last executing test programs:

6m26.010416117s ago: executing program 2 (id=474):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net\x00')
syz_open_dev$vcsn(&(0x7f0000000000), 0x80e0, 0x1)
getdents64(r0, &(0x7f00000030c0)=""/4122, 0xe1)

6m25.981858536s ago: executing program 2 (id=476):
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01022dbd7000ffdb652520e7000109001f0070687931000000000a0001007770616e33000000050020"], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0)
r6 = open(&(0x7f0000000380)='./bus\x00', 0xeb40, 0x14)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(r8, r6, 0x0, 0x4000000053d2)

6m23.289510761s ago: executing program 2 (id=484):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r3, 0x5b01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
socket(0x10, 0x3, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000000540)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000940)={r4, 0x786d, 0x7, 0x1})
r5 = syz_clone(0x200080, &(0x7f0000000000)="2cb4a1bbe7fc0d0daf5e2b4f1ef4dee99146f891b80dd73de31a66bf097014", 0x1f, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000380)="05a683ddf1e4841027754e0254d8e82dd268a575ee18ff98b633216bfeac49221fff09610515bb7591cc70cf883a8b52f50424f293e2e3a42210600ff2222b5e440928b512cd56aa0ccddb5d343db90a6a4620557e27ca56133dfc6ff9daedb27c0201685f8024db1998100ca2f88e78351daf8e862a68a3bb4d99e11fedd94822bb7a9970d5615fd40dafdee059")
syz_open_procfs(r5, &(0x7f0000000140)='children\x00')
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x2000, 0x40000, 0x0, 0x0, 0x0, 0xc5c7}, 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x7, 0x101, 0x0, 0x0, {0xc753a513244cf22e, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x24008845}, 0x48010)

6m20.220407008s ago: executing program 2 (id=500):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000080), 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYRES32=r0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x0, 0x4}, 0x8}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4e)
mount$9p_virtio(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x800000, &(0x7f0000000340)=ANY=[@ANYBLOB])
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000400)='./file1\x00', 0x2000100)
stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000980))
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x109a42, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./bus\x00', 0x40)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
io_setup(0x3, &(0x7f0000000300)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000280)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x3, r4, &(0x7f00000005c0)='Z', 0x1, 0x3}])
ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000040)=r1)
r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netlink\x00')
preadv(r6, &(0x7f0000000380)=[{&(0x7f00000014c0)=""/223, 0xdf}], 0x1, 0x2000ff0f, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000001080), 0x2002, 0x0)
syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, 0x0, &(0x7f0000000000)=<r7=>0x0)
syz_io_uring_submit(0x0, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00')
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x4209, r8, 0x0, 0x0)
syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)

6m19.582198972s ago: executing program 2 (id=504):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000300)={0x20, 0x2e, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4, 0x0, 0x900}, [@typed={0xc, 0xc, 0x0, 0x0, @u64=0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

6m17.844145015s ago: executing program 2 (id=513):
r0 = socket$inet6(0xa, 0x80002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$UHID_DESTROY(r1, &(0x7f00000000c0), 0x4)
r2 = getpid()
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)}], 0x1}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r3 = socket(0xa, 0x3, 0x2)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x1, 0x9, @loopback={0xff00000000000000}, 0xd9b}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f00009bd000/0x4000)=nil, 0x4000, 0xb635773f07ebbeef, 0x10, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000002c80)=[{{&(0x7f0000000300)=@can, 0x80, &(0x7f00000001c0)=[{&(0x7f00000010c0)=""/201, 0xc9}, {&(0x7f00000003c0)=""/165, 0xa5}, {&(0x7f00000005c0)=""/242, 0xf2}, {&(0x7f00000006c0)=""/197, 0xc5}], 0x4, &(0x7f00000007c0)=""/148, 0x96}, 0x80000001}, {{&(0x7f0000000880)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000280)=[{&(0x7f0000002e80)=""/262, 0xff}, {&(0x7f0000000a00)=""/221, 0xdd}], 0x2, &(0x7f0000000b00)=""/122, 0x7a}}, {{&(0x7f0000000b80)=@tipc=@name, 0x80, &(0x7f0000000d00)=[{&(0x7f0000000c00)=""/237, 0xed}], 0x20000114, &(0x7f0000000d40)=""/204, 0xcc}, 0xc0000000}, {{&(0x7f0000000e40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000f80)=[{&(0x7f0000002480)=""/142, 0x8e}], 0x1}}, {{&(0x7f0000000fc0)=@x25, 0x80, &(0x7f00000026c0)=[{&(0x7f0000001040)=""/122, 0x7a}, {&(0x7f0000002fc0)=""/258, 0xfd}, {&(0x7f00000011c0)=""/103, 0x67}, {&(0x7f0000001240)=""/238, 0xee}, {&(0x7f0000001340)=""/206, 0xce}, {&(0x7f0000001440)=""/50, 0x32}, {&(0x7f0000001480)=""/4089, 0x1000}, {&(0x7f0000002d80)=""/242, 0xf2}, {&(0x7f0000002580)=""/1, 0x1}, {&(0x7f00000025c0)=""/228, 0xe4}], 0xa, &(0x7f0000002740)=""/235, 0xeb}, 0xed}, {{&(0x7f0000002840)=@x25, 0x80, &(0x7f0000002940)=[{&(0x7f00000004c0)=""/83, 0x4c}], 0x1, &(0x7f0000002980)=""/245, 0xf5}, 0x39}, {{&(0x7f0000002a80)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000002b00)=""/129, 0x81}], 0x20000305, &(0x7f0000000900)=""/110, 0x6e}, 0x1}], 0x7, 0x2, 0x0)
syz_usbip_server_init(0x6)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
ioctl$COMEDI_CMDTEST(0xffffffffffffffff, 0x8040640a, &(0x7f00000000c0)={0x1, 0x30000, 0xffffffff, 0x3, 0x10, 0x6, 0x40, 0x6, 0x80, 0x1, 0x100, 0x0, 0x0, 0x0, 0x0})
ptrace$ARCH_GET_GS(0x1e, r2, &(0x7f0000000480), 0x1004)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = dup(r6)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c00000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000240012800c0001006d6163766c616e001400028006000200000000", @ANYRES32=r8, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

6m17.800482457s ago: executing program 32 (id=513):
r0 = socket$inet6(0xa, 0x80002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$UHID_DESTROY(r1, &(0x7f00000000c0), 0x4)
r2 = getpid()
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)}], 0x1}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r3 = socket(0xa, 0x3, 0x2)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x1, 0x9, @loopback={0xff00000000000000}, 0xd9b}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f00009bd000/0x4000)=nil, 0x4000, 0xb635773f07ebbeef, 0x10, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000002c80)=[{{&(0x7f0000000300)=@can, 0x80, &(0x7f00000001c0)=[{&(0x7f00000010c0)=""/201, 0xc9}, {&(0x7f00000003c0)=""/165, 0xa5}, {&(0x7f00000005c0)=""/242, 0xf2}, {&(0x7f00000006c0)=""/197, 0xc5}], 0x4, &(0x7f00000007c0)=""/148, 0x96}, 0x80000001}, {{&(0x7f0000000880)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000280)=[{&(0x7f0000002e80)=""/262, 0xff}, {&(0x7f0000000a00)=""/221, 0xdd}], 0x2, &(0x7f0000000b00)=""/122, 0x7a}}, {{&(0x7f0000000b80)=@tipc=@name, 0x80, &(0x7f0000000d00)=[{&(0x7f0000000c00)=""/237, 0xed}], 0x20000114, &(0x7f0000000d40)=""/204, 0xcc}, 0xc0000000}, {{&(0x7f0000000e40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000f80)=[{&(0x7f0000002480)=""/142, 0x8e}], 0x1}}, {{&(0x7f0000000fc0)=@x25, 0x80, &(0x7f00000026c0)=[{&(0x7f0000001040)=""/122, 0x7a}, {&(0x7f0000002fc0)=""/258, 0xfd}, {&(0x7f00000011c0)=""/103, 0x67}, {&(0x7f0000001240)=""/238, 0xee}, {&(0x7f0000001340)=""/206, 0xce}, {&(0x7f0000001440)=""/50, 0x32}, {&(0x7f0000001480)=""/4089, 0x1000}, {&(0x7f0000002d80)=""/242, 0xf2}, {&(0x7f0000002580)=""/1, 0x1}, {&(0x7f00000025c0)=""/228, 0xe4}], 0xa, &(0x7f0000002740)=""/235, 0xeb}, 0xed}, {{&(0x7f0000002840)=@x25, 0x80, &(0x7f0000002940)=[{&(0x7f00000004c0)=""/83, 0x4c}], 0x1, &(0x7f0000002980)=""/245, 0xf5}, 0x39}, {{&(0x7f0000002a80)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000002b00)=""/129, 0x81}], 0x20000305, &(0x7f0000000900)=""/110, 0x6e}, 0x1}], 0x7, 0x2, 0x0)
syz_usbip_server_init(0x6)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)
ioctl$COMEDI_CMDTEST(0xffffffffffffffff, 0x8040640a, &(0x7f00000000c0)={0x1, 0x30000, 0xffffffff, 0x3, 0x10, 0x6, 0x40, 0x6, 0x80, 0x1, 0x100, 0x0, 0x0, 0x0, 0x0})
ptrace$ARCH_GET_GS(0x1e, r2, &(0x7f0000000480), 0x1004)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x3e, 0x229, 0x0, 0xfffffffd, {0xa}}, 0x14}, 0x1, 0x6000000}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = dup(r6)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c00000010000104fcffffff8000000000000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000240012800c0001006d6163766c616e001400028006000200000000", @ANYRES32=r8, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

4m30.034982467s ago: executing program 4 (id=1199):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x4)

4m30.032731616s ago: executing program 4 (id=1201):
syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000300)=ANY=[], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x11, 0x3, 0x0)
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000140)=""/46, 0x2e)

4m29.671512103s ago: executing program 4 (id=1210):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@newlink={0x54, 0x10, 0x1, 0x70bd26, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x20, 0x16, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0x2f, 0x985, 0x7f, 0x8100}}]}]}]}]}, 0x54}, 0x1, 0x60000, 0x0, 0x1}, 0x14)

4m29.671347391s ago: executing program 4 (id=1211):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x80)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
io_setup(0x3, &(0x7f0000000180)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
chdir(&(0x7f0000000100)='./bus\x00')
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r2)
ptrace$setsig(0x4203, r2, 0x2, &(0x7f0000000380)={0x3b, 0xffffffff, 0x9})
syz_open_dev$dri(0x0, 0x1, 0x402)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, 0x0)
mknod$loop(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)

4m28.672679656s ago: executing program 4 (id=1219):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8}, @NFTA_TARGET_INFO={0x4}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}}, 0x0)

4m28.342357338s ago: executing program 4 (id=1222):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r1, &(0x7f0000000340)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRESDEC=r0, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0x6, 0xc, 0x0, 0x3, 0x3})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="24000004140000010000000000000000020000ff", @ANYRES32=r2, @ANYBLOB="08000200e0000001"], 0x20}}, 0x2000c844)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4}, 0x1c)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f00000004c0)={0x0, @bt={0x2, 0x1, 0x1, 0x1, 0x5, 0x7, 0x2, 0x200, 0x6d, 0x1, 0x1, 0x5, 0x8, 0x7, 0x0, 0xd, {0x7fffffff, 0x9}, 0xfe, 0x30}})
copy_file_range(r5, &(0x7f0000000200)=0xfffffffffffffff8, 0xffffffffffffffff, &(0x7f0000000280)=0x9, 0x6b55, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
keyctl$read(0x2, 0x0, &(0x7f00000030c0)=""/4098, 0x1002)
r6 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
ioctl$IOC_PR_PREEMPT(r6, 0x401870cb, &(0x7f0000000800)={0x3000000000000000, 0x40e, 0x6, 0x3})
ioctl$TCSETA(r6, 0x5406, &(0x7f0000000240)={0xfffb, 0x4, 0xfffa, 0x6, 0x6, "f8f3ce74775123b1"})
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$sequencer(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
setsockopt$inet_mreq(r7, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xdaca7de7ff4502d4, 0xa2071, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffa000/0x1000)=nil)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

4m28.22301865s ago: executing program 33 (id=1222):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r1, &(0x7f0000000340)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRESDEC=r0, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0x6, 0xc, 0x0, 0x3, 0x3})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="24000004140000010000000000000000020000ff", @ANYRES32=r2, @ANYBLOB="08000200e0000001"], 0x20}}, 0x2000c844)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4}, 0x1c)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f00000004c0)={0x0, @bt={0x2, 0x1, 0x1, 0x1, 0x5, 0x7, 0x2, 0x200, 0x6d, 0x1, 0x1, 0x5, 0x8, 0x7, 0x0, 0xd, {0x7fffffff, 0x9}, 0xfe, 0x30}})
copy_file_range(r5, &(0x7f0000000200)=0xfffffffffffffff8, 0xffffffffffffffff, &(0x7f0000000280)=0x9, 0x6b55, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xd, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
keyctl$read(0x2, 0x0, &(0x7f00000030c0)=""/4098, 0x1002)
r6 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
ioctl$IOC_PR_PREEMPT(r6, 0x401870cb, &(0x7f0000000800)={0x3000000000000000, 0x40e, 0x6, 0x3})
ioctl$TCSETA(r6, 0x5406, &(0x7f0000000240)={0xfffb, 0x4, 0xfffa, 0x6, 0x6, "f8f3ce74775123b1"})
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$sequencer(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
setsockopt$inet_mreq(r7, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xdaca7de7ff4502d4, 0xa2071, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffa000/0x1000)=nil)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

2m5.279544539s ago: executing program 0 (id=2401):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000010429bd70000000000000000000", @ANYBLOB="2b030000000000002000128008000100677470001400028008000100", @ANYRES32=r1], 0x40}}, 0x8080)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x2, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

2m5.23178372s ago: executing program 0 (id=2403):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)=ANY=[@ANYBLOB="20000000ca148eef8a3ddf46d32efa7fc68f0f40e25958e11b9007b83f233f386f5c96c2000000008c2c23de977e3209040332eea1eb8e6176ca45ba88b1c92a5e484b4c9854067bda4ea6417265d5636bc950460bb054a47af4badc8b15c091df7248b2686568f81a0700000000000000d00000009097e2a300000000000000", @ANYRES16=r0, @ANYBLOB="01000000000000000000140000000c00078008000200ec090000"], 0x20}}, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
shutdown(r1, 0x0)
syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
userfaultfd(0x80801)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x4, 0x8, 0x1, 0x800, 0x0, 0x100000, 0xe}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff, 0x200000f, 0x1, 0x0, 0x6a9, 0xd5e}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
mmap(&(0x7f00003f6000/0x3000)=nil, 0x3000, 0xa, 0x810, r4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'wg1\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4c, 0xd, 0x62, 0x7, 0x8, 0xe, 0xe3, 0x9, 0xa, 0x0, [0x4e, 0x9, 0xd2, 0x7, 0x401, 0x4, 0x9, 0xfffffffb], [0x7f]}})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r6 = add_key(&(0x7f0000000040)='syzkaller\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe)
keyctl$read(0xb, r6, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r7 = dup(r4)
r8 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000180), 0x40, 0x0)
ioctl$EXT4_IOC_GETFSUUID(r8, 0x8008662c, &(0x7f0000000240))
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x107, 0x100, 0x100, 0x1, 0x4000}})
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa7}, 0x30004084)

2m4.118148003s ago: executing program 0 (id=2415):
r0 = memfd_create(&(0x7f0000000040)='\x02A\xbb\xcc\x96\x0e\x00\x00\x00\x00\x00\x00', 0x6)
fcntl$addseals(r0, 0x409, 0xa)
ftruncate(r0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
close(0x3)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
getsockopt$MRT(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000100))

2m3.785537967s ago: executing program 0 (id=2408):
syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800040, &(0x7f0000000440)=ANY=[@ANYBLOB="78224fc427ed619f319b73733d616e792c63616368653d66736361636865"])
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r2, &(0x7f0000000240)="94", 0x1)
vmsplice(r3, &(0x7f0000000280)=[{&(0x7f0000000100)="0dd2e7c892", 0x5}], 0x1, 0x0)
tee(r1, r4, 0x7fff, 0x100000000000000)

2m3.341074778s ago: executing program 0 (id=2413):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x220)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuse(0x88000c01, &(0x7f00000020c0)='./file0\x00', 0x0, 0x10c00a8, 0x0)

2m3.191057576s ago: executing program 0 (id=2414):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
vmsplice(r5, 0x0, 0x0, 0xd)
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r6, 0xc0145401, &(0x7f0000000280)={0x3, 0x0, 0xfdfdffff, 0xff600000})
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001d00)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x63f2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)

1m48.046830061s ago: executing program 34 (id=2414):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
vmsplice(r5, 0x0, 0x0, 0xd)
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r6, 0xc0145401, &(0x7f0000000280)={0x3, 0x0, 0xfdfdffff, 0xff600000})
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001d00)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x63f2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)

35.065976038s ago: executing program 1 (id=3199):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', 0x0, 0x800040, &(0x7f0000000440)=ANY=[@ANYBLOB="78224fc427ed619f319b73733d616e792c63616368653d66736361636865"])
syz_open_dev$sndpcmp(&(0x7f0000000540), 0x0, 0xe2867)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r1, &(0x7f0000000240)="94", 0x1)
vmsplice(r2, &(0x7f0000000280)=[{&(0x7f0000000100)="0dd2e7c892", 0x5}], 0x1, 0x0)
tee(r0, r3, 0x7fff, 0x100000000000000)

34.6983805s ago: executing program 1 (id=3202):
r0 = socket$packet(0x11, 0x2, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x28, r2, 0x1, 0x1070bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x50000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x801}, 0x20040000)
r3 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x2503, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000140))
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000680)={'ip6_vti0\x00', &(0x7f0000000600)={'ip6_vti0\x00', <r4=>0x0, 0x0, 0x6, 0x5, 0x3ff, 0x4e, @private1, @private0, 0x7800, 0x80, 0x7fffffff, 0x7}})
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000006c0), 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000900)={r3, 0x20, &(0x7f00000008c0)={&(0x7f0000000400)=""/146, 0x92, <r6=>0x0, &(0x7f0000000280)=""/68, 0x44}}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IP_TOS={0x5, 0x50, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r11)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r12 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r12, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r12, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r10, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x3, 0x24, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffffff2, 0x0, 0x0, 0x0, 0x95}, {}, {}, [@alu={0x7, 0x0, 0x3, 0x6, 0x3, 0x50, 0x10}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x1}, @map_idx={0x18, 0x5, 0x5, 0x0, 0xd}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_val={0x18, 0xb, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0xffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x6e, '\x00', r4, @sched_cls=0x37, r5, 0x8, &(0x7f0000000700)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000740)={0x0, 0x3, 0xc, 0x4}, 0x10, r6, 0xffffffffffffffff, 0x0, &(0x7f0000000940)=[0x1, r3], 0x0, 0x10, 0x64e6}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r13, 0x4)
socket$netlink(0x10, 0x3, 0x10)

34.4354278s ago: executing program 1 (id=3205):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x1}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast1}]}}}]}, 0x48}}, 0x0) (async)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x15)
r4 = dup(r3)
read$FUSE(r4, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0xf4, 0x41, 0x107, 0x0, 0x7, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xdc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0xcd, 0x90, 0x0, 0x1, [@typed={0x8, 0x65, 0x0, 0x0, @u32=0x1}, @typed={0x8, 0x13b, 0x0, 0x0, @pid}, @generic="c2bd11e6b4884b645d8a9e53fcbc725b3ebf28dfd270af4cd88d970c5c4833ad545b3b35c607fc5e0c77b677ca40871b98d3d8d733ff2d866b529274b7c5d01ca3f433785b5e3d6cf9ec95d871fddd86e61e4c1a148f418c6e0547b07852d42a8c1fe7aab167e856b09e3152ee8614475b0bf8", @nested={0x44, 0xce, 0x0, 0x1, [@nested={0x40, 0x5f, 0x0, 0x1, [@nested={0x4, 0x142}, @generic="07770693d4f256912a653bf1f6", @generic="dbf150aebd87c29592d6161890663a64abb26d9304a916bcf59cc8aea92ff00369ad74", @typed={0x8, 0x8, 0x0, 0x0, @pid}]}]}, @generic="ec16"]}]}]}, 0xf4}}, 0x4010)
r7 = dup(r5)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) (async)
io_uring_enter(r8, 0x708, 0x41e3, 0x0, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0) (async)
landlock_restrict_self(0xffffffffffffffff, 0x1) (async)
r11 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r11, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x3, @mcast2}}}, 0x84) (async)
setsockopt$inet6_group_source_req(r11, 0x29, 0x2e, &(0x7f0000000040)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) (async)
r12 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) (async)
r13 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r13, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0xd, 0x0, 0x0, 0x2, 0x0, 0x70bd2c}, 0x10}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r12, 0x40045542, &(0x7f00000001c0))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0) (async)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x0) (async)
socket$packet(0x11, 0x3, 0x300)

33.595297346s ago: executing program 1 (id=3215):
connect$inet(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x4, 0xc, 0x2000200000a95c, 0x2000000000000006, 0x4000000201, 0x80000001, 0x8, 0x7, 0xe0e8})
ftruncate(0xffffffffffffffff, 0x8979)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
r5 = syz_clone(0x8d00a080, 0x0, 0x11, 0x0, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r6)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r7 = syz_open_procfs(r5, &(0x7f0000000100)='stack\x00')
pread64(r7, &(0x7f00000000c0)=""/22, 0x16, 0x6)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xf}, {0xd, 0xa}, {0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7, 0x10001, 0x3, 0x0, 0x7}, 0xf0, 0x1, 0x8, 0x3, 0x88a, 0x9, 0x8e, 0x1f, 0x3, 0xff, {0x4415, 0x2, 0x800, 0x5, 0x0, 0x5}}}}]}, 0x78}}, 0x4000)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210283ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=ANY=[@ANYBLOB="28000f0010005fba0b00"/20, @ANYRES32=0x0, @ANYBLOB="80000200e180000008001b0000000000"], 0x28}}, 0x0)

33.433013165s ago: executing program 1 (id=3217):
prctl$PR_SET_IO_FLUSHER(0x41, 0x3)
mprotect(&(0x7f00003b6000/0x2000)=nil, 0x2000, 0xd)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
r0 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e20, 0x9d, @local, 0xfffffeff}, 0x1c)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x14b000)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
close(r1)
fsopen(0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
clock_gettime(0x0, &(0x7f0000000000))

33.083809239s ago: executing program 1 (id=3219):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000240)=@gcm_256={{0x304}, "54a70e52939b74b8", "66a0ba71ca851cb2e95a960aeb0b008d5f10d01049c007afd3b942fddbdc7523", "acab24f4", "643b57af86782a6c"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000100)=@generic={0x8})

32.982269431s ago: executing program 35 (id=3219):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000240)=@gcm_256={{0x304}, "54a70e52939b74b8", "66a0ba71ca851cb2e95a960aeb0b008d5f10d01049c007afd3b942fddbdc7523", "acab24f4", "643b57af86782a6c"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000100)=@generic={0x8})

30.02201167s ago: executing program 7 (id=3220):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$ubi_ctrl(0xffffff9c, &(0x7f00000000c0), 0xd40, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x202, 0x802, 0x9, 0x1a, 0x8000, 0x3})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
r2 = openat$audio1(0xffffff9c, &(0x7f0000000000), 0xa101, 0x0)
ioctl$SNDCTL_DSP_RESET(r2, 0x5000, 0x0)
syz_open_dev$video(&(0x7f0000000980), 0x6, 0x20000)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00')
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000100)=0x8)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)

29.691334232s ago: executing program 7 (id=3247):
pipe2$9p(&(0x7f0000000040), 0x84080)
socket(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}, {&(0x7f0000000840)='C11O', 0x4}], 0x2}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$sock_int(r3, 0x1, 0x2, 0x0, &(0x7f0000000300))
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1004000, 0x0, 0xb49, 0x9, 0x6, 0x0, 0x3}, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4)

29.304914821s ago: executing program 7 (id=3253):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000001b40), r0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r1, 0x10c, 0x1, &(0x7f0000002440)=0xffffffff, 0x4)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000300)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000080)=0x400, 0x12)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(0x0)
syz_pidfd_open(0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x50)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x40, r5, 0x1, 0x0, 0xfffffffc, {0x3}, [@TIPC_NLA_BEARER={0x2c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20010018}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r6}, 0x10)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f29, 0x0, 0x100c13d, 0x4, 0x2, 0xafa0, 0x0, 0x4, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x81, 0xcaa3, 0x0, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8, 0x5]})
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)

29.193958764s ago: executing program 7 (id=3254):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getpriority(0x1, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x44021, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000f000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x108)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006340)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, r3, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0xa4901, 0x28)
write$tcp_congestion(r4, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r4, r2)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400cc00", @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf256d000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

25.793909088s ago: executing program 7 (id=3282):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0)
listen(0xffffffffffffffff, 0x8)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000003b40)=0x4000000)
close(0x4)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280)={0x0, 0x24000000, 0x4})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1a, 0x7fff0000}]})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0xd, &(0x7f0000000400), 0x1}, 0x800)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ffb000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffb000/0x4000)=nil)

25.702749965s ago: executing program 36 (id=3282):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0)
listen(0xffffffffffffffff, 0x8)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000003b40)=0x4000000)
close(0x4)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280)={0x0, 0x24000000, 0x4})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1a, 0x7fff0000}]})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0xd, &(0x7f0000000400), 0x1}, 0x800)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ffb000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffb000/0x4000)=nil)

3.584987086s ago: executing program 3 (id=3442):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8904, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'veth1_to_batadv\x00', 0x7101})
r3 = socket$alg(0x26, 0x5, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x21c, &(0x7f0000001140)=ANY=[@ANYBLOB="d200004e82fc1a4c6e2d1a562ef844a2463456adc7a9750e2507994c67971731f264af19f77d719a4f2b89b98bebd08556f58de6c6767cefccbef0e1c502f2c0e6cdd9d6bff86668d861fcea37a2d89bed9952ff056a360f3bf9f199c75b14808cacb6d4fae8661aad6d24a15a0ab2c3bda7af6993159f9423007407e89166d60a3835c8fa948fa7dc20c35c8cc8283023c109994aacdee5efe6e277230e108d9d294fbfaf0f1ba5f49b200f62dce04435158b99fce572c3bd79b5085b6c59def7923ccf0d13d63f92836359fc85d11628cdbfb3277a00009400004e6900c098aa0fb6e80137846e32b6af5258726cf70953055c782bfe39bf56c1b0af76f5c67bc26f8c92ca835461a229a95e1daf40f23714f4208bc713dd7d47678b826a4c9f61e890e7c8131d0ffbddf977206de384623dd73dfdf8530bccbc71b90b78485e3b9638ee24f2582e7da570ac0a0480df9cd68cad7787a81ab3ec46e612f4143982e19489e2a6ffedcc37ce3867614da800004ed19a9a2e22193dade5fdc784869e79f161cf22a255e52480814f4579604118d4e04e457db29d55a5ce93aba4ca183e0527ef687d9d181fc6434b420b01d01537e758065ce519bdf736a216333443cf36eddc8d5f2755309b7c24f176e8388ebe37c3959b92feae7f7049164cd80e97a82d2b893a8d550d273f8dbd5a7c4ff064c33a34046f28788400d5dbc23bafad10c1c8be1840ab84f319c5ca52aadcecd3"])
bind$alg(r3, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
recvmmsg(0xffffffffffffffff, &(0x7f0000006fc0)=[{{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d40)=""/13, 0xd}], 0x1}, 0x3}], 0x1, 0x1, 0x0)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(0xffffffffffffffff, &(0x7f00000004c0)="5d2c53fbef80181fae0c3c362425a3dc9c29ab06095c301a247a05663dd0339e33f937723c0e747e4b692263874b83110b47a6464cf43728c8f87a5de29499a43ba740851fece0e2073dfeeced3bb6060d5f60cd20e5e9f30ebb98ab5c138e5dc4eb01bf5c70d0f6ed942abb86e4d0d4755120dec9df1876bd842878129f92ebd35a08aa9e000000000000000000", 0x8e, 0x20000000, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @local, 0x100000}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x2ce9}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x9, 0x2ce8}, 0x8)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x13, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xc}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0xf}, 0x94)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), r5)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="b4000000", @ANYRES16=r6, @ANYBLOB="010028bd70000000000001000000840008808000008024000100d1732899f611cd8994034d7f513dc957630e5493c285aca40065cb6311be696b5800098028000080060001000a0000001400020000000000000000000000000000000000050003000200000028000080060001000a000000140002000000000000000000000000000000000005000300010000000400008014000200776730000000000000000000000000000800050001000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)}, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
setxattr$security_capability(&(0x7f0000000680)='./file0\x00', &(0x7f00000010c0), &(0x7f0000000140)=@v3={0x3000000, [{0x5}, {0x0, 0x6}], 0xffffffffffffffff}, 0x18, 0x1)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)=@name={0x1e, 0x2, 0x0, {{0x43}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x26040885}, 0x4810)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="400000001000010400000000feffffff00000000", @ANYRES32=0x0, @ANYBLOB="070d000001a0010014000300776c616e310000000000000000000000230001000180c20000010000"], 0x40}}, 0x0)
openat$audio1(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

2.671911285s ago: executing program 8 (id=3451):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ftruncate(r0, 0x6)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x5})
close(r0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4})
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockname(r3, 0x0, &(0x7f0000000200))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r5, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000080)={@local, @local, @val={@void, {0x8100, 0x1, 0x0, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x20, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x0, 0x1, 0x2}]}}}}}}}}, 0x0)

2.588592726s ago: executing program 8 (id=3453):
prctl$PR_SET_IO_FLUSHER(0x41, 0x3)
mprotect(&(0x7f00003b6000/0x2000)=nil, 0x2000, 0xd)
bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e20, 0x9d, @local, 0xfffffeff}, 0x1c)
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x3)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x14b000)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
close(r1)
fsopen(0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
clock_gettime(0x0, &(0x7f0000000000))

2.543518221s ago: executing program 8 (id=3454):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000740)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010002080000000000000200000008000300", @ANYRES32=r1, @ANYBLOB="08009f00060000000800a120000000000800a000f9ffffff08002600b409"], 0x3c}}, 0x4000084)

2.534339927s ago: executing program 8 (id=3456):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$ubi_ctrl(0xffffff9c, 0x0, 0xd40, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x202, 0x802, 0x9, 0x1a, 0x8000, 0x3})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f00000001c0)={0x1f, 0xffff, 0x3}, 0x1c)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
r2 = openat$audio1(0xffffff9c, &(0x7f0000000000), 0xa101, 0x0)
ioctl$SNDCTL_DSP_RESET(r2, 0x5000, 0x0)
syz_open_dev$video(&(0x7f0000000980), 0x6, 0x20000)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00')
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000100)=0x8)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)

2.183789684s ago: executing program 3 (id=3457):
r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100), &(0x7f0000000000))
r1 = eventfd2(0x3, 0x800)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000140)=r1, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
read$FUSE(r2, &(0x7f00000000c0)={0x2020}, 0x2020)
ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f0000000180))
r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
writev(r3, &(0x7f00000014c0)=[{&(0x7f0000000200)='V', 0x1}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
pause()
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000840)='./binderfs/binder0\x00', 0xc00, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
r4 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x20, 0x6000, @fd_index=0x7, 0x80000001, 0x0, 0x0, 0x4, 0x1})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x36}, 0x4, [0x7, 0x8, 0x2, 0x9, 0x9, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xac, 0x372c6fbf, 0xa2b9, 0x6, 0x9, 0xe4, 0x9, 0x2, 0x3, 0xbbf, 0x0, 0x8, 0x0, 0xd, 0x2, 0x129f, 0x6, 0x3, 0x2, 0x4, 0x7, 0x1000081, 0x8, 0xfffffff8, 0x558e0d31, 0x4, 0xfffeffff, 0x91, 0x5, 0x4, 0x7, 0x80, 0x5, 0x400, 0x7fff, 0x0, 0x4a7, 0x82, 0x6, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x1003, 0x14f2, 0x1, 0x7fff, 0x4, 0x4007f, 0x3, 0x4, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0xf, 0x4, 0x0, 0x5, 0x1000, 0x0, 0x200b398, 0x1f, 0x0, 0xffffffff, 0x1c, 0x7ffe, 0x1, 0x1, 0x54f5bad8, 0x4, 0xfffffffd, 0x404, 0xffff58b9, 0x4c2336d3, 0x104, 0x0, 0x7, 0x405, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0xb, 0x2, 0x401, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x7, 0x1cb, 0x1, 0x4, 0x6, 0x0, 0x2, 0xc, 0x2, 0x8000, 0x5, 0xfffffffb, 0x200004, 0x1000, 0x4, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x1, 0x2e63f783, 0x80000001, 0xb, 0x6, 0x1, 0x8d3, 0x6, 0x108, 0x3ff, 0x2, 0x400, 0x40, 0x5, 0x7, 0x10, 0x5, 0x0, 0x5, 0x9, 0xffffffff, 0x3, 0xc, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0x4, 0xd3, 0x7, 0x3435, 0x5, 0x7, 0x9, 0x401, 0x101, 0x800, 0x60a2, 0x2, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0x10d500, 0x8, 0x77, 0x9, 0xdffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x6, 0x1afa, 0x6, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0x3ff, 0x4000005, 0x7fffffff, 0x7, 0x4, 0x9, 0x82, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x6, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x4, 0x9, 0x1ff, 0xfffffffe, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x80a, 0xfffffff9, 0x4, 0xfffffff9, 0x73, 0x4, 0x463f, 0x4, 0x3949, 0xffffffff, 0x8, 0x1ec, 0x1, 0x1b18]}, 0x45c)
io_uring_enter(r4, 0x27e2, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r8, &(0x7f0000000440)={0x0, 0x48000000, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="ad43000000f45400000009"], 0x14}}, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(r7, &(0x7f0000002480)={&(0x7f0000002100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000002440)={&(0x7f0000002140)={0x2d0, r9, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x4}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x6}, @ETHTOOL_A_EEE_MODES_OURS={0x28c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x26, 0x4, "fcda3410d42101e8ae61ccabd834d70df9e485dec050aca8b3887e6ae4f4eaf24336"}, @ETHTOOL_A_BITSET_VALUE={0xb0, 0x4, "4cd24cbd6dcdffbbeefa41ab7306ba298faa0d54d3755a64bdaf1d43459240382733d62872c5d77816afe1144a67984a58bb24676d9eb8a7abc04e93cf7ba065e202c95d906016c6567e238a40ed2089c1017e143d0dad47b2f9c4d3da95e4aef0b5b93d68f90b1373c3198965c475763cac624bee5b710bd914bc39e79f392e9892e955103c6264f9b864707282553b64483d5a827968a3cedaad82de6ccffab92bc56fff990e80a462ddfb"}, @ETHTOOL_A_BITSET_BITS={0x48, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xff}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz1\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '%\\\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_VALUE={0xc7, 0x4, "03cca4044127c7510368def698b678b419e648cb2f421134c73409f6a1f8ad0cf2ba1c06e20b68211dfed9ad14be94426c9c6c0bc28bfbc3fc23bcb6f041a61c769ae3cac234ada43d86a7be7472f5269f53efe6402963f83248b9bf1caab6ab61f143722add1d7c007b0a5808f190ffbceb54884396b60fc22b1b5e8c861edcfedd2db6f56ec506cf799480fa492c31243006b9f7c1f5e1c75c7220544198ce2ba883299ec9eba6af0ac43e7cdeb03c0a048410f1fc0981e87245f7f14fc469576495"}, @ETHTOOL_A_BITSET_BITS={0x9c, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, '/dev/nvme-fabrics\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x101}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '*@\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '!#\x00'}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xb1c}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '#}/\x96:[/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'net/tcp\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\\\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}]}]}]}]}, 0x2d0}}, 0x4004851)

2.181812687s ago: executing program 8 (id=3465):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'wlan0\x00', &(0x7f0000000180)=@ethtool_ringparam={0x4e, 0x800000}})
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x700})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
mknod(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r3 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000300), 0x202, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r3, 0x11b, 0x1, &(0x7f0000000540), &(0x7f00000005c0)=0x80)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r2, <r4=>0xffffffffffffffff}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010001b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b6000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=<r6=>r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0xe, 0x0, &(0x7f00000000c0)="9dbaac999f69835fc48373a1ee57", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat(r3, &(0x7f000000c380)='./file0\x00', 0x8040, 0x14f)
pipe2(&(0x7f0000001cc0)={<r7=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000080), 0x200000, &(0x7f0000000240)=ANY=[@ANYBLOB="3dff88b540453da8e78b84a319ac205cdc450377a9d33cc3", @ANYRESHEX=r7, @ANYRES16=r6, @ANYRES16, @ANYRES16=r3])
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x61901, 0x8)
io_setup(0x202, &(0x7f0000000200)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r8, 0x0}])
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x20)
r12 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000080)={0x10002, 0x1, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x4)
ioctl$KVM_RUN(r13, 0xae80, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x60801, 0x0)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)

2.021904489s ago: executing program 6 (id=3458):
unshare(0x62040200)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newlink={0x28, 0x10, 0x1, 0x70bd28, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', <r2=>0x0})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x31)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0)={0x6438})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x3, 0xfff3}, {0x2, 0x6}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x3}]}, 0x38}}, 0x4000)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = openat$audio1(0xffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r5, 0xc0044d04, &(0x7f0000000080)=0x34)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000), 0x8)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000340), r7)
sendmsg$NFC_CMD_DISABLE_SE(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x24, r8, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004000}, 0x24000810)
r9 = socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x5c}, 0x1, 0x0, 0x0, 0x24008400}, 0x0)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000), 0x8)
connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0xf00)

1.870461034s ago: executing program 8 (id=3459):
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x416400)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8004, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0cc5605, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x2}, 0x8)
close(r0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r5 = socket$inet(0x2, 0x1, 0x0)
getsockopt$EBT_SO_GET_ENTRIES(r5, 0x0, 0x81, &(0x7f0000000000)={'filter\x00', 0x0, 0x4, 0x0, [0x4, 0x80, 0xffffffffffffffc0, 0xfff, 0xfffffffffffffff7, 0xd], 0x0, 0x0, 0x0}, &(0x7f0000000240)=0x50)
syz_usb_connect$uac1(0x2, 0xdc, 0x0, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000080)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private2, [@dstopts={0x0, 0x2, '\x00', [@ra={0x5, 0x89}, @ra={0x5, 0x2, 0xe}, @jumbo={0xc2, 0x4, 0x55}, @pad1]}]}}}}}}}, 0x0)

1.846656737s ago: executing program 6 (id=3460):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x103000)
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, 0x0)
ioctl$CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000140)={0x8, 0x0, 0xf, 0x80000001, 0xfe1c, 0x6, "72aba977db089b60fd94c5bd97abc150", 0x70, 0x3, 0xf5, 0x7, 0x8, 0x0, 0x1})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r4 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0xb)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040041}, 0x4044009)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

1.643791453s ago: executing program 5 (id=3461):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xa0, 0x22, 0x10, 0x70bd2a, 0x25dfdbfc, {0xb}, [@nested={0x8b, 0x102, 0x0, 0x1, [@generic="7c0db06d4519e14f7022a1519033216a21594ed4a60201eb155fecc270f26fb8fd185aad8c8f4e74e94a66214510d513709c0eb77f2ddd577f0089aa674a838c4ccc1d227c9145fa3cfb433a8b5e7f336652b14181a22811947555ea85c111ef99276fff18052e91a4d26f3e7f7a9f99d38ac32cba3e5311fc7ea037f1419e0e99ff2e", @nested={0x4, 0x13c}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8801}, 0x8004000)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x40000081}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x56fa9599})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0xeda7, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x810, r5, 0x279d0000)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0x10, 0x0, 0x0, 0x2004cb, 0x3, 0x100000000000000, 0xfffffffffffffff8, 0x0, 0xfffffffffffff2ab, 0x2000000000003ff, 0x2], 0xd000, 0x200306})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.448570075s ago: executing program 6 (id=3462):
prctl$PR_SET_IO_FLUSHER(0x41, 0x3)
mprotect(&(0x7f00003b6000/0x2000)=nil, 0x2000, 0xd)
bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e20, 0x9d, @local, 0xfffffeff}, 0x1c)
r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x3)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x14b000)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
close(r1)
fsopen(0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
clock_gettime(0x0, &(0x7f0000000000))

1.361843578s ago: executing program 6 (id=3463):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='net/sctp\x00')
getdents(r1, &(0x7f00000000c0)=""/30, 0x1e)
getdents64(r1, &(0x7f0000000100)=""/208, 0xd0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r5, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, &(0x7f0000000300)=0xd8})
close_range(r2, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000002280)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5}, @IFLA_MACSEC_SCB={0x5, 0xb, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008000}, 0x0)

1.311646591s ago: executing program 3 (id=3464):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
mount$9p_virtio(&(0x7f0000000180), &(0x7f0000000480)='./file0\x00', 0x0, 0x800040, &(0x7f0000000440)=ANY=[@ANYBLOB="78224fc427ed619f319b73733d616e792c63616368653d66736361636865"])
syz_open_dev$sndpcmp(0x0, 0x0, 0xe2867)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r1, &(0x7f0000000240)="94", 0x1)
vmsplice(r2, &(0x7f0000000280)=[{&(0x7f0000000100)="0dd2e7c892", 0x5}], 0x1, 0x0)
tee(r0, r3, 0x7fff, 0x100000000000000)

1.287728566s ago: executing program 6 (id=3466):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$dsp1(0xffffff9c, &(0x7f0000000180), 0x8200, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_S_AUDOUT(r1, 0x40345632, &(0x7f00000002c0)={0x0, "fbd78df8363b88d9c3a4cae9b29b529de5e20000000000001400", 0x3})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x1)
socket(0x18, 0x0, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r3 = socket(0x2b, 0xa, 0x1)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0xffff, 0x2, @empty}, 0x1c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xc8, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @rand_addr=' \x01\x00'}]}]}, 0xc8}}, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r3, 0x29, 0x2d, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x80242, 0x1df2a23c5997fa7b)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)={0x80, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x34, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}]}]}]}, 0x80}}, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)=0xfff)
openat$dir(0xffffff9c, &(0x7f0000000040)='./file0\x00', 0x20640, 0x2)
openat$vcs(0xffffff9c, &(0x7f0000000100), 0x400, 0x0)

1.23546419s ago: executing program 5 (id=3467):
pipe2$9p(&(0x7f0000000040), 0x84080)
socket(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000080)="48000000150081fb7059ae08060c04000aff0f11000048040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000", 0x40}, {&(0x7f0000000840)='C11O', 0x4}], 0x2}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$sock_int(r3, 0x1, 0x2, 0x0, &(0x7f0000000300))
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1004000, 0x0, 0xb49, 0x9, 0x6, 0x0, 0x3}, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4)

1.202003052s ago: executing program 3 (id=3468):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='.\x00', &(0x7f0000000040)='/dev/video#\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$video(&(0x7f00000003c0), 0xfffffe01, 0x20042)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r0}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0x0, 0x0, r0})

1.028679844s ago: executing program 3 (id=3469):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$ubi_ctrl(0xffffff9c, &(0x7f00000000c0), 0xd40, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f00000001c0)={0x1f, 0xffff, 0x3}, 0x1c)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
r2 = openat$audio1(0xffffff9c, &(0x7f0000000000), 0xa101, 0x0)
ioctl$SNDCTL_DSP_RESET(r2, 0x5000, 0x0)
syz_open_dev$video(&(0x7f0000000980), 0x6, 0x20000)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00')
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000100)=0x8)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e20, 0x3, @remote, 0x7}, 0x1c)
connect$pppl2tp(r5, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r4, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a)
connect$inet6(r4, &(0x7f0000000480)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
sendmmsg(r5, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmsg$nl_route_sched_retired(r3, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000009c0)=@deltclass={0x994, 0x29, 0x2, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xfff2}, {0xffe0, 0xfff3}, {0xd, 0xffe0}}, [@c_atm={{0x8}, {0xc, 0x2, [@TCA_ATM_FD={0x8, 0x1, r3}]}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0xff}}}, @c_dsmark={{0xb}, {0xc, 0x2, @TCA_DSMARK_MASK={0x5, 0x4, 0x3}}}, @c_atm={{0x8}, {0x40, 0x2, [@TCA_ATM_HDR={0x21, 0x3, "5ed1ff3e9f5feca02c6ff0ec72ea6688a6f5633255354ce0c9e8bf8fb2"}, @TCA_ATM_HDR={0xf, 0x3, "9cab2f7f262f36b5227939"}, @TCA_ATM_FD={0x8}]}}, @c_cbq={{0x8}, {0x4}}, @c_atm={{0x8}, {0x44, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0xfff1, 0x1}}, @TCA_ATM_EXCESS={0x8, 0x4, {0xe, 0xe}}, @TCA_ATM_HDR={0x18, 0x3, "3c2d8444e0a9d7093a0f9777df082024d8de5e9a"}, @TCA_ATM_FD={0x8, 0x1, r1}, @TCA_ATM_FD={0x8, 0x1, r5}, @TCA_ATM_EXCESS={0x8, 0x4, {0xfff1, 0x7}}]}}, @c_cbq={{0x8}, {0x884, 0x2, [@TCA_CBQ_RATE={0x10, 0x5, {0xa, 0x1, 0xe32c, 0x2a92, 0x8, 0x2}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0x2, 0x10}, 0xfffffff3, 0x3}}, @TCA_CBQ_RATE={0x10, 0x5, {0x8, 0x1, 0x1, 0x5d5e, 0x8000, 0x100}}, @TCA_CBQ_LSSOPT={0x18, 0x1, {0x27, 0x1, 0xf, 0x3, 0x0, 0x0, 0x6, 0x6}}, @TCA_CBQ_RTAB={0x404, 0x6, [0x1, 0xffff, 0x6, 0x7, 0x4, 0x51e9380d, 0x0, 0x60, 0x0, 0x6, 0x5, 0xfff, 0x5, 0x6, 0x40, 0x1, 0xffffff7f, 0x7, 0x8, 0xba97, 0x0, 0x6, 0x4, 0x80000001, 0x8, 0x6, 0xf, 0x4, 0x0, 0x6, 0xaae9, 0x8001, 0xda96, 0x7, 0x59b, 0x9, 0xffffffff, 0x0, 0x1, 0x401, 0xa3, 0xa, 0x2, 0x2, 0x80f, 0xfffffffc, 0x5, 0x6, 0x6, 0x7fffffff, 0x7fff, 0xfffffff7, 0x8, 0x40, 0x7, 0x4, 0x100, 0x401, 0x7, 0x100, 0x4, 0x6, 0xc5f, 0x8, 0x3, 0x5, 0xc, 0x5, 0x95600000, 0xf, 0xff, 0x9, 0x2, 0x9, 0x83, 0x3, 0x9, 0x7, 0x80000000, 0x4, 0x2, 0x1ff, 0x10000, 0x5, 0xe, 0x8, 0x7ff, 0x1, 0x5, 0x2, 0xf, 0x9, 0x40, 0xff, 0x2, 0xfffffffc, 0x10000, 0x3ff, 0xfffffff7, 0x2, 0x8, 0x6, 0x3, 0x9ae, 0x6, 0x8, 0x1, 0x8ae, 0x4, 0x6, 0x9, 0x2, 0x3000000, 0x5, 0x8, 0x1, 0x6, 0x80000001, 0x9, 0x2, 0x8, 0x1, 0x9, 0x40, 0x0, 0x7ff, 0x3, 0x4, 0x1, 0x100, 0x1, 0x40, 0x7, 0x2, 0x6, 0x0, 0x0, 0x6, 0x2, 0xfffffe00, 0x9, 0x4, 0x40, 0x3ff, 0x6, 0x6, 0x3, 0x8001, 0x100, 0x9, 0x2, 0x4, 0x60d, 0x1, 0xfffffffe, 0x7fff, 0x7, 0x200, 0x7, 0x2, 0x2, 0xfffff801, 0xa14, 0x2, 0x1, 0x8, 0x7ff, 0x3fffc000, 0x3, 0x3, 0x2, 0x6, 0xa, 0x9, 0xd9, 0xe58e, 0xfffffffc, 0x7f, 0x1, 0x4, 0x9, 0x7, 0x1, 0x3, 0x9, 0x8e95, 0x5, 0xca2e, 0x9, 0xfad, 0x8, 0x2, 0x4, 0x7, 0x3, 0x9, 0xe, 0xfffffffd, 0x2, 0x80, 0x3, 0x81, 0xd, 0x9, 0x800, 0x3ff, 0x8001, 0x9, 0x6, 0x4001, 0xf0, 0xbc, 0x8, 0x478, 0x7fff, 0x2f, 0x9, 0x4, 0x0, 0x2e0, 0x7, 0x7, 0x25, 0x10000, 0x2, 0xc53, 0x2, 0x2, 0x7, 0x8, 0xf, 0x3, 0x7, 0xfffffeff, 0x7, 0x7ff, 0x5194, 0x8001, 0x5, 0x81, 0xc, 0x8, 0x9, 0x7, 0x5, 0x2b, 0x0, 0x0, 0xa, 0x8, 0x2, 0x5, 0x2, 0x1, 0x1, 0x58ae]}, @TCA_CBQ_FOPT={0x10, 0x3, {{0x7, 0x8}, 0x7ff, 0x1ff}}, @TCA_CBQ_WRROPT={0x10, 0x2, {0x2, 0x3, 0x81, 0x36, 0x5, 0x9}}, @TCA_CBQ_RTAB={0x404, 0x6, [0x2, 0xfffffff2, 0x80, 0x2, 0x400, 0x8, 0xc0000000, 0x1139, 0xea7, 0x9, 0x5, 0x8, 0xfffffffd, 0x1, 0xc3ad, 0x10001, 0x10, 0x9, 0x7, 0x1000, 0x5, 0x87d, 0x5, 0x401, 0x80000001, 0x4, 0x400006, 0x3, 0x9ef, 0x4, 0x3, 0x0, 0x7, 0xf10, 0x1, 0xfffffffe, 0x100, 0x0, 0x7f, 0xfd, 0x8, 0x8001, 0x200, 0x2, 0x2cc40, 0xf282, 0x81, 0x9, 0x40, 0x7, 0x4, 0xd8, 0x938, 0xffff, 0x8, 0xfffffffe, 0xc, 0xfffffffc, 0x6, 0xb, 0xc, 0x6, 0x1, 0x1000, 0x8, 0x6, 0x200, 0x8001, 0x7, 0x100, 0x3ff, 0x9, 0x8, 0x1, 0x3, 0x1, 0x3ff, 0x8, 0x5, 0x7, 0x400, 0xf, 0x401, 0x7, 0x2, 0x10000, 0xffffffff, 0xffff, 0x5, 0x6, 0xffff, 0x2, 0x1, 0x0, 0x7, 0x86, 0xffffffb4, 0xfffffff7, 0xd54, 0x400, 0xfffffd90, 0x6, 0x2, 0x3c304a48, 0x86b0, 0x7fff, 0x1, 0x2, 0x400, 0x7, 0x6, 0x40, 0x0, 0xfff, 0x6, 0x97, 0x0, 0x0, 0x80000000, 0x6, 0x6, 0x0, 0x119c, 0x6, 0x4, 0x1, 0x6, 0xff2, 0x7, 0x2, 0x1, 0x730a, 0x100, 0xffffffff, 0x7fff, 0x172, 0x81, 0x7, 0x8000, 0x7f, 0x4, 0xdf, 0x200, 0x1, 0x2, 0x8, 0x5d, 0x4, 0xfd1, 0x5, 0x2, 0x0, 0x1, 0x7, 0x40, 0x6, 0x3, 0x1, 0xe76, 0x295, 0x6, 0x4, 0x8, 0x4, 0x5, 0x7, 0xffffffff, 0x8, 0x3, 0x4, 0x4, 0x7, 0x7f, 0xa, 0x1, 0x54, 0x400, 0x8001, 0x9, 0x10ceecb0, 0x2, 0x7f, 0x800, 0xc, 0x7543, 0x5, 0x7, 0x4, 0xfffffffb, 0x40, 0x3d5d, 0x1, 0x4, 0xfffff801, 0x1, 0x3e, 0xcd, 0x1, 0x0, 0x0, 0x7, 0xfc000000, 0xef31, 0x9, 0x5, 0x2, 0x3, 0x1cd, 0x47, 0x40, 0x6, 0x2, 0x24000000, 0x4b52683a, 0x3, 0x0, 0x503f, 0x4, 0x3, 0x7fff, 0x2, 0x6, 0xd, 0x0, 0xffffffb0, 0x6, 0xb9a, 0x600d, 0xaa3a, 0x40000, 0xfff, 0x1, 0xd483, 0x9, 0xff, 0xf208, 0xfffffff9, 0x3, 0x1, 0x1, 0x8d6, 0x8, 0x5, 0xc5, 0xc07, 0x7ff, 0x8, 0x90, 0xc, 0x60, 0xc9, 0xf, 0xffffff7f, 0x7, 0x4, 0x7]}, @TCA_CBQ_RATE={0x10, 0x5, {0x81, 0x2, 0x7, 0x401, 0x5, 0xa7}}]}}]}, 0x994}}, 0x5)

342.532987ms ago: executing program 6 (id=3470):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x100000000, 0x8, 0x0, 0x3}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000001c00), 0x400000000000159, 0x40840)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r3)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x24054800)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000940)=@ipv6_newnexthop={0x1c, 0x68, 0x1, 0x0, 0x25dfdbff, {0xa, 0x0, 0x0, 0x0, 0x4}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x840)
mlock2(&(0x7f000027f000/0x2000)=nil, 0x2000, 0x1)

293.729738ms ago: executing program 3 (id=3471):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
futex_waitv(&(0x7f0000001b00)=[{0xffb, 0x0, 0xa}], 0x1, 0x0, 0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c00000050000701feffffff00000000037c0000040042800c00018006000600800a00000800028004001180"], 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d800010000000000000000000000008"], 0x80}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b37, &(0x7f0000000000)={'wlan0\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095a2b1698fb4e1c0c8d3e6fcdca0ee2243c6753e90e8eddc4eea313a7210fa5ab42a07a6e03a1d893b43"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

218.53189ms ago: executing program 5 (id=3472):
prctl$PR_SET_IO_FLUSHER(0x41, 0x3)
mprotect(&(0x7f00003b6000/0x2000)=nil, 0x2000, 0xd)
bind$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e20, 0x9d, @local, 0xfffffeff}, 0x1c)
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x14b000)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0)
close(r1)
fsopen(0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
clock_gettime(0x0, &(0x7f0000000000))

217.199538ms ago: executing program 5 (id=3473):
socket$kcm(0xa, 0x3, 0x87)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000000)={"94e9aa2e2d4bfdbb784e474a691b5107", 0x0, 0x0, {0x3, 0xe926}, {0x4, 0x1}, 0x5, [0x0, 0x10, 0x80000000000004, 0x9, 0x0, 0x4, 0x2, 0x5, 0x6, 0x801, 0x8e, 0x0, 0x0, 0x6995, 0x5, 0x4]})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd120000000300140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef)

77.587765ms ago: executing program 5 (id=3474):
r0 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100), &(0x7f0000000000))
r1 = eventfd2(0x3, 0x800)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000140)=r1, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
read$FUSE(r2, &(0x7f00000000c0)={0x2020}, 0x2020)
ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f0000000180))
r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
writev(r3, &(0x7f00000014c0)=[{&(0x7f0000000200)='V', 0x1}], 0x1)

0s ago: executing program 5 (id=3475):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00', <r1=>0x0})
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00')
socket$nl_route(0x10, 0x3, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
syz_io_uring_setup(0x6029, &(0x7f0000000640)={0x0, 0x312, 0x40, 0x2, 0x2aa}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000040)={0x5, 0x1, 0x8105, 0xe, 0xff, 0x3, 0x57, 0x9}, 0x20)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[], 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r5, r6, 0x4, 0x0, @void}, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$xdp(r2, &(0x7f0000000280)={0x2c, 0xc, r1, 0x2b}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x3, &(0x7f0000002480))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
ioprio_get$uid(0x0, 0xee00)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x80002, 0x0)
syz_usbip_server_init(0x3)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c000000000801030000000000000000000000090600024000160000050003002f0000000900010073797a30000000000c000480080001407fffb2ff"], 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x4080)
syz_io_uring_submit(r3, r4, &(0x7f0000000340)=@IORING_OP_CONNECT={0x10, 0x18, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000003c0)=@l2tp={0x2, 0x0, @broadcast, 0x4}, 0x0, 0x0, 0x1})
r9 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r9, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)

kernel console output (not intermixed with test programs):

0: port 2(bridge_slave_1) entered blocking state
[  418.847373][T14509] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.852648][T14509] bridge_slave_1: entered allmulticast mode
[  418.857796][T14509] bridge_slave_1: entered promiscuous mode
[  418.889936][T14509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  418.902285][T14509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  418.936402][T14509] team0: Port device team_slave_0 added
[  418.943947][T14509] team0: Port device team_slave_1 added
[  418.962291][T14509] batman_adv: batadv0: Adding interface: batadv_slave_0
[  418.964564][T14509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  418.972925][T14509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  418.976666][T14527] lo speed is unknown, defaulting to 1000
[  418.978902][   T83] bridge_slave_1: left allmulticast mode
[  418.980740][   T83] bridge_slave_1: left promiscuous mode
[  418.982702][   T83] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.988096][   T83] bridge_slave_0: left allmulticast mode
[  418.989935][   T83] bridge_slave_0: left promiscuous mode
[  418.992014][   T83] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.312055][   T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  419.316837][   T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  419.320833][   T83] bond0 (unregistering): Released all slaves
[  419.324795][T14527] lo speed is unknown, defaulting to 1000
[  419.325180][T14509] batman_adv: batadv0: Adding interface: batadv_slave_1
[  419.329087][T14509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  419.338189][T14509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  419.396922][T14509] hsr_slave_0: entered promiscuous mode
[  419.408318][T14509] hsr_slave_1: entered promiscuous mode
[  419.691461][T14509] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  419.697968][T14509] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  419.704166][T14509] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  419.711691][T14509] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  419.780623][T14509] 8021q: adding VLAN 0 to HW filter on device bond0
[  419.805190][T14509] 8021q: adding VLAN 0 to HW filter on device team0
[  419.815647][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.818614][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  419.837142][ T6428] bridge0: port 2(bridge_slave_1) entered blocking state
[  419.840107][ T6428] bridge0: port 2(bridge_slave_1) entered forwarding state
[  419.921312][   T83] hsr_slave_0: left promiscuous mode
[  419.924297][   T83] hsr_slave_1: left promiscuous mode
[  419.927218][   T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  419.937782][   T83] batman_adv: batadv0: Removing interface: batadv_slave_0
[  419.942041][   T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  419.944357][   T83] batman_adv: batadv0: Removing interface: batadv_slave_1
[  419.979357][   T83] veth1_macvtap: left promiscuous mode
[  419.981159][   T83] veth0_macvtap: left promiscuous mode
[  419.983057][   T83] veth1_vlan: left promiscuous mode
[  419.984781][   T83] veth0_vlan: left promiscuous mode
[  420.148085][ T5300] Bluetooth: hci1: command tx timeout
[  420.644121][T14565] block nbd3: not configured, cannot reconfigure
[  420.723692][   T83] team0 (unregistering): Port device team_slave_1 removed
[  420.757307][   T83] team0 (unregistering): Port device team_slave_0 removed
[  421.120615][ T8129] lo speed is unknown, defaulting to 1000
[  421.122853][ T8129] syz0: Port: 1 Link DOWN
[  421.175664][T14509] 8021q: adding VLAN 0 to HW filter on device batadv0
[  421.343996][T14509] veth0_vlan: entered promiscuous mode
[  421.359195][T14509] veth1_vlan: entered promiscuous mode
[  421.437814][T14509] veth0_macvtap: entered promiscuous mode
[  421.453284][T14509] veth1_macvtap: entered promiscuous mode
[  421.472654][T14509] batman_adv: batadv0: Interface activated: batadv_slave_0
[  421.483527][T14509] batman_adv: batadv0: Interface activated: batadv_slave_1
[  421.569661][ T7599] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  421.581361][ T7599] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  421.586489][ T7599] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  421.592430][ T7599] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  421.719159][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  421.722592][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  421.744787][ T6428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  421.747280][ T6428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  421.854312][T14602] netlink: 80 bytes leftover after parsing attributes in process `syz.6.2500'.
[  422.093335][T14603] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2500'.
[  422.202262][T14610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2520'.
[  422.229791][ T5300] Bluetooth: hci1: command tx timeout
[  422.430241][T14613] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2522'.
[  422.786195][T14629] 9pnet_virtio: no channels available for device syz
[  422.979084][T14632] FAULT_INJECTION: forcing a failure.
[  422.979084][T14632] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  423.010643][T14632] CPU: 3 UID: 0 PID: 14632 Comm: syz.1.2529 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  423.010673][T14632] Tainted: [L]=SOFTLOCKUP
[  423.010679][T14632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  423.010689][T14632] Call Trace:
[  423.010696][T14632]  <TASK>
[  423.010703][T14632]  dump_stack_lvl+0x16c/0x1f0
[  423.010727][T14632]  should_fail_ex+0x512/0x640
[  423.010751][T14632]  should_fail_alloc_page+0xe7/0x130
[  423.010773][T14632]  prepare_alloc_pages+0x3c2/0x610
[  423.010796][T14632]  __alloc_frozen_pages_noprof+0x18b/0x2440
[  423.010832][T14632]  ? __lock_acquire+0x433/0x22f0
[  423.010852][T14632]  ? find_held_lock+0x2b/0x80
[  423.010878][T14632]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  423.010913][T14632]  ? __lock_acquire+0x433/0x22f0
[  423.010933][T14632]  ? local_lock_release+0x99/0x130
[  423.010956][T14632]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  423.010975][T14632]  ? policy_nodemask+0xea/0x4e0
[  423.010997][T14632]  alloc_pages_mpol+0x1fb/0x550
[  423.011016][T14632]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  423.011037][T14632]  ? __memcg_slab_post_alloc_hook+0x472/0x880
[  423.011063][T14632]  alloc_pages_noprof+0x12d/0x180
[  423.011082][T14632]  pgd_alloc+0x4b/0x600
[  423.011112][T14632]  mm_init+0x734/0x1140
[  423.011140][T14632]  copy_process+0x6458/0x74e0
[  423.011168][T14632]  ? __pfx_copy_process+0x10/0x10
[  423.011182][T14632]  ? native_apic_msr_write+0x28/0x40
[  423.011214][T14632]  ? __pfx___irq_work_queue_local+0x10/0x10
[  423.011240][T14632]  kernel_clone+0xfc/0x910
[  423.011257][T14632]  ? irq_work_queue+0xce/0x100
[  423.011274][T14632]  ? __pfx_kernel_clone+0x10/0x10
[  423.011319][T14632]  __do_compat_sys_ia32_clone+0xcb/0x110
[  423.011347][T14632]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  423.011387][T14632]  ? syscall_trace_enter+0x1cb/0x220
[  423.011415][T14632]  ? rcu_is_watching+0x12/0xc0
[  423.011434][T14632]  __do_fast_syscall_32+0xe8/0x680
[  423.011456][T14632]  do_fast_syscall_32+0x32/0x80
[  423.011475][T14632]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  423.011495][T14632] RIP: 0023:0xf705d579
[  423.011508][T14632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  423.011524][T14632] RSP: 002b:00000000f544d50c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  423.011541][T14632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  423.011556][T14632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  423.011566][T14632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  423.011576][T14632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  423.011586][T14632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  423.011610][T14632]  </TASK>
[  423.229180][T14627] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(13)
[  423.231384][T14627] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  423.234356][T14627] vhci_hcd vhci_hcd.0: Device attached
[  423.250745][T14638] vhci_hcd: connection closed
[  423.250959][   T83] vhci_hcd: stop threads
[  423.257852][   T83] vhci_hcd: release socket
[  423.259635][   T83] vhci_hcd: disconnect device
[  423.824778][T14653] rdma_rxe: rxe_newlink: failed to add veth1_virt_wifi
[  423.855377][T14655] netlink: 80 bytes leftover after parsing attributes in process `syz.6.2535'.
[  424.018797][T14668] tipc: Started in network mode
[  424.020380][T14668] tipc: Node identity 36e179cd5f26, cluster identity 4711
[  424.022970][T14668] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  424.095817][T14667] tipc: Resetting bearer <eth:syzkaller0>
[  424.156213][T14666] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2535'.
[  424.311728][ T5300] Bluetooth: hci1: command tx timeout
[  424.467180][T14674] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2540'.
[  424.529709][T14676] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2540'.
[  424.621084][T14679] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  424.623623][T14679] overlayfs: failed to set xattr on upper
[  424.625516][T14679] overlayfs: ...falling back to redirect_dir=nofollow.
[  424.627779][T14679] overlayfs: ...falling back to index=off.
[  424.629662][T14679] overlayfs: ...falling back to uuid=null.
[  424.829523][   T40] kauditd_printk_skb: 519 callbacks suppressed
[  424.829533][   T40] audit: type=1326 audit(1765012380.797:2241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14683 comm="syz.3.2543" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f17579 code=0x0
[  425.858818][ T5953] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  425.871370][ T5953] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  425.878719][ T5953] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  425.895314][ T5953] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  425.900586][ T5953] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  425.905271][T14693] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  426.066977][T14667] tipc: Disabling bearer <eth:syzkaller0>
[  426.074552][ T6887] tipc: Node number set to 1774680525
[  426.088433][ T6375] tipc: Resetting bearer <eth:syzkaller0>
[  426.108752][ T6375] tipc: Disabling bearer <eth:syzkaller0>
[  426.125149][ T9209] bond0: (slave syz_tun): Releasing backup interface
[  426.252747][T14701] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2549'.
[  426.284358][ T5953] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  426.291463][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  426.296249][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  426.299063][   T46] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  426.299997][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  426.302634][   T46] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  426.305984][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  426.355284][T14702] wg2 speed is unknown, defaulting to 1000
[  426.393768][ T5953] Bluetooth: hci1: command tx timeout
[  426.395676][   T34] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  426.396178][T14708] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2551'.
[  426.430882][   T46] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  426.436022][   T46] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  426.454548][T14702] lo speed is unknown, defaulting to 1000
[  426.497458][   T46] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  426.500711][   T46] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  426.554526][T14702] chnl_net:caif_netlink_parms(): no params data found
[  426.564578][   T34] usb 10-1: Using ep0 maxpacket: 8
[  426.574063][   T34] usb 10-1: config 0 interface 0 has no altsetting 0
[  426.574312][   T46] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  426.576879][   T34] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  426.580024][   T46] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  426.589856][   T34] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.604855][   T34] usb 10-1: config 0 descriptor??
[  426.687205][T14702] bridge0: port 1(bridge_slave_0) entered blocking state
[  426.689666][T14702] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.692438][T14702] bridge_slave_0: entered allmulticast mode
[  426.695752][T14702] bridge_slave_0: entered promiscuous mode
[  426.700227][T14702] bridge0: port 2(bridge_slave_1) entered blocking state
[  426.702722][T14702] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.705408][T14702] bridge_slave_1: entered allmulticast mode
[  426.708386][T14702] bridge_slave_1: entered promiscuous mode
[  426.789909][T14702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  426.797705][T14702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  427.165005][   T34] mcp2221 0003:04D8:00DD.0009: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  427.261825][   T34] usb 10-1: USB disconnect, device number 9
[  427.407988][   T46] bridge3 (unregistering): left allmulticast mode
[  427.749032][   T46] bond0 (unregistering): Released all slaves
[  427.797228][   T46] bond1 (unregistering): Released all slaves
[  427.813158][T14702] team0: Port device team_slave_0 added
[  427.825418][T14725] veth0: entered promiscuous mode
[  427.827119][T14725] veth0: left promiscuous mode
[  427.968846][T14702] team0: Port device team_slave_1 added
[  427.970760][ T8129] wg2 speed is unknown, defaulting to 1000
[  427.970795][   T46] tipc: Disabling bearer <eth:team0>
[  427.973341][ T8129] syz2: Port: 1 Link DOWN
[  428.003851][   T46] tipc: Left network mode
[  428.161534][T14733] tipc: Trying to set illegal importance in message
[  428.275689][ T8129] wg2 speed is unknown, defaulting to 1000
[  428.276079][T14702] batman_adv: batadv0: Adding interface: batadv_slave_0
[  428.280462][T14702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  428.288860][T14702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  428.294327][T14702] batman_adv: batadv0: Adding interface: batadv_slave_1
[  428.296694][T14702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  428.306429][T14702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  428.398871][T14735] syz.6.2556: attempt to access beyond end of device
[  428.398871][T14735] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128
[  428.404228][T14735] gfs2: error -5 reading superblock
[  428.406617][ T5953] Bluetooth: hci0: command tx timeout
[  428.481383][T14702] hsr_slave_0: entered promiscuous mode
[  428.484737][T14702] hsr_slave_1: entered promiscuous mode
[  428.488329][T14702] debugfs: 'hsr0' already exists in 'hsr'
[  428.490669][T14702] Cannot create hsr debugfs directory
[  428.585752][T14742] __nla_validate_parse: 1 callbacks suppressed
[  428.585764][T14742] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2558'.
[  428.688670][   T46] hsr_slave_0: left promiscuous mode
[  428.707983][   T46] veth0_macvtap: left allmulticast mode
[  428.709825][   T46] veth0_macvtap: left promiscuous mode
[  428.711661][   T46] veth1_vlan: left promiscuous mode
[  428.844499][   T46] team0 (unregistering): Port device vlan0 removed
[  429.146725][   T60] smc: removing ib device syz2
[  429.335975][ T6539] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  429.485737][  T828] lo speed is unknown, defaulting to 1000
[  429.485969][ T6539] usb 10-1: Using ep0 maxpacket: 32
[  429.492445][  T828] syz: Port: 1 Link DOWN
[  429.493250][ T6539] usb 10-1: config 0 has an invalid interface number: 67 but max is 0
[  429.516193][ T6539] usb 10-1: config 0 has no interface number 0
[  429.529668][ T6539] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  429.533493][ T6539] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.546023][ T6539] usb 10-1: Product: syz
[  429.547434][ T6539] usb 10-1: Manufacturer: syz
[  429.549129][ T6539] usb 10-1: SerialNumber: syz
[  429.567321][ T6539] usb 10-1: config 0 descriptor??
[  429.603094][ T6539] smsc95xx v2.0.0
[  430.188320][ T6539] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  430.191750][ T6539] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  430.206625][ T6539] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  430.210179][ T6539] smsc95xx 10-1:0.67: probe with driver smsc95xx failed with error -71
[  430.214161][ T6539] usb 10-1: USB disconnect, device number 10
[  430.374765][   T46] IPVS: stop unused estimator thread 0...
[  430.380711][T14764] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2565'.
[  430.383768][T14764] openvswitch: netlink: Flow actions attr not present in new flow.
[  430.476874][ T5953] Bluetooth: hci0: command tx timeout
[  430.486343][T14702] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  430.495136][T14702] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  430.499596][T14702] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  430.504142][T14702] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  430.587875][T14702] 8021q: adding VLAN 0 to HW filter on device bond0
[  430.601809][T14702] 8021q: adding VLAN 0 to HW filter on device team0
[  430.612374][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  430.615342][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  430.624909][ T1242] bridge0: port 2(bridge_slave_1) entered blocking state
[  430.627200][ T1242] bridge0: port 2(bridge_slave_1) entered forwarding state
[  430.773453][T14702] 8021q: adding VLAN 0 to HW filter on device batadv0
[  430.798806][T14702] veth0_vlan: entered promiscuous mode
[  430.804773][T14702] veth1_vlan: entered promiscuous mode
[  430.831455][T14702] veth0_macvtap: entered promiscuous mode
[  430.838872][T14702] veth1_macvtap: entered promiscuous mode
[  430.855886][T14702] batman_adv: batadv0: Interface activated: batadv_slave_0
[  430.998051][T14702] batman_adv: batadv0: Interface activated: batadv_slave_1
[  431.011805][T14783] 9pnet_virtio: no channels available for device syz
[  431.029573][ T3868] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  431.032402][ T3868] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  431.035599][ T3868] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  431.039817][ T3868] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  431.081223][ T3868] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.085851][ T3868] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.128601][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  431.131551][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  431.216032][T14790] netlink: 'syz.3.2546': attribute type 3 has an invalid length.
[  431.225733][T14790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2546'.
[  431.383169][T14787] Bluetooth: MGMT ver 1.23
[  431.426565][   T40] audit: type=1800 audit(1765012387.381:2242): pid=14805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2575" name="file1" dev="tmpfs" ino=115 res=0 errno=0
[  431.542289][T14813] syz_tun: entered allmulticast mode
[  431.552393][T14815] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2578'.
[  431.793241][T14832] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2584'.
[  431.815066][T14818] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2578'.
[  432.061649][T14835] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[  432.063617][T14835] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  432.066535][T14835] vhci_hcd vhci_hcd.0: Device attached
[  432.199968][T14836] vhci_hcd: connection closed
[  432.200380][ T1141] vhci_hcd: stop threads
[  432.205404][ T1141] vhci_hcd: release socket
[  432.207288][ T1141] vhci_hcd: disconnect device
[  432.558822][ T5953] Bluetooth: hci0: command tx timeout
[  433.153963][T14856] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2588'.
[  433.294782][T14861] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2593'.
[  433.727479][T14866] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2593'.
[  433.822710][T14850] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  433.827104][T14850] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  433.833362][T14850] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  433.835710][T14850] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  433.852809][T14850] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  433.854926][T14850] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  433.859279][T14850] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  433.861378][T14850] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  433.926039][T14869] binder: 14868:14869 ioctl 400c620e 80000340 returned -22
[  434.109995][T14871] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2596'.
[  434.424703][T14882] 9pnet_virtio: no channels available for device syz
[  434.429723][T14874] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2596'.
[  435.058581][T14909] 9pnet_virtio: no channels available for device syz
[  435.190877][ T6539] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  435.342359][ T6539] usb 10-1: Using ep0 maxpacket: 16
[  435.345423][ T6539] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  435.350646][ T6539] usb 10-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  435.355056][ T6539] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.357607][ T6539] usb 10-1: Product: syz
[  435.359136][ T6539] usb 10-1: Manufacturer: syz
[  435.360762][ T6539] usb 10-1: SerialNumber: syz
[  435.364128][ T6539] usb 10-1: config 0 descriptor??
[  435.367167][ T6539] hub 10-1:0.0: bad descriptor, ignoring hub
[  435.369214][ T6539] hub 10-1:0.0: probe with driver hub failed with error -5
[  435.375667][ T6539] input: syz syz as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input21
[  436.066818][T14927] xt_TCPMSS: Only works on TCP SYN packets
[  436.080041][T14929] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2615'.
[  436.333192][T14933] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2615'.
[  436.381785][ T8129] usb 11-1: new full-speed USB device number 2 using dummy_hcd
[  436.448955][T14945] netlink: 'syz.1.2620': attribute type 4 has an invalid length.
[  436.458756][T14945] netlink: 'syz.1.2620': attribute type 4 has an invalid length.
[  436.534847][ T8129] usb 11-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0xED, changing to 0x8D
[  436.538738][ T8129] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x8D has invalid maxpacket 52921, setting to 64
[  436.542738][ T8129] usb 11-1: config 0 interface 0 has no altsetting 0
[  436.546685][ T8129] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  436.549698][ T8129] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  436.552562][ T8129] usb 11-1: Product: syz
[  436.554165][ T8129] usb 11-1: Manufacturer: syz
[  436.555829][ T8129] usb 11-1: SerialNumber: syz
[  436.559070][ T8129] usb 11-1: config 0 descriptor??
[  436.563292][ T8129] usb 11-1: selecting invalid altsetting 0
[  436.777082][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.780372][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.783380][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.786020][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.789370][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.792422][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.795040][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.797690][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.800351][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.803234][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.805825][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.808429][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.811092][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.814075][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.816979][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.819576][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.822247][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.824826][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.827623][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.830194][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  436.833443][T14931] usb 11-1: cannot submit urb 0, error -2: endpoint not enabled
[  437.134580][ T8129] usb 11-1: USB disconnect, device number 2
[  437.709410][T14962] 9pnet_virtio: no channels available for device syz
[  437.733207][   T54] usb 10-1: USB disconnect, device number 11
[  437.984109][T14977] 9pnet_virtio: no channels available for device syz
[  438.253364][ T6060] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  438.403521][ T6060] usb 6-1: Using ep0 maxpacket: 32
[  438.618741][T15002] 9pnet_virtio: no channels available for device syz
[  439.396679][ T6060] usb 6-1: unable to get BOS descriptor or descriptor too short
[  439.399857][ T6060] usb 6-1: unable to read config index 0 descriptor/start: -71
[  439.402374][ T6060] usb 6-1: can't read configurations, error -71
[  439.617084][T15032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2639'.
[  439.623588][T15032] gtp0: entered promiscuous mode
[  439.627050][T15032] gtp0: entered allmulticast mode
[  440.017981][T15056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2649'.
[  440.029111][T15056] gtp1: entered promiscuous mode
[  440.031273][T15056] gtp1: entered allmulticast mode
[  440.286999][T15072] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2655'.
[  440.386626][T15077] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2658'.
[  440.461346][T15081] 9pnet_virtio: no channels available for device syz
[  440.495388][ T6060] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  440.525521][T15075] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2655'.
[  440.645455][ T6060] usb 6-1: Using ep0 maxpacket: 8
[  440.648666][ T6060] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  440.651362][ T6060] usb 6-1: config 0 has no interface number 0
[  440.653706][ T6060] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  440.657539][ T6060] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  440.662571][ T6060] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  440.666714][ T6060] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  440.670984][ T6060] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  440.674198][ T6060] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.677970][ T6060] usb 6-1: config 0 descriptor??
[  440.682486][ T6060] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  440.704000][T15086] bridge0: port 3(vlan2) entered blocking state
[  440.707210][T15086] bridge0: port 3(vlan2) entered disabled state
[  440.710482][T15086] vlan2: entered allmulticast mode
[  440.712862][T15086] bridge0: entered allmulticast mode
[  440.717771][T15086] vlan2: left allmulticast mode
[  440.720052][T15086] bridge0: left allmulticast mode
[  440.754289][T15079] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2658'.
[  440.885816][   T34] usb 6-1: USB disconnect, device number 29
[  440.898791][   T34] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  440.912866][T15057] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2647'.
[  441.000168][T15089] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2660'.
[  441.007800][T15089] gtp0: entered promiscuous mode
[  441.010160][T15089] gtp0: entered allmulticast mode
[  441.237790][T15097] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2664'.
[  441.316181][ T6887] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  441.456023][ T6887] usb 11-1: device descriptor read/64, error -71
[  441.557870][T15111] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2670'.
[  441.563215][T15111] gtp0: entered promiscuous mode
[  441.564913][T15111] gtp0: entered allmulticast mode
[  441.637278][T15118] xt_CT: You must specify a L4 protocol and not use inversions on it
[  441.716918][ T6887] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  441.856371][ T6887] usb 11-1: device descriptor read/64, error -71
[  441.966677][ T6887] usb usb11-port1: attempt power cycle
[  442.121996][T15141] gtp1: entered promiscuous mode
[  442.124126][T15141] gtp1: entered allmulticast mode
[  442.326818][ T6887] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  442.347511][ T6887] usb 11-1: device descriptor read/8, error -71
[  442.588134][ T6887] usb 11-1: new high-speed USB device number 6 using dummy_hcd
[  442.607586][ T6887] usb 11-1: device descriptor read/8, error -71
[  442.717505][ T6887] usb usb11-port1: unable to enumerate USB device
[  443.701838][T15194] can0: slcan on ptm0.
[  444.071768][   T40] audit: type=1804 audit(1765012400.021:2243): pid=15205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2702" name="/newroot/41/bus/bus" dev="overlay" ino=250 res=1 errno=0
[  444.108269][   T40] audit: type=1804 audit(1765012400.031:2244): pid=15205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2702" name="/newroot/41/bus/bus" dev="overlay" ino=250 res=1 errno=0
[  444.114893][   T40] audit: type=1800 audit(1765012400.031:2245): pid=15205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2702" name="bus" dev="overlay" ino=250 res=0 errno=0
[  444.707640][T15238] __nla_validate_parse: 7 callbacks suppressed
[  444.707653][T15238] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2712'.
[  445.161507][T15265] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2724'.
[  445.782349][T15285] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  445.804490][T15285] ovl_lookup_single: 231 callbacks suppressed
[  445.804505][T15285] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  445.810385][T15285] overlayfs: failed to look up (tracing) for ino (-66)
[  446.711694][T15296] netlink: 52 bytes leftover after parsing attributes in process `syz.6.2733'.
[  448.114652][T15328] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2746'.
[  448.159190][T15319] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  448.358922][T15331] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2746'.
[  448.551957][ T6539] usb 11-1: new high-speed USB device number 7 using dummy_hcd
[  448.702011][ T6539] usb 11-1: Using ep0 maxpacket: 32
[  448.706337][ T6539] usb 11-1: config 0 has an invalid interface number: 1 but max is 0
[  448.709057][ T6539] usb 11-1: config 0 has no interface number 0
[  448.712678][ T6539] usb 11-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  448.715971][ T6539] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.718633][ T6539] usb 11-1: Product: syz
[  448.720066][ T6539] usb 11-1: Manufacturer: syz
[  448.721638][ T6539] usb 11-1: SerialNumber: syz
[  448.724465][ T6539] usb 11-1: config 0 descriptor??
[  448.727785][ T6539] usb 11-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  448.730599][ T6539] usb 11-1: selecting invalid altsetting 1
[  448.733010][ T6539] usb 11-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  448.736660][ T6539] usb 11-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  448.740282][ T6539] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  448.743014][ T6539] usb 11-1: media controller created
[  448.751377][ T6539] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  448.981155][ T6539] usb 11-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  448.985629][ T6539] zl10353_read_register: readreg error (reg=127, ret==-32)
[  449.094543][T15344] 9pnet_virtio: no channels available for device syz
[  449.435037][T15356] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  449.437686][T15356] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  449.440734][T15356] vhci_hcd vhci_hcd.0: Device attached
[  449.446365][T15356] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2755'.
[  449.702827][   T54] usb 44-1: SetAddress Request (24) to port 0
[  449.704954][   T54] usb 44-1: new SuperSpeed USB device number 24 using vhci_hcd
[  450.013459][T15337] usb 11-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  450.018297][ T6539] usb 11-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  450.034687][ T6539] usb 11-1: USB disconnect, device number 7
[  450.093372][T15359] vhci_hcd: connection reset by peer
[  450.095950][   T60] vhci_hcd: stop threads
[  450.097980][   T60] vhci_hcd: release socket
[  450.100052][   T60] vhci_hcd: disconnect device
[  450.524090][T15373] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  450.526244][T15373] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  450.535847][T15373] vhci_hcd vhci_hcd.0: Device attached
[  450.558454][   T40] audit: type=1326 audit(1765012406.505:2246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.565641][   T40] audit: type=1326 audit(1765012406.505:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.578635][   T40] audit: type=1326 audit(1765012406.505:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.587160][   T40] audit: type=1326 audit(1765012406.505:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.603525][   T40] audit: type=1326 audit(1765012406.505:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.610610][   T40] audit: type=1326 audit(1765012406.505:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.631724][   T40] audit: type=1326 audit(1765012406.505:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.638587][   T40] audit: type=1326 audit(1765012406.505:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.645842][   T40] audit: type=1326 audit(1765012406.505:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.653696][   T40] audit: type=1326 audit(1765012406.505:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.5.2761" exe="/syz-executor" sig=0 arch=40000003 syscall=304 compat=1 ip=0xf704d579 code=0x7ffc0000
[  450.740613][T15374] vhci_hcd: connection closed
[  450.740836][ T3868] vhci_hcd: stop threads
[  450.744183][ T3868] vhci_hcd: release socket
[  450.749179][ T3868] vhci_hcd: disconnect device
[  451.641372][T15426] netlink: 'syz.5.2773': attribute type 2 has an invalid length.
[  451.659981][T15426] : entered promiscuous mode
[  452.297828][T15450] fuse: Bad value for 'user_id'
[  452.299471][T15450] fuse: Bad value for 'user_id'
[  452.596123][T15458] input: syz1 as /devices/virtual/input/input22
[  452.747459][T15460] binder: BC_ATTEMPT_ACQUIRE not supported
[  452.749693][T15460] binder: 15459:15460 ioctl c0306201 800001c0 returned -22
[  452.752739][T15460] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2785'.
[  452.775423][ T6060] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  452.926900][ T6060] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  452.930154][ T6060] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  452.933348][ T6060] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  452.939135][ T6060] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  452.942013][ T6060] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  452.944828][ T6060] usb 6-1: Product: syz
[  452.948441][ T6060] usb 6-1: Manufacturer: syz
[  452.950084][ T6060] usb 6-1: SerialNumber: syz
[  453.170779][ T6060] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  453.378638][ T6060] usb 6-1: USB disconnect, device number 30
[  453.383291][ T6060] usblp0: removed
[  453.568652][T15478] lo speed is unknown, defaulting to 1000
[  453.571052][T15478] lo speed is unknown, defaulting to 1000
[  453.574043][T15478] lo speed is unknown, defaulting to 1000
[  453.584768][T15478] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  453.602926][T15478] lo speed is unknown, defaulting to 1000
[  453.606483][T15478] lo speed is unknown, defaulting to 1000
[  453.609996][T15478] lo speed is unknown, defaulting to 1000
[  453.613510][T15478] lo speed is unknown, defaulting to 1000
[  453.930500][T15489] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2796'.
[  454.178409][T15500] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  454.180520][T15500] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  454.186209][T15500] vhci_hcd vhci_hcd.0: Device attached
[  454.248255][T15499] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2796'.
[  454.363315][T15501] vhci_hcd: connection closed
[  454.363545][ T6037] vhci_hcd: stop threads
[  454.366465][ T6037] vhci_hcd: release socket
[  454.368953][ T6037] vhci_hcd: disconnect device
[  454.737217][   T54] usb 44-1: device descriptor read/8, error -110
[  454.750900][T15511] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  454.753050][T15511] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  454.755689][T15511] vhci_hcd vhci_hcd.0: Device attached
[  454.767958][T15513] vhci_hcd: connection closed
[  454.768180][T15510] delete_channel: no stack
[  454.768215][ T6037] vhci_hcd: stop threads
[  454.768232][ T6037] vhci_hcd: release socket
[  454.768244][ T6037] vhci_hcd: disconnect device
[  455.146838][   T54] usb usb44-port1: attempt power cycle
[  455.490552][T15526] hub 8-0:1.0: USB hub found
[  455.492254][T15526] hub 8-0:1.0: 1 port detected
[  455.582572][T15543] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2811'.
[  455.695701][T15550] program syz.6.2814 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  455.718233][   T54] usb usb44-port1: unable to enumerate USB device
[  455.834551][T15546] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2811'.
[  456.037716][T15563] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2818'.
[  456.540737][T15579] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  456.851707][T15586] kAFS: unable to lookup cell ''
[  457.550572][T15618] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  457.555700][T15618] FAULT_INJECTION: forcing a failure.
[  457.555700][T15618] name failslab, interval 1, probability 0, space 0, times 0
[  457.560616][T15618] CPU: 0 UID: 0 PID: 15618 Comm: syz.5.2834 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  457.560635][T15618] Tainted: [L]=SOFTLOCKUP
[  457.560639][T15618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  457.560645][T15618] Call Trace:
[  457.560649][T15618]  <TASK>
[  457.560654][T15618]  dump_stack_lvl+0x16c/0x1f0
[  457.560670][T15618]  should_fail_ex+0x512/0x640
[  457.560683][T15618]  ? fs_reclaim_acquire+0xae/0x150
[  457.560697][T15618]  should_failslab+0xc2/0x120
[  457.560710][T15618]  __kmalloc_noprof+0xdd/0x8f0
[  457.560725][T15618]  ? p9_fcall_init+0x97/0x260
[  457.560738][T15618]  ? p9_fcall_init+0x97/0x260
[  457.560748][T15618]  p9_fcall_init+0x97/0x260
[  457.560760][T15618]  p9_tag_alloc+0x202/0x850
[  457.560773][T15618]  ? __pfx_p9_tag_alloc+0x10/0x10
[  457.560785][T15618]  ? stack_depot_save_flags+0x29/0x9b0
[  457.560796][T15618]  ? __ia32_compat_sys_openat+0x16d/0x210
[  457.560812][T15618]  ? __do_fast_syscall_32+0xe8/0x680
[  457.560824][T15618]  ? do_fast_syscall_32+0x32/0x80
[  457.560835][T15618]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  457.560851][T15618]  p9_client_prepare_req+0x19b/0x4a0
[  457.560864][T15618]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  457.560875][T15618]  ? lookup_one_unlocked+0xa0/0xd0
[  457.560887][T15618]  ? ovl_lookup+0x459/0x610
[  457.560901][T15618]  ? lookup_open.isra.0+0x4e2/0x1780
[  457.560916][T15618]  ? path_openat+0xa95/0x3140
[  457.560927][T15618]  ? do_filp_open+0x20b/0x470
[  457.560938][T15618]  ? do_sys_openat2+0x11f/0x280
[  457.560952][T15618]  ? __ia32_compat_sys_openat+0x16d/0x210
[  457.560967][T15618]  ? __do_fast_syscall_32+0xe8/0x680
[  457.560978][T15618]  ? do_fast_syscall_32+0x32/0x80
[  457.560992][T15618]  p9_client_rpc+0x1c4/0xc40
[  457.561005][T15618]  ? __pfx_p9_client_rpc+0x10/0x10
[  457.561028][T15618]  p9_client_getattr_dotl+0xba/0x1e0
[  457.561041][T15618]  v9fs_inode_from_fid_dotl+0x2d/0x300
[  457.561057][T15618]  v9fs_vfs_lookup+0x374/0x5b0
[  457.561068][T15618]  ? __pfx_v9fs_vfs_lookup+0x10/0x10
[  457.561079][T15618]  ? lockdep_init_map_type+0x5c/0x270
[  457.561094][T15618]  ? lockdep_init_map_type+0x5c/0x270
[  457.561109][T15618]  __lookup_slow+0x251/0x460
[  457.561125][T15618]  ? __pfx___lookup_slow+0x10/0x10
[  457.561142][T15618]  ? irq_entries_start+0xd0/0xcb0
[  457.561156][T15618]  ? irq_entries_start+0xd0/0xcb0
[  457.561170][T15618]  lookup_slow+0x50/0x70
[  457.561185][T15618]  lookup_one_unlocked+0xa0/0xd0
[  457.561198][T15618]  ovl_lookup_single+0x435/0x1330
[  457.561215][T15618]  ? __pfx_ovl_lookup_single+0x10/0x10
[  457.561231][T15618]  ovl_lookup_layer+0x3d4/0x480
[  457.561247][T15618]  ? __pfx_ovl_lookup_layer+0x10/0x10
[  457.561260][T15618]  ? ovl_lookup_layers+0x16d9/0x2920
[  457.561276][T15618]  ovl_lookup_layers+0xf41/0x2920
[  457.561296][T15618]  ? __pfx_ovl_lookup_layers+0x10/0x10
[  457.561311][T15618]  ? apparmor_capable+0x1d7/0x4e0
[  457.561322][T15618]  ? privileged_wrt_inode_uidgid+0xc1/0x1d0
[  457.561339][T15618]  ? bpf_lsm_capable+0x9/0x10
[  457.561351][T15618]  ? capable_wrt_inode_uidgid+0xeb/0x190
[  457.561370][T15618]  ovl_lookup+0x459/0x610
[  457.561383][T15618]  ? __pfx_ovl_lookup+0x10/0x10
[  457.561396][T15618]  ? inode_permission+0x37b/0x640
[  457.561414][T15618]  ? __pfx_ovl_permission+0x10/0x10
[  457.561429][T15618]  ? bpf_lsm_inode_permission+0x9/0x10
[  457.561442][T15618]  ? security_inode_permission+0xbf/0x260
[  457.561455][T15618]  ? inode_permission+0x37b/0x640
[  457.561470][T15618]  ? __pfx_ovl_lookup+0x10/0x10
[  457.561483][T15618]  lookup_open.isra.0+0x4e2/0x1780
[  457.561503][T15618]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  457.561528][T15618]  ? find_held_lock+0x2b/0x80
[  457.561548][T15618]  ? __pfx_down_write+0x10/0x10
[  457.561565][T15618]  path_openat+0xa95/0x3140
[  457.561581][T15618]  ? __pfx_path_openat+0x10/0x10
[  457.561598][T15618]  do_filp_open+0x20b/0x470
[  457.561609][T15618]  ? __lock_acquire+0x433/0x22f0
[  457.561622][T15618]  ? __pfx_do_filp_open+0x10/0x10
[  457.561643][T15618]  ? _raw_spin_unlock+0x28/0x50
[  457.561659][T15618]  ? alloc_fd+0x471/0x7d0
[  457.561675][T15618]  do_sys_openat2+0x11f/0x280
[  457.561690][T15618]  ? __pfx_do_sys_openat2+0x10/0x10
[  457.561707][T15618]  ? bpf_trace_run2+0x2ab/0x5c0
[  457.561721][T15618]  __ia32_compat_sys_openat+0x16d/0x210
[  457.561737][T15618]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  457.561755][T15618]  ? syscall_trace_enter+0x1cb/0x220
[  457.561772][T15618]  ? rcu_is_watching+0x12/0xc0
[  457.561784][T15618]  __do_fast_syscall_32+0xe8/0x680
[  457.561797][T15618]  do_fast_syscall_32+0x32/0x80
[  457.561810][T15618]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  457.561822][T15618] RIP: 0023:0xf704d579
[  457.561834][T15618] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  457.561849][T15618] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  457.561863][T15618] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000240
[  457.561872][T15618] RDX: 0000000000040042 RSI: 0000000000000001 RDI: 0000000000000000
[  457.561881][T15618] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  457.561890][T15618] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  457.561899][T15618] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  457.561924][T15618]  </TASK>
[  457.955608][T15626] bridge0: port 3(vlan2) entered blocking state
[  457.957937][T15626] bridge0: port 3(vlan2) entered disabled state
[  457.960127][T15626] vlan2: entered allmulticast mode
[  457.961775][T15626] bridge0: entered allmulticast mode
[  457.975156][T15629] overlayfs: failed to resolve './file1': -2
[  457.981454][T15626] vlan2: left allmulticast mode
[  457.983061][T15626] bridge0: left allmulticast mode
[  458.713160][   T40] kauditd_printk_skb: 154 callbacks suppressed
[  458.713173][   T40] audit: type=1326 audit(1765012414.649:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.721489][   T40] audit: type=1326 audit(1765012414.649:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.728351][   T40] audit: type=1326 audit(1765012414.649:2412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.750227][   T40] audit: type=1326 audit(1765012414.649:2413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=152 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.756528][   T40] audit: type=1326 audit(1765012414.679:2414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.764650][   T40] audit: type=1326 audit(1765012414.679:2415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.770651][   T40] audit: type=1326 audit(1765012414.689:2416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.776672][   T40] audit: type=1326 audit(1765012414.689:2417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.783204][   T40] audit: type=1326 audit(1765012414.689:2418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.790244][   T40] audit: type=1326 audit(1765012414.689:2419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.5.2846" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf704d579 code=0x7ffc0000
[  458.884600][T15668] netlink: 'syz.6.2848': attribute type 2 has an invalid length.
[  458.896147][T15668] !: entered promiscuous mode
[  460.455276][T15709] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  460.614474][T15716] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2863'.
[  460.931665][T15721] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2863'.
[  460.994355][T15734] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2870'.
[  461.367963][T15737] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2870'.
[  461.458524][T15751] input: syz0 as /devices/virtual/input/input23
[  461.575774][T15759] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2879'.
[  461.581801][T15759] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.585625][T15759] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.903212][   T54] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  462.279190][T15790] No buffer was provided with the request
[  462.942792][T15795] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2891'.
[  462.961262][T15799] input: syz0 as /devices/virtual/input/input24
[  463.312336][T15800] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2891'.
[  463.823056][T15831] fuse: Bad value for 'rootmode'
[  464.449677][T15861] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2914'.
[  464.813500][T15864] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2914'.
[  465.684495][T15937] loop9: detected capacity change from 0 to 7
[  465.687124][T15937] Dev loop9: unable to read RDB block 7
[  465.688930][T15937]  loop9: unable to read partition table
[  465.691388][T15937] loop9: partition table beyond EOD, truncated
[  465.693309][T15937] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  465.703484][T15937] Dev loop9: unable to read RDB block 7
[  465.715701][T15937]  loop9: unable to read partition table
[  465.718224][T15937] loop9: partition table beyond EOD, truncated
[  465.908400][   T54] IPVS: starting estimator thread 0...
[  465.995905][T15955] IPVS: using max 45 ests per chain, 108000 per kthread
[  466.137103][T15954] loop6: detected capacity change from 0 to 524287999
[  466.139917][T15954] buffer_io_error: 6 callbacks suppressed
[  466.139926][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.145304][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.148380][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.151611][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.154805][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.158060][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.161321][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.164563][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.167546][T15954] ldm_validate_partition_table(): Disk read failed.
[  466.170035][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.173241][T15954] Buffer I/O error on dev loop6, logical block 0, async page read
[  466.176606][T15954] Dev loop6: unable to read RDB block 0
[  466.179198][T15954]  loop6: unable to read partition table
[  466.181652][T15954] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  466.246675][T15954] ldm_validate_partition_table(): Disk read failed.
[  466.248913][T15954] Dev loop6: unable to read RDB block 0
[  466.250914][T15954]  loop6: unable to read partition table
[  466.252752][T15954] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  466.256823][T15954] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2942'.
[  466.259477][T15954] netlink: 3 bytes leftover after parsing attributes in process `syz.6.2942'.
[  466.264921][T15954] batadv1: entered allmulticast mode
[  466.320568][T15976] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2950'.
[  466.331931][T15978] netlink: 80 bytes leftover after parsing attributes in process `syz.6.2951'.
[  466.553302][T15988] kAFS: Can only specify source 'none' with -o dyn
[  466.579420][T15979] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2950'.
[  466.682998][T15980] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2951'.
[  466.836265][T16000] geneve1: entered allmulticast mode
[  467.296968][T16011] IPVS: set_ctl: invalid protocol: 47 172.20.20.187:20003
[  467.726982][T16027] lo speed is unknown, defaulting to 1000
[  468.001791][T16038] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2967'.
[  468.306778][T16039] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2967'.
[  469.007961][T16090] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2981'.
[  469.028721][T16090] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2981'.
[  469.415326][T16114] wireguard0: entered promiscuous mode
[  469.425335][T16114] wireguard0: entered allmulticast mode
[  470.054104][   T40] kauditd_printk_skb: 11 callbacks suppressed
[  470.054128][   T40] audit: type=1326 audit(1765012425.980:2431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.065654][   T40] audit: type=1326 audit(1765012425.980:2432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.073105][   T40] audit: type=1326 audit(1765012425.980:2433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=348 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.083502][   T40] audit: type=1326 audit(1765012425.980:2434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.105249][   T40] audit: type=1326 audit(1765012425.980:2435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.119254][   T40] audit: type=1326 audit(1765012425.980:2436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=330 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.125681][   T40] audit: type=1326 audit(1765012425.980:2437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.127636][ T6887] kernel write not supported for file /sequencer2 (pid: 6887 comm: kworker/0:6)
[  470.133646][   T40] audit: type=1326 audit(1765012425.980:2438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.146647][   T40] audit: type=1326 audit(1765012425.980:2439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.154423][   T40] audit: type=1326 audit(1765012425.980:2440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16132 comm="syz.1.3001" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[  470.439889][T16151] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  470.441815][T16151] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  470.444095][T16151] vhci_hcd vhci_hcd.0: Device attached
[  470.452041][T16158] vhci_hcd: connection closed
[  470.452270][ T6110] vhci_hcd: stop threads
[  470.456276][ T6110] vhci_hcd: release socket
[  470.457695][ T6110] vhci_hcd: disconnect device
[  471.005970][T16179] netlink: 'syz.3.3012': attribute type 10 has an invalid length.
[  471.008444][T16179] veth0_vlan: entered allmulticast mode
[  471.011455][T16179] bridge0: port 3(veth0_vlan) entered blocking state
[  471.013757][T16179] bridge0: port 3(veth0_vlan) entered disabled state
[  471.017650][T16179] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  471.247799][T16189] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  471.249913][T16189] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  471.252838][T16189] vhci_hcd vhci_hcd.0: Device attached
[  471.383648][T16190] vhci_hcd: connection closed
[  471.384201][ T4375] vhci_hcd: stop threads
[  471.388113][ T4375] vhci_hcd: release socket
[  471.389818][ T4375] vhci_hcd: disconnect device
[  471.432751][T16195] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  471.746337][T16210] FAULT_INJECTION: forcing a failure.
[  471.746337][T16210] name failslab, interval 1, probability 0, space 0, times 0
[  471.750769][T16210] CPU: 1 UID: 0 PID: 16210 Comm: syz.6.3022 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  471.750798][T16210] Tainted: [L]=SOFTLOCKUP
[  471.750804][T16210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  471.750815][T16210] Call Trace:
[  471.750821][T16210]  <TASK>
[  471.750828][T16210]  dump_stack_lvl+0x16c/0x1f0
[  471.750852][T16210]  should_fail_ex+0x512/0x640
[  471.750872][T16210]  ? fs_reclaim_acquire+0xae/0x150
[  471.750895][T16210]  should_failslab+0xc2/0x120
[  471.750915][T16210]  __kmalloc_noprof+0xdd/0x8f0
[  471.750939][T16210]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  471.750967][T16210]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  471.750989][T16210]  tomoyo_realpath_from_path+0xc2/0x6e0
[  471.751020][T16210]  tomoyo_check_open_permission+0x2ab/0x3c0
[  471.751042][T16210]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  471.751094][T16210]  ? lock_acquire+0x179/0x330
[  471.751115][T16210]  ? find_held_lock+0x2b/0x80
[  471.751143][T16210]  ? mnt_get_write_access+0x52/0x2f0
[  471.751171][T16210]  tomoyo_file_open+0x6b/0x90
[  471.751198][T16210]  security_file_open+0x84/0x1e0
[  471.751221][T16210]  do_dentry_open+0x597/0x1590
[  471.751243][T16210]  ? do_raw_spin_unlock+0x172/0x230
[  471.751269][T16210]  shmem_tmpfile+0x140/0x180
[  471.751290][T16210]  vfs_tmpfile+0x2be/0x9b0
[  471.751315][T16210]  path_openat+0x1936/0x3140
[  471.751329][T16210]  ? __do_fast_syscall_32+0xe8/0x680
[  471.751341][T16210]  ? do_fast_syscall_32+0x32/0x80
[  471.751357][T16210]  ? __pfx_path_openat+0x10/0x10
[  471.751374][T16210]  do_filp_open+0x20b/0x470
[  471.751385][T16210]  ? __lock_acquire+0x433/0x22f0
[  471.751397][T16210]  ? __pfx_do_filp_open+0x10/0x10
[  471.751420][T16210]  ? _raw_spin_unlock+0x28/0x50
[  471.751435][T16210]  ? alloc_fd+0x471/0x7d0
[  471.751451][T16210]  do_sys_openat2+0x11f/0x280
[  471.751466][T16210]  ? __pfx_do_sys_openat2+0x10/0x10
[  471.751486][T16210]  __do_sys_openat2+0x1c0/0x2d0
[  471.751501][T16210]  ? __pfx___do_sys_openat2+0x10/0x10
[  471.751517][T16210]  ? syscall_trace_enter+0x1cb/0x220
[  471.751535][T16210]  ? rcu_is_watching+0x12/0xc0
[  471.751548][T16210]  __do_fast_syscall_32+0xe8/0x680
[  471.751561][T16210]  do_fast_syscall_32+0x32/0x80
[  471.751573][T16210]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  471.751587][T16210] RIP: 0023:0xf7fd5579
[  471.751597][T16210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  471.751607][T16210] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 00000000000001b5
[  471.751618][T16210] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  471.751625][T16210] RDX: 0000000080000400 RSI: 0000000000000018 RDI: 0000000000000000
[  471.751631][T16210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  471.751637][T16210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  471.751644][T16210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  471.751658][T16210]  </TASK>
[  471.751662][T16210] ERROR: Out of memory at tomoyo_realpath_from_path.
[  471.941923][   T10] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  472.090709][   T10] usb 8-1: Using ep0 maxpacket: 8
[  472.099502][   T10] usb 8-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  472.106850][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.109527][   T10] usb 8-1: Product: syz
[  472.120564][   T10] usb 8-1: Manufacturer: syz
[  472.122368][   T10] usb 8-1: SerialNumber: syz
[  472.124908][   T10] usb 8-1: config 0 descriptor??
[  472.128622][   T10] option 8-1:0.0: GSM modem (1-port) converter detected
[  472.332637][   T10] usb 8-1: USB disconnect, device number 12
[  472.335388][   T10] option 8-1:0.0: device disconnected
[  472.850931][T16247] FAULT_INJECTION: forcing a failure.
[  472.850931][T16247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  472.855758][T16247] CPU: 2 UID: 0 PID: 16247 Comm: syz.1.3034 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  472.855777][T16247] Tainted: [L]=SOFTLOCKUP
[  472.855781][T16247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  472.855788][T16247] Call Trace:
[  472.855792][T16247]  <TASK>
[  472.855797][T16247]  dump_stack_lvl+0x16c/0x1f0
[  472.855812][T16247]  should_fail_ex+0x512/0x640
[  472.855827][T16247]  _copy_to_user+0x32/0xd0
[  472.855840][T16247]  simple_read_from_buffer+0xcb/0x170
[  472.855853][T16247]  proc_fail_nth_read+0x197/0x240
[  472.855868][T16247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  472.855884][T16247]  ? rw_verify_area+0xcf/0x6c0
[  472.855900][T16247]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  472.855914][T16247]  vfs_read+0x1e4/0xcf0
[  472.855927][T16247]  ? __pfx___mutex_lock+0x10/0x10
[  472.855940][T16247]  ? __pfx_vfs_read+0x10/0x10
[  472.855950][T16247]  ? find_held_lock+0x2b/0x80
[  472.855970][T16247]  ? __fget_files+0x20e/0x3c0
[  472.855980][T16247]  ? bpf_trace_run2+0x260/0x5c0
[  472.855996][T16247]  ksys_read+0x12a/0x250
[  472.856006][T16247]  ? __pfx_ksys_read+0x10/0x10
[  472.856016][T16247]  ? syscall_trace_enter+0x1cb/0x220
[  472.856034][T16247]  ? rcu_is_watching+0x12/0xc0
[  472.856046][T16247]  __do_fast_syscall_32+0xe8/0x680
[  472.856060][T16247]  do_fast_syscall_32+0x32/0x80
[  472.856076][T16247]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.856091][T16247] RIP: 0023:0xf705d579
[  472.856100][T16247] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  472.856111][T16247] RSP: 002b:00000000f544d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  472.856122][T16247] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f544d620
[  472.856129][T16247] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000
[  472.856135][T16247] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  472.856141][T16247] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  472.856147][T16247] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  472.856161][T16247]  </TASK>
[  473.339229][T16264] program syz.3.3039 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  473.346235][T16264] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  473.480130][T16231] netlink: 'syz.6.3029': attribute type 4 has an invalid length.
[  473.509889][T16267] __nla_validate_parse: 7 callbacks suppressed
[  473.509902][T16267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3041'.
[  473.541734][T16231] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.545419][T16231] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.609111][T16231] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  473.615758][T16231] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  473.725029][ T4375] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.733226][ T4375] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.736319][ T4375] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.739266][ T4375] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.779134][T16272] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3042'.
[  473.954340][T16286] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.3046'.
[  474.031255][T16280] netlink: 'syz.1.3044': attribute type 1 has an invalid length.
[  474.044399][T16280] bond1: entered promiscuous mode
[  474.046520][T16280] 8021q: adding VLAN 0 to HW filter on device bond1
[  474.091226][T16277] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3042'.
[  474.379589][T16299] futex_wake_op: syz.1.3051 tries to shift op by -1; fix this program
[  474.984382][T16321] netlink: 'syz.6.3058': attribute type 1 has an invalid length.
[  474.984674][   T10] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  474.987604][T16321] netlink: 212 bytes leftover after parsing attributes in process `syz.6.3058'.
[  475.163787][   T10] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  475.167766][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  475.173496][   T10] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  475.177855][   T10] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  475.181288][   T10] usb 6-1: Product: syz
[  475.183642][   T10] usb 6-1: Manufacturer: syz
[  475.185711][   T10] usb 6-1: SerialNumber: syz
[  475.190804][   T10] usb 6-1: config 0 descriptor??
[  475.191415][T16333] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3064'.
[  475.196146][   T10] usb 6-1: selecting invalid altsetting 0
[  475.366980][T16333] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3064'.
[  475.635070][T16312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3055'.
[  475.961159][T16361] netlink: 'syz.6.3070': attribute type 4 has an invalid length.
[  475.968533][T16361] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3070'.
[  476.655827][T16372] netlink: 'syz.3.3074': attribute type 3 has an invalid length.
[  476.658989][T16372] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3074'.
[  476.806202][ T7522] usb 6-1: USB disconnect, device number 31
[  478.382698][T16418] overlayfs: failed to resolve './file0': -2
[  478.668485][T16424] __nla_validate_parse: 4 callbacks suppressed
[  478.668503][T16424] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3090'.
[  478.798920][T16435] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.953209][T16435] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.052365][T16435] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.137490][T16435] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.227266][T15323] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  479.236867][T15323] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  479.243603][T15323] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  479.251422][ T6110] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  479.630112][T16468] 
: renamed from batadv_slave_1
[  479.637084][T16468] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  479.699327][T16470] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(9)
[  479.702023][T16470] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  479.705150][T16470] vhci_hcd vhci_hcd.0: Device attached
[  479.768018][T16471] vhci_hcd: connection closed
[  479.768759][ T1049] vhci_hcd: stop threads
[  479.771713][ T1049] vhci_hcd: release socket
[  479.773156][ T1049] vhci_hcd: disconnect device
[  480.390376][T16474] netlink: 'syz.3.3107': attribute type 4 has an invalid length.
[  480.456142][T16482] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3109'.
[  480.629248][T16474] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  480.645029][T16474] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  480.849101][ T6037] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  480.853155][ T6037] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  480.857378][ T6037] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  480.861336][ T6037] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  481.358477][T16499] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3115'.
[  481.361362][T16499] netlink: 3 bytes leftover after parsing attributes in process `syz.5.3115'.
[  481.388243][T16499] batadv2: entered allmulticast mode
[  481.424876][T16509] netlink: 'syz.3.3117': attribute type 3 has an invalid length.
[  482.344759][T16519] netlink: 'syz.1.3122': attribute type 10 has an invalid length.
[  482.478910][T16519] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  482.618508][T16536] lo speed is unknown, defaulting to 1000
[  482.678972][T16538] lo speed is unknown, defaulting to 1000
[  482.746676][T16544] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3128'.
[  483.216190][T16560] lo speed is unknown, defaulting to 1000
[  483.514069][ T5300] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  483.517877][ T5300] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  483.522052][ T5300] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  483.526841][ T5300] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  483.530133][ T5300] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  483.535216][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  483.538417][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  483.541984][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  483.547883][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  483.551778][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  483.581548][T16567] lo speed is unknown, defaulting to 1000
[  483.746061][T16567] chnl_net:caif_netlink_parms(): no params data found
[  483.940881][T16567] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.943329][T16567] bridge0: port 1(bridge_slave_0) entered disabled state
[  483.945634][T16567] bridge_slave_0: entered allmulticast mode
[  483.948317][T16567] bridge_slave_0: entered promiscuous mode
[  483.955033][T16567] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.957449][T16567] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.961027][T16567] bridge_slave_1: entered allmulticast mode
[  483.965076][T16567] bridge_slave_1: entered promiscuous mode
[  484.018532][T16567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  484.041209][T16567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  484.093885][T16567] team0: Port device team_slave_0 added
[  484.098629][T16567] team0: Port device team_slave_1 added
[  484.101338][T16591] veth0: entered promiscuous mode
[  484.126106][T16567] batman_adv: batadv0: Adding interface: batadv_slave_0
[  484.128322][T16567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  484.144819][T16567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  484.149221][T16567] batman_adv: batadv0: Adding interface: batadv_slave_1
[  484.151736][T16567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  484.163088][T16567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  484.200217][T16567] hsr_slave_0: entered promiscuous mode
[  484.202604][T16567] hsr_slave_1: entered promiscuous mode
[  484.204962][T16567] debugfs: 'hsr0' already exists in 'hsr'
[  484.206997][T16567] Cannot create hsr debugfs directory
[  484.265409][T16590] veth0: left promiscuous mode
[  484.344793][T16567] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.420357][T16567] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.486062][T16602] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3146'.
[  484.579526][T16567] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.671177][T16567] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.809820][T16567] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  484.815519][T16567] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  484.821723][T16567] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  484.828100][T16567] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  484.880446][T16567] 8021q: adding VLAN 0 to HW filter on device bond0
[  484.892701][T16567] 8021q: adding VLAN 0 to HW filter on device team0
[  484.898559][ T6110] bridge0: port 1(bridge_slave_0) entered blocking state
[  484.901625][ T6110] bridge0: port 1(bridge_slave_0) entered forwarding state
[  484.913997][ T6110] bridge0: port 2(bridge_slave_1) entered blocking state
[  484.917156][ T6110] bridge0: port 2(bridge_slave_1) entered forwarding state
[  485.061367][T16567] 8021q: adding VLAN 0 to HW filter on device batadv0
[  485.087490][T16567] veth0_vlan: entered promiscuous mode
[  485.093607][T16567] veth1_vlan: entered promiscuous mode
[  485.112095][T16567] veth0_macvtap: entered promiscuous mode
[  485.117296][T16567] veth1_macvtap: entered promiscuous mode
[  485.128265][T16567] batman_adv: batadv0: Interface activated: batadv_slave_0
[  485.133725][T16567] batman_adv: batadv0: Interface activated: batadv_slave_1
[  485.141237][   T46] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  485.144090][   T46] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  485.147409][   T46] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  485.150217][   T46] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  485.187372][T15323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  485.189920][T15323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  485.234582][ T6037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  485.240914][ T6037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  485.550024][T16635] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3136'.
[  485.571754][ T5953] Bluetooth: hci2: command tx timeout
[  485.573799][T16647] binder: 16646:16647 unknown command 0
[  485.576070][T16647] binder: 16646:16647 ioctl c0306201 80000080 returned -22
[  485.581103][T16647] binder: 16646:16647 ioctl c0306201 800003c0 returned -14
[  485.944975][T16661] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  485.948305][T16661] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  486.525853][T16687] syz_tun: entered promiscuous mode
[  487.185313][T16700] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3173'.
[  487.360196][T16696] netlink: 'syz.6.3171': attribute type 10 has an invalid length.
[  487.363565][T16696] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3171'.
[  487.367474][T16696] veth0_vlan: left promiscuous mode
[  487.369655][T16696] veth0_vlan: entered promiscuous mode
[  487.371926][T16696] veth0_vlan: entered allmulticast mode
[  487.394817][T16696] bridge0: port 3(veth0_vlan) entered blocking state
[  487.397941][T16696] bridge0: port 3(veth0_vlan) entered disabled state
[  487.402251][T16696] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  487.660853][ T5953] Bluetooth: hci2: command tx timeout
[  488.807614][T16749] syzkaller1: entered promiscuous mode
[  488.809427][T16749] syzkaller1: entered allmulticast mode
[  489.734309][ T5953] Bluetooth: hci2: command tx timeout
[  489.795897][T16754] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048)
[  490.137482][T16757] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3190'.
[  490.247855][T16742] netlink: 'syz.5.3186': attribute type 10 has an invalid length.
[  490.250391][T16742] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3186'.
[  490.253227][T16742] veth0_vlan: entered allmulticast mode
[  490.255959][T16742] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  490.686986][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3192'.
[  490.712041][T16765] 8021q: adding VLAN 0 to HW filter on device bond0
[  490.715029][T16765] 8021q: adding VLAN 0 to HW filter on device team0
[  490.745340][T16765] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  491.085673][T16791] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3201'.
[  491.088610][T16791] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3201'.
[  491.220185][T16793] tipc: Started in network mode
[  491.222160][T16793] tipc: Node identity 50000, cluster identity 5
[  491.224614][T16793] tipc: Node number set to 327680
[  491.280813][T16793] syzkaller0: entered promiscuous mode
[  491.282586][T16793] syzkaller0: entered allmulticast mode
[  491.342083][T16797] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3204'.
[  491.630472][T16798] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3204'.
[  491.739345][T16815] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  491.805991][ T5953] Bluetooth: hci2: command tx timeout
[  491.810879][T16815] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  491.817792][T16815] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  491.877067][ T6028] lo speed is unknown, defaulting to 1000
[  491.877552][ T3868] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  491.878976][ T6028] syz0: Port: 1 Link DOWN
[  491.881794][ T3868] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  491.885853][ T3868] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  491.888575][ T3868] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  492.302244][T16831] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3214'.
[  492.307829][T16831] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3214'.
[  492.333638][T16833] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  492.403151][T16833] ptrace attach of "/syz-executor exec"[16837] was attempted by "/syz-executor exec"[16833]
[  492.849666][ T1242] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  492.950753][ T1242] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  492.953491][T16844] netlink: 80 bytes leftover after parsing attributes in process `syz.6.3221'.
[  493.032619][ T1242] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.065193][ T5300] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  493.071204][ T5300] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  493.074337][ T5300] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  493.079866][ T5300] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  493.084011][ T5300] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  493.107924][ T1242] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.150363][T16846] lo speed is unknown, defaulting to 1000
[  493.291078][ T1242] bridge_slave_1: left allmulticast mode
[  493.293019][ T1242] bridge_slave_1: left promiscuous mode
[  493.295031][ T1242] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.303570][ T1242] bridge_slave_0: left allmulticast mode
[  493.305695][ T1242] bridge_slave_0: left promiscuous mode
[  493.308231][ T1242] bridge0: port 1(bridge_slave_0) entered disabled state
[  493.590747][ T1242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  493.598732][ T1242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  493.604582][ T1242] bond0 (unregistering): Released all slaves
[  493.697012][T16846] chnl_net:caif_netlink_parms(): no params data found
[  493.712268][ T1242] tipc: Left network mode
[  493.814102][T16846] bridge0: port 1(bridge_slave_0) entered blocking state
[  493.816511][T16846] bridge0: port 1(bridge_slave_0) entered disabled state
[  493.819093][T16846] bridge_slave_0: entered allmulticast mode
[  493.826735][T16846] bridge_slave_0: entered promiscuous mode
[  493.837118][T16846] bridge0: port 2(bridge_slave_1) entered blocking state
[  493.840174][T16846] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.843201][T16846] bridge_slave_1: entered allmulticast mode
[  493.846956][T16846] bridge_slave_1: entered promiscuous mode
[  493.939408][T16846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  493.956804][T16846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  494.006666][T16846] team0: Port device team_slave_0 added
[  494.021026][ T1242] hsr_slave_0: left promiscuous mode
[  494.025563][ T1242] hsr_slave_1: left promiscuous mode
[  494.031057][ T1242] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  494.033564][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_0
[  494.037101][ T1242] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  494.039891][ T1242] batman_adv: batadv0: Removing interface: batadv_slave_1
[  494.052287][ T1242] veth1_macvtap: left promiscuous mode
[  494.054547][ T1242] veth0_macvtap: left promiscuous mode
[  494.056848][ T1242] veth1_vlan: left promiscuous mode
[  494.059928][ T1242] veth0_vlan: left promiscuous mode
[  494.485186][ T1242] team0 (unregistering): Port device team_slave_1 removed
[  494.512527][ T1242] team0 (unregistering): Port device team_slave_0 removed
[  494.827769][T16846] team0: Port device team_slave_1 added
[  494.860690][T16846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  494.863775][T16846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  494.888168][T16846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  494.894970][T16846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  494.898334][T16846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  494.907684][T16846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  494.971224][T16846] hsr_slave_0: entered promiscuous mode
[  494.973680][T16846] hsr_slave_1: entered promiscuous mode
[  494.976228][T16846] debugfs: 'hsr0' already exists in 'hsr'
[  494.978310][T16846] Cannot create hsr debugfs directory
[  495.146792][T16846] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  495.151899][T16846] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  495.156072][T16846] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  495.161986][T16846] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  495.169740][ T5953] Bluetooth: hci2: command tx timeout
[  495.280982][T16846] 8021q: adding VLAN 0 to HW filter on device bond0
[  495.293447][T16846] 8021q: adding VLAN 0 to HW filter on device team0
[  495.301141][ T3868] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.304265][ T3868] bridge0: port 1(bridge_slave_0) entered forwarding state
[  495.324203][ T6037] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.327148][ T6037] bridge0: port 2(bridge_slave_1) entered forwarding state
[  495.387124][T16919] binder: 16918:16919 ioctl c0306201 800003c0 returned -14
[  495.391692][T16919] binder_alloc: 16918: binder_alloc_buf, no vma
[  495.471526][T16846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  495.693297][T16846] veth0_vlan: entered promiscuous mode
[  495.699709][T16846] veth1_vlan: entered promiscuous mode
[  495.721954][T16846] veth0_macvtap: entered promiscuous mode
[  495.726119][T16846] veth1_macvtap: entered promiscuous mode
[  495.736771][T16846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  495.744786][T16846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  495.752098][ T4375] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  495.758550][ T4375] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  495.765042][ T4375] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  495.768495][ T4375] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  495.827467][ T6110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.830759][ T6110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.841910][ T6110] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  495.844972][ T6110] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  495.880196][T16938] lo speed is unknown, defaulting to 1000
[  496.286025][T16950] lo speed is unknown, defaulting to 1000
[  496.361582][T16955] __nla_validate_parse: 5 callbacks suppressed
[  496.361594][T16955] netlink: 80 bytes leftover after parsing attributes in process `syz.6.3249'.
[  496.557618][T16950] netlink: 13316 bytes leftover after parsing attributes in process `syz.3.3248'.
[  496.561388][T16950] openvswitch: netlink: Flow key attr not present in new flow.
[  496.620205][T16968] tipc: Failed to obtain node identity
[  496.622595][T16968] tipc: Enabling of bearer <ib:veth1_to_bridge> rejected, failed to enable media
[  496.625030][T16960] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3249'.
[  496.631512][T16968] comedi comedi3: comedi_config --init_data is deprecated
[  496.799015][   T40] kauditd_printk_skb: 23 callbacks suppressed
[  496.799029][   T40] audit: type=1326 audit(1765012452.699:2464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16975 comm="syz.5.3257" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704d579 code=0x0
[  497.033697][T16979] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  497.545498][T16996] syzkaller0: entered promiscuous mode
[  497.547579][T16996] syzkaller0: entered allmulticast mode
[  497.662280][T16998] netlink: 'syz.6.3265': attribute type 11 has an invalid length.
[  497.665549][T16998] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3265'.
[  497.930588][T17007] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3269'.
[  499.948168][T17047] netlink: 'syz.6.3280': attribute type 10 has an invalid length.
[  499.951268][T17047] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3280'.
[  499.955244][T17047] bridge0: port 3(veth0_vlan) entered blocking state
[  499.958117][T17047] bridge0: port 3(veth0_vlan) entered disabled state
[  499.964194][T17047] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  500.095854][T17049] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3281'.
[  500.162037][   T13] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.232976][T17045] netlink: 'syz.3.3279': attribute type 10 has an invalid length.
[  500.236807][T17045] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3279'.
[  500.293850][   T13] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.306281][T17045] bridge0: port 3(veth0_vlan) entered blocking state
[  500.309593][T17045] bridge0: port 3(veth0_vlan) entered disabled state
[  500.315950][T17045] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  500.397427][ T5300] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  500.398671][   T13] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.403541][ T5300] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  500.406630][ T5300] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  500.409743][ T5300] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  500.412624][ T5300] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  500.420746][T17056] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  500.531019][   T13] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.694495][T17059] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3285'.
[  500.738396][   T13] bridge_slave_1: left allmulticast mode
[  500.740275][   T13] bridge_slave_1: left promiscuous mode
[  500.755113][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  500.765118][   T13] bridge_slave_0: left allmulticast mode
[  500.765477][   T40] audit: type=1800 audit(1765012456.666:2465): pid=17059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3285" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  500.766875][   T13] bridge_slave_0: left promiscuous mode
[  500.780766][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  500.848956][T17070] netlink: 'syz.6.3288': attribute type 10 has an invalid length.
[  500.852103][T17070] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3288'.
[  500.868186][ T5300] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  500.874678][ T5300] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  500.882324][ T5300] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  500.885589][ T5300] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  500.888468][ T5300] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  501.057210][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  501.061656][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  501.065666][   T13] bond0 (unregistering): Released all slaves
[  501.073939][T17068] bridge_slave_0: left allmulticast mode
[  501.075686][T17068] bridge_slave_0: left promiscuous mode
[  501.077446][T17068] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.083088][T17068] bridge_slave_1: left allmulticast mode
[  501.084833][T17068] bridge_slave_1: left promiscuous mode
[  501.086644][T17068] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.090991][T17068] bond0: (slave bond_slave_0): Releasing backup interface
[  501.095552][T17068] bond0: (slave bond_slave_1): Releasing backup interface
[  501.100763][T17068] team0: Port device team_slave_0 removed
[  501.103666][T17068] team0: Port device team_slave_1 removed
[  501.105688][T17068] batman_adv: batadv0: Removing interface: batadv_slave_0
[  501.108395][T17068] batman_adv: batadv0: Removing interface: 

[  501.110671][T17068] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  501.120764][T17070] team0: entered promiscuous mode
[  501.130569][T17070] bridge0: port 1(team0) entered blocking state
[  501.140011][T17070] bridge0: port 1(team0) entered disabled state
[  501.142112][T17070] team0: entered allmulticast mode
[  501.188220][T17069] lo speed is unknown, defaulting to 1000
[  501.376031][T17069] chnl_net:caif_netlink_parms(): no params data found
[  501.419980][   T13] hsr_slave_0: left promiscuous mode
[  501.423070][   T13] hsr_slave_1: left promiscuous mode
[  501.425291][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  501.427635][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  501.433707][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  501.436704][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  501.445616][   T40] audit: type=1804 audit(1765012457.356:2466): pid=17079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.3289" name="/newroot/182/bus/bus" dev="overlay" ino=1010 res=1 errno=0
[  501.453676][   T40] audit: type=1804 audit(1765012457.356:2467): pid=17079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.3289" name="/newroot/182/bus/bus" dev="overlay" ino=1010 res=1 errno=0
[  501.460625][   T40] audit: type=1800 audit(1765012457.356:2468): pid=17079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3289" name="bus" dev="overlay" ino=1010 res=0 errno=0
[  501.468351][   T13] veth1_macvtap: left promiscuous mode
[  501.470685][   T13] veth0_macvtap: left promiscuous mode
[  501.478608][   T13] veth1_vlan: left promiscuous mode
[  501.480920][   T13] veth0_vlan: left promiscuous mode
[  502.200993][   T13] team0 (unregistering): Port device team_slave_1 removed
[  502.208350][T17096] netlink: 'syz.6.3295': attribute type 10 has an invalid length.
[  502.211260][T17096] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3295'.
[  502.264879][   T13] team0 (unregistering): Port device team_slave_0 removed
[  502.292525][T17098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3294'.
[  502.626114][T17090] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  502.626511][T17096] bridge0: port 2(veth0_vlan) entered blocking state
[  502.636010][T17096] bridge0: port 2(veth0_vlan) entered disabled state
[  502.642616][T17096] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  502.660866][T17098] syz_tun: left promiscuous mode
[  502.665633][T17098] 8021q: adding VLAN 0 to HW filter on device bond0
[  502.668930][T17098] 8021q: adding VLAN 0 to HW filter on device team0
[  502.675720][T17098] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  502.771734][T17069] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.774372][T17069] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.776549][T17069] bridge_slave_0: entered allmulticast mode
[  502.779229][T17069] bridge_slave_0: entered promiscuous mode
[  502.785085][T17069] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.787610][T17069] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.789940][T17069] bridge_slave_1: entered allmulticast mode
[  502.792578][T17069] bridge_slave_1: entered promiscuous mode
[  502.811083][T17069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  502.815892][T17069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  502.835605][T17069] team0: Port device team_slave_0 added
[  502.845645][T17069] team0: Port device team_slave_1 added
[  502.859582][T17069] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.862245][T17069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.872577][T17069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.879052][T17069] batman_adv: batadv0: Adding interface: batadv_slave_1
[  502.881946][T17069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  502.893181][T17069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  502.934766][ T5953] Bluetooth: hci2: command tx timeout
[  502.966202][T17069] hsr_slave_0: entered promiscuous mode
[  502.968567][T17069] hsr_slave_1: entered promiscuous mode
[  502.970879][T17069] debugfs: 'hsr0' already exists in 'hsr'
[  502.972684][T17069] Cannot create hsr debugfs directory
[  503.092853][T17069] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  503.098357][T17069] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  503.102568][T17069] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  503.107295][T17069] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  503.133408][T17069] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.135746][T17069] bridge0: port 2(bridge_slave_1) entered forwarding state
[  503.138193][T17069] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.140426][T17069] bridge0: port 1(bridge_slave_0) entered forwarding state
[  503.169716][T17069] 8021q: adding VLAN 0 to HW filter on device bond0
[  503.178105][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.181647][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.201180][T17069] 8021q: adding VLAN 0 to HW filter on device team0
[  503.208034][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.210268][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  503.216287][ T7599] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.218571][ T7599] bridge0: port 2(bridge_slave_1) entered forwarding state
[  503.239682][T17131] netlink: 80 bytes leftover after parsing attributes in process `syz.6.3303'.
[  503.450810][T17069] 8021q: adding VLAN 0 to HW filter on device batadv0
[  503.543992][T17149] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3307'.
[  503.624361][T17138] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3303'.
[  503.667454][T17069] veth0_vlan: entered promiscuous mode
[  503.673412][T17069] veth1_vlan: entered promiscuous mode
[  503.691850][T17069] veth0_macvtap: entered promiscuous mode
[  503.700634][T17069] veth1_macvtap: entered promiscuous mode
[  503.718290][T17069] batman_adv: batadv0: Interface activated: batadv_slave_0
[  503.728946][T17069] batman_adv: batadv0: Interface activated: batadv_slave_1
[  503.735973][ T7599] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  503.741587][ T7599] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  503.744531][ T7599] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  503.805388][T17160] netlink: 'syz.5.3310': attribute type 33 has an invalid length.
[  503.808177][T17160] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3310'.
[  503.858162][T17161] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3310'.
[  503.875169][ T7599] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  503.936801][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.939687][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  503.952711][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  503.956176][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  504.194394][T17173] team_slave_0: entered promiscuous mode
[  504.195951][T17166] netlink: 'syz.5.3311': attribute type 10 has an invalid length.
[  504.199565][T17166] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3311'.
[  504.213129][T17173] team_slave_0: entered allmulticast mode
[  504.219504][T17166] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  504.453746][T17187] netlink: 304 bytes leftover after parsing attributes in process `syz.6.3317'.
[  504.521134][T17187] 9pnet_fd: Insufficient options for proto=fd
[  505.025707][ T5953] Bluetooth: hci2: command tx timeout
[  505.168055][T17196] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  505.170189][T17196] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  505.172725][T17196] vhci_hcd vhci_hcd.0: Device attached
[  505.293785][T17221] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3327'.
[  505.403270][T17217] vhci_hcd: connection closed
[  505.403635][ T1049] vhci_hcd: stop threads
[  505.407188][ T1049] vhci_hcd: release socket
[  505.408986][ T1049] vhci_hcd: disconnect device
[  505.436154][ T6060] usb 44-1: enqueue for inactive port 0
[  505.492066][T17226] netlink: 'syz.8.3329': attribute type 10 has an invalid length.
[  505.495331][T17226] veth0_vlan: entered allmulticast mode
[  505.498640][T17226] bridge0: port 3(veth0_vlan) entered blocking state
[  505.500914][T17226] bridge0: port 3(veth0_vlan) entered disabled state
[  505.504798][T17226] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  505.891124][T17244] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[  505.956851][ T6060] usb usb44-port1: attempt power cycle
[  506.283374][T17255] lo speed is unknown, defaulting to 1000
[  506.527724][ T6060] usb usb44-port1: unable to enumerate USB device
[  506.805401][T17265] 9pnet_fd: Insufficient options for proto=fd
[  507.097718][ T5953] Bluetooth: hci2: command tx timeout
[  507.178293][T17262] netlink: 'syz.3.3340': attribute type 10 has an invalid length.
[  507.180875][T17262] bridge0: port 3(veth0_vlan) entered blocking state
[  507.183091][T17262] bridge0: port 3(veth0_vlan) entered disabled state
[  507.186491][T17262] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  507.699494][T17294] syzkaller0: entered promiscuous mode
[  507.702066][T17294] syzkaller0: entered allmulticast mode
[  507.710638][T17294] 9pnet_fd: Insufficient options for proto=fd
[  507.910881][T17297] CIFS: VFS: Malformed UNC in devname
[  507.923657][T17304] __nla_validate_parse: 4 callbacks suppressed
[  507.923672][T17304] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3355'.
[  507.930092][T17304] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3355'.
[  507.933269][T17304] unsupported nlmsg_type 40
[  508.055242][T17311] comedi comedi0: Minor 3 could not be opened
[  508.366029][T17306] netlink: 'syz.8.3356': attribute type 10 has an invalid length.
[  508.369120][T17306] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3356'.
[  508.372272][T17306] bridge0: port 3(veth0_vlan) entered blocking state
[  508.374705][T17306] bridge0: port 3(veth0_vlan) entered disabled state
[  508.378726][T17306] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  508.722125][T17323] netlink: 72 bytes leftover after parsing attributes in process `syz.8.3361'.
[  508.869675][T17332] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3364'.
[  509.078414][T17345] /dev/nullb0: Can't lookup blockdev
[  509.188830][ T5953] Bluetooth: hci2: command tx timeout
[  509.487244][T17353] netlink: 'syz.8.3370': attribute type 10 has an invalid length.
[  509.489924][T17353] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3370'.
[  509.493012][T17353] bridge0: port 3(veth0_vlan) entered blocking state
[  509.495232][T17353] bridge0: port 3(veth0_vlan) entered disabled state
[  509.498994][T17353] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  510.185473][T17374] bridge0: port 3(syz_tun) entered blocking state
[  510.188235][T17374] bridge0: port 3(syz_tun) entered disabled state
[  510.191403][T17374] syz_tun: entered allmulticast mode
[  510.195687][T17374] syz_tun: entered promiscuous mode
[  510.197993][T17374] bridge0: port 3(syz_tun) entered blocking state
[  510.200799][T17374] bridge0: port 3(syz_tun) entered forwarding state
[  510.516272][T17379] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3378'.
[  510.776014][T17390] netlink: 'syz.5.3381': attribute type 10 has an invalid length.
[  510.778577][T17390] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3381'.
[  510.782154][T17390] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  511.636977][T17415] netlink: 'syz.3.3391': attribute type 10 has an invalid length.
[  511.640446][T17415] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3391'.
[  511.644252][T17415] bridge0: port 3(veth0_vlan) entered blocking state
[  511.647356][T17415] bridge0: port 3(veth0_vlan) entered disabled state
[  511.663181][T17415] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  511.665302][ T5300] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  511.677977][ T5300] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  511.687436][ T5300] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  511.692270][ T5300] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  511.695868][ T5300] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  511.728710][T17416] lo speed is unknown, defaulting to 1000
[  511.910302][T17416] chnl_net:caif_netlink_parms(): no params data found
[  512.028364][T17416] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.031271][T17416] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.033580][T17416] bridge_slave_0: entered allmulticast mode
[  512.036753][T17416] bridge_slave_0: entered promiscuous mode
[  512.062066][T17416] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.065150][T17416] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.078291][T17416] bridge_slave_1: entered allmulticast mode
[  512.092082][T17416] bridge_slave_1: entered promiscuous mode
[  512.109798][T17416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  512.115252][T17416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  512.165655][T17416] team0: Port device team_slave_0 added
[  512.169860][T17416] team0: Port device team_slave_1 added
[  512.217422][T17416] batman_adv: batadv0: Adding interface: batadv_slave_0
[  512.220100][T17416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  512.235703][T17416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  512.240336][T17416] batman_adv: batadv0: Adding interface: batadv_slave_1
[  512.244423][T17416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  512.253036][T17416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  512.288339][T17416] hsr_slave_0: entered promiscuous mode
[  512.292383][T17416] hsr_slave_1: entered promiscuous mode
[  512.294724][T17416] debugfs: 'hsr0' already exists in 'hsr'
[  512.296587][T17416] Cannot create hsr debugfs directory
[  512.491754][T17431] netlink: 72 bytes leftover after parsing attributes in process `syz.8.3394'.
[  512.611931][ T6037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  512.621907][ T6037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  512.635262][ T6037] bond0 (unregistering): (slave team0): Releasing backup interface
[  512.668205][T17441] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  512.670348][T17441] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  512.676158][T17441] vhci_hcd vhci_hcd.0: Device attached
[  512.676601][ T6037] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  512.681400][ T6037] bond0 (unregistering): Released all slaves
[  512.687108][ T6037] bond1 (unregistering): Released all slaves
[  512.790440][ T6037] bond2 (unregistering): (slave bond3): Releasing backup interface
[  512.793211][ T6037] bond3 (unregistering): left promiscuous mode
[  512.795934][ T6037] bond2 (unregistering): Released all slaves
[  512.917788][ T6037] bond3 (unregistering): Released all slaves
[  512.941574][ T6454] usb 44-1: SetAddress Request (32) to port 0
[  512.943550][ T6454] usb 44-1: new SuperSpeed USB device number 32 using vhci_hcd
[  513.010894][ T6037] : left promiscuous mode
[  513.134431][ T6037] tipc: Left network mode
[  513.220860][T17442] vhci_hcd: connection reset by peer
[  513.225109][   T46] vhci_hcd: stop threads
[  513.226615][   T46] vhci_hcd: release socket
[  513.228088][   T46] vhci_hcd: disconnect device
[  513.525868][T17416] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  513.530323][T17416] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  513.534791][T17416] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  513.539113][T17416] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  513.605497][T17465] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3401'.
[  513.632678][ T6037] hsr_slave_0: left promiscuous mode
[  513.634705][ T6037] batman_adv: batadv0: Removing interface: batadv_slave_0
[  513.637452][ T6037] batman_adv: batadv0: Removing interface: batadv_slave_1
[  513.653670][ T6037] pimreg (unregistering): left allmulticast mode
[  513.742036][ T5953] Bluetooth: hci4: command tx timeout
[  513.943603][T17472] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  513.945703][T17472] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  513.949001][T17472] vhci_hcd vhci_hcd.0: Device attached
[  513.960060][T17473] vhci_hcd: connection closed
[  513.960234][   T46] vhci_hcd: stop threads
[  513.963452][   T46] vhci_hcd: release socket
[  513.965449][   T46] vhci_hcd: disconnect device
[  514.029229][ T6037] team0 (unregistering): Port device team_slave_1 removed
[  514.067273][ T6037] team0 (unregistering): Port device team_slave_0 removed
[  514.183487][T17468] netlink: 'syz.8.3402': attribute type 10 has an invalid length.
[  514.186663][T17468] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3402'.
[  514.377540][T17482] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3406'.
[  514.409296][T17468] bridge0: port 4(veth0_vlan) entered blocking state
[  514.412568][T17468] bridge0: port 4(veth0_vlan) entered disabled state
[  514.423518][T17468] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  514.438976][T17416] 8021q: adding VLAN 0 to HW filter on device bond0
[  514.460581][T17416] 8021q: adding VLAN 0 to HW filter on device team0
[  514.477011][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.480363][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state
[  514.497475][ T4375] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.500095][ T4375] bridge0: port 2(bridge_slave_1) entered forwarding state
[  514.709063][T17416] 8021q: adding VLAN 0 to HW filter on device batadv0
[  514.792796][   T54] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  514.857204][T17503] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3409'.
[  514.875837][T17503] bond0: entered promiscuous mode
[  514.877524][T17503] bond_slave_0: entered promiscuous mode
[  514.880060][T17503] bond_slave_1: entered promiscuous mode
[  514.883525][T17503] bond0: left promiscuous mode
[  514.885270][T17503] bond_slave_0: left promiscuous mode
[  514.887533][T17503] bond_slave_1: left promiscuous mode
[  514.933008][ T6037] IPVS: stop unused estimator thread 0...
[  515.004567][T17503] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3409'.
[  515.011926][T17503] bond0: entered promiscuous mode
[  515.013701][T17503] bond_slave_0: entered promiscuous mode
[  515.015693][T17503] bond_slave_1: entered promiscuous mode
[  515.018662][T17503] bond0: left promiscuous mode
[  515.020291][T17503] bond_slave_0: left promiscuous mode
[  515.022284][T17503] bond_slave_1: left promiscuous mode
[  515.325955][T17416] veth0_vlan: entered promiscuous mode
[  515.341842][T17416] veth1_vlan: entered promiscuous mode
[  515.387942][T17416] veth0_macvtap: entered promiscuous mode
[  515.399059][T17416] veth1_macvtap: entered promiscuous mode
[  515.430084][T17416] batman_adv: batadv0: Interface activated: batadv_slave_0
[  515.449401][T17416] batman_adv: batadv0: Interface activated: batadv_slave_1
[  515.470788][ T6037] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  515.475063][ T6037] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  515.479289][ T6037] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  515.496613][ T1049] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  515.833861][ T5953] Bluetooth: hci4: command tx timeout
[  515.884709][T17202] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  515.887355][T17202] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  515.910836][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  515.916945][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  516.379634][T17527] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  516.382252][T17527] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  516.397571][T17527] vhci_hcd vhci_hcd.0: Device attached
[  516.664528][ T6887] usb 48-1: SetAddress Request (7) to port 0
[  516.665363][T17521] netlink: 'syz.6.3414': attribute type 10 has an invalid length.
[  516.669255][ T6887] usb 48-1: new SuperSpeed USB device number 7 using vhci_hcd
[  516.669314][T17521] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3414'.
[  516.675584][T17521] bridge0: port 2(veth0_vlan) entered blocking state
[  516.678007][T17521] bridge0: port 2(veth0_vlan) entered disabled state
[  516.682476][T17521] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  516.957815][T17528] vhci_hcd: connection reset by peer
[  516.960285][ T6037] vhci_hcd: stop threads
[  516.961697][ T6037] vhci_hcd: release socket
[  516.963168][ T6037] vhci_hcd: disconnect device
[  517.164830][T17531] syzkaller1: entered promiscuous mode
[  517.166608][T17531] syzkaller1: entered allmulticast mode
[  517.914996][ T5953] Bluetooth: hci4: command tx timeout
[  518.005076][ T6454] usb 44-1: device descriptor read/8, error -110
[  518.217566][T17547] netlink: 64 bytes leftover after parsing attributes in process `syz.8.3418'.
[  518.220951][T17547] netlink: 60 bytes leftover after parsing attributes in process `syz.8.3418'.
[  518.230872][T17547] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6)
[  518.233027][T17547] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  518.236034][T17547] vhci_hcd vhci_hcd.0: Device attached
[  518.242976][T17548] vhci_hcd: connection closed
[  518.243157][   T83] vhci_hcd: stop threads
[  518.246209][   T83] vhci_hcd: release socket
[  518.247787][   T83] vhci_hcd: disconnect device
[  518.267114][T17535] netlink: 'syz.3.3417': attribute type 10 has an invalid length.
[  518.269742][T17535] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3417'.
[  518.272678][T17535] bridge0: port 3(veth0_vlan) entered blocking state
[  518.274986][T17535] bridge0: port 3(veth0_vlan) entered disabled state
[  518.278613][T17535] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  518.405858][ T6454] usb usb44-port1: attempt power cycle
[  518.815014][T17560] binder: 17558:17560 unknown command 48
[  518.816955][T17560] binder: 17558:17560 ioctl c0306201 80000080 returned -22
[  518.986242][ T6454] usb usb44-port1: unable to enumerate USB device
[  519.226138][T17575] futex_wake_op: syz.5.3428 tries to shift op by 32; fix this program
[  519.314555][T17578] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(9)
[  519.316780][T17578] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  519.322464][T17578] vhci_hcd vhci_hcd.0: Device attached
[  519.646235][ T6454] usb 54-1: SetAddress Request (2) to port 0
[  519.648201][ T6454] usb 54-1: new SuperSpeed USB device number 2 using vhci_hcd
[  519.988471][ T5953] Bluetooth: hci4: command tx timeout
[  520.085816][T17579] vhci_hcd: connection reset by peer
[  520.090061][ T7599] vhci_hcd: stop threads
[  520.091844][ T7599] vhci_hcd: release socket
[  520.093727][ T7599] vhci_hcd: disconnect device
[  520.212944][T17567] syz.3.3424 (17567): drop_caches: 1
[  520.562687][T17592] syzkaller0: entered promiscuous mode
[  520.564887][T17592] syzkaller0: entered allmulticast mode
[  520.568463][T17590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3431'.
[  520.579136][T17592] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3432'.
[  520.582845][T17592] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3432'.
[  520.709530][T17595] netlink: 'syz.8.3433': attribute type 10 has an invalid length.
[  520.712212][T17595] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3433'.
[  520.715443][T17595] bridge0: port 4(veth0_vlan) entered blocking state
[  520.718222][T17595] bridge0: port 4(veth0_vlan) entered disabled state
[  520.723174][T17595] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  521.028299][ T6010] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  521.178517][ T6010] usb 10-1: config index 0 descriptor too short (expected 39, got 27)
[  521.181197][ T6010] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  521.184249][ T6010] usb 10-1: config 0 interface 0 has no altsetting 0
[  521.199042][ T6010] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  521.201982][ T6010] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  521.204568][ T6010] usb 10-1: Product: syz
[  521.205944][ T6010] usb 10-1: Manufacturer: syz
[  521.217405][ T6010] usb 10-1: SerialNumber: syz
[  521.220113][ T6010] usb 10-1: config 0 descriptor??
[  521.224055][ T6010] hub 10-1:0.0: bad descriptor, ignoring hub
[  521.225943][ T6010] hub 10-1:0.0: probe with driver hub failed with error -5
[  521.232791][ T6010] usb 10-1: selecting invalid altsetting 0
[  521.306058][T17608] hsr0: entered allmulticast mode
[  521.307814][T17608] hsr_slave_0: entered allmulticast mode
[  521.309692][T17608] hsr_slave_1: entered allmulticast mode
[  521.759326][ T6887] usb 48-1: device descriptor read/8, error -110
[  521.811317][T17597] usb 10-1: reset high-speed USB device number 12 using dummy_hcd
[  521.848905][T17617] syz.8.3441 (17617): drop_caches: 4
[  521.860078][T17617] netlink: 'syz.8.3441': attribute type 21 has an invalid length.
[  521.978551][T17597] usb 10-1: device firmware changed
[  521.987367][ T6028] usb 10-1: USB disconnect, device number 12
[  522.310387][ T6887] usb usb48-port1: attempt power cycle
[  522.528046][ T6028] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  522.615425][T17626] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3442'.
[  522.696466][ T6028] usb 10-1: unable to get BOS descriptor or descriptor too short
[  522.700546][ T6028] usb 10-1: unable to read config index 0 descriptor/start: -71
[  522.703077][ T6028] usb 10-1: can't read configurations, error -71
[  522.741832][T17631] netlink: 'syz.8.3443': attribute type 10 has an invalid length.
[  522.746736][T17631] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  522.750005][T17631] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  522.753852][T17631] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  522.892229][ T6887] usb usb48-port1: unable to enumerate USB device
[  522.931749][T17643] fuse: Unknown parameter 'boup_id'
[  523.064493][T17643] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  523.284940][T17657] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  523.744387][T17674] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[  523.903857][T17679] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  524.343229][T17689] netlink: set zone limit has 4 unknown bytes
[  524.383115][T17691] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  524.395672][T17691] kvm: pic: level sensitive irq not supported
[  524.396098][T17691] kvm: pic: non byte read
[  524.403108][T17691] kvm: pic: level sensitive irq not supported
[  524.403506][T17691] kvm: pic: non byte read
[  524.409245][T17691] kvm: pic: level sensitive irq not supported
[  524.409673][T17691] kvm: pic: non byte read
[  524.414694][T17691] kvm: pic: level sensitive irq not supported
[  524.415076][T17691] kvm: pic: non byte read
[  524.420249][T17691] kvm: pic: level sensitive irq not supported
[  524.420583][T17691] kvm: pic: non byte read
[  524.429999][T17691] kvm: pic: level sensitive irq not supported
[  524.430362][T17691] kvm: pic: non byte read
[  524.435151][T17691] kvm: pic: level sensitive irq not supported
[  524.435599][T17691] kvm: pic: non byte read
[  524.449682][T17691] kvm: pic: level sensitive irq not supported
[  524.449985][T17691] kvm: pic: non byte read
[  524.710438][ T6454] usb 54-1: device descriptor read/8, error -110
[  525.124704][ T6454] usb usb54-port1: attempt power cycle
[  525.711343][ T6454] usb usb54-port1: unable to enumerate USB device
[  525.869330][T17731] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[  526.231959][T17736] ------------[ cut here ]------------
[  526.234727][T17736] WARNING: ./include/linux/memcontrol.h:381 at folio_memcg+0x2de/0x380, CPU#1: syz.5.3475/17736
[  526.238850][T17736] Modules linked in:
[  526.240309][T17736] CPU: 1 UID: 0 PID: 17736 Comm: syz.5.3475 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  526.243821][T17736] Tainted: [L]=SOFTLOCKUP
[  526.245170][T17736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  526.248754][T17736] RIP: 0010:folio_memcg+0x2de/0x380
[  526.250970][T17736] Code: 48 c9 94 ff be ff ff ff ff 48 c7 c7 48 6d 42 8e e8 e7 e6 3a 09 31 ff 89 c3 89 c6 e8 dc c3 94 ff 85 db 75 87 e8 23 c9 94 ff 90 <0f> 0b 90 e9 79 ff ff ff e8 15 c9 94 ff 48 c7 c6 80 73 9e 8b 48 89
[  526.259200][T17736] RSP: 0018:ffffc90007ee7140 EFLAGS: 00010246
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  526.262212][T17736] RAX: 0000000000080000 RBX: 0000000000000000 RCX: ffffc90033040000
[  526.265612][T17736] RDX: 0000000000080000 RSI: ffffffff8228cf4d RDI: 0000000000000005
[  526.268005][T17736] RBP: ffff888023dfe500 R08: 0000000000000005 R09: 0000000000000000
[  526.270386][T17736] R10: 0000000000000000 R11: 1ffffffff1c7a841 R12: 0000000000000002
[  526.273122][T17736] R13: 0000000000000000 R14: 00000000f517c000 R15: ffffea0001940000
[  526.275543][T17736] FS:  0000000000000000(0000) GS:ffff888097865000(0063) knlGS:00000000f517bb40
[  526.278202][T17736] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  526.280195][T17736] CR2: 00000000336f7ff8 CR3: 000000004c3ca000 CR4: 0000000000352ef0
[  526.282734][T17736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  526.285137][T17736] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  526.287549][T17736] Call Trace:
[  526.288573][T17736]  <TASK>
[  526.289480][T17736]  __folio_split+0xb2/0x4860
[  526.291032][T17736]  ? find_held_lock+0x2b/0x80
[  526.292498][T17736]  ? mark_held_locks+0x49/0x80
[  526.294030][T17736]  ? __pfx___folio_split+0x10/0x10
[  526.295654][T17736]  ? lockdep_hardirqs_on+0x7c/0x110
[  526.297231][T17736]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  526.299016][T17736]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  526.301107][T17736]  madvise_cold_or_pageout_pte_range+0x1385/0x20d0
[  526.303264][T17736]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  526.305320][T17736]  ? pgd_bad+0xad/0xf0
[  526.306606][T17736]  ? __pfx_pgd_bad+0x10/0x10
[  526.308043][T17736]  ? walk_pgd_range+0xbe2/0x1f40
[  526.309591][T17736]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  526.311905][T17736]  walk_pgd_range+0xcdc/0x1f40
[  526.313432][T17736]  ? __pfx_walk_pgd_range+0x10/0x10
[  526.315249][T17736]  ? find_held_lock+0x2b/0x80
[  526.316725][T17736]  __walk_page_range+0x163/0x820
[  526.318301][T17736]  ? rcu_is_watching+0x12/0xc0
[  526.319788][T17736]  ? __lock_acquire+0x433/0x22f0
[  526.321402][T17736]  walk_page_range_vma+0x2c7/0xa20
[  526.322980][T17736]  ? __pfx_walk_page_range_vma+0x10/0x10
[  526.324696][T17736]  ? find_held_lock+0x2b/0x80
[  526.326168][T17736]  madvise_pageout+0x257/0x540
[  526.327647][T17736]  ? __pfx_madvise_pageout+0x10/0x10
[  526.329475][T17736]  ? mtree_range_walk+0x718/0xc00
[  526.331129][T17736]  madvise_vma_behavior+0xb14/0x2d00
[  526.332724][T17736]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  526.334604][T17736]  ? __pfx_mt_find+0x10/0x10
[  526.336076][T17736]  ? find_vma_prev+0xd3/0x150
[  526.337610][T17736]  ? find_vma+0xbf/0x140
[  526.338932][T17736]  ? __pfx_find_vma+0x10/0x10
[  526.340436][T17736]  madvise_walk_vmas+0x31f/0x9c0
[  526.342083][T17736]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  526.343776][T17736]  madvise_do_behavior+0x1e2/0x530
[  526.345412][T17736]  ? __pfx_madvise_do_behavior+0x10/0x10
[  526.347161][T17736]  ? down_read+0x13d/0x460
[  526.348523][T17736]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  526.350395][T17736]  do_madvise+0x176/0x240
[  526.351797][T17736]  ? __pfx_do_madvise+0x10/0x10
[  526.353324][T17736]  ? rcu_is_watching+0x12/0xc0
[  526.354836][T17736]  ? kcov_ioctl+0x265/0x6e0
[  526.356422][T17736]  ? fput+0x70/0xf0
[  526.357583][T17736]  __ia32_sys_madvise+0xa7/0x110
[  526.359102][T17736]  ? lockdep_hardirqs_on+0x7c/0x110
[  526.360719][T17736]  __do_fast_syscall_32+0xe8/0x680
[  526.362519][T17736]  do_fast_syscall_32+0x32/0x80
[  526.364021][T17736]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  526.365918][T17736] RIP: 0023:0xf70cd579
[  526.367177][T17736] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  526.373029][T17736] RSP: 002b:00000000f517b55c EFLAGS: 00000296 ORIG_RAX: 00000000000000db
[  526.375546][T17736] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 00000000ffffffff
[  526.377984][T17736] RDX: 0000000000000015 RSI: 0000000000000000 RDI: 0000000000000000
[  526.380471][T17736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  526.382935][T17736] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  526.385319][T17736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  526.387842][T17736]  </TASK>
[  526.388821][T17736] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  526.391100][T17736] CPU: 1 UID: 0 PID: 17736 Comm: syz.5.3475 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  526.394280][T17736] Tainted: [L]=SOFTLOCKUP
[  526.395616][T17736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  526.398918][T17736] Call Trace:
[  526.399966][T17736]  <TASK>
[  526.400910][T17736]  dump_stack_lvl+0x3d/0x1f0
[  526.402397][T17736]  vpanic+0x640/0x6f0
[  526.403670][T17736]  ? folio_memcg+0x2de/0x380
[  526.405431][T17736]  panic+0xca/0xd0
[  526.406728][T17736]  ? __pfx_panic+0x10/0x10
[  526.408071][T17736]  check_panic_on_warn+0xab/0xb0
[  526.409588][T17736]  __warn+0x108/0x3c0
[  526.410853][T17736]  __report_bug+0x2a0/0x520
[  526.412269][T17736]  ? folio_memcg+0x2de/0x380
[  526.413744][T17736]  ? __pfx___report_bug+0x10/0x10
[  526.415306][T17736]  ? lockdep_hardirqs_on+0x7c/0x110
[  526.416883][T17736]  ? irqentry_exit+0x1dd/0x8c0
[  526.418344][T17736]  ? rcu_is_watching+0x12/0xc0
[  526.419825][T17736]  ? folio_memcg+0x2de/0x380
[  526.421269][T17736]  ? folio_memcg+0x2de/0x380
[  526.422753][T17736]  report_bug+0xb2/0x220
[  526.424049][T17736]  ? folio_memcg+0x2de/0x380
[  526.425464][T17736]  handle_bug+0x127/0x260
[  526.426766][T17736]  exc_invalid_op+0x17/0x50
[  526.428156][T17736]  asm_exc_invalid_op+0x1a/0x20
[  526.429708][T17736] RIP: 0010:folio_memcg+0x2de/0x380
[  526.431391][T17736] Code: 48 c9 94 ff be ff ff ff ff 48 c7 c7 48 6d 42 8e e8 e7 e6 3a 09 31 ff 89 c3 89 c6 e8 dc c3 94 ff 85 db 75 87 e8 23 c9 94 ff 90 <0f> 0b 90 e9 79 ff ff ff e8 15 c9 94 ff 48 c7 c6 80 73 9e 8b 48 89
[  526.437159][T17736] RSP: 0018:ffffc90007ee7140 EFLAGS: 00010246
[  526.439013][T17736] RAX: 0000000000080000 RBX: 0000000000000000 RCX: ffffc90033040000
[  526.441440][T17736] RDX: 0000000000080000 RSI: ffffffff8228cf4d RDI: 0000000000000005
[  526.443833][T17736] RBP: ffff888023dfe500 R08: 0000000000000005 R09: 0000000000000000
[  526.446215][T17736] R10: 0000000000000000 R11: 1ffffffff1c7a841 R12: 0000000000000002
[  526.448595][T17736] R13: 0000000000000000 R14: 00000000f517c000 R15: ffffea0001940000
[  526.451012][T17736]  ? folio_memcg+0x2dd/0x380
[  526.452424][T17736]  __folio_split+0xb2/0x4860
[  526.453861][T17736]  ? find_held_lock+0x2b/0x80
[  526.455315][T17736]  ? mark_held_locks+0x49/0x80
[  526.456801][T17736]  ? __pfx___folio_split+0x10/0x10
[  526.458412][T17736]  ? lockdep_hardirqs_on+0x7c/0x110
[  526.459999][T17736]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  526.461818][T17736]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  526.463831][T17736]  madvise_cold_or_pageout_pte_range+0x1385/0x20d0
[  526.465878][T17736]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  526.467903][T17736]  ? pgd_bad+0xad/0xf0
[  526.469159][T17736]  ? __pfx_pgd_bad+0x10/0x10
[  526.470567][T17736]  ? walk_pgd_range+0xbe2/0x1f40
[  526.472081][T17736]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  526.474148][T17736]  walk_pgd_range+0xcdc/0x1f40
[  526.475626][T17736]  ? __pfx_walk_pgd_range+0x10/0x10
[  526.477213][T17736]  ? find_held_lock+0x2b/0x80
[  526.478685][T17736]  __walk_page_range+0x163/0x820
[  526.480228][T17736]  ? rcu_is_watching+0x12/0xc0
[  526.481770][T17736]  ? __lock_acquire+0x433/0x22f0
[  526.483320][T17736]  walk_page_range_vma+0x2c7/0xa20
[  526.484895][T17736]  ? __pfx_walk_page_range_vma+0x10/0x10
[  526.486582][T17736]  ? find_held_lock+0x2b/0x80
[  526.488056][T17736]  madvise_pageout+0x257/0x540
[  526.489516][T17736]  ? __pfx_madvise_pageout+0x10/0x10
[  526.491140][T17736]  ? mtree_range_walk+0x718/0xc00
[  526.492653][T17736]  madvise_vma_behavior+0xb14/0x2d00
[  526.494266][T17736]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  526.496017][T17736]  ? __pfx_mt_find+0x10/0x10
[  526.497442][T17736]  ? find_vma_prev+0xd3/0x150
[  526.498906][T17736]  ? find_vma+0xbf/0x140
[  526.500227][T17736]  ? __pfx_find_vma+0x10/0x10
[  526.501738][T17736]  madvise_walk_vmas+0x31f/0x9c0
[  526.503259][T17736]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  526.504938][T17736]  madvise_do_behavior+0x1e2/0x530
[  526.506492][T17736]  ? __pfx_madvise_do_behavior+0x10/0x10
[  526.508143][T17736]  ? down_read+0x13d/0x460
[  526.509499][T17736]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  526.511351][T17736]  do_madvise+0x176/0x240
[  526.512667][T17736]  ? __pfx_do_madvise+0x10/0x10
[  526.514195][T17736]  ? rcu_is_watching+0x12/0xc0
[  526.515730][T17736]  ? kcov_ioctl+0x265/0x6e0
[  526.517198][T17736]  ? fput+0x70/0xf0
[  526.518523][T17736]  __ia32_sys_madvise+0xa7/0x110
[  526.520064][T17736]  ? lockdep_hardirqs_on+0x7c/0x110
[  526.521693][T17736]  __do_fast_syscall_32+0xe8/0x680
[  526.523274][T17736]  do_fast_syscall_32+0x32/0x80
[  526.524798][T17736]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  526.526743][T17736] RIP: 0023:0xf70cd579
[  526.528006][T17736] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  526.533869][T17736] RSP: 002b:00000000f517b55c EFLAGS: 00000296 ORIG_RAX: 00000000000000db
[  526.536380][T17736] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 00000000ffffffff
[  526.538795][T17736] RDX: 0000000000000015 RSI: 0000000000000000 RDI: 0000000000000000
[  526.541250][T17736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  526.543664][T17736] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  526.546058][T17736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  526.548449][T17736]  </TASK>
[  526.550112][T17736] Kernel Offset: disabled
[  526.551529][T17736] Rebooting in 86400 seconds..