last executing test programs:

2m31.447277791s ago: executing program 1 (id=2809):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000440)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f0000006840)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x200000, 0x2000, 0xfffc, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0xfffffffffffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xfcc00000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r2, 0x0, 0x440, 0x880000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x0, 0xa9)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000000)={0x5, 0x3, 0x80000001, 0x4, 0x1e, "88e1ffd60000000000000000000000ee000004"})

2m31.342237123s ago: executing program 1 (id=2810):
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lstat(&(0x7f00000000c0)='./file0\x00', 0x0)

2m31.276573319s ago: executing program 1 (id=2811):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x5, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x8d], 0x10000, 0x2071c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m31.07728144s ago: executing program 1 (id=2813):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f0000000080)='./file0\x00', 0x1)

2m31.052830806s ago: executing program 1 (id=2815):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0xce0a, 0x10100, 0x3, 0x370, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r5=>0x0)
io_pgetevents(r5, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], 0x0, 0x0)

2m30.916008564s ago: executing program 1 (id=2819):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000200)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e})
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9})
close_range(r0, 0xffffffffffffffff, 0x0)

2m30.8575288s ago: executing program 32 (id=2819):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000200)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e})
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0xfffffffffffffff9})
close_range(r0, 0xffffffffffffffff, 0x0)

44.966935698s ago: executing program 4 (id=4037):
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x400, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0x0, 0x0, 0x0, 0xfffffffd}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002840)=@newtaction={0x48, 0x1e, 0x109, 0x0, 0xfffffffc, {}, [{0x34, 0x1, [@m_mirred={0x30, 0x0, 0x0, 0x0, {{0xb, 0x9}, {0x4, 0xe}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x0)

41.527687248s ago: executing program 4 (id=4048):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x716, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x10b100, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="001300"})

41.372966955s ago: executing program 4 (id=4050):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1a, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe000000008500000018000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46c7e81eb72c00000000d0d26b5069f8a98f7dc8f76b74635fde9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f000000008b260000b2728a0481e9f0da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bf1339454c13ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8507bc7d202e0990e0"], &(0x7f0000000340)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0xffff0000, 0xf0, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48)

40.516436259s ago: executing program 4 (id=4052):
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mount$fuse(0x0, 0x0, 0x0, 0x100000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000180)='./file1\x00')
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0)
setpgid(r2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r3 = getpgid(r2)
setpgid(0x0, r3)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x11d)

40.450047881s ago: executing program 4 (id=4054):
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x6e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000000)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
fcntl$setlease(r0, 0x400, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
creat(&(0x7f00000005c0)='./file0\x00', 0x0)

40.229264943s ago: executing program 4 (id=4056):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f0000000080), 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000000)=0x4, 0x4)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x3314, 0x206)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000104000002000000000000000200", @ANYRES32=0x0, @ANYBLOB="0380000000000000140012800b0001006970766c616e0000", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES16=r4], 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)
sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

40.155157905s ago: executing program 33 (id=4056):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f0000000080), 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000000)=0x4, 0x4)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r3, 0x3314, 0x206)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000104000002000000000000000200", @ANYRES32=0x0, @ANYBLOB="0380000000000000140012800b0001006970766c616e0000", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES16=r4], 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)
sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

3.842310917s ago: executing program 3 (id=4294):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x80000001, @local, 0x6}, 0x1c)
syz_io_uring_submit(0x0, 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

3.616278019s ago: executing program 2 (id=4296):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat$binfmt_register(0xffffff9c, &(0x7f0000000440), 0x1, 0x0)
write$binfmt_register(r1, &(0x7f0000000080)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x1, 0x3a, 'netdevsim0\x00', 0x3a, '}$\'\',{(&,-', 0x3a, './file0', 0x3a, [0x46, 0x4f]}, 0x3e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = dup(0xffffffffffffffff)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0xfffc, @local}}, 0x0, 0x0, 0xffff, 0x0, "093f38050b94725997f7ff898a3f9ab16a8731bf2ce9e46bca4cef5a7c35015b7a97f697e89d86377518bf274943a186c89a051c531b5ad251ff1e26b7fe42b3eb4ddd4dc049ad87c56cd0c3628976cc"}, 0xd8)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r7)
sendmsg$IPVS_CMD_GET_DAEMON(r7, &(0x7f0000000100)={0x0, 0xec0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x301, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x40)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0)

3.039375092s ago: executing program 3 (id=4298):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x141081, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)

2.80611939s ago: executing program 0 (id=4302):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=@ipv6_getanyicast={0x14, 0x3e, 0x927, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x2400c014)

2.701495088s ago: executing program 2 (id=4303):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000009c0)=[{{&(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000340)=""/49, 0x31}, {&(0x7f0000000440)=""/187, 0xbb}, {&(0x7f0000000500)=""/25, 0x19}, {&(0x7f0000000540)=""/29, 0x1d}, {&(0x7f0000000900)=""/172, 0xac}], 0x5, &(0x7f0000000800)=""/53, 0x35}, 0xfffffff3}], 0x1, 0x40012140, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
semget$private(0x0, 0x4, 0x24)

2.09969219s ago: executing program 3 (id=4304):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x804)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$inet(r3, &(0x7f0000001540), 0x800000000000214, 0x20000001)
recvmmsg(r4, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/52, 0x34}, {&(0x7f0000000440)=""/173, 0xad}], 0x2}, 0x9}, {{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000001580)=""/4096, 0x1000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80)=""/54, 0x36}, 0x6}], 0x3, 0x40000000, &(0x7f0000000f80)={0x77359400})

1.950477235s ago: executing program 5 (id=4305):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x801, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4000)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x4000008, @mcast2, 0x1}, {0xa, 0x0, 0x7, @loopback}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0xa, 0x3, 0x3, @local}, r2}}, 0x48)

1.949684459s ago: executing program 5 (id=4306):
r0 = memfd_create(&(0x7f00000002c0)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f^\xd5\xfd\xa1\r\xac7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6&\xd0\x9daA\xc5\xb8_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2_\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb:\b\xeeC0\xa3\xa6\xcf\x00\x00\xac\xc5h&+\t\x98\'\xfd|\x11\x99\xa2*6{\xd2C>2\x0e\"\xbc\xda\xee\xb0\xd8\xbf\xaf)\xf58c\x189K\x82\xd1(\xceY*\xcb\x9b\xbdn\x8e\x88m\x10L\xec\xfdWF\x7fj\x19\xb8<\xd2\x9d\xf0\xe9Qy\xe32\xed\x16f\xfe&\x1a\xdb\xeb\xad\xaaE\b\xa9\xf8\xa9s\xc4d\xd4\x03\xf1\xb7xO\x99\x804m[Ai\x13\x02\xf0\x84c2s\xd5P\t`\x9b\x12&\x8cx\x8eg\x9d\xe6g', 0x3)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x0, 0x2012, r0, 0x5401000)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.816761495s ago: executing program 2 (id=4307):
r0 = syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x4a141)
syz_usb_disconnect(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x740, 0x140)
r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0cc5604, &(0x7f0000000200)={0x1, @pix={0x401, 0x3, 0x35303553, 0x0, 0x80, 0x0, 0x7, 0x1, 0x556a5d8406ddb361, 0x3, 0x0, 0x4}})
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2000004, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r3, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x7fff, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f00000000c0)={0x7, 0x8, 0x5, 0x8, 0x6}, 0x14)
sendto$inet6(r3, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=""/4096, 0x1000, 0x0, 0x0}, &(0x7f0000000140)=0x40)
r5 = openat$sequencer2(0xffffff9c, &(0x7f0000000000), 0x8200, 0x0)
ioctl$SNDCTL_SEQ_GETINCOUNT(r5, 0x80045105, 0x0)
ioctl$HIDIOCGFEATURE(r0, 0xc0404807, 0x0)

1.71450136s ago: executing program 0 (id=4308):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)

1.69385712s ago: executing program 5 (id=4309):
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff034}, {0x6, 0x0, 0x0, 0x2}]}, 0x8)
sendmmsg(r3, &(0x7f0000001c00), 0x400000000000159, 0x40840)

1.296673706s ago: executing program 5 (id=4310):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0x1, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0xd, 0x51, 0x9, 0x643b, 0x8, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1.256540462s ago: executing program 5 (id=4311):
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x68, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1}}}}}}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00006c6000/0x400000)=nil, &(0x7f0000685000/0x4000)=nil, 0x400000, 0x0, 0x18100})
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

1.147937004s ago: executing program 3 (id=4312):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$SNDCTL_SEQ_CTRLRATE(r1, 0xc0045103, 0x0)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0xef4, &(0x7f0000000300)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000140)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0xa, 0x3, 0x3, @local}}}, 0x48)
r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
read(r6, &(0x7f0000000000)=""/93, 0x5d)

1.013098396s ago: executing program 2 (id=4313):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x401)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340))
r4 = dup(r3)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r4})

955.764647ms ago: executing program 2 (id=4314):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001600)=ANY=[@ANYBLOB="61128ca70000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee61e00bf150000000000000f57ffd00000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233bff7f0000000000009fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874c9a0c6c04b96360d6f499d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f4205ebf9a98a0d9f18135cb1d8d567c3436fa697b72c3b0200000000000079c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff68e84d7b130906f17f6aa075a257310f2d92cb1d1e16468949f5675262ee318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0fde97a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee807fc081e004ffb7d3104af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a40fde69c350e59f11f1d26a4d04d8c8b2c4a4d23ec931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000240)={'team0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000500), r0)
sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x6c, r6, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48014}, 0x80)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'pim6reg\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r4, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x3c}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r1, 0x1, 0x0, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0)

870.308178ms ago: executing program 0 (id=4315):
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r6, {0x0, 0x3}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
readv(0xffffffffffffffff, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1)
r7 = memfd_create(&(0x7f0000001240)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1)
fsetxattr$security_ima(r7, &(0x7f0000000080), 0x0, 0x0, 0x0)
write$binfmt_script(r7, &(0x7f0000003b80)={'#! ', './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0'}, 0x1002)
fchmod(0xffffffffffffffff, 0x134)
mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f00000002c0)={'trans=rdma,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@timeout}]}})

756.542775ms ago: executing program 2 (id=4316):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$inet(0x2, 0x3, 0x6)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5, 0x0, 0x1000}, 0x18)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000e00))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000e40)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee00}}, './file0\x00'})
fstat(r0, &(0x7f0000000e80))
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000f80)={&(0x7f0000000300)=@proc={0x10, 0x0, 0x25dfdbff, 0x100000}, 0xc, &(0x7f0000000dc0)=[{&(0x7f0000000340)={0x1c, 0x35, 0x4, 0x70bd27, 0x25dfdbfb, "", [@typed={0x8, 0xd2, 0x0, 0x0, @fd=r4}, @nested={0x4, 0xff}]}, 0x1c}, {0x0}, {0x0}, {0x0}], 0x4, 0x0, 0x0, 0x40000}, 0x12014)

754.460175ms ago: executing program 5 (id=4317):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
write$char_usb(r1, &(0x7f0000001300)='7', 0x1)
r2 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x29cc, 0x10100}, &(0x7f0000000380)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x567, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x1000000000000)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x4b3, 0x3103, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x80, 0x9, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x1, 0x3, 0x0, {0x9, 0x21, 0x3, 0x2, 0x1, {0x22, 0xecb}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x4, 0x5, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0xdb, 0x8, 0x9}}]}}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x250, 0x7f, 0x0, 0x3, 0x0, 0xd}, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}, 0x2, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x401}}, {0x7d, &(0x7f0000000140)=ANY=[@ANYBLOB="7d03f80a5af8232bec78d6cfe88d8fedf60ffdd7f3c7427c778eb8179aab7713c7e4bda355405e7c6cf4bb53d808e25ac974dd004fd221e5d3c28cca4152a5e6298e102909a9f18e044948764bbb66756179aabe6281fe700bf1bdab67b8190e24aa7f1f8469259f99cecf6be0b265526f8e0ee399b0"]}]})
r5 = syz_open_dev$vim2m(&(0x7f00000003c0), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000002c0)={0x9, 0x1, 0x0, "db201651a16fd018782c71f2c08187822d55b056383c3edeb939d255e9e4bb90"})
sendfile(0xffffffffffffffff, r5, &(0x7f0000000080)=0x7fffffff, 0x1)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r6, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e22, @multicast1}}, 0x24)
listen(r6, 0x4)
listen(r6, 0xbc3)

622.862458ms ago: executing program 0 (id=4318):
r0 = socket$netlink(0x10, 0x3, 0x0)
unshare(0x22020600)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00')
pipe2$9p(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r4 = dup(r3)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r4, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000180), 0x1010412, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_fscache}]}})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x121842, 0x52)
writev(r5, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1)
setns(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

565.083805ms ago: executing program 0 (id=4319):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x8000}}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0xa)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="380000001800100000000000000000000200000000030009000000000696d191e200000014001680100008800cf2"], 0x38}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c0001800600060080"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

110.923247ms ago: executing program 0 (id=4320):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0x20000006})
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
timer_create(0x0, 0x0, 0x0)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x38ff, &(0x7f0000000300)={0x0, 0x200000, 0x10100}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
io_uring_enter(r5, 0x2def, 0x4000, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

70.701845ms ago: executing program 3 (id=4321):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000026c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0x1, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0xffe6, 0xb}, {0xffe0, 0xc}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xffffffff, 0x10f, 0xb631, 0x1ff, 0x1, 0x3ff, 0x1, 0x6, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

0s ago: executing program 3 (id=4322):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x88d, &(0x7f0000000380)={0x0, 0x8936, 0x0, 0x2, 0xbfdffffc}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r3, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x23456})
io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x0)

0s ago: executing program 2 (id=4323):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0x1, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

kernel console output (not intermixed with test programs):

ed USB device number 11 using dummy_hcd
[  191.259698][ T6022] usb 6-1: Using ep0 maxpacket: 8
[  191.262696][ T6022] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  191.265334][ T6022] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  191.268472][ T6022] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  191.272501][ T6022] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  191.275794][ T6022] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  191.280645][ T6022] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  191.283597][ T6022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.496180][ T6022] usb 6-1: GET_CAPABILITIES returned 0
[  191.498062][ T6022] usbtmc 6-1:16.0: can't read capabilities
[  191.698095][ T6022] usb 6-1: USB disconnect, device number 11
[  192.535437][T11913] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2329'.
[  192.539448][T11913] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2329'.
[  192.543593][T11913] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2329'.
[  192.771919][T11932] overlayfs: failed to clone upperpath
[  192.817164][T11931] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2333'.
[  192.903616][T11939] tipc: Failed to remove unknown binding: 66,1,1/2886997162:4077972690/4077972692
[  192.906798][T11939] tipc: Failed to remove unknown binding: 66,1,1/2886997162:4077972690/4077972692
[  193.099371][T11931] bond5: entered promiscuous mode
[  193.103055][T11931] bond5: entered allmulticast mode
[  193.108865][T11937] geneve2: entered promiscuous mode
[  193.123790][T11937] geneve2: entered allmulticast mode
[  193.125791][T11937] bond5: (slave geneve2): Enslaving as an active interface with an up link
[  193.140084][T11941] bond5 (unregistering): (slave geneve2): Releasing backup interface
[  193.159792][T11941] geneve2: left promiscuous mode
[  193.163352][T11941] geneve2: left allmulticast mode
[  193.167033][T11941] bond5 (unregistering): Released all slaves
[  193.237759][T11951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2340'.
[  193.244602][T11951] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2340'.
[  193.328406][T11955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2343'.
[  193.333549][T11955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2343'.
[  193.337600][T11955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2343'.
[  193.619217][T11974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2349'.
[  193.672011][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  193.674110][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  193.763953][T11982] netlink: 'syz.3.2353': attribute type 10 has an invalid length.
[  193.771899][T11982] bridge0: entered promiscuous mode
[  193.773643][T11982] bridge0: entered allmulticast mode
[  193.775630][T11982] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  193.804917][T11982] bond0: (slave bridge0): Releasing backup interface
[  193.807793][T11982] bridge0 (unregistering): left allmulticast mode
[  194.339186][T11990] bond3: entered promiscuous mode
[  194.341451][T11990] bond3: entered allmulticast mode
[  194.368132][T11990] geneve2: entered promiscuous mode
[  194.370656][T11990] geneve2: entered allmulticast mode
[  194.373202][T11990] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  194.396168][T11990] bond3 (unregistering): (slave geneve2): Releasing backup interface
[  194.399981][T11990] geneve2: left promiscuous mode
[  194.401638][T11990] geneve2: left allmulticast mode
[  194.404897][T11990] bond3 (unregistering): Released all slaves
[  194.618617][T12012] netlink: 'syz.2.2364': attribute type 10 has an invalid length.
[  195.409904][ T6047] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  195.569684][ T6047] usb 6-1: Using ep0 maxpacket: 32
[  195.580845][ T6047] usb 6-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=e0.b8
[  195.587225][ T6047] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.597293][ T6047] usb 6-1: Product: syz
[  195.604113][ T6047] usb 6-1: Manufacturer: syz
[  195.605663][ T6047] usb 6-1: SerialNumber: syz
[  195.620162][ T6047] usb 6-1: config 0 descriptor??
[  195.650019][ T6047] empeg 6-1:0.0: empeg converter detected
[  195.651880][ T6047] usb 6-1: active config #0 != 1 ??
[  195.854365][T12049] 8021q: adding VLAN 0 to HW filter on device bond3
[  195.873072][T12049] macvlan2: entered promiscuous mode
[  195.875311][T12049] macvlan2: entered allmulticast mode
[  195.879075][T12049] bond3: entered promiscuous mode
[  195.888228][T12049] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  195.900701][T12049] bond3: left promiscuous mode
[  195.936763][   T61] usb 6-1: USB disconnect, device number 12
[  197.289586][T12086] bond4: (slave dummy0): Releasing active interface
[  197.301903][T12086] batman_adv: batadv0: Adding interface: dummy0
[  197.304088][T12086] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  197.313632][T12086] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  197.548825][    T9] libceph: connect (1)[c::]:6789 error -97
[  197.551677][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  197.709792][T12101] ceph: No mds server is up or the cluster is laggy
[  198.041824][T12128] kvm: pic: non byte read
[  198.044660][T12128] kvm: pic: level sensitive irq not supported
[  198.044914][T12128] kvm: pic: non byte read
[  198.049513][T12128] kvm: pic: level sensitive irq not supported
[  198.050268][T12128] kvm: pic: non byte read
[  198.055112][T12128] kvm: pic: level sensitive irq not supported
[  198.055351][T12128] kvm: pic: non byte read
[  198.061061][T12128] kvm: pic: level sensitive irq not supported
[  198.061338][T12128] kvm: pic: non byte read
[  198.065772][T12128] kvm: pic: level sensitive irq not supported
[  198.066049][T12128] kvm: pic: non byte read
[  198.072696][T12128] kvm: pic: level sensitive irq not supported
[  198.072929][T12128] kvm: pic: non byte read
[  198.301694][T12141] tipc: Failed to remove unknown binding: 66,2,3/2886997162:3019402909/3019402910
[  198.921801][T12151] overlayfs: failed to clone lowerpath
[  198.926146][T12151] overlayfs: failed to clone upperpath
[  199.090164][T12161] __nla_validate_parse: 21 callbacks suppressed
[  199.090180][T12161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2423'.
[  199.380821][   T40] audit: type=1326 audit(1752522488.838:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12178 comm="syz.2.2430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7fc00000
[  199.972453][T12203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2438'.
[  200.044371][   T40] audit: type=1326 audit(1752522489.498:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12178 comm="syz.2.2430" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7fc00000
[  200.060878][   T40] audit: type=1326 audit(1752522489.498:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12178 comm="syz.2.2430" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ce5a7 code=0x7fc00000
[  200.068737][   T40] audit: type=1326 audit(1752522489.498:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12178 comm="syz.2.2430" exe="/syz-executor" sig=0 arch=40000003 syscall=252 compat=1 ip=0xf70ce579 code=0x7fc00000
[  200.275306][T12221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2445'.
[  200.508568][T12238] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  201.355845][T12261] netlink: 2028 bytes leftover after parsing attributes in process `syz.2.2462'.
[  201.358836][T12261] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2462'.
[  201.405078][T12263] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2463'.
[  201.958328][T12274] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  202.102315][T12279] syzkaller0: entered promiscuous mode
[  202.104660][T12279] syzkaller0: entered allmulticast mode
[  202.140513][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2470'.
[  202.145628][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2470'.
[  202.151954][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2470'.
[  202.155958][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2470'.
[  202.352449][T12291] netlink: zone id is out of range
[  202.354190][T12291] netlink: zone id is out of range
[  202.356224][T12291] netlink: del zone limit has 4 unknown bytes
[  202.470979][ T5971] Bluetooth: hci2: unexpected event for opcode 0x2024
[  202.542272][T12297] overlayfs: failed to clone lowerpath
[  203.809993][  T837] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  203.961757][  T837] usb 6-1: config 0 has no interfaces?
[  203.966849][  T837] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  203.970925][  T837] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.974350][  T837] usb 6-1: Product: syz
[  203.978209][  T837] usb 6-1: Manufacturer: syz
[  203.988382][  T837] usb 6-1: SerialNumber: syz
[  203.993613][  T837] usb 6-1: config 0 descriptor??
[  204.004324][T12322] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  204.011402][T12322] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  204.205220][ T6022] usb 6-1: USB disconnect, device number 13
[  204.212474][T12312] uprobe: syz.1.2482:12312 failed to unregister, leaking uprobe
[  204.412672][T12332] ªªªªªª2�g�,¾{: renamed from lo
[  204.424969][ T5971] Bluetooth: hci1: SCO packet for unknown connection handle 201
[  204.526803][T12341] overlayfs: failed to clone upperpath
[  204.749870][   T53] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  204.906232][   T53] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  204.911167][   T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  204.915834][   T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  204.921477][   T53] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  204.927719][   T53] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  204.932137][   T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.937345][   T53] usb 5-1: config 0 descriptor??
[  205.350233][   T53] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  205.883901][    T9] Process accounting resumed
[  206.235168][    T9] usb 5-1: USB disconnect, device number 11
[  206.882291][T12410] binder: 12409:12410 ioctl c0306201 800003c0 returned -14
[  207.263975][T12433] overlayfs: failed to clone upperpath
[  207.266906][T12434] __nla_validate_parse: 3 callbacks suppressed
[  207.266921][T12434] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2530'.
[  207.334176][T12434] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2530'.
[  207.446049][T12443] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2533'.
[  208.178570][T12463] netlink: 'syz.2.2544': attribute type 1 has an invalid length.
[  208.181738][T12463] netlink: 16150 bytes leftover after parsing attributes in process `syz.2.2544'.
[  208.281267][T12467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2539'.
[  208.294225][T12467] 8021q: adding VLAN 0 to HW filter on device bond4
[  208.325073][T12467] 8021q: adding VLAN 0 to HW filter on device bond4
[  208.327350][T12467] bond4: (slave vxcan1): The slave device specified does not support setting the MAC address
[  208.331702][T12467] bond4: (slave vxcan1): Error -95 calling set_mac_address
[  208.374983][T12469] macvlan2: entered promiscuous mode
[  208.377359][T12469] macvlan2: entered allmulticast mode
[  208.380695][T12469] bond4: (slave macvlan2): Error -98 calling set_mac_address
[  208.513857][T12476] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2542'.
[  208.564202][T12476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2542'.
[  209.313001][T12502] ªªªªªª2�g�,¾{: renamed from lo (while UP)
[  209.320981][ T5958] Bluetooth: hci0: SCO packet for unknown connection handle 201
[  210.123044][T12530] ªªªªªª2�g�,¾{: renamed from lo (while UP)
[  210.177872][T12534] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2565'.
[  210.449238][T12539] netlink: 'syz.2.2567': attribute type 1 has an invalid length.
[  210.460027][   T61] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  210.471781][T12539] 8021q: adding VLAN 0 to HW filter on device bond5
[  210.502848][T12539] bond5: (slave ip6erspan0): making interface the new active one
[  210.507342][T12539] bond5: (slave ip6erspan0): Enslaving as an active interface with an up link
[  210.599874][   T61] usb 6-1: device descriptor read/64, error -71
[  210.600874][   T59] smc: removing ib device syz1
[  210.609824][  T836] syz1: Port: 1 Link DOWN
[  210.636550][T12543] netlink: 'syz.2.2568': attribute type 1 has an invalid length.
[  210.643515][T12543] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2568'.
[  210.839924][   T61] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  210.969778][   T61] usb 6-1: device descriptor read/64, error -71
[  211.076092][T12551] overlayfs: failed to clone upperpath
[  211.110389][   T61] usb usb6-port1: attempt power cycle
[  211.459779][   T61] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  211.490342][   T61] usb 6-1: device descriptor read/8, error -71
[  211.680109][T12568] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  211.740709][   T61] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  211.780265][   T61] usb 6-1: device descriptor read/8, error -71
[  211.909818][   T61] usb usb6-port1: unable to enumerate USB device
[  213.610415][T12602] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2591'.
[  214.125205][T12610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  214.181518][T12610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  214.232110][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2595'.
[  214.237074][T12610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  214.237238][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2595'.
[  214.246560][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2595'.
[  214.251126][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2595'.
[  214.257381][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2595'.
[  214.261324][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2595'.
[  214.589686][   T40] audit: type=1804 audit(1752522504.038:283): pid=12637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2603" name="/newroot/534/file0" dev="tmpfs" ino=2916 res=1 errno=0
[  214.590981][T12637] ref_ctr increment failed for inode: 0xb64 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888025798000
[  214.609485][T12636] uprobe: syz.0.2603:12636 failed to unregister, leaking uprobe
[  214.776544][T12641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2605'.
[  214.782222][T12641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2605'.
[  214.786276][T12641] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2605'.
[  214.952029][T12655] overlayfs: failed to clone upperpath
[  215.029785][   T61] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  215.106847][   T40] audit: type=1804 audit(1752522504.558:284): pid=12660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2613" name="/newroot/578/file0" dev="tmpfs" ino=3169 res=1 errno=0
[  215.137840][T12660] ref_ctr increment failed for inode: 0xc61 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880258e0000
[  215.144736][T12664] overlayfs: failed to clone upperpath
[  215.147255][T12659] uprobe: syz.1.2613:12659 failed to unregister, leaking uprobe
[  215.191648][   T61] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  215.195087][   T61] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  215.198265][   T61] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  215.212900][T12670] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode
[  215.215424][T12670] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode
[  215.216501][   T61] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  215.226863][   T61] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.229561][   T61] usb 5-1: Product: syz
[  215.231168][   T61] usb 5-1: Manufacturer: syz
[  215.233672][   T61] usb 5-1: SerialNumber: syz
[  215.360567][T12677] uprobe: syz.3.2620:12677 failed to unregister, leaking uprobe
[  215.443333][   T61] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  216.337198][  T836] usb 5-1: USB disconnect, device number 12
[  216.342893][  T836] usblp0: removed
[  216.560888][T12702] uprobe: syz.2.2629:12702 failed to unregister, leaking uprobe
[  217.485984][T12717] netlink: 'syz.3.2636': attribute type 1 has an invalid length.
[  217.506157][T12717] 8021q: adding VLAN 0 to HW filter on device bond5
[  217.526992][T12717] 8021q: adding VLAN 0 to HW filter on device bond5
[  217.529304][T12717] bond5: (slave vxcan1): The slave device specified does not support setting the MAC address
[  217.536036][T12717] bond5: (slave vxcan1): Error -95 calling set_mac_address
[  217.577643][T12721] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode
[  217.584998][T12721] bond5: (slave wlan1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  217.686069][T12726] bond3: (slave dummy0): Releasing active interface
[  217.691072][T12726] batman_adv: batadv0: Adding interface: dummy0
[  217.693012][T12726] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.702000][T12726] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  218.453142][T12736] overlayfs: failed to clone upperpath
[  218.613427][T12748] overlayfs: failed to clone upperpath
[  218.702566][T12753] overlayfs: failed to clone upperpath
[  218.789200][T12759] __nla_validate_parse: 10 callbacks suppressed
[  218.789220][T12759] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2650'.
[  218.883651][T12762] bond4: (slave vlan2): Releasing active interface
[  218.889854][T12762] bond5: (slave ip6erspan0): Releasing active interface
[  219.219205][T12768] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2653'.
[  219.635546][T12790] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  219.638486][T12790] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  219.697727][T12793] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  219.760513][T12799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2666'.
[  219.816440][T12801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2666'.
[  220.230123][   T53] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  220.401401][   T53] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  220.405429][   T53] usb 6-1: config 0 has no interfaces?
[  220.407697][   T53] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  220.411397][   T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.415899][   T53] usb 6-1: config 0 descriptor??
[  220.540016][T12811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2670'.
[  220.544781][T12811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2670'.
[  220.548988][T12811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2670'.
[  220.612794][   T40] audit: type=1804 audit(1752522510.068:285): pid=12816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2673" name="file0" dev="ramfs" ino=38009 res=1 errno=0
[  220.619846][T12818] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2672'.
[  220.883368][ T6022] usb 6-1: USB disconnect, device number 18
[  221.261205][T12838] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  221.264739][T12838] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  221.269147][T12838] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  222.709969][   T53] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  222.738153][T12875] overlayfs: failed to clone upperpath
[  222.869998][   T53] usb 6-1: Using ep0 maxpacket: 8
[  222.873729][   T53] usb 6-1: config 0 has no interfaces?
[  222.877912][   T53] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  222.881814][   T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.885105][   T53] usb 6-1: Product: syz
[  222.886865][   T53] usb 6-1: Manufacturer: syz
[  222.888536][   T53] usb 6-1: SerialNumber: syz
[  222.893602][   T53] usb 6-1: config 0 descriptor??
[  222.949890][ T5971] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  222.952603][ T5971] Bluetooth: hci0: command 0x0c1a tx timeout
[  223.099282][   T53] usb 6-1: USB disconnect, device number 19
[  223.183113][T12880] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2695'.
[  224.444609][T12920] netlink: 'syz.3.2709': attribute type 1 has an invalid length.
[  224.456810][T12920] 8021q: adding VLAN 0 to HW filter on device bond6
[  224.480102][T12920] erspan0: entered allmulticast mode
[  224.493044][T12920] bond6: (slave erspan0): making interface the new active one
[  224.497564][T12920] bond6: (slave erspan0): Enslaving as an active interface with an up link
[  224.497652][T12925] overlayfs: failed to clone upperpath
[  225.493895][T12960] gtp1: entered promiscuous mode
[  225.704670][T12965] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  226.816780][   T40] audit: type=1326 audit(1752784916.268:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13036 comm="syz.2.2748" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0
[  227.581810][T13043] syz_tun: entered allmulticast mode
[  227.591345][T13042] syz_tun: left allmulticast mode
[  227.592848][T13046] netlink: 'syz.0.2758': attribute type 1 has an invalid length.
[  227.604459][T13046] 8021q: adding VLAN 0 to HW filter on device bond4
[  227.621904][T13046] erspan0: entered allmulticast mode
[  227.627476][T13046] bond4: (slave erspan0): making interface the new active one
[  227.631640][T13046] bond4: (slave erspan0): Enslaving as an active interface with an up link
[  228.839887][   T53] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  228.868396][T13078] overlayfs: failed to clone upperpath
[  228.907420][T13080] overlayfs: failed to clone upperpath
[  229.001879][   T53] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  229.006538][   T53] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  229.012058][   T53] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  229.015860][   T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.022262][T13074] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  229.027848][   T53] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  229.136797][T13095] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  229.189791][T13098] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2769'.
[  229.196616][T13098] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2769'.
[  229.233201][ T6022] usb 5-1: USB disconnect, device number 13
[  229.407772][T13107] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  231.088819][T13147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2787'.
[  231.096863][T13147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2787'.
[  231.102411][T13147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2787'.
[  231.107922][T13147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2787'.
[  231.113905][T13149] netlink: 'syz.0.2785': attribute type 10 has an invalid length.
[  231.125188][T13149] bridge0: entered promiscuous mode
[  231.126920][T13149] bridge0: entered allmulticast mode
[  231.128841][T13149] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  231.144169][T13149] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2785'.
[  231.164999][T13149] bond0: (slave bridge0): Releasing backup interface
[  231.166507][T13151] netfs: Couldn't get user pages (rc=-14)
[  231.171295][T13149] bridge0 (unregistering): left promiscuous mode
[  231.173905][T13149] bridge0 (unregistering): left allmulticast mode
[  231.264506][ T5958] Bluetooth: hci3: unexpected event for opcode 0x2041
[  231.475255][T13167] overlayfs: failed to clone upperpath
[  231.593370][T13174] overlayfs: failed to clone upperpath
[  231.972998][T13201] mac80211_hwsim hwsim6 syzkaller0: left promiscuous mode
[  231.975980][T13201] mac80211_hwsim hwsim6 syzkaller0: left allmulticast mode
[  231.983932][T13201] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  232.148285][T13204] fuse: root generation should be zero
[  233.081481][ T5971] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  233.090237][ T5971] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  233.093292][ T5971] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  233.101796][ T5971] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  233.104460][ T5971] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  233.329543][T13233] chnl_net:caif_netlink_parms(): no params data found
[  233.639734][   T40] audit: type=1326 audit(1752784923.088:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13243 comm="syz.3.2823" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x0
[  234.651433][T13233] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.654556][T13233] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.657825][T13233] bridge_slave_0: entered allmulticast mode
[  234.663154][T13233] bridge_slave_0: entered promiscuous mode
[  234.667981][T13233] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.671262][T13233] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.673541][T13233] bridge_slave_1: entered allmulticast mode
[  234.677253][T13233] bridge_slave_1: entered promiscuous mode
[  234.735953][T13233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  234.740925][T13233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  234.778442][T13233] team0: Port device team_slave_0 added
[  234.784551][T13233] team0: Port device team_slave_1 added
[  234.815705][T13233] batman_adv: batadv0: Adding interface: batadv_slave_0
[  234.817897][T13233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.827946][T13233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  234.833078][T13233] batman_adv: batadv0: Adding interface: batadv_slave_1
[  234.835258][T13233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.843401][T13233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  234.882809][T13233] hsr_slave_0: entered promiscuous mode
[  234.885064][T13233] hsr_slave_1: entered promiscuous mode
[  234.887131][T13233] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  234.889468][T13233] Cannot create hsr debugfs directory
[  235.077190][T13233] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  235.084063][T13233] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  235.088403][T13233] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  235.101421][T13233] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  235.190277][ T5971] Bluetooth: hci2: command tx timeout
[  235.192022][T13233] 8021q: adding VLAN 0 to HW filter on device bond0
[  235.225406][T13233] 8021q: adding VLAN 0 to HW filter on device team0
[  235.235228][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.238151][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  235.245243][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.247512][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.369283][T13233] 8021q: adding VLAN 0 to HW filter on device batadv0
[  235.539551][T13233] veth0_vlan: entered promiscuous mode
[  235.547482][T13233] veth1_vlan: entered promiscuous mode
[  235.570475][T13233] veth0_macvtap: entered promiscuous mode
[  235.574532][T13233] veth1_macvtap: entered promiscuous mode
[  235.588683][T13233] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.599259][T13233] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.611543][T13233] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.615324][T13233] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.618919][T13233] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.622772][T13233] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.663351][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.665919][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.691385][   T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  235.693974][   T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.004541][T13336] overlayfs: invalid redirect ((null))
[  237.269985][ T5971] Bluetooth: hci2: command tx timeout
[  237.292032][T13369] netlink: 'syz.4.2856': attribute type 13 has an invalid length.
[  237.329998][ T6295] Process accounting resumed
[  237.402328][T13369] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.405850][T13369] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.494608][T13369] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  237.504932][T13369] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  237.584032][T13369] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.587394][T13369] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.590991][T13369] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  237.593760][T13369] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  238.119114][   T40] audit: type=1800 audit(1752784927.568:288): pid=13373 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2863" name="/" dev="fuse" ino=0 res=0 errno=0
[  238.264227][T13390] overlayfs: failed to clone upperpath
[  238.339744][T13397] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2869'.
[  239.253409][T13432] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  239.360058][ T5958] Bluetooth: hci2: command tx timeout
[  240.162399][    C0] vcan0: j1939_tp_rxtimer: 0xffff888071087800: rx timeout, send abort
[  240.165230][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888071087800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  240.215077][T13448] Bluetooth: (null): Invalid header checksum
[  240.286942][T13452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  240.729206][T13464] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  240.880589][T13478] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2902'.
[  240.920470][T13480] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2903'.
[  240.925300][T13480] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2903'.
[  240.930879][T13480] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2903'.
[  240.942968][T13480] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2903'.
[  241.099799][T13494] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2909'.
[  241.408346][T13508] overlayfs: failed to clone upperpath
[  241.430332][ T5958] Bluetooth: hci2: command tx timeout
[  241.689310][T13523] overlayfs: failed to clone lowerpath
[  243.070050][T13544] netlink: 'syz.3.2930': attribute type 1 has an invalid length.
[  243.216751][T13547] veth23: entered promiscuous mode
[  243.225191][T13547] bond7: (slave veth23): Enslaving as a backup interface with a down link
[  243.251014][T13544] syz.3.2930 (13544) used greatest stack depth: 19560 bytes left
[  243.515938][T13518] syz.3.2918 (13518) used greatest stack depth: 18264 bytes left
[  244.164458][T13577] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2942'.
[  245.831900][T13613] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2956'.
[  245.836903][T13613] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2956'.
[  246.011271][T13622] bridge: RTM_NEWNEIGH with invalid ether address
[  246.207258][T13637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2966'.
[  246.233457][T13637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2966'.
[  247.711526][T13681] 9pnet: p9_errstr2errno: server reported unknown error 184467440737
[  247.860110][T13697] netlink: 'syz.3.2987': attribute type 3 has an invalid length.
[  247.863676][T13697] netlink: 'syz.3.2987': attribute type 3 has an invalid length.
[  247.943307][T13705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2991'.
[  247.948607][T13705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2991'.
[  247.956406][T13705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2991'.
[  247.962718][T13705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2991'.
[  248.077374][T13711] syzkaller0: entered allmulticast mode
[  248.972709][T13732] vlan2: entered allmulticast mode
[  248.974383][T13732] bridge_slave_0: entered allmulticast mode
[  250.599871][T13782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3022'.
[  250.604430][T13782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3022'.
[  251.039587][T13788] futex_wake_op: syz.2.3024 tries to shift op by -1; fix this program
[  251.396438][T13802] futex_wake_op: syz.0.3030 tries to shift op by -1; fix this program
[  252.482158][T13836] netlink: 1347 bytes leftover after parsing attributes in process `syz.3.3043'.
[  252.712883][T13852] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3047'.
[  253.494302][T13873] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3065'.
[  253.912479][T13903] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3071'.
[  253.913682][T13905] overlayfs: failed to clone upperpath
[  253.915364][T13903] netlink: 'syz.4.3071': attribute type 5 has an invalid length.
[  254.087037][T13914] kvm: pic: single mode not supported
[  254.094443][T13914] kvm: pic: single mode not supported
[  254.442145][T13928] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3078'.
[  255.124357][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  255.126425][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  255.221914][T13967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3093'.
[  255.225298][T13967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3093'.
[  256.151643][T13992] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3103'.
[  256.155597][T13992] netlink: 'syz.2.3103': attribute type 7 has an invalid length.
[  256.159244][T13992] netlink: 'syz.2.3103': attribute type 8 has an invalid length.
[  256.163079][T13992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3103'.
[  257.110991][ T6028] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  257.259694][ T6028] usb 5-1: Using ep0 maxpacket: 32
[  257.262581][ T6028] usb 5-1: config 0 has no interfaces?
[  257.264625][ T6028] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  257.267480][ T6028] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.271954][ T6028] usb 5-1: config 0 descriptor??
[  257.478584][ T6028] usb 5-1: USB disconnect, device number 14
[  257.549733][ T1334] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  257.583511][T14041] netlink: 'syz.3.3122': attribute type 1 has an invalid length.
[  257.604151][T14041] 8021q: adding VLAN 0 to HW filter on device bond8
[  257.608969][T14044] netlink: 'syz.2.3123': attribute type 10 has an invalid length.
[  257.614748][T14041] vlan3: entered allmulticast mode
[  257.616410][T14041] geneve1: entered allmulticast mode
[  257.620168][T14041] bond8: (slave vlan3): making interface the new active one
[  257.624219][T14041] bond8: (slave vlan3): Enslaving as an active interface with an up link
[  257.665681][T14046] netlink: 'syz.2.3124': attribute type 1 has an invalid length.
[  257.694046][T14046] 8021q: adding VLAN 0 to HW filter on device bond6
[  257.699674][ T1334] usb 9-1: Using ep0 maxpacket: 16
[  257.702575][ T1334] usb 9-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.705958][ T1334] usb 9-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96
[  257.708980][ T1334] usb 9-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8
[  257.712344][ T1334] usb 9-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  257.716348][ T1334] usb 9-1: config 1 interface 0 has no altsetting 0
[  257.719726][ T1334] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  257.722844][ T1334] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  257.725279][ T1334] usb 9-1: SerialNumber: syz
[  257.728405][T14033] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  257.731099][T14033] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  257.768379][ T5958] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  257.809251][T14057] overlayfs: failed to clone upperpath
[  257.969241][ T1334] cdc_ether 9-1:1.0: probe with driver cdc_ether failed with error -71
[  257.974678][T14064] pimreg: entered allmulticast mode
[  257.975619][ T1334] usb 9-1: USB disconnect, device number 2
[  258.111541][T14074] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3136'.
[  258.468271][T14081] !
: renamed from dummy0
[  258.522891][T14086] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  258.595582][T14094] overlayfs: failed to clone upperpath
[  258.662301][T14097] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370
[  259.264935][T14109] overlayfs: failed to clone upperpath
[  259.790867][ T6047] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  259.933842][ T6047] usb 5-1: Using ep0 maxpacket: 32
[  259.938620][ T6047] usb 5-1: config 0 has no interfaces?
[  259.942865][ T6047] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  259.946857][ T6047] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  259.950265][ T6047] usb 5-1: Product: syz
[  259.952014][ T6047] usb 5-1: Manufacturer: syz
[  259.953808][ T6047] usb 5-1: SerialNumber: syz
[  259.957691][ T6047] usb 5-1: config 0 descriptor??
[  259.993203][T14138] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3160'.
[  260.029025][T14140] overlayfs: failed to clone upperpath
[  260.075582][T14144] overlayfs: failed to clone upperpath
[  260.155644][ T6047] usb 5-1: USB disconnect, device number 15
[  260.277925][T14158] overlayfs: failed to clone upperpath
[  260.339621][T14162] binder: 14161:14162 ioctl c0306201 0 returned -14
[  260.391866][T14164] binder: 14161:14164 ioctl c0306201 0 returned -14
[  261.071562][T14186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3179'.
[  261.076013][T14186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3179'.
[  261.126610][T14188] netlink: 'syz.3.3180': attribute type 4 has an invalid length.
[  261.144141][T14188] netlink: 'syz.3.3180': attribute type 4 has an invalid length.
[  261.193455][T14192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3182'.
[  261.217015][T14192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3182'.
[  261.274769][T14194] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3183'.
[  261.373308][T14203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3184'.
[  261.376245][T14203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3184'.
[  261.479567][T14210] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3188'.
[  262.064259][T14223] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3192'.
[  262.325304][T14229] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3193'.
[  262.774888][T14253] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3203'.
[  262.780710][T14253] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3203'.
[  263.115957][T14281] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  263.118900][T14281] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  263.123546][T14281] vhci_hcd vhci_hcd.0: Device attached
[  263.132697][T14281] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(5)
[  263.134886][T14281] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  263.137824][T14281] vhci_hcd vhci_hcd.0: Device attached
[  263.306104][ T6028] vhci_hcd: vhci_device speed not set
[  263.372451][ T6028] usb 45-1: new full-speed USB device number 2 using vhci_hcd
[  263.954104][T14284] vhci_hcd: connection closed
[  263.956449][T14282] vhci_hcd: connection reset by peer
[  263.960497][   T13] vhci_hcd: stop threads
[  263.962599][   T13] vhci_hcd: release socket
[  263.965091][   T13] vhci_hcd: disconnect device
[  263.968341][   T13] vhci_hcd: stop threads
[  263.969725][   T13] vhci_hcd: release socket
[  263.971456][   T13] vhci_hcd: disconnect device
[  264.545018][   T40] audit: type=1326 audit(1752785722.260:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.560454][   T40] audit: type=1326 audit(1752785722.260:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70fe5a7 code=0x7ffc0000
[  264.567416][   T40] audit: type=1326 audit(1752785722.260:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.574517][   T40] audit: type=1326 audit(1752785722.260:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.581863][   T40] audit: type=1326 audit(1752785722.260:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.589257][   T40] audit: type=1326 audit(1752785722.260:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.596148][   T40] audit: type=1326 audit(1752785722.260:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.603884][   T40] audit: type=1326 audit(1752785722.260:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.613431][   T40] audit: type=1326 audit(1752785722.260:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.622948][   T40] audit: type=1326 audit(1752785722.260:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14315 comm="syz.4.3223" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70fe579 code=0x7ffc0000
[  264.814946][T14333] overlayfs: failed to clone upperpath
[  265.079519][T14362] netlink: 'syz.0.3238': attribute type 1 has an invalid length.
[  265.082767][T14362] netlink: 'syz.0.3238': attribute type 4 has an invalid length.
[  267.138264][T14417] tipc: Failed to remove unknown binding: 66,1,1/0:2466977050/2466977052
[  267.143674][T14417] tipc: Failed to remove unknown binding: 66,1,1/0:2466977050/2466977052
[  267.148403][T14417] tipc: Failed to remove unknown binding: 66,1,1/0:2466977050/2466977052
[  267.186604][T14419] __nla_validate_parse: 6 callbacks suppressed
[  267.186616][T14419] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3260'.
[  267.426106][T14435] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3267'.
[  267.665579][T14447] kvm: pic: non byte write
[  267.667454][T14447] kvm: pic: non byte write
[  267.670673][T14447] kvm: pic: single mode not supported
[  267.670689][T14447] kvm: pic: level sensitive irq not supported
[  267.674117][T14447] kvm: pic: non byte write
[  267.679873][T14447] kvm: pic: non byte write
[  267.682273][T14447] kvm: pic: level sensitive irq not supported
[  268.259766][ T6028] vhci_hcd: vhci_device speed not set
[  268.349002][T14474] syzkaller0: entered promiscuous mode
[  268.350791][T14474] syzkaller0: entered allmulticast mode
[  268.933728][T14486] overlayfs: failed to clone upperpath
[  268.936757][T14484] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3284'.
[  269.798841][T14508] syzkaller0: entered promiscuous mode
[  269.801197][T14508] syzkaller0: entered allmulticast mode
[  269.830366][T14515] binder: 14513:14515 ioctl c0306201 80000080 returned -14
[  269.838028][T14515] binder: 14513:14515 ioctl c0306201 80000600 returned -14
[  269.913878][T14525] can0: slcan on ptm0.
[  270.173587][ T6028] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  270.179496][T14542] overlayfs: failed to clone upperpath
[  270.282556][T14544] overlayfs: failed to clone upperpath
[  270.307060][   T61] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  270.337613][ T6028] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  270.341277][ T6028] usb 5-1: config 0 has no interfaces?
[  270.345916][ T6028] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  270.349644][ T6028] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.352954][ T6028] usb 5-1: Product: syz
[  270.354727][ T6028] usb 5-1: Manufacturer: syz
[  270.358259][ T6028] usb 5-1: SerialNumber: syz
[  270.361030][ T6028] usb 5-1: config 0 descriptor??
[  270.470941][   T61] usb 9-1: config 0 has no interfaces?
[  270.474505][   T61] usb 9-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  270.477325][   T61] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.480075][   T61] usb 9-1: Product: syz
[  270.481418][   T61] usb 9-1: Manufacturer: syz
[  270.482979][   T61] usb 9-1: SerialNumber: syz
[  270.486941][   T61] usb 9-1: config 0 descriptor??
[  270.566073][ T6028] usb 5-1: USB disconnect, device number 16
[  270.613511][T14523] can0 (unregistered): slcan off ptm0.
[  270.694115][ T6047] usb 9-1: USB disconnect, device number 3
[  271.224023][T14558] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3316'.
[  271.926451][ T6028] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  272.074958][ T6028] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.079228][ T6028] usb 9-1: config 0 has no interfaces?
[  272.085045][ T6028] usb 9-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  272.089052][ T6028] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.092382][ T6028] usb 9-1: Product: syz
[  272.094111][ T6028] usb 9-1: Manufacturer: syz
[  272.100257][ T6028] usb 9-1: SerialNumber: syz
[  272.105726][ T6028] usb 9-1: config 0 descriptor??
[  272.169904][T14597] overlayfs: failed to clone upperpath
[  272.270393][T14603] netlink: 'syz.3.3332': attribute type 4 has an invalid length.
[  272.281378][T14603] netlink: 'syz.3.3332': attribute type 4 has an invalid length.
[  272.431170][ T6047] usb 9-1: USB disconnect, device number 4
[  272.482843][T14612] overlayfs: failed to clone upperpath
[  273.526360][   T40] kauditd_printk_skb: 250 callbacks suppressed
[  273.526376][   T40] audit: type=1800 audit(1752785731.676:549): pid=14652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3350" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  273.783621][ T6028] Process accounting resumed
[  273.796121][T14660] Process accounting resumed
[  274.245559][T14672] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  274.247612][T14672] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  274.268285][T14672] vhci_hcd vhci_hcd.0: Device attached
[  274.279786][T14672] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(5)
[  274.281997][T14672] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  274.285204][T14672] vhci_hcd vhci_hcd.0: Device attached
[  274.441285][ T6028] vhci_hcd: vhci_device speed not set
[  274.498539][ T6028] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  274.578243][T14694] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3357'.
[  275.058807][T14677] vhci_hcd: connection closed
[  275.059049][T14673] vhci_hcd: connection reset by peer
[  275.066103][   T12] vhci_hcd: stop threads
[  275.068005][   T12] vhci_hcd: release socket
[  275.070797][   T12] vhci_hcd: disconnect device
[  275.073070][   T12] vhci_hcd: stop threads
[  275.074568][   T12] vhci_hcd: release socket
[  275.076014][   T12] vhci_hcd: disconnect device
[  275.128053][   T40] audit: type=1326 audit(1752785733.377:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14714 comm="syz.2.3371" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0
[  276.031613][T14737] overlayfs: failed to clone upperpath
[  276.487093][T14760] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.490543][T14760] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.493673][T14760] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.496867][T14760] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  276.663900][T14762] : entered promiscuous mode
[  277.443668][T14783] overlayfs: failed to clone upperpath
[  277.641148][T14788] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3400'.
[  277.644818][T14788] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3400'.
[  277.648680][T14788] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3400'.
[  277.652758][T14788] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3400'.
[  277.656796][T14788] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3400'.
[  277.659887][T14788] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3400'.
[  277.746237][   T61] Process accounting resumed
[  277.766033][T14797] Process accounting resumed
[  278.055739][T14820] overlayfs: failed to clone upperpath
[  278.222058][T14829] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3404'.
[  278.226780][T14829] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3404'.
[  278.230610][T14829] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3404'.
[  278.277756][T14831] overlayfs: failed to clone upperpath
[  278.351063][T14836] overlayfs: failed to clone upperpath
[  278.360696][T14836] overlayfs: failed to clone upperpath
[  278.409710][T14841] overlayfs: failed to clone upperpath
[  278.558920][T14837] Process accounting resumed
[  278.897484][T14857] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  278.913064][   T40] audit: type=1800 audit(1752785737.345:551): pid=14857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3413" name="file0" dev="overlay" ino=35913951 res=0 errno=0
[  279.325300][T14878] overlayfs: failed to clone upperpath
[  279.386106][ T6028] vhci_hcd: vhci_device speed not set
[  279.424088][T14885] overlayfs: failed to clone upperpath
[  279.515499][T14886] input: syz1 as /devices/virtual/input/input12
[  280.506622][T14923] netlink: 'syz.3.3439': attribute type 3 has an invalid length.
[  280.509169][ T6047] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  280.511840][T14923] netlink: 'syz.3.3439': attribute type 3 has an invalid length.
[  280.662058][ T6047] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  280.666459][ T6047] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024
[  280.680578][ T6047] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  280.684975][ T6047] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  280.689089][ T6047] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.700726][T14912] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  280.709894][ T6047] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  280.974345][   T53] usb 9-1: USB disconnect, device number 5
[  281.230094][   T40] audit: type=1804 audit(1752785739.770:552): pid=14946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.3448" name="/newroot/698/bus/file0" dev="overlay" ino=3853 res=1 errno=0
[  281.347559][   T40] audit: type=1326 audit(1752785739.896:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14947 comm="syz.0.3449" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x0
[  281.405360][ T6028] IPVS: starting estimator thread 0...
[  281.496567][T14961] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  281.509477][T14957] IPVS: using max 44 ests per chain, 105600 per kthread
[  281.811179][T14971] overlayfs: failed to clone upperpath
[  281.853144][T14974] overlayfs: failed to clone upperpath
[  283.421994][   T40] audit: type=1326 audit(1752785742.069:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15043 comm="syz.4.3485" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70fe579 code=0x0
[  283.440728][T15046] netlink: 'syz.3.3483': attribute type 1 has an invalid length.
[  283.443983][T15046] __nla_validate_parse: 18 callbacks suppressed
[  283.443992][T15046] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.3483'.
[  285.735903][T15111] loop7: detected capacity change from 0 to 524255232
[  286.214906][  T836] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  286.368985][  T836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.372550][  T836] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  286.376478][  T836] usb 5-1: New USB device found, idVendor=18d1, idProduct=5030, bcdDevice= 0.00
[  286.380511][  T836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.384285][  T836] usb 5-1: config 0 descriptor??
[  286.496499][T15125] netlink: 'syz.2.3512': attribute type 1 has an invalid length.
[  286.511769][T15125] 8021q: adding VLAN 0 to HW filter on device bond7
[  286.537841][T15125] bond7: (slave veth27): Enslaving as an active interface with a down link
[  286.547739][T15125] bond7: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  286.557362][T15125] vlan4: entered allmulticast mode
[  286.559459][T15125] bond7: entered allmulticast mode
[  286.562676][T15125] bond7: (slave vlan4): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  286.578212][ T1334] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  286.584740][  T836] usbhid 5-1:0.0: can't add hid device: -71
[  286.587305][  T836] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  286.594140][  T836] usb 5-1: USB disconnect, device number 17
[  286.696408][   T40] audit: type=1804 audit(1752785745.513:555): pid=15132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3515" name="file0" dev="tmpfs" ino=5579 res=1 errno=0
[  286.734895][ T1334] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  286.739203][ T1334] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.743470][ T1334] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.747230][ T1334] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  286.754316][ T1334] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  286.759822][ T1334] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  286.763025][ T1334] usb 9-1: Manufacturer: syz
[  286.766552][ T1334] usb 9-1: config 0 descriptor??
[  286.791772][T15138] netlink: 'syz.2.3518': attribute type 1 has an invalid length.
[  286.810906][T15138] bond8: entered promiscuous mode
[  286.812953][T15138] bond8: entered allmulticast mode
[  286.837705][T15138] bond8: (slave erspan1): making interface the new active one
[  286.840717][T15138] erspan1: entered promiscuous mode
[  286.842847][T15138] erspan1: entered allmulticast mode
[  286.845785][T15138] bond8: (slave erspan1): Enslaving as an active interface with an up link
[  286.867169][T15138] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3518'.
[  286.872575][T15138] bond8: left promiscuous mode
[  286.874620][T15138] erspan1: left promiscuous mode
[  286.877406][T15138] bond8: left allmulticast mode
[  286.883384][T15138] erspan1: left allmulticast mode
[  286.886398][T15138] 8021q: adding VLAN 0 to HW filter on device bond8
[  287.160071][ T1334] appleir 0003:05AC:8243.0006: unknown main item tag 0x0
[  287.170046][ T1334] appleir 0003:05AC:8243.0006: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  287.844070][ T1334] usb 9-1: USB disconnect, device number 6
[  288.365848][ T1334] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  288.371404][ T1334] hid-generic 0000:0000:0000.0007: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  288.819585][T15183] overlayfs: failed to clone upperpath
[  289.008441][ T5971] Bluetooth: hci0: unexpected event for opcode 0x203d
[  289.014115][T15192] block nbd0: NBD_DISCONNECT
[  289.181242][T15199] netlink: 'syz.4.3540': attribute type 1 has an invalid length.
[  289.192417][T15199] bond1: entered promiscuous mode
[  289.194224][T15199] bond1: entered allmulticast mode
[  289.214061][T15199] bond1: (slave erspan1): making interface the new active one
[  289.218096][T15199] erspan1: entered promiscuous mode
[  289.220650][T15199] erspan1: entered allmulticast mode
[  289.223124][T15199] bond1: (slave erspan1): Enslaving as an active interface with an up link
[  289.236357][T15199] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3540'.
[  289.241729][T15199] bond1: left promiscuous mode
[  289.243362][T15199] erspan1: left promiscuous mode
[  289.245400][T15199] bond1: left allmulticast mode
[  289.246996][T15199] erspan1: left allmulticast mode
[  289.248897][T15199] 8021q: adding VLAN 0 to HW filter on device bond1
[  289.541656][   T61] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  289.712328][   T61] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  289.715802][   T61] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  289.719885][   T61] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  289.727711][   T61] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  289.732254][   T61] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.739002][   T61] usb 9-1: config 0 descriptor??
[  290.154438][T15223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3548'.
[  290.154715][   T61] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  290.157606][T15223] netlink: 277 bytes leftover after parsing attributes in process `syz.2.3548'.
[  290.164884][T15223] netlink: 277 bytes leftover after parsing attributes in process `syz.2.3548'.
[  290.398249][T15205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.401020][T15205] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.464978][ T1334] usb 9-1: USB disconnect, device number 7
[  290.847432][T15241] bond0: (slave dummy0): Releasing backup interface
[  290.850885][T15241] dummy0: left promiscuous mode
[  290.852864][T15241] dummy0: left allmulticast mode
[  290.856114][T15241] batman_adv: batadv0: Adding interface: dummy0
[  290.858712][T15241] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.869872][T15241] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  291.016919][T15246] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  291.019652][T15246] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  291.024404][T15246] vhci_hcd vhci_hcd.0: Device attached
[  291.041899][T15247] vhci_hcd: connection closed
[  291.042131][   T88] vhci_hcd: stop threads
[  291.054096][   T88] vhci_hcd: release socket
[  291.055834][   T88] vhci_hcd: disconnect device
[  291.293589][ T5971] Bluetooth: hci3: unexpected event for opcode 0x0413
[  291.990050][T15278] binder: 15277:15278 ioctl c0306201 80000440 returned -14
[  292.195613][T15285] gtp1: entered promiscuous mode
[  292.341743][T15288] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  293.501597][T15330] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3586'.
[  294.118078][T15347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3592'.
[  294.154718][   T40] audit: type=1326 audit(1752785753.344:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.163407][   T40] audit: type=1326 audit(1752785753.344:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.170545][T15351] netlink: 'syz.4.3594': attribute type 1 has an invalid length.
[  294.177488][   T40] audit: type=1326 audit(1752785753.355:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.184846][T15351] 8021q: adding VLAN 0 to HW filter on device bond2
[  294.188347][   T40] audit: type=1326 audit(1752785753.355:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.199676][   T40] audit: type=1326 audit(1752785753.355:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.211394][   T40] audit: type=1326 audit(1752785753.355:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.222365][   T40] audit: type=1326 audit(1752785753.355:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.230414][   T40] audit: type=1326 audit(1752785753.355:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.237487][T15351] bond2: (slave veth5): Enslaving as an active interface with a down link
[  294.240443][   T40] audit: type=1326 audit(1752785753.365:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=298 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.248060][   T40] audit: type=1326 audit(1752785753.365:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15348 comm="syz.2.3593" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  294.273461][T15351] bond2: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  294.285858][T15351] vlan2: entered allmulticast mode
[  294.287528][T15351] bond2: entered allmulticast mode
[  294.290669][T15351] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  294.667694][ T5971] Bluetooth: hci3: unexpected event for opcode 0x1004
[  295.120143][T15377] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3604'.
[  295.171566][ T5971] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  295.175011][ T5971] Bluetooth: hci3: Injecting HCI hardware error event
[  295.177695][ T5971] Bluetooth: hci3: hardware error 0x00
[  295.358420][T15380] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3605'.
[  295.579586][T15392] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3610'.
[  295.968709][T15413] binder: 15412:15413 ioctl c0306201 0 returned -14
[  296.556260][T15430] netlink: 'syz.2.3624': attribute type 10 has an invalid length.
[  296.695526][T15441] nbd: must specify a device to reconfigure
[  296.856872][T15443] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3628'.
[  296.861596][T15443] netlink: 277 bytes leftover after parsing attributes in process `syz.4.3628'.
[  296.864628][T15443] netlink: 277 bytes leftover after parsing attributes in process `syz.4.3628'.
[  297.160454][ T5971] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  297.459713][T15456] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3633'.
[  297.843277][T15480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3639'.
[  297.890767][T15463] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  297.894139][T15463] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  297.899668][T15463] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  297.905569][T15463] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  298.019671][T15466] : entered promiscuous mode
[  298.021573][T15474] tipc: Started in network mode
[  298.023118][T15474] tipc: Node identity , cluster identity 4711
[  298.025028][T15474] tipc: Failed to obtain node identity
[  298.027093][T15474] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[  298.029878][T15480] bridge_slave_1: left allmulticast mode
[  298.031831][T15480] bridge_slave_1: left promiscuous mode
[  298.033780][T15480] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.040675][T15480] bridge_slave_0: left allmulticast mode
[  298.043145][T15480] bridge_slave_0: left promiscuous mode
[  298.047504][T15480] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.340992][ T1334] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  298.476955][T15495] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3646'.
[  298.484050][ T1334] usb 5-1: Using ep0 maxpacket: 16
[  298.487448][ T1334] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.492057][ T1334] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  298.497823][ T1334] usb 5-1: config 0 interface 0 has no altsetting 0
[  298.500891][ T1334] usb 5-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.00
[  298.504409][ T1334] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.508358][ T1334] usb 5-1: config 0 descriptor??
[  298.898088][ T1334] betop 0003:8380:1850.0009: unknown main item tag 0x0
[  298.900502][ T1334] betop 0003:8380:1850.0009: unknown main item tag 0x0
[  298.902634][ T1334] betop 0003:8380:1850.0009: unknown main item tag 0x0
[  298.906823][ T1334] betop 0003:8380:1850.0009: hidraw1: USB HID v0.05 Device [HID 8380:1850] on usb-dummy_hcd.0-1/input0
[  298.910436][ T1334] betop 0003:8380:1850.0009: no inputs found
[  299.581660][T15529] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  299.581660][T15529]    program syz.4.3653 not setting count and/or reply_len properly
[  300.163694][T15545] bridge0: port 1(vlan4) entered blocking state
[  300.165908][T15545] bridge0: port 1(vlan4) entered disabled state
[  300.168746][T15545] vlan4: entered allmulticast mode
[  300.694176][T15556] netlink: 'syz.2.3664': attribute type 1 has an invalid length.
[  300.719048][T15556] bond9: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  300.743283][T15556] veth31: entered promiscuous mode
[  300.746702][T15556] bond9: (slave veth31): Enslaving as a backup interface with a down link
[  300.963832][   T53] usb 5-1: USB disconnect, device number 18
[  301.093634][T15574] __nla_validate_parse: 1 callbacks suppressed
[  301.093652][T15574] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3671'.
[  301.130231][T15574] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3671'.
[  301.133748][T15574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3671'.
[  301.446175][ T6028] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[  301.598323][T15589] macsec1: entered promiscuous mode
[  301.602127][T15589] macsec1: entered allmulticast mode
[  301.610596][ T6028] usb 9-1: config 0 has an invalid interface number: 20 but max is 0
[  301.613374][ T6028] usb 9-1: config 0 has no interface number 0
[  301.617311][ T6028] usb 9-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  301.620873][ T6028] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.623884][ T6028] usb 9-1: Product: syz
[  301.630634][ T6028] usb 9-1: Manufacturer: syz
[  301.632516][ T6028] usb 9-1: SerialNumber: syz
[  301.635146][ T6028] usb 9-1: config 0 descriptor??
[  301.638446][ T6028] usb-storage 9-1:0.20: USB Mass Storage device detected
[  301.645961][ T6028] usb-storage 9-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  301.738351][T15596] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3679'.
[  301.742935][T15596] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3679'.
[  301.837299][ T6028] usb 9-1: USB disconnect, device number 8
[  301.917942][ T5971] Bluetooth: hci0: Malformed LE Event: 0x1b
[  302.424425][T15622] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3689'.
[  302.470146][T15622] sch_tbf: burst 88 is lower than device veth7 mtu (1514) !
[  302.747854][T15638] overlayfs: failed to clone upperpath
[  303.229289][T15647] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3699'.
[  303.378694][T15655] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3702'.
[  303.385540][T15655] netlink: 'syz.4.3702': attribute type 7 has an invalid length.
[  303.401193][T15655] netlink: 'syz.4.3702': attribute type 8 has an invalid length.
[  303.404393][T15655] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3702'.
[  303.414160][T15655] ip6gretap0: entered promiscuous mode
[  303.417205][T15655] syz_tun: entered promiscuous mode
[  303.421556][T15655] ip6gretap0: left promiscuous mode
[  303.424816][T15655] syz_tun: left promiscuous mode
[  303.538226][T15659] bridge1: entered allmulticast mode
[  303.634033][T15661] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  303.641716][T15661] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  303.773109][ T5971] Bluetooth: hci1: Unknown advertising packet type: 0x73
[  303.774112][ T5971] Bluetooth: hci1: Malformed LE Event: 0x0d
[  304.741675][T15695] hfs: unable to load iocharset "io#harset"
[  304.913633][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  304.913646][   T40] audit: type=1326 audit(1752785764.630:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  304.922808][   T40] audit: type=1326 audit(1752785764.640:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  304.953224][   T40] audit: type=1326 audit(1752785764.640:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  304.971700][   T40] audit: type=1326 audit(1752785764.640:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  304.980251][   T40] audit: type=1326 audit(1752785764.640:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  305.009629][   T40] audit: type=1326 audit(1752785764.640:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  305.017042][   T40] audit: type=1326 audit(1752785764.640:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  305.057382][   T40] audit: type=1326 audit(1752785764.640:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  305.063848][   T40] audit: type=1326 audit(1752785764.640:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  305.082915][   T40] audit: type=1326 audit(1752785764.640:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15688 comm="syz.2.3715" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ce598 code=0x7ffc0000
[  305.239035][ T5971] Bluetooth: hci1: unexpected subevent 0x0e length: 30 > 15
[  305.241323][ T5971] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[  305.507833][T15713] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3723'.
[  305.510985][T15713] 8021q: VLANs not supported on vcan0
[  305.998041][ T5971] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  306.075090][T15731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3729'.
[  306.077929][T15731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3729'.
[  306.201376][T15734] erspan0: left allmulticast mode
[  306.220469][T15737] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3731'.
[  306.227484][T15734] bond0: left promiscuous mode
[  306.234577][T15734] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.239855][T15734] 8021q: adding VLAN 0 to HW filter on device team0
[  306.250356][T15734] batman_adv: batadv0: Interface activated: 
0!

[  306.252680][T15734] batadv0: mtu less than device minimum
[  306.255175][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.259183][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.262883][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.266624][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.270766][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.275220][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.280378][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.285734][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.290875][T15734] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  306.554224][ T5971] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1
[  306.822329][T15759] netlink: 'syz.3.3739': attribute type 10 has an invalid length.
[  307.096205][T15773] netlink: 'syz.0.3744': attribute type 2 has an invalid length.
[  307.182282][T15775] netlink: 'syz.3.3745': attribute type 27 has an invalid length.
[  307.255407][T15775] batman_adv: batadv0: Interface deactivated: 
0!

[  307.269771][T15775] veth23: left promiscuous mode
[  307.271807][T15775] vlan3: left allmulticast mode
[  307.273474][T15775] geneve1: left allmulticast mode
[  307.679611][T15804] netlink: 'syz.4.3757': attribute type 4 has an invalid length.
[  307.699175][T15804] netlink: 'syz.4.3757': attribute type 4 has an invalid length.
[  307.735196][T15808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3758'.
[  307.783615][T15798] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3753'.
[  307.789964][T15798] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3753'.
[  308.009589][T15822] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3760'.
[  308.013543][T15822] 0ªX¹¦D: renamed from gretap0 (while UP)
[  308.023822][T15822] 0ªX¹¦D: entered allmulticast mode
[  308.184507][T15829] fuse: Unknown parameter '00000000000000000000'
[  308.271908][T15835] bond5: entered allmulticast mode
[  308.274510][T15835] 8021q: adding VLAN 0 to HW filter on device bond5
[  308.588875][T15844] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3767'.
[  308.593074][T15844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3767'.
[  308.907730][ T5971] Bluetooth: hci2: Unknown advertising packet type: 0x73
[  308.907789][ T5971] Bluetooth: hci2: Malformed LE Event: 0x0d
[  309.523758][T15867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3776'.
[  309.696776][T15871] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  310.046801][T15882] vlan2: entered promiscuous mode
[  310.048647][T15882] bond0: entered promiscuous mode
[  310.050405][T15882] bond_slave_0: entered promiscuous mode
[  310.052901][T15882] bond_slave_1: entered promiscuous mode
[  310.190010][   T40] kauditd_printk_skb: 403 callbacks suppressed
[  310.190026][   T40] audit: type=1804 audit(1752785770.173:983): pid=15889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3784" name="/newroot/766/file0/file0" dev="9p" ino=35913951 res=1 errno=0
[  310.710059][T15901] binder_alloc: 15898: binder_alloc_buf, no vma
[  310.713537][T15901] binder_alloc: 15898: binder_alloc_buf size 16408 failed, no address space
[  310.718541][T15901] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 8192 (num: 1 largest: 8192)
[  310.756532][T15903] gfs2: gfs2 mount does not exist
[  311.042418][   T40] audit: type=1326 audit(1752785771.075:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15911 comm="syz.3.3793" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7fc00000
[  311.274501][T15930] __nla_validate_parse: 6 callbacks suppressed
[  311.274513][T15930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3798'.
[  311.684237][   T40] audit: type=1326 audit(1752785771.737:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15911 comm="syz.3.3793" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f85579 code=0x7fc00000
[  312.019112][T15944] veth0_to_hsr: entered promiscuous mode
[  312.025727][T15944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3802'.
[  312.111905][T15944] veth0_to_hsr (unregistering): left promiscuous mode
[  312.192981][T15944] hsr_slave_0 (unregistering): left promiscuous mode
[  312.924584][  T837] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  313.097038][  T837] usb 9-1: too many configurations: 9, using maximum allowed: 8
[  313.100929][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.103627][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.107457][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.110418][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.113203][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.119450][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.134760][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.137607][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.140998][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.154214][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.157519][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.160895][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.170010][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.173108][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.176710][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.179816][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.183412][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.186993][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.189847][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.199180][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.212963][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.224951][  T837] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  313.227804][  T837] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  313.231855][  T837] usb 9-1: config 0 interface 0 has no altsetting 0
[  313.236781][  T837] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  313.239756][  T837] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  313.242751][  T837] usb 9-1: Product: syz
[  313.245235][  T837] usb 9-1: Manufacturer: syz
[  313.246675][  T837] usb 9-1: SerialNumber: syz
[  313.250026][  T837] usb 9-1: config 0 descriptor??
[  313.253945][  T837] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  313.470507][   T53] usb 9-1: USB disconnect, device number 9
[  313.474010][   T53] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  313.501017][T15994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3818'.
[  313.561588][T15998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3819'.
[  313.737089][T16007] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3823'.
[  313.852034][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  313.854026][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  314.047833][T16030] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3830'.
[  314.850478][T16052] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3845'.
[  314.870236][T16052] bridge2: port 1(ip6gretap1) entered blocking state
[  314.873210][T16052] bridge2: port 1(ip6gretap1) entered disabled state
[  314.876183][T16052] ip6gretap1: entered allmulticast mode
[  314.880625][T16052] ip6gretap1: entered promiscuous mode
[  314.906670][T16056] overlayfs: failed to clone upperpath
[  314.941019][T16058] netlink: 'syz.4.3841': attribute type 27 has an invalid length.
[  314.961581][T16060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3842'.
[  314.969214][T16058] bridge1: left allmulticast mode
[  314.976004][T16060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3842'.
[  315.738844][T16083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3850'.
[  316.272384][T16104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3857'.
[  316.277806][T16102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3857'.
[  316.284318][T16102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3857'.
[  316.289447][T16102] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3857'.
[  316.668252][ T5958] Bluetooth: hci2: command 0x0406 tx timeout
[  316.840929][ T5971] Bluetooth: hci1: unexpected cc 0x040d length: 63 > 7
[  316.845118][ T5971] Bluetooth: hci1: unexpected event for opcode 0x040d
[  317.120057][T16125] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3864'.
[  317.134696][T16125] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3864'.
[  317.787677][   T40] audit: type=1800 audit(1752785778.151:986): pid=16149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.4.3872" name="/bus" dev="overlay" ino=1112 res=0 errno=0
[  318.500645][T16161] veth0_to_hsr: entered promiscuous mode
[  318.503056][T16161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3876'.
[  318.544689][T16161] veth0_to_hsr (unregistering): left promiscuous mode
[  318.586028][T16161] hsr_slave_0 (unregistering): left promiscuous mode
[  319.417359][T16192] netlink: 'syz.3.3885': attribute type 39 has an invalid length.
[  319.552643][T16194] hfs: unable to load iocharset "io#harset"
[  319.761110][T16203] overlayfs: failed to clone upperpath
[  319.855687][T16205] bond6: (slave erspan0): Releasing active interface
[  319.858913][T16205] batman_adv: batadv0: Removing interface: 
0!

[  319.866150][T16205] bond2: (slave veth0_to_bond): Releasing active interface
[  319.871046][T16205] bond1: (slave gretap1): Releasing active interface
[  319.875839][T16205] bond2: (slave veth7): Releasing active interface
[  319.879755][T16205] bond3: (slave veth15): Releasing active interface
[  319.885865][T16205] bond7: (slave veth23): Releasing backup interface
[  319.892064][T16205] bond8: (slave vlan3): Releasing active interface
[  319.899486][T16205] vlan4: left allmulticast mode
[  319.901579][T16205] bond0: left allmulticast mode
[  319.903875][T16205] bridge0: port 1(vlan4) entered disabled state
[  319.962455][T16205] team0: Mode changed to "activebackup"
[  319.965035][T16205] vlan0: entered promiscuous mode
[  319.969839][T16205] tipc: Enabled bearer <eth:team0>, priority 0
[  320.024164][   T40] audit: type=1326 audit(1752785780.503:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16216 comm="syz.3.3892" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x0
[  320.088971][T16219] syz.4.3893: attempt to access beyond end of device
[  320.088971][T16219] nbd4: rw=0, sector=16, nr_sectors = 1 limit=0
[  320.093159][T16219] qnx6: unable to read the first superblock
[  320.096373][T16219] syz.4.3893: attempt to access beyond end of device
[  320.096373][T16219] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  320.100866][T16219] qnx6: unable to read the first superblock
[  320.103405][T16219] qnx6: unable to read the first superblock
[  320.699601][ T5971] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  320.702455][ T5971] Bluetooth: hci1: Injecting HCI hardware error event
[  320.706077][ T5958] Bluetooth: hci1: hardware error 0x00
[  320.715301][T16233] binder_alloc: 16232: binder_alloc_buf, no vma
[  321.771940][T16260] netlink: 'syz.2.3904': attribute type 1 has an invalid length.
[  321.785635][T16260] 8021q: adding VLAN 0 to HW filter on device bond10
[  321.800202][T16260] 8021q: adding VLAN 0 to HW filter on device bond10
[  321.802750][T16260] bond10: (slave vxcan1): The slave device specified does not support setting the MAC address
[  321.807294][T16260] bond10: (slave vxcan1): Error -95 calling set_mac_address
[  321.848376][T16262] bond10: (slave bridge18): Enslaving as an active interface with a down link
[  322.019096][   T40] audit: type=1326 audit(1752785782.592:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16267 comm="syz.2.3907" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x0
[  322.679477][ T5958] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  322.991958][T16288] team0: Failed to send options change via netlink (err -105)
[  322.996653][T16288] team0: Mode changed to "loadbalance"
[  323.750852][ T1334] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  323.796216][T16312] netlink: 'syz.0.3919': attribute type 1 has an invalid length.
[  323.820926][T16312] 8021q: adding VLAN 0 to HW filter on device bond6
[  323.853123][T16312] 8021q: adding VLAN 0 to HW filter on device bond6
[  323.855886][T16312] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address
[  323.861497][T16312] bond6: (slave vxcan3): Error -95 calling set_mac_address
[  323.907824][ T1334] usb 9-1: Using ep0 maxpacket: 32
[  323.913736][ T1334] usb 9-1: config index 0 descriptor too short (expected 29220, got 36)
[  323.922747][ T1334] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  323.926417][ T1334] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81
[  323.930360][ T1334] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  323.934573][ T1334] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  323.938848][ T1334] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  323.944236][ T1334] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  323.948393][ T1334] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.957575][ T1334] usb 9-1: config 0 descriptor??
[  323.966594][T16316] veth17: entered promiscuous mode
[  323.969601][T16312] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3919'.
[  323.971377][T16316] bond6: (slave veth17): Enslaving as an active interface with a down link
[  323.981235][T16312] 8021q: adding VLAN 0 to HW filter on device bond6
[  324.035625][T16318] sctp: [Deprecated]: syz.0.3921 (pid 16318) Use of int in max_burst socket option deprecated.
[  324.035625][T16318] Use struct sctp_assoc_value instead
[  324.041940][T16318] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  324.162546][ T1334] usblp 9-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  324.834699][ T6022] libceph: connect (1)[c::]:6789 error -97
[  324.837315][ T6022] libceph: mon0 (1)[c::]:6789 connect error
[  324.859711][ T6022] usb 9-1: USB disconnect, device number 10
[  324.865283][ T6022] usblp0: removed
[  324.880136][T16328] ceph: No mds server is up or the cluster is laggy
[  326.133667][T16369] netlink: 'syz.2.3938': attribute type 39 has an invalid length.
[  326.894823][T16385] bond2: (slave veth0_to_bond): Releasing active interface
[  326.908051][T16385] bond0: (slave bond_slave_0): Releasing backup interface
[  326.911007][T16385] bond_slave_0: left promiscuous mode
[  326.913810][T16385] bond0: (slave bond_slave_1): Releasing backup interface
[  326.917040][T16385] bond_slave_1: left promiscuous mode
[  326.924333][T16385] team0: Port device team_slave_0 removed
[  326.928722][T16385] team0: Port device team_slave_1 removed
[  326.931309][T16385] batman_adv: batadv0: Removing interface: batadv_slave_0
[  326.934960][T16385] batman_adv: batadv0: Removing interface: batadv_slave_1
[  326.940744][T16385] bond1: (slave erspan1): Releasing active interface
[  326.944685][T16385] bond2: (slave veth5): Releasing active interface
[  326.948672][T16385] ip6gretap1: left allmulticast mode
[  326.950888][T16385] ip6gretap1: left promiscuous mode
[  326.953288][T16385] bridge2: port 1(ip6gretap1) entered disabled state
[  326.999213][T16385] team0: Mode changed to "activebackup"
[  327.003178][T16385] vlan0: entered promiscuous mode
[  327.007274][T16385] tipc: Started in network mode
[  327.008831][T16385] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  327.011096][T16385] tipc: Enabled bearer <eth:team0>, priority 0
[  327.084539][T16393] 9pnet_fd: Insufficient options for proto=fd
[  327.657350][T16409] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  327.659436][T16409] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  327.663907][T16409] vhci_hcd vhci_hcd.0: Device attached
[  327.668658][T16410] usbip_core: unknown command
[  327.670876][T16410] vhci_hcd: unknown pdu 0
[  327.672684][T16410] usbip_core: unknown command
[  327.683786][   T12] vhci_hcd: stop threads
[  327.685725][   T12] vhci_hcd: release socket
[  327.687648][   T12] vhci_hcd: disconnect device
[  328.070721][  T836] tipc: Node number set to 11578026
[  328.086347][T16417] bond7: (slave veth0_to_bond): Releasing active interface
[  328.089987][T16417] bond7: (slave veth27): Releasing active interface
[  328.093071][T16417] bond8: (slave erspan1): Releasing active interface
[  328.096510][T16417] bond9: (slave ip6gretap1): Releasing backup interface
[  328.098684][T16417] bond9: (slave ip6gretap1): the permanent HWaddr of slave - ae:3a:17:95:8f:49 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  328.105633][T16417] bond9: (slave veth31): Releasing backup interface
[  328.109454][T16417] bond10: (slave bridge18): Releasing active interface
[  328.239847][T16417] vlan0: entered promiscuous mode
[  328.243722][T16417] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  328.548281][T16432] netlink: 'syz.2.3953': attribute type 9 has an invalid length.
[  328.551894][T16432] netlink: 'syz.2.3953': attribute type 6 has an invalid length.
[  329.739772][T16458] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3964'.
[  329.764039][T16460] bond4: (slave erspan0): Releasing active interface
[  329.773679][T16460] batman_adv: batadv0: Removing interface: dummy0
[  329.781123][T16460] bond2: (slave veth0_to_bond): Releasing active interface
[  329.802102][T16460] bond0: (slave wlan1): Releasing backup interface
[  329.806187][T16460] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  329.808916][T16460] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  329.812439][T16460] bond1: (slave gretap1): Releasing active interface
[  329.844837][T16460] bond2: (slave veth7): Releasing active interface
[  329.858361][T16460] bond6: (slave veth17): Releasing active interface
[  330.014567][T16477] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  331.462599][T16511] netlink: 'syz.3.3977': attribute type 39 has an invalid length.
[  331.668395][T16524] MPI: mpi too large (124808 bits)
[  333.366600][T16561] lo speed is unknown, defaulting to 1000
[  333.370897][T16561] lo speed is unknown, defaulting to 1000
[  333.373965][T16561] lo speed is unknown, defaulting to 1000
[  333.384991][T16561] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  333.402873][T16561] lo speed is unknown, defaulting to 1000
[  333.406741][T16561] lo speed is unknown, defaulting to 1000
[  333.409356][T16561] lo speed is unknown, defaulting to 1000
[  333.413225][T16561] lo speed is unknown, defaulting to 1000
[  333.417230][T16561] lo speed is unknown, defaulting to 1000
[  334.201405][T16587] overlayfs: failed to clone upperpath
[  334.312845][T16594] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4001'.
[  334.498425][T16596] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4002'.
[  335.216411][   T40] audit: type=1326 audit(1752785796.449:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  335.223486][   T40] audit: type=1326 audit(1752785796.449:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  335.230537][   T40] audit: type=1326 audit(1752785796.449:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  335.237192][   T40] audit: type=1326 audit(1752785796.449:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  335.243999][   T40] audit: type=1326 audit(1752785796.449:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f85579 code=0x7ffc0000
[  335.250892][   T40] audit: type=1326 audit(1752785796.449:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000
[  335.257582][   T40] audit: type=1326 audit(1752785796.449:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000
[  335.264256][   T40] audit: type=1326 audit(1752785796.449:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000
[  335.270991][   T40] audit: type=1326 audit(1752785796.460:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000
[  335.277864][   T40] audit: type=1326 audit(1752785796.460:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16625 comm="syz.3.4009" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f85598 code=0x7ffc0000
[  335.906481][T16637] lo speed is unknown, defaulting to 1000
[  336.089865][T16645] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  337.437121][T16686] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  339.063708][T16732] netlink: 'syz.4.4037': attribute type 9 has an invalid length.
[  339.067134][T16732] netlink: 'syz.4.4037': attribute type 6 has an invalid length.
[  339.119189][T16734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4041'.
[  339.654037][ T6022] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  339.807457][ T6022] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  339.810930][ T6022] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  339.814043][ T6022] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  339.818357][ T6022] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  339.821249][ T6022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.825315][ T6022] usb 5-1: config 0 descriptor??
[  340.215220][ T6022] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd
[  340.220293][ T6022] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  340.465244][  T838] usb 5-1: USB disconnect, device number 19
[  342.379759][  T837] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  342.521096][  T837] usb 5-1: Using ep0 maxpacket: 32
[  342.635060][  T837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  342.638450][  T837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  342.641415][  T837] usb 5-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  342.644222][  T837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.650491][  T837] usb 5-1: config 0 descriptor??
[  343.567046][  T837] usbhid 5-1:0.0: can't add hid device: -71
[  343.569535][  T837] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  343.588278][  T837] usb 5-1: USB disconnect, device number 20
[  343.645935][ T5971] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  343.650765][ T5971] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  343.654388][ T5971] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  343.658382][ T5971] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  343.661432][ T5971] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  343.693115][T16787] lo speed is unknown, defaulting to 1000
[  343.790550][T16787] chnl_net:caif_netlink_parms(): no params data found
[  343.881069][T16787] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.883678][T16787] bridge0: port 1(bridge_slave_0) entered disabled state
[  343.885987][T16787] bridge_slave_0: entered allmulticast mode
[  343.888567][T16787] bridge_slave_0: entered promiscuous mode
[  343.891727][T16787] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.894464][T16787] bridge0: port 2(bridge_slave_1) entered disabled state
[  343.896761][T16787] bridge_slave_1: entered allmulticast mode
[  343.899397][T16787] bridge_slave_1: entered promiscuous mode
[  343.938906][T16787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  343.952258][T16787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  344.005717][T16787] team0: Port device team_slave_0 added
[  344.015098][T16787] team0: Port device team_slave_1 added
[  344.064364][T16787] batman_adv: batadv0: Adding interface: batadv_slave_0
[  344.066559][T16787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.074557][T16787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  344.078887][T16787] batman_adv: batadv0: Adding interface: batadv_slave_1
[  344.081059][T16787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.088922][T16787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  344.126701][T16787] hsr_slave_0: entered promiscuous mode
[  344.128981][T16787] hsr_slave_1: entered promiscuous mode
[  344.131213][T16787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  344.134633][T16787] Cannot create hsr debugfs directory
[  344.281162][T16787] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  344.316799][T16787] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  344.333596][T16787] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  344.338546][T16787] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  344.380749][T16787] 8021q: adding VLAN 0 to HW filter on device bond0
[  344.393049][T16787] 8021q: adding VLAN 0 to HW filter on device team0
[  344.397914][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.400198][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  344.408522][   T88] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.411014][   T88] bridge0: port 2(bridge_slave_1) entered forwarding state
[  344.571055][T16787] 8021q: adding VLAN 0 to HW filter on device batadv0
[  344.666455][T16829] netlink: 'syz.2.4065': attribute type 13 has an invalid length.
[  345.315007][T16787] veth0_vlan: entered promiscuous mode
[  345.330748][T16787] veth1_vlan: entered promiscuous mode
[  345.362323][T16819] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  345.364910][T16819] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  345.372824][T16819] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  345.375235][T16819] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  345.382598][T16787] veth0_macvtap: entered promiscuous mode
[  345.386535][T16819] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  345.398072][T16787] veth1_macvtap: entered promiscuous mode
[  345.416570][T16787] batman_adv: batadv0: Interface activated: batadv_slave_0
[  345.426717][T16787] batman_adv: batadv0: Interface activated: batadv_slave_1
[  345.438390][T16787] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  345.441115][T16787] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  345.443770][T16787] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  345.450105][T16787] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  345.478904][T16846] overlayfs: failed to clone upperpath
[  345.518922][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.521482][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.538147][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.543041][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.547746][T16848] netlink: 'syz.2.4069': attribute type 27 has an invalid length.
[  345.556213][T16848] sit0: left promiscuous mode
[  345.561481][T16848] vlan0: left promiscuous mode
[  345.563743][T16848] ipvlan0: left promiscuous mode
[  345.565685][T16848] ipvlan0: left allmulticast mode
[  345.567677][T16848] veth0_vlan: left allmulticast mode
[  345.570447][T16848] bond0: left promiscuous mode
[  345.572356][T16848] bond0: left allmulticast mode
[  345.576590][T16848] vlan2: left allmulticast mode
[  345.578452][T16848] geneve1: left allmulticast mode
[  345.582869][T16848] gtp1: left promiscuous mode
[  345.586612][T16848] veth31: left promiscuous mode
[  345.627333][T16848] net_ratelimit: 12 callbacks suppressed
[  345.627340][T16848] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  345.705365][T16856] input: syz1 as /devices/virtual/input/input15
[  346.150611][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  346.441875][T16871] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4074'.
[  346.645729][ T5971] Bluetooth: hci0: command 0x0c1a tx timeout
[  346.764335][T16819] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  347.141051][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  347.302801][ T5971] Bluetooth: hci2: command 0x041b tx timeout
[  348.131692][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  348.591003][ T5971] Bluetooth: hci0: command 0x0c1a tx timeout
[  348.799731][T16914] overlayfs: failed to get inode (-116)
[  348.801976][T16914] overlayfs: failed to get inode (-116)
[  348.805029][T16914] overlayfs: failed to get inode (-116)
[  348.807253][T16914] overlayfs: failed to get inode (-116)
[  348.890518][T16916] input: syz1 as /devices/virtual/input/input16
[  349.122391][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  349.284435][ T5971] Bluetooth: hci2: command 0x041b tx timeout
[  349.462182][T16929] overlayfs: failed to clone upperpath
[  349.591479][T16932] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4092'.
[  350.122146][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.423345][T16962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.573716][ T5971] Bluetooth: hci0: command 0x0c1a tx timeout
[  350.753009][ T6022] IPVS: starting estimator thread 0...
[  350.837052][T16970] IPVS: using max 27 ests per chain, 64800 per kthread
[  350.887531][T16974] netlink: 'syz.3.4105': attribute type 10 has an invalid length.
[  350.890805][T16974] macvlan0: entered allmulticast mode
[  350.893808][T16974] veth1_vlan: entered allmulticast mode
[  350.898767][T16974] team0: Port device macvlan0 added
[  351.103350][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  351.256088][ T5971] Bluetooth: hci2: command 0x041b tx timeout
[  352.093927][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  352.372103][T16977] Set syz1 is full, maxelem 65536 reached
[  352.438741][T16994] lo speed is unknown, defaulting to 1000
[  352.863672][T17021] netlink: 'syz.0.4115': attribute type 27 has an invalid length.
[  352.890014][T17021] 0ªX¹¦D: left allmulticast mode
[  352.896638][T17021] erspan0: left allmulticast mode
[  352.950645][T17021] bond0: left promiscuous mode
[  352.955019][T17021] bond0: left allmulticast mode
[  353.031240][T17021] batadv_slave_0: left promiscuous mode
[  353.085036][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  353.118584][T17021] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.122075][T17021] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.125686][T17021] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.129117][T17021] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.219770][T17021] gtp1: left promiscuous mode
[  353.222259][T17021] macsec1: left promiscuous mode
[  353.223972][T17021] macsec1: left allmulticast mode
[  353.237451][ T5971] Bluetooth: hci2: command 0x041b tx timeout
[  353.239739][T17021] bond5: left allmulticast mode
[  353.300004][T17021] veth17: left promiscuous mode
[  353.383630][T17024] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.388239][T17024] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  353.691009][T17040] netlink: 'syz.0.4119': attribute type 4 has an invalid length.
[  354.075667][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  354.803688][T17049] netlink: 92 bytes leftover after parsing attributes in process `syz.5.4123'.
[  355.075789][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.228393][ T5971] Bluetooth: hci2: command 0x041b tx timeout
[  355.695547][ T6295] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  355.837556][ T6295] usb 10-1: Using ep0 maxpacket: 32
[  355.841218][ T6295] usb 10-1: config 0 has no interfaces?
[  355.845661][ T6295] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  355.849005][ T6295] usb 10-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  355.856947][ T6295] usb 10-1: Product: syz
[  355.859537][ T6295] usb 10-1: Manufacturer: syz
[  355.862290][ T6295] usb 10-1: SerialNumber: syz
[  355.870599][ T6295] usb 10-1: config 0 descriptor??
[  355.982141][T17069] lo speed is unknown, defaulting to 1000
[  356.065458][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  356.103342][   T61] usb 10-1: USB disconnect, device number 2
[  356.513430][T17087] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4134'.
[  356.610088][T17093] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  356.658219][T17097] netlink: 'syz.3.4137': attribute type 27 has an invalid length.
[  356.661609][T17097] vlan0: left promiscuous mode
[  356.673016][T17097] veth1_vlan: left allmulticast mode
[  356.675654][T17097] macvlan0: left allmulticast mode
[  356.713683][   T40] kauditd_printk_skb: 179 callbacks suppressed
[  356.713697][   T40] audit: type=1326 audit(1752785819.009:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17098 comm="syz.0.4138" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f62579 code=0x0
[  356.751287][T17099] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.756514][T17099] 8021q: adding VLAN 0 to HW filter on device team0
[  356.761976][T17099] tipc: Resetting bearer <eth:team0>
[  356.767916][T17099] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  356.773989][ T6022] lo speed is unknown, defaulting to 1000
[  356.776712][ T6022] syz2: Port: 1 Link ACTIVE
[  356.792170][T17102] lo speed is unknown, defaulting to 1000
[  356.797108][T17091] netlink: 92 bytes leftover after parsing attributes in process `syz.2.4135'.
[  357.047695][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  357.199716][ T5971] Bluetooth: hci2: command 0x041b tx timeout
[  357.442911][T17059] Set syz1 is full, maxelem 65536 reached
[  358.008167][T17127] random: crng reseeded on system resumption
[  358.090028][T17129] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  358.487525][T17134] Set syz1 is full, maxelem 65536 reached
[  358.871670][T17146] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4154'.
[  358.903685][T17146] bridge14: port 1(ip6gretap1) entered blocking state
[  358.906616][T17146] bridge14: port 1(ip6gretap1) entered disabled state
[  358.909609][T17146] ip6gretap1: entered allmulticast mode
[  358.913674][T17146] ip6gretap1: entered promiscuous mode
[  358.955359][T17146] veth35: entered promiscuous mode
[  358.957313][T17146] bridge14: port 2(veth35) entered blocking state
[  358.959500][T17146] bridge14: port 2(veth35) entered disabled state
[  358.961703][T17146] veth35: entered allmulticast mode
[  360.161242][   T88] Bluetooth: hci4: Frame reassembly failed (-84)
[  360.164688][   T88] Bluetooth: hci4: Frame reassembly failed (-84)
[  360.179627][T17168] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  360.987780][T17178] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4164'.
[  361.253406][T17185] netlink: 'syz.3.4165': attribute type 5 has an invalid length.
[  361.256899][T17185] netlink: 'syz.3.4165': attribute type 7 has an invalid length.
[  362.077318][ T5971] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  362.077364][ T5958] Bluetooth: hci4: command 0x1003 tx timeout
[  363.441249][T17229] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095
[  363.451636][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.455054][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.006691][T17239] netlink: 176 bytes leftover after parsing attributes in process `syz.3.4183'.
[  364.420202][ T6295] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  364.563061][ T6295] usb 10-1: device descriptor read/64, error -71
[  364.756272][T17250] tipc: Resetting bearer <eth:team0>
[  364.772488][ T6047] lo speed is unknown, defaulting to 1000
[  364.775332][ T6047] syz2: Port: 1 Link DOWN
[  364.782741][T17250] overlayfs: failed to clone upperpath
[  364.810872][ T6295] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  364.863415][T17252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4188'.
[  364.926993][   T40] audit: type=1800 audit(1752785827.639:1179): pid=17254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.4189" name="nullb0" dev="tmpfs" ino=3172 res=0 errno=0
[  364.944475][ T6295] usb 10-1: device descriptor read/64, error -71
[  365.103896][ T6295] usb usb10-port1: attempt power cycle
[  365.439415][ T6295] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  365.460343][ T6295] usb 10-1: device descriptor read/8, error -71
[  365.715570][ T6295] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  365.744597][ T6295] usb 10-1: device descriptor read/8, error -71
[  365.858674][ T6295] usb usb10-port1: unable to enumerate USB device
[  367.257261][T17302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4205'.
[  367.261620][T17302] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4205'.
[  367.541008][T17311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4208'.
[  368.187607][T17316] netlink: 'syz.2.4210': attribute type 4 has an invalid length.
[  368.635442][T17326] vlan0: entered promiscuous mode
[  368.643876][T17326] vlan0: entered allmulticast mode
[  368.650726][T17326] hsr_slave_1: entered allmulticast mode
[  368.713472][T17328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4213'.
[  370.960005][T17358] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4223'.
[  371.049611][T17358] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4223'.
[  371.470473][T17367] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  371.473832][T17367] syzkaller0: entered promiscuous mode
[  371.475569][T17367] syzkaller0: entered allmulticast mode
[  371.487655][T17369] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4228'.
[  371.497317][T17369] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4228'.
[  371.500170][T17367] tipc: Resetting bearer <eth:syzkaller0>
[  371.504711][T17366] tipc: Resetting bearer <eth:syzkaller0>
[  371.530436][T17366] tipc: Disabling bearer <eth:syzkaller0>
[  371.634516][T17371] delete_channel: no stack
[  372.391106][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  372.405941][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  372.564726][T17385] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  373.430700][T17402] tipc: Started in network mode
[  373.434777][T17402] tipc: Node identity b2fbae9decf8, cluster identity 4711
[  373.437133][T17402] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  373.439915][T17402] syzkaller0: entered promiscuous mode
[  373.442055][T17402] syzkaller0: entered allmulticast mode
[  373.456898][T17402] tipc: Resetting bearer <eth:syzkaller0>
[  373.460897][T17401] tipc: Resetting bearer <eth:syzkaller0>
[  373.472342][T17401] tipc: Disabling bearer <eth:syzkaller0>
[  374.979931][T17439] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4254'.
[  375.273811][T17445] lo speed is unknown, defaulting to 1000
[  375.282204][T17451] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  376.168053][T17474] vlan2: entered promiscuous mode
[  376.170496][T17474] vlan2: entered allmulticast mode
[  376.172788][T17474] hsr_slave_1: entered allmulticast mode
[  376.549907][T17489] lo speed is unknown, defaulting to 1000
[  376.902129][T17499] binder_alloc: 17497: binder_alloc_buf, no vma
[  377.613893][ T1107] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  377.662674][ T1107] ata1: failed to read log page 10h (errno=-5)
[  377.664750][ T1107] ata1.00: exception Emask 0x1 SAct 0x10000 SErr 0x0 action 0x0
[  377.667202][ T1107] ata1.00: irq_stat 0x40000000
[  377.668807][ T1107] ata1.00: failed command: WRITE FPDMA QUEUED
[  377.674816][ T1107] ata1.00: cmd 61/18:80:ee:0f:10/00:00:00:00:00/40 tag 16 ncq dma 12288 out
[  377.674816][ T1107]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  377.682031][ T1107] ata1.00: status: { DRDY }
[  377.688912][ T1107] ata1.00: configured for UDMA/100
[  377.692391][ T1107] ata1: EH complete
[  377.854239][T17520] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  379.519979][T17599] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  379.572583][T17601] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4289'.
[  380.021553][T17616] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  380.026684][T17616] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4295'.
[  380.725941][T17627] syz.0.4299 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  380.783569][T17629] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4300'.
[  381.353600][   T40] audit: type=1326 audit(1752785844.761:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17635 comm="syz.2.4303" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  381.360376][   T40] audit: type=1326 audit(1752785844.761:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17635 comm="syz.2.4303" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  381.368005][   T40] audit: type=1326 audit(1752785844.771:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17635 comm="syz.2.4303" exe="/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  381.375540][   T40] audit: type=1326 audit(1752785844.771:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17635 comm="syz.2.4303" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  381.382176][   T40] audit: type=1326 audit(1752785844.771:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17635 comm="syz.2.4303" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce579 code=0x7ffc0000
[  382.094258][T17654] 9pnet_fd: Insufficient options for proto=fd
[  382.350057][T17663] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  382.353417][T17663] syzkaller0: entered promiscuous mode
[  382.355259][T17663] syzkaller0: entered allmulticast mode
[  382.374964][T17663] tipc: Resetting bearer <eth:syzkaller0>
[  382.843102][T17674] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  383.108508][T17697] netlink: 192 bytes leftover after parsing attributes in process `syz.0.4319'.
[  383.112629][T17697] openvswitch: netlink: Flow actions attr not present in new flow.
[  383.290390][ T6022] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  383.309455][  T838] tipc: Node number set to 1577299613
[  383.452262][ T6022] usb 10-1: Using ep0 maxpacket: 32
[  383.456049][ T6022] usb 10-1: config index 0 descriptor too short (expected 156, got 27)
[  383.458917][ T6022] usb 10-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  383.547928][ T6022] usb 10-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  383.557928][ T6022] usb 10-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  383.565901][ T6022] usb 10-1: config 0 interface 0 has no altsetting 0
[  383.573246][ T6022] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  383.579123][ T6022] usb 10-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  383.583214][ T6022] usb 10-1: Product: syz
[  383.585429][ T6022] usb 10-1: Manufacturer: syz
[  383.587692][ T6022] usb 10-1: SerialNumber: syz
[  383.591343][ T6022] usb 10-1: config 0 descriptor??
[  383.594981][ T6022] ldusb 10-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  383.598845][ T6022] ldusb 10-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  383.604932][T17703] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  383.793796][   T61] usb 10-1: USB disconnect, device number 7
[  383.797636][   T61] ldusb 10-1:0.0: LD USB Device #0 now disconnected
[  383.831351][T17711] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  383.836716][T17711] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN NOPTI
[  383.840422][T17711] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[  383.844159][T17711] CPU: 2 UID: 0 PID: 17711 Comm: syz.2.4323 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(full) 
[  383.849694][T17711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  383.854134][T17711] RIP: 0010:qdisc_tree_reduce_backlog+0x1cb/0x500
[  383.856833][T17711] Code: 4d 8b 67 18 49 8d 7c 24 08 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 ff 02 00 00 4d 8b 74 24 08 4d 8d 66 20 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 0f 85 1a 03 00 00 49 83 7e 20 00 74 48 e8 cf 04 3a f8
[  383.864398][T17711] RSP: 0018:ffffc9000748f2b0 EFLAGS: 00010202
[  383.866981][T17711] RAX: 0000000000000004 RBX: dffffc0000000000 RCX: ffffc9000cb52000
[  383.870267][T17711] RDX: 0000000000080000 RSI: ffffffff89815dec RDI: ffffffff90aa39a8
[  383.873577][T17711] RBP: 00000000000b0002 R08: 0000000000000005 R09: 0000000000000000
[  383.876887][T17711] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000020
[  383.879896][T17711] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888058f41000
[  383.883113][T17711] FS:  0000000000000000(0000) GS:ffff888097721000(0063) knlGS:00000000f50beb40
[  383.886795][T17711] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  383.889470][T17711] CR2: 00000000f50bd528 CR3: 000000004d094000 CR4: 0000000000352ef0
[  383.892689][T17711] Call Trace:
[  383.894069][T17711]  <TASK>
[  383.895265][T17711]  fq_change+0xc60/0x1d30
[  383.897031][T17711]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  383.899325][T17711]  ? lockdep_hardirqs_on+0x7c/0x110
[  383.901425][T17711]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  383.903816][T17711]  ? __pfx_fq_change+0x10/0x10
[  383.905859][T17711]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  383.908335][T17711]  ? __pfx_qdisc_watchdog+0x10/0x10
[  383.910443][T17711]  ? __hrtimer_setup+0x176/0x280
[  383.912547][T17711]  fq_init+0x696/0x840
[  383.914283][T17711]  ? __pfx_fq_init+0x10/0x10
[  383.916193][T17711]  qdisc_create+0x457/0xfc0
[  383.918126][T17711]  tc_modify_qdisc+0x12bb/0x2130
[  383.920205][T17711]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  383.922331][T17711]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  383.924434][T17711]  rtnetlink_rcv_msg+0x3c6/0xe90
[  383.926399][T17711]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  383.928628][T17711]  ? __lock_acquire+0x622/0x1c90
[  383.930663][T17711]  netlink_rcv_skb+0x158/0x420
[  383.932735][T17711]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  383.935064][T17711]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  383.937321][T17711]  ? netlink_deliver_tap+0x1ae/0xd30
[  383.939502][T17711]  ? is_vmalloc_addr+0x86/0xa0
[  383.941428][T17711]  netlink_unicast+0x53a/0x7f0
[  383.943447][T17711]  ? __pfx_netlink_unicast+0x10/0x10
[  383.945676][T17711]  netlink_sendmsg+0x8d1/0xdd0
[  383.947682][T17711]  ? __pfx_netlink_sendmsg+0x10/0x10
[  383.949876][T17711]  ? __import_iovec+0x1dd/0x650
[  383.951843][T17711]  ____sys_sendmsg+0xa98/0xc70
[  383.953790][T17711]  ? perf_trace_gfs2_glock_state_change+0x890/0x960
[  383.956437][T17711]  ? __pfx_____sys_sendmsg+0x10/0x10
[  383.958599][T17711]  ? get_compat_msghdr+0x11a/0x170
[  383.960691][T17711]  ? __pfx_futex_wake_mark+0x10/0x10
[  383.962961][T17711]  ___sys_sendmsg+0x134/0x1d0
[  383.964945][T17711]  ? __pfx____sys_sendmsg+0x10/0x10
[  383.967000][T17711]  ? find_held_lock+0x2b/0x80
[  383.968907][T17711]  __sys_sendmsg+0x16d/0x220
[  383.970859][T17711]  ? __pfx___sys_sendmsg+0x10/0x10
[  383.973031][T17711]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  383.975378][T17711]  ? rcu_is_watching+0x12/0xc0
[  383.977390][T17711]  __do_fast_syscall_32+0x7c/0x3a0
[  383.979445][T17711]  do_fast_syscall_32+0x32/0x80
[  383.981370][T17711]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  383.983921][T17711] RIP: 0023:0xf70ce579
[  383.985568][T17711] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  383.993217][T17711] RSP: 002b:00000000f50be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  383.996750][T17711] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000200
[  384.000013][T17711] RDX: 0000000004008000 RSI: 0000000000000000 RDI: 0000000000000000
[  384.003309][T17711] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  384.006580][T17711] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  384.009823][T17711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.013091][T17711]  </TASK>
[  384.014427][T17711] Modules linked in:
[  384.016451][T17711] ---[ end trace 0000000000000000 ]---
[  384.018737][T17711] RIP: 0010:qdisc_tree_reduce_backlog+0x1cb/0x500
[  384.021520][T17711] Code: 4d 8b 67 18 49 8d 7c 24 08 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 ff 02 00 00 4d 8b 74 24 08 4d 8d 66 20 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 0f 85 1a 03 00 00 49 83 7e 20 00 74 48 e8 cf 04 3a f8
[  384.029345][T17711] RSP: 0018:ffffc9000748f2b0 EFLAGS: 00010202
[  384.031827][T17711] RAX: 0000000000000004 RBX: dffffc0000000000 RCX: ffffc9000cb52000
[  384.035214][T17711] RDX: 0000000000080000 RSI: ffffffff89815dec RDI: ffffffff90aa39a8
[  384.038492][T17711] RBP: 00000000000b0002 R08: 0000000000000005 R09: 0000000000000000
[  384.041760][T17711] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000020
[  384.045144][T17711] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888058f41000
[  384.048490][T17711] FS:  0000000000000000(0000) GS:ffff888097721000(0063) knlGS:00000000f50beb40
[  384.052212][T17711] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  384.055044][T17711] CR2: 00000000f50bd528 CR3: 000000004d094000 CR4: 0000000000352ef0
[  384.058329][T17711] Kernel panic - not syncing: Fatal exception in interrupt
[  384.062048][T17711] Kernel Offset: disabled
[  384.063876][T17711] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:04:33  Registers:
info registers vcpu 0

CPU#0
RAX=000000000042f87c RBX=0000000000000000 RCX=ffffffff8b844c49 RDX=ffffed1005646646
RSI=ffffffff8c157860 RDI=ffffffff81919b21 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08
R8 =0000000000000000 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a99a50 R15=0000000000000000
RIP=ffffffff8b8437af RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097521000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73a0658 CR3=000000004d094000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000055929c RBX=0000000000000001 RCX=ffffffff8b844c49 RDX=ffffed1005666646
RSI=ffffffff8c157860 RDI=ffffffff81919b21 RBP=ffffed1003bd8488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001
R12=0000000000000001 R13=ffff88801dec2440 R14=ffffffff90a99a50 R15=0000000000000000
RIP=ffffffff8b8437af RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097621000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000030411ffc CR3=000000004d094000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85583c95 RDI=ffffffff9b0ab980 RBP=ffffffff9b0ab940 RSP=ffffc9000748ec20
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043
R12=0000000000000000 R13=0000000000000034 R14=ffffffff9b0ab940 R15=ffffffff85583c30
RIP=ffffffff85583cbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097721000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50bd528 CR3=000000004d094000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000034435c RBX=0000000000000003 RCX=ffffffff8b844c49 RDX=ffffed10056a6646
RSI=ffffffff8c157860 RDI=ffffffff81919b21 RBP=ffffed1003862000 RSP=ffffc9000048fdf8
R8 =0000000000000000 R9 =ffffed10056a6645 R10=ffff88802b53322b R11=0000000000000001
R12=0000000000000003 R13=ffff88801c310000 R14=ffffffff90a99a50 R15=0000000000000000
RIP=ffffffff8b8437af RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097821000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73a544c CR3=000000006a32a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000