last executing test programs:

1m59.960878714s ago: executing program 1 (id=5449):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x7b89, 0x0, 0x0, 0x0)

1m59.819643314s ago: executing program 1 (id=5452):
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000002740)={0x53, 0xfffffffffffffffc, 0x3, 0x0, @buffer={0x29, 0x81, &(0x7f00000002c0)=""/129}, &(0x7f0000000140)="8536b6", 0x0, 0x10009, 0x10000, 0x1, 0x0})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2})
sendmmsg$inet6(r2, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000012c0)="1ce02c7a", 0xfe60}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000), 0x1}}], 0x3, 0x1c000)
bind$inet(r1, &(0x7f0000000300)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
fsetxattr$trusted_overlay_opaque(r0, 0x0, 0x0, 0x0, 0x2)
r3 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x16, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
shutdown(r3, 0x1)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)

1m59.783786817s ago: executing program 1 (id=5453):
mount(&(0x7f0000000100)=@sr0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000140)='udf\x00', 0x1214091, 0x0)
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)={0x4020, 0x10, 0x24}, 0x18)
r1 = fanotify_init(0x10, 0x2)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010001fff000000008000000800000000", @ANYRES32=0x0, @ANYBLOB="00000000003f00002400128009000100626f6e64000000001400028005001500000000000500010001000000"], 0x44}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffe, 0x0, 0x0, 0x18, "0076ba7d82000000002700000000f7ff6fd800"})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000013c0)={'ip6_vti0\x00', &(0x7f0000001340)={'syztnl2\x00', <r5=>0x0, 0x4, 0x9, 0x1, 0x0, 0x40, @empty, @remote, 0x80, 0x700, 0x7, 0x4}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000001400)={'batadv0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@bridge_dellink={0x20, 0x13, 0x1, 0x0, 0x8000000}, 0x20}}, 0x0)
sendmsg$nl_route(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000003580)=@bridge_delneigh={0x64, 0x1d, 0x100, 0x70bd25, 0x25dfdbfd, {0x7, 0x0, 0x0, r5, 0x1, 0x1c, 0x5}, [@NDA_FLAGS_EXT={0x8}, @NDA_CACHEINFO={0x0, 0x3, {0x2, 0x40000, 0x8001, 0x17}}, @NDA_IFINDEX={0x8, 0x8, r6}, @NDA_DST_MAC={0xa, 0x1, @local}, @NDA_DST_MAC={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @NDA_LLADDR={0xa, 0x2, @remote}, @NDA_LLADDR={0xa, 0x2, @broadcast}]}, 0x64}, 0x1, 0xba01, 0x0, 0x44844}, 0x0)
r8 = syz_open_pts(r3, 0x10000)
r9 = dup(r8)
fanotify_mark(r1, 0x1, 0x40001012, r9, 0x0)
read$FUSE(r9, &(0x7f0000001540)={0x2020}, 0x2020)
ioctl$SIOCSIFHWADDR(r9, 0x8924, &(0x7f0000001300)={'veth1_to_team\x00', @broadcast})
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000012c0)=0x3)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r9, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r10=>r0}, './cgroup/file0\x00'})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="705f300c00080005001909040002000104"], 0x11)
mknodat$loop(r0, &(0x7f00000000c0)='./cgroup\x00', 0x800, 0x0)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/partitions\x00', 0x0, 0x0)
preadv(r11, &(0x7f0000001500)=[{&(0x7f00000002c0)=""/4084, 0xff4}], 0x1, 0x202, 0x0)
io_setup(0x800, &(0x7f00000001c0)=<r12=>0x0)
io_cancel(r12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1ff, 0xffffffffffffffff, &(0x7f0000000200)="87d525b065e41c88bac7b990b4802cb102cae7bc23f41e7a5182718c3cc976b6aa", 0x21, 0x9, 0x0, 0x1, r10}, &(0x7f00000002c0))

1m59.659774755s ago: executing program 1 (id=5454):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000007000000030000000100000000000000752898799b3b47ed10e492edbed5f507fecd9d930cb991fa684288e5365bb6c6319a0095e608371742b0965a8625ca9a87da107df9739bb266a199c64d70361b00c5eedbd606a556ce0255dfff4e5b8ca721", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x4, &(0x7f0000000680)={0x3, 0x3, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_ethernet(0x8a, &(0x7f0000001500)=ANY=[@ANYBLOB="aaaaaaaaaaaab9007cfffe0000fd06907864010101ac1414aa00004e22000000000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac40000290780932010fdaafc5934857873e565d67f741080a000002000000000bfe06e2d4c3d9051200000005000000020000000100000000220e790348ff5395e18ef0931438051200000005000000090000007f00000790000000"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x200c000, &(0x7f0000000300)='usrquota')
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
chdir(&(0x7f0000000180)='./file1\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xe, 0xfff2}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x7}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x738}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4048084)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000001440), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000000)=0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
write$binfmt_misc(r4, &(0x7f0000000480)="e53f4f125a9d754baee76294e3becb1f1bf2f5bc6283f6a2a0daa60ba7ed28a3640e33447d4d3c557aed6c8a89a61ff32501c4f65e238c8036b3b208a7231cd7d5a9a265157eb1f9b1ed9db2976459084bb6830c683a84a75e28b54d51ff4266c7aad1fbbcf218a866c935194e74253dc98e865777749389f03ba3111fc07523a6fb6a16a738c965638304ccea61686287b2a3094e961e58a0d731002fef5736", 0xa0)
splice(r3, 0x0, r6, 0x0, 0x4ffe6, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
ptrace$poke(0x1, 0x0, &(0x7f0000000140), 0x282d)
ptrace$poke(0x4, r7, &(0x7f0000000080), 0x3ea)
quotactl_fd$Q_SETQUOTA(r2, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x4, 0x2, 0x6, 0x0, 0x2, 0x3, 0x1, 0x6, 0x7fffffff})
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1m58.441016454s ago: executing program 1 (id=5466):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0)
ioctl$SNDCTL_TMR_CONTINUE(r0, 0x5404)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000140)=@t={0x81, 0x6, 0x4})
syz_clone3(&(0x7f0000000080)={0x1e0001200, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = getpgid(0x0)
r2 = syz_pidfd_open(r1, 0x0)
pidfd_send_signal(r2, 0x21, 0x0, 0x4)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r4=>0x0], &(0x7f0000000340)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
r6 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000140)={&(0x7f0000000100)=[r5, r7, r4], 0x3})

1m58.168851871s ago: executing program 1 (id=5471):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_emit_ethernet(0x76, &(0x7f00000005c0)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x40, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "bdd7c3", 0x0, 0x0, 0x0, @loopback, @empty, [@routing={0x6}], "df7d270b77aa81ed"}}}}}}}, 0x0)
syz_io_uring_complete(r0)
fcntl$getownex(r1, 0x10, &(0x7f0000000000))
r2 = fcntl$dupfd(r1, 0x0, r1)
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'veth0\x00', <r7=>0x0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000540)=0xfffffffe, 0x0, 0x4)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000280), r8)
sendmsg$NFC_CMD_FW_DOWNLOAD(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r9, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '$'}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x2)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x421, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8, 0xb, r7}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80000}, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r12, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r13, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newqdisc={0x5c, 0x24, 0x20, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x2c, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x2}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x1}, @TCA_CAKE_RAW={0x8}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x9}]}}]}, 0x5c}}, 0x0)
sendto$packet(r10, &(0x7f0000000580)="44c394f305916c4516999da286dd", 0xe, 0x0, &(0x7f0000000340)={0x11, 0x0, r13, 0x1, 0x0, 0x6, @random="fb76f11b713b"}, 0x14)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="cc020000", @ANYRES16=r3, @ANYBLOB="d8d62bbd7000fedbdf2501000000a4020880740200801400040002e14d21e00001010000000000000000ac01098040000080060001000200000008000200ffffffff0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030001000000880000800600010002000000080002000a0101000500030003000000066ff07a2c671f528f000200fe800000000000000000000000a7003c0500030003000000060001000a00000014000200fe8800000000000000000000000056010500030001000000060001000a00000014000200ff010000000000000000000000000001050003000300000040000080060001000200000008000200ac1414150500030001000000060001000a0000001400020020010000000000000000000000000000050003000300e8b9f2769ba3054fb0d80000a0000080160001000200000008000200ac14142a0500030001000000060001000a00000014000200fe80000000000000000000000000003d0500030001000000060001000a00000014000200fe88000000000000000000000000000105000300020000000614000200fe8000000000000000000000000000bb0500030003000000060001000200000008000200ac1414aa05000300020000002400020071edb0601275e8e1e0d1cfe5e3d0c77916506867d278d07e155e12b4444bfec08c00098088000080060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000a00000014000200ff010000000000004b000000000000010500030003000000060001000200000008000200e00000010500030003000000020001000a000000140002000000000000000000000000000000000105000300020000002c000080200004000a004e2100000004fc000000000000000000000000000001010000000800", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="04000880"], 0x2cc}, 0x1, 0x0, 0x0, 0xd73bff460e35e4f1}, 0x20048080)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
get_mempolicy(&(0x7f00000006c0), &(0x7f0000000700), 0x67d5, &(0x7f000050b000/0x1000)=nil, 0x0)

1m58.098452843s ago: executing program 32 (id=5471):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_emit_ethernet(0x76, &(0x7f00000005c0)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x40, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "bdd7c3", 0x0, 0x0, 0x0, @loopback, @empty, [@routing={0x6}], "df7d270b77aa81ed"}}}}}}}, 0x0)
syz_io_uring_complete(r0)
fcntl$getownex(r1, 0x10, &(0x7f0000000000))
r2 = fcntl$dupfd(r1, 0x0, r1)
r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg1\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'veth0\x00', <r7=>0x0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x40, &(0x7f0000000540)=0xfffffffe, 0x0, 0x4)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000280), r8)
sendmsg$NFC_CMD_FW_DOWNLOAD(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r9, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '$'}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x2)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x421, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8, 0xb, r7}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80000}, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r12, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r13, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newqdisc={0x5c, 0x24, 0x20, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x2c, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x2}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x1}, @TCA_CAKE_RAW={0x8}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x9}]}}]}, 0x5c}}, 0x0)
sendto$packet(r10, &(0x7f0000000580)="44c394f305916c4516999da286dd", 0xe, 0x0, &(0x7f0000000340)={0x11, 0x0, r13, 0x1, 0x0, 0x6, @random="fb76f11b713b"}, 0x14)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="cc020000", @ANYRES16=r3, @ANYBLOB="d8d62bbd7000fedbdf2501000000a4020880740200801400040002e14d21e00001010000000000000000ac01098040000080060001000200000008000200ffffffff0500030000000000060001000a00000014000200fe8800000000000000000000000000010500030001000000880000800600010002000000080002000a0101000500030003000000066ff07a2c671f528f000200fe800000000000000000000000a7003c0500030003000000060001000a00000014000200fe8800000000000000000000000056010500030001000000060001000a00000014000200ff010000000000000000000000000001050003000300000040000080060001000200000008000200ac1414150500030001000000060001000a0000001400020020010000000000000000000000000000050003000300e8b9f2769ba3054fb0d80000a0000080160001000200000008000200ac14142a0500030001000000060001000a00000014000200fe80000000000000000000000000003d0500030001000000060001000a00000014000200fe88000000000000000000000000000105000300020000000614000200fe8000000000000000000000000000bb0500030003000000060001000200000008000200ac1414aa05000300020000002400020071edb0601275e8e1e0d1cfe5e3d0c77916506867d278d07e155e12b4444bfec08c00098088000080060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000a00000014000200ff010000000000004b000000000000010500030003000000060001000200000008000200e00000010500030003000000020001000a000000140002000000000000000000000000000000000105000300020000002c000080200004000a004e2100000004fc000000000000000000000000000001010000000800", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="04000880"], 0x2cc}, 0x1, 0x0, 0x0, 0xd73bff460e35e4f1}, 0x20048080)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
get_mempolicy(&(0x7f00000006c0), &(0x7f0000000700), 0x67d5, &(0x7f000050b000/0x1000)=nil, 0x0)

1m56.877086782s ago: executing program 0 (id=5492):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00800000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000040), 0x3, r1}, 0x38)
r2 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0xffffffff}, 0x3, 0x3, 0x8, 0x0, 0x1, 0x0, 'syz1\x00', &(0x7f0000000180)=['-[\'\x00'], 0x4})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000280)="a6b01e6c4c74cf9a7fc051907e23fd193bdf2d1d72a6b092ca45bcd7a38e06849270926683b196296db73d5934b82c50f466ad8ea139e93c1894140aea1f41d5f1f4f837af606f2352d4f158d19c84ae61d5ed3206f81ea0093e98180099a9ffbf30daab1437e32834582183cc1caee75a73ec082dba1d4ddab8e66ffbd639cf5c00cbe51664021e69f88572a2f278f85f", 0x91, 0x4000001, &(0x7f0000000000)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4}, 0x1c)
r5 = syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$ARCH_SET_GS(0x1e, r5, 0x0, 0x1001)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB='b *:* r'], 0x8)
openat$cgroup_devices(r6, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x9)
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x70, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_FD={0x8, 0x5, r8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0)

1m55.97104078s ago: executing program 0 (id=5499):
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x9)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0xc0080, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f0000651000/0x1000)=nil, 0x1000, 0x15)

1m55.86934209s ago: executing program 0 (id=5500):
r0 = memfd_create(&(0x7f0000000500)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\8\xe8xE\xdb\xfb1\xfd\x91\xd5\xcd\xc7\x80\t\xe0c+\vl\xc1\x9f\xf9\xb9jF\xdf\xc5\x9aH\xa6@A\x0fC\x9c\x0eqX\xc4\x9b:\xae.\xf2\xda\v6y\xd4+]\xf8\xf5\xef2D{\xb0\xa2\xbd\xe8u\xfb\xab\xb0\xe9m`\x83\xae,\xdb\x95\xc9!p\xc8[<s\x99\v\x80O\xa6o\x92+v\xf9\x0e\xe3\xd3yF#2\xaf\xee\xe7\x90\x88\xb0\x16\xad\xda\xbc\x84u\x13\xd1F\f\xbd\t\xffU\xa6\x02X\xf8U\xfd.\xd0\x02c\xb7\xec\'\x89^\x04\xb0\xfa\x18o?Z|\xc6}\xa4n\x02q\x0eD\xcf\x8b\xf42\x1e\x82\xa5\xb0\x19\xfd\x9c\x9a\x85\\8b\xd7\x87K\xedT\\\x10\xf3\x8f\xbdT\x85\xdf\xe7 -#\xe1c\x86\x93+\xf2\x8c\xf5)Z\x13\xc1PL\x15{\xaev\xe6\xab\f\b\xff\xce\x94\xc8\x8a\x83\x89\xd94S\xeaH\x89@\x00;\x89\x00\xe1C\xb6Iub\xb3\x93\t\xa5\xc4\x8a\x05}\x8a6.\x12\xe8\xa7A\x9bV\xc5-j[\x9b\x17VW\\\x1a\xc3\xc5l\xc7\x0eV\x1b#\x9f{\xe7R\x17\xf3O+M^\x1e<\xec\t\x14@\xc7@\xe54\x18`\xf8\x97\xe0\xe3\xe8\x99\xffO\xb7p\xfa\xd8\xd3{\x92,\x91H\xc4|\xa9#l\x9c7$Y\a\x14\xacLt\xa1c\xfa\xadr\x19\xc2\xa4C\xeb\x88\xc5\x00\x00\x00', 0x0)
pwrite64(r0, &(0x7f00000008c0)='/', 0x1, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0)
lseek(r0, 0x0, 0x4)
read$FUSE(0xffffffffffffffff, &(0x7f0000001040)={0x2020}, 0x2020)
sendfile(r0, r0, &(0x7f00000001c0), 0x7fa)
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)

1m55.791034032s ago: executing program 0 (id=5501):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000001000000000000000f0ffffffffffffff1000000000000000ff"])
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
add_key$keyring(&(0x7f0000005180), 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffc)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0xa0, 0x4)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r4, 0x40086602, &(0x7f0000000000))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff)
symlinkat(&(0x7f0000000200)='./file0/file0\x00', r4, &(0x7f0000000240)='./file0\x00')
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x5a)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r5, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="3044821a6f741f00"/19, @ANYRES16=r5, @ANYBLOB="010000000000ffdbdf25010000001c000180060001000200000008000300ac1414bb080006002b"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cffb93b201}, 0x20000011)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00')
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

1m54.369751697s ago: executing program 0 (id=5502):
r0 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x4d)
getdents(r2, &(0x7f0000000200)=""/223, 0xdf)
lseek(r2, 0x101, 0x1)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x5, 0x462000)
pread64(r3, &(0x7f0000000640)=""/181, 0xb5, 0x3)
getdents64(r2, &(0x7f0000003340)=""/48, 0x30)
syz_emit_ethernet(0x2be, &(0x7f0000000380)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x288, 0x3a, 0xff, @remote, @mcast2, {[@srh={0x29, 0x8, 0x4, 0x4, 0x9, 0x38, 0x7fff, [@loopback, @loopback, @remote, @private2]}, @dstopts={0x62, 0x7, '\x00', [@padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @pad1, @calipso={0x7, 0x28, {0x0, 0x8, 0x6, 0x5, [0xf, 0x5c4b, 0xffff, 0xd62]}}]}, @dstopts={0x84, 0x1a, '\x00', [@generic={0x1, 0xd2, "04b1f369d00cf99ec41a0b79a95fc50001ce2b6dccd1e00f536fdeec07ec18dd31d7af2ed6a02533a59494d7f9c707322308e18e7be7f9bbe88a083fd96a2ba7df79318958dca22f744c24a851593b29daa050a574cf6d9ce60a9f6ecdb68bf96f2034cb995bebd8b14b80de7f51ca81b08ebe3282b16ca0457fdc956f7c799039f73e83939ad2978ef621c612695ff73f1d52f29d3d304d13a6e63028f702d468a1779fb1dfc6bf402a6410357b3ae5e3a5b9d91034dbd76cdf24a644a17d2c3c4d58f381e49ceccdde33f281602bcbf9ed"}]}, @srh={0x0, 0x6, 0x4, 0x3, 0x5, 0x60, 0xfff, [@mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1]}, @hopopts={0x87, 0xa, '\x00', [@ra={0x5, 0x2, 0xf}, @calipso={0x7, 0x40, {0x3, 0xe, 0x5, 0x6, [0x1ff, 0x6, 0x9, 0x7, 0x7f, 0xf05c, 0x80]}}, @jumbo={0xc2, 0x4, 0x6}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}, @routing={0x6c, 0x2, 0x2, 0x1, 0x0, [@local]}], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x4, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x19, 0x1, "ffffffffff60000000000000"}]}}}}}}, 0x0)

1m54.230392479s ago: executing program 0 (id=5503):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="d8000000180081054e81f783db4cb9040a1da40006007c09e8fc55a10a0015000600142603600e1208000f00fff00401a80008000800104004080000055c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe144ecc447c65e206d25b4084121d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300fc0d15", 0xd8}], 0x1}, 0x4000000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m54.186646005s ago: executing program 33 (id=5503):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="d8000000180081054e81f783db4cb9040a1da40006007c09e8fc55a10a0015000600142603600e1208000f00fff00401a80008000800104004080000055c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe144ecc447c65e206d25b4084121d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300fc0d15", 0xd8}], 0x1}, 0x4000000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m8.650735335s ago: executing program 5 (id=6240):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0xe, 0x1)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc0fc4110, &(0x7f0000000040)={0x9, [0x32a5, 0x7, 0x4], [{0xc85e, 0x2, 0x1, 0x0, 0x0, 0x1}, {0x7, 0x5, 0x1, 0x1, 0x1}, {0xffffffff, 0x9, 0x1, 0x0, 0x1, 0x1}, {0xa, 0x5, 0x0, 0x0, 0x0, 0x1}, {0x2, 0x0, 0x1, 0x1, 0x1, 0x1}, {0xffff, 0x6, 0x1, 0x0, 0x1, 0x1}, {0x4e3, 0x6, 0x1, 0x1}, {0x8000, 0x4, 0x1, 0x0, 0x1, 0x1}, {0x5, 0x5, 0x1, 0x1, 0x0, 0x1}, {0x0, 0x8, 0x1, 0x0, 0x1, 0x1}, {0xc, 0x10001, 0x0, 0x0, 0x0, 0x1}, {0x1, 0x7ff, 0x0, 0x1, 0x0, 0x1}], 0x7})
r1 = socket$netlink(0x10, 0x3, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r2, 0x89b1, &(0x7f0000000040)={'vlan0\x00', @ifru_map={0x7, 0x7, 0x1, 0x6, 0x3c, 0x2}}) (async)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000003400090000100000fbffffff0300000005000800e5000000"], 0x1c}}, 0x4000010)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000040)={0xf0f017, 0x1}) (async)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c00000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f00000800fd0106619d0a00", @ANYRES32=r4, @ANYBLOB="240012800b00010062726964676500001400028005000700060000000600270000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) (async)
fcntl$setpipe(r6, 0x407, 0xffffffffffff8000)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newsa={0x1a0, 0x10, 0x1, 0x70bd2d, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, {@in, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x8000000, 0x200}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x2, 0x1, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd25, 0x0, 0x0, 0x70bd28, 0xeaa}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x18}}]}, 0x1a0}}, 0x0) (async)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000d90100"])

1m8.539925772s ago: executing program 5 (id=6243):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480001985e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

1m8.539414468s ago: executing program 5 (id=6245):
r0 = socket$netlink(0x10, 0x3, 0x0)
capset(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400))
r1 = socket$inet(0x2, 0x2, 0x0)
getsockopt$inet_int(r1, 0x0, 0x21, 0x0, &(0x7f0000000080))
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000006600), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
capset(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400))
bind$netrom(r4, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
ioctl$TIOCMSET(r2, 0x5418, &(0x7f00000001c0)=0xc)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r7=>0x0})
ioctl$KDSETLED(r2, 0x4b32, 0x2)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="00012abd7000fedbdf256200000008000300", @ANYRES32=r7, @ANYBLOB="0600b400000c00000600b300010000000600b300020000000600b300dcf600000600b400940100000600b300000000000600b400020100000600b40088080000890c73616140cbd3b6ea20b862fb8632a92053851a0df548374d406b8cb8320ed52dd97e8ac8359668ab"], 0x5c}}, 0x40040)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@bridge_delneigh={0x30, 0x1d, 0x1, 0x70bd2b, 0x25dfdbfb, {0x2, 0x0, 0x0, r8, 0x10, 0xc0, 0x4}, [@NDA_DST_IPV6={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x4008000)
socket$netlink(0x10, 0x3, 0x0) (async)
capset(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400)) (async)
socket$inet(0x2, 0x2, 0x0) (async)
getsockopt$inet_int(r1, 0x0, 0x21, 0x0, &(0x7f0000000080)) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000006600), 0x0, 0x0) (async)
ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) (async)
syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) (async)
capset(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400)) (async)
bind$netrom(r4, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) (async)
ioctl$TIOCMSET(r2, 0x5418, &(0x7f00000001c0)=0xc) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async)
ioctl$KDSETLED(r2, 0x4b32, 0x2) (async)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="00012abd7000fedbdf256200000008000300", @ANYRES32=r7, @ANYBLOB="0600b400000c00000600b300010000000600b300020000000600b300dcf600000600b400940100000600b300000000000600b400020100000600b40088080000890c73616140cbd3b6ea20b862fb8632a92053851a0df548374d406b8cb8320ed52dd97e8ac8359668ab"], 0x5c}}, 0x40040) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@bridge_delneigh={0x30, 0x1d, 0x1, 0x70bd2b, 0x25dfdbfb, {0x2, 0x0, 0x0, r8, 0x10, 0xc0, 0x4}, [@NDA_DST_IPV6={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x4008000) (async)

1m8.470591552s ago: executing program 5 (id=6246):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x3, 0xc20, 0xadb12e32f182386c, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)
r1 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x48)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/rcu_expedited', 0x40000, 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000580)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb5008, 0x0)
mount$bind(0x0, &(0x7f0000000080)='./file0/../file0/file0\x00', 0x0, 0x80000, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000000)={0x980914, 0x2})
mount$bind(&(0x7f0000000100)='./file0/../file0/file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2145499, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x7)
syz_open_dev$sg(0x0, 0xa, 0x8000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)

1m8.469602077s ago: executing program 5 (id=6247):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x16c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@dev={0xfe, 0x80, '\x00', 0x29}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in=@dev={0xac, 0x14, 0x14, 0x3b}, 0xfe, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1b}, {0x4, 0x0, 0x0, 0x6, 0x0, 0x10000000, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {}, 0x70bd28, 0x34ff, 0x2d, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "217d66d38547aa140db8a200000000c538c7cb7a"}}, @encap={0x1c, 0x4, {0x2, 0x4e24, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x2e}}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x4000004)

1m7.960944468s ago: executing program 5 (id=6248):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000006800e978000000000000000a0a000000000000000400040030"], 0x1c}}, 0x0)

1m7.89324021s ago: executing program 34 (id=6248):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000006800e978000000000000000a0a000000000000000400040030"], 0x1c}}, 0x0)

1m2.758399646s ago: executing program 6 (id=6357):
socket$inet6(0xa, 0x2, 0x5) (async)
r0 = socket$inet6(0xa, 0x2, 0x5)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@initdev={0xac, 0x1e, 0x5, 0x0}, @in6=@dev={0xfe, 0x80, '\x00', 0xa}, 0x4e21, 0xfff7, 0x4e22, 0xa, 0x2, 0x20, 0x0, 0x4, r1}, {0x8, 0x0, 0x3, 0x401, 0x3, 0x100000000, 0x8, 0x7}, {0x7, 0x5, 0x8, 0x7}, 0xbc80, 0x6e6bb2, 0x0, 0x1, 0x2, 0x2}, {{@in=@empty, 0x8, 0x6c}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3500, 0x0, 0x0, 0x74, 0xc43, 0x7fff}}, 0xe8)
pipe(&(0x7f00000001c0)) (async)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000000200)=[{{0x2, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x0, 0x1}}, {{}, {0x4, 0x1, 0x1}}, {{0x0, 0x1, 0x1, 0x1}, {0x1}}, {{0x4, 0x1, 0x0, 0x1}}, {{0x4, 0x0, 0x1}, {0x4, 0x1, 0x1, 0x1}}, {{0x1}, {0x0, 0x0, 0x0, 0x1}}], 0x30)
mkdirat(r0, &(0x7f0000000240)='./file0\x00', 0x10) (async)
mkdirat(r0, &(0x7f0000000240)='./file0\x00', 0x10)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) (async)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r3)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f0000000340)={'ip6tnl0\x00', <r6=>r1, 0x29, 0x10, 0x1, 0x4, 0x20, @dev={0xfe, 0x80, '\x00', 0x22}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x7, 0x9, 0x6}})
sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000005c0)={&(0x7f0000000400)={0x1a0, r4, 0x800, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}]}, @HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x8}, 0x20000000)
getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000640)={@loopback}, &(0x7f0000000680)=0x14)
getsockopt$IP_SET_OP_VERSION(r2, 0x1, 0x53, &(0x7f00000006c0), &(0x7f0000000700)=0x8)
mremap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000, 0x7, &(0x7f0000ffb000/0x1000)=nil)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r3)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x34, r7, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x2}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x6f}]}, 0x34}, 0x1, 0x0, 0x0, 0x200040c0}, 0x40080)
syz_emit_ethernet(0x5e, &(0x7f0000000880)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}, @remote, @val={@val={0x88a8, 0x1, 0x0, 0x1}, {0x8100, 0x0, 0x1, 0x2}}, {@canfd={0xd, {{0x0, 0x1, 0x0, 0x1}, 0x27, 0x0, 0x0, 0x0, "136673bd1e6514d1c9458816c4e54e291d722b9debfef1f718bcbd600fec9cba589357f6fd240d8ede1de60e5049844dceb8998aaee90b9a5578048ef22a7250"}}}}, 0x0)
getsockname(r0, &(0x7f0000000900)=@isdn, &(0x7f0000000980)=0x80)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f00000009c0)=0xfffffff8, 0x4) (async)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f00000009c0)=0xfffffff8, 0x4)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000a00), &(0x7f0000000a40)=0x4)
read$FUSE(r3, &(0x7f0000000b40)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
geteuid() (async)
r9 = geteuid()
mount$9p_virtio(&(0x7f0000000a80), &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00), 0x40000, &(0x7f0000002b80)={'trans=virtio,', {[], [{@euid_lt={'euid<', 0xffffffffffffffff}}, {@fowner_gt={'fowner>', r8}}, {@smackfshat={'smackfshat', 0x3d, 'xfrm0\x00'}}, {@flag='silent'}, {@uid_gt={'uid>', r9}}]}}) (async)
mount$9p_virtio(&(0x7f0000000a80), &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00), 0x40000, &(0x7f0000002b80)={'trans=virtio,', {[], [{@euid_lt={'euid<', 0xffffffffffffffff}}, {@fowner_gt={'fowner>', r8}}, {@smackfshat={'smackfshat', 0x3d, 'xfrm0\x00'}}, {@flag='silent'}, {@uid_gt={'uid>', r9}}]}})
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000002ec0)={0x2, 0x0, &(0x7f0000002e00)=[{&(0x7f0000002c00)=""/36, 0x24}, {&(0x7f0000002c40)=""/131, 0x83}, {&(0x7f0000002d00)=""/221, 0xdd}], &(0x7f0000002e40)=[0x9, 0x6, 0x40, 0x8, 0x0, 0x6492, 0x8, 0x8, 0x5], 0x3}, 0x20)
write$bt_hci(r3, &(0x7f0000002f00)={0x1, @le_accept_cis={{0x2066, 0x2}, {0xc8}}}, 0x6) (async)
write$bt_hci(r3, &(0x7f0000002f00)={0x1, @le_accept_cis={{0x2066, 0x2}, {0xc8}}}, 0x6)
openat$ppp(0xffffffffffffff9c, &(0x7f0000002f40), 0x0, 0x0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000002f40), 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000002f80)={<r10=>0x0, 0x5, 0x6e0c, 0x0, 0x1, 0x9}, &(0x7f0000002fc0)=0x14)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000003000)={r10, @in6={{0xa, 0x4e24, 0x3, @private1, 0x700}}, 0x5, 0x0, 0x8, 0xffff0000, 0xffffffff}, &(0x7f00000030c0)=0x98) (async)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000003000)={r10, @in6={{0xa, 0x4e24, 0x3, @private1, 0x700}}, 0x5, 0x0, 0x8, 0xffff0000, 0xffffffff}, &(0x7f00000030c0)=0x98)
setsockopt$inet_int(r2, 0x0, 0x12, &(0x7f0000003100)=0x5, 0x4)
syz_io_uring_setup(0x4462, &(0x7f0000003140)={0x0, 0xf3e9, 0x20, 0x1, 0x30a, 0x0, r2}, &(0x7f00000031c0), &(0x7f0000003200))

1m2.680548024s ago: executing program 6 (id=6360):
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
ioctl$MON_IOCQ_URB_LEN(r3, 0x9201)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="700000001000810500"/20, @ANYRES32=0x0, @ANYBLOB="0580040000000000500012800b00010067656e657665000040000280050008000000000005000d000100000005000d000200000008000b4000001e82060005004e210000140007"], 0x70}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
pipe2$9p(&(0x7f0000000000), 0x0) (async)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15) (async)
dup(r2) (async)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) (async)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20) (async)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) (async)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) (async)
ioctl$MON_IOCQ_URB_LEN(r3, 0x9201) (async)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="700000001000810500"/20, @ANYRES32=0x0, @ANYBLOB="0580040000000000500012800b00010067656e657665000040000280050008000000000005000d000100000005000d000200000008000b4000001e82060005004e210000140007"], 0x70}}, 0x0) (async)

1m2.569687628s ago: executing program 6 (id=6361):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000140)={r2, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f00000001c0)={r2, r3, r4, 0xa000000, 0x80400002, 0x80000002, 0xfffffffe, 0x0, 0x4000000, 0xe, 0x1008, 0x20})

1m2.568984678s ago: executing program 6 (id=6362):
syz_emit_ethernet(0x56, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @timestamp={0x44, 0x10, 0x5, 0x3, 0x0, [0x10000, 0x0, 0x0]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000500)="be81e131", 0x20000}, {0x0}], 0x2, 0x5, 0xa, 0x14)
r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x24, r3, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x24}}, 0x80)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10)
r6 = syz_pidfd_open(0xffffffffffffffff, 0x0)
r7 = openat$random(0xffffffffffffff9c, &(0x7f0000000140), 0x40400, 0x0)
r8 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="60000000020601036c0000000e77000000000000050005000a000000050001000600000205000400000000000900020073797a320000000013000300686173683a6e65742c6966616365000014000780080006400000000008000840"], 0x60}}, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000200)={0xf72, 0x0, &(0x7f00000001c0)=[r1, r5, r6, r7, r8, r9]}, 0x6)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20020, &(0x7f0000000380)=ANY=[@ANYBLOB='mode=0'])
syz_emit_ethernet(0x56, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @timestamp={0x44, 0x10, 0x5, 0x3, 0x0, [0x10000, 0x0, 0x0]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued\x00', 0x275a, 0x0) (async)
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000500)="be81e131", 0x20000}, {0x0}], 0x2, 0x5, 0xa, 0x14) (async)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000440)) (async)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x24, r3, 0x1, 0x70bd28, 0x1, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x24}}, 0x80) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000100), 0x10) (async)
syz_pidfd_open(0xffffffffffffffff, 0x0) (async)
openat$random(0xffffffffffffff9c, &(0x7f0000000140), 0x40400, 0x0) (async)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="60000000020601036c0000000e77000000000000050005000a000000050001000600000205000400000000000900020073797a320000000013000300686173683a6e65742c6966616365000014000780080006400000000008000840"], 0x60}}, 0x0) (async)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000200)={0xf72, 0x0, &(0x7f00000001c0)=[r1, r5, r6, r7, r8, r9]}, 0x6) (async)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='tracefs\x00', 0x0, 0x0) (async)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20020, &(0x7f0000000380)=ANY=[@ANYBLOB='mode=0']) (async)

1m2.489893486s ago: executing program 6 (id=6363):
mkdir(&(0x7f0000000500)='./bus\x00', 0x1d4)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x3, 0x0, &(0x7f00000008c0))
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000340)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))
setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x2, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0xd0)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f00000004c0))
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}, {@workdir={'workdir', 0x3d, './bus'}}], [{@appraise}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@fsname}]})
r4 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_script(r4, &(0x7f0000000200)={'#! ', './file0', [{0x20, 'lowerdir'}, {0x20, 'overlay\x00'}, {0x20, 'y\x00'}, {0x20, 'workdir'}, {0x20, 'overlay\x00'}, {0x20, 'workdir'}], 0xa, "4fdad48b78baca8c224102e5828894f183ef2a00aad112e7b9c12f9fd44aaa1cb7bc9ba15ec0ef0ec49d80d360014ad2b535852bed12b9145ad0f5421e77b607e2e5bf57788da64841e533da847d76bd40c67e3c6f4e44d2d71fc305e2b3c5854758964cf3fc0c22924a42836fd9cacf0bfa81df9c93d44922c427d4f056fbc9684084668a61e8ac077eab5d13b2060344450aa83a8ebc762dce4a4d24841ba6384822bf52da10da525d795a4dc02775f395569e3293bb4688ff409d026ec77f0f217a7faf0a28d38af97a87d46b05604c7351646c90661714"}, 0x112)

1m1.619877437s ago: executing program 6 (id=6371):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000140)={r2, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f00000001c0)={r2, r3, r4, 0xa000000, 0x80400002, 0x80000002, 0xfffffffe, 0x0, 0x4000000, 0xe, 0x1008, 0x20})

46.623058337s ago: executing program 35 (id=6371):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000140)={r2, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f00000001c0)={r2, r3, r4, 0xa000000, 0x80400002, 0x80000002, 0xfffffffe, 0x0, 0x4000000, 0xe, 0x1008, 0x20})

36.740504158s ago: executing program 2 (id=6711):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0xac4, 0x0) (async)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
recvmmsg(r1, &(0x7f0000003300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000002, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000040)=ANY=[@ANYBLOB="44010000100001000000000800000000fc0100000000000000000000000000000a010100"/48, @ANYRES32=r0, @ANYRESOCT=r0], 0x144}}, 0x20000000) (async)
r2 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) (async, rerun: 64)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001080)=ANY=[@ANYBLOB="b702000024000000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80c0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57f301000000000000000000000000100000aaf25343063e6581f9e6de14ad72e5ad84309f47f96a576cd20cef7ed951a73ea73d7c7f14e306f1f1d1377e57abb19700f0077e9d0000b93eb0f2c6f8141e350dc68147e5958128d22d58625cf9dba211bfff9c3709c9b134625d3d2369f516a49eeeb1a662c8dfb875bdf5c6ba73cccdfacb202994c40d322717faff03323dce8a34ee0ca2cf61efb4b30000642735d6d482ba98d252f36c54333aab1aa736369392b9067665339820f5f1557b0bf7cc06a5a13c714e0b1a1f000000ff3283076cda3d0b1a2905cfc3d04f1db264b530abcbe44bc405f600807970727fb819afa1907228fa9e83433eedb4ac88d0285594ffb0d14c09d5c77f33702822b02488ea570204c8441ced81cacf945dcb2486d65ceec8bcaffbe800a041a378b40dc9e3600e916ae6307bd8325a442095bc9a8b0c95905979f34adddbb26f0d24425c8ab9d937d84b521914f92eed3d3e9de82942a952e86b567aff5bc2e3c1fcc00f618363df5d0d181ee8f4b8fd356c9eb365adc037e443820c05c5db16ff07a9cf471e2ebf91ab00a05f88c1cd55f8c81f5eb1f8d615ca27efb2193bb61665a1ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50225563cd37343d09da72472efc2b2877fbab12a891513e5f0763ae06c0610a2869747c143d75007606000000b2310e19ac58bf29d7f178d09a9f634a3ae492f54649589e3692768a0f3a082c5242c8fa7f01e0873c9c5c604108ad85950d8e08465fa1067ea8f383b3e7a7ddf5977d46f4bc38f914b4a496426d8468f9ba618b6b2218b50c8fc9efbce3ba799cf70de7e13be871aa7eb402e2b11f440361e18d4e334bfc6ae54e62e67a0338c756c544189e4519a029674e2a2bbbc7f6600000000000800000e5e30b70b198246d3a62660600000030a0af132e680510811d3ab71af5d98e2d3d928a749e8b9402d14655612bd58fb40b4625cb69bf6cea97b447f2d970d99100000000086000001b881afb2cc500003a73562af4878f75b4c98274eeb666aa1f5fcf91990cf0dcfef9540057b8a3fff2bc02c5941626d2015f414546e87835ba18e9101734a9e9c6955fc6b9a25fe2a3dd8bab7f21beccba5493a164c663eceed401737c12c65804712236a9a29a43b1e27e9b6816f2328ea8423121f12b7b35aa721fef26934ccafde573bee5c33ef15309f43cbd5d61aa679a9c402d337ebf57a5eacb569401c1df7b9c45b09743c61d1db37f0000000000020000000000de00d23dd63b7761d7d6818db785d8ba13dc577fe61a68eb365de5661f43d4c789bb117a3d208ae44a38e7868dc32e132124ecf52327631b718b3157e218959156ff8e92b7e92bc275d2c9114547351a0d0f2a70d13be0194b6cb68b03000000000000004f153bbc7f52861e4e5df0d19e4e40ac44cfda6f87807e5b5ed7072c04da88afd3d4b79f060e004a0e2f00b9e726ac75d2ac0691314c627e9a8a07bdd607919fd48f01ad6d2f7621d9a75b134f1bc25ed7c33d411a5baa4daa3add16afc502b2b7629541d722e91d631e5ffb9d4beb5aa5a2c4e490a5bd038c1817f0d4652a29353b05b16b3c5cf4538ba310b8cbc221af38ea842d4cb908bcd574f794459fd54b58c6a791e6df625a47bade4ba41ee014184395a479544619f749ff70088b0fd115077f7eff7c5a3315ca604d110df1c54407f191a78d8362e4dc6e1138391c2a65246779bb76c9f1daea4f085f38810edef6dd047937c231cba791a4e7713c5b3b0a0b6ba37db5016e02d114d714459d065a79609fea4efebad04edac11aac0e53dd094827453144fa419ee81823d00a90a9058ba740d2f41253a8d01a8c1a7265a084e30ad10d412aee8170a7111d62473e7bd8f3d64fb7ebdd32aada331900000000000000000000000084ef49dd020000000000000000000000d9dcb285038ec38d5f4969ed0e98a71ac7bf8159a234833a5241722b2d24aa2fa4965d4eb7966fb27d118b6ef3308627e67d42f1041d5e92da28e0a7724ce715854775cbe06c5166f1dac0745f1373156a536cb6394c2c4473e2050cacf693fdf8e305080000001a901ecd90a5f53b8327a485557bc2a147b036477915e600000000034258ebbb6099b597d17ee2fc97ca850b8580b1337016a40566814594c13052b9d2b0741326825f19a244609ac04a0c29691a7c8f7a78c1a7590a293c561f304533c638ae635f5ce026f7fa034d8cfe0e11831d4829692beab26891ef583cfcb713a4d3a2d8b958c0875d7e4bdcf98802db086ebcbb9d82fa569a18f06facc2ffe1ea9ae4231e1e7a5dd7503faa2de7f898c97788c4b9c61c70ff92abdf7476cc351156d11c0ada7614f315f4c6cca119d16827d4e864f5a7a9b690272a510c451dc07f391309d02e31e53b2bf0b5f86e776b1bcfe6c85ccd7ddf8a9559d58bb5603895f265685fdd11263c946f8ef3ccec1b0d45a47a89b8237cbbdab14e4ca6dc76b2c41e071b93a065c0f5aa718e1cfab29beea78a6bd9a3114f0fb92be9a5862627b4bd99db2c08e4636e43f05f33535d5d1f9bb40e1fd8e5125a3d29b31dd94a6744bbc21722222b976089f073a4d3fcafc6d06518cf0c4fc6c8e3da0000000000000000000000007d3b60775243f2143d9f54804b11102cf0e4c641db1ba8bf75e46ab3a8fdece6562e7ebb3e407f3c7504dfa3da3aecbd49af3d1edeea11cc970416fadeedc8423bfdc85041ac4d8243a1130e6f4cb5bbfed9d095e18c98c7d690e4c491a7ddcd5635bc61dbed719ca28e8ca3f1fbbe588913ed057f1d6e34a79f4dc10df54d1993a5bc5f9ef6dbd339ee4b0b5764169f305e284ef82cc23e9366d4bc7eb45c7230b13433e5240657cb8eba33260147be8620b6d98cc48b000000000000000000000000c1ce872b18984f080100000000000000bd3fded92547d41809b398f36749083a147eb09ff1ed601bd36b873d3947fb223da647052528e0466cb917db7800f7c7000b593fca1903991cca1343882e3a1f60044f11c081dae4fc5bcf20efacdd2c577f4bcda2eea6f75a31dc90eebb6135b6fb824052181b0ad8a49ebf03ccf61d7e39bf6b0762d24d19796016301d1415b5110ba9df7f204aedb2a2e4e621c0553d312b309db67192f98ef7800000d629c04e216afc8fc66616bbf304e452373aa927c2ad6f5417f1b9bc322b802c1c42112a92a331cdc113b9ace3ff52ede7a853f9a89002ba070bac2f635a03db3375e5564f1a798bf9c0f8c72725d2eca9b0ec7e453d78ea20eca61530fe574299b393ca144adcb06108dfbb934065a87972739150a8752ac111c4d9062ccb95c54034fbdee131d94dfbaab1854d55665746fb7b47d25e54070b0d14c0a29c57bc4930075e1761913b036d43852c6df9f10e15105b2a18668298a3577943514db0dce953dcec62139ff3f16066efec5d8cbc0600000000007289be5883aab951ea67cf2ff691d05c1ea91dd569ed9897fe8d88a0a6977dc8955be17e8026aff11c61fa5cc76196c1423cd597345253baa1537eb6962a3ce1fe5d5ab46938e8fb23fa7047bc59c4345e912585a9adb5fe2ff51b64a326321b594e3f2d339f4090bdae6b30b62064bacbc155d3c930576f506b093ca7c60957bdfdd6536baaa871cf6a603c736b78761e6463b8ac503e219cc3d98f649602ad24d5667368290ee926fba76ee482a201a03efece3b236f4ee2ffcd5d90d92a2f0c5cfa48c87f27c2f1e92988a6508c12f6b7755cc48eb10edafca92cb0260c72295a27a24846d3a2334bd60e94c0fd07e5db0a4964a7fc4e89f11a300510776934e87bb3c21394f46954a012b2a3b0760f1bad1dbd6b466ed7153bd18ee2c0b2353c38df9e0782eb"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfe37}, 0x48) (rerun: 64)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r5, 0x18000000000002a0, 0x33, 0x0, &(0x7f00000000c0)="b907ef19edfff007049e0ff0888e72e9eb17e12ce4f2ffc3d4b8743c2873208a9eca5493c9b6f0ac22c61df8ad86c7577c702f", 0x0, 0x0, 0x18000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) (async)
sendmmsg$inet(r4, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="fa", 0x1}], 0x1}}], 0x1, 0x24040890)
sendmmsg$inet(r4, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000004c0)="134ed9b8f993f5a38b8d0df46c0a1cacf1790aecae3522bea41945cca85c203037ecf37484f6c0da891c348b31c4934651e9ec3249be20594b78ee3b719a48940a6f1b18671b6a0b25441bc4a7aa7b05d4e26e765b91aab3e13eae06f834a57772190562722e1de2d5fa", 0x6a}], 0x1}}], 0x1, 0x1) (async)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4458c}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4015}, 0x0) (async)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e0b080510"], 0xe) (async, rerun: 64)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async, rerun: 64)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

36.609174888s ago: executing program 2 (id=6712):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000030e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

36.608285968s ago: executing program 2 (id=6714):
socket$nl_generic(0x10, 0x3, 0x10)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r3, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r4=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4000000, 0x0, 0x1ff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x5}}}}]}]}, 0x70}}, 0x20048000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000003000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7], 0x90}, 0x1, 0x0, 0x0, 0x800}, 0x0)

34.863238399s ago: executing program 2 (id=6728):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="800000001000ffff24bd7000f8fadf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000000030000600012800b000100697036746e6c00005000028008000700"], 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="800000001000ffff24bd7000f8fadf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000000030000600012800b000100697036746e6c00005000028008000700"], 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r1)

34.810106568s ago: executing program 2 (id=6730):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00') (async)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x9) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x220) (async)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@empty}, 0x0, @in=@multicast1}}, &(0x7f0000000240)=0xe8)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000100)=@md0, r3, &(0x7f00000001c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f00000002c0)='sysfs\x00', 0x1204041, 0x0) (async)
pipe2(&(0x7f0000000000)={0x0, <r4=>0x0}, 0x0) (async)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80000)
fcntl$setpipe(r5, 0x407, 0x0) (async)
write$FUSE_INIT(r5, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50)
vmsplice(r5, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) (async)
close_range(r4, 0xffffffffffffffff, 0x0) (async)
socket$inet6(0xa, 0x4, 0x100) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
socket(0x15, 0x5, 0x5) (async)
syz_open_dev$tty20(0xc, 0x4, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000300)=@abs, 0x6e) (async)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

34.801509701s ago: executing program 2 (id=6731):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r0)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002b03000000000000000000000400018008000400ea000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000)

19.799331095s ago: executing program 36 (id=6731):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r0)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002b03000000000000000000000400018008000400ea000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000)

12.168541022s ago: executing program 7 (id=6998):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

12.089425601s ago: executing program 7 (id=6999):
r0 = socket$inet_sctp(0x2, 0x1, 0x84) (async, rerun: 64)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182) (async, rerun: 64)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) (async, rerun: 32)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000"], 0x138) (async, rerun: 32)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@afid}]}}) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
read$FUSE(r4, &(0x7f0000007100)={0x2020}, 0x941f) (async)
getsockopt$inet_buf(r0, 0x0, 0x33, 0x0, &(0x7f00000000c0))

12.089120223s ago: executing program 7 (id=7000):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000), 0x10)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x101}]}}}]}, 0x3c}}, 0x0)

12.029599947s ago: executing program 7 (id=7001):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x3)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2000000, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f00000029c0)=<r0=>0x0, &(0x7f0000000300))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x3, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000200)={'vxcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000180)={0x1d, r3, 0x0, {0x0, 0x0, 0x1}, 0x2}, 0x18)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000001000/0x3000)=nil, 0x3000})
sendmsg$can_j1939(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x8}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

11.916723215s ago: executing program 7 (id=7002):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x3)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2000000, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f00000029c0)=<r0=>0x0, &(0x7f0000000300))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x3f, 0x4)

11.80998167s ago: executing program 7 (id=7003):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r0, &(0x7f0000007c40)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdir(&(0x7f0000000100)='./bus\x00', 0xe8)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x9, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20)
lsetxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000440)=ANY=[@ANYBLOB="020000000100000000000000040004000000000010000000000000002000"], 0x24, 0x2)
chdir(&(0x7f0000000000)='\x00')

11.747158377s ago: executing program 37 (id=7003):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r0, &(0x7f0000007c40)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdir(&(0x7f0000000100)='./bus\x00', 0xe8)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x9, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20)
lsetxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000440)=ANY=[@ANYBLOB="020000000100000000000000040004000000000010000000000000002000"], 0x24, 0x2)
chdir(&(0x7f0000000000)='\x00')

2.029762195s ago: executing program 4 (id=7119):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0xa00, 0x0)
ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000980)=0xfffffffd)
r2 = openat$ndctl0(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f0000000140))
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
sendmmsg$inet6(r0, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000500)="0b0ec2a1e3fc84788972f461fec29e0fe5be85ea822a7348bd54a57f68bd5a22bae5232e5bb561d279aac06d351b1d508780b32fa2b07a0cd31f1b8b9acdc89d4d5725350a9ec9303e53def89bcb6bb6ea83324927b43749f25be60c4f8707382b8e306203d233a6bf73e3a998e6f2febd55e05bf1ccb63237c1d1bea4db828a5be79ee76eee93584aad3f751172c449fb0000000000", 0x96}, {&(0x7f0000000680)="5f62f632763c84825847145170282f67ba6d5dadf0baf135d503e93a17ee560409202f4c5f0de32b0e53e4d26d04c825d923318fd574b1924b09ebb91d5be30b532a2fb95030c6be2a14ccfbce6eef05ea88d2413dc3fc0ae8a2e071f8764a4843611ae28b340100ddefa8ffed32420677397aa63e880adc56d03d8799429f33741886bd6c4065bba5005d74f67508dc3434165b51bf8f73bf1a7c158d8905e518e8", 0xa2}, {&(0x7f0000000380)="dfd1db04f5eef4b5714a69f5392e27d1b79a961a16fbdc4f01a9e38a1f95f939a209f049ad8d4f9447506fd73cec26b8246758f684013c99b717e119d15432edd46da8a0c25e7e3771b0b146e56d2fcf8107332acc1c56948171260ed44c97919f70210c914c1098c9ac622d46f0ffae373480c9d8e590395ea4365569b8ea75ea1a9a181cfa88541804ec97980211c9b7eb2235d6f0b644fd31dda9bc2cc99434e0df4934d0", 0xa6}, {&(0x7f0000000c40)="a415df87c6eb00bd7ae7e6b8550f9923917c9d38e14a4eff0100000000000028297ed43e9c", 0x25}, {&(0x7f0000000800)="f76c72c4066a174e1300da0da7d191a618fc5793ff23c6328c6d61df0a2fb72441d4ded25cf7b5f31eb5d65e412665a6177f09ca3ac5cfd751577dec547711dc43b694a601fcb6575547ee6ec2a01c32b65d3429fbb9623a83d457d3ddea9eb90ab14b6b323a9358af0b55cff95844d5b47f6994a72f984e19e961cc00f6e364e141c8", 0x83}, {&(0x7f00000008c0)="4b000ffd096c1b77cd99b1458609c4b82100375ca9411e734cc8e9627df29e9b97a002d7f15ea9f42bd71401384ed6b5772b5c618c35c4aab72b1d515ceada9e64d7a35fd435e98f06243fcd53966c196ff3f47537912a1a5dec7e8e1fbf4543d1a6c80467d6ba3d241e3fd22efa09c638c98b4ce9fbe6d2053fcfa334eaee64efad2d349f048afb2635ae06c05697746fe073ed230c9c7c4643396305424c1c7eaa3ee09891995a607de26be9abcd2b65a4f9093da8a07eea61b1ff21ea3b323b191f95b997cfdface3dc21a664e38896f9f689bc06f4800d5c977102358770b0d8425f098be9383b5e487e7165e847191d5e95233e971edd", 0xf9}, {&(0x7f0000002380)="a66554178426362975b882a7d6b43fe537b6b0036a966a05363793ec2f6830cc5b81e514b9cbe4c27c3f3a581556b832100a4233e3e80fda14dd84611893300a863a8a6f6d8e0c7633e168ad7e25d4bd14ba6812101488e9444165b8100d576a996fec019ae11a03498329bcbacd0e8a206bd0de0c7e09f64a57d56974599f09aa148b4224dcffe1b5a1e55bbc1fdae8bf2f72437cf399c4cda11554b21158e3ddb00ddb71a1bd1daa50d631b027238397d692214223af1d685e7a3318da65c9233eba674ff72097411ef3ee19b892b1b36eeb925a6698f4d455b02163a3504ee6accffad7aaf9d19763d886272559ef0501594ea23d45a43e13bba05d7d332750ce5d9d3b37d234f46464fcc5f495e0fae02a24efd67db315c92f9483196bd38b38b3675bc0de5873f9d7b01ee5c564f5573b474e3c9f3b955929d9112007049e4245d68b93f365a90d35c837cc13999f2d6a23be87786e4234d74b1160669c7962b3b413201192565fb93252c153dd735e280e01d13dc34468f67684a4308c7dbe07687e0f56fa54f44b0141895ad75781ca026d813e8c17794b9d87d97136d29aced71b1f526dfab6301b78f1deab7949c97cce6616f4afd46a331e2fb54342dd1964c70a2717f4239c9e5157ac93c42d05f230da440a9227f0f82ee95cc79ca2d3da3f889b37f85f50d75711a910a57d213edb4b981cde33e01ec960885f31511ed7f8e01ddd36d76e1b1e40e81cd21ef9c34134400fdd94e34e5d77f4b7ca3612663e0f6b364be4a9dc775f3b12386ec04960524a9a5e6879e50db657c89a7dc7ec1f919ba8c77e926538599e7969868a5ef3e92817a3402c13de0efcb9fef445ee49f4b0ed26c5dbadff51459d5229661e4b7d2548c9ea4ce89b828daf5f5873e1d9e693ba037fc00ccc3dd74096c0f1ea508ee96ad7d85664947193e011e2f037917af7716d7f27cac25c9785f13baddfeba40997af5f6f4029cf5b781b654a635ee8696078d99025012cbad5af13bc26e2d100726fc98c11f8f16057a8506f29cf30bcf9ab7883ad1708d11bf70ee54fced84c69d90eb302e8aff586c0b25893e09868426cb4649145ede32035c47360fba7fe863cb00b86f583090c5b8d8549ba62cb822ed182fc07f029a826b5c86dccd603408bfc060c80c8ae21be086998f45923e1fe36eea10a66a55cc9f3cb6a296535dabc831fefe26b80ee47c723c596c51e1d7c073df20874eef79a291934c4c6a7c6b656595fc76b25d0d50590c1df29d59842a19a6acd60e783069aa0c21d792129132d59d12cd4417583dc967d7d44f392770da18e30a70a330e7b05aebf09e93aa545ca382a29f810e8a4efc0fffd3660f76892c2027daccfd743734c359bacaec86e4f15ca31b83894b67b3a3539cb5567bbcacd9a52c9b8d87252ddab0dbdd373f7150b87893fa4b6c5e6016f2146471f092a2cf4c75b6ed08a2f27f9f68d1817d7e782c0fa3026fd4e283b6b23bff2a9d84f5cdea217ce396080b623fe6d5da91fcab0e563b8c54af99007f6680efc9fdcd35d1d2ad8539ee04744e38c750114de55b80192c5d6aee8cbc34a47426bb22a9e3e2fcb87530c418a65fad7d5fbb15f569a69fc2cb92dad8f574330fdf2aa6033d1be037d5e3e964ff01329c43401bc86a72025288100ce86c053b922e9a7a692912bca4dabfc0e3a8966a65c96d3a420809c2d600928546a4ea26ff7100081f3ca8a70c64b3a4fc33b3e2546ff4a43502d448f2c0b274a244d32c955b02d897b1c53a2724ff886a1ccc91ea3a22dbd1f5f3f2e33db9ac9aae458a27e2a529ac2d8671f0e30df63a5d1a579b8f5a68f4a53fb4f3f76d41bee8e10635606f2a7fde9af7bd0df3ab9750b0c6c962fbc36e9474e3efac01ea98a4fe6e0f819d62dcde2b9b77fb0d430495ee042d1e70a52debb0d13b09906f77327dd4ccfe2b6796f9aa5e5b2fa9b2249c66b49cd7e1cbdb194c239d7e2e0928a45c8c55904cd345c5d8b92a5526ff51b5c2e477089eeb16cb3996c243c66a82f4349370ac26bef5d900ec582f274cc38b0258993de6cc79574fdacb895721fd4d04f84c4d89e109629f48a24fb3241882f154a35ae6659e0bb35af409c51cb11a26413be88a1e5ae1e8d2b1333a6c80c42c654f269dd875aa7f19517f62b8e031f11bdb11bafcf4b4f06496142579f7769ee41dd24701cd3ed016030f7d5cf24a4cfdcd9b05e38524cd1a81e16b948672329bd111f7442bdc81b68b36495b5f4aa44d7c2fdea8703849a17f7d3327086355ca3b36c10eb38556bf95b3575ba32b97f268af1f1347ed28368828124361f6c1e6b64e6ba9efc3094d50bb049c35db5ea2b3c76576b1a8f37da0711436048ae443523032497e542c04458f04cfffd11c53c431065c20e8add72c0c31caeec12d0bf391fa1c0a75e23d39c31da409083f768f545090b05c54084ffc5d7fd85cea725807638f4ab0026204452a8c198cc60133ce00e9a2b9ebeb30d7f33a1bb25cb2948bf44288cce43b6ac13012d8860fce83d9a0f6f1886723f41130466186ac56d5384bfd04fe87c67528996c1ee1ad8e551dda563e75d5dc8ac6a47990a62c915dc23f4ae6596dcfdb44661de969aec7f6d3fa8f05e106a8db7abeb3682bdc8e87aefbb09e642b2cef2919ddc55ded8dbce0606d3c4a0747a293a991b8cd832381c30813b887a22c2df569c12c430cf7471578eb787acab65b54569bece6921805af9ac41b268ce329a25bacdb02f8f3c4ef930f1799ff940f42c21955ddd5496234d62447d1c9d8e0cc7bb8fd5ca5e9fa2ef99105a4d44d6ce37532407fcccc4e71103baa0c7ff1767e05762424d9301294daa95523792cb73b348c41ec713d19c2b917a4dc50be3f0742762e5055cd6ebb3afa2b89a94c6a921e039ddaee98fc7a961a5e415322bd4b333d83768ee8945f29556f94372a16285cb1ff103640d93b837861f1d0d9e65fe35583b6f76889e7d09a2cdf3c2ef305a0f6d205deedee94ac602974fa58284e33aee55947a7a042abf0759ec8c1410493114454320b5003f23dac1c600a471ff09bdbf5bb40be87a69d388592241d9989f0435eeede193e6994b80a2145eca4afb5e691341e37e4580b0c54d7fc506cc9641020cd342a85fe56946e49854756ae6534edd03de881481e11701851f0f30fedbfcf335c3855c8d9541ef234f8718fbb0d9f127093a3e7c1d49d8a20729ab41a0118683b7044ee490d7137bebbbbfb245d5e30356e102eda0052a37cca70c221475b5c596f68c745701dc6e31f7846270bcd516ded5d0b4666b249a32f0acb1b8a7de8e6f007ee740561f64b7f30b4764ec5116a1eda1526225ddd01b1d999ff17d0798be47e3a5957011aa6e03318897ce1c452b78f9badf89098fe696894953581b01ceffc4fa0eefd654df9ea70b1f2f1e287192a5a20a381e8fad0fb99814208970902fdd28cf6a6457d7873a76359e226e5b203bd6f85bea30cb0ab5817e1b32fbbbd33a4e67f3771b7256a3a9ec20dae8a248af32a909bb5ec28f0f85722b81151f0f0a500a5c39c36476ac42c30bcb68a61a13141541ec54d895f0d7ca1afb728202e77f2f85170a3c2de378f1cfa0c2d1b0353f5d2fd0537017dc5510232a7a27a444476bbca2b84394639cf8ded35568868f9dcfa445b33c694aa8696d899afdf0d98a542e6a3c0212480ef3063ae0b8bcaa133978e9ebd76a3ccf652b0022b3cc7f1c9f2731c1c08f45fc84f7dade8471f6855e3005d75390e36a6646b8ac0dd5da9f9ef4bc35639ac96280bc47a547c0941af4516278b66469c7fc22932cbb2ac92cc12745bdf4ab4411d48396120f0e397ff6c22c54873296a897928d0158a5e63e6d48016cb4af44a3d71296acffe59241a8537f8b2cbc88b8ee2f4090e8e16b8af4700a60d0c199cc45cedf8dfe9a78ddd8637f7a9cfc16b078b1f9acfb8cb35f94b7564b1e23904e40dd5bdef1c78397457c05dd1108c3257bfda2e36b31969e8642c825c9dafe2fa4ee2708023c26255e6c41c2c873923e98eb1397dbc51324dfbec7943a5564fa815b9492d53c6cf6d42cd07165ae54e81f7989f2e406a13bea4df4d4a6971d81a4492e5703b6ba1f21ca5ffd68cdb15a713abd70d411e64d873b9f36ced7f354273c5c9782dd8a410ac28fee250f4b82095f4ab7a5c5a7d57114b6196cc2accdb44e39351a5d7c2c519ff861db8e4a368fdc1c5459f2b4cef0076d9b57b9ba2e76b3d8b87a515fc5c777d7e8023ef898fcf31365abc3e0a1307fa85f29d3c8a7e70d58b1228e8376c212ffb76f895aadedcf3f70bddcc347473dba5602d7734c4e9a2054cd3763acbb7fe82155d4a50e6a72d917b22b16ea8abd987834b4b1b04556e5442b1b643fa842a08ab5d860715b250447170c8d30829730a53974b6554a6454bab2eeda2966cc13a02a2b2c2e157ccd1795bcbc9c7bec370d9f492745b7c03c5ba21a45ff", 0xc69}], 0x7}}], 0x1, 0x20048800)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff78, 0x0, 0x0}, &(0x7f0000000340)=0x40)
sendmsg$inet6(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000440)="8d028cb3af08ef5dd2698d6cf0cc3f18aab193efaffced1f93ba7fff6142ca2e232d8dc447a70943c9c659554aca2fd6ec1b49d379e6ab0fd8bf6a95e580d7ba7a86ab6a26ee98540219d74f3ed21b8a0c544631f9bd160a97a3399f9c7cd37994ff9374b02e6833d500aeece6781d3c91c71ec20d819eab1dd895876956eb8173c08b3806649cd2dc393de05cd6f8b09f02a7795134f1406ab1935411bef0002f7c45e82fa1b67b17048036f8f0ab69c52cf256b2", 0xb5}, {&(0x7f0000000740)="3f3616ea1191aeae47c50d273f77676dc22566ea914c71a33033298167ba46005656313f0a4689c041137869b84c809aa01bb13cf0c58a7b8c50a60ce20c76c8692883b47a3e62f30b5defe26cc82e8a736ab473b22bad95c1954773d6ffe7afcd5041e36838ef241274a0753c28c8ede6d084435ddb15b7876104c74dcf6b3e95ab389e7b99f5fa4efbf8eb21123186d201d7c3a3e7942c205df58dafa953f3b6d0ade69267602939a5ca03ac9a1c80897bd4146368684ee618b7", 0xbb}, {&(0x7f00000000c0)="35b1463c37dbc0e71d633c24e5c595c0b2357be71a4f00410c7b129cc165d9b4412ba789b47933f9", 0x28}], 0x3, &(0x7f0000000c80)=[@dstopts_2292={{0x120, 0x29, 0x4, {0x29, 0x20, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @calipso={0x7, 0x48, {0x2, 0x10, 0x7f, 0x9875, [0x81, 0x1, 0x9, 0x8, 0x3, 0x8000000000000000, 0x2, 0x8]}}, @jumbo={0xc2, 0x4, 0xffffffff}, @generic={0xaf, 0x74, "65f04c780f6eb7df7cf311266405b08d705221451369a04a8267e6e16a332cbcb760a89ab87b7727ae506084e4e0f23cb3b5fa3d5ea6350845683259a90d9db7feb928134d7bef2823234395c7e57be73f98f4ff4db2ca3f69e2f84d4390f6a217846b0006f2fb1da9dfac9d222ead11a4969e07"}, @calipso={0x7, 0x30, {0x2, 0xa, 0x7, 0x2c, [0x7, 0xced, 0x6, 0x1, 0x4]}}]}}}, @hopopts={{0x40, 0x29, 0x36, {0x29, 0x4, '\x00', [@ra={0x5, 0x2, 0x3775}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0x25}}, @ra={0x5, 0x2, 0x7}]}}}, @rthdrdstopts={{0x38, 0x29, 0x37, {0x1d, 0x3, '\x00', [@jumbo={0xc2, 0x4, 0xfffffffb}, @ra={0x5, 0x2, 0x7}, @hao={0xc9, 0x10, @mcast2}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x4}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x9}}], 0x1c8}, 0x48081)

2.029577581s ago: executing program 4 (id=7120):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x4}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r4, {0x0, 0x11}, {0xffe6, 0xb}, {0xb, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x24008064}, 0x4000000)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r5, 0x11, 0x64, &(0x7f0000000440)=0x3, 0x4)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000140)={@host})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000080)={@local, 0x66})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000780)={'ip6gre0\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010026bd6000000000002d9300000c00018008000100", @ANYRES32=r8], 0x20}, 0x1, 0x0, 0x0, 0xd4}, 0x24008000)
sendfile(r0, r6, &(0x7f0000000000)=0x7, 0x1)
r9 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r9, 0x0, 0x52, 0xb1, &(0x7f0000000180)="dca99f51f3282f683e63c80ac520f109c99cfb22de4bd81017f9e09cdf2cf87e0bae450e7b6416c682674bfdc71131315317d1df5c2509d981277316b2fe42f37a8038d79e142b170b764537795330ce45aa", &(0x7f0000000200)=""/177, 0xf, 0x0, 0x1000, 0xd3, &(0x7f0000000880)="2bf5b318b77606b1102ff555c7fe6523de054c80bd6ccbb021eb48ffc6a523fc6a4ee712b9ce7343d7a9192f1dd761abd6adad3686e411fb4dee7d59fdac36db2c08ae495883e431467a0c22d741bd8643aee2fda42da0d69587efc132ce6ad94e6a00c69fcf6cfdf03bd4751b3cc4d761037ef292e66ef90b12a957a0798ae9b4b9ba74066b4bfa9f0662ca57dd9f23b0eab165ba8316686af41a5b908d8053751fc507a155879b66cd8ad8d8ae7c0409e5c3b586c1e8de1c11f7d40bec61228bc51d3608dece0079be332ebdbcfbc5c8d48a3071b7e0b8798e158b15353a9f42931cfe8862e3697da1aaf075b5ba0575e4207ad51bbdfbacf5a4b19e5e362c97e27530ffd78c46380e5e65b4fa7107b3138028189a2990a42ebb2574dffaa796e99f938a36a413ec3c6639f444544e962670f87b74bcdec40be9dedcaa89ae58908dacea5363cf9458bc770a79689a60aa709dacdcc27b2ff5129f8c0dbf5453b8513e1239b81c7d25065f5632d621611767c44caea7a03c4e2aa2ec516cca2e284b65d24be22697e71b7dc1baef77df752cecd3710fe5cedd7164d9397d08f45569d647d12a6e3b80da279c7032693024fce8745eb6c9013d04e2f4186b3b80597b50f69d69a8346a291bf48ba8e57376a92b4117efb5a32aa401827cbb2cf7382da96c4f3ea846465233a0b450270e72d9c02b5afa76623033097448cdc158528dc0cbc843ed63ea586dbb647e2735617f7152dd2265574f073f0293266985bec1c63693ff3f57279607223cf12cd9e9017072e65caded6e64da4fa743974111a6a8cf1988e8f6cf822e1556feba7d9e3bd0a69c98f3f08437ddc71021938f14c32813b38ed3ab244bda9ef2309e599f390fabdee9da07c524cd047a2f4070492a2092bff17e49567e48794efd4278db5ed149e3462f1514401829f7961c7f8dbf856fb8a3555fdbff49a596c0c1b7d6520e03e7a8c0f52b420cf5064981d331ea9bb8e05ba605d6b3201fb9efcc3ffe4b0e36659674bbdec2ca947e755c9f2eebaf978d128fbb06f5fbde22a06c16a99ee82c82b7a99c61a1e2c02007c546d37a7a16b2f66143ed080cb7f04cd7a61c071482b4a660fe5abf645a1d860aec5298875021de9c238a7ec5fcfd59ee3d0fef327d174c78cd6cb2ac3c5cdb34c0f5e78ad35650d94f975eda9009adb87b628b7bc38d1535dd9b80218c4b82959df3ce3aa833e2d0014feaecd73917d4a6103cdbc23d443301664abfb9999ac788f932c3454ff2d6176eff191159c8c666e041a5944e9eb58a32345af203fc56d306874925adb3da88d18c4b929192f6c6f02b6c623233d24b727b8c5664eb147a09156548bc0325e6fc8b983ecc28ab993bf637495f8097f52f79a0728c841df58a641e59188b2e5bd75b838484f554d2cb1abf21a672e16c2d6ace355c2a94c1807fe5ba57f1f32976893d53f38938ea43bceed8cc7cf89e48d0fd24232bcd31226cfeb1eb5ddbca2875b3f00202fa80957eda9f40d781c7c88c0041b72a51266bb95b82bcbf92be20a052608c84e9a799b613e4ceccb30a83a1d2225dcb050a09235744077a781f36083c850b72b8f71c642118cb983a1f088fec80fda39c9267d6726fc17d9b5a986d6dfbabc573b18a6aa5aaa1fddf457c484ec054f00ad70d8911bf1d3695840c6149b1f1bd79f40ed62ee5bda0a35fc0af545bb324220a8a183f20f006def7964c197e870344b3b318c04332960beb0bc990136e0c99f5c45b88f63adecaee7377f2ee6fcffdf9535bad01a048a0439cf0847b1ba075e292518a77c5fcd2bd6c760f65f61ee26a148f83cc6217e71e6b827e449d755d6ad4de74cf337381ce5268efb614ef6acb7d31a263486018b98cf20a31655fa1286b451567b1cf9388bcc36b22e12341fac554e6de39665cf4600360736852cbbd2113ccc5da2f10a0128f59c26f357221121da50ceb6779d2df9b62590c155e0b8fa3b542f768bcc59dcd8be9d9ece0ac819a548abb394b070c44aacad7df856999143efbfa7b4c77a356d9586d0d6c6c62894c9ed4521430052ded9533875a6cc3497e61c88da1f349ac878e7287ca324665da7d64230845415605b2184e8c3ee6765e103609ae79ea24dbe9db347379366aefd795f068fc22ce6af6ebc6a203819d805ab57bd072d0e882160d1167650dfeb3bdaa97474438f8cc74500a98eb7f79d83fd088fee3aa04c14a6d480e98600b27d44fcb68b047f2da7b3a32e5f42f9b8abbee76bcf01510778e27ba326d422a66bcd9933bc0f28bf9c74d76e4c17aaa0e3dcf2d90d37d9d5754fca03c0e790fec9941d2cd58700fb47cee3c67958e10cf9069c732a148928c655b0695f4896943f51a792f84519e0f42142b134c66dd1c114a4ef86ca75fa4374ec1861f1facf90cc8ad85d018757837247318758fbacd53194c724b3841b3f907ec7e77d1e46149fa02adaa82362c84310f1a3209b9d59cfa007ea0b3ae52b1778bff16a88b20ff0d154e2ac239e530dae60b810248290d0e2a75755e6c7f5bb464bbb1d9af823efb59db90222443363a2f1cf17d4d1fa4c3898fde915177547795be4c0340bd0ad6db7309ad3a173057063dd2f3e90262b21ab9dc283ae14a4a382b3950dd9d2b038fb959e09a8b922f9c9cc4bfcda12bb8ac51a73601f0efe62fe1f851fd777155b64cfc55fce2f4c95a0b11eceede1f0cc3a120c15fc6c86c5808e4c6317317f18281be9353c4f1c4fd2e01399fd0f4c4ad01ec48bcc0f1655526d8a14cbb5678a642586f08d20c8a197ea832ec71d43bd84e985f7238e76c96942a9335c6b9ba921f51e79b9abf0f66f70d1a862758b1b6c74a780d1f067112bc9bcc5e4490d545078ae45d782990fdf5982be7871b7b5a8df2809c92533d46536e0a4fe7fe5f235a7aa24c01b2e20fd17efa58114acb9c4c253da9b3b6bd0562635758ca83c8ccced03496048fa203d3a4c36150f31484555e2e8924f364cb80743ce3c098531a17dcaa9330cc10ed3badd6d13852a6d402894163b099a49601aac3728a4cc3fff1899f037541fa7f1b6072293d47fa539af60017474f3dd7f36b1d14c22eeb7574e9139cdb01fb514d387f51ec628dad7296cf0ae2ebabf66a712ba05baa88006ef37741840e674a17a082b0898b830879c0f6c65cceadc728f8b71e86b3a70931bea814ee2624d32b233b62c53080ec3368e47300f6c5a55b80775d7c42d1e13a19e9874f3431845f2279e96f8edfcdb1afe98994c7eb171c154524f34fc9012aa568f9d3b6c656bce329d8a3004bd26e93bb5545099f6186a3635ca10b4d7847cf5b692ee4c6d7386c1c2cf4c483466c817f87487c1ba2197c30e4615e0962ae189713b9fed9704c83bd66f0cec3c88f754829efe531cc9f155c580f33ab826524ae8499ebc8c0887ff7e2174ed552de82db1657ecd6b8cb1fa12f3413236e5d483118479e557aaae75420777548a4529c23f4e62639278b9e151c7cf0f2470653305a9d118748ba293ecdcb1456d9a7a4f468316b3e4843689ef921df41cf04cfbcd8bb2629b8d815e7953e93764829f31e6edd5b7f2cb8f254ae79b7b301abc7bba864c4f3f3a69420475240efd2cd82d6a978b589585c006e343fe735212521b8bb961ee16abf4f02b7f82e28179a8a17a0e1404d5b804f18ef925e926b23562e56145470966ea1298bb553c214c3bfdc7b709ff6827304ca60bdca0a8bd051def8b0d979103b4563b7ffddb896542fb42a67f7452ddf57d2a46550f11e4232c14adcd2f4024b996d6ea3dad0f8a7a2ce623a57f02b23dfd8c166df1ba3231219dfa6faf0aa5c8e81f122489778cc8bd1560cac6ad5efe7ca14b8ca8f5f81fc3054c1f71374d4616f4e6f23c4f4d147b6e1f341a889f27d9cc9198f14476347a86aaa2bea5aa9b592dc411c33dcc505e70327f8fe1c24f629aac42909ea313c8ffa6fd8adcd6437434010076426987bd29e9310ba5e65d2347bf2db415dc645c45ab8df00a0f9dfb0f8bfc3f0aee21be8158a43e50962776d886aa03859d6429e06c70513797ebbb2de20124ac6d307c92e4ddafacb16e6ffa6cd8634fd2eac472cafa22356a5ecee3aef9c98bc3bbadb72bf9cf0962580695707c9dee33cbd2988e02e4e0110082f75a4b02260b1fe8806547b337aa5aff60f7af05317c7020cfc46012e2898400ccc86ea268724a299615cc29d0a278d73e34f2bab4691649f8b54e51db658ac4dbbe37b921fd5ca261f39f2c4b28a31ba7e821ba5291980cc4fccbc013009e960b418eee1f2ca3f5e005681e3b5794ae5c6ef648a9025f71e2fa27d73a8037816a11f0cce5b8754317520a8ff386b7a54bf30024e6a79c9d66faf1b587588a39f009049b5e802baaef5c5f628430898d9d2d80192f57e9ef4a33bb3fcbe1e4a0dac1ce1e8614df4b17b614732cb6bd36a2c95d314f68d8fb02ef341cea060362d52e7bd5902800456bfe238fa805614212e2224bebedef3767191a006b0e5273762862fe0786e545e0ac82e8ace5028f8c1d3371c46b6df559d5bc411a21bcf3aab623c0516d6a47d7c9b3d83a22d62a0c9979175f7d9029a4a3ad5d2d84f8b4572c008c2ff75468e06839a13fc0d2b51b20cd599d551961503f22df50f4cf79f5d5952134ccce7e207a6bde82510e1abc69333910405e31f05fb472b4044fa3b070e87dd561cf74d2adb0c52628fce8dce6bae6c4f58b8a9f36d331dd499dac8c4e3f5f720b230aacab058a44bf3256db88fa4901830ab245821b050d1f99a741aee0cde58fb65a21b9c39d020b448f4d1d625cc1a9edcef20540f149703af137b33f9faac725f2d433eaea0337395b2202d281a1f47445e0e9fe2d9f460070ce0f113d3a0dac60801b477a9682753b0a202be89b6bb0d5a2510dba8098a030619d41efdef4e800ea277559028881a760832973933c31ed02c1ebf94288e1c9d90652f4eb1b1b47559e62b6cf858b9e24c3b9fecfebd9fce6f35d19b23053da0f6632f354bd4d99d697f26a79bbe4207194dad6adb4fd8e32908d5e580651cae32b1b9bbb5a69e447bc7985153cdb7de8b33b9cd6ebbbb82a210f8c3ab0fdd8a714afecd411a7ed8e2e531e5a70554594adf881f10a07e807787b289ad3453d985a671975a578eac7bd90465ca1bde61637e789c034f199545980fe1d399cae913dea480546fd0520fc954477f11586e447e8264737548cfdd5f972328d712954369e2101ddaf53a2405c825e18c39d9e5e28408523fce6a44b5b135c7b33400cc83eb20d6ab6c89bc6d43a714dcf52f9cede8158b7ffeae02e345f6f05fb66c5dc58b99b93719deb3651940ea3cb04ac0b423ed2ca4282507f9ecdb5220901c687c1c185a521baa969ebfa0ec4bfeff742d7f76ec2b2976f82e91c8c36af9ee6a5552c4417fcc557f678b7713e306e645c327b194b841e97e519970a1df132a9e94f5b943b549c1063c23f5d1d661909646e4d41fd72f82ca0fdb40329fa5b1b39df3d5ebf8838626346fd8998fe01a6db938759c3e7693a7c30545aac557e66fea5ccfb8fa9d447051eb7271a1279955c24af4d90c18c3bf42e728e15ada1c523a75a317a41f12803503e2174d44cb25e7fafb41c8ff4e5bd456991f7c0053c7f1c0dc03b8e1ea067d85d1e910a706d6f15005bfb39a8dddcb81daabc3f0706395e79487eaac42edb08379698612d69a85e0abe0fe96287e953e0da0f149903bd388c4c7f3ad29da7ea35503a6d0321f2706d3d368ac40bb7246c82bef", &(0x7f00000002c0)="922b6fc46c3acbed4ebfb951dee10120018f86875f50f9733ffbb4062f81964c7412d862492e9ad0a9bd92c95ac15f663e80f476e283b9f6d7d746fa0e7757f3c67c2fa8f8749801f0b776ff75a6befe6107ce24c3dbad8efc1af03db63d13cc2774ee1c3b82f25a3f14591362a3e31928b8cb8a747d3f54691597814f2c98e454908c0e58e4faa9f1288e2e35b425fbdb5986449624969932beb1176a27ca72967e5553cf747b27603a20b5fdde64d2408ec32c1d4d2682155f586bb4f9bbe47a72a4748f05a957311301ec033235eee6fa5b", 0x2, 0x0, 0x7ff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610418000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48)

1.829756419s ago: executing program 4 (id=7122):
socket$nl_generic(0x10, 0x3, 0x10)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r3, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r4=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4000000, 0x0, 0x1ff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x5}}}}]}]}, 0x70}}, 0x20048000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000300000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7], 0x90}, 0x1, 0x0, 0x0, 0x800}, 0x0)

981.556591ms ago: executing program 4 (id=7135):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a00000001000000dd00000009"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020205d0af8ff00000000bea100000000000007010000f8ffffffb702000008000000b7030000ffee0000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x14, &(0x7f0000000000)=ANY=[@ANYRESHEX=r1, @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000007020000f8ffffffb703000008000000b704000000000000850000000100000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x7de3, r2, 0x4}, 0x38)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xd, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

919.159694ms ago: executing program 4 (id=7138):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x200801, 0x24)
r3 = socket(0x15, 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x1ff, 0x2, 0x6000, 0x1000, &(0x7f0000236000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x1ff, 0x2, 0x6000, 0x1000, &(0x7f0000236000/0x1000)=nil})
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setopts(0x4206, r4, 0x0, 0x0)
wait4(r4, 0x0, 0x80000000, 0x0)
getsockopt(r3, 0x200000000114, 0x2717, 0x0, &(0x7f0000000000)) (async)
getsockopt(r3, 0x200000000114, 0x2717, 0x0, &(0x7f0000000000))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000240)=@nl=@proc, 0x80, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/100, 0x64}], 0x1, &(0x7f0000000480)=""/86, 0x56}, 0x20000043)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
lseek(r5, 0xfffffffffffffffe, 0x1)
sendmsg$IPCTNL_MSG_EXP_DELETE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="20000000020201080000000000008fa106eb0007040002800600074000040000"], 0x20}, 0x1, 0x0, 0x0, 0x4800}, 0x20000810)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x70, 0x3, 0xa, 0x76a9bba1a690db0f, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_CHAIN_HOOK={0x5c, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_to_team\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_vlan\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'wlan1\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'virt_wifi0\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8b800e}]}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x40091}, 0x24000840) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x70, 0x3, 0xa, 0x76a9bba1a690db0f, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_CHAIN_HOOK={0x5c, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'veth1_to_team\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_vlan\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'wlan1\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'virt_wifi0\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8b800e}]}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x40091}, 0x24000840)
r6 = socket$kcm(0xa, 0x922000000003, 0x11)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f00000007c0)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x80, 0x0}, 0x0)
getrusage(0x0, &(0x7f0000000000))

839.547229ms ago: executing program 4 (id=7143):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
mount$9p_virtio(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', &(0x7f0000000180), 0x42, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=virtio,aname=-'])
read$FUSE(r1, &(0x7f0000000980)={0x2020}, 0x2020)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x4e22, @remote}}, 0x0, 0x0, 0x25, 0x0, "394281e595fd9eb506cd1a5555af72cd375de18882e299a83da979fa66c8f49889716b8dc73f6c5518c12abfb88e8b811ed8bd3623253c58eed51af8b75008e2576da2b0f564a63d98fb21dc8ab90d76"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0x20, &(0x7f0000000480)={@in={{0x2, 0x0, @local}}, 0x3, 0x0, 0x1a, 0x0, "5e3b86774ef89ec6e9fabcaff49c2eeb8c4614c85b196a0c67a3768e058e3008931c08d43101cb8242bc42b8e0662749300600000000000000000000000000000000000000000000000000000200"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x4e20, 0xca31, @mcast1, 0x8}}, 0x0, 0x0, 0x3a, 0x0, "272fe70c90d11d72d52a089f7249d4093fde3ba38bb5d19ef8e1057fa63fe5d912b39c8bbc8cd2dc217d0cee96c3fdf8fc0f1c7aaaed161a9d6122b3eafcd74b60cd86d7ce46db1dd972e0b4d764d19e"}, 0xd8)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)

699.480722ms ago: executing program 8 (id=7148):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000490000000000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000008c0)="89", 0x0}, 0x32) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000008c0)="89", 0x0}, 0x32)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
socket(0x2, 0x80805, 0x0) (async)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="30200000000400008400000001000000feff17040c0200000000000000000000000000000200000000000000", @ANYRES32=0x0], 0x30}], 0x1, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e) (async)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2) (async)
r4 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000000)={0xfffffffe, 0x2, 0x7, "8baadc00000c001c003d0e00", 0x32315241})
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0) (async)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r8, @ANYBLOB="00001000252155b21c0012000c000100626f6e6400"], 0x3c}}, 0x40000) (async)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r8, @ANYBLOB="00001000252155b21c0012000c000100626f6e6400"], 0x3c}}, 0x40000)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0)
write(r9, &(0x7f00000002c0)="82375de3eb363d6bdccde88ba8d12b5c3a91ae30e8b6956bf08fb416e248fe0666b642e91bce6feeb340717e630167dcbe913a67c240e80408cda0968470b71c09892bb50884f44b514c840bee9f1e65604a5d215307eef0296f82e6ab1a42a6d745de99dd3c8596228f9119c385bd2eb67cd58d36a0fdac7b8d2774f91affcd60bb6bf1b290d9bfd25b67cacb69dfae634a983d0706fe7919d335a8bf36f8e8b62cbd17c9009efe74975f7fdc5e61dd3e898f42a16c7fecab271d72e175ec50e034085f2c75a14af232ab06ab22f56915084aab1aa36b425f1c4ccc98ce7415526b3200", 0xe4)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x503, 0x0, 0xfffffffc, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x3c, r5, 0x1, 0x1070bd2c, 0x25dfdbfd, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}]}, 0x3c}}, 0x20000034)

368.770304ms ago: executing program 8 (id=7154):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r0, &(0x7f0000005300)={0x0, 0x0, &(0x7f00000052c0)={&(0x7f0000005240)={0x1c, r1, 0x1, 0xf0bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x20}]}, 0x1c}}, 0x4000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e21, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
listen(r2, 0x5)
syz_emit_ethernet(0x3a, &(0x7f0000000380)={@local, @empty, @val={@void}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x23, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x6071, 0x0, 0x9}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb0}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x2a}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

368.126359ms ago: executing program 8 (id=7155):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'lo\x00', <r1=>0x0})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000280)=0x1)
ioctl$TCSETS(r2, 0x8926, &(0x7f0000000100)={0xfffffffc, 0x0, 0x0, 0x7ff, 0x0, "5dee0000005900"})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8}]}}]}, 0x3c}}, 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x410001, 0x43)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000fe"], 0x24}}, 0x0)
renameat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', r3, &(0x7f0000000100)='./file0\x00')

367.880228ms ago: executing program 3 (id=7156):
chdir(0x0)
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = syz_open_dev$vim2m(0x0, 0x7fff, 0x2)
readv(r0, &(0x7f00000006c0)=[{&(0x7f00000017c0)=""/4096, 0x1000}], 0x1)

250.081549ms ago: executing program 9 (id=7157):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000140)={'\x00', 0xdb, 0x6, 0x3, 0x8, 0x3, "000000ff00070000000900", '\x00', "05032000", '\x00', ["9ef806070000007eff7d7f00", "000000000000008a982abd00", "ffffff0200ffff7f00", "00720cfcff39f900e9392000"]})

249.804228ms ago: executing program 3 (id=7158):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2, 0x1}]}, &(0x7f0000000180)=0x10) (rerun: 64)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @empty}}, 0x180000, 0x5, 0x3ffff, 0x2, 0xb5, 0xfffffffc, 0x4}, 0x9c)
r2 = socket$kcm(0x21, 0x2, 0x2)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) (async)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200008c0)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000280)=ANY=[@ANYRES8=r2], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) (async)
socket$kcm(0x29, 0x7, 0x0)

248.860698ms ago: executing program 9 (id=7159):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000ff8000001294", 0x2e}], 0x1}, 0x0)

199.897054ms ago: executing program 3 (id=7160):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket(0x15, 0x3, 0x3a)
setsockopt$MRT6_INIT(r1, 0x29, 0xc8, &(0x7f0000000340), 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001811ff00000000000000000000000000000000ff86"], 0x52)

199.783034ms ago: executing program 8 (id=7161):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe, 0x6}, {0xfff1}, {0x4, 0x6}}}, 0x24}}, 0x40004) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) (async)
keyctl$clear(0x7, 0xfffffffffffffffb)

199.640695ms ago: executing program 8 (id=7162):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000100)={0x9, @pix_mp={0x2, 0x10001, 0xb5315241, 0x7, 0x1, [{0xf}, {0xffffffff, 0x7}, {0x81, 0xd16}, {0xf, 0x8a56}, {0x81, 0x9}, {0x0, 0x9}, {0x5, 0x7b}, {0x6, 0x1}], 0x6, 0x81, 0x1, 0x1, 0x6}})
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wg2\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40010}, 0x4000000)
r4 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r1, &(0x7f0000000040)={0x2c, 0xd, 0x0, 0x14, r4}, 0x10)
r5 = memfd_create(&(0x7f0000000a40)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x06t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\x04n0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81\xbd\xd5\x00\x00C6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ\x1c\xd11\xfc\xa7\x93E\xff\xff\xd0\xac\b\x01\x10\xcc\xcd\x9a0\xd83\xb6\r\xbb\xe1u_KUd3l\x862\xa8I\xa7\x8f\xfb\xed\xdbn\xbd\xbe\xf0+a\xc8JC\x03:&9\xae\xb8\xd8TdMf[\x1c\n#\x87\xfc\x81O`\x19P\x142~|\xdf\xbc\xaf\xe4^\xac\xa5\xfbyy\xcb\f\x14}g\xa7\xc2\xe1\xa9\xdf\xbf\xdbV\x94:\xa6I\xa9\x15\x0f', 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, &(0x7f00000002c0)=0x6, 0x4)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r6, 0x4bfb, &(0x7f00000002c0))
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xa})
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2000003, 0x4010, r5, 0xb5564000)

199.373155ms ago: executing program 9 (id=7163):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000001200)={0x100, 0x12, 0x300, 0x70bd29, 0x25dfdbfb, {0xf, 0x2, 0x5, 0x4f, {0x4e22, 0x4e21, [0x2d, 0x6, 0x6, 0x7], [0x9, 0x1000, 0x4, 0x2], 0x0, [0x8, 0x81]}, 0x2, 0xa0}, [@INET_DIAG_REQ_BYTECODE={0xb0, 0x1, "92a41987e1b3181f8b541de345dcb09400ba945ad74d154741c860e3b7ad6d7e734d55b586f92e3b397aa110c49a084b262a6b47854438ae980b7dcd660b3e84dba41271939640db69bd4b5d9cc6dda1365cea333ec4ed9c1f3e6c2b5d9abf3823bda587cc065bd44b8176a98abff06aabf20943238637a8c3cecd6d1f2929bd722c4d799b4cedf153c5732d0e9c67c027fadbc5a2242dd9d553ac29bc289eb1a47df321417802c401278365"}, @INET_DIAG_REQ_BYTECODE={0x4}]}, 0x100}, 0x1, 0x0, 0x0, 0x40000c4}, 0x4840)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x18}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0xac, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x70)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x400500, 0x0)
ioctl$KVM_GET_STATS_FD_vm(r3, 0xaece)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x40, 0x24, 0xf0b, 0x3, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xfff7}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x55, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x1000, 0xb, 0x4}}}}]}, 0x40}}, 0x0)

79.659532ms ago: executing program 9 (id=7164):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000cc0), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/10, 0xa}], 0x1) (async)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) (async)
setsockopt$inet6_int(r4, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) (async)
recvmmsg(r4, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) (async)
sendto$inet6(r4, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) (async)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x100}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) (async)
syz_emit_ethernet(0x2b, &(0x7f00000023c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xe}}, "dd9dec79219ea94993"}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000140)={@local, @random="6cf6566994c6", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x2d, 0x44, 0x0, 0x0, 0xa3, 0x6, 0x0, @remote, @remote, {[@timestamp={0x44, 0x1c, 0x3c, 0x0, 0x4, [0x0, 0x2, 0xc38, 0x9, 0x4, 0x60000000]}]}}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}, 0x0) (async)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_DEL_MFC_PROXY(r5, 0x29, 0xd3, &(0x7f0000000280)={{0xa, 0x4e23, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, {0xa, 0x4e21, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffff237}, 0x0, {[0x3, 0x5, 0x6, 0x7ff, 0x7fff, 0x5, 0x7fffffff, 0x8]}}, 0x5c) (async)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000240)={'batadv0\x00', 0x100}) (async)
write$P9_RSTATu(r6, &(0x7f0000000340)={0x230, 0x7d, 0x0, {{0x500, 0xbf, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x230) (async)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@ipv4_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x19, 0x3c}]}, 0x24}}, 0x48850) (async)
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$WPAN_WANTLQI(r9, 0x0, 0x3, 0x0, &(0x7f0000000200)) (async)
sendmsg$NL802154_CMD_SET_TX_POWER(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000080)={0x28, r0, 0x1, 0x70bd2b, 0x25dfdbfa, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}]}, 0x28}}, 0x4000000) (async)
memfd_create(&(0x7f0000000840)='[\v\xdbX\xae[\x1a\xa9\x00\xc2\x9aml\r\xcf\xaa\x13\x99\x85B\xc3\x06<\xc2\xa9\xc3\xdb\x88\xee\x85md\xc8\x85HX\xa9%\f\x8fe\xe0\x00\x00\xa8\xfdn\xbe \a\x0e\xa3\xb9\x1d\x9dO\xbdj\x00\x00\xfb\xff\x00c\xb2\xc9\ap\xd0\xa2\x82\x1e\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcb\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2\xa75\x9d\xcb\x1e\x80\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x00uNh\xc5(\xbc\xf3\xac{\x04D2\xf2\xcd\xc2{E\xae\x89\xddI\xc8\xc6\xe9\xef\x98\xf0\x8b\xac\xa7R\x10\x011\x9fi\x00\x00\x00\x00\x00\x00\x00\x00\x002?D\x86\x14\xa52<\x87n\xf4\x04R\x15\t\xb8\xbeT\xb8\xe7K)\x1fP\xb6\xce8\xcc\xabe\xcb\xd0\xf9\xc9\xfe_\v\xaa#\x8f\x8asu\xb2\xfe\xc4\xbe\x03\xd3\x93E\x1d\xaf}\x9b\xac\xc2\x9a\xe6W\x92sD\fn\x9e\xc2s\xc6_4\f\xc1\x8b\x9a\xa4_\xad\x9b\xb9 \v\x0f{>\xdf^.\xb8\x96\x1d\x99vY\xa8\xfa\xd7i\x94i^;\xaa\xe7XA\xd2\xc5\x02\x12I\xbe\xd0Ksq\x96 \xbf\xed\x1c\x91\xeeN\xda&\xddtG\xc2\xa8j\xae\xac)\xfdNu\x19\x91\xa7z\x1b\x0e\xab\xd2k\x16\x87#\xf6p#\x8d\xdd?\x9fXV\x12\xa9\xc7v\x02\x98g:4\xb6\xcaY\xc2~k\xcb\xef]h/\xa2\xaf\xc4\xec\xdc\xd4H\xed\x94qNY\x85\x87&\xf1\xbb\f\x02\x0fo\xae\xf4\x19|\xc4\xfcL\xdb\x00\xedrK\x13\xb5J?s\x93\xe6\xda\xf0\xf3B\x8d\xb4\xd8>\x12\xb0\x8e\x8d\xdaQ\xa2\xd0\xbc\x92d\x9e^\xbc\xd5\x8aNf\xefa\v*\xb08\xfc\xd2\xa4\x11`\xae\x98\xcc\xe1\xea\xc2\x1dKR\x0e\x1cK\x86\v\xba\xdfz\xa8\xdf\xb6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xe9\xb3@\xe8\a0\x1e\xb8L\x83\xc4\xa8\xb2\xc1\xf8\xae\x1d\x198\x0f\xfa\t\x88+\xdc\xe1\x01@\xbd\x8ba\"|\x14\x1bF\x9b\xd3\xff7\a\x1c:U\xba\xf4\t\xdc\xef\xe3\x11\xdb^\xee\x8c0\xee\xde6:\x80t\xfb\xbc^K\xb4\x8c9\xb0\xec\x82\x127!\x0e\xa3\xc9\xe0\xea\xfa\x0f\xbb\x0e \xc3\xef\xb2<S\xd8\x11\x8b\x9a0\xea1\xde_\xcfW\xfa', 0x7)

79.338231ms ago: executing program 8 (id=7165):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x4, 0x0, 0x20})
r1 = gettid()
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f00000001c0)={'syztnl2\x00', <r3=>0x0, 0x4, 0x9, 0x2, 0x9, 0x48, @dev={0xfe, 0x80, '\x00', 0x36}, @dev={0xfe, 0x80, '\x00', 0x14}, 0x8040, 0x20, 0xfffffff8, 0x4}})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x2, {0x1, 0xff}}, 0x18)
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5, 0x8000000000000003, {}, 0xfd}, 0x18)
sendmsg$nl_route_sched(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@getchain={0x24, 0x66, 0x400, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0xffff, 0x3}, {0xfff1, 0x56e7de01af07971a}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004845}, 0x480c5)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x30200, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000240)="b805000000090200e1490000320f01d9660ff7e31bf7ecec05000000b90000c0fe0fae41d90100b9800000c00f320908400f300f0826f30fc7b2050000000f32660fc775022e0ffa600c980f320f3566b857000f00d0", 0x56}], 0x1, 0x15, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x6bb6c4a5b2d35090, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r8, 0xaead)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000040)={0x11, 0x9, 0x100, 0x9, 0x102, 0x10004, 0x6, 0x66, 0x1})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x20800, 0x0)
close(r4)

78.757707ms ago: executing program 3 (id=7166):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan3\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r1, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0x45)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000200)=<r4=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000240)=<r5=>0x0)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_FIRMWARE_NAME={0xd, 0x14, 'nl802154\x00'}, @NFC_ATTR_FIRMWARE_NAME={0x7, 0x14, '[@]'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x8400}, 0x80)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, r1, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}}, 0x0)
r6 = syz_open_dev$vcsu(&(0x7f0000000480), 0x8, 0x400)
ioctl$IMCLEAR_L2(r6, 0x80044946, &(0x7f00000004c0)=0xa1)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r6, 0x4040942c, &(0x7f0000000500)={0x0, 0x3, [0x89db, 0x8, 0x2, 0x5, 0x69, 0x6]})
ioctl$TUNSETVNETBE(r6, 0x400454de, &(0x7f0000000540)=0x1)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r6, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x90, 0x0, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6}, {0x8, 0x15, 0x3}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6}, {0x8}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000010}, 0x20000001)
sendto$inet_nvme_icreq_pdu(r6, &(0x7f0000000700)={{0x0, 0x4, 0x80, 0x9}, 0x0, 0x0, 0x1, 0x2}, 0x80, 0x0, 0x0, 0x0)
epoll_pwait2(r6, &(0x7f0000000780)=[{}, {}, {}, {}], 0x4, &(0x7f00000007c0), &(0x7f0000000800)={[0xfffffffffffffffc]}, 0x8)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0xc0709411, &(0x7f0000000840)={{<r7=>0x0, 0x8, 0x8000000000000000, 0xf, 0x400, 0xb0, 0x8001, 0x7, 0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xfffffffffffff2be, 0x9, 0x8000000000000000}, 0x10, [0x0, 0x0]})
ioctl$BTRFS_IOC_TREE_SEARCH(r6, 0xd0009411, &(0x7f00000008c0)={{r7, 0x0, 0x2, 0x7, 0x2, 0x1, 0x6, 0x2, 0x2, 0x8, 0x3, 0xe, 0x2, 0x9, 0x7db8}})
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001900), r6)
sendmsg$IPVS_CMD_DEL_SERVICE(r6, &(0x7f00000019c0)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001980)={&(0x7f0000001940)={0x1c, r8, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
write$tun(r6, &(0x7f0000001a00)={@val={0x0, 0x88f8}, @void, @arp=@generic={0x312, 0x85c, 0x6, 0xe, 0x3, @broadcast, "f63bc2ad94119e1a5995a1ccbb5a", @random="3391f0c3c325", "5dffb05ae7961aa598cecbdb46"}}, 0x33)
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000001a80), r6)
sendmsg$SMC_PNETID_DEL(r6, &(0x7f0000001b80)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001b40)={&(0x7f0000001ac0)={0x68, r9, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'macsec0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge_slave_0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x68}}, 0x4004004)
close_range(r6, r6, 0x2)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001c00), r6)
sendmsg$TIPC_NL_KEY_FLUSH(r6, &(0x7f0000001d40)={&(0x7f0000001bc0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001d00)={&(0x7f0000001c40)={0xa0, r10, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x44, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3c1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8a54}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xffff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5e}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40}, 0x4004080)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r6, 0x84, 0x1c, &(0x7f0000001d80), &(0x7f0000001dc0)=0x4)
r11 = openat$fb0(0xffffffffffffff9c, &(0x7f0000001e00), 0x88041, 0x0)
ioctl$FBIOGET_CON2FBMAP(r11, 0x460f, &(0x7f0000001e40)={0x3c, 0x1})
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000001f80)={&(0x7f0000001e80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001f40)={&(0x7f0000001f00)={0x28, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x54)

77.010363ms ago: executing program 9 (id=7167):
chdir(0x0)
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = syz_open_dev$vim2m(0x0, 0x7fff, 0x2)
readv(r0, &(0x7f00000006c0)=[{&(0x7f00000017c0)=""/4096, 0x1000}], 0x1)

463.083µs ago: executing program 3 (id=7168):
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000140)={'\x00', 0xdb, 0x6, 0x3, 0x8, 0x3, "000000ff00070000000900", '\x00', "05032000", '\x00', ["9ef806070000007eff7d7f00", "000000000000008a982abd00", "ffffff0200ffff7f00", "00720cfcff39f900e9392000"]})

224.551µs ago: executing program 3 (id=7169):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
sendmmsg$inet6(r0, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="0b0ec2a1e3fc84788972f461fec29e0fe5be85ea822a7348bd54a57f68a85a2284ad43c367bae5f7bd6c1e1d9017109e232e5bb561d279a2c06d351b1d508780b32fa2b07a0cd31f1b8b9acdc89d4d5725350a9ec9303e53def89bcb6bb6ea83324927b43749f25be60c4f8707382b8e3062032c28dcccb784fdcfe6f2febd55e05bf1ccb63237c1d1bea4db828a5be79e518cf55a88e130609528b8aff64359e76eee93584aad3f751172c449fb", 0xae}, {&(0x7f0000000680)="5f62f632763c84825847145170282f67ba6d5dadf0baf135d503e93a17ee560409202f4c5f0de32b0e53e4d26d04c825d923318fd574b1924b09ebb91d5be30b532a2fb95030c6be2a14ccfbce6eef05ea88d2413dc3fc0ae8a2e071f8764a4843611ae28b340100ddefa8ffed32420677397aa63e880adc56d03d8799429f33741886bd6c4065bba5005d74f67508dc3434165b51bf8f73bf1a7c158d8905e518e8", 0xa2}, {&(0x7f0000000740)="dfd1db04f5eef4b5714a69f5392e27d1b79a961a16fbdc4f01a9e38a1f95f939a209f049ad8d4f9447506fd73cec26b8246758f684013c99b717e119d15432e9d46da8a0c25e7e3771b0b146e56d2fcf8107332acc1c56948171260ed44c97919f70210c914c1098c9ac622d46f0ffae373480c9d8e590395ea4365569b8ea75ea1a9a181cfa88541804ec97980211c9b7eb2235d6f0b644fd31dda9bc2cc99434e0df4934d0", 0xa6}, {&(0x7f0000000c40)="a405df87c6e89abd7ae7e6b8550f9923917c9d38e14a4e9ace3100b34d0056282b7ed43e9c", 0x25}, {&(0x7f0000000800)="f76c72c4066a174e1300da0da7d191a618fc5793ff23c6328c6d61df0a2fb72441d4ded25cf7b5f31eb5d65e412665a6177f09ca3ac5cfd751577dec547711dc43b694a601fcb6575547ee6ec2a01c32b65d3429fbb9623a83d457d3ddea9eb90ab14b6b323a9358af0b55cff95844d5b47f6994a72f984e19e961cc00f6e364e141c8", 0x83}, {&(0x7f00000008c0)="4b000ffd096c1b77cd99b1458609c4b82100375ca9411e734cc8e9627df29e9b97a002d7f15ea9f42bd71401384ed6b5772b5c618c35c4aab72b1d515ceada9e64d7a35fd435e98f06243fcd53966c196ff3f47537912a1a5dec7e8e1fbf4543d1a6c80467d6ba3d241e3fd22efa09c638c98b4ce9fbe6d2053fcfa334eaee64efad2d349f048afb2635ae06c05697746fe073ed230c9c7c4643396305424c1c7eaa3ee09891995a607de26be9abcd2b65a4f9093da8a07eea61b1ff21ea3b323b191f95b997cfdface3dc21a664e38896f9f689bc06f4800d5c977102358770b0d8425f098be9383b5e487e7165e847191d5e95233e971edd", 0xf9}, {&(0x7f0000002380)="a66554178426362975b882a7d6b43fe537b6b0036a966a05363793ec2f6830cc5b81e514b9cbe4c27c3f3a581556b832100a4233e3e80fda14dd84611893300a863a8a6f6d8e0c7633e168ad7e25d4bd14ba6812101488e9444165b8100d576a996fec019ae11a03498329bcbacd0e8a206bd0de0c7e09f64a57d56974599f09aa148b4224dcffe1b5a1e55bbc1fdae8bf2f72437cf399c4cda11554b21158e3ddb00ddb71a1bd1daa50d631b027238397d692214223af1d685e7a3318da65c9233eba674ff72097411ef3ee19b892b1b36eeb925a6698f4d455b02163a3504ee6accffad7aaf9d19763d886272559ef0501594ea23d45a43e13bba05d7d332750ce5d9d3b37d234f46464fcc5f495e0fae02a24efd67db315c92f9483196bd38b38b3675bc0de5873f9d7b01ee5c564f5573b474e3c9f3b955929d9112007049e4245d68b93f365a90d35c837cc13999f2d6a23be87786e4234d74b1160669c7962b3b413201192565fb93252c153dd735e280e01d13dc34468f67684a4308c7dbe07687e0f56fa54f44b0141895ad75781ca026d813e8c17794b9d87d97136d29aced71b1f526dfab6301b78f1deab7949c97cce6616f4afd46a331e2fb54342dd1964c70a2717f4239c9e5157ac93c42d05f230da440a9227f0f82ee95cc79ca2d3da3f889b37f85f50d75711a910a57d213edb4b981cde33e01ec960885f31511ed7f8e01ddd36d76e1b1e40e81cd21ef9c34134400fdd94e34e5d77f4b7ca3612663e0f6b364be4a9dc775f3b12386ec04960524a9a5e6879e50db657c89a7dc7ec1f919ba8c77e926538599e7969868a5ef3e92817a3402c13de0efcb9fef445ee49f4b0ed26c5dbadff51459d5229661e4b7d2548c9ea4ce89b828daf5f5873e1d9e693ba037fc00ccc3dd74096c0f1ea508ee96ad7d85664947193e011e2f037917af7716d7f27cac25c9785f13baddfeba40997af5f6f4029cf5b781b654a635ee8696078d99025012cbad5af13bc26e2d100726fc98c11f8f16057a8506f29cf30bcf9ab7883ad1708d11bf70ee54fced84c69d90eb302e8aff586c0b25893e09868426cb4649145ede32035c47360fba7fe863cb00b86f583090c5b8d8549ba62cb822ed182fc07f029a826b5c86dccd603408bfc060c80c8ae21be086998f45923e1fe36eea10a66a55cc9f3cb6a296535dabc831fefe26b80ee47c723c596c51e1d7c073df20874eef79a291934c4c6a7c6b656595fc76b25d0d50590c1df29d59842a19a6acd60e783069aa0c21d792129132d59d12cd4417583dc967d7d44f392770da18e30a70a330e7b05aebf09e93aa545ca382a29f810e8a4efc0fffd3660f76892c2027daccfd743734c359bacaec86e4f15ca31b83894b67b3a3539cb5567bbcacd9a52c9b8d87252ddab0dbdd373f7150b87893fa4b6c5e6016f2146471f092a2cf4c75b6ed08a2f27f9f68d1817d7e782c0fa3026fd4e283b6b23bff2a9d84f5cdea217ce396080b623fe6d5da91fcab0e563b8c54af99007f6680efc9fdcd35d1d2ad8539ee04744e38c750114de55b80192c5d6aee8cbc34a47426bb22a9e3e2fcb87530c418a65fad7d5fbb15f569a69fc2cb92dad8f574330fdf2aa6033d1be037d5e3e964ff01329c43401bc86a72025288100ce86c053b922e9a7a692912bca4dabfc0e3a8966a65c96d3a420809c2d600928546a4ea26ff7100081f3ca8a70c64b3a4fc33b3e2546ff4a43502d448f2c0b274a244d32c955b02d897b1c53a2724ff886a1ccc91ea3a22dbd1f5f3f2e33db9ac9aae458a27e2a529ac2d8671f0e30df63a5d1a579b8f5a68f4a53fb4f3f76d41bee8e10635606f2a7fde9af7bd0df3ab9750b0c6c962fbc36e9474e3efac01ea98a4fe6e0f819d62dcde2b9b77fb0d430495ee042d1e70a52debb0d13b09906f77327dd4ccfe2b6796f9aa5e5b2fa9b2249c66b49cd7e1cbdb194c239d7e2e0928a45c8c55904cd345c5d8b92a5526ff51b5c2e477089eeb16cb3996c243c66a82f4349370ac26bef5d900ec582f274cc38b0258993de6cc79574fdacb895721fd4d04f84c4d89e109629f48a24fb3241882f154a35ae6659e0bb35af409c51cb11a26413be88a1e5ae1e8d2b1333a6c80c42c654f269dd875aa7f19517f62b8e031f11bdb11bafcf4b4f06496142579f7769ee41dd24701cd3ed016030f7d5cf24a4cfdcd9b05e38524cd1a81e16b948672329bd111f7442bdc81b68b36495b5f4aa44d7c2fdea8703849a17f7d3327086355ca3b36c10eb38556bf95b3575ba32b97f268af1f1347ed28368828124361f6c1e6b64e6ba9efc3094d50bb049c35db5ea2b3c76576b1a8f37da0711436048ae443523032497e542c04458f04cfffd11c53c431065c20e8add72c0c31caeec12d0bf391fa1c0a75e23d39c31da409083f768f545090b05c54084ffc5d7fd85cea725807638f4ab0026204452a8c198cc60133ce00e9a2b9ebeb30d7f33a1bb25cb2948bf44288cce43b6ac13012d8860fce83d9a0f6f1886723f41130466186ac56d5384bfd04fe87c67528996c1ee1ad8e551dda563e75d5dc8ac6a47990a62c915dc23f4ae6596dcfdb44661de969aec7f6d3fa8f05e106a8db7abeb3682bdc8e87aefbb09e642b2cef2919ddc55ded8dbce0606d3c4a0747a293a991b8cd832381c30813b887a22c2df569c12c430cf7471578eb787acab65b54569bece6921805af9ac41b268ce329a25bacdb02f8f3c4ef930f1799ff940f42c21955ddd5496234d62447d1c9d8e0cc7bb8fd5ca5e9fa2ef99105a4d44d6ce37532407fcccc4e71103baa0c7ff1767e05762424d9301294daa95523792cb73b348c41ec713d19c2b917a4dc50be3f0742762e5055cd6ebb3afa2b89a94c6a921e039ddaee98fc7a961a5e415322bd4b333d83768ee8945f29556f94372a16285cb1ff103640d93b837861f1d0d9e65fe35583b6f76889e7d09a2cdf3c2ef305a0f6d205deedee94ac602974fa58284e33aee55947a7a042abf0759ec8c1410493114454320b5003f23dac1c600a471ff09bdbf5bb40be87a69d388592241d9989f0435eeede193e6994b80a2145eca4afb5e691341e37e4580b0c54d7fc506cc9641020cd342a85fe56946e49854756ae6534edd03de881481e11701851f0f30fedbfcf335c3855c8d9541ef234f8718fbb0d9f127093a3e7c1d49d8a20729ab41a0118683b7044ee490d7137bebbbbfb245d5e30356e102eda0052a37cca70c221475b5c596f68c745701dc6e31f7846270bcd516ded5d0b4666b249a32f0acb1b8a7de8e6f007ee740561f64b7f30b4764ec5116a1eda1526225ddd01b1d999ff17d0798be47e3a5957011aa6e03318897ce1c452b78f9badf89098fe696894953581b01ceffc4fa0eefd654df9ea70b1f2f1e287192a5a20a381e8fad0fb99814208970902fdd28cf6a6457d7873a76359e226e5b203bd6f85bea30cb0ab5817e1b32fbbbd33a4e67f3771b7256a3a9ec20dae8a248af32a909bb5ec28f0f85722b81151f0f0a500a5c39c36476ac42c30bcb68a61a13141541ec54d895f0d7ca1afb728202e77f2f85170a3c2de378f1cfa0c2d1b0353f5d2fd0537017dc5510232a7a27a444476bbca2b84394639cf8ded35568868f9dcfa445b33c694aa8696d899afdf0d98a542e6a3c0212480ef3063ae0b8bcaa133978e9ebd76a3ccf652b0022b3cc7f1c9f2731c1c08f45fc84f7dade8471f6855e3005d75390e36a6646b8ac0dd5da9f9ef4bc35639ac96280bc47a547c0941af4516278b66469c7fc22932cbb2ac92cc12745bdf4ab4411d48396120f0e397ff6c22c54873296a897928d0158a5e63e6d48016cb4af44a3d71296acffe59241a8537f8b2cbc88b8ee2f4090e8e16b8af4700a60d0c199cc45cedf8dfe9a78ddd8637f7a9cfc16b078b1f9acfb8cb35f94b7564b1e23904e40dd5bdef1c78397457c05dd1108c3257bfda2e36b31969e8642c825c9dafe2fa4ee2708023c26255e6c41c2c873923e98eb1397dbc51324dfbec7943a5564fa815b9492d53c6cf6d42cd07165ae54e81f7989f2e406a13bea4df4d4a6971d81a4492e5703b6ba1f21ca5ffd68cdb15a713abd70d411e64d873b9f36ced7f354273c5c9782dd8a410ac28fee250f4b82095f4ab7a5c5a7d57114b6196cc2accdb44e39351a5d7c2c519ff861db8e4a368fdc1c5459f2b4cef0076d9b57b9ba2e76b3d8b87a515fc5c777d7e8023ef898fcf31365abc3e0a1307fa85f29d3c8a7e70d58b1228e8376c212ffb76f895aadedcf3f70bddcc347473dba5602d7734c4e9a2054cd3763acbb7fe82155d4a50e6a72d917b22b16ea8abd987834b4b1b04556e5442b1b643fa842a08ab5d860715b250447170c8d30829730a53974b6554a6454bab2eeda2966cc13a02a2b2c2e157ccd1795bcbc9c7bec370d9f492745b7c03c5ba21a45ff", 0xc69}], 0x7}}], 0x1, 0x20048800)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff78, 0x0, 0x0, 0x0, 0x0, 0xff0f}, &(0x7f0000000340)=0x40)

0s ago: executing program 9 (id=7170):
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) (async)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vxcan1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vxcan1\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {}, 0x2}, 0x18) (async)
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {}, 0x2}, 0x18)
sendmsg$can_j1939(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d, 0x0, 0x16, {0x0, 0x1ee, 0x1}}, 0x18, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x88c040, 0x59)
fcntl$setlease(r3, 0x400, 0x1)
fcntl$setlease(r3, 0x400, 0x2)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x40095505, 0x0) (async)
ioctl$EVIOCRMFF(r0, 0x40095505, 0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x4c0240, 0x0)
sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0xe, 0x6, 0x801, 0x0, 0x0, {0x3, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000004}, 0xc0840)

kernel console output (not intermixed with test programs):

ck 0, async page read
[  705.485995][T23145] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.488660][T23145] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.491357][T23145] Buffer I/O error on dev loop6, logical block 3, async page read
[  705.578469][T26933] QAT: Invalid ioctl -2144835806
[  705.637029][T26933] QAT: Device 2 not found
[  705.763030][T26937] __nla_validate_parse: 5 callbacks suppressed
[  705.763041][T26937] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6384'.
[  705.768124][T26937] validate_nla: 4 callbacks suppressed
[  705.768132][T26937] netlink: 'syz.3.6384': attribute type 7 has an invalid length.
[  705.772392][T26937] netlink: 'syz.3.6384': attribute type 8 has an invalid length.
[  705.775007][T26937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6384'.
[  705.782627][T26943] netlink: 'syz.2.6387': attribute type 10 has an invalid length.
[  705.818792][T26941] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  705.821292][T26941] SELinux: failed to load policy
[  706.011204][T26968] netlink: 'syz.4.6396': attribute type 10 has an invalid length.
[  706.203986][T26974] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  706.209708][T26974] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6398'.
[  706.212517][T26974] netlink: 'syz.4.6398': attribute type 7 has an invalid length.
[  706.214965][T26974] netlink: 'syz.4.6398': attribute type 8 has an invalid length.
[  706.217601][T26974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6398'.
[  706.224789][T26974] bridge0: entered promiscuous mode
[  706.228979][T26974] bridge0: left promiscuous mode
[  706.255629][   T53] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  706.405379][ T5970] Bluetooth: hci1: command tx timeout
[  706.409543][   T53] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  706.415700][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.420802][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.427692][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.442207][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.463191][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.467947][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.472215][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.477518][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.482815][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.486710][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.489716][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.493466][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.497061][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.500051][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.503406][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.507778][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.510514][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.513911][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.516960][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.519703][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.522925][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.529698][   T53] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  706.533949][   T53] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  706.537320][   T53] usb 7-1: config 0 interface 0 has no altsetting 0
[  706.542068][   T53] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  706.544849][   T53] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  706.547598][   T53] usb 7-1: Product: syz
[  706.548995][   T53] usb 7-1: Manufacturer: syz
[  706.550530][   T53] usb 7-1: SerialNumber: syz
[  706.555869][   T53] usb 7-1: config 0 descriptor??
[  706.595566][   T53] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[  706.874089][    C1] usb 7-1: yurex_control_callback - control failed: -71
[  706.878440][   T53] usb 7-1: USB disconnect, device number 37
[  706.880915][T26980] yurex 7-1:0.0: yurex_write - failed to send bulk msg, error -19
[  706.886761][   T53] yurex 7-1:0.0: USB YUREX #0 now disconnected
[  707.000855][T26988] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6402'.
[  707.094089][T26970] macvtap0: entered allmulticast mode
[  707.096510][T26970] mac80211_hwsim hwsim25 wlan0: entered allmulticast mode
[  707.100237][T26970] mac80211_hwsim hwsim25 wlan0: left allmulticast mode
[  707.108637][T26992] 9pnet: p9_errstr2errno: server reported unknown error �@íÿÿÿÿÿÿÿÿ
[  707.305694][T26998] netlink: 'syz.4.6407': attribute type 1 has an invalid length.
[  707.320388][T26998] 8021q: adding VLAN 0 to HW filter on device bond2
[  707.472071][T27016] netlink: 'syz.3.6412': attribute type 10 has an invalid length.
[  707.503754][T27014] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6408'.
[  707.507407][T27014] netlink: 'syz.4.6408': attribute type 7 has an invalid length.
[  707.510559][T27014] netlink: 'syz.4.6408': attribute type 8 has an invalid length.
[  707.513643][T27014] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6408'.
[  707.548134][T27020] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6414'.
[  707.703880][T27029] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  707.716454][T27030] bond2: (slave gretap2): making interface the new active one
[  707.724589][T27030] bond2: (slave gretap2): Enslaving as an active interface with an up link
[  707.859037][T27037] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6419'.
[  707.862403][T27037] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6419'.
[  707.896415][T27041] binder: 27040:27041 ioctl 40046205 0 returned -22
[  707.898917][T27041] binder: 27040:27041 ioctl c0306201 2000000013c0 returned -11
[  708.120539][T27062] tmpfs: Bad value for 'mpol'
[  708.705372][   T53] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  708.868315][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  708.873849][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  708.877293][   T53] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  708.881650][   T53] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  708.884940][   T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.890115][   T53] usb 9-1: config 0 descriptor??
[  709.311426][   T53] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  709.576836][T26577] usb 9-1: USB disconnect, device number 17
[  709.958487][T27109] random: crng reseeded on system resumption
[  711.035723][T27131] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[  711.076977][T27133] overlay: Unknown parameter 'userxattr::|/kŒª¡:yœŸ"|WàFsóž%³P¶çjá°
&:‘åù°j¶dÉvû±W8$óy<$„Ái‰S‹ìÖg™à7l¡˜©T­)t'
[  711.131003][T27135] __nla_validate_parse: 10 callbacks suppressed
[  711.131022][T27135] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6454'.
[  711.137411][T27135] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6454'.
[  711.281688][T27144] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6457'.
[  711.284500][T27144] validate_nla: 11 callbacks suppressed
[  711.284508][T27144] netlink: 'syz.3.6457': attribute type 7 has an invalid length.
[  711.289139][T27144] netlink: 'syz.3.6457': attribute type 8 has an invalid length.
[  711.291775][T27144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6457'.
[  711.976787][T27151] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  712.033480][T27155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6462'.
[  712.037306][T27155] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6462'.
[  712.045631][T27155] geneve2: entered promiscuous mode
[  712.047922][T27155] geneve2: entered allmulticast mode
[  712.103488][T27160] sctp: [Deprecated]: syz.4.6463 (pid 27160) Use of int in maxseg socket option.
[  712.103488][T27160] Use struct sctp_assoc_value instead
[  712.114687][T27160] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6463'.
[  712.535736][   T53] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  712.698015][   T53] usb 9-1: config index 0 descriptor too short (expected 45, got 36)
[  712.701316][   T53] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  712.706583][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  712.710951][   T53] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  712.714539][   T53] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  712.718560][   T53] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  712.721456][   T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.725487][   T53] usb 9-1: config 0 descriptor??
[  712.727574][T27168] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  712.792277][T27175] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  712.890450][T27179] netlink: ct family unspecified
[  712.892528][T27179] openvswitch: netlink: Actions may not be safe on all matching packets
[  713.043364][T27179] : entered promiscuous mode
[  713.050033][ T1143] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.053947][ T1143] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.057910][ T1143] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.061647][ T1143] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  713.286088][T20327] Bluetooth: hci4: command 0x0405 tx timeout
[  713.340724][   T53] usbhid 9-1:0.0: can't add hid device: -71
[  713.342675][   T53] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  713.347186][   T53] usb 9-1: USB disconnect, device number 18
[  713.362890][T27205] overlayfs: failed to clone upperpath
[  713.372458][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  713.372469][   T40] audit: type=1400 audit(1757620374.395:1098): avc:  denied  { unmount } for  pid=27204 comm="syz.3.6477" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  713.444238][T27213] erspan1: entered promiscuous mode
[  713.472166][T27220] syz_tun: entered allmulticast mode
[  713.526316][T27216] syz_tun: left allmulticast mode
[  713.557463][T27227] netlink: 57 bytes leftover after parsing attributes in process `syz.2.6485'.
[  713.946453][T27246] ptrace attach of "/syz-executor exec"[27247] was attempted by "/syz-executor exec"[27246]
[  714.055313][T10903] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  714.232108][T10903] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  714.236862][T10903] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  714.240965][T10903] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  714.243913][T10903] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  714.249592][T10903] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  714.252949][T10903] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  714.258152][T10903] usb 7-1: config 0 descriptor??
[  714.668965][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.671551][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.674171][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.678119][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.681311][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.684406][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.687247][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.689676][T10903] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  714.692065][T10903] plantronics 0003:047F:FFFF.0018: item fetching failed at offset 14/15
[  714.695816][T10903] plantronics 0003:047F:FFFF.0018: parse failed
[  714.698210][T10903] plantronics 0003:047F:FFFF.0018: probe with driver plantronics failed with error -22
[  714.800832][T27269] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6498'.
[  714.803963][T27269] netlink: 'syz.3.6498': attribute type 7 has an invalid length.
[  714.806834][T27269] netlink: 'syz.3.6498': attribute type 8 has an invalid length.
[  714.809440][T27269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6498'.
[  714.867708][   T29] usb 7-1: USB disconnect, device number 38
[  714.955472][T27271] netlink: 'syz.4.6499': attribute type 1 has an invalid length.
[  715.153218][T27285] netlink: 'syz.4.6502': attribute type 10 has an invalid length.
[  715.797055][T27334] netlink: 'syz.4.6518': attribute type 1 has an invalid length.
[  715.819166][T27334] 8021q: adding VLAN 0 to HW filter on device bond4
[  715.851516][T27334] veth3: entered promiscuous mode
[  715.857613][T27334] bond4: (slave veth3): Enslaving as an active interface with a down link
[  715.870573][T27334] vlan2: entered allmulticast mode
[  715.872705][T27334] bond4: entered allmulticast mode
[  715.876006][T27334] bond4: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  716.103119][T27340] netlink: 'syz.4.6519': attribute type 7 has an invalid length.
[  716.106670][T27340] netlink: 'syz.4.6519': attribute type 8 has an invalid length.
[  716.439032][T27350] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  716.440329][   T12] Bluetooth: hci3: Frame reassembly failed (-84)
[  716.485972][T27357] __nla_validate_parse: 4 callbacks suppressed
[  716.485984][T27357] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6524'.
[  716.490950][T27357] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  717.202928][T27377] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6528'.
[  717.206085][T27377] netlink: 'syz.2.6528': attribute type 7 has an invalid length.
[  717.208899][T27377] netlink: 'syz.2.6528': attribute type 8 has an invalid length.
[  717.211747][T27377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6528'.
[  718.012051][T27399] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6535'.
[  718.015800][T27399] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6535'.
[  718.240416][T27405] netlink: 'syz.3.6537': attribute type 10 has an invalid length.
[  718.271038][T27407] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  718.274902][T27407] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  718.305561][ T2295] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  718.455554][ T2295] usb 7-1: Using ep0 maxpacket: 16
[  718.458436][ T2295] usb 7-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 127, changing to 10
[  718.462020][ T2295] usb 7-1: config 1 interface 0 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  718.466390][ T2295] usb 7-1: config 1 interface 0 has no altsetting 0
[  718.470950][ T2295] usb 7-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.40
[  718.474098][ T2295] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.476969][ T2295] usb 7-1: Product: 둉�玒꾶븖酓ᩊ�啷厹왇謹눲쉰츘䨇칗鹔졂⑻䌞ᡛ⡟��삲⦺ꙭ薾涜ᾫ׭뾊땓鬈Ἑ宾�髊爪앟⥻憵⻮ꡖ��胩�呱ꂎ��숉킬馿᠕悖퉋�浚凅ڀꦦ៸빑︖��뢮�㸦샻⅕ꃲὈ갻ᖗꢋ೸ᴦ᚟㺫�ﻔ��ꮣ怔�賚⹖텇��胯��졡姯銲彎䎼☷犔ⴖ숾섵ꜵ
[  718.488543][T20327] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  718.495082][ T2295] usb 7-1: Manufacturer: Ó¿
[  718.496758][ T2295] usb 7-1: SerialNumber: И
[  718.698218][T27420] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6542'.
[  718.701871][T27420] netlink: 'syz.4.6542': attribute type 7 has an invalid length.
[  718.704712][T27420] netlink: 'syz.4.6542': attribute type 8 has an invalid length.
[  718.707993][T27420] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6542'.
[  718.908209][T27402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  718.911191][T27402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  718.938446][ T2295] usbhid 7-1:1.0: can't add hid device: -71
[  718.940457][ T2295] usbhid 7-1:1.0: probe with driver usbhid failed with error -71
[  718.944491][ T2295] usb 7-1: USB disconnect, device number 39
[  719.368077][ T5970] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  719.375733][ T5970] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  719.377844][T27449] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3)
[  719.382584][ T5970] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  719.389905][ T5970] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  719.394000][ T5970] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  719.529350][   T40] audit: type=1326 audit(1757620380.555:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27464 comm="syz.2.6560" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f590958eba9 code=0x0
[  719.559608][T27446] chnl_net:caif_netlink_parms(): no params data found
[  719.659523][T27446] bridge0: port 1(bridge_slave_0) entered blocking state
[  719.662016][T27446] bridge0: port 1(bridge_slave_0) entered disabled state
[  719.664519][T27446] bridge_slave_0: entered allmulticast mode
[  719.667839][T27446] bridge_slave_0: entered promiscuous mode
[  719.671130][T27446] bridge0: port 2(bridge_slave_1) entered blocking state
[  719.673500][T27446] bridge0: port 2(bridge_slave_1) entered disabled state
[  719.676761][T27446] bridge_slave_1: entered allmulticast mode
[  719.679779][T27446] bridge_slave_1: entered promiscuous mode
[  719.718386][T27446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  719.723032][T27446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  719.803920][T27488] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6564'.
[  719.811017][T27488] netlink: 'syz.3.6564': attribute type 7 has an invalid length.
[  719.818983][T27488] netlink: 'syz.3.6564': attribute type 8 has an invalid length.
[  719.822255][T27488] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6564'.
[  720.074652][T18214] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.154827][T27446] team0: Port device team_slave_0 added
[  720.160352][T27446] team0: Port device team_slave_1 added
[  720.206396][T18214] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.239115][T27446] batman_adv: batadv0: Adding interface: batadv_slave_0
[  720.241251][T27446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.249724][T27446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  720.254311][T27446] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.257187][T27446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.268456][T27446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  720.333998][T27446] hsr_slave_0: entered promiscuous mode
[  720.339070][T27446] hsr_slave_1: entered promiscuous mode
[  720.341651][T27446] debugfs: 'hsr0' already exists in 'hsr'
[  720.343575][T27446] Cannot create hsr debugfs directory
[  720.367667][T18214] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.488492][T18214] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.595617][   T40] audit: type=1400 audit(1757620381.615:1100): avc:  denied  { mount } for  pid=27500 comm="syz.3.6570" name="/" dev="configfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  720.602458][   T40] audit: type=1400 audit(1757620381.625:1101): avc:  denied  { search } for  pid=27500 comm="syz.3.6570" name="/" dev="configfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  720.609870][   T40] audit: type=1400 audit(1757620381.625:1102): avc:  denied  { search } for  pid=27500 comm="syz.3.6570" name="/" dev="configfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  720.618052][   T40] audit: type=1400 audit(1757620381.625:1103): avc:  denied  { search } for  pid=27500 comm="syz.3.6570" name="/" dev="configfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  720.624997][   T40] audit: type=1400 audit(1757620381.625:1104): avc:  denied  { search } for  pid=27500 comm="syz.3.6570" name="/" dev="configfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  720.625603][T27498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6567'.
[  720.632182][   T40] audit: type=1400 audit(1757620381.625:1105): avc:  denied  { search } for  pid=27500 comm="syz.3.6570" name="/" dev="configfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  720.632574][T27446] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  720.651048][T27446] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  720.658923][T27446] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  720.671471][T27446] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  720.749653][T18214] bridge_slave_1: left allmulticast mode
[  720.754883][T18214] bridge_slave_1: left promiscuous mode
[  720.759180][T18214] bridge0: port 2(bridge_slave_1) entered disabled state
[  720.763348][T18214] bridge_slave_0: left allmulticast mode
[  720.766802][T18214] bridge_slave_0: left promiscuous mode
[  720.769220][T18214] bridge0: port 1(bridge_slave_0) entered disabled state
[  720.811373][T27517] netlink: 'syz.4.6573': attribute type 64 has an invalid length.
[  720.813555][T27517] netlink: 'syz.4.6573': attribute type 4 has an invalid length.
[  721.191376][T18214] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  721.237240][T18214] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  721.298538][T18214] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  721.316688][T18214] bond0 (unregistering): Released all slaves
[  721.361857][   T40] audit: type=1400 audit(1757620382.385:1106): avc:  denied  { accept } for  pid=27536 comm="syz.3.6579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  721.417078][T27446] 8021q: adding VLAN 0 to HW filter on device bond0
[  721.451675][T27446] 8021q: adding VLAN 0 to HW filter on device team0
[  721.458392][ T5970] Bluetooth: hci3: command tx timeout
[  721.474331][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.477508][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  721.529747][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.532902][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  721.676619][T27561] IPVS: set_ctl: invalid protocol: 94 224.0.0.2:20000
[  721.680275][T27561] IPVS: set_ctl: invalid protocol: 102 172.20.20.187:20000
[  721.684689][T27561] IPVS: set_ctl: invalid protocol: 135 10.1.1.2:20004
[  721.827879][T18214] hsr_slave_0: left promiscuous mode
[  721.830857][T18214] hsr_slave_1: left promiscuous mode
[  721.833610][T18214] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  721.837487][T18214] batman_adv: batadv0: Removing interface: batadv_slave_0
[  721.841737][T18214] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  721.844919][T18214] batman_adv: batadv0: Removing interface: batadv_slave_1
[  721.910045][T18214] veth1_macvtap: left promiscuous mode
[  721.912392][T18214] veth0_macvtap: left promiscuous mode
[  721.914891][T18214] veth1_vlan: left promiscuous mode
[  721.917192][T18214] veth0_vlan: left promiscuous mode
[  722.229015][T27588] __nla_validate_parse: 2 callbacks suppressed
[  722.229027][T27588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6595'.
[  722.233842][T27588] netlink: 'syz.3.6595': attribute type 7 has an invalid length.
[  722.236802][T27588] netlink: 'syz.3.6595': attribute type 8 has an invalid length.
[  722.239242][T27588] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6595'.
[  722.795329][T18214] team0 (unregistering): Port device team_slave_1 removed
[  722.886132][T18214] team0 (unregistering): Port device team_slave_0 removed
[  723.525488][ T5970] Bluetooth: hci3: command tx timeout
[  723.616402][T27446] 8021q: adding VLAN 0 to HW filter on device batadv0
[  723.653804][   T40] audit: type=1400 audit(1757620384.675:1107): avc:  denied  { getopt } for  pid=27595 comm="syz.4.6598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  723.665667][   T40] audit: type=1400 audit(1757620384.675:1108): avc:  denied  { ioctl } for  pid=27595 comm="syz.4.6598" path="socket:[129259]" dev="sockfs" ino=129259 ioctlcmd=0x7c05 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  723.674484][T27599] bond0: entered allmulticast mode
[  723.683539][T27599] NILFS (nbd2): device size too small
[  723.764783][T27613] netlink: 'syz.3.6603': attribute type 4 has an invalid length.
[  723.772160][T27613] netlink: 17 bytes leftover after parsing attributes in process `syz.3.6603'.
[  723.814587][T27446] veth0_vlan: entered promiscuous mode
[  723.823657][T27446] veth1_vlan: entered promiscuous mode
[  723.839976][T27446] veth0_macvtap: entered promiscuous mode
[  723.844455][T27446] veth1_macvtap: entered promiscuous mode
[  723.863322][T27446] batman_adv: batadv0: Interface activated: batadv_slave_0
[  723.869066][T27626] xt_l2tp: invalid flags combination: 8
[  723.882428][T27446] batman_adv: batadv0: Interface activated: batadv_slave_1
[  723.900301][  T732] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  723.903762][  T732] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  723.908653][T27625] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  723.910527][  T732] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  723.914625][  T732] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  723.993479][  T732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  723.998277][  T732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  724.010972][  T732] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  724.014093][  T732] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  724.157334][T27658] pimreg: entered allmulticast mode
[  724.348827][T27670] random: crng reseeded on system resumption
[  724.370354][T27670] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6617'.
[  724.507425][T27677] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6620'.
[  724.511692][T27677] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=27677 comm=syz.3.6620
[  724.664432][T27687] netlink: 'syz.3.6625': attribute type 62 has an invalid length.
[  724.669325][T27687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6625'.
[  724.688084][T27692] netlink: 14 bytes leftover after parsing attributes in process `syz.7.6626'.
[  724.981417][T27718] overlayfs: failed to resolve '/þ4_/ÖðDŽÔ995NE©ÿ²h€´f>Tîé5h—': -2
[  724.983099][T27720] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6637'.
[  724.988994][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  724.989004][   T40] audit: type=1400 audit(1757620386.015:1110): avc:  denied  { remount } for  pid=27717 comm="syz.2.6636" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  725.025523][T27722] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6638'.
[  725.097378][T27725] tipc: Started in network mode
[  725.099431][T27725] tipc: Node identity 3ab17736e3be, cluster identity 4711
[  725.101900][T27725] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  725.127883][T27724] tipc: Resetting bearer <eth:syzkaller0>
[  725.251609][T27743] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6646'.
[  725.608578][ T5970] Bluetooth: hci3: command tx timeout
[  726.105542][   T29] tipc: Node number set to 3641669430
[  726.796640][T27724] tipc: Disabling bearer <eth:syzkaller0>
[  726.877578][T27772] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  726.879746][T27772] [U] J"—e:ÀÆ"


[  727.299007][T27818] netlink: 'syz.2.6669': attribute type 10 has an invalid length.
[  727.325037][T27824] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  727.365073][   T40] audit: type=1400 audit(1757620388.385:1111): avc:  denied  { relabelfrom } for  pid=27828 comm="syz.3.6672" name="NETLINK" dev="sockfs" ino=135554 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  727.370750][T27829] SELinux:  Context system_u:object_r:crash_device_t:s0 is not valid (left unmapped).
[  727.381968][   T40] audit: type=1400 audit(1757620388.405:1112): avc:  denied  { relabelto } for  pid=27828 comm="syz.3.6672" name="NETLINK" dev="sockfs" ino=135554 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_generic_socket permissive=1 trawcon="system_u:object_r:crash_device_t:s0"
[  727.481504][T27833] cgroup: Unknown subsys name 'cpuset'
[  727.555783][T27842] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  727.574450][T27846] __nla_validate_parse: 4 callbacks suppressed
[  727.574460][T27846] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6675'.
[  727.580325][T27846] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6675'.
[  727.640988][T27852] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6679'.
[  727.685330][ T5970] Bluetooth: hci3: command tx timeout
[  727.732390][T27856] netlink: 'syz.7.6680': attribute type 10 has an invalid length.
[  727.738442][T27856] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  727.842535][T27872] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6684'.
[  727.940570][T27878] fuse: root generation should be zero
[  727.944061][T27879] netlink: 'syz.7.6686': attribute type 10 has an invalid length.
[  727.984540][T27882] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  727.987449][T27882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6688'.
[  728.185666][T27894] netlink: 'syz.4.6693': attribute type 10 has an invalid length.
[  728.278157][T27907] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6697'.
[  728.281800][T27906] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  728.285833][T27906] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  728.339647][T27917] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.6701'.
[  728.411344][T27921] fuse: Unknown parameter 'fd'
[  728.413460][ T5970] Bluetooth: hci2: unknown advertising packet type: 0x65
[  728.413496][ T5970] Bluetooth: hci2: Dropping invalid advertising data
[  728.420395][ T5970] Bluetooth: hci2: Dropping invalid advertising data
[  728.422507][ T5970] Bluetooth: hci2: Malformed LE Event: 0x02
[  728.708415][T27924] netlink: 'syz.2.6703': attribute type 10 has an invalid length.
[  728.712150][T27874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  728.742987][T27926] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  729.011901][T27937] netlink: 100 bytes leftover after parsing attributes in process `syz.2.6708'.
[  729.044140][T27941] netlink: 'syz.2.6710': attribute type 2 has an invalid length.
[  729.094973][   T40] audit: type=1400 audit(2000000001.089:1113): avc:  denied  { read } for  pid=27942 comm="syz.2.6711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  729.214228][T27950] netlink: 'syz.2.6712': attribute type 10 has an invalid length.
[  729.281156][T27961] tipc: Started in network mode
[  729.282805][T27961] tipc: Node identity , cluster identity 4711
[  729.284663][T27961] tipc: Failed to obtain node identity
[  729.286870][T27961] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  729.290652][T27961] syzkaller0: tun_chr_ioctl cmd 1074025698
[  729.325992][T27961] syzkaller0: create flow: hash 1277826332 index 1
[  729.391623][T27960] syzkaller0: delete flow: hash 1277826332 index 1
[  729.496288][T27984] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6714'.
[  729.499123][T27984] netlink: 'syz.2.6714': attribute type 7 has an invalid length.
[  729.501513][T27984] netlink: 'syz.2.6714': attribute type 8 has an invalid length.
[  729.503909][T27984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6714'.
[  729.592852][T27991] openvswitch: netlink: nsh attr 8196 is out of range max 3
[  729.595076][T27991] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  731.157219][T28020] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  731.159751][T28020] [U] J"—e:ÀÆ"


[  731.404559][   T59] hid (null): report_id 17337 is invalid
[  731.406075][T28031] IPVS: set_ctl: invalid protocol: 0 172.20.20.46:20003
[  731.408864][   T59] hid (null): bogus close delimiter
[  731.411802][   T59] hid (null): invalid report_count 32723
[  731.413756][   T59] hid (null): unknown global tag 0x9a
[  731.415690][   T59] hid (null): nested delimiters
[  731.417388][   T59] hid (null): unknown global tag 0xe
[  731.419225][   T59] hid (null): report_id 3905050922 is invalid
[  731.421618][   T59] hid (null): unknown global tag 0xe
[  731.424130][   T59] hid (null): usage index exceeded
[  731.427159][   T59] hid (null): unknown global tag 0xe
[  731.428796][   T59] hid (null): unknown global tag 0xd
[  731.430463][   T59] hid (null): invalid report_size 62117
[  731.432244][   T59] hid (null): unknown global tag 0xd
[  731.434220][   T59] hid (null): unknown global tag 0xd
[  731.436819][   T59] hid (null): unknown global tag 0xd
[  731.438837][   T59] hid (null): unknown global tag 0xdd
[  731.441729][   T59] hid (null): unknown global tag 0xe
[  731.443682][   T59] hid (null): unknown global tag 0xc
[  731.445944][   T59] hid (null): unknown global tag 0xc8
[  731.447646][   T59] hid (null): bogus close delimiter
[  731.449479][   T59] hid (null): unknown global tag 0xd
[  731.451452][   T59] hid (null): report_id 0 is invalid
[  731.453165][   T59] hid (null): unknown global tag 0xe
[  731.454831][   T59] hid (null): unknown global tag 0xd
[  731.457063][   T59] hid (null): unknown global tag 0xe
[  731.458785][   T59] hid (null): unknown global tag 0xc
[  731.460963][   T59] hid (null): unknown global tag 0xc
[  731.462751][   T59] hid (null): unknown global tag 0xf0
[  731.464512][   T59] hid (null): invalid report_size 151160513
[  731.466936][   T59] hid (null): unknown global tag 0xc
[  731.468637][   T59] hid (null): unknown global tag 0xc
[  731.470787][   T59] hid (null): unknown global tag 0xd
[  731.472433][   T59] hid (null): bogus close delimiter
[  731.474123][   T59] hid (null): invalid report_count 63388
[  731.476510][   T59] hid (null): unknown global tag 0xc
[  731.478119][   T59] hid (null): invalid report_size 18819
[  731.479874][   T59] hid (null): unknown global tag 0xd
[  731.481531][   T59] hid (null): unknown global tag 0x1a
[  731.483240][   T59] hid (null): unknown global tag 0x99
[  731.486226][   T59] hid-generic 0008:0005:10000.0019: unexpected long global item
[  731.488783][   T59] hid-generic 0008:0005:10000.0019: probe with driver hid-generic failed with error -22
[  732.073945][   T40] audit: type=1400 audit(2000000004.079:1114): avc:  denied  { read write } for  pid=28069 comm="syz.4.6751" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  732.082243][   T40] audit: type=1400 audit(2000000004.079:1115): avc:  denied  { open } for  pid=28069 comm="syz.4.6751" path="/dev/ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  732.372613][T28088] netlink: 'syz.4.6757': attribute type 10 has an invalid length.
[  732.401195][T28090] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  732.403069][T28090] [U] J"—e:ÀÆ"


[  732.646850][T28095] netlink: 'syz.3.6760': attribute type 10 has an invalid length.
[  732.655997][T28095] team0: Port device dummy0 added
[  732.659025][T28095] netlink: 'syz.3.6760': attribute type 10 has an invalid length.
[  732.662597][T28095] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  732.678125][T28095] team0: Failed to send options change via netlink (err -105)
[  732.681177][T28095] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  732.684145][T28095] team0: Port device dummy0 removed
[  732.687877][T28095] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  732.740251][T28099] __nla_validate_parse: 5 callbacks suppressed
[  732.740263][T28099] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6762'.
[  732.745927][T28099] 9pnet_fd: Insufficient options for proto=fd
[  732.831229][T28101] tipc: Enabling of bearer <eth:syzkaller0> rejected, max 3 bearers permitted
[  733.069508][T28109] overlayfs: failed to clone upperpath
[  733.129850][ T5970] Bluetooth: hci4: unexpected event for opcode 0x2041
[  733.151580][ T2295] libceph: connect (1)[c::]:6789 error -101
[  733.154679][ T2295] libceph: mon0 (1)[c::]:6789 connect error
[  733.265410][ T5970] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  733.269363][ T5970] CPU: 1 UID: 0 PID: 5970 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) 
[  733.269390][ T5970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  733.269404][ T5970] Workqueue: hci2 hci_rx_work
[  733.269449][ T5970] Call Trace:
[  733.269456][ T5970]  <TASK>
[  733.269464][ T5970]  dump_stack_lvl+0x16c/0x1f0
[  733.269489][ T5970]  sysfs_warn_dup+0x7f/0xa0
[  733.269517][ T5970]  sysfs_create_dir_ns+0x24b/0x2b0
[  733.269538][ T5970]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  733.269551][ T5970]  ? find_held_lock+0x2b/0x80
[  733.269573][ T5970]  ? do_raw_spin_unlock+0x172/0x230
[  733.269587][ T5970]  kobject_add_internal+0x2c4/0x9b0
[  733.269606][ T5970]  kobject_add+0x16e/0x240
[  733.269621][ T5970]  ? __pfx_kobject_add+0x10/0x10
[  733.269637][ T5970]  ? do_raw_spin_unlock+0x172/0x230
[  733.269650][ T5970]  ? kobject_put+0xab/0x5a0
[  733.269669][ T5970]  device_add+0x288/0x1aa0
[  733.269686][ T5970]  ? __pfx_dev_set_name+0x10/0x10
[  733.269696][ T5970]  ? __pfx_device_add+0x10/0x10
[  733.269712][ T5970]  ? mgmt_send_event_skb+0x2fb/0x460
[  733.269727][ T5970]  hci_conn_add_sysfs+0x17e/0x230
[  733.269740][ T5970]  le_conn_complete_evt+0x1075/0x1d70
[  733.269751][ T5970]  ? preempt_count_sub+0xb0/0x160
[  733.269767][ T5970]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  733.269778][ T5970]  ? hci_event_packet+0x459/0x11c0
[  733.269793][ T5970]  hci_le_conn_complete_evt+0x23c/0x370
[  733.269809][ T5970]  hci_le_meta_evt+0x357/0x5e0
[  733.269821][ T5970]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  733.269834][ T5970]  hci_event_packet+0x682/0x11c0
[  733.269845][ T5970]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  733.269857][ T5970]  ? __pfx_hci_event_packet+0x10/0x10
[  733.269870][ T5970]  ? kcov_remote_start+0x3c9/0x6d0
[  733.269881][ T5970]  ? lockdep_hardirqs_on+0x7c/0x110
[  733.269902][ T5970]  hci_rx_work+0x2c5/0x16b0
[  733.269914][ T5970]  ? rcu_is_watching+0x12/0xc0
[  733.269930][ T5970]  process_one_work+0x9cc/0x1b70
[  733.269946][ T5970]  ? __pfx_process_one_work+0x10/0x10
[  733.269962][ T5970]  ? assign_work+0x1a0/0x250
[  733.269976][ T5970]  worker_thread+0x6c8/0xf10
[  733.269995][ T5970]  ? __pfx_worker_thread+0x10/0x10
[  733.270008][ T5970]  kthread+0x3c2/0x780
[  733.270019][ T5970]  ? __pfx_kthread+0x10/0x10
[  733.270031][ T5970]  ? rcu_is_watching+0x12/0xc0
[  733.270043][ T5970]  ? __pfx_kthread+0x10/0x10
[  733.270054][ T5970]  ret_from_fork+0x56a/0x730
[  733.270065][ T5970]  ? __pfx_kthread+0x10/0x10
[  733.270082][ T5970]  ret_from_fork_asm+0x1a/0x30
[  733.270113][ T5970]  </TASK>
[  733.270139][ T5970] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  733.356386][ T5970] Bluetooth: hci2: failed to register connection device
[  733.417413][   T53] libceph: connect (1)[c::]:6789 error -101
[  733.419457][   T53] libceph: mon0 (1)[c::]:6789 connect error
[  733.575269][T26577] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  733.715246][T26577] usb 9-1: device descriptor read/64, error -71
[  733.926641][   T24] libceph: connect (1)[c::]:6789 error -101
[  733.929269][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  733.955312][T26577] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  733.974505][T28114] ceph: No mds server is up or the cluster is laggy
[  734.038860][T28133] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  734.043673][T28131] tipc: Disabling bearer <eth:syzkaller0>
[  734.070103][T28138] netlink: 96 bytes leftover after parsing attributes in process `syz.3.6775'.
[  734.085263][T26577] usb 9-1: device descriptor read/64, error -71
[  734.137238][T28145] netlink: 'syz.7.6777': attribute type 18 has an invalid length.
[  734.140510][T28145] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6777'.
[  734.152242][  T732] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  734.152316][T28145] netlink: 'syz.7.6777': attribute type 18 has an invalid length.
[  734.155402][  T732] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  734.157873][T28145] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6777'.
[  734.160925][  T732] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  734.168010][  T732] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  734.195665][T26577] usb usb9-port1: attempt power cycle
[  734.535190][T26577] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  734.555566][T26577] usb 9-1: device descriptor read/8, error -71
[  734.805535][T26577] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  734.826035][T26577] usb 9-1: device descriptor read/8, error -71
[  734.935490][T26577] usb usb9-port1: unable to enumerate USB device
[  736.293622][T28171] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  736.881904][T28198] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3435970576 (3435970576 ns) > initial count (3159521572 ns). Using initial count to start timer.
[  736.957392][T28198] block nbd4: NBD_DISCONNECT
[  736.960071][T28197] block nbd4: Disconnected due to user request.
[  736.963099][T28197] block nbd4: shutting down sockets
[  737.184301][T28205] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6799'.
[  737.214247][T28207] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6800'.
[  737.285411][T20327] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  737.386555][T28218] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6804'.
[  737.389371][T28218] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6804'.
[  737.636776][T28225] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6808'.
[  737.710778][T28229] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  737.713489][T28229] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  737.717369][T28229] vhci_hcd vhci_hcd.0: Device attached
[  737.726584][T28230] vhci_hcd: connection closed
[  737.726711][   T72] vhci_hcd: stop threads
[  737.730525][   T72] vhci_hcd: release socket
[  737.732398][   T72] vhci_hcd: disconnect device
[  737.922524][T28237] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  737.925065][T28237] [U] J"—e:ÀÆ"


[  738.296788][T28250] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6817'.
[  738.363635][T28255] netlink: 'syz.3.6819': attribute type 2 has an invalid length.
[  738.367372][T28255] netlink: 68 bytes leftover after parsing attributes in process `syz.3.6819'.
[  738.400867][T28257] netlink: 68 bytes leftover after parsing attributes in process `syz.3.6820'.
[  738.704491][T28279] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6826'.
[  738.868977][T28285] only policy match revision 0 supported
[  738.868993][T28285] unable to load match
[  738.970123][T28293] ÿÿÿÿ: renamed from bridge_slave_0 (while UP)
[  738.984698][T28293] bridge0: port 1(ÿÿÿÿ) entered disabled state
[  739.023166][T28297] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6834'.
[  739.042969][   T40] audit: type=1400 audit(2000000011.049:1116): avc:  denied  { set_context_mgr } for  pid=28296 comm="syz.7.6834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  739.146275][T28303] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  739.148713][T28303] [U] J"—e:ÀÆ"


[  739.158701][ T5970] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  739.164031][ T5970] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  739.169775][ T5970] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  739.173895][ T5970] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  739.176863][ T5970] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  739.254318][T26456] syz_tun (unregistering): left promiscuous mode
[  739.267418][T26577] hid-generic 0005:0B57:02E5.001A: unknown main item tag 0x0
[  739.270958][T26577] hid-generic 0005:0B57:02E5.001A: unknown main item tag 0x0
[  739.281899][T26577] hid-generic 0005:0B57:02E5.001A: hidraw1: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  739.322050][T28311] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  739.327647][T28311] overlay: Bad value for 'workdir'
[  739.342456][T28304] chnl_net:caif_netlink_parms(): no params data found
[  739.429914][T28304] bridge0: port 1(bridge_slave_0) entered blocking state
[  739.433026][T28304] bridge0: port 1(bridge_slave_0) entered disabled state
[  739.437947][T28304] bridge_slave_0: entered allmulticast mode
[  739.440851][T28304] bridge_slave_0: entered promiscuous mode
[  739.444127][T28304] bridge0: port 2(bridge_slave_1) entered blocking state
[  739.446928][T28304] bridge0: port 2(bridge_slave_1) entered disabled state
[  739.449341][T28304] bridge_slave_1: entered allmulticast mode
[  739.452049][T28304] bridge_slave_1: entered promiscuous mode
[  739.488198][T28327] sp0: Synchronizing with TNC
[  739.489844][T28304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  739.492954][T28304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  739.511123][T28327] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6842'.
[  739.514671][T28327] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6842'.
[  739.529940][T28327] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6842'.
[  739.531555][T28304] team0: Port device team_slave_0 added
[  739.533371][T28327] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6842'.
[  739.537435][T28304] team0: Port device team_slave_1 added
[  739.572699][T28304] batman_adv: batadv0: Adding interface: batadv_slave_0
[  739.574896][T28304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  739.584746][T28304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  739.592574][T28304] batman_adv: batadv0: Adding interface: batadv_slave_1
[  739.594853][T28304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  739.603414][T28304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  739.662188][T28304] hsr_slave_0: entered promiscuous mode
[  739.666410][T28304] hsr_slave_1: entered promiscuous mode
[  739.669530][T28304] debugfs: 'hsr0' already exists in 'hsr'
[  739.671872][T28304] Cannot create hsr debugfs directory
[  740.277362][T28304] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  740.282358][T28304] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  740.288914][T28304] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  740.294995][T28304] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  740.314157][T28344] macvlan2: entered promiscuous mode
[  740.316857][T28344] macvlan2: entered allmulticast mode
[  740.362493][T28304] 8021q: adding VLAN 0 to HW filter on device bond0
[  740.376205][T28304] 8021q: adding VLAN 0 to HW filter on device team0
[  740.382819][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  740.385384][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  740.389226][T28348] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6848'.
[  740.392693][T28348] openvswitch: netlink: Key type 1799 is out of range max 32
[  740.398329][   T72] bridge0: port 2(bridge_slave_1) entered blocking state
[  740.400753][   T72] bridge0: port 2(bridge_slave_1) entered forwarding state
[  740.572080][T28304] 8021q: adding VLAN 0 to HW filter on device batadv0
[  740.605077][T28304] veth0_vlan: entered promiscuous mode
[  740.612145][T28304] veth1_vlan: entered promiscuous mode
[  740.632846][T28304] veth0_macvtap: entered promiscuous mode
[  740.638864][T28304] veth1_macvtap: entered promiscuous mode
[  740.651309][T28304] batman_adv: batadv0: Interface activated: batadv_slave_0
[  740.661340][T28304] batman_adv: batadv0: Interface activated: batadv_slave_1
[  740.667345][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  740.671110][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  740.677773][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  740.681433][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  740.729710][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  740.733144][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  740.758540][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  740.761033][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  741.105634][T28360] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  741.107789][T28360] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  741.115404][T28360] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  741.117722][T28360] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  741.120438][T28360] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  741.124522][T28360] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  741.130483][T28360] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  741.132489][T28360] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  741.135367][T28360] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  741.138505][T28360] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  741.140506][T28360] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  741.161587][T28360] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  741.327339][T28385] netlink: 'syz.4.6859': attribute type 1 has an invalid length.
[  741.372171][T28389] ipvlan2: entered promiscuous mode
[  741.374781][T28389] bridge0: port 3(ipvlan2) entered blocking state
[  741.377138][T28389] bridge0: port 3(ipvlan2) entered disabled state
[  741.379381][T28389] ipvlan2: entered allmulticast mode
[  741.381224][T28389] bridge0: entered allmulticast mode
[  741.390694][T28389] ipvlan2: left allmulticast mode
[  741.392859][T28389] bridge0: left allmulticast mode
[  741.423869][T28390] ªªªªªª: renamed from wg2 (while UP)
[  741.561772][   T40] audit: type=1400 audit(2000000013.569:1117): avc:  denied  { write } for  pid=28393 comm="syz.7.6862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  741.584099][T28399] netlink: 'syz.4.6861': attribute type 7 has an invalid length.
[  741.587556][T28399] netlink: 'syz.4.6861': attribute type 8 has an invalid length.
[  741.652248][T20327] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  742.000389][T28406] netlink: 'syz.3.6865': attribute type 23 has an invalid length.
[  742.003836][T28409] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:0000 with DS=0x7
[  742.019842][   T40] audit: type=1400 audit(2000000014.029:1118): avc:  denied  { setattr } for  pid=28407 comm="syz.7.6866" name="NETLINK" dev="sockfs" ino=139637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  742.073949][T28411] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  742.076393][T28411] [U] J"—e:ÀÆ"


[  742.094733][T28413] PKCS8: Unsupported PKCS#8 version
[  742.234487][T28418] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  742.238538][T28418] overlayfs: missing 'lowerdir'
[  742.326029][T28425] netlink: 'syz.7.6873': attribute type 15 has an invalid length.
[  742.653992][T28443] netlink: 'syz.7.6877': attribute type 4 has an invalid length.
[  742.711412][T28444] netlink: 'syz.7.6877': attribute type 1 has an invalid length.
[  742.722818][T28444] netlink: 'syz.7.6877': attribute type 10 has an invalid length.
[  742.727178][T28444] bridge0: port 2(bridge_slave_1) entered disabled state
[  742.737069][T28444] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.740027][T28444] bridge0: port 2(bridge_slave_1) entered forwarding state
[  742.747051][T28444] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  742.754348][T28444] bridge_slave_1: left allmulticast mode
[  742.756736][T28444] bridge_slave_1: left promiscuous mode
[  742.759129][T28444] bridge0: port 2(bridge_slave_1) entered disabled state
[  742.775957][T28444] ÿÿÿÿ: left allmulticast mode
[  742.777905][T28444] ÿÿÿÿ: left promiscuous mode
[  742.780057][T28444] bridge0: port 1(ÿÿÿÿ) entered disabled state
[  742.810556][T28444] bond0: (slave bridge0): Releasing backup interface
[  743.043715][   T40] audit: type=1400 audit(2000000015.049:1119): avc:  denied  { ioctl } for  pid=28457 comm="syz.3.6882" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 ioctlcmd=0x9424 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  743.125598][T20327] Bluetooth: hci0: command 0x080f tx timeout
[  743.125642][ T5970] Bluetooth: hci2: command 0x0406 tx timeout
[  743.205318][T20327] Bluetooth: hci3: command 0x0c1a tx timeout
[  743.205335][ T5970] Bluetooth: hci1: command 0x041b tx timeout
[  743.283185][T28464] netlink: 'syz.3.6884': attribute type 7 has an invalid length.
[  743.294518][T28464] syz_tun: entered promiscuous mode
[  743.299259][T28464] batadv_slave_1: entered promiscuous mode
[  743.302299][T28464] erspan0: entered promiscuous mode
[  743.307539][T28464] debugfs: 'hsr1' already exists in 'hsr'
[  743.310112][T28464] Cannot create hsr debugfs directory
[  743.333711][T28466] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  743.523303][T28468] gfs2: gfs2 mount does not exist
[  743.579036][T28470] validate_nla: 1 callbacks suppressed
[  743.579052][T28470] netlink: 'syz.7.6887': attribute type 10 has an invalid length.
[  743.590252][T28470] 8021q: adding VLAN 0 to HW filter on device batadv0
[  743.594327][T28470] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  743.599318][T28470] syz_tun: entered allmulticast mode
[  743.608788][T28469] syz_tun: left allmulticast mode
[  743.723903][   T40] audit: type=1400 audit(2000000015.729:1120): avc:  denied  { call } for  pid=28473 comm="syz.7.6889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  743.727089][T28474] input: syz0 as /devices/virtual/input/input65
[  743.941430][   T40] audit: type=1400 audit(2000000015.949:1121): avc:  denied  { ioctl } for  pid=28476 comm="syz.7.6890" path="socket:[139668]" dev="sockfs" ino=139668 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  744.006726][T20327] Bluetooth: hci1: unexpected event for opcode 0x6a0c
[  744.017038][T28486] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  744.034495][T28490] vivid-002: disconnect
[  744.053135][T28489] vivid-002: reconnect
[  744.183539][T28502] __nla_validate_parse: 15 callbacks suppressed
[  744.183557][T28502] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6899'.
[  744.189874][T28502] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6899'.
[  744.364599][T28506] pimreg: entered allmulticast mode
[  744.375599][   T53] usb 8-1: new full-speed USB device number 15 using dummy_hcd
[  744.527501][   T53] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  744.530894][   T53] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  744.536395][   T53] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  744.539255][   T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.542269][   T53] usb 8-1: Product: syz
[  744.543753][   T53] usb 8-1: Manufacturer: syz
[  744.548914][   T53] usb 8-1: SerialNumber: syz
[  744.758940][T28500] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6898'.
[  744.868777][T28500] hsr_slave_1 (unregistering): left promiscuous mode
[  744.943162][   T53] cdc_ncm 8-1:1.0: bind() failure
[  744.948134][   T53] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  744.950338][   T53] cdc_ncm 8-1:1.1: bind() failure
[  744.957865][   T53] usb 8-1: USB disconnect, device number 15
[  745.205454][T20327] Bluetooth: hci0: command 0x080f tx timeout
[  745.215290][T20327] Bluetooth: hci2: command 0x0406 tx timeout
[  745.257771][T28521] block nbd7: NBD_DISCONNECT
[  745.259545][T28520] block nbd7: NBD_DISCONNECT
[  745.261259][T28520] block nbd7: Send disconnect failed -32
[  745.265029][T28520] block nbd7: Disconnected due to user request.
[  745.267131][T28520] block nbd7: shutting down sockets
[  745.295340][T20327] Bluetooth: hci3: command 0x0c1a tx timeout
[  745.304942][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.309234][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.312408][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.320506][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.323619][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.327179][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.330332][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.333388][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.337145][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.340020][ T6033] hid-generic 0003:2007:0000.001B: unknown main item tag 0x0
[  745.344555][ T6033] hid-generic 0003:2007:0000.001B: hidraw1: USB HID v0.00 Device [syz0] on syz0
[  745.365293][T20327] Bluetooth: hci4: command 0x1003 tx timeout
[  745.365583][ T5970] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  745.410347][T28524] autofs: Unknown parameter ':Ö¤Ôˆ_]”ôÑjs&þo4Ñ»:ŸÝà¿Šú‘ æl÷ä9‘mõ¶Hð–îª�+\ï›QË"jBø’Áéâx8È¿àDGEÖÝüRä'
[  745.483290][ T1143] Bluetooth: hci4: Frame reassembly failed (-90)
[  745.487194][ T1143] Bluetooth: hci4: Frame reassembly failed (-90)
[  745.515519][T28536] tipc: Started in network mode
[  745.517264][T28536] tipc: Node identity , cluster identity 4711
[  745.519408][T28536] tipc: Failed to obtain node identity
[  745.521268][T28536] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  745.627772][T28538] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6909'.
[  746.139565][T28561] loop7: detected capacity change from 0 to 7
[  746.189348][T28561] Dev loop7: unable to read RDB block 7
[  746.191253][T28561]  loop7: unable to read partition table
[  746.200031][T28561] loop7: partition table beyond EOD, truncated
[  746.203128][T28561] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  746.230240][ T5978] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  746.234660][ T5978] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  746.237602][ T5978] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  746.241616][ T5978] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  746.247668][ T5978] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  746.368414][T28563] chnl_net:caif_netlink_parms(): no params data found
[  746.379106][ T5379] Dev loop7: unable to read RDB block 7
[  746.381013][ T5379]  loop7: unable to read partition table
[  746.383022][ T5379] loop7: partition table beyond EOD, truncated
[  746.486652][T28563] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.489179][T28563] bridge0: port 1(bridge_slave_0) entered disabled state
[  746.492137][T28563] bridge_slave_0: entered allmulticast mode
[  746.494764][T28563] bridge_slave_0: entered promiscuous mode
[  746.499205][T28563] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.501504][T28563] bridge0: port 2(bridge_slave_1) entered disabled state
[  746.503845][T28563] bridge_slave_1: entered allmulticast mode
[  746.507719][T28563] bridge_slave_1: entered promiscuous mode
[  746.542285][T28563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  746.547552][T28563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  746.550478][T28574] tipc: Started in network mode
[  746.552014][T28574] tipc: Node identity , cluster identity 4711
[  746.553920][T28574] tipc: Failed to obtain node identity
[  746.555860][T28574] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  746.571665][ T5978] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  746.592931][T28563] team0: Port device team_slave_0 added
[  746.602201][T28563] team0: Port device team_slave_1 added
[  746.636044][T28563] batman_adv: batadv0: Adding interface: batadv_slave_0
[  746.638297][T28563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  746.647354][T28563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  746.653147][T28563] batman_adv: batadv0: Adding interface: batadv_slave_1
[  746.655740][T28563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  746.664141][T28563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  746.729240][T28563] hsr_slave_0: entered promiscuous mode
[  746.732156][T28563] hsr_slave_1: entered promiscuous mode
[  746.734363][T28563] debugfs: 'hsr0' already exists in 'hsr'
[  746.736839][T28563] Cannot create hsr debugfs directory
[  746.859073][T28577] cgroup: fork rejected by pids controller in /syz3
[  746.909392][T28614] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  746.911196][T28563] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  746.912194][T28614] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  746.919539][T28563] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  746.924025][T28563] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  746.930062][T28563] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  746.948895][T28563] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.951188][T28563] bridge0: port 2(bridge_slave_1) entered forwarding state
[  746.953571][T28563] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.955890][T28563] bridge0: port 1(bridge_slave_0) entered forwarding state
[  746.971274][T28614] syzkaller1: entered promiscuous mode
[  746.973636][T28614] syzkaller1: entered allmulticast mode
[  746.999105][T28563] 8021q: adding VLAN 0 to HW filter on device bond0
[  747.009136][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.012972][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.028599][T28563] 8021q: adding VLAN 0 to HW filter on device team0
[  747.038834][T28434] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.041248][T28434] bridge0: port 1(bridge_slave_0) entered forwarding state
[  747.048240][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
[  747.049399][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.053705][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  747.285334][ T5978] Bluetooth: hci2: command 0x0406 tx timeout
[  747.323845][ T1143] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  747.365678][ T5978] Bluetooth: hci3: command 0x0c1a tx timeout
[  747.391833][ T1143] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  747.474782][ T1143] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  747.491484][T28563] 8021q: adding VLAN 0 to HW filter on device batadv0
[  747.525422][ T5978] Bluetooth: hci4: command 0x1003 tx timeout
[  747.525708][ T5970] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  747.575757][ T1143] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  747.652943][T28563] veth0_vlan: entered promiscuous mode
[  747.659695][T28563] veth1_vlan: entered promiscuous mode
[  747.687746][T28563] veth0_macvtap: entered promiscuous mode
[  747.693364][T28563] veth1_macvtap: entered promiscuous mode
[  747.708681][T28563] batman_adv: batadv0: Interface activated: batadv_slave_0
[  747.717767][T28563] batman_adv: batadv0: Interface activated: batadv_slave_1
[  747.726081][  T732] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  747.728855][  T732] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  747.748647][  T732] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  747.762612][  T732] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  747.807022][ T1143] bridge_slave_1: left allmulticast mode
[  747.808821][ T1143] bridge_slave_1: left promiscuous mode
[  747.810832][ T1143] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.820895][ T1143] bridge_slave_0: left allmulticast mode
[  747.822714][ T1143] bridge_slave_0: left promiscuous mode
[  747.824573][ T1143] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.857011][T28616] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  747.974246][T28660] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6929'.
[  748.033035][ T1143] erspan0 (unregistering): left promiscuous mode
[  748.085804][T28665] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6929'.
[  748.089831][ T1143] bond3 (unregistering): (slave geneve2): Releasing active interface
[  748.338474][ T5970] Bluetooth: hci5: command tx timeout
[  748.376575][ T1143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  748.427596][ T1143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  748.478692][ T1143] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  748.496272][ T1143] bond0 (unregistering): Released all slaves
[  748.600865][ T1143] bond1 (unregistering): Released all slaves
[  748.697195][ T1143] bond2 (unregistering): Released all slaves
[  748.704513][ T1143] bond3 (unregistering): Released all slaves
[  748.724076][T28663] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6929'.
[  748.731166][T28664] tipc: Started in network mode
[  748.734031][T28664] tipc: Node identity , cluster identity 4711
[  748.736138][T28664] tipc: Failed to obtain node identity
[  748.738259][T28664] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  748.801811][ T1143] tipc: Left network mode
[  748.822866][  T732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.823529][   T40] audit: type=1400 audit(2000000020.829:1122): avc:  denied  { setopt } for  pid=28667 comm="syz.3.6930" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  748.825820][  T732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  748.847070][ T1143] IPVS: stopping backup sync thread 24099 ...
[  748.867732][T28434] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.870237][T28434] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  748.950704][T28681] Cache volume key already in use (9p,syz,)
[  748.954714][T28679] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[  749.158423][T28695] FAULT_INJECTION: forcing a failure.
[  749.158423][T28695] name failslab, interval 1, probability 0, space 0, times 0
[  749.162405][T28695] CPU: 0 UID: 0 PID: 28695 Comm: syz.3.6938 Not tainted syzkaller #0 PREEMPT(full) 
[  749.162420][T28695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  749.162427][T28695] Call Trace:
[  749.162432][T28695]  <TASK>
[  749.162437][T28695]  dump_stack_lvl+0x16c/0x1f0
[  749.162456][T28695]  should_fail_ex+0x512/0x640
[  749.162471][T28695]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  749.162484][T28695]  should_failslab+0xc2/0x120
[  749.162497][T28695]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  749.162508][T28695]  ? copy_process+0x4b6/0x7690
[  749.162523][T28695]  ? _raw_spin_unlock_irq+0x23/0x50
[  749.162537][T28695]  copy_process+0x4b6/0x7690
[  749.162558][T28695]  ? __pfx_copy_process+0x10/0x10
[  749.162574][T28695]  ? lockdep_init_map_type+0x5c/0x280
[  749.162586][T28695]  ? lockdep_init_map_type+0x5c/0x280
[  749.162596][T28695]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  749.162612][T28695]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  749.162629][T28695]  vhost_task_create+0x1d2/0x2e0
[  749.162640][T28695]  ? __pfx_vhost_task_create+0x10/0x10
[  749.162654][T28695]  ? __pfx_vhost_task_fn+0x10/0x10
[  749.162671][T28695]  kvm_mmu_post_init_vm+0x1b7/0x380
[  749.162685][T28695]  kvm_arch_vcpu_ioctl_run+0x66/0x1980
[  749.162706][T28695]  ? kvm_vcpu_ioctl+0x14c6/0x1690
[  749.162723][T28695]  kvm_vcpu_ioctl+0x5eb/0x1690
[  749.162739][T28695]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  749.162753][T28695]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  749.162767][T28695]  ? do_vfs_ioctl+0x128/0x14f0
[  749.162784][T28695]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  749.162800][T28695]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  749.162821][T28695]  ? hook_file_ioctl_common+0x145/0x410
[  749.162836][T28695]  ? selinux_file_ioctl+0x180/0x270
[  749.162851][T28695]  ? selinux_file_ioctl+0xb4/0x270
[  749.162867][T28695]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  749.162881][T28695]  __x64_sys_ioctl+0x18e/0x210
[  749.162898][T28695]  do_syscall_64+0xcd/0x4e0
[  749.162913][T28695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.162924][T28695] RIP: 0033:0x7f912f98eba9
[  749.162933][T28695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  749.162943][T28695] RSP: 002b:00007f9130827038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  749.162954][T28695] RAX: ffffffffffffffda RBX: 00007f912fbd5fa0 RCX: 00007f912f98eba9
[  749.162961][T28695] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  749.162967][T28695] RBP: 00007f9130827090 R08: 0000000000000000 R09: 0000000000000000
[  749.162973][T28695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  749.162980][T28695] R13: 00007f912fbd6038 R14: 00007f912fbd5fa0 R15: 00007fffd4b80388
[  749.162993][T28695]  </TASK>
[  749.253291][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.365560][ T5970] Bluetooth: hci2: command 0x0406 tx timeout
[  749.387389][   T40] audit: type=1400 audit(2000000021.399:1123): avc:  denied  { watch watch_reads } for  pid=28706 comm="syz.4.6941" path="/syzcgroup/net/syz4/syz0" dev="cgroup" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  749.399796][ T1143] batadv_slave_1: left promiscuous mode
[  749.405738][ T1143] hsr_slave_0: left promiscuous mode
[  749.408065][ T1143] hsr_slave_1: left promiscuous mode
[  749.410333][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  749.412799][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_0
[  749.420209][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  749.422660][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_1
[  749.485267][ T1143] veth1_macvtap: left promiscuous mode
[  749.488993][ T1143] veth0_macvtap: left promiscuous mode
[  749.491638][ T1143] veth1_vlan: left promiscuous mode
[  749.493832][ T1143] veth0_vlan: left promiscuous mode
[  749.535420][    C1] sr 2:0:0:0: [sr0] tag#15 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  749.539474][    C1] sr 2:0:0:0: [sr0] tag#15 CDB: Read Capacity(10) 25 93 74 c9 49 82
[  749.571531][ T1143] pimreg (unregistering): left allmulticast mode
[  749.579217][T28729] netlink: 'syz.4.6945': attribute type 10 has an invalid length.
[  749.596516][T28731] overlayfs: failed to resolve './file1': -2
[  750.405691][ T5970] Bluetooth: hci5: command tx timeout
[  750.434569][ T1143] team0 (unregistering): Port device team_slave_1 removed
[  750.542692][ T1143] team0 (unregistering): Port device team_slave_0 removed
[  751.234941][T28729] bond0: (slave wlan1): Releasing backup interface
[  751.316501][T28739] netlink: 'syz.4.6949': attribute type 9 has an invalid length.
[  751.320293][T28739] netlink: 211988 bytes leftover after parsing attributes in process `syz.4.6949'.
[  751.328190][T28742] QAT: Device 2 not found
[  751.346444][T28737] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6948'.
[  751.466003][   T40] audit: type=1400 audit(2000000023.469:1124): avc:  denied  { mount } for  pid=28757 comm="syz.8.6955" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  751.558656][   T40] audit: type=1400 audit(2000000023.569:1125): avc:  denied  { unmount } for  pid=28563 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  751.579422][T28768] netlink: 'syz.8.6958': attribute type 10 has an invalid length.
[  751.692860][T28774] FAULT_INJECTION: forcing a failure.
[  751.692860][T28774] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  751.696288][T10903] usb 9-1: new full-speed USB device number 23 using dummy_hcd
[  751.698529][T28774] CPU: 3 UID: 0 PID: 28774 Comm: syz.8.6961 Not tainted syzkaller #0 PREEMPT(full) 
[  751.698551][T28774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  751.698561][T28774] Call Trace:
[  751.698567][T28774]  <TASK>
[  751.698573][T28774]  dump_stack_lvl+0x16c/0x1f0
[  751.698599][T28774]  should_fail_ex+0x512/0x640
[  751.698630][T28774]  should_fail_alloc_page+0xe7/0x130
[  751.698650][T28774]  prepare_alloc_pages+0x3c2/0x610
[  751.698674][T28774]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  751.698693][T28774]  ? process_measurement+0x4a6/0x23e0
[  751.698716][T28774]  ? down_write+0x14d/0x200
[  751.698741][T28774]  ? up_write+0x1b2/0x520
[  751.698761][T28774]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  751.698781][T28774]  ? __lock_acquire+0x62e/0x1ce0
[  751.698811][T28774]  ? __lock_acquire+0x62e/0x1ce0
[  751.698834][T28774]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  751.698854][T28774]  ? policy_nodemask+0xea/0x4e0
[  751.698875][T28774]  alloc_pages_mpol+0x1fb/0x550
[  751.698894][T28774]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  751.698914][T28774]  ? filemap_get_entry+0x1a7/0x3b0
[  751.698935][T28774]  folio_alloc_noprof+0x20/0x2d0
[  751.698956][T28774]  filemap_alloc_folio_noprof+0x3a1/0x470
[  751.698981][T28774]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  751.699011][T28774]  __filemap_get_folio+0x5e1/0xc30
[  751.699035][T28774]  filemap_fault+0x661/0x2930
[  751.699058][T28774]  ? __pfx_filemap_fault+0x10/0x10
[  751.699087][T28774]  ? __pfx_filemap_map_pages+0x10/0x10
[  751.699098][T28774]  __do_fault+0x10d/0x490
[  751.699117][T28774]  ? __pfx_filemap_map_pages+0x10/0x10
[  751.699132][T28774]  do_pte_missing+0xf50/0x3ba0
[  751.699156][T28774]  ? find_held_lock+0x2b/0x80
[  751.699175][T28774]  ? __handle_mm_fault+0x14fd/0x2a50
[  751.699202][T28774]  __handle_mm_fault+0x152a/0x2a50
[  751.699232][T28774]  ? __pfx___handle_mm_fault+0x10/0x10
[  751.699259][T28774]  ? lock_vma_under_rcu+0x1eb/0x530
[  751.699289][T28774]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  751.699318][T28774]  handle_mm_fault+0x589/0xd10
[  751.699337][T28774]  ? trace_raw_output_exceptions+0x131/0x150
[  751.699357][T28774]  do_user_addr_fault+0x60c/0x1370
[  751.699371][T28774]  ? rcu_is_watching+0x12/0xc0
[  751.699394][T28774]  exc_page_fault+0x5c/0xb0
[  751.699418][T28774]  asm_exc_page_fault+0x26/0x30
[  751.699434][T28774] RIP: 0033:0x7f0068b58030
[  751.699447][T28774] Code: 20 72 37 62 e1 fe 28 6f 06 48 83 fa 40 0f 87 a7 00 00 00 62 e1 fe 28 6f 4c 16 ff 62 e1 fe 28 7f 07 62 e1 fe 28 7f 4c 17 ff c3 <8b> 0e 8b 34 16 89 0f 89 34 17 c3 0f 1f 44 00 00 83 fa 10 73 21 83
[  751.699462][T28774] RSP: 002b:00007f006999f028 EFLAGS: 00010246
[  751.699476][T28774] RAX: 00007f006997a004 RBX: 00007f0068dd5fa0 RCX: 0000000000000004
[  751.699486][T28774] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 00007f006997a004
[  751.699496][T28774] RBP: 00007f006999f090 R08: 0000000000000004 R09: 0000000000000000
[  751.699505][T28774] R10: 00007f006997a000 R11: 0000200000000080 R12: 0000000000000001
[  751.699516][T28774] R13: 00007f0068dd6038 R14: 00007f0068dd5fa0 R15: 00007ffd4e865128
[  751.699538][T28774]  </TASK>
[  751.699759][T28774] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  751.756183][T28780] 9pnet_virtio: no channels available for device syz
[  751.846957][T10903] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  751.851448][T10903] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  751.861825][T10903] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=17.40
[  751.868435][T10903] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  751.871458][T10903] usb 9-1: Product: syz
[  751.872804][T10903] usb 9-1: Manufacturer: syz
[  751.874458][T10903] usb 9-1: SerialNumber: syz
[  751.927481][T28785] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6963'.
[  751.931483][T28785] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  751.934768][T28785] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  752.084779][T28760] netlink: 19144 bytes leftover after parsing attributes in process `syz.4.6956'.
[  752.206917][T28760] hsr_slave_1 (unregistering): left promiscuous mode
[  752.264492][T10903] cdc_ncm 9-1:1.0: bind() failure
[  752.269076][T10903] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found
[  752.271578][T10903] cdc_ncm 9-1:1.1: bind() failure
[  752.277883][T10903] usb 9-1: USB disconnect, device number 23
[  752.387195][T28804] tmpfs: Unknown parameter 'nres'
[  752.389155][T28804] block nbd8: NBD_DISCONNECT
[  752.444207][T28806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6970'.
[  752.496251][ T5970] Bluetooth: hci5: command tx timeout
[  752.796184][T28814] /dev/sr0: Can't open blockdev
[  752.832204][T28817] netlink: 'syz.4.6975': attribute type 10 has an invalid length.
[  753.018510][T28834] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6980'.
[  753.193676][T28850] overlay: filesystem on ./bus not supported as upperdir
[  753.209459][T28849] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  753.312196][T28861] netlink: 28 bytes leftover after parsing attributes in process `syz.7.6987'.
[  753.315197][T28861] netlink: 60 bytes leftover after parsing attributes in process `syz.7.6987'.
[  753.393643][   T40] audit: type=1400 audit(2000000025.399:1126): avc:  denied  { getopt } for  pid=28865 comm="syz.8.6991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  753.618292][T28886] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  753.622268][T28886] netlink: 65055 bytes leftover after parsing attributes in process `syz.7.6997'.
[  753.661690][T28888] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  753.666874][T28887] tipc: Disabling bearer <eth:syzkaller0>
[  753.777365][ T2295] usb 13-1: new high-speed USB device number 2 using dummy_hcd
[  753.940940][ T2295] usb 13-1: Using ep0 maxpacket: 16
[  753.944809][ T2295] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  753.949679][ T2295] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  753.953228][ T2295] usb 13-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  753.956572][ T2295] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.960954][ T2295] usb 13-1: config 0 descriptor??
[  754.166765][ T2295] usbhid 13-1:0.0: can't add hid device: -71
[  754.169281][ T2295] usbhid 13-1:0.0: probe with driver usbhid failed with error -71
[  754.175914][ T2295] usb 13-1: USB disconnect, device number 2
[  754.243399][ T5978] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  754.248200][ T5978] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  754.252264][ T5978] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  754.257598][ T5978] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  754.260340][ T5978] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  754.344091][   T46] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  754.349069][   T46] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  754.467340][   T46] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  754.471110][   T46] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  754.483080][T28903] chnl_net:caif_netlink_parms(): no params data found
[  754.565742][ T5978] Bluetooth: hci5: command tx timeout
[  754.613303][   T46] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  754.618158][   T46] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  754.624509][T28903] bridge0: port 1(bridge_slave_0) entered blocking state
[  754.628663][T28903] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.631804][T28903] bridge_slave_0: entered allmulticast mode
[  754.637340][T28903] bridge_slave_0: entered promiscuous mode
[  754.641855][T28903] bridge0: port 2(bridge_slave_1) entered blocking state
[  754.644732][T28903] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.649251][T28903] bridge_slave_1: entered allmulticast mode
[  754.653053][T28903] bridge_slave_1: entered promiscuous mode
[  754.743836][   T46] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  754.748934][   T46] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  754.770543][T28903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  754.777839][T28903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  754.805759][   T40] audit: type=1400 audit(2000000026.809:1127): avc:  denied  { mounton } for  pid=28922 comm="syz.8.7008" path="/15/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  754.839723][T28926] 9pnet_fd: Insufficient options for proto=fd
[  754.846477][T28903] team0: Port device team_slave_0 added
[  754.850665][T28903] team0: Port device team_slave_1 added
[  754.901615][T28903] batman_adv: batadv0: Adding interface: batadv_slave_0
[  754.904378][T28903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.914373][T28903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  754.920591][T28903] batman_adv: batadv0: Adding interface: batadv_slave_1
[  754.922850][T28903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.932228][T28903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  755.516440][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  755.561110][T28929] netlink: 'syz.8.7009': attribute type 10 has an invalid length.
[  755.568862][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  755.598921][   T46] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  755.637794][   T46] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  755.680894][   T46] bond0 (unregistering): Released all slaves
[  755.696498][T28903] hsr_slave_0: entered promiscuous mode
[  755.699377][T28903] hsr_slave_1: entered promiscuous mode
[  755.702336][T28903] debugfs: 'hsr0' already exists in 'hsr'
[  755.704757][T28903] Cannot create hsr debugfs directory
[  755.796618][   T46] tipc: Left network mode
[  755.872308][T28935] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7013'.
[  755.879606][T28935] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  755.882011][T28935] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  756.034077][T28903] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  756.040282][T28903] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  756.113129][T28903] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  756.119638][T28903] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  756.135887][ T6032] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  756.192937][   T46] hsr_slave_0: left promiscuous mode
[  756.195603][   T46] hsr_slave_1: left promiscuous mode
[  756.198439][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  756.200950][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  756.203695][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  756.206367][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  756.256762][   T46] veth1_macvtap: left promiscuous mode
[  756.258680][   T46] veth0_macvtap: left promiscuous mode
[  756.260464][   T46] veth1_vlan: left promiscuous mode
[  756.262208][   T46] veth0_vlan: left promiscuous mode
[  756.273452][T28949] netlink: zone id is out of range
[  756.276563][T28949] netlink: get zone limit has 8 unknown bytes
[  756.295613][ T6032] usb 9-1: Using ep0 maxpacket: 8
[  756.299141][ T6032] usb 9-1: too many configurations: 129, using maximum allowed: 8
[  756.302752][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.306520][ T6032] usb 9-1: config 0 has no interface number 0
[  756.308541][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.312865][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.315467][ T6032] usb 9-1: config 0 has no interface number 0
[  756.317387][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.321563][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.321817][   T46] pimreg (unregistering): left allmulticast mode
[  756.324172][ T6032] usb 9-1: config 0 has no interface number 0
[  756.326982][T28949] could not open pipe file descriptor
[  756.328038][ T5978] Bluetooth: hci0: command tx timeout
[  756.328783][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.337157][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.339756][ T6032] usb 9-1: config 0 has no interface number 0
[  756.341652][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.348828][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.351391][ T6032] usb 9-1: config 0 has no interface number 0
[  756.353410][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.357876][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.360582][ T6032] usb 9-1: config 0 has no interface number 0
[  756.362567][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.367130][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.369681][ T6032] usb 9-1: config 0 has no interface number 0
[  756.371707][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.376024][ T6032] usb 9-1: config 0 has an invalid interface number: 153 but max is 0
[  756.378867][ T6032] usb 9-1: config 0 has no interface number 0
[  756.380781][ T6032] usb 9-1: config 0 interface 153 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  756.388652][ T6032] usb 9-1: New USB device found, idVendor=0a5c, idProduct=bd27, bcdDevice=6e.27
[  756.391562][ T6032] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.394085][ T6032] usb 9-1: Product: syz
[  756.396287][ T6032] usb 9-1: Manufacturer: syz
[  756.397968][ T6032] usb 9-1: SerialNumber: syz
[  756.400878][ T6032] usb 9-1: config 0 descriptor??
[  756.615799][T28937] block nbd4: Attempted send on invalid socket
[  756.621123][T28937] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  756.633920][T28937] SQUASHFS error: Failed to read block 0x0: -5
[  756.639987][T28937] unable to read squashfs_super_block
[  757.126728][   T29] usb 9-1: USB disconnect, device number 24
[  757.212889][   T46] team0 (unregistering): Port device team_slave_1 removed
[  757.325061][   T46] team0 (unregistering): Port device team_slave_0 removed
[  757.733758][ T5978] Bluetooth: hci1: unexpected event for opcode 0x0c7b
[  758.097893][T28903] 8021q: adding VLAN 0 to HW filter on device bond0
[  758.103152][   T40] audit: type=1400 audit(2000000030.109:1128): avc:  denied  { unmount } for  pid=24245 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  758.118782][T28903] 8021q: adding VLAN 0 to HW filter on device team0
[  758.135230][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[  758.137700][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  758.137946][   T40] audit: type=1400 audit(2000000030.149:1129): avc:  denied  { getopt } for  pid=28962 comm="syz.3.7021" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  758.138763][T28963] __nla_validate_parse: 1 callbacks suppressed
[  758.138773][T28963] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7021'.
[  758.141769][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[  758.157216][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  758.220738][T28975] FAULT_INJECTION: forcing a failure.
[  758.220738][T28975] name failslab, interval 1, probability 0, space 0, times 0
[  758.224926][T28975] CPU: 0 UID: 0 PID: 28975 Comm: syz.4.7022 Not tainted syzkaller #0 PREEMPT(full) 
[  758.224944][T28975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  758.224953][T28975] Call Trace:
[  758.224963][T28975]  <TASK>
[  758.224972][T28975]  dump_stack_lvl+0x16c/0x1f0
[  758.225018][T28975]  should_fail_ex+0x512/0x640
[  758.225046][T28975]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  758.225071][T28975]  should_failslab+0xc2/0x120
[  758.225089][T28975]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  758.225119][T28975]  ? __kvm_mmu_topup_memory_cache+0x450/0x600
[  758.225135][T28975]  ? kvm_hv_setup_tsc_page+0x29a/0x8d0
[  758.225153][T28975]  ? __kvm_mmu_topup_memory_cache+0x18f/0x600
[  758.225171][T28975]  __kvm_mmu_topup_memory_cache+0x18f/0x600
[  758.225191][T28975]  mmu_topup_memory_caches+0x25/0x170
[  758.225204][T28975]  kvm_mmu_load+0xd6/0x23c0
[  758.225215][T28975]  ? kvm_apic_has_interrupt+0x106/0x1f0
[  758.225227][T28975]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  758.225240][T28975]  ? __pfx_vmx_flush_tlb_guest+0x10/0x10
[  758.225260][T28975]  ? __pfx_kvm_guest_time_update+0x10/0x10
[  758.225273][T28975]  ? __pfx_kvm_mmu_load+0x10/0x10
[  758.225299][T28975]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  758.225316][T28975]  ? kvm_check_and_inject_events+0x71c/0x1310
[  758.225338][T28975]  vcpu_run+0x35a3/0x55a0
[  758.225360][T28975]  ? __lock_acquire+0xb97/0x1ce0
[  758.225380][T28975]  ? __pfx_vcpu_run+0x10/0x10
[  758.225397][T28975]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  758.225410][T28975]  ? __local_bh_enable_ip+0xa4/0x120
[  758.225427][T28975]  ? kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  758.225441][T28975]  kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  758.225460][T28975]  kvm_vcpu_ioctl+0x5eb/0x1690
[  758.225476][T28975]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  758.225490][T28975]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  758.225504][T28975]  ? do_vfs_ioctl+0x128/0x14f0
[  758.225532][T28975]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  758.225556][T28975]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  758.225577][T28975]  ? hook_file_ioctl_common+0x145/0x410
[  758.225593][T28975]  ? selinux_file_ioctl+0x180/0x270
[  758.225613][T28975]  ? selinux_file_ioctl+0xb4/0x270
[  758.225634][T28975]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  758.225648][T28975]  __x64_sys_ioctl+0x18e/0x210
[  758.225666][T28975]  do_syscall_64+0xcd/0x4e0
[  758.225688][T28975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  758.225699][T28975] RIP: 0033:0x7f9e9218eba9
[  758.225708][T28975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  758.225719][T28975] RSP: 002b:00007f9e930d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  758.225740][T28975] RAX: ffffffffffffffda RBX: 00007f9e923d5fa0 RCX: 00007f9e9218eba9
[  758.225747][T28975] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  758.225753][T28975] RBP: 00007f9e930d1090 R08: 0000000000000000 R09: 0000000000000000
[  758.225760][T28975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  758.225765][T28975] R13: 00007f9e923d6038 R14: 00007f9e923d5fa0 R15: 00007ffc980bf0a8
[  758.225779][T28975]  </TASK>
[  758.405598][ T5978] Bluetooth: hci0: command tx timeout
[  758.454003][T28903] 8021q: adding VLAN 0 to HW filter on device batadv0
[  758.480062][T29000] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  758.483975][T28996] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  758.634737][T28903] veth0_vlan: entered promiscuous mode
[  758.644744][T28903] veth1_vlan: entered promiscuous mode
[  758.658013][   T40] audit: type=1400 audit(2000000030.659:1130): avc:  denied  { read } for  pid=29009 comm="syz.8.7031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  758.665073][   T40] audit: type=1400 audit(2000000030.659:1131): avc:  denied  { read } for  pid=29009 comm="syz.8.7031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  758.672613][T28903] veth0_macvtap: entered promiscuous mode
[  758.680783][T28903] veth1_macvtap: entered promiscuous mode
[  758.697962][T28903] batman_adv: batadv0: Interface activated: batadv_slave_0
[  758.724207][T28903] batman_adv: batadv0: Interface activated: batadv_slave_1
[  758.727688][   T40] audit: type=1400 audit(2000000030.729:1132): avc:  denied  { accept } for  pid=29012 comm="syz.8.7033" laddr=fe80::a8aa:aaff:feaa:aaaa lport=58 faddr=ff03::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  758.776892][T28434] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  758.802324][  T732] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  758.805843][  T732] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  758.808841][  T732] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  758.878554][  T732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  758.881829][  T732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  758.887210][T29018] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7035'.
[  758.916895][T29023] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  758.919997][T29022] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  758.923335][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  758.927920][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  758.986546][T29034] FAULT_INJECTION: forcing a failure.
[  758.986546][T29034] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  758.991213][T29034] CPU: 1 UID: 0 PID: 29034 Comm: syz.4.7041 Not tainted syzkaller #0 PREEMPT(full) 
[  758.991227][T29034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  758.991234][T29034] Call Trace:
[  758.991238][T29034]  <TASK>
[  758.991243][T29034]  dump_stack_lvl+0x16c/0x1f0
[  758.991278][T29034]  should_fail_ex+0x512/0x640
[  758.991298][T29034]  should_fail_alloc_page+0xe7/0x130
[  758.991312][T29034]  prepare_alloc_pages+0x3c2/0x610
[  758.991330][T29034]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  758.991347][T29034]  ? __lock_acquire+0x62e/0x1ce0
[  758.991364][T29034]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  758.991375][T29034]  ? __pfx___might_resched+0x10/0x10
[  758.991397][T29034]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  758.991410][T29034]  ? policy_nodemask+0xea/0x4e0
[  758.991424][T29034]  alloc_pages_mpol+0x1fb/0x550
[  758.991436][T29034]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  758.991448][T29034]  ? __pfx_unmap_page_range+0x10/0x10
[  758.991465][T29034]  alloc_pages_noprof+0x131/0x390
[  758.991478][T29034]  pte_alloc_one+0x1c/0x3a0
[  758.991491][T29034]  __pte_alloc+0x6d/0x3c0
[  758.991504][T29034]  ? __pfx___pte_alloc+0x10/0x10
[  758.991517][T29034]  ? walk_to_pmd+0x305/0x4c0
[  758.991532][T29034]  vm_insert_pages+0x8ee/0xa50
[  758.991551][T29034]  ? __pfx_vm_insert_pages+0x10/0x10
[  758.991565][T29034]  ? tlb_finish_mmu+0x278/0x7c0
[  758.991584][T29034]  tcp_zerocopy_vm_insert_batch+0xc2/0x3e0
[  758.991608][T29034]  ? __pfx_tcp_zerocopy_vm_insert_batch+0x10/0x10
[  758.991627][T29034]  ? tcp_recv_skb+0x2a4/0x420
[  758.991644][T29034]  tcp_zerocopy_receive+0xd80/0x20f0
[  758.991661][T29034]  ? __pfx_tcp_zerocopy_receive+0x10/0x10
[  758.991672][T29034]  ? process_measurement+0x4a6/0x23e0
[  758.991688][T29034]  ? down_write+0x14d/0x200
[  758.991709][T29034]  ? __lock_acquire+0xb97/0x1ce0
[  758.991727][T29034]  ? process_measurement+0x1e6/0x23e0
[  758.991744][T29034]  ? __lock_acquire+0xb97/0x1ce0
[  758.991771][T29034]  ? __local_bh_enable_ip+0xa4/0x120
[  758.991785][T29034]  ? lockdep_hardirqs_on+0x7c/0x110
[  758.991800][T29034]  do_tcp_getsockopt+0x10ee/0x2670
[  758.991815][T29034]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  758.991827][T29034]  ? arch_stack_walk+0xa6/0x100
[  758.991842][T29034]  ? __lock_acquire+0x62e/0x1ce0
[  758.991865][T29034]  ? find_held_lock+0x2b/0x80
[  758.991879][T29034]  ? avc_has_perm_noaudit+0x117/0x3b0
[  758.991892][T29034]  ? avc_has_perm_noaudit+0x149/0x3b0
[  758.991905][T29034]  ? avc_has_perm+0x144/0x1f0
[  758.991917][T29034]  ? __pfx_avc_has_perm+0x10/0x10
[  758.991930][T29034]  ? __lock_acquire+0xb97/0x1ce0
[  758.991948][T29034]  ? sock_has_perm+0x259/0x2f0
[  758.991965][T29034]  ? find_held_lock+0x2b/0x80
[  758.991977][T29034]  ? __might_fault+0xe3/0x190
[  758.991987][T29034]  ? __might_fault+0xe3/0x190
[  758.991996][T29034]  ? __might_fault+0x13b/0x190
[  758.992008][T29034]  tcp_getsockopt+0xdf/0x100
[  758.992021][T29034]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  758.992037][T29034]  do_sock_getsockopt+0x34a/0x440
[  758.992053][T29034]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  758.992068][T29034]  ? __fget_files+0x204/0x3c0
[  758.992087][T29034]  __sys_getsockopt+0x12f/0x260
[  758.992102][T29034]  __x64_sys_getsockopt+0xbd/0x160
[  758.992114][T29034]  ? do_syscall_64+0x91/0x4e0
[  758.992127][T29034]  ? lockdep_hardirqs_on+0x7c/0x110
[  758.992140][T29034]  do_syscall_64+0xcd/0x4e0
[  758.992154][T29034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  758.992166][T29034] RIP: 0033:0x7f9e9218eba9
[  758.992174][T29034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  758.992185][T29034] RSP: 002b:00007f9e930d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  758.992195][T29034] RAX: ffffffffffffffda RBX: 00007f9e923d5fa0 RCX: 00007f9e9218eba9
[  758.992202][T29034] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003
[  758.992208][T29034] RBP: 00007f9e930d1090 R08: 0000200000000340 R09: 0000000000000000
[  758.992214][T29034] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  758.992220][T29034] R13: 00007f9e923d6038 R14: 00007f9e923d5fa0 R15: 00007ffc980bf0a8
[  758.992233][T29034]  </TASK>
[  759.136525][T29033] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  759.251903][T29050] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  759.254494][T29050] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  759.567807][T29072] netlink: 'syz.9.7051': attribute type 2 has an invalid length.
[  759.615441][   T24] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  759.705085][T29076] hfsplus: unable to find HFS+ superblock
[  759.765445][   T24] usb 9-1: Using ep0 maxpacket: 8
[  759.770027][   T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  759.774778][   T24] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  759.778938][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  759.786216][   T24] usb 9-1: config 0 descriptor??
[  759.788767][T29079] FAULT_INJECTION: forcing a failure.
[  759.788767][T29079] name failslab, interval 1, probability 0, space 0, times 0
[  759.792824][T29079] CPU: 0 UID: 0 PID: 29079 Comm: syz.9.7054 Not tainted syzkaller #0 PREEMPT(full) 
[  759.792838][T29079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  759.792845][T29079] Call Trace:
[  759.792851][T29079]  <TASK>
[  759.792857][T29079]  dump_stack_lvl+0x16c/0x1f0
[  759.792882][T29079]  should_fail_ex+0x512/0x640
[  759.792901][T29079]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  759.792919][T29079]  should_failslab+0xc2/0x120
[  759.792938][T29079]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  759.792952][T29079]  ? __kvm_mmu_topup_memory_cache+0x450/0x600
[  759.792974][T29079]  ? kvm_hv_setup_tsc_page+0x29a/0x8d0
[  759.792990][T29079]  ? __kvm_mmu_topup_memory_cache+0x18f/0x600
[  759.793009][T29079]  __kvm_mmu_topup_memory_cache+0x18f/0x600
[  759.793028][T29079]  mmu_topup_memory_caches+0x25/0x170
[  759.793041][T29079]  kvm_mmu_load+0xd6/0x23c0
[  759.793051][T29079]  ? kvm_apic_has_interrupt+0x106/0x1f0
[  759.793063][T29079]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  759.793076][T29079]  ? __pfx_vmx_flush_tlb_guest+0x10/0x10
[  759.793091][T29079]  ? __pfx_kvm_guest_time_update+0x10/0x10
[  759.793104][T29079]  ? __pfx_kvm_mmu_load+0x10/0x10
[  759.793114][T29079]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  759.793130][T29079]  ? kvm_check_and_inject_events+0x71c/0x1310
[  759.793148][T29079]  vcpu_run+0x35a3/0x55a0
[  759.793163][T29079]  ? __lock_acquire+0xb97/0x1ce0
[  759.793183][T29079]  ? __pfx_vcpu_run+0x10/0x10
[  759.793199][T29079]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  759.793217][T29079]  ? __local_bh_enable_ip+0xa4/0x120
[  759.793241][T29079]  ? kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  759.793262][T29079]  kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  759.793283][T29079]  kvm_vcpu_ioctl+0x5eb/0x1690
[  759.793306][T29079]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  759.793321][T29079]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  759.793335][T29079]  ? do_vfs_ioctl+0x128/0x14f0
[  759.793351][T29079]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  759.793367][T29079]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  759.793388][T29079]  ? hook_file_ioctl_common+0x145/0x410
[  759.793404][T29079]  ? selinux_file_ioctl+0x180/0x270
[  759.793419][T29079]  ? selinux_file_ioctl+0xb4/0x270
[  759.793434][T29079]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  759.793449][T29079]  __x64_sys_ioctl+0x18e/0x210
[  759.793466][T29079]  do_syscall_64+0xcd/0x4e0
[  759.793481][T29079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  759.793492][T29079] RIP: 0033:0x7fae1718eba9
[  759.793501][T29079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  759.793512][T29079] RSP: 002b:00007fae17fb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  759.793522][T29079] RAX: ffffffffffffffda RBX: 00007fae173d5fa0 RCX: 00007fae1718eba9
[  759.793529][T29079] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  759.793535][T29079] RBP: 00007fae17fb2090 R08: 0000000000000000 R09: 0000000000000000
[  759.793541][T29079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  759.793549][T29079] R13: 00007fae173d6038 R14: 00007fae173d5fa0 R15: 00007ffc0b6d62b8
[  759.793563][T29079]  </TASK>
[  760.000576][   T24] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  760.004106][T29082] netlink: 'syz.9.7055': attribute type 10 has an invalid length.
[  760.242277][T29084] sp0: Synchronizing with TNC
[  760.259427][    C0] iowarrior 9-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  760.259433][   T53] usb 9-1: USB disconnect, device number 25
[  760.486558][ T5978] Bluetooth: hci0: command tx timeout
[  760.577655][   T40] audit: type=1400 audit(2000000032.589:1133): avc:  denied  { execute } for  pid=29092 comm="syz.9.7059" path="/11/file0/cpu.stat" dev="9p" ino=35913973 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  760.578583][T29093] netfs: Couldn't get user pages (rc=-14)
[  760.624969][T29101] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7061'.
[  760.628857][T29101] netlink: 40 bytes leftover after parsing attributes in process `syz.8.7061'.
[  760.642502][T29101] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7061'.
[  760.711958][T29103] syz.8.7063: vmalloc error: size 24576, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz8,mems_allowed=0-1
[  760.717858][T29103] CPU: 3 UID: 0 PID: 29103 Comm: syz.8.7063 Not tainted syzkaller #0 PREEMPT(full) 
[  760.717873][T29103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  760.717880][T29103] Call Trace:
[  760.717903][T29103]  <TASK>
[  760.717909][T29103]  dump_stack_lvl+0x16c/0x1f0
[  760.717927][T29103]  warn_alloc+0x248/0x3a0
[  760.717940][T29103]  ? __pfx_warn_alloc+0x10/0x10
[  760.717952][T29103]  ? alloc_pages_mpol+0x25a/0x550
[  760.717966][T29103]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  760.717984][T29103]  __vmalloc_node_range_noprof+0x11d4/0x14b0
[  760.718004][T29103]  ? vhost_task_create+0x1d2/0x2e0
[  760.718019][T29103]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  760.718039][T29103]  ? vhost_task_create+0x1d2/0x2e0
[  760.718049][T29103]  __vmalloc_node_noprof+0xad/0xf0
[  760.718064][T29103]  ? vhost_task_create+0x1d2/0x2e0
[  760.718076][T29103]  copy_process+0x2c70/0x7690
[  760.718097][T29103]  ? __pfx_copy_process+0x10/0x10
[  760.718148][T29103]  ? lockdep_init_map_type+0x5c/0x280
[  760.718161][T29103]  ? lockdep_init_map_type+0x5c/0x280
[  760.718171][T29103]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  760.718186][T29103]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  760.718204][T29103]  vhost_task_create+0x1d2/0x2e0
[  760.718214][T29103]  ? __pfx_vhost_task_create+0x10/0x10
[  760.718229][T29103]  ? __pfx_vhost_task_fn+0x10/0x10
[  760.718246][T29103]  kvm_mmu_post_init_vm+0x1b7/0x380
[  760.718259][T29103]  kvm_arch_vcpu_ioctl_run+0x66/0x1980
[  760.718275][T29103]  ? kvm_vcpu_ioctl+0x14c6/0x1690
[  760.718292][T29103]  kvm_vcpu_ioctl+0x5eb/0x1690
[  760.718307][T29103]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  760.718322][T29103]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  760.718342][T29103]  ? do_vfs_ioctl+0x128/0x14f0
[  760.718359][T29103]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  760.718375][T29103]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  760.718396][T29103]  ? hook_file_ioctl_common+0x145/0x410
[  760.718411][T29103]  ? selinux_file_ioctl+0x180/0x270
[  760.718426][T29103]  ? selinux_file_ioctl+0xb4/0x270
[  760.718442][T29103]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  760.718456][T29103]  __x64_sys_ioctl+0x18e/0x210
[  760.718473][T29103]  do_syscall_64+0xcd/0x4e0
[  760.718489][T29103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  760.718499][T29103] RIP: 0033:0x7f0068b8eba9
[  760.718509][T29103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  760.718519][T29103] RSP: 002b:00007f006999f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  760.718529][T29103] RAX: ffffffffffffffda RBX: 00007f0068dd5fa0 RCX: 00007f0068b8eba9
[  760.718536][T29103] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  760.718542][T29103] RBP: 00007f006999f090 R08: 0000000000000000 R09: 0000000000000000
[  760.718548][T29103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  760.718554][T29103] R13: 00007f0068dd6038 R14: 00007f0068dd5fa0 R15: 00007ffd4e865128
[  760.718568][T29103]  </TASK>
[  760.718572][T29103] Mem-Info:
[  760.812183][T29103] active_anon:11786 inactive_anon:29 isolated_anon:0
[  760.812183][T29103]  active_file:3791 inactive_file:20051 isolated_file:0
[  760.812183][T29103]  unevictable:1768 dirty:450 writeback:0
[  760.812183][T29103]  slab_reclaimable:9121 slab_unreclaimable:101018
[  760.812183][T29103]  mapped:26909 shmem:2410 pagetables:1233
[  760.812183][T29103]  sec_pagetables:323 bounce:0
[  760.812183][T29103]  kernel_misc_reclaimable:0
[  760.812183][T29103]  free:441319 free_pcp:18548 free_cma:0
[  760.826771][T29103] Node 0 active_anon:47036kB inactive_anon:116kB active_file:15164kB inactive_file:80072kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:107636kB dirty:1800kB writeback:0kB shmem:5720kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:15504kB pagetables:4712kB sec_pagetables:1292kB all_unreclaimable? no Balloon:0kB
[  760.836983][T29103] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:112kB pagetables:220kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  760.846846][T29103] Node 0 DMA free:11704kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:296kB local_pcp:12kB free_cma:0kB
[  760.856317][T29103] lowmem_reserve[]: 0 1233 1233 1233 1233
[  760.858267][T29103] Node 0 DMA32 free:169172kB boost:0kB min:27516kB low:34392kB high:41268kB reserved_highatomic:0KB free_highatomic:0KB active_anon:47112kB inactive_anon:116kB active_file:15164kB inactive_file:80072kB unevictable:3536kB writepending:1800kB present:2080628kB managed:1263436kB mlocked:0kB bounce:0kB free_pcp:47984kB local_pcp:10012kB free_cma:0kB
[  760.869582][T29103] lowmem_reserve[]: 0 0 0 0 0
[  760.871148][T29103] Node 1 Normal free:1584272kB boost:0kB min:39720kB low:49648kB high:59576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:3536kB writepending:0kB present:2097152kB managed:1781892kB mlocked:0kB bounce:0kB free_pcp:26212kB local_pcp:7828kB free_cma:0kB
[  760.881435][T29103] lowmem_reserve[]: 0 0 0 0 0
[  760.883094][T29103] Node 0 DMA: 12*4kB (UM) 11*8kB (UM) 11*16kB (UM) 12*32kB (UME) 10*64kB (UM) 7*128kB (ME) 7*256kB (ME) 3*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 0*4096kB = 11704kB
[  760.889010][T29103] Node 0 DMA32: 1263*4kB (UME) 395*8kB (UME) 952*16kB (UME) 534*32kB (UME) 211*64kB (UME) 132*128kB (UME) 62*256kB (UME) 34*512kB (UME) 17*1024kB (UM) 13*2048kB (UM) 5*4096kB (UM) = 168724kB
[  760.895566][T29103] Node 1 Normal: 7*4kB (UME) 13*8kB (UME) 19*16kB (UME) 61*32kB (UME) 47*64kB (UME) 27*128kB (UME) 10*256kB (UME) 12*512kB (UME) 4*1024kB (UME) 3*2048kB (UME) 380*4096kB (UM) = 1584276kB
[  760.901650][T29103] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  760.904752][T29103] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  760.908352][T29103] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  760.911454][T29103] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  760.915072][T29103] 26249 total pagecache pages
[  760.917138][T29103] 0 pages in swap cache
[  760.918626][T29103] Free swap  = 124996kB
[  760.920064][T29103] Total swap = 124996kB
[  760.921503][T29103] 1048443 pages RAM
[  760.922823][T29103] 0 pages HighMem/MovableOnly
[  760.924466][T29103] 283271 pages reserved
[  760.926004][T29103] 0 pages cma reserved
[  761.093400][   T40] audit: type=1400 audit(2000000033.099:1134): avc:  denied  { getopt } for  pid=29119 comm="syz.8.7069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  761.100604][   T40] audit: type=1400 audit(2000000033.109:1135): avc:  denied  { setopt } for  pid=29119 comm="syz.8.7069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  761.217256][T29127] netlink: 28 bytes leftover after parsing attributes in process `syz.9.7068'.
[  761.224024][T29127] netlink: 'syz.9.7068': attribute type 7 has an invalid length.
[  761.227490][T29127] netlink: 'syz.9.7068': attribute type 8 has an invalid length.
[  761.230851][T29127] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7068'.
[  761.252444][T29127] syz_tun: entered promiscuous mode
[  761.258327][T29127] batadv_slave_1: entered promiscuous mode
[  761.261616][T29127] erspan0: entered promiscuous mode
[  761.265026][T29127] debugfs: 'hsr1' already exists in 'hsr'
[  761.267914][T29127] Cannot create hsr debugfs directory
[  761.608417][T29141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7075'.
[  761.613797][T29141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7075'.
[  761.651467][T29141] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29141 comm=syz.3.7075
[  761.853960][T29152] random: crng reseeded on system resumption
[  761.998884][   T40] audit: type=1400 audit(2000000034.009:1136): avc:  denied  { map } for  pid=29158 comm="syz.9.7083" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  762.009409][   T40] audit: type=1400 audit(2000000034.009:1137): avc:  denied  { execute } for  pid=29158 comm="syz.9.7083" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  762.033295][T29163] netlink: 'syz.3.7082': attribute type 10 has an invalid length.
[  762.040510][T29163] bond0: (slave wlan1): Opening slave failed
[  762.077127][T29165] bridge0: port 3(syz_tun) entered blocking state
[  762.080144][T29165] bridge0: port 3(syz_tun) entered disabled state
[  762.082590][T29165] syz_tun: entered allmulticast mode
[  762.087515][T29165] syz_tun: left allmulticast mode
[  762.495392][    C2] af_packet: tpacket_rcv: packet too big, clamped from 48 to 4294967272. macoff=96
[  762.575307][ T5978] Bluetooth: hci0: command tx timeout
[  762.617914][T29188] [U] 
[  762.618829][T29188] [U] 
[  762.619711][T29188] [U] 
[  762.620590][T29188] [U] 
[  762.621517][T29188] [U] 
[  762.622412][T29188] [U] 
[  762.623298][T29188] [U] 
[  762.624114][T29188] [U] 
[  762.625088][T29188] [U] 
[  762.626020][T29188] [U] 
[  762.626899][T29188] [U] 
[  762.627783][T29188] [U] 
[  762.629267][T29188] [U] 
[  762.630474][T29188] [U] 
[  762.631687][T29188] [U] 
[  762.632891][T29188] [U] 
[  762.698733][T18214] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  762.712725][   T40] audit: type=1400 audit(2000000034.719:1138): avc:  denied  { accept } for  pid=29189 comm="syz.8.7093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  762.719742][T29188] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7092'.
[  762.728733][T29188] block nbd4: Attempted send on invalid socket
[  762.731606][T29188] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  762.737012][T29188] (syz.4.7092,29188,2):ocfs2_get_sector:1714 ERROR: status = -5
[  762.740403][T29188] (syz.4.7092,29188,1):ocfs2_sb_probe:753 ERROR: status = -5
[  762.742940][T29188] (syz.4.7092,29188,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  762.747067][T29188] (syz.4.7092,29188,1):ocfs2_fill_super:1177 ERROR: status = -5
[  762.911161][   T40] audit: type=1400 audit(2000000034.919:1139): avc:  denied  { unmount } for  pid=28563 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  762.927923][T29187] [U] 
[  762.943170][T29198] binder: 29197:29198 unknown command 0
[  762.945570][T29198] binder: 29197:29198 ioctl c0306201 200000000080 returned -22
[  763.035080][T29205] netlink: 'syz.8.7097': attribute type 12 has an invalid length.
[  763.222788][T29213] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29213 comm=syz.3.7099
[  763.310853][T29223] netlink: 32 bytes leftover after parsing attributes in process `syz.8.7101'.
[  763.392087][T29235] tmpfs: Bad value for 'mpol'
[  763.479581][T29247] comedi comedi1: bad chanlist[0]=0x00000004 chan=4 range length=4
[  763.494902][T29245] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.575046][T29260] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  763.638622][T29245] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.678606][T29269] tipc: Started in network mode
[  763.680179][T29269] tipc: Node identity , cluster identity 4711
[  763.682106][T29269] tipc: Failed to obtain node identity
[  763.683813][T29269] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  763.742250][T29245] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.821888][T29245] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.900442][   T40] audit: type=1400 audit(2000000035.909:1140): avc:  denied  { write } for  pid=29279 comm="syz.3.7121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  764.021396][ T1143] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  764.031509][ T1143] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  764.040073][ T1143] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  764.052767][ T1143] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  764.090639][T29288] netlink: 'syz.8.7123': attribute type 11 has an invalid length.
[  764.099332][T29288] macvtap1: entered allmulticast mode
[  764.101770][T29288] mac80211_hwsim hwsim45 wlan0: entered allmulticast mode
[  764.109415][T29288] mac80211_hwsim hwsim45 wlan0: left allmulticast mode
[  764.118090][T29286] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7122'.
[  764.121699][T29286] netlink: 'syz.4.7122': attribute type 7 has an invalid length.
[  764.124891][T29286] netlink: 'syz.4.7122': attribute type 8 has an invalid length.
[  764.128264][T29286] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7122'.
[  764.824687][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  764.830898][   T40] audit: type=1400 audit(2000000036.829:1141): avc:  denied  { read } for  pid=29315 comm="syz.9.7133" name="file0" dev="tmpfs" ino=174 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  764.848050][T29320] tipc: Started in network mode
[  764.849643][T29320] tipc: Node identity , cluster identity 4711
[  764.851493][T29320] tipc: Failed to obtain node identity
[  764.853202][T29320] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  764.900735][   T40] audit: type=1326 audit(2000000036.909:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29324 comm="syz.4.7138" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e9218eba9 code=0x7ffc0000
[  764.909755][T29325] netlink: 212388 bytes leftover after parsing attributes in process `syz.9.7137'.
[  764.913727][T29325] openvswitch: netlink: Message has 5 unknown bytes.
[  764.959261][T29330] overlay: ./file0 is not a directory
[  764.997118][T29339] veth0: entered promiscuous mode
[  764.999703][T29339] veth0: left promiscuous mode
[  765.018721][T29344] 9pnet_virtio: no channels available for device syz
[  765.134608][T29356] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7148'.
[  765.134625][T29357] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7148'.
[  765.158994][T29356] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  765.164016][T29356] bond1: (slave wireguard0): Error -95 calling set_mac_address
[  765.188537][T29363] netlink: 'syz.3.7149': attribute type 10 has an invalid length.
[  765.192189][T29363] bond0: (slave wlan1): Opening slave failed
[  765.202617][T29357] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53 sclass=netlink_route_socket pid=29357 comm=syz.8.7148
[  765.512795][T29379] netlink: 8 bytes leftover after parsing attributes in process `syz.8.7155'.
[  765.630392][T29391] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  765.634369][T29393] netlink: 'syz.9.7159': attribute type 10 has an invalid length.
[  765.638963][T29393] bond0: (slave wlan1): Opening slave failed
[  765.698722][T29398] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7163'.
[  765.865419][T29403] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  765.867386][T29403] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  765.869277][T29403] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  765.871156][T29403] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  765.876593][T29403] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  765.882138][T29403] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  765.884438][T29403] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  765.899154][T28959] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI
[  765.899301][T29403] Bluetooth: hci0: Opcode 0x0406 failed: -4
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  765.903196][T28959] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
[  765.903214][T28959] CPU: 0 UID: 0 PID: 28959 Comm: kbnepd bnep0 Not tainted syzkaller #0 PREEMPT(full) 
[  765.913495][T28959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  765.917772][T28959] RIP: 0010:klist_put+0x4d/0x1b0
[  765.919332][T28959] Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 3c 3e 0d
[  765.925277][T28959] RSP: 0018:ffffc9000708f9b0 EFLAGS: 00010202
[  765.927856][T28959] RAX: dffffc0000000000 RBX: ffff8880477cc060 RCX: ffffffff82611b4d
[  765.931161][T28959] RDX: 000000000000000b RSI: ffffffff8b89e035 RDI: 0000000000000058
[  765.934371][T28959] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  765.937538][T28959] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  765.940045][T28959] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[  765.943105][T28959] FS:  0000000000000000(0000) GS:ffff8880d66b3000(0000) knlGS:0000000000000000
[  765.946359][T28959] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  765.948766][T28959] CR2: 0000555582aba808 CR3: 0000000041876000 CR4: 0000000000352ef0
[  765.951306][T28959] DR0: 0000000000000005 DR1: 0000000000000000 DR2: 00000000000000eb
[  765.953792][T28959] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  765.956349][T28959] Call Trace:
[  765.957657][T28959]  <TASK>
[  765.958959][T28959]  device_del+0x1d8/0x9f0
[  765.960808][T28959]  ? __pfx_device_del+0x10/0x10
[  765.962853][T28959]  ? netdev_unregister_kobject+0x2da/0x540
[  765.965284][T28959]  unregister_netdevice_many_notify+0x14f0/0x24c0
[  765.967337][T28959]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  765.969457][T28959]  ? __pfx___mutex_lock+0x10/0x10
[  765.971043][T28959]  unregister_netdevice_queue+0x305/0x3f0
[  765.972889][T28959]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  765.974883][T28959]  ? rtnl_net_dev_lock+0x28/0x360
[  765.976706][T28959]  ? rtnl_net_dev_lock+0x146/0x360
[  765.978281][T28959]  ? rtnl_lock+0x9/0x20
[  765.979594][T28959]  ? rtnl_net_dev_lock+0x146/0x360
[  765.981234][T28959]  unregister_netdev+0x1f/0x60
[  765.982784][T28959]  bnep_session+0x224e/0x2d80
[  765.984281][T28959]  ? __pfx_bnep_session+0x10/0x10
[  765.986162][T28959]  ? do_raw_spin_lock+0x12c/0x2b0
[  765.988276][T28959]  ? __pfx_woken_wake_function+0x10/0x10
[  765.990651][T28959]  ? rcu_is_watching+0x12/0xc0
[  765.992680][T28959]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  765.995148][T28959]  ? lockdep_hardirqs_on+0x7c/0x110
[  765.997394][T28959]  ? __kthread_parkme+0x19e/0x250
[  765.999524][T28959]  ? __pfx_bnep_session+0x10/0x10
[  766.001641][T28959]  kthread+0x3c2/0x780
[  766.003376][T28959]  ? __pfx_kthread+0x10/0x10
[  766.005361][T28959]  ? rcu_is_watching+0x12/0xc0
[  766.007410][T28959]  ? __pfx_kthread+0x10/0x10
[  766.009380][T28959]  ret_from_fork+0x56a/0x730
[  766.011348][T28959]  ? __pfx_kthread+0x10/0x10
[  766.013287][T28959]  ret_from_fork_asm+0x1a/0x30
[  766.015392][T28959]  </TASK>
[  766.016707][T28959] Modules linked in:
[  766.018829][T28959] ---[ end trace 0000000000000000 ]---
[  766.021078][T28959] RIP: 0010:klist_put+0x4d/0x1b0
[  766.022064][   T40] kauditd_printk_skb: 39 callbacks suppressed
[  766.022077][   T40] audit: type=1400 audit(2000000038.029:1182): avc:  denied  { read } for  pid=5361 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  766.023177][T28959] Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 3c 3e 0d
[  766.035153][   T40] audit: type=1400 audit(2000000038.029:1183): avc:  denied  { search } for  pid=5361 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  766.042551][T28959] RSP: 0018:ffffc9000708f9b0 EFLAGS: 00010202
[  766.054861][T28959] RAX: dffffc0000000000 RBX: ffff8880477cc060 RCX: ffffffff82611b4d
[  766.055249][   T40] audit: type=1400 audit(2000000038.029:1184): avc:  denied  { search } for  pid=5361 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  766.058064][T28959] RDX: 000000000000000b RSI: ffffffff8b89e035 RDI: 0000000000000058
[  766.070508][T28959] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  766.073646][T28959] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  766.077206][T28959] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[  766.077831][   T40] audit: type=1400 audit(2000000038.029:1185): avc:  denied  { add_name } for  pid=5361 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  766.080460][T28959] FS:  0000000000000000(0000) GS:ffff8880d66b3000(0000) knlGS:0000000000000000
[  766.093448][T28959] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  766.096171][T28959] CR2: 0000555582aba808 CR3: 000000002b0e5000 CR4: 0000000000352ef0
[  766.099509][T28959] DR0: 0000000000000005 DR1: 0000000000000000 DR2: 00000000000000eb
[  766.100628][   T40] audit: type=1400 audit(2000000038.029:1186): avc:  denied  { create } for  pid=5361 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  766.102941][T28959] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  766.113365][   T40] audit: type=1400 audit(2000000038.029:1187): avc:  denied  { append open } for  pid=5361 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  766.114178][T28959] Kernel panic - not syncing: Fatal exception
[  766.123916][T28959] Kernel Offset: disabled

VM DIAGNOSIS:
19:53:47  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85648ef5 RDI=ffffffff9b1170a0 RBP=ffffffff9b117060 RSP=ffffc9000708f320
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=000000004153414b
R12=0000000000000000 R13=0000000000000031 R14=ffffffff9b117060 R15=ffffffff85648e90
RIP=ffffffff85648f1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d66b3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000555582aba808 CR3=0000000041876000 CR4=00352ef0
DR0=0000000000000005 DR1=0000000000000000 DR2=00000000000000eb DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=00000000e002fefe Opmask02=00000000c0000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd4b80710 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd4b80896
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffd4b80896 00007fffd4b8089c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f912fa12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f912fa12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f912fa12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f912fa12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f912fa12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f912fa12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffff88806a5332a8 RCX=0000000000000002 RDX=0000000000000000
RSI=ffffffff8c162f80 RDI=ffffffff8df61e88 RBP=0000000000000001 RSP=ffffc90005e47a98
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000400 R11=ffffffff9b0e7978
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81a0c3f2 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d67b3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f912f974940 CR3=000000002c8ce000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080040001 Opmask01=0000000020080810 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4e8654b0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4e865636
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd4e865636 00007ffd4e86563c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0068c12e46
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0068c12e53
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0068c12e4d
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0068c12e61
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0068c12ee7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0068c12fc5
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88806a63b540 RCX=ffffffff81afb673 RDX=ffff88801deb4880
RSI=ffffffff81afb64d RDI=0000000000000005 RBP=ffffc90000157d08 RSP=ffffc90000157bc0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1cb9886
R12=1ffff9200002af80 R13=0000000000000001 R14=0000000000000001 R15=ffffed100d4c76a9
RIP=ffffffff81afb661 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d68b3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f91307056c0 CR3=0000000025c3c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000104080 Opmask01=0000000010000000 Opmask02=0000000003ffffff Opmask03=0000000020400004
Opmask04=00000000ffdfffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005558a2ef25e0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd7331f1b20
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd7331f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373262bd19da483 7373262e84320659
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 aded2d84fd25660d 7373737626f95d8b
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302d78742f736575 6575712f3070656e 622f74656e2f6c61 75747269762f7365
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000006874 6f6f7465756c622f 6c6175747269762f 736563697665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f6d697377685f31 3132303863616d2f 6c6175747269762f 736563697665642f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005558a2cb22c0 00000000000001d1 0000003177617264
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3139312c3039312c 4638312c4538312c 4238312c3938312c 3838312c3538312c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3438312c3138312c 3937312c3737312c 3437312c4436312c 4336312c3636312c
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3336312c3136312c 3036312c30462c46 442c30442c46432c 38412c37412c4639
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c4137312c393731 2c3837312c373731 2c3637312c353731 2c3437312c333731
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000014100 000000000000303d 44440045525f5346 0054242044492065
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=ffffffff913b7129 RBX=0000000000000001 RCX=ffffffff913b7128 RDX=dffffc0000000000
RSI=0000000000000000 RDI=1ffffffff2276e25 RBP=ffffc9000371f138 RSP=ffffc9000371f080
R8 =ffffffff913b712c R9 =0000000000000000 R10=ffffc9000371f0f0 R11=0000000000002c25
R12=ffffc9000371f140 R13=ffffc9000371f0f0 R14=0000000000000005 R15=ffffc9000371ff20
RIP=ffffffff816afade RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d69b3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f7e5ed07d60 CR3=0000000032a12000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7e5e1a76c3 00007f7e5e1a76c3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcab70f610 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555583156ef7 00005555831566a0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558315485d 0000555583153ce0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0002080001000012 08060a016afc0008 0001980300020001 960303f802000194
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010fffffffffffff 0409800401841000 060172dc3e880000 0100000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000002ff 0000000000b5b4c4 4e41a1cb040000fc 002f0600afb27660
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 dd86000000000000 bbbbbbbbbbbb7408 09800307f7de1000 0004010000100806
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 06017cc220100058 8004340800020800 0100001208060a01 6afc000800019803
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000