][ T9525]  kthread+0x70e/0x8a0
[  829.202601][ T9525]  ret_from_fork+0x4b/0x80
[  829.206999][ T9525]  ret_from_fork_asm+0x1a/0x30
[  829.211753][ T9525] 
[  829.214058][ T9525] Last potentially related work creation:
[  829.219767][ T9525]  kasan_save_stack+0x3e/0x60
[  829.224430][ T9525]  kasan_record_aux_stack+0xbc/0xd0
[  829.229616][ T9525]  call_rcu+0x142/0x990
[  829.233762][ T9525]  kmem_cache_free+0x301/0x3f0
[  829.238512][ T9525]  p9_req_put+0x19b/0x1f0
[  829.242830][ T9525]  p9_client_write+0x3f5/0x740
[  829.247582][ T9525]  v9fs_issue_write+0xdd/0x180
[  829.252331][ T9525]  netfs_end_issue_write+0x17d/0x410
[  829.257599][ T9525]  netfs_unbuffered_write+0x585/0x600
[  829.262960][ T9525]  netfs_unbuffered_write_iter_locked+0x443/0x990
[  829.269361][ T9525]  netfs_unbuffered_write_iter+0x4c4/0x660
[  829.275152][ T9525]  vfs_write+0x548/0xa90
[  829.279380][ T9525]  ksys_write+0x145/0x250
[  829.283696][ T9525]  do_syscall_64+0xf6/0x210
[  829.288186][ T9525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  829.294062][ T9525] 
[  829.296379][ T9525] The buggy address belongs to the object at ffff88802afd9b40
[  829.296379][ T9525]  which belongs to the cache kmalloc-32 of size 32
[  829.310252][ T9525] The buggy address is located 24 bytes to the right of
[  829.310252][ T9525]  allocated 32-byte region [ffff88802afd9b40, ffff88802afd9b60)
[  829.324729][ T9525] 
[  829.327039][ T9525] The buggy address belongs to the physical page:
[  829.333442][ T9525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2afd9
[  829.342183][ T9525] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  829.349719][ T9525] page_type: f5(slab)
[  829.353687][ T9525] raw: 00fff00000000000 ffff88801a041780 0000000000000000 dead000000000001
[  829.362252][ T9525] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  829.370843][ T9525] page dumped because: kasan: bad access detected
[  829.377247][ T9525] page_owner tracks the page as allocated
[  829.382948][ T9525] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 6678, tgid 6678 (kworker/u8:12), ts 190401559982, free_ts 168664449202
[  829.401342][ T9525]  post_alloc_hook+0x1d8/0x230
[  829.406102][ T9525]  get_page_from_freelist+0x21c7/0x22a0
[  829.411632][ T9525]  __alloc_frozen_pages_noprof+0x181/0x370
[  829.417424][ T9525]  alloc_pages_mpol+0x232/0x4a0
[  829.422259][ T9525]  allocate_slab+0x8a/0x3b0
[  829.426757][ T9525]  ___slab_alloc+0xbfc/0x1480
[  829.431417][ T9525]  __kmalloc_cache_noprof+0x296/0x3d0
[  829.436778][ T9525]  kmem_cache_free+0x169/0x3f0
[  829.441529][ T9525]  io_req_caches_free+0xa4/0x110
[  829.446456][ T9525]  io_ring_exit_work+0x3d8/0x880
[  829.451378][ T9525]  process_scheduled_works+0xadb/0x17a0
[  829.456911][ T9525]  worker_thread+0x8a0/0xda0
[  829.461491][ T9525]  kthread+0x70e/0x8a0
[  829.465547][ T9525]  ret_from_fork+0x4b/0x80
[  829.469947][ T9525]  ret_from_fork_asm+0x1a/0x30
[  829.474699][ T9525] page last free pid 7099 tgid 7089 stack trace:
[  829.481013][ T9525]  __free_frozen_pages+0xb05/0xcd0
[  829.486116][ T9525]  __slab_free+0x326/0x400
[  829.490517][ T9525]  qlist_free_all+0x9a/0x140
[  829.495093][ T9525]  kasan_quarantine_reduce+0x148/0x160
[  829.500535][ T9525]  __kasan_krealloc+0x1f/0x140
[  829.505285][ T9525]  krealloc_noprof+0x1b6/0x330
[  829.510043][ T9525]  copy_array+0x63/0xf0
[  829.514185][ T9525]  copy_verifier_state+0x848/0xed0
[  829.519284][ T9525]  pop_stack+0x8f/0x470
[  829.523427][ T9525]  do_check+0x70a2/0xd630
[  829.527754][ T9525]  do_check_common+0x168d/0x20b0
[  829.532696][ T9525]  bpf_check+0x13679/0x19a70
[  829.537285][ T9525]  bpf_prog_load+0x1318/0x1930
[  829.542073][ T9525]  __sys_bpf+0x5f1/0x860
[  829.546306][ T9525]  __x64_sys_bpf+0x7c/0x90
[  829.550796][ T9525]  do_syscall_64+0xf6/0x210
[  829.555291][ T9525] 
[  829.557606][ T9525] Memory state around the buggy address:
[  829.563221][ T9525]  ffff88802afd9a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  829.571266][ T9525]  ffff88802afd9a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  829.579323][ T9525] >ffff88802afd9b00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  829.587364][ T9525]                                                                 ^
[  829.595324][ T9525]  ffff88802afd9b80: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  829.603376][ T9525]  ffff88802afd9c00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  829.611419][ T9525] ==================================================================
[  829.678963][T10993] usb 5-1: Found UVC 0.00 device syz (8086:0b07)
[  829.694150][T10993] usb 5-1: No valid video chain found.
[  829.700038][ T9525] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  829.707255][ T9525] CPU: 0 UID: 0 PID: 9525 Comm: kworker/u8:15 Not tainted 6.15.0-rc5-syzkaller-00022-g01f95500a162 #0 PREEMPT(full) 
[  829.719504][ T9525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  829.729575][ T9525] Workqueue: events_unbound netfs_write_collection_worker
[  829.736713][ T9525] Call Trace:
[  829.740004][ T9525]  <TASK>
[  829.742951][ T9525]  dump_stack_lvl+0x99/0x250
[  829.747560][ T9525]  ? __asan_memcpy+0x40/0x70
[  829.752165][ T9525]  ? __pfx_dump_stack_lvl+0x10/0x10
[  829.757372][ T9525]  ? __pfx__printk+0x10/0x10
[  829.761983][ T9525]  panic+0x2db/0x790
[  829.765895][ T9525]  ? __pfx_preempt_schedule+0x10/0x10
[  829.771276][ T9525]  ? __pfx_panic+0x10/0x10
[  829.775714][ T9525]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  829.781679][ T9525]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  829.788040][ T9525]  ? iov_iter_revert+0x1da/0x5f0
[  829.792987][ T9525]  check_panic_on_warn+0x89/0xb0
[  829.797933][ T9525]  ? iov_iter_revert+0x1da/0x5f0
[  829.802861][ T9525]  end_report+0x78/0x160
[  829.807119][ T9525]  kasan_report+0x129/0x150
[  829.811730][ T9525]  ? iov_iter_revert+0x1da/0x5f0
[  829.816697][ T9525]  iov_iter_revert+0x1da/0x5f0
[  829.821459][ T9525]  netfs_retry_writes+0x1645/0x1840
[  829.826653][ T9525]  ? do_raw_spin_unlock+0x122/0x240
[  829.831842][ T9525]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  829.838158][ T9525]  ? __pfx_netfs_retry_writes+0x10/0x10
[  829.843686][ T9525]  ? __lock_acquire+0xaac/0xd20
[  829.848524][ T9525]  ? do_raw_spin_lock+0x121/0x290
[  829.853534][ T9525]  netfs_write_collection_worker+0x2007/0x2bd0
[  829.859694][ T9525]  ? process_scheduled_works+0x9ec/0x17a0
[  829.865406][ T9525]  process_scheduled_works+0xadb/0x17a0
[  829.870948][ T9525]  ? __pfx_process_scheduled_works+0x10/0x10
[  829.876925][ T9525]  worker_thread+0x8a0/0xda0
[  829.881507][ T9525]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  829.887821][ T9525]  ? __kthread_parkme+0x7b/0x200
[  829.892748][ T9525]  kthread+0x70e/0x8a0
[  829.896802][ T9525]  ? __pfx_worker_thread+0x10/0x10
[  829.902162][ T9525]  ? __pfx_kthread+0x10/0x10
[  829.906741][ T9525]  ? __pfx_kthread+0x10/0x10
[  829.911318][ T9525]  ? _raw_spin_unlock_irq+0x23/0x50
[  829.916520][ T9525]  ? lockdep_hardirqs_on+0x9c/0x150
[  829.921731][ T9525]  ? __pfx_kthread+0x10/0x10
[  829.926325][ T9525]  ret_from_fork+0x4b/0x80
[  829.930750][ T9525]  ? __pfx_kthread+0x10/0x10
[  829.935361][ T9525]  ret_from_fork_asm+0x1a/0x30
[  829.940133][ T9525]  </TASK>
[  829.943470][ T9525] Kernel Offset: disabled
[  829.947810][ T9525] Rebooting in 86400 seconds..