last executing test programs:

2m7.882051173s ago: executing program 3 (id=677):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f0000000100)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14)
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000000)=0x5, 0x4)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0xf, 0x4, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3}, &(0x7f0000000040), &(0x7f0000000140)=r2}, 0x20)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c00)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="7d2c2b92416f489dce0006"], 0x14}}, 0x0)

2m7.881316967s ago: executing program 3 (id=678):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[<r3=>0x0], &(0x7f00000000c0), 0x0, 0x1, 0x0, 0x0, r2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f00000002c0)=[r2], &(0x7f0000000140), &(0x7f0000000800)=[r3], &(0x7f0000000100), 0x0, 0x400000000})

2m7.821993646s ago: executing program 3 (id=679):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r0, 0xffffffffffffffff, 0x0)

2m7.821840613s ago: executing program 3 (id=680):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000007c0)={r2, &(0x7f0000000740), 0x0}, 0x20)
mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000300)={[{@gid}]})
syz_emit_ethernet(0x72, &(0x7f0000000040)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a27f2", 0x3c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x4, 0x2, 0xe, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast2}]}], {{0x8000, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xe183}}}}}}}, 0x0)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r0)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r3, @ANYRESHEX=r3, @ANYBLOB="010000f00000000000efbb51fb0000080003001e890bc7ef3d61213dfc2e559c759458464fc31a28558517dd7aa42efd9fb6f291647ba897d94c43c0f3d1942b53d1e33f3d6f7c66570cc3a864934bfc1888ed45dc4aeac81de54f50e01d88bbca054623a585a62c313cd390fb058dd55abb0d09659605e8bcc6fe5a334daf561c10a3d39a042ac6e689fc1a5ee627e286ff5817cc3181966985b81c856a5877dbba22ae0b29533f32901cc53810557bb1b30e3efcd3dfc17bfe33e5d2b7476f1ac8aff06302840995aff3340fc00776b9006faf9351e6e5fecc036a65", @ANYRES32=r1], 0x94}}, 0x90)

2m7.752064464s ago: executing program 3 (id=681):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20ffa000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f00000002c0)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0xa, 0x308e03, 0x3f844d})
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r4, 0x18000000000002a0, 0x0, 0x5b, 0x0, 0x0, 0x6, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x50)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r6 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x95}, @in=@multicast1, 0x0, 0x0, 0xfffd, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x58138275}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x32}, 0x2, @in6=@local, 0x0, 0x4}}, 0xe8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x822b01)
write$char_usb(r7, &(0x7f0000000040)="e2", 0x12d8)
syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2)
pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0)
ppoll(&(0x7f0000000200)=[{r3}, {r3, 0x9144}], 0x2, 0x0, 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4000, 0x317c, @loopback, 0x5}, 0x1c)
r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
r10 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r11=>0x0})
r12 = socket(0x10, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x10}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r11, @ANYBLOB="00000000000000001c001a800800068008000200080000003e"], 0x44}}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r9, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x1, 0x0, 0x2d1})

2m3.781895157s ago: executing program 3 (id=742):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9fb, 0x9, 0x0, 0xfffff7ef, 0xffffffff, 0x8}}}}]}, 0x4c}}, 0x44080)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x7)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000012c0)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x31, 0x0, "0c9e02461b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd15f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r7, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a68473ba07d945c3b03e10950cd4b347113e55eb4285bf274bca67efbff2fdf98328de9434031348589bf28046d14810000000e3ffffff00"}, 0xd8)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r10, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r11, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000080)={r0, 0xf, 0x1201, 0x1})
r12 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r12, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

2m3.767310089s ago: executing program 32 (id=742):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9fb, 0x9, 0x0, 0xfffff7ef, 0xffffffff, 0x8}}}}]}, 0x4c}}, 0x44080)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e088641100050000210057ac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x7)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000012c0)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x31, 0x0, "0c9e02461b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd15f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r7, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a68473ba07d945c3b03e10950cd4b347113e55eb4285bf274bca67efbff2fdf98328de9434031348589bf28046d14810000000e3ffffff00"}, 0xd8)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r10, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r11, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000080)={r0, 0xf, 0x1201, 0x1})
r12 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r12, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

28.95071784s ago: executing program 0 (id=2341):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@delsa={0x44, 0x12, 0x1, 0x0, 0x0, {@in6=@private0={0xfc, 0x0, '\x00', 0x1}}, [@srcaddr={0x14, 0xd, @in=@private=0xa010102}, @tfcpad={0x8, 0x16, 0x6}]}, 0x44}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000010400000000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000201200001c00128009000100626f6e64000000000c0002800800030009000900"], 0x3c}}, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000240)={0x1}, 0x8)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
poll(&(0x7f0000000040)=[{r1, 0x8}], 0x1, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x13f, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0x7, 0x0, "0630055e54cf4fc27afb17a8d379af86943b6e98def368a4ccbab7e760d9847ed2a64341ba5e72f9c862785d83b12d6e86c1624def7ba8cfaec61b464109209544a757a0a1745f208981c6a1f6165e588740d1c2dde9d3a038d93d65229b145c7422dd9b8abbc94852e9a9103d0b4d0f5cce5f9731d1f3e355ad4c6aef0742866a4a3e4dffe1511e2667ed0835246652e0379949b4c54d92ba363f3a9b2e04dab740495cb9e7c54b692814d1f79c54e301e2b0bcfa6afd53904ab2fd2d2be41313e2c10e874097670be4e795372c75729c46a0a7c7423651cf645f3c6d301c67e9a37505eb9655c3427b185d574827a75a845e1fdac6b7fe021fb043d31899d1", 0x5, 0x2, 0x2, 0x7, 0x6c, 0x3, 0xf8, 0x1}, r2}}, 0x120)
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, 0x0, 0x8000)
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000007126000000000000bf670800000000005601000000ff07ad6706000002000000070300000ee60000bf250000000000002d350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000160400000400f9ffad3001000000000084000000000000004500000001f0ffff95000000000000006e8ad524a56600a5585b7351ca1136aef2e9407e5c2501d11900db85604036883647b1fb3f1403b816f511c8c56e56e40b01005505f8a89dae4293b10f3631b25fc9f189084c7fddccff01361d355f6cce8ec2abcdf1bc9040daef2cfa2046e2091e269f4734ffa55eb2d4e8de20b38c8808b365b46bd54c68cd30139a8c3827a7dd6d6e2b5fea3906f8456b0000000000ff07efffffff0047018ae79db613d2aec070f718ab629b4975320dd7a7da532281fd22c7b835005bf52715396669836db6000000005b4f0591ee7c8cd263dd172b28d01c4d8ddaf2cdad3d1a74a2f078aa6402483856a6e495408d0b33047f06aec2cc590df28efc7dbec6857db922195a271af103f03e1155197e067b2ebf4e2dae06e394c9639564f000fc3cdd05a157544d0200000000000000ee48f5287123a0d246c0c4c00fe979dbc09ed4db22d7172adc6ae8faa5f9ad188e07000000000000008d88a0b4684559d46cae41db1b914e93f1f88e80ef80c6ed3e1ff91ff111000000000000000000e33de432e488ad0e724c2d14a1e770e116984a5700afb8a1f3d47277ef0e33e7e00ec5f74e10937ba0e321346977b7d1b18013f509675b5b0f352e30dffda780e95c301f4fc7d5a76475ace6b128b02bfd71023daffdf748a6bd356fcbacec96373d1101000736ac0bbcb5f4836bddfe8bf46308000000ade9e59fcf271bb98bd0b8b5216b858b414c31682f9f3db2e4d8e5898e445fe55ac56c0ddd932d838ff651023853d42210642986f8bbc7340bc8393f774318c9fc9b05788de2c6e601b50777e8dff581de1d5ae3d801ead7eba31126e2172fa1eadf5f3bec81004d00000000c8e4692e051c731f9ac766b7fd66278d40f0760f23e8c7d1f47cd8e02504e85e152955ad8acd989c0b2eea71414f533f5685c3904bfe1d0011ffc1ba5398f3d68124674478186edd036f15bf847c33f79e1a0ad3d2b5080ecb01420c9f1b534e969fce97ffff07000009000000bfe0ed7c5853a665c0805752dca0e571d75cac5a5d8e4f6e05055b6dec5a9a5696f053a92d81fd9e5f2b9dbbe24f38e745b5a95d45003d0600e413dc623f3e6b096c8b0ad7438c6631388892c55b0671140afbfb83bba415f729fea4c8a8a86189dceedad84cdd17c46bdd847a1f4b0facd3744f5bbb06abb319204fca4bcd4297fe7b4cee75abf43e14fe861220799c0f12702964fc890a176fdafa2c9387280b5693c000c0304cece48642649375dae0b7979b229f708a97349e96e783af9a23cd3980a2c29d3d62875e5319cd51bdd224878a0b25edf0e83c930633bd9a823e28f359608ea326c77a1aa17318f392a0ec6c188916f4149c503027feccfd68ec8278a90252693fb133c4615801077e1d75420017c03990b855fe481a20b4919bb11c6d737b6545ef140a0fc339bb53953662f1454f9852e7c4e17eb8e68f076c659f56d6c7f97a94d604f45cfe88b30c170000000001000000ef931f137967de563c29d81aacb3d48226a4e4b6670900000000000000fa68bff3693afc44db223f0400000000000000d23b48bb38b31a14ffcddd92c38f6b6d86a0e56d47a82bad5d2a6dce4c4d353261260c9d7a6bd9f2c872c4172a3d2ac80dfb718cc159e6423065624f1300007d6072f0cf120ad2ba519afdd43a14000000000000000000000000007ef2f3c58d045f0700000094069acbe333aebd10f2118fbfeda3fa5500d52cd5241588d2b68a332edfef6d701c8936a25d68b841f982511392cc0d3a78616f8ce0f2877d099258bf85866d0ee7f803fa50fd41ef62b028d12028a7b497d92f544523290f520b0d000000000000000000007758b1267669ded883b5867c5916a74843b784955108f750c57744c76a09629dd0aaca5cb0f14f49db80a1aa2692c18fbb31cbdb3f2e138e6d5ba3491fc3617b511f24bad26466407e39000000000000d7a1bf4624d31c13a6840f45a7f4e01a50d790132abb36915e35b1ac35bf3921357f638684bba17b8fe1e2123153ecd6d1f76820d4f8fa0b96b50c457ae8d5f2351cdb7bc8170380557bc11cf6ee3395974e37018a2a7473312cb32affb8ff72a253e0d36099e460f13694b9891af526d9608271838e83d17103887f34210dd4c0cf60dec608b4ca5ba2f3037bf381e7b5d5b27820000000000000000000000b719bd34f3244730f708fdd532640edc6b82dd4ad72ecbaccafef806f5447aba2246d56a601bbd8c24ba1e16dda3296ce10de6830"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

28.780933699s ago: executing program 0 (id=2342):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = userfaultfd(0x80001)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="00a50200000000001c001c800b00010062726964676500000c00028008001d0001000000"], 0x3c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000e9e000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r3=>0x0})
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a65b0000070000000200000000000000070000000000000004000000000000000000000000000000000000000000000000000000000000000500000008000000000000800000000000000000100000000600000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003720b339bd29fa010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055464f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"])
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000200), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x2, 0x0, &(0x7f0000000180))
r6 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000080)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x4d6f67e9d6856170, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

23.202534868s ago: executing program 0 (id=2342):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = userfaultfd(0x80001)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="00a50200000000001c001c800b00010062726964676500000c00028008001d0001000000"], 0x3c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000e9e000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r3=>0x0})
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a65b0000070000000200000000000000070000000000000004000000000000000000000000000000000000000000000000000000000000000500000008000000000000800000000000000000100000000600000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003720b339bd29fa010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055464f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"])
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000200), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x2, 0x0, &(0x7f0000000180))
r6 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000080)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x4d6f67e9d6856170, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

15.879519817s ago: executing program 0 (id=2342):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = userfaultfd(0x80001)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="00a50200000000001c001c800b00010062726964676500000c00028008001d0001000000"], 0x3c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000e9e000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r3=>0x0})
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a65b0000070000000200000000000000070000000000000004000000000000000000000000000000000000000000000000000000000000000500000008000000000000800000000000000000100000000600000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003720b339bd29fa010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055464f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"])
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000200), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x2, 0x0, &(0x7f0000000180))
r6 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000080)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x4d6f67e9d6856170, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

9.437675604s ago: executing program 0 (id=2342):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = userfaultfd(0x80001)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="00a50200000000001c001c800b00010062726964676500000c00028008001d0001000000"], 0x3c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000e9e000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r3=>0x0})
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a65b0000070000000200000000000000070000000000000004000000000000000000000000000000000000000000000000000000000000000500000008000000000000800000000000000000100000000600000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003720b339bd29fa010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055464f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"])
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000200), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x2, 0x0, &(0x7f0000000180))
r6 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000080)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x4d6f67e9d6856170, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

2.538532507s ago: executing program 0 (id=2342):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = userfaultfd(0x80001)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="00a50200000000001c001c800b00010062726964676500000c00028008001d0001000000"], 0x3c}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000e9e000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r3=>0x0})
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a65b0000070000000200000000000000070000000000000004000000000000000000000000000000000000000000000000000000000000000500000008000000000000800000000000000000100000000600000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003720b339bd29fa010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055464f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"])
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000200), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$inet6(0xa, 0x800000000000002, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x2, 0x0, &(0x7f0000000180))
r6 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000080)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x4d6f67e9d6856170, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

1.90715601s ago: executing program 2 (id=2670):
r0 = accept4$unix(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000040)=0x6e, 0x98f168c7d43b9ac6)
recvfrom$unix(r0, &(0x7f0000000380)=""/254, 0xfe, 0x101, &(0x7f0000000480)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x3, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5d371c61f550e9d86aabda45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5ff070000000000000ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5f45c879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2ea86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c58684a1d2f624c3eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366aa660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef3103ce10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e00000100000000003edd3d43cc64e0d26b46907b42e08d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a74748b8cd994ed368695aa2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeaded2930376eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041894f60fbbcafa487ee96b368e8769da90b44190e569fe8b923c32c288baaca5c5558b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff35a9eec46dfc8a52433f605ebf151c837b4966b5f3628a406175a87e32c5e4268d3000933b580415b162e2946446b8f02554c8a1225217d69d049685dd06aa8528673a9673a723ac414af77f523ad730d00e8700c213f95c87a94f39f506b9e000000000000000000000000000000000000000000000000000090668ac41a1c2a4f7831e6c6a3e9c68ca2c449482bb70a994e71a7f24873848fbb128c820c1de19cc003dfa65a2b296caeb1253802080e08eeb724c4c7b7e052afa19b0f2cd7a13bda4b5a8f3b8fa3ca70bb756a3d529718d5c79d9bdb89e5d33793533211d76d00a45079eff797476106bf76f1fed952a7c9162b88911b5b00c3d26fd2fb4d7b29d1ce025e102d458efd5cca3f3835ce760359eaa01cb13cb28d60e8942fdc02b6824c00dac62f8a2d4c680ae284a82f09d6641921536814b444e4188d9b2e97eb3b108e7876f0f3f3863147ab694218c7cecc075d52d590dddbb57fc6fedf5ec69d7894a7b5c8109f303dab998815c80534b0bd34c49eea63997e56728a8185a8bb6988a7197b87f5548f5edfdfb3efc907fe561b33a6f7c707f7828c6adaf3b2a39929b4b65253e787d65c08aff5e4a9b2267bd8f803ea38f10a6e9c4a49bf23525e08c12d229211fe4d88cf1440f29accfa50f327ac1fb20d7f164100111bd21fca713b2475f1c997f3000000000080c426bcec79c6bc83ce4e6cbb17c01be69db342192d0a716cc24710d23321441f475ec485d642b61c6bd907071dbbe37c0b78f60fd2ad0d13ca62d9d9aafb01c3920b64cb5e023810e2de4327f90c389ce36d90ff9f3cb9d8cd2260d05a8126943a3df17157470595c68ac8df7fea6d42ecb2cdb65b4f2aef0db2b2de949a6d4ec37f2fd693ae44944041a64fe6336aba1c66b1b95d2edbc40364a049616ae962d75eae619548aa86bd5f0bad56e7ad7de2ee5e6f3b42e3a27094b6b5face99456d9af1926b21d37faf7612d9752cf58e6424decd530b5419e117ec08647566b1bdd75d6a9a1e600aaf0f42ce94b4725d4c2da80150dc34e5975d6904f061ed9a7608959f2d24ee6ec4f2395d16e02f53c746f74b12013f738d76456c3407188eff97f31ca36e5d79e1f1c7c3b688ee21d37ba5ebf4afc2a61f16"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x55, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$packet(0x11, 0xa, 0x300)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101501, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(r5)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae01, 0x1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000040)={0x0, 0x38d000, 0x8})
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe06, 0x1000000, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1bff430500001100630377fbac141414e000000162079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[], 0x0)

1.649615956s ago: executing program 2 (id=2671):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
ioctl$SNDCTL_DSP_GETISPACE(r1, 0x8010500d, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@bridge_delvlan={0x24, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x2, 0x2}}}]}, 0x24}}, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)

1.541022074s ago: executing program 4 (id=2674):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@bridge_delneigh={0x30, 0x1d, 0x1, 0x70bd2a, 0x25dfdbfc, {0x2, 0x0, 0x0, 0x0, 0x0, 0xa9, 0x2}, [@NDA_DST_IPV6={0x14, 0x1, @loopback}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x4)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x8000003d)
write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'devices'}, {0x2d, 'freezer'}, {0x2d, 'net_prio'}, {0x2b, 'cpuset'}, {0x2d, 'devices'}, {0x2d, 'freezer'}]}, 0x36)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x89f9, &(0x7f00000008c0)={'sit0\x00', &(0x7f0000000880)={@remote, @broadcast, 0x1e, 0x12}})

1.491002833s ago: executing program 4 (id=2676):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x29a83a768e447add)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r2, {0x5, 0x2}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x0, 0x1}}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="5c000000020605000000000000000000000000000c00078005001500267d00000500010007000000050005000a000000050004"], 0x5c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
sendmmsg$inet(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000bc0)='#\x00NN', 0x4}], 0x1}}], 0x1, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)

1.300919796s ago: executing program 1 (id=2679):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@datasec={0x7, 0x0, 0x0, 0xe, 0x2, [], "ef69"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x2, [], "9c05"}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f]}}, 0x0, 0x3d, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@datasec={0x7, 0x0, 0x0, 0xe, 0x2, [], "ef69"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x2, [], "9c05"}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f]}}, 0x0, 0x3d, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x6, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x19, &(0x7f0000000040)={0x5, 0xf, 0x19, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x5, 0x4, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x6, 0x2, 0x8}]}}) (async)
syz_usb_connect(0x6, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x19, &(0x7f0000000040)={0x5, 0xf, 0x19, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x5, 0x4, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x6, 0x2, 0x8}]}})
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CAP_DIRTY_LOG_RING(r4, 0x4068aea3, &(0x7f0000000500)={0xc0, 0x0, 0x4000})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RESET_DIRTY_RINGS(r4, 0xaec7)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000080)={0xf010004, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90d, 0x6, '\x00', @value64=0x31}})
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000180)={0x20, r0, 0x1, 0x0, 0x0, {0x1e}, [@ETHTOOL_A_PAUSE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}}, 0x0)

677.206486ms ago: executing program 1 (id=2680):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = syz_io_uring_setup(0x23c, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, &(0x7f0000000240)="352f1938d141676d9b6c59065f664735c08b9d697a645f85b19ba9030648cd046d1f26aad0196458046b81", 0xfffffffffffffe08, 0xebec93e830f96115})
io_uring_enter(r2, 0x7f5f, 0x4000000, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendto(r6, 0x0, 0x0, 0x24000086, &(0x7f0000000780)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x80)

677.05487ms ago: executing program 1 (id=2681):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x3, &(0x7f0000000040)=ANY=[@ANYRES64=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000008000002000000400004803c0001800b0001006e756d67656e00002c000280080004400000000708000340000000000800014000000001080001400000000c08000240000000000900010073797a30000000000900020073797a32"], 0x94}}, 0x0)

620.910194ms ago: executing program 1 (id=2682):
mkdir(&(0x7f0000000100)='./file0\x00', 0x11c) (async)
mkdir(&(0x7f0000000100)='./file0\x00', 0x11c)
setxattr$security_ima(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0), &(0x7f00000003c0)=ANY=[@ANYBLOB="0415f35df96a006f51901c3b20c1eed906415a9e59a6e816b01371ee0ad62c3fd9ef581fbcb40e00a88e9fd76247559debf1ed5a8864855c140c2fa017c3cd02584263f41c79fb1db830ce58423fd5540d8084466ca49e871e96b1ec521f847581e4b4f7af3d47d7d97bb245cb919d680de65c402f70dbc987c06b2c65761fdb44f4f96d7d2c9906f8b42f9b6310f07f"], 0x16, 0x2)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0) (async)
r2 = socket(0x1, 0x803, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0xe1, &(0x7f0000000700)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0xf7, 0x8, 0x8, &(0x7f0000000540)}}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x41, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000280)='kvm_unmap_hva_range\x00', r5}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000280)='kvm_unmap_hva_range\x00', r5}, 0x18)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000100003040000000000000000000000c8", @ANYRES32=0x0, @ANYBLOB="42420000000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x20000000)
openat(r0, &(0x7f00000001c0)='./file0\x00', 0x204000, 0x48) (async)
openat(r0, &(0x7f00000001c0)='./file0\x00', 0x204000, 0x48)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x100034}, &(0x7f0000000040)) (async)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x100034}, &(0x7f0000000040))
socket$inet6_sctp(0xa, 0x801, 0x84) (async)
r7 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r7, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
r9 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r9, 0x29, 0xc8, 0x0, 0xc000000)
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r8, &(0x7f0000000000)=ANY=[@ANYBLOB="04000000ffffffffffffaaaaaaaaaaaa86dd6001d55e00442901fe8000000000000000000000000000aaff03"], 0x7e)
sendto$inet6(r7, &(0x7f0000001240)='>', 0x1, 0x0, &(0x7f00000012c0)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c)
shutdown(r7, 0x1)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x8, 0x7, 0x1, 0xff, 0x91}, 0x14)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sysfs$1(0x1, 0x0)

620.054558ms ago: executing program 4 (id=2683):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
chdir(0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000280)='./bus\x00', 0x0)
renameat(r1, &(0x7f0000000080)='./bus\x00', r1, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00%'], 0x3c}, 0x1, 0x0, 0x0, 0x7000000}, 0x0)
write$UHID_INPUT(r1, &(0x7f0000000b40)={0x8, {"c8d3c801c8f9fbcac5758ecb1260085d10c8962a172fa4f598b84c6e2c449ed5ad952fe01e38987100db97b7c9ae3b1be0d0bd2582d089a39dc43f0cfb2b6a2f2c037de37bf16515e3115ffd53781dd72a02f055c83f292afcd50072d9392a87729542e5d89c0bc7bde531263e87dc422042a3a0605ecb165c7dddb2b34939ddfdb97794a4de9c463f06979f9c068716968f40b8d1f2de64a6f044d764892e1d77724643d92485bb1f6659af197c6c2c251e05cdb437184aac3692220ee26f2cf2658220d4b5fa5aee943ed04b638524c7750615f7a7e39dd1889efb2a9092fe83fe8c0ba0628d0566cf2b625ab2347f2e10ad0c57494c364229586d3995eb8ea977daf7d99ad9d7b503cb6678455537b6e7f63fb5e457c7dd19f698f61ecb9bf7dd015d754d51607b673fea1f55bab7314fb5089c54bc06e9bc4af6f00db96e889a04780e76c4ef625324d46d62822ecbf94510db9727632dc7e4783da1b67a7a344d770789ed49eda0b85651b8a40f2ace87f5cbc25b9a911b26e69d91853c6b2726b586a17289921c596e97ebb7a9610b77800182fd0ac5c91ec244cab7c3a7ce4693c7b11a19b87f40e1446ddcdca425060f0170a52f73d923cc47b74dcbdb092b424b5b783102a67d9ee3d4c5a9a9b94504d2610d3a5cfd717512be3c76b7cad0db8751d6929e9832f6362529cd4a187030e39c2b90d8d523e54bdb2edb0a1964a5c56eecc82054620dbd0bbe24e783af89b0066cb91077d1d91f0353b17d569520dc5b865eae18235bc10e1831f58b0938d0e90d54c47a4c9e94f670b2b3128edbf127ed2b599b26bd5faed4f4810916af9542c04763cc1175717d2e4a0194fb0d09d761ecd9bc93f6d845fec643105f65a7ac7e8601390fe59aef8d52a55aaea52e64335c7529d3f094d9ad660d284da8850f450f4ed228559a011be3addfeff3726697e01c25c6723a62a2e1c598230ed3f1db17eeb8f11a1b6ef44f71e70bdfab0d386214a5ff625423fa6e0d7faa8ba01771d5afe05930e71cb1c262204eeae36fa84d40f49c0e7b9ad4d206f783a1cd66b57c83e26f96806442a040915c495569584af732853d62b80754fa0fe718dddeb999feb27670f02d38b1896aa4833fab605a4d4f471c3ca4271a27846b8dc8c0f958e64c144deb540c9b308197aa9b5dee7423f0dca750c9769ec3611fe6253e5d2f54b10960524b3d7e6c5c00ef496f1a754a2e338abbc7b4e431f8d3b1f2619f3e06d0548a15a4e1f6a3446dd5b3f80cfaee41232f3b55a6bfa15a624bf9ea6a1c19bf1fc3fd4d48350012a15b1f4affa76372a695b71c30e6ddf2efcb8a9acac5a8009d0313f1dd1c16120f2a98c13ac9b7a70f42d2bf7e1e1df8ddd7a107a7c97e3b8b9df3da6066953335302d12a003f1084ef01c9fc613cedaa14f6ce0796e165eb6e1d8335d7ba14c8b4b53e87f6efcc4c3b4035c40e7c646a05ebafa98cb231affccf5af83e35d255133745610bc407c505945b5d6e16bcf6f76e54de5bd58bfc459da781bdee5f85ff3df9e5297f019434a73142157b4a0b27b47c6edc74947d627827ea580b82706e45512077d83b7bec76b116f24021be5b1f5b5282aed1c08538d0e79323ac719b00c78bf4d572a2b16982ed6d781ad7d3dbec04dd1743ae0b825ab085ad22f365472e715c3b8407d7f71d242c93f17c1379ddf92627375e71813e566327ad900f9a3eb86a3813cf7764912b8202c7678b6d617483c02c78daa3260112378cb9e0b3bd4641df3512b1f76a0406d8ee2dbba407221efd51a5de8f2378273f3bdcd13b604c09693dcd0f1447b142214c55b5f3c2fff6e27eedede22f8abb1ced1264c6cf25dad70237d53f0ef1d906308b1f14ae52bbf9c99ad3876f7773801b9ba52e68d9a25b1f4cd40f4af4b21d669992c59951bd67a60afc3aeb6b562e811ea07e49f11e5f9cf8538e089d29f8f9f40e3c30eab0630f928aef5a3c2f88fa69f245c56107679343944f7b429a0b6a654e17006d1a69a6b78166aa4c906591857189bad3470c251e130819b4accbbf1155b93d0166a75c2a1d0caae50ae2540060aa7b755dc91a7ffa2dfc8ca982a4e8af25b422a8d73d5c60d1a2b085b659a4b2bafe312367d26f6c9ffd820b37edb1798f5a5f17ddd1215286dbed5417f303dfa053f1985617cb01405231e6066e38957ad80c9699731e0e4e321972a3523eff42076f8b7163630b19ea116c9aaaba8c75413bcdce8fbc1702d5055b3c39838de04eae91dc7ea8ac9d73c0a4513a209273260fcb08468d5a673512bec6e62b5ed14d903179a3e14b320ee9d7ba8896fa4027c6b3500f89b7ae8636d30c4e0d2b53ad3caec8281526d64cb852ec8fe1d8571421468353e8e14bd13930f981699347fc39dc1bfddb5eb2b8cfb7ea70c939ede89747eb8997864af271c02f4c2d56b6e9a4e9921348a0ce139d352ca0af1fcc0cfe242f99afa8cb158fa055f43fe976b1b9081b79eeb5e3bf0038a08e2d80aecfcb587715ddf1c750833f2e2b4308a7f0b69a9be5a9287faaf8715584067dbda97a28dfa4894c3fa6b55993966dc2c4234244ba58ea72af79b42c4a1addac60c69b3fa7ea4e06312afc58f9548b7e39cb830af2d131b37106ebde4959f53795026dabf3725d37d005aaffd03e0b6bf2bf3f68f8d555a192187743fb2cac1f11c13482a05781d37accca06c4cced5db975f29dc597d4c8b6a05f3d03975d21d9a659267862fb9c964db0486e7825104130c68c65c027e82c309346a783242f3c99b9917216fa164a1e0eee4909113783eef6e6e4d3dd159ee82c6aba235a6997919a07e924ae37fb0a43263f9692f4e53d0465c7633def141daf9b1abb4256f9d3cc12aec30b5560305f75da360fa73b7216c78d8538e61b8bfd4eee3f810c35a9576de6c5f2a5c364b5ead555e4b0e932f743334f9eb748bc40380e7c459386f6cc298216b9bc15500f6a75fecd989aa1e9f3021756de03b3262436bace1ad898d360dc2433c88f6e6af3c14d39a58b96aab3b3ce83ad8a01fba16e08c376440f55c8dc16e3a3d3bb9b2a962a2bee26814cb5f61362abbd8c3954b18f4962aef533c12d81aed7adcbfb9b7687254d60884835a5210f890056f211729f1a983640fbced2e32a9f1d4eef6a2cc2d1f57cdccb333563623c1533f5c976dff3616f4a9246e67e9b8b9bc5bb38a8c75eae06c440622ffe5b7474a35d2fb6117eea19167387b9a05479c04d4e991c745e8a5323afe8008a21be0e2ff839f6937fed9fd2c9f251151b73e88d4c2c9b1b9637e5da92f9712f66c0c95099d28b8465b0bde75716dce2e869dcd85ca63c3e65bc453ffee7a370cc9d7b2598aff8a37f7c58560a6108e0091e3e86e2445f89b3660b9f237f46854ca37387dfb077d7caf74f05bf8a684d0ab3444f6b8f47cbdb97a986441011c689831d87d7e53573c68cb4b1b0f490341993d6b9e522a94cfd832e220036925f351fee899a44f56bbeba4fce244ba7f258ef9ebb56d24f8dfb0d5775a9f4a42884cca79482ea86d8d1f3c6b16f7b8ac736dcf8df3aba86543dbcd761e857debb37522bfb02cec005e928545ffac8c52b9ae1c224fbcba7db31b01adf92d957e19870ba5393e62c40a39b140cc5220efa906bdc1d0e313307daf3dc86b9aed62e2aaa5c04e7f65fe5752dd98fd27c1e2f5751db0c86c9792e795aedc24d1e8a0ac20c777c6377617e856f801142adaaaec63ccdca9b62e6084abafe6f1d87e631c6149a2bc5d073e085e91f52fd1a35492b10082972b5066c98b42a3648f2d9f704436f947769fb8d5f628e75afd626cb82aee32cf25dd4030c513eaeb4c30bf7121d56fcee1bed6757d61c0192ec6ad627c47e497d6b923f114a40fa81d80a3bafe2f18a6cb4eb13043f1cbd4e860b87dc687832bf1904a2c708850367558efd72e4592223ec39dfc6dcb20b2305d98d82d51e27968945e54359b0ac85afe9d4b4ab48b4467e5ab27377f116ae65bc8270a5cfa9bdc0b90e361077ef3ffa856126b59fc1d6751136793a4e6edda01d71a9c670174d90bdbe837bf229e2027a7993cc05382c3ceae8189261515a06bede849259c6158febb008e8933ff95337dc5cd45cc60481f655f5ea8db8617e9d01b5ae91d65860fc0a286bb3a24c7e39ac09f470a20bfe397c1d56ab715d25d5c260d12bcc3ab3a86139a4928d5d5346f368fdd47bcceaf1437f64a7390fcda3151540a449414d9590dd53653f70e961b7899b5c5e09f5436d26504ff084ea1514eee4225d09a480c6aaadc560cd504c951af9e05027f49cdb3f7bba46080799a89149ae3e54cd293762e50eb241c5651e9d616eb86c8be504af9327d4e83da232b44356af9695fc55cfdaedab0b529e414f284a428444998b01fcc1d75acac1cc3e2f84da8c6cd94ef3409c36c6bc5b54c3d5c172d61d96a6e6d7dbece2a72e056b65f100f3c4181ca82372042ab1f8475f3ee5fdbc41c08f5b2ce55862084dd84838e16af74799c159c2614767479cc7ac01b389dca846613801fb962e6a9d910dd4f0f77b851cb2d6fb18f89fd730a7ced85d8f339c323dc0c9b5e52b07f21d2036c86fdeb2f34c0e7dd3c4c0f5ff7939af7c7a29c52e2b79fcb65259b6229cc791c4cf131051dc11509688f35ee119685e88a9c70531e02929237536e42bdf43fe16d2adfbf7993c7e1a6f0913febbc5e8368c5a3234710d7ee6a1aeac9b8cd31bbaec23febb065ee09da9acf2694215b5ddb35471a8f084dc882c2106ea7ab9c76af96b98e750838700393ce9b834a09741b8c6c64ca02ba55bcf3c9039ee39d1fd57fc1c02ea009784519ccc7bd2a0b41a477f5e869b84a93a2079e73478fd1ee8a3be6540069fc30c2552f769748dd7fab7e0188e030b98213ee784b9469e1c19011a9a66c9dd2a2bdda898e4316d031d2d34667d2555484c730f5eb5b53a28ae631f2f5c3b1663f9bf3852d45ee17cfcccf1c508e9268c3635436df7b527db85d4db15df56973daf02c093523c814833d0bd4c8c7f22bcc1f3bec91141fa842ab35d6f767b84cba670c88dd794cd1869e3cd9f4f770de3a72a2cbc29040c6a3187d9ffc311d462be678b006415282f79b4d1675bd1569ee11283c21758263812e767e53843ae4a3d558c7dabf5649a1782fdf86416dc4ddd1830c682597e5ed59685e00daf853a679d84a1bed75f989a59e3e120a28d286c6c9f3f0f30260753b0dd7ba44676724445731838839137616ce857f051f3619a66e014b3a79402b28724b9677153a7cef7fb32d98d1c5f9eff1eb1414da1a9070e84d6ae4f976e1400f15c831558c75c7724f7a614f420165ab4dfaeb757fbbc6bb7863b1c87d2d7f4049b9662ab97c39d8cd025a3c6eb55628d1177075882d3cd6d5e245011823fbf55da0f636a4ba561caef60e01a48135e5f8f9d47354aa0d188ba9b07cb85783896b0eb4de4d1b878102c3562b388d45b4d081b4d0e8ab5081dbdad2ba6ecee8cc533337d21fd27d46174eb7fa6aee1d9fca9c5617cd1cf6449a84cefe37b7cc57ee5919094e6bcd62c3f825831b4eb2fd8ba610b1e7bdc064a203e81e30a74be589ee77f931ad2096f087114f603cab822767c39130e9e754c5d82e25b0c30cd05dfa883d9039ac740a859643ed5cb794d61698326af670b982521036f19b79b1b119b41d5260aa3daf0b94ef3b1a5836f77e807be92e7c65e6970a323ecd3d4c004d64e7a64211f5320fab8f4828ab81c82aea20adcd6ab124626b3cfefec6ffce3e", 0x1000}}, 0x1006)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc0884123, &(0x7f00000002c0)={0x0, "3ab3ef9d9345d098c74c8527a0daf9a01ca1b16fbd617e16d3e495dbf611c5eb28abd8d859b7ffa3e63eabdabd951a26639f3e0d6ad72b6d603c1623f3963154", {0x9, 0x6}})

614.164407ms ago: executing program 2 (id=2684):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x3f, &(0x7f0000000000)=0xe7f, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@func={0x6, 0x1800}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bind$l2tp(r2, &(0x7f00000000c0), 0x10)
sendto$l2tp(r2, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
recvfrom$l2tp(r2, 0x0, 0x0, 0x2140, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@ipv4_delrule={0x1c, 0x21, 0x403, 0x80000200, 0x0, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, 0x1c}}, 0x80)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r6 = dup(r5)
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000f9a000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r7 = socket(0x1, 0x803, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=@newtaction={0x64, 0x30, 0x21, 0x0, 0x0, {}, [{0x50, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x1, 0x4}}}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x60, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc}]}]}}}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x60}}, 0x0)

613.196268ms ago: executing program 4 (id=2685):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x1000040, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$P9_RCLUNK(r0, &(0x7f0000000000)={0x7, 0x79, 0x1}, 0x7)
write$UHID_CREATE2(r0, 0x0, 0x118)
pread64(r0, &(0x7f0000000300)=""/235, 0xeb, 0x5)

557.279815ms ago: executing program 4 (id=2686):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x1000040, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$P9_RCLUNK(r0, &(0x7f0000000000)={0x7, 0x79, 0x1}, 0x7)
write$UHID_CREATE2(r0, 0x0, 0x118)
pread64(r0, &(0x7f0000000300)=""/235, 0xeb, 0x5) (fail_nth: 1)

400.729868ms ago: executing program 4 (id=2687):
r0 = add_key(&(0x7f00000003c0)='encrypted\x00', &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000300)="1b051de541229be799efd9d7bfb8837708cb1afcf330bf7692de022ac9d74a871a43c968ca0d76be8b1c060f2c78a0c2681db1bb55d018552cf9e8f1507dc84ba196df2217816e4c40ef2404efde1885cc8706d97da92926ef0392a6868af45524ce6efab26c4027027271cc30a7cd75e4938346b1385d88d8de12075972d0c7c297c3cc32a108dc216cb456e80b1f87b3cd01933a2688e1dd9b7e2cd0555c", 0x9f, 0xfffffffffffffffe)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = signalfd(r1, &(0x7f00000001c0)={[0xfff]}, 0x8)
bind$unix(r2, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040))
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x1, 0x404000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'veth1_to_hsr\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="4800000010aeeeb02c41b43a7dfe1797d2000305000000000000000000cf0004039e9b717b40fa61b6c5efb7e0f0ff8f9e3c4d7de46279837bf865c4353d758289280270", @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100677265001400028008000600ac14142408000700e000030a08000a00", @ANYRES32=r7, @ANYBLOB], 0x48}}, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20)
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0xe, 0x141341)
ioctl$USBDEVFS_IOCTL(r8, 0xc00c5512, &(0x7f0000000200))
ioctl$USBDEVFS_BULK(r8, 0xc0185502, &(0x7f0000000b40)={{{0x1, 0x1}}, 0x0, 0x8000, 0x0})
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0884113, &(0x7f0000000440)={0x1, 0x0, 0x2, 0x10001, 0x0, 0x0, 0xb, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffb, 0x2})
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, 0x0, 0x0)
r10 = accept4(r9, 0x0, 0x0, 0x80800)
sendmsg$OSF_MSG_ADD(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0xe0c}}, 0x0)
recvmmsg(r10, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)=""/26, 0x1a}], 0x1}}], 0x1, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r5, 0xc06c4124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f0000006940))
keyctl$read(0xb, r0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)

400.568415ms ago: executing program 1 (id=2688):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x1000040, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_PMU_CAPABILITY(r1, 0x4068aea3, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000a00fe"], 0x20}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
lseek(r5, 0x1, 0x1)
write$P9_RCLUNK(r4, &(0x7f0000000000)={0x7, 0x79, 0x1}, 0x7)
write$UHID_CREATE2(r4, 0x0, 0x118)
pread64(r4, &(0x7f0000000300)=""/235, 0xeb, 0x5)
open$dir(&(0x7f0000000040)='./file0\x00', 0x145800, 0x40)

399.113251ms ago: executing program 2 (id=2689):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x20000000000000ed, &(0x7f0000000280)=ANY=[], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, 0x0, 0x20000004) (async)
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
recvmmsg(r1, &(0x7f0000002040)=[{{0x0, 0x0, 0x0}, 0x100}], 0x1, 0x42, 0x0)
r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f000000dd00), 0x80, 0x0)
ioctl$CDROMEJECT_SW(r2, 0x127e, 0x300000000000000) (async)
openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xe) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x385842, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246) (async)
write$binfmt_aout(r4, &(0x7f0000000100)=ANY=[], 0xfce1)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4) (async)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@gettfilter={0x24, 0x2e, 0x0, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, {0xfff1}, {0x7}, {0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) (async)
r6 = socket$netlink(0x10, 0x3, 0x0) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000050400aeff0f608e222b6933d100", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) (async)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x28, 0x1c, 0x63, 0x0, 0x0, {0x7, 0x0, 0x0, r8, 0x80, 0xbe}, [@NDA_LLADDR={0xa, 0x2, @random="63ccc7696324"}]}, 0x28}}, 0x0) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x28}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x1, &(0x7f00000000c0)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xcf, &(0x7f0000000280)=""/207, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xf0f1, @void, @value}, 0x94)

240.874843ms ago: executing program 1 (id=2690):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r1, 0x2, 0x70bd25, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x54}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x44}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x34}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x48}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xe}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x90)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TTY_SET(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x18, 0x3f9, 0x100, 0x70bd27, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x4800)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r0)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x40, r3, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}]}, 0x40}}, 0x80)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r0)
sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x38, r4, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x10}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000814}, 0x0)
close(r2)
io_setup(0x8, &(0x7f0000000500)=<r5=>0x0)
io_destroy(r5)
syz_emit_ethernet(0xa1, &(0x7f0000000540)={@random="5bbed713e83a", @broadcast, @void, {@llc_tr={0x11, {@snap={0x3, 0x1, "c8", "46d027", 0x8848, "4db7c87fe6b1af42146c16fcc423670dc346abae63d461c9c0676912e40b6bc71c2c9a962f456af06eea9c55615bf1125df13d1575d2400dc407b1d596f88e87d91d3263bb6436a4021a2af88cf08b5f436095e698e54e82d05d8e15951eb8929d0a882ecd2f069a5d6be2687884b0990261b9f20c00c17f7aef0f426df7fef4a5e34331c0d031253129c2"}}}}}, 0x0)
ioctl$EXT4_IOC_MIGRATE(r2, 0x6609)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000600)={{{@in6=@local, @in=@broadcast}}, {{@in6=@ipv4}}}, &(0x7f0000000700)=0xe8)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000780), r0)
sendmsg$TIPC_CMD_SHOW_PORTS(r6, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x1c, r7, 0x2, 0x70bd2d, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000008c0), r0)
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x70, r8, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x48, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}]}, 0x70}}, 0x0)
close(r6)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r9, 0x6, 0x1, &(0x7f0000000a00)=@ccm_128={{0x303}, "7a9ad13eeb083bac", "9e7d6d26a599accf80685ad01ef5dfb7", "bec2eb77", "cc81449abfbda931"}, 0x28)
io_destroy(r5)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_PTP_KVM(r10, 0x4068aea3, &(0x7f0000000a40))
recvfrom$inet6(r9, &(0x7f0000000ac0)=""/252, 0xfc, 0x2002, &(0x7f0000000bc0)={0xa, 0x4e21, 0x2, @rand_addr=' \x01\x00', 0x24cd}, 0x1c)
r11 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
ioctl$KVM_SET_LAPIC(r11, 0x4400ae8f, &(0x7f0000000c00)={"076e854f169c9ca61d9ad8c15272fba6be96e9341dcf124abbcde05c361b36c7c996d8461f1df6940e0b3b0e1e6620b9b5d6613c6db0126589effa5f9d9765992165fa8d56dd5d9d9439eb18213096a58a1db12cba66ec4071e12b904913999f574d60a0f4346bc5bf6c816a6b3aceb8fd129a8adc3e35e9fce18fb723e06fae9357ce5c0b3a51923ccc8926ca60b98194cc9fda96a8a879ba71d6b65b9f17488579f102f7e1f040b2e3b2197e49350a30d33f38dc389c5e9adefb7ddc04c4e0c6fa49767be792a57583090b5be21fe5f52fdf67ba938f0c0c218a102aa21e6f4c478b5fc5c35cd1af9d811905a6c9b670029ad283681f39073bf8e505e874bf806442b8c84009d4bb3b370a283719d04a105733ace8410d8ce5a14badb276512d69381290b63ce77e89c1de3dcc8aed2741dc641504973b8c093110eb356a88af0ab861e1a59ff356e82b1d16d05cbeb25a80d30595ed342eabddfa3f66256c2755289b34995b9df334811880a6ecc08c00171c3b972f1910907572b8e4e3e01288aab4a4b3404bc6291a6cb7865dd28ef6b51fc91d6f471dbe0721d7206806d4337171a81e86ed9ac18b1c21f35c063d4305ade80c065a60635be0e774c7cdb5aa6e1076c741d70b0dd11b1c5972ea865fa718f6e34162c46b62c03b33b0dda8e0a7463b225f1050a6e148ba5c666773dee333034c6e85ee0a5a68420d0647ada03c189fdadfecb8edc2d4e86b33e3326360014f86fe3d8f02ba188012ef16323e038d4c755797b7d92a97aa38bc7f00353f544acbdaab13dffd9e66ef6af00c9bf6d12904842f353e071fdff32cb5c2cd3c844c17741a22ff10e62680b4642d37a99770a23c0bce076c2f6d3a0de3021089456a46e3166ad491b733b66eb6566546373a322c3d244b9f94d8d89d99b774c51764b718c93bc088b7041c207f3789840bfd26ba048008d628516ec6f22485602cd8945ef8cec652d430bb92b4539ee3fae254d1c5c6e1cec71bb62dc4df50344b4facb13db89bc4f4fb8b08064155bbb35347767d2f4e922c21f4b545aa48bb3eefe49c1982275d3ce7d1a4ece064e1da15f38c2069a124d8b17718371becd818513b397acab46a9fd9ad4bf9de7bd9dbe8e22c74c0980e15fa9ff8e54612a5bd21db8263b841e95439c9a709c68c940417a69d8a4994f9024430a6daf2a66e7939483d8b6b2d240c0754b2ac19058605c555eb2f555a0a381e3f50fe74856a567fb1b0c8f0705219e1e38c3a4d3b221afca62e619f2cb3ce83bea496f833c95c3bd26eb947565c8ac942614da46fd6a6bd03aa6fb166dd9f8861dbd3d9b85c8aa1eb5ae9af5d02158f76dbed484c2094c53332522c4fded27b1d7b1fb46aba1f91116de2563c5486abff96404d8904d8fe8ff77767d3077c7b595d97fdf77484d0c28f933b366f694c89fb89"})
sendmsg$IPSET_CMD_TEST(r11, &(0x7f0000001100)={&(0x7f0000001000), 0xc, &(0x7f00000010c0)={&(0x7f0000001040)={0x58, 0xb, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_ADT={0x44, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x4}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0xd}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x89}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @local}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4c045)

408.203µs ago: executing program 2 (id=2691):
r0 = socket$netlink(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000000500)={0x10, 0x0, 0x25dfdbfc, 0x8}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000540)=ANY=[@ANYRESOCT=r1], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071123d000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
read$FUSE(r3, &(0x7f0000002140)={0x2020}, 0x2020)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000780)=ANY=[@ANYBLOB="380000000314010002000000000000000900020073797a30000000000800410072780700140033006c6f"], 0x38}}, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r3, &(0x7f00000061c0)={0x2020}, 0x2020)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r8 = fcntl$dupfd(r7, 0x0, r7)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r6, &(0x7f0000000940), &(0x7f0000000a40)=@udp6=r8}, 0x20)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000200), 0x4)
r9 = syz_genetlink_get_family_id$gtp(&(0x7f0000000340), r5)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
sendmsg$GTP_CMD_NEWPDP(r8, &(0x7f00000004c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x24, r9, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@GTPA_LINK={0x8, 0x1, r10}, @GTPA_NET_NS_FD={0x8, 0x7, r8}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="880000000206010400000000000000000200000205000500000000000900020073797a300000000015000300686173683a69702c706f72742c07007400000000240007800500030002000000060004404e220000080009400000f4f2050014000800000005000400030000001c00078005001500cd0000000800134000000005060004404e200000"], 0x88}, 0x1, 0x0, 0x0, 0x8090}, 0x20004881)

0s ago: executing program 2 (id=2692):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x16, 0x0, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) (async)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bind$bt_sco(r1, &(0x7f0000000200), 0x8) (async)
listen(r1, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="0404"], 0xd) (async)
syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14)
r2 = gettid()
timer_create(0x0, &(0x7f0000000140)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async)
r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r4, 0x0, 0x0, 0x0) (async)
bind$bt_sco(r3, &(0x7f0000000040)={0x1f, @fixed}, 0x8) (async)
listen(r3, 0x0) (async)
accept4(r3, 0x0, 0x0, 0x0) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r5, &(0x7f0000000c80), 0x20000000, 0x2}, 0x20) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r7 = syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x0, 0x0) (async)
r8 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'gre0\x00', &(0x7f0000000080)={'sit0\x00', <r9=>0x0, 0x8, 0x20, 0x5, 0x114cb6d3, {{0x36, 0x4, 0x0, 0x5, 0xd8, 0x64, 0x0, 0xd, 0x29, 0x0, @local, @initdev={0xac, 0x1e, 0x3, 0x0}, {[@noop, @timestamp_addr={0x44, 0x3c, 0xe4, 0x1, 0x9, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@loopback, 0x6}, {@private=0xa010101, 0x80000000}, {@empty, 0x2}, {@loopback, 0xfffffff9}, {@multicast1, 0x1}, {@private=0xa010101, 0x3}]}, @generic={0x83, 0x4, "9287"}, @ssrr={0x89, 0x17, 0x6f, [@multicast1, @local, @multicast1, @rand_addr=0x64010101, @broadcast]}, @rr={0x7, 0x7, 0xbb, [@remote]}, @timestamp_prespec={0x44, 0x44, 0x59, 0x3, 0xa, [{@multicast1, 0x2}, {@dev={0xac, 0x14, 0x14, 0x63}, 0x5}, {@remote, 0x2}, {@private=0xa010100, 0x7}, {@local, 0x7ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000}, {@dev={0xac, 0x14, 0x14, 0x1f}, 0x7}, {@local, 0xff}]}, @ssrr={0x89, 0x1f, 0x7d, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x37}, @broadcast]}]}}}}})
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f00000001c0)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x64, r9}) (async)
syz_emit_vhci(&(0x7f0000000ec0)=@HCI_EVENT_PKT={0x4, @HCI_EV_VENDOR={{0xff, 0xa}, "02ab2207d8d1aa4adedf"}}, 0xd) (async)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r7, 0xc0844123, &(0x7f0000002180)) (async)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)

kernel console output (not intermixed with test programs):

butes in process `syz.4.1856'.
[  153.496738][T12422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1856'.
[  153.499946][T12422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1856'.
[  153.502897][T12422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1856'.
[  153.639602][T12448] netfs: Couldn't get user pages (rc=-14)
[  153.642329][T12450] syz_tun: entered promiscuous mode
[  153.644379][T12449] syz_tun: left promiscuous mode
[  153.681683][T12452] netlink: 'syz.1.1863': attribute type 4 has an invalid length.
[  153.721429][T12455] netlink: 'syz.1.1865': attribute type 22 has an invalid length.
[  154.015583][   T39] audit: type=1400 audit(1738745152.214:47497): avc:  denied  { map } for  pid=12477 comm="syz.4.1871" path="/dev/vmci" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  154.040144][    T8] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  154.164135][T12488] __nla_validate_parse: 4 callbacks suppressed
[  154.164146][T12488] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1874'.
[  154.192049][    T8] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  154.195294][    T8] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  154.198237][    T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  154.201019][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  154.204180][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  154.208398][    T8] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  154.211328][    T8] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  154.213655][    T8] usb 6-1: Product: syz
[  154.214891][    T8] usb 6-1: Manufacturer: syz
[  154.218569][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  154.220223][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  154.222708][    T8] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  154.224492][    T8] cdc_wdm 6-1:1.0: Unknown control protocol
[  154.310252][ T5940] Bluetooth: hci0: Entering manufacturer mode failed (-110)
[  154.310274][   T65] Bluetooth: hci0: command 0xfc11 tx timeout
[  154.454985][T12513] /dev/loop0: Can't lookup blockdev
[  154.492820][T12514] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1868'.
[  154.504083][T12521] openvswitch: netlink: IPv6 tunnel dst address is zero
[  154.546740][   T39] audit: type=1400 audit(1738745152.744:47498): avc:  denied  { write } for  pid=12526 comm="syz.2.1885" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  154.554173][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  154.555445][ T8023] usb 6-1: USB disconnect, device number 18
[  154.556406][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  154.559634][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  154.563299][T12465] cdc_wdm 6-1:1.0: Tx URB error: -19
[  154.587300][T12528] wg2: entered promiscuous mode
[  154.589009][T12528] wg2: entered allmulticast mode
[  154.592711][T12528] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  154.595921][T12528] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[  154.636652][T12536] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1887'.
[  154.664758][T12541] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input21
[  154.863436][   T39] audit: type=1400 audit(1738745153.064:47499): avc:  denied  { accept } for  pid=12566 comm="syz.4.1897" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  155.110494][ T5940] Bluetooth: hci4: command tx timeout
[  155.127931][T12579] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1901'.
[  155.131032][T12579] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1901'.
[  155.133644][T12579] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1901'.
[  155.163611][   T39] audit: type=1400 audit(1738745153.364:47500): avc:  denied  { connect } for  pid=12582 comm="syz.2.1904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  155.292685][T12603] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1909'.
[  155.314383][T12606] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1910'.
[  155.337899][T12609] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1911'.
[  155.341504][   T39] audit: type=1400 audit(1738745153.544:47501): avc:  denied  { accept } for  pid=12608 comm="syz.0.1911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  155.363274][T12611] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  155.406146][T12613] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  155.446147][T12618] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1915'.
[  155.467383][T12613] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  155.482219][   T39] audit: type=1400 audit(1738745153.684:47502): avc:  denied  { ioctl } for  pid=12623 comm="syz.2.1916" path="socket:[42976]" dev="sockfs" ino=42976 ioctlcmd=0x5828 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  155.690293][T12566] dccp_close: ABORT with 64 bytes unread
[  155.908807][   T39] audit: type=1400 audit(1738745154.104:47503): avc:  denied  { setopt } for  pid=12666 comm="syz.4.1933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  155.914982][T12667] program syz.4.1933 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  155.920579][ T8023] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  155.966542][T12674] netlink: 'syz.4.1935': attribute type 16 has an invalid length.
[  155.968937][T12674] netlink: 'syz.4.1935': attribute type 17 has an invalid length.
[  155.977793][T12674] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  156.061828][T12681] wg1 speed is unknown, defaulting to 1000
[  156.081755][ T8023] usb 7-1: not running at top speed; connect to a high speed hub
[  156.088090][ T8023] usb 7-1: config 1 interface 0 altsetting 4 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  156.091989][ T8023] usb 7-1: config 1 interface 0 has no altsetting 0
[  156.095585][ T8023] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  156.098395][ T8023] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.102123][ T8023] usb 7-1: Product: syz
[  156.103483][ T8023] usb 7-1: Manufacturer: చ
[  156.104946][ T8023] usb 7-1: SerialNumber: syz
[  156.108341][T12642] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  156.680269][   T39] audit: type=1326 audit(1738745154.874:47504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12660 comm="syz.0.1930" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa39258cde9 code=0x7fc00000
[  157.190181][ T5940] Bluetooth: hci4: command tx timeout
[  157.303156][   T39] audit: type=1400 audit(1738745155.504:47505): avc:  denied  { ioctl } for  pid=12727 comm="syz.4.1950" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x940c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  157.445498][T12737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.492747][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.496261][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.499626][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.503259][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.506621][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.510593][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.514522][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.517758][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.522259][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.525514][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.528719][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.532200][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.535397][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.538633][T12745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  157.561474][T12749] xt_hashlimit: size too large, truncated to 1048576
[  157.563420][T12749] xt_hashlimit: max too large, truncated to 1048576
[  157.565442][T12750] xt_hashlimit: size too large, truncated to 1048576
[  157.567353][T12750] xt_hashlimit: max too large, truncated to 1048576
[  157.735983][   T39] audit: type=1400 audit(1738745155.934:47506): avc:  denied  { read } for  pid=12757 comm="syz.0.1957" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  157.736647][T12758] sd 0:0:0:0: PR command failed: 1026
[  157.744072][T12758] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  157.746089][T12758] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  157.966473][T12764] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  157.969197][T12764] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  158.217463][T12780] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  158.384121][T12784] kvm: kvm [12783]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000031) = 0x0
[  158.428551][T12786] cgroup: none used incorrectly
[  158.538641][T12797] /dev/loop0: Can't lookup blockdev
[  158.700128][ T5966] usb 9-1: new full-speed USB device number 14 using dummy_hcd
[  158.733487][T12808] netlink: 'syz.1.1977': attribute type 1 has an invalid length.
[  158.764015][ T8023] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -71
[  158.768081][ T8023] usb 7-1: USB disconnect, device number 8
[  158.852203][ T5966] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  158.855929][ T5966] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  158.858438][ T5966] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  158.861583][ T5966] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.865979][ T5966] usb 9-1: config 0 descriptor??
[  158.869988][ T5966] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  158.872925][ T5966] dvb-usb: bulk message failed: -22 (3/0)
[  158.878461][ T5966] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  158.881874][ T5966] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  158.884606][ T5966] usb 9-1: media controller created
[  158.886873][ T5966] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  158.893177][T12806] netlink: 'syz.0.1975': attribute type 9 has an invalid length.
[  158.896533][ T5966] dvb-usb: bulk message failed: -22 (6/0)
[  158.898534][ T5966] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  158.902631][ T5966] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb9/9-1/input/input22
[  158.909402][ T5966] dvb-usb: schedule remote query interval to 150 msecs.
[  158.911909][ T5966] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  159.003287][T12823] cdrom: dropping to single frame dma
[  159.010145][ T1324] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  159.077408][ T5966] dvb-usb: bulk message failed: -22 (1/0)
[  159.082402][ T5966] dvb-usb: error while querying for an remote control event.
[  159.128169][T12825] dvb-usb: bulk message failed: -22 (4/0)
[  159.152149][ T5966] usb 9-1: USB disconnect, device number 14
[  159.160181][ T1324] usb 6-1: Using ep0 maxpacket: 32
[  159.167884][ T1324] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  159.168465][ T5966] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  159.173088][ T1324] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  159.176382][ T1324] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  159.179494][ T1324] usb 6-1: Product: syz
[  159.181408][ T1324] usb 6-1: Manufacturer: syz
[  159.182794][ T1324] usb 6-1: SerialNumber: syz
[  159.185115][ T1324] usb 6-1: config 0 descriptor??
[  159.186987][T12813] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  159.390780][ T1324] usb 6-1: USB disconnect, device number 19
[  159.449506][T12812] __nla_validate_parse: 2 callbacks suppressed
[  159.449515][T12812] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1978'.
[  159.450967][T12813] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1978'.
[  159.451437][T12812] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1978'.
[  159.453923][T12813] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1978'.
[  159.814044][   T39] kauditd_printk_skb: 3 callbacks suppressed
[  159.814055][   T39] audit: type=1400 audit(1738745158.014:47510): avc:  denied  { read } for  pid=12837 comm="syz.2.1986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  159.865610][T12838] usb usb9: usbfs: process 12838 (syz.2.1986) did not claim interface 12 before use
[  160.063828][T12887] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2001'.
[  160.066290][T12887] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2001'.
[  160.068521][T12888] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2001'.
[  160.068899][T12887] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2001'.
[  160.074654][T12887] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2001'.
[  160.077109][T12887] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2001'.
[  160.133937][T12876] xt_nat: multiple ranges no longer supported
[  160.456475][ T5993] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  160.526316][T12917] netlink: 'syz.1.2010': attribute type 3 has an invalid length.
[  160.528664][T12917] netlink: 'syz.1.2010': attribute type 1 has an invalid length.
[  160.531976][T12917] NCSI netlink: No device for ifindex 33022
[  160.549783][T12917] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 12917 comm: syz.1.2010)
[  160.555669][   T39] audit: type=1800 audit(1738745158.754:47511): pid=12917 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.2010" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=49489 res=0 errno=0
[  160.563859][T12919] nfs4: Unknown parameter '
PL'
[  160.601613][ T5993] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  160.604486][ T5993] usb 7-1: config 0 interface 0 has no altsetting 0
[  160.607915][ T5993] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  160.610832][ T5993] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.613511][ T5993] usb 7-1: Product: syz
[  160.614731][ T5993] usb 7-1: Manufacturer: syz
[  160.616095][ T5993] usb 7-1: SerialNumber: syz
[  160.620763][ T5993] usb 7-1: config 0 descriptor??
[  160.624107][ T5993] usb 7-1: selecting invalid altsetting 0
[  160.679881][T12938] netlink: 'syz.0.2014': attribute type 2 has an invalid length.
[  160.827633][ T5993] usb 7-1: USB disconnect, device number 9
[  160.875721][T12962] tmpfs: Bad value for 'mpol'
[  160.878900][T12963] vivid-000: =================  START STATUS  =================
[  160.883574][T12963] vivid-000: Test Pattern: 75% Colorbar
[  160.885450][T12963] vivid-000: Fill Percentage of Frame: 100
[  160.886944][   T39] audit: type=1400 audit(1738745159.084:47512): avc:  denied  { execute } for  pid=12956 comm="syz.4.2021" path="/dev/video36" dev="devtmpfs" ino=1067 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  160.887130][T12963] vivid-000: Horizontal Movement: No Movement
[  160.897508][T12963] vivid-000: Vertical Movement: No Movement
[  160.899960][T12963] vivid-000: OSD Text Mode: All
[  160.902494][T12963] vivid-000: Show Border: false
[  160.904376][T12963] vivid-000: Show Square: false
[  160.906282][T12963] vivid-000: Sensor Flipped Horizontally: false
[  160.908652][T12963] vivid-000: Sensor Flipped Vertically: false
[  160.911073][T12963] vivid-000: Insert SAV Code in Image: false
[  160.913495][T12963] vivid-000: Insert EAV Code in Image: false
[  160.915793][T12963] vivid-000: Insert Video Guard Band: false
[  160.917109][   T39] audit: type=1326 audit(1738745159.114:47513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12964 comm="syz.0.2024" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa39258cde9 code=0x0
[  160.917522][T12963] vivid-000: Reduced Framerate: false
[  160.926578][T12963] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  160.929141][T12963] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  160.932060][T12963] vivid-000: Enable Capture Cropping: true
[  160.933874][T12963] vivid-000: Enable Capture Composing: false
[  160.936096][T12963] vivid-000: Enable Capture Scaler: true
[  160.937977][T12963] vivid-000: Timestamp Source: End of Frame
[  160.940505][T12963] vivid-000: Colorspace: sRGB
[  160.942461][T12963] vivid-000: Transfer Function: Default
[  160.944722][T12963] vivid-000: Y'CbCr Encoding: Default
[  160.946913][T12963] vivid-000: HSV Encoding: Hue 0-179
[  160.949104][T12963] vivid-000: Quantization: Default
[  160.953753][T12963] vivid-000: Apply Alpha To Red Only: false
[  160.956119][T12963] vivid-000: Standard Aspect Ratio: 4x3
[  160.958389][T12963] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  160.961583][T12963] vivid-000: DV Timings: 640x480p59 inactive
[  160.964092][T12963] vivid-000: DV Timings Aspect Ratio: 14x9
[  160.966020][T12963] vivid-000: Maximum EDID Blocks: 1
[  160.967739][T12963] vivid-000: Limited RGB Range (16-235): false
[  160.969758][T12963] vivid-000: Rx RGB Quantization Range: Automatic
[  160.973110][T12963] vivid-000: Power Present: 0x00000001
[  160.975372][T12963] tpg source WxH: 320x180 (R'G'B)
[  160.977446][T12963] tpg field: 1
[  160.978876][T12963] tpg crop: 320x180@0x0
[  160.981020][T12963] tpg compose: 320x180@0x0
[  160.982935][T12963] tpg colorspace: 8
[  160.984559][T12963] tpg transfer function: 0/2
[  160.986450][T12963] tpg quantization: 0/2
[  160.987871][T12963] tpg RGB range: 0/2
[  160.989021][T12963] vivid-000: ==================  END STATUS  ==================
[  160.992337][   T39] audit: type=1400 audit(1738745159.194:47514): avc:  denied  { execute } for  pid=12969 comm="syz.4.2026" path=2F6D656D66643A01FDAE2E2BA68CB63F32193994532C7C783F55655BBDE1210333BC2723FF179B25F35B642006202864656C6574656429 dev="hugetlbfs" ino=47316 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  160.998999][T12970] misc userio: Begin command sent, but we're already running
[  161.257692][T12983] tmpfs: Unknown parameter 'usrquota_inode_hardlimIt'
[  161.346972][   T39] audit: type=1400 audit(1738745159.544:47515): avc:  denied  { load_policy } for  pid=12984 comm="syz.4.2030" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  161.347138][T12986] SELinux:  policydb version 1402900228 does not match my version range 15-34
[  161.355768][T12986] SELinux: failed to load policy
[  161.427098][T12990] can0: slcan on ptm1.
[  161.521181][T12989] can0 (unregistered): slcan off ptm1.
[  161.657500][T13008] syz.2.2035: attempt to access beyond end of device
[  161.657500][T13008] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  161.661814][T13008] (syz.2.2035,13008,2):ocfs2_get_sector:1714 ERROR: status = -5
[  161.664052][T13008] (syz.2.2035,13008,2):ocfs2_sb_probe:753 ERROR: status = -5
[  161.666176][T13008] (syz.2.2035,13008,2):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  161.668676][T13008] (syz.2.2035,13008,2):ocfs2_fill_super:1177 ERROR: status = -5
[  161.842325][   T39] audit: type=1400 audit(1738745160.044:47516): avc:  denied  { read } for  pid=13009 comm="syz.0.2036" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  161.850572][   T39] audit: type=1400 audit(1738745160.044:47517): avc:  denied  { map } for  pid=13009 comm="syz.0.2036" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  161.857494][   T39] audit: type=1400 audit(1738745160.044:47518): avc:  denied  { execute } for  pid=13009 comm="syz.0.2036" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  161.892642][T13015] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=4 sclass=netlink_tcpdiag_socket pid=13015 comm=syz.0.2037
[  162.175988][   T39] audit: type=1400 audit(1738745160.374:47519): avc:  denied  { module_load } for  pid=13023 comm="syz.4.2040" path="/288/bus" dev="tmpfs" ino=1573 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  162.176073][T13024] Invalid ELF header magic: != ELF
[  162.184199][ T6306] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  162.333422][ T6306] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  162.338641][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.342591][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.346051][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.348725][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.351925][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.355106][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.358574][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.363378][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.366791][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.369419][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.372312][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.375825][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.378469][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.381983][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.385234][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.387911][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.390661][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.393813][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.398547][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.401493][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.405718][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.409037][ T6306] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  162.412022][ T6306] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  162.415187][ T6306] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.420105][ T6306] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  162.422738][ T6306] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  162.425170][ T6306] usb 5-1: Product: syz
[  162.426402][ T6306] usb 5-1: Manufacturer: syz
[  162.427773][ T6306] usb 5-1: SerialNumber: syz
[  162.432467][ T6306] usb 5-1: config 0 descriptor??
[  162.449243][ T6306] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  162.641991][ T6306] usb 5-1: USB disconnect, device number 26
[  162.644481][ T6306] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  162.908963][T13067] batadv_slave_1: entered promiscuous mode
[  162.912399][T13066] batadv_slave_1: left promiscuous mode
[  162.934618][T13070] loop6: detected capacity change from 0 to 64
[  162.940854][    C0] blk_print_req_error: 24 callbacks suppressed
[  162.940864][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0
[  162.945630][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.948162][    C0] buffer_io_error: 24 callbacks suppressed
[  162.948168][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  162.953031][    C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.956411][    C2] Buffer I/O error on dev loop6, logical block 0, async page read
[  162.959876][    C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.963252][    C2] Buffer I/O error on dev loop6, logical block 0, async page read
[  162.966254][    C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.969000][    C3] Buffer I/O error on dev loop6, logical block 0, async page read
[  162.972041][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.974667][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  162.978235][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.980946][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  162.983350][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  162.986227][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  163.006376][    C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  163.010765][    C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  163.014535][    C2] Buffer I/O error on dev loop6, logical block 0, async page read
[  163.017652][    C2] Buffer I/O error on dev loop6, logical block 0, async page read
[  163.021031][    C2] Buffer I/O error on dev loop6, logical block 0, async page read
[  163.123174][T13081] netlink: 'syz.1.2061': attribute type 27 has an invalid length.
[  163.238522][T13090] pim6reg9: entered allmulticast mode
[  163.259091][T13090] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  163.269726][T13090] xt_hashlimit: max too large, truncated to 1048576
[  163.376610][T13097] macvlan2: entered promiscuous mode
[  163.378618][T13097] macvlan2: entered allmulticast mode
[  163.384029][ T5940] block nbd4: Receive control failed (result -104)
[  163.392365][T13045] block nbd4: shutting down sockets
[  163.595833][T13122] netlink: 'syz.1.2073': attribute type 10 has an invalid length.
[  163.645383][T13124] IPv6: sit1: Disabled Multicast RS
[  164.337181][T13133] wg1 speed is unknown, defaulting to 1000
[  164.790147][ T5993] usb 9-1: new low-speed USB device number 15 using dummy_hcd
[  164.930173][ T5993] usb 9-1: device descriptor read/64, error -71
[  165.061028][T13171] kvm: pic: non byte write
[  165.170785][ T5993] usb 9-1: new low-speed USB device number 16 using dummy_hcd
[  165.246272][T13178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.300677][T13178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.322121][ T5993] usb 9-1: device descriptor read/64, error -71
[  165.354453][T13178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.430911][ T5993] usb usb9-port1: attempt power cycle
[  165.703640][T13193] __nla_validate_parse: 135 callbacks suppressed
[  165.703651][T13193] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2097'.
[  165.782403][ T5993] usb 9-1: new low-speed USB device number 17 using dummy_hcd
[  165.820584][ T5993] usb 9-1: device descriptor read/8, error -71
[  165.913176][T13217] overlayfs: failed to resolve './file1': -2
[  165.969730][T13221] netlink: 'syz.0.2108': attribute type 3 has an invalid length.
[  166.020816][T13225] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2110'.
[  166.072270][ T5993] usb 9-1: new low-speed USB device number 18 using dummy_hcd
[  166.091183][ T5993] usb 9-1: device descriptor read/8, error -71
[  166.128406][T13239] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2112'.
[  166.210322][ T5993] usb usb9-port1: unable to enumerate USB device
[  166.897763][T13239] overlayfs: statfs failed on './file0'
[  167.237846][T13265] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2123'.
[  167.404579][   T39] kauditd_printk_skb: 7 callbacks suppressed
[  167.404595][   T39] audit: type=1400 audit(1738745165.604:47527): avc:  denied  { map } for  pid=13276 comm="syz.1.2126" path="/dev/cuse" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  167.587382][T13295] wg1 speed is unknown, defaulting to 1000
[  167.612909][   T39] audit: type=1326 audit(1738745165.814:47528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13294 comm="syz.2.2133" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x0
[  167.671372][T13304] netlink: 'syz.2.2133': attribute type 2 has an invalid length.
[  167.674839][   T39] audit: type=1400 audit(1738745165.874:47529): avc:  denied  { write } for  pid=13302 comm="syz.4.2136" name="net" dev="proc" ino=47909 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  167.683559][   T39] audit: type=1400 audit(1738745165.874:47530): avc:  denied  { add_name } for  pid=13302 comm="syz.4.2136" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  167.689360][   T39] audit: type=1400 audit(1738745165.874:47531): avc:  denied  { create } for  pid=13302 comm="syz.4.2136" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  167.695798][   T39] audit: type=1400 audit(1738745165.874:47532): avc:  denied  { associate } for  pid=13302 comm="syz.4.2136" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  167.713979][T13308] wg1 speed is unknown, defaulting to 1000
[  167.785747][T13301] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2135'.
[  167.990131][T13328] IPv4: Oversized IP packet from 127.202.26.0
[  167.996944][T13328] netlink: 'syz.4.2142': attribute type 10 has an invalid length.
[  168.002057][T13328] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  168.039230][T13332] Bluetooth: hci5: Frame reassembly failed (-84)
[  168.044409][ T7902] Bluetooth: hci5: Frame reassembly failed (-84)
[  168.047554][   T39] audit: type=1400 audit(1738745166.244:47533): avc:  denied  { accept } for  pid=13333 comm="syz.4.2145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  168.239572][T13345] vxcan1: tx address claim with dest, not broadcast
[  168.242320][T13345] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2147'.
[  168.310166][ T5290] Bluetooth: hci0: command 0x1003 tx timeout
[  168.310204][ T5940] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  168.654713][T13357] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2151'.
[  168.657444][T13357] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2151'.
[  168.684354][   T39] audit: type=1400 audit(1738745166.884:47534): avc:  denied  { shutdown } for  pid=13358 comm="syz.2.2152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  168.748021][ T5940] Bluetooth: hci4: unexpected event for opcode 0x1407
[  168.987070][T13373] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  168.992694][T13373] kvm: pic: level sensitive irq not supported
[  168.992964][T13373] kvm: pic: non byte read
[  168.996947][T13373] kvm: pic: level sensitive irq not supported
[  168.997358][T13373] kvm: pic: non byte read
[  169.001961][T13373] kvm: pic: level sensitive irq not supported
[  169.002376][T13373] kvm: pic: non byte read
[  169.006515][T13373] kvm: pic: level sensitive irq not supported
[  169.006770][T13373] kvm: pic: non byte read
[  169.011166][T13373] kvm: pic: level sensitive irq not supported
[  169.011629][T13373] kvm: pic: non byte read
[  169.015823][T13373] kvm: pic: level sensitive irq not supported
[  169.016111][T13373] kvm: pic: non byte read
[  169.021233][T13373] kvm: pic: level sensitive irq not supported
[  169.021487][T13373] kvm: pic: non byte read
[  169.046312][T13377] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2157'.
[  169.176919][   T39] audit: type=1326 audit(1738745167.374:47535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13388 comm="syz.4.2160" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5e7f8cde9 code=0x7ffc0000
[  169.184545][   T39] audit: type=1326 audit(1738745167.374:47536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13388 comm="syz.4.2160" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5e7f8cde9 code=0x7ffc0000
[  169.208841][T13389] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  169.234563][T13398] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2164'.
[  169.349440][T13414] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  169.351706][T13414] IPv6: NLM_F_CREATE should be set when creating new route
[  169.760568][ T5966] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  169.910143][ T5966] usb 5-1: Using ep0 maxpacket: 16
[  169.914971][ T5966] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  169.918053][ T5966] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  169.921844][ T5966] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  169.924442][ T5966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.927993][ T5966] usb 5-1: config 0 descriptor??
[  169.932511][ T5966] pxrc 5-1:0.0: Could not find endpoint
[  169.934441][ T5966] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  170.070172][   T65] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  170.070282][ T5948] Bluetooth: hci5: command 0x1003 tx timeout
[  170.131696][T13433] wg1 speed is unknown, defaulting to 1000
[  170.143179][T13425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.146567][T13425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.358085][ T1324] usb 5-1: USB disconnect, device number 27
[  171.265305][T13478] __nla_validate_parse: 67 callbacks suppressed
[  171.265317][T13478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2194'.
[  171.352060][T13480] 
: renamed from bond0 (while UP)
[  171.388540][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.390959][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.393337][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.393360][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.393372][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.399699][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.401890][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.403985][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.406079][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.408193][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.410938][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.413117][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.415408][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.417553][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.419825][ T1324] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0
[  171.425122][ T1324] hid-generic 00A0:0006:0003.0016: hidraw1: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  171.718506][T13503] netlink: 'syz.1.2205': attribute type 1 has an invalid length.
[  171.748294][T13505] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  172.444264][T13518] fuse: Unknown parameter ''
[  172.571601][   T39] kauditd_printk_skb: 69 callbacks suppressed
[  172.571612][   T39] audit: type=1400 audit(1738745170.774:47606): avc:  denied  { link } for  pid=13523 comm="syz.2.2211" name="#5a" dev="tmpfs" ino=472 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  172.579713][   T39] audit: type=1400 audit(1738745170.774:47607): avc:  denied  { rename } for  pid=13523 comm="syz.2.2211" name="#5b" dev="tmpfs" ino=472 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  172.826829][T13549] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2222'.
[  172.834581][T13550] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2222'.
[  173.030121][ T8023] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  173.057014][   T39] audit: type=1400 audit(1738745171.254:47608): avc:  denied  { read } for  pid=13565 comm="syz.2.2227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  173.094092][   T65] Bluetooth: Unknown BR/EDR signaling command 0x00
[  173.096239][   T65] Bluetooth: Wrong link type (-22)
[  173.121695][T13570] netlink: 4780 bytes leftover after parsing attributes in process `syz.2.2229'.
[  173.124408][T13570] openvswitch: netlink: Flow key attr not present in new flow.
[  173.128685][T13570] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  173.137193][T13570] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.141323][T13570] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.180097][ T8023] usb 6-1: Using ep0 maxpacket: 16
[  173.182822][ T8023] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEF, changing to 0x8F
[  173.186206][ T8023] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  173.189323][ T8023] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  173.193333][ T8023] usb 6-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  173.196596][ T8023] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.196626][T13579] netfs: Couldn't get user pages (rc=-14)
[  173.200692][ T8023] usb 6-1: config 0 descriptor??
[  173.204690][ T8023] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input26
[  173.218763][T13581] ufs: Invalid option: "grpquota" or missing value
[  173.222294][T13581] ufs: wrong mount options
[  173.389337][T13587] vivid-000: =================  START STATUS  =================
[  173.391690][T13587] vivid-000: Test Pattern: 75% Colorbar
[  173.393302][T13587] vivid-000: Fill Percentage of Frame: 100
[  173.395034][T13587] vivid-000: Horizontal Movement: No Movement
[  173.396904][T13587] vivid-000: Vertical Movement: No Movement
[  173.398647][T13587] vivid-000: OSD Text Mode: All
[  173.402098][T13587] vivid-000: Show Border: false
[  173.403601][T13587] vivid-000: Show Square: false
[  173.405114][T13587] vivid-000: Sensor Flipped Horizontally: false
[  173.407056][T13587] vivid-000: Sensor Flipped Vertically: false
[  173.407484][T13545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  173.408855][T13587] vivid-000: Insert SAV Code in Image: false
[  173.408868][T13587] vivid-000: Insert EAV Code in Image: false
[  173.414040][T13545] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  173.414904][T13587] vivid-000: Insert Video Guard Band: false
[  173.418945][T13587] vivid-000: Reduced Framerate: false
[  173.430389][T13587] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  173.432497][T13587] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  173.434699][T13587] vivid-000: Enable Capture Cropping: true grabbed
[  173.436636][T13587] vivid-000: Enable Capture Composing: false grabbed
[  173.438739][T13587] vivid-000: Enable Capture Scaler: true grabbed
[  173.450076][T13587] vivid-000: Timestamp Source: End of Frame
[  173.451953][T13587] vivid-000: Colorspace: sRGB
[  173.453450][T13587] vivid-000: Transfer Function: Default
[  173.455166][T13587] vivid-000: Y'CbCr Encoding: Default
[  173.456913][T13587] vivid-000: HSV Encoding: Hue 0-179
[  173.458582][T13587] vivid-000: Quantization: Default
[  173.460953][T13587] vivid-000: Apply Alpha To Red Only: false
[  173.462734][T13587] vivid-000: Standard Aspect Ratio: 4x3
[  173.464447][T13587] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  173.466823][T13587] vivid-000: DV Timings: 640x480p59 inactive
[  173.468758][T13587] vivid-000: DV Timings Aspect Ratio: 14x9
[  173.470838][T13587] vivid-000: Maximum EDID Blocks: 1
[  173.472637][T13587] vivid-000: Limited RGB Range (16-235): false
[  173.474565][T13587] vivid-000: Rx RGB Quantization Range: Automatic
[  173.476729][T13587] vivid-000: Power Present: 0x00000001
[  173.478423][T13587] tpg source WxH: 320x180 (Y'CbCr)
[  173.480090][T13587] tpg field: 1
[  173.481184][T13587] tpg crop: 320x180@0x0
[  173.482458][T13587] tpg compose: 320x180@0x0
[  173.483841][T13587] tpg colorspace: 8
[  173.485052][T13587] tpg transfer function: 0/2
[  173.486483][T13587] tpg Y'CbCr encoding: 0/1
[  173.487909][T13587] tpg quantization: 0/2
[  173.489446][T13587] tpg RGB range: 0/2
[  173.490831][T13587] vivid-000: ==================  END STATUS  ==================
[  173.499966][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2237'.
[  173.518604][   T39] audit: type=1400 audit(1738745171.714:47609): avc:  denied  { mounton } for  pid=13591 comm="syz.0.2237" path="/558/file0/bus" dev="bpf" ino=54499 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  173.521892][T13592] overlayfs: upper fs does not support tmpfile.
[  173.625244][ T1324] usb 6-1: USB disconnect, device number 20
[  173.750766][T13610] xt_NFQUEUE: number of total queues is 0
[  173.883953][T13618] netfs: Couldn't get user pages (rc=-14)
[  173.898549][T13612] wg1 speed is unknown, defaulting to 1000
[  174.109846][T13636] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2248'.
[  174.233134][T13651] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  174.398293][T13662] netfs: Couldn't get user pages (rc=-14)
[  174.521813][T13687] wg1 speed is unknown, defaulting to 1000
[  174.703394][   T39] audit: type=1400 audit(1738745172.904:47610): avc:  denied  { read } for  pid=13698 comm="syz.1.2266" path="socket:[53808]" dev="sockfs" ino=53808 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  174.712714][T13698] delete_channel: no stack
[  174.894676][   T39] audit: type=1400 audit(1738745173.094:47611): avc:  denied  { ioctl } for  pid=13713 comm="syz.4.2270" path="/dev/uhid" dev="devtmpfs" ino=1296 ioctlcmd=0x5622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  174.921322][   T39] audit: type=1400 audit(1738745173.124:47612): avc:  denied  { mounton } for  pid=13717 comm="syz.4.2271" path="/341/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  174.922987][T13710] tmpfs: Unknown parameter '�pol'
[  174.941834][T13719] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  174.945427][T13719] overlay: filesystem on ./bus not supported as upperdir
[  174.946185][T13718] NILFS (nullb0): couldn't find nilfs on the device
[  174.994509][T13731] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  175.009397][T13731] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2275'.
[  175.013836][T13729] xt_hashlimit: size too large, truncated to 1048576
[  175.093364][T13740] sp0: Synchronizing with TNC
[  175.095776][T13740] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2279'.
[  175.098378][T13740] netlink: 'syz.0.2279': attribute type 2 has an invalid length.
[  175.282771][T13755] fuse: Unknown parameter 'w�j����'
[  175.414678][T13765] 9pnet_virtio: no channels available for device syz
[  175.576631][T13772] ip6tnl0: entered promiscuous mode
[  175.578454][T13771] ip6tnl0: left promiscuous mode
[  176.536887][T13795] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2294'.
[  176.694346][T13805] netfs: Couldn't get user pages (rc=-14)
[  177.354224][   T39] audit: type=1400 audit(1738745175.554:47613): avc:  denied  { accept } for  pid=13823 comm="syz.4.2302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  177.378698][T13827] syzkaller1: entered promiscuous mode
[  177.380683][T13827] syzkaller1: entered allmulticast mode
[  177.388384][T13827] tipc: Started in network mode
[  177.389916][T13827] tipc: Node identity 4, cluster identity 4711
[  177.392637][T13827] tipc: Node number set to 4
[  177.451808][   T39] audit: type=1400 audit(1738745175.654:47614): avc:  denied  { ioctl } for  pid=13828 comm="syz.0.2304" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x2100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  177.464145][   T39] audit: type=1400 audit(1738745175.664:47615): avc:  denied  { setopt } for  pid=13828 comm="syz.0.2304" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  177.737425][   T39] audit: type=1400 audit(1738745175.934:47616): avc:  denied  { setopt } for  pid=13836 comm="syz.0.2307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  177.764270][T13839] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  177.767994][T13839] program syz.0.2308 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  177.983642][T13852] 9p: Unknown Cache mode or invalid value mmap"
[  178.045061][T13857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2313'.
[  178.075190][   T39] audit: type=1400 audit(1738745176.274:47617): avc:  denied  { remove_name } for  pid=13861 comm="syz.1.2314" name="file1" dev="9p" ino=36050039 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  178.082654][   T39] audit: type=1400 audit(1738745176.274:47618): avc:  denied  { rename } for  pid=13861 comm="syz.1.2314" name="file1" dev="9p" ino=36050039 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  178.089266][   T39] audit: type=1400 audit(1738745176.274:47619): avc:  denied  { unlink } for  pid=13861 comm="syz.1.2314" name="file0" dev="9p" ino=36050029 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  178.094421][T13864] 9pnet_virtio: no channels available for device syz
[  178.098278][   T39] audit: type=1400 audit(1738745176.284:47620): avc:  denied  { listen } for  pid=13861 comm="syz.1.2314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  178.167725][   T39] audit: type=1400 audit(1738745176.364:47621): avc:  denied  { ioctl } for  pid=13873 comm="syz.1.2316" path="/dev/ptyq7" dev="devtmpfs" ino=134 ioctlcmd=0x5601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  178.175106][T13876] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  178.182957][T13875] mkiss: ax0: crc mode is auto.
[  178.186837][T13875] 9pnet_virtio: no channels available for device syz
[  178.194708][T13875] bridge0: port 3(netdevsim2) entered blocking state
[  178.197024][T13875] bridge0: port 3(netdevsim2) entered disabled state
[  178.199055][T13875] netdevsim netdevsim2 netdevsim2: entered allmulticast mode
[  178.201928][T13875] netdevsim netdevsim2 netdevsim2: entered promiscuous mode
[  178.331131][T13893] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2322'.
[  178.425113][T13898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2324'.
[  178.582552][   T39] audit: type=1400 audit(1738745176.784:47622): avc:  denied  { setopt } for  pid=13908 comm="syz.1.2328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  178.610535][   T62] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  178.751052][   T25] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  178.758660][   T39] audit: type=1326 audit(1738745176.954:47623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13911 comm="syz.1.2329" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f171198cde9 code=0x0
[  178.770313][   T62] usb 9-1: Using ep0 maxpacket: 8
[  178.773154][   T62] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  178.775982][   T62] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  178.778772][   T62] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  178.781779][   T62] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  178.785402][   T62] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  178.787943][   T62] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.810538][   T39] audit: type=1400 audit(1738745177.014:47624): avc:  denied  { open } for  pid=13911 comm="syz.1.2329" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=55447 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  178.880130][   T25] usb 7-1: device descriptor read/64, error -71
[  178.994096][   T62] usb 9-1: usb_control_msg returned -32
[  178.995803][   T62] usbtmc 9-1:16.0: can't read capabilities
[  179.140388][   T25] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  179.280283][   T25] usb 7-1: device descriptor read/64, error -71
[  179.400267][   T25] usb usb7-port1: attempt power cycle
[  179.661583][T13929] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  179.760188][   T25] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  179.780630][   T25] usb 7-1: device descriptor read/8, error -71
[  179.960902][   T39] audit: type=1326 audit(1738745178.164:47625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.2337" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa39258cde9 code=0x0
[  179.972975][T13943] fuse: Unknown parameter 'ft'
[  179.975312][T13943] netlink: 'syz.1.2338': attribute type 21 has an invalid length.
[  179.977592][T13943] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2338'.
[  179.980793][T13943] netlink: 'syz.1.2338': attribute type 5 has an invalid length.
[  179.983507][T13943] netlink: 'syz.1.2338': attribute type 6 has an invalid length.
[  179.986032][T13943] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2338'.
[  180.050402][   T25] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  180.074071][   T25] usb 7-1: device descriptor read/8, error -71
[  180.180310][   T25] usb usb7-port1: unable to enumerate USB device
[  181.137699][ T5948] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  181.144595][ T5948] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  181.148898][ T5948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  181.152012][ T5948] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  181.154892][ T5948] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  181.157704][ T5948] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  181.158172][T13965] qnx6: unable to set blocksize
[  181.184555][T13966] wg1 speed is unknown, defaulting to 1000
[  181.252867][T13966] chnl_net:caif_netlink_parms(): no params data found
[  181.294320][T13966] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.296472][T13966] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.298578][T13966] bridge_slave_0: entered allmulticast mode
[  181.299557][T13976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2347'.
[  181.302180][T13966] bridge_slave_0: entered promiscuous mode
[  181.303293][T13976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2347'.
[  181.305801][T13966] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.309823][T13966] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.323094][T13966] bridge_slave_1: entered allmulticast mode
[  181.325937][T13966] bridge_slave_1: entered promiscuous mode
[  181.361164][T13966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  181.365129][T13966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  181.377498][   T25] usb 9-1: USB disconnect, device number 19
[  181.389793][T13966] team0: Port device team_slave_0 added
[  181.394185][T13966] team0: Port device team_slave_1 added
[  181.412774][T13966] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.414796][T13966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.424659][T13966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.428425][T13966] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.431037][T13966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.438382][T13966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.472511][T13966] hsr_slave_0: entered promiscuous mode
[  181.474546][T13966] hsr_slave_1: entered promiscuous mode
[  181.476497][T13966] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  181.478737][T13966] Cannot create hsr debugfs directory
[  181.489713][T13985] netlink: 'syz.1.2351': attribute type 9 has an invalid length.
[  181.505865][T13985] netlink: 'syz.1.2351': attribute type 9 has an invalid length.
[  181.508194][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2351'.
[  181.906972][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  181.909894][   T12] bond_slave_0: left promiscuous mode
[  181.914195][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  181.916816][   T12] bond_slave_1: left promiscuous mode
[  181.918510][   T12] bond0 (unregistering): Released all slaves
[  181.968818][T14009] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2356'.
[  181.994451][   T12] tipc: Left network mode
[  182.008614][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.032660][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.108772][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.189118][   T12] hsr_slave_0: left promiscuous mode
[  182.192060][   T12] hsr_slave_1: left promiscuous mode
[  182.194805][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.197509][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.203268][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.293702][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.363880][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.460685][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.578066][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.651951][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.725444][T14016] ref_ctr_offset mismatch. inode: 0xb99 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[  182.740114][   T39] kauditd_printk_skb: 8224 callbacks suppressed
[  182.740125][   T39] audit: type=1326 audit(1738745180.934:55850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.747597][   T39] audit: type=1326 audit(1738745180.944:55851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.760329][   T39] audit: type=1326 audit(1738745180.944:55852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.766989][   T39] audit: type=1326 audit(1738745180.944:55853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.773711][   T39] audit: type=1326 audit(1738745180.944:55854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.780427][   T39] audit: type=1326 audit(1738745180.944:55855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.787091][   T39] audit: type=1326 audit(1738745180.944:55856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.793859][   T39] audit: type=1326 audit(1738745180.944:55857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.800588][   T39] audit: type=1326 audit(1738745180.944:55858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.807126][   T39] audit: type=1326 audit(1738745180.944:55859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14019 comm="syz.2.2358" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x7ff00000
[  182.987128][   T12] team0 (unregistering): Port device team_slave_1 removed
[  183.084126][   T12] team0 (unregistering): Port device team_slave_0 removed
[  183.201462][   T65] Bluetooth: hci0: command tx timeout
[  183.808597][T13966] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  183.813534][T13966] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  183.817615][T13966] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  183.818446][T14045] openvswitch: netlink: Tunnel attr 222 out of range max 16
[  183.822466][T14045] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2362'.
[  183.839045][T13966] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  183.877586][T13966] 8021q: adding VLAN 0 to HW filter on device bond0
[  183.885070][T13966] 8021q: adding VLAN 0 to HW filter on device team0
[  183.888836][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.891624][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.900899][   T72] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.903102][   T72] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.995182][T13966] 8021q: adding VLAN 0 to HW filter on device batadv0
[  184.028419][T13966] veth0_vlan: entered promiscuous mode
[  184.036253][T13966] veth1_vlan: entered promiscuous mode
[  184.045554][T13966] veth0_macvtap: entered promiscuous mode
[  184.050355][T13966] veth1_macvtap: entered promiscuous mode
[  184.052370][T14065] netlink: 830 bytes leftover after parsing attributes in process `syz.1.2364'.
[  184.058826][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.062211][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.065953][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.068962][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.072423][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.075415][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.078237][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  184.090137][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.093650][T13966] batman_adv: batadv0: Interface activated: batadv_slave_0
[  184.097489][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.102017][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.104864][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.107788][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.110653][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.113674][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.116428][T13966] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  184.119338][T13966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  184.123183][T13966] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.136908][T13966] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.140449][T13966] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.143151][T13966] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.145868][T13966] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.185065][   T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.187401][   T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.197981][   T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.202983][   T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.590218][   T25] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  184.740182][   T25] usb 6-1: Using ep0 maxpacket: 8
[  184.743931][   T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  184.747295][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  184.753486][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  184.756830][   T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  184.760783][   T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  184.763460][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.968235][   T25] usb 6-1: GET_CAPABILITIES returned 0
[  184.969915][   T25] usbtmc 6-1:16.0: can't read capabilities
[  185.211794][T14083] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2369'.
[  185.214632][T14083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2369'.
[  185.217655][   T65] Bluetooth: hci4: unexpected event for opcode 0x2036
[  185.464168][T14103] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2373'.
[  185.466764][T14103] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2373'.
[  185.782805][T14118] netlink: 'syz.4.2377': attribute type 1 has an invalid length.
[  185.792292][T14118] bridge_slave_0: left allmulticast mode
[  185.793980][T14118] bridge_slave_0: left promiscuous mode
[  185.795712][T14118] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.800912][T14118] bond0: (slave bond_slave_0): Releasing backup interface
[  185.805293][T14118] bond0: (slave bond_slave_1): Releasing backup interface
[  185.825231][T14118] team0: Port device team_slave_0 removed
[  185.831483][T14118] team0: Port device team_slave_1 removed
[  185.833434][T14118] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.835606][T14118] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.838569][T14118] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.839845][T14119] netlink: 'syz.4.2377': attribute type 10 has an invalid length.
[  185.841394][T14118] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.849077][T14118] bond0: (slave wlan1): Releasing backup interface
[  185.867712][T14119] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  186.042832][T14125] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2380'.
[  186.045765][T14125] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2380'.
[  186.138799][T14131] netlink: 'syz.4.2382': attribute type 4 has an invalid length.
[  186.141440][T14131] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.2382'.
[  186.195734][T14137] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_macvtap, syncid = 4, id = 0
[  186.209353][T14136] IPVS: stopping master sync thread 14137 ...
[  186.614331][   T72] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.728345][T14190] netlink: 'syz.4.2400': attribute type 13 has an invalid length.
[  186.737750][ T5948] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  186.742950][ T5948] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  186.745720][ T5948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  186.749082][ T5948] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  186.752375][ T5948] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  186.754742][ T5948] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  186.777219][T14192] wg1 speed is unknown, defaulting to 1000
[  186.843071][T14192] chnl_net:caif_netlink_parms(): no params data found
[  186.904658][T14192] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.906779][T14192] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.908923][T14192] bridge_slave_0: entered allmulticast mode
[  186.912000][T14192] bridge_slave_0: entered promiscuous mode
[  186.914651][T14192] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.916760][T14192] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.918849][T14192] bridge_slave_1: entered allmulticast mode
[  186.921116][T14192] bridge_slave_1: entered promiscuous mode
[  186.944455][T14192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.948196][T14192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.970570][T14192] team0: Port device team_slave_0 added
[  186.973494][T14192] team0: Port device team_slave_1 added
[  186.992453][T14192] batman_adv: batadv0: Adding interface: batadv_slave_0
[  186.994573][T14192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.002416][T14192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  187.006157][T14192] batman_adv: batadv0: Adding interface: batadv_slave_1
[  187.008232][T14192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.015747][T14192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  187.042164][T14192] hsr_slave_0: entered promiscuous mode
[  187.044224][T14192] hsr_slave_1: entered promiscuous mode
[  187.046077][T14192] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  187.048284][T14192] Cannot create hsr debugfs directory
[  187.150102][    T8] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  187.215325][ T6306] usb 6-1: USB disconnect, device number 21
[  187.310101][    T8] usb 7-1: Using ep0 maxpacket: 8
[  187.313133][    T8] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  187.316249][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  187.319011][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  187.324274][    T8] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  187.327962][    T8] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  187.330599][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.404207][T14212] netlink: 'syz.1.2404': attribute type 1 has an invalid length.
[  187.418782][T14212] 8021q: adding VLAN 0 to HW filter on device bond4
[  187.429802][T14212] bond4: (slave gretap1): making interface the new active one
[  187.433958][T14212] bond4: (slave gretap1): Enslaving as an active interface with an up link
[  187.439285][T14212] __nla_validate_parse: 2 callbacks suppressed
[  187.439293][T14212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2404'.
[  187.444175][T14212] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2404'.
[  187.539981][    T8] usb 7-1: GET_CAPABILITIES returned 0
[  187.542193][    T8] usbtmc 7-1:16.0: can't read capabilities
[  187.742281][ T6306] usb 7-1: USB disconnect, device number 14
[  187.813253][T14239] bridge_slave_0: default FDB implementation only supports local addresses
[  188.018713][T14249] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 2
[  188.362698][T14251] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2418'.
[  188.367632][T14252] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2418'.
[  188.379252][T14251] netlink: 'syz.2.2418': attribute type 7 has an invalid length.
[  188.492091][T14259] netlink: 'syz.2.2421': attribute type 16 has an invalid length.
[  188.494373][T14259] netlink: 'syz.2.2421': attribute type 3 has an invalid length.
[  188.496590][T14259] netlink: 64066 bytes leftover after parsing attributes in process `syz.2.2421'.
[  188.499838][T14259] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14259 comm=syz.2.2421
[  188.571115][T14237] use of bytesused == 0 is deprecated and will be removed in the future,
[  188.573659][T14237] use the actual size instead.
[  188.719382][   T72] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.780239][ T1324] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  188.800130][ T5948] Bluetooth: hci0: command tx timeout
[  188.902604][   T72] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.953246][ T1324] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.958632][ T1324] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  188.963599][ T1324] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  188.966212][ T1324] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.968575][ T1324] usb 7-1: Product: syz
[  188.970332][ T1324] usb 7-1: Manufacturer: syz
[  188.971759][ T1324] usb 7-1: SerialNumber: syz
[  189.018538][   T72] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.122674][   T72] bridge_slave_1: left allmulticast mode
[  189.124354][   T72] bridge_slave_1: left promiscuous mode
[  189.126026][   T72] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.131535][   T72] bridge_slave_0: left allmulticast mode
[  189.133265][   T72] bridge_slave_0: left promiscuous mode
[  189.135009][   T72] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.179111][T14263] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  189.197234][ T1324] cdc_mbim 7-1:1.0: bind() failure
[  189.209330][ T1324] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  189.212121][ T1324] cdc_ncm 7-1:1.1: bind() failure
[  189.212729][T14268] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2423'.
[  189.215030][ T1324] usb 7-1: USB disconnect, device number 15
[  189.364088][T14272] syz.1.2425: attempt to access beyond end of device
[  189.364088][T14272] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0
[  189.368170][T14272] syz.1.2425: attempt to access beyond end of device
[  189.368170][T14272] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  189.371943][T14272] syz.1.2425: attempt to access beyond end of device
[  189.371943][T14272] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  189.381079][T14272] syz.1.2425: attempt to access beyond end of device
[  189.381079][T14272] nbd1: rw=0, sector=18, nr_sectors = 2 limit=0
[  189.384917][T14272] syz.1.2425: attempt to access beyond end of device
[  189.384917][T14272] nbd1: rw=0, sector=30, nr_sectors = 2 limit=0
[  189.388654][T14272] syz.1.2425: attempt to access beyond end of device
[  189.388654][T14272] nbd1: rw=0, sector=36, nr_sectors = 2 limit=0
[  189.421833][T14274] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14274 comm=syz.1.2426
[  189.425926][T14274] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2426'.
[  189.454098][   T72] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  189.459055][   T72] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  189.463367][   T72] bond0 (unregistering): Released all slaves
[  189.511877][   T39] kauditd_printk_skb: 34846 callbacks suppressed
[  189.511887][   T39] audit: type=1400 audit(1738745187.714:90706): avc:  denied  { audit_write } for  pid=14278 comm="syz.2.2427" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  189.534942][T14284] tmpfs: Bad value for 'mpol'
[  189.762337][   T39] audit: type=1400 audit(1738745187.964:90707): avc:  denied  { listen } for  pid=14310 comm="syz.1.2435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  189.789667][   T72] hsr_slave_0: left promiscuous mode
[  189.792915][   T72] hsr_slave_1: left promiscuous mode
[  189.794740][   T72] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  189.797049][   T72] batman_adv: batadv0: Removing interface: batadv_slave_0
[  189.799702][   T72] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  189.803186][   T72] batman_adv: batadv0: Removing interface: batadv_slave_1
[  189.834787][   T72] veth1_macvtap: left promiscuous mode
[  189.836471][   T72] veth0_macvtap: left promiscuous mode
[  189.838215][   T72] veth1_vlan: left promiscuous mode
[  189.840234][   T72] veth0_vlan: left promiscuous mode
[  190.073425][   T65] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  190.141232][   T39] audit: type=1400 audit(1738745188.344:90708): avc:  denied  { view } for  pid=14331 comm="syz.4.2438" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  190.595583][   T72] team0 (unregistering): Port device team_slave_1 removed
[  190.657207][T14342] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  190.659156][T14342] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  190.670632][T14342] vhci_hcd vhci_hcd.0: Device attached
[  190.690901][   T72] team0 (unregistering): Port device team_slave_0 removed
[  190.880124][   T65] Bluetooth: hci0: command tx timeout
[  190.968636][ T5966] usb 42-1: SetAddress Request (2) to port 0
[  190.971017][ T5966] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  191.330090][T14343] vhci_hcd: connection reset by peer
[  191.335784][ T7890] vhci_hcd: stop threads
[  191.337066][ T7890] vhci_hcd: release socket
[  191.340782][ T7890] vhci_hcd: disconnect device
[  191.377393][T14192] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  191.381547][T14192] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  191.386077][T14192] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  191.389172][T14192] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  191.415597][   T39] audit: type=1400 audit(1738745189.614:90709): avc:  denied  { getopt } for  pid=14352 comm="syz.4.2442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  191.423474][T14353] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2442'.
[  191.430773][T14192] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.444337][T14192] 8021q: adding VLAN 0 to HW filter on device team0
[  191.458255][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.460397][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.463409][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.465458][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.478099][T14192] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  191.482074][T14192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.569896][T14192] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.594781][T14192] veth0_vlan: entered promiscuous mode
[  191.598885][T14192] veth1_vlan: entered promiscuous mode
[  191.612347][T14192] veth0_macvtap: entered promiscuous mode
[  191.615597][T14192] veth1_macvtap: entered promiscuous mode
[  191.621440][T14192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.624427][T14192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.627188][T14192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.630764][T14192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.633594][T14192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  191.636600][T14192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.639985][T14192] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.648034][T14192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.651049][T14192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.653790][T14192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.656767][T14192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.659522][T14192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.662971][T14192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.666334][T14192] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.669824][T14192] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.672554][T14192] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.675308][T14192] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.678085][T14192] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.722138][ T7903] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.724447][ T7903] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.738679][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.741592][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.819218][   T39] audit: type=1400 audit(1738745190.014:90710): avc:  denied  { getopt } for  pid=14372 comm="syz.1.2448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  191.826959][   T39] audit: type=1400 audit(1738745190.024:90711): avc:  denied  { setopt } for  pid=14372 comm="syz.1.2448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  191.979889][T14386] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  192.038899][T14388] 8021q: adding VLAN 0 to HW filter on device bond1
[  192.046335][T14388] bond0: (slave bond1): Enslaving as an active interface with an up link
[  192.055577][T14396] overlayfs: failed to resolve './file1': -2
[  192.056190][T14397] netlink: 'syz.4.2452': attribute type 13 has an invalid length.
[  192.080262][T14397] gretap0: refused to change device tx_queue_len
[  192.082292][T14397] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  192.175759][T14409] syz.2.2461: attempt to access beyond end of device
[  192.175759][T14409] loop2: rw=0, sector=0, nr_sectors = 1 limit=0
[  192.179891][T14409] FAT-fs (loop2): unable to read boot sector
[  192.218315][T14404] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2458'.
[  192.229170][   T39] audit: type=1400 audit(1738745190.424:90712): avc:  denied  { bind } for  pid=14412 comm="syz.2.2463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  192.267014][   T39] audit: type=1400 audit(1738745190.464:90713): avc:  denied  { create } for  pid=14419 comm="syz.2.2465" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1
[  192.371395][   T39] audit: type=1400 audit(1738745190.574:90714): avc:  denied  { setattr } for  pid=14434 comm="syz.2.2466" name="file0" dev="tmpfs" ino=792 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  192.440184][T14439] tmpfs: Bad value for 'mpol'
[  192.453449][T14439] bridge0: port 4(netdevsim0) entered blocking state
[  192.456322][T14439] bridge0: port 4(netdevsim0) entered disabled state
[  192.459032][T14439] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  192.462805][T14439] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  192.479759][T14439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2467'.
[  192.916079][   T39] audit: type=1800 audit(1738745191.114:90715): pid=14471 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.2477" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  192.930235][   T35] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  193.066869][T14485] program syz.4.2482 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  193.090468][   T35] usb 7-1: Using ep0 maxpacket: 32
[  193.095063][   T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.099133][   T35] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  193.100090][T14488] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2483'.
[  193.103151][   T35] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  193.109967][   T35] usb 7-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  193.116357][   T35] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.126053][   T35] usb 7-1: config 0 descriptor??
[  193.148804][T14493] netlink: 'syz.4.2484': attribute type 4 has an invalid length.
[  193.153516][T14493] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2484'.
[  193.543107][   T35] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0458:5011.0017/input/input28
[  193.604292][   T35] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0458:5011.0017/input/input29
[  193.614834][   T35] kye 0003:0458:5011.0017: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0
[  193.801643][T14511] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2488'.
[  193.801714][T14511] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2488'.
[  193.818509][ T5993] usb 7-1: USB disconnect, device number 16
[  193.905534][T14522] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2491'.
[  193.914527][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.994967][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  194.049578][ T5948] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  194.055705][ T5948] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  194.058424][ T5948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  194.061335][ T5948] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  194.063583][ T5948] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  194.065695][ T5948] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  194.077248][T14535] gtp0: entered promiscuous mode
[  194.101695][T14532] wg1 speed is unknown, defaulting to 1000
[  194.149949][T14532] chnl_net:caif_netlink_parms(): no params data found
[  194.213367][T14532] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.215550][T14532] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.217625][T14532] bridge_slave_0: entered allmulticast mode
[  194.219797][T14532] bridge_slave_0: entered promiscuous mode
[  194.222955][T14532] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.225058][T14532] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.227197][T14532] bridge_slave_1: entered allmulticast mode
[  194.229355][T14532] bridge_slave_1: entered promiscuous mode
[  194.248745][T14532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  194.252844][T14532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  194.277283][T14532] team0: Port device team_slave_0 added
[  194.280524][T14532] team0: Port device team_slave_1 added
[  194.299159][T14532] batman_adv: batadv0: Adding interface: batadv_slave_0
[  194.302283][T14532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.309614][T14532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  194.313595][T14532] batman_adv: batadv0: Adding interface: batadv_slave_1
[  194.315571][T14532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.323481][T14532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  194.348217][T14532] hsr_slave_0: entered promiscuous mode
[  194.350386][T14532] hsr_slave_1: entered promiscuous mode
[  194.352236][T14532] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  194.354444][T14532] Cannot create hsr debugfs directory
[  194.486708][T14578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2505'.
[  194.509854][T14583] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=14583 comm=syz.2.2506
[  194.516374][T14574] overlay: Unknown parameter 'uid>00000000000000060929'
[  194.527064][T14586] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=14586 comm=syz.2.2506
[  194.675948][T14592] syz.2.2508: attempt to access beyond end of device
[  194.675948][T14592] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  194.683035][T14592] efs: cannot read volume header
[  195.076351][T14620] netlink: 'syz.4.2516': attribute type 3 has an invalid length.
[  195.079222][T14620] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2516'.
[  195.463062][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.549500][T14670] netlink: 'syz.2.2535': attribute type 4 has an invalid length.
[  195.563779][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.567659][T14672] IPv6: NLM_F_CREATE should be specified when creating new route
[  195.572237][   T39] kauditd_printk_skb: 1 callbacks suppressed
[  195.572244][   T39] audit: type=1400 audit(1738745193.774:90717): avc:  denied  { mounton } for  pid=14671 comm="syz.4.2534" path="/proc/1305/cgroup" dev="proc" ino=61125 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  195.582863][T14670] netlink: 'syz.2.2535': attribute type 4 has an invalid length.
[  195.604839][T14674] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  195.612163][T14676] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2537'.
[  195.615995][T14676] netlink: 344 bytes leftover after parsing attributes in process `syz.2.2537'.
[  195.633004][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.737601][   T12] bridge_slave_1: left allmulticast mode
[  195.739334][   T12] bridge_slave_1: left promiscuous mode
[  195.741884][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.744951][   T12] bridge_slave_0: left allmulticast mode
[  195.746558][   T12] bridge_slave_0: left promiscuous mode
[  195.748252][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.880139][ T8023] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  196.025340][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.029315][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.030113][ T8023] usb 7-1: Using ep0 maxpacket: 8
[  196.034318][   T12] bond0 (unregistering): Released all slaves
[  196.034492][ T8023] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  196.038500][ T8023] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  196.041453][ T8023] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  196.044252][ T8023] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  196.047055][ T8023] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  196.051119][ T8023] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  196.053750][ T8023] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.070320][ T5966] usb 42-1: device descriptor read/8, error -110
[  196.150283][   T65] Bluetooth: hci0: command tx timeout
[  196.206399][   T39] audit: type=1400 audit(1738745194.404:90718): avc:  denied  { listen } for  pid=14691 comm="syz.1.2540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  196.269573][ T8023] usb 7-1: usb_control_msg returned -32
[  196.271698][ T8023] usbtmc 7-1:16.0: can't read capabilities
[  196.330378][T14704] netlink: 'syz.1.2542': attribute type 9 has an invalid length.
[  196.374049][   T12] hsr_slave_0: left promiscuous mode
[  196.375971][   T12] hsr_slave_1: left promiscuous mode
[  196.377830][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.380135][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.384198][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.386370][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  196.414146][   T12] veth1_macvtap: left promiscuous mode
[  196.415915][   T12] veth0_macvtap: left promiscuous mode
[  196.417667][   T12] veth1_vlan: left promiscuous mode
[  196.419340][   T12] veth0_vlan: left promiscuous mode
[  196.466824][ T5966] usb usb42-port1: attempt power cycle
[  196.635007][   T62] usb 7-1: USB disconnect, device number 17
[  197.050515][ T5966] usb usb42-port1: unable to enumerate USB device
[  197.144833][   T12] team0 (unregistering): Port device team_slave_1 removed
[  197.229573][   T12] team0 (unregistering): Port device team_slave_0 removed
[  197.832788][T14713] netlink: 'syz.4.2544': attribute type 2 has an invalid length.
[  197.866280][T14532] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  197.866440][T14716] __nla_validate_parse: 4 callbacks suppressed
[  197.866449][T14716] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2545'.
[  197.875156][T14532] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  197.883681][T14532] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  197.887394][T14532] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  197.928979][   T39] audit: type=1400 audit(1738745196.124:90719): avc:  denied  { setattr } for  pid=14717 comm="syz.4.2546" name="PNPIPE" dev="sockfs" ino=61602 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  197.936510][T14532] 8021q: adding VLAN 0 to HW filter on device bond0
[  197.939611][T14718] tc_dump_action: action bad kind
[  197.946314][T14532] 8021q: adding VLAN 0 to HW filter on device team0
[  197.952208][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.954291][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.964368][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.966439][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.971160][T14720] SELinux: security_context_str_to_sid (E�) failed with errno=-22
[  197.975839][   T39] audit: type=1400 audit(1738745196.174:90720): avc:  denied  { mount } for  pid=14719 comm="syz.2.2547" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  198.029171][T14730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2549'.
[  198.032746][T14730] openvswitch: netlink: Unexpected mask (mask=8000040, allowed=10048)
[  198.056468][T14532] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.092990][T14532] veth0_vlan: entered promiscuous mode
[  198.096722][T14740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2552'.
[  198.101221][T14532] veth1_vlan: entered promiscuous mode
[  198.121272][T14532] veth0_macvtap: entered promiscuous mode
[  198.124384][T14532] veth1_macvtap: entered promiscuous mode
[  198.132943][T14532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.136165][T14532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.139014][T14532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.142238][T14532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.145061][T14532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  198.147820][T14745] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  198.148034][T14532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.148617][T14532] batman_adv: batadv0: Interface activated: batadv_slave_0
[  198.156339][T14747] overlayfs: missing 'workdir'
[  198.159695][T14532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.163094][T14532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.165898][T14532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.168801][T14532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.171963][T14532] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  198.174873][T14532] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  198.178249][T14532] batman_adv: batadv0: Interface activated: batadv_slave_1
[  198.183537][   T39] audit: type=1400 audit(1738745196.384:90721): avc:  denied  { write } for  pid=14748 comm="syz.2.2555" name="usbmon8" dev="devtmpfs" ino=762 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  198.192115][T14532] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.194621][T14532] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.197145][T14532] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.199632][T14532] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.211556][   T39] audit: type=1400 audit(1738745196.404:90722): avc:  denied  { accept } for  pid=14750 comm="syz.4.2556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  198.241112][ T7890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  198.245106][ T7890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  198.246256][   T65] Bluetooth: hci0: command tx timeout
[  198.257875][ T7890] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  198.262596][ T7890] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  198.435092][T14776] netlink: 'syz.4.2562': attribute type 29 has an invalid length.
[  198.439130][T14776] netlink: 'syz.4.2562': attribute type 29 has an invalid length.
[  198.443474][T14776] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2562'.
[  198.476308][T14778] kernel profiling enabled (shift: 63)
[  198.478312][T14778] profiling shift: 63 too large
[  198.507090][T14781] tmpfs: Bad value for 'usrquota_inode_hardlimit'
[  198.508279][T14780] syz.4.2564: attempt to access beyond end of device
[  198.508279][T14780] sr0: rw=0, sector=64, nr_sectors = 4 limit=0
[  198.514114][T14780] isofs_fill_super: bread failed, dev=sr0, iso_blknum=16, block=16
[  198.909755][T14793] wg1 speed is unknown, defaulting to 1000
[  198.932778][   T39] audit: type=1400 audit(1738745197.134:90723): avc:  denied  { bind } for  pid=14789 comm="syz.1.2569" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  198.961241][T14789] delete_channel: no stack
[  198.974508][T14800] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  198.986438][T14802] netlink: 'syz.1.2572': attribute type 32 has an invalid length.
[  198.988776][T14802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2572'.
[  198.991615][T14802] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  199.298631][T14823] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2580'.
[  199.429329][T14828] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  199.432235][T14828] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.859037][T14832] bond0: (slave bond1): Error -95 calling ndo_bpf
[  199.862561][T14832] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  199.921366][   T39] audit: type=1400 audit(1738745198.124:90724): avc:  denied  { ioctl } for  pid=14831 comm="syz.1.2583" path="socket:[63665]" dev="sockfs" ino=63665 ioctlcmd=0x5412 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  199.930838][   T39] audit: type=1400 audit(1738745198.134:90725): avc:  denied  { setopt } for  pid=14831 comm="syz.1.2583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  200.328548][T14835] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2584'.
[  200.332972][T14835] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2584'.
[  200.346516][T14835] veth3: entered promiscuous mode
[  200.348050][T14835] veth3: entered allmulticast mode
[  200.394305][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.842553][   T39] audit: type=1400 audit(1738745199.044:90726): avc:  denied  { nlmsg_write } for  pid=14840 comm="syz.4.2586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  200.888723][T14845] tmpfs: Bad value for 'mpol'
[  200.956196][ T5948] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  200.961560][ T5948] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  200.964404][ T5948] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  200.967120][ T5948] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  200.970564][ T5948] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  200.972821][ T5948] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  200.987164][T14848] wg1 speed is unknown, defaulting to 1000
[  201.047510][   T39] audit: type=1400 audit(1738745199.244:90727): avc:  denied  { unmount } for  pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  201.057959][T14848] chnl_net:caif_netlink_parms(): no params data found
[  201.102181][T14848] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.104505][T14848] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.106747][T14848] bridge_slave_0: entered allmulticast mode
[  201.109076][T14848] bridge_slave_0: entered promiscuous mode
[  201.111835][T14848] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.113903][T14848] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.115963][T14848] bridge_slave_1: entered allmulticast mode
[  201.118875][T14848] bridge_slave_1: entered promiscuous mode
[  201.121832][T14873] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  201.157029][T14848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.161652][T14848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  201.192035][T14848] team0: Port device team_slave_0 added
[  201.195504][T14848] team0: Port device team_slave_1 added
[  201.220473][T14848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.222518][T14848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.229714][T14848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.233809][T14848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.235773][T14848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.243090][T14848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.278417][T14848] hsr_slave_0: entered promiscuous mode
[  201.281406][T14848] hsr_slave_1: entered promiscuous mode
[  201.283316][T14848] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  201.285403][T14848] Cannot create hsr debugfs directory
[  201.335220][T14879] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2597'.
[  201.341529][ T5948] Bluetooth: hci4: unexpected event for opcode 0x1009
[  201.500105][ T1465] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  201.650148][ T1465] usb 6-1: Using ep0 maxpacket: 16
[  201.652908][ T1465] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  201.655360][ T1465] usb 6-1: config 0 has no interface number 0
[  201.657205][ T1465] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  201.660336][ T1465] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  201.663977][ T1465] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  201.666595][ T1465] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  201.668968][ T1465] usb 6-1: Product: syz
[  201.670465][ T1465] usb 6-1: SerialNumber: syz
[  201.673154][ T1465] usb 6-1: config 0 descriptor??
[  201.676574][ T1465] cm109 6-1:0.8: invalid payload size 0, expected 4
[  201.679243][ T1465] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input30
[  201.867723][T14881] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present
[  201.871423][T14881] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1)
[  201.884614][T14877] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2596'.
[  201.889229][    C1] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  201.889704][ T6001] usb 6-1: USB disconnect, device number 22
[  201.891755][    C1] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  201.899200][   T39] audit: type=1400 audit(1738745200.094:90728): avc:  denied  { append } for  pid=14882 comm="syz.4.2599" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  201.911754][ T6001] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  202.244374][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.281196][   T39] audit: type=1326 audit(1738745200.484:90729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14893 comm="syz.2.2602" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f27ba98cde9 code=0x0
[  202.304546][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.365755][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.494207][   T12] bridge_slave_1: left allmulticast mode
[  202.495942][   T12] bridge_slave_1: left promiscuous mode
[  202.497619][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.502781][   T12] bridge_slave_0: left allmulticast mode
[  202.504568][   T12] bridge_slave_0: left promiscuous mode
[  202.506367][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.764105][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  202.768425][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  202.772621][   T12] bond0 (unregistering): Released all slaves
[  202.777856][T14907] Bluetooth: MGMT ver 1.23
[  202.786861][T14907] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14907 comm=syz.4.2606
[  203.030429][ T5948] Bluetooth: hci0: command tx timeout
[  203.036610][T14921] usb usb8: usbfs: process 14921 (syz.4.2609) did not claim interface 0 before use
[  203.109281][   T12] hsr_slave_0: left promiscuous mode
[  203.115334][   T12] hsr_slave_1: left promiscuous mode
[  203.117296][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.119617][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.126156][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.128509][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.164548][   T12] veth1_macvtap: left promiscuous mode
[  203.166248][   T12] veth0_macvtap: left promiscuous mode
[  203.168015][   T12] veth1_vlan: left promiscuous mode
[  203.169667][   T12] veth0_vlan: left promiscuous mode
[  203.526438][T14939] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  203.944845][   T12] team0 (unregistering): Port device team_slave_1 removed
[  204.043500][   T12] team0 (unregistering): Port device team_slave_0 removed
[  204.125370][T14953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2615'.
[  204.232437][T14961] netlink: 512 bytes leftover after parsing attributes in process `syz.2.2617'.
[  204.786857][T14963] tc_dump_action: action bad kind
[  204.839378][T14973] IPv6: NLM_F_CREATE should be specified when creating new route
[  204.862908][T14848] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  204.875738][T14848] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  204.891228][T14848] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  204.896655][T14979] netfs: Couldn't get user pages (rc=-14)
[  204.902372][T14848] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  204.953769][T14848] 8021q: adding VLAN 0 to HW filter on device bond0
[  204.961402][T14848] 8021q: adding VLAN 0 to HW filter on device team0
[  204.965297][ T7902] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.967406][ T7902] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.971820][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.973973][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.047826][T14994] bond0: (slave wlan1): Releasing backup interface
[  205.050134][ T5966] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  205.060926][T14994] netlink: 'syz.4.2626': attribute type 10 has an invalid length.
[  205.063053][T14848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  205.066878][T14994] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  205.089542][T14848] veth0_vlan: entered promiscuous mode
[  205.101395][T14848] veth1_vlan: entered promiscuous mode
[  205.103043][T14997] SELinux: syz.4.2627 (14997) set checkreqprot to 1. This is no longer supported.
[  205.105847][   T39] audit: type=1400 audit(1738745203.304:90730): avc:  denied  { setcheckreqprot } for  pid=14996 comm="syz.4.2627" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  205.120183][ T5948] Bluetooth: hci0: command tx timeout
[  205.126528][T14848] veth0_macvtap: entered promiscuous mode
[  205.129655][T14848] veth1_macvtap: entered promiscuous mode
[  205.136555][T14848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.139624][T14848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.142811][T14848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.145837][T14848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.148729][T14848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  205.153394][T14848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.156840][T14848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  205.167300][T14848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  205.170456][T14848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.173300][T14848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  205.176376][T14848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.179211][T14848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  205.182722][T14848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  205.186172][T14848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  205.191063][T14848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  205.193671][T14848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  205.196142][T14848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  205.198632][T14848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  205.200296][ T5966] usb 6-1: Using ep0 maxpacket: 16
[  205.204530][ T5966] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEF, changing to 0x8F
[  205.208923][ T5966] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  205.212393][ T5966] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  205.216120][ T5966] usb 6-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  205.219512][ T5966] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.228688][   T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.231708][ T5966] usb 6-1: config 0 descriptor??
[  205.236340][   T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.237640][ T5966] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input31
[  205.252618][ T7902] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.255743][ T7902] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.400185][ T6001] usb 9-1: new low-speed USB device number 20 using dummy_hcd
[  205.540748][ T6001] usb 9-1: device descriptor read/64, error -71
[  205.641061][ T5966] usb 6-1: USB disconnect, device number 23
[  205.769851][T15002] netlink: 'syz.2.2629': attribute type 3 has an invalid length.
[  205.770521][T15003] program syz.2.2629 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  205.772275][T15002] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2629'.
[  205.780185][ T6001] usb 9-1: new low-speed USB device number 21 using dummy_hcd
[  205.826195][   T39] audit: type=1400 audit(1738745204.024:90731): avc:  denied  { map } for  pid=15009 comm="syz.2.2631" path="socket:[64876]" dev="sockfs" ino=64876 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  205.853167][   T39] audit: type=1400 audit(1738745204.054:90732): avc:  denied  { ioctl } for  pid=15013 comm="syz.2.2632" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0xe502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  205.880359][T15016] netfs: Couldn't get user pages (rc=-14)
[  205.920182][ T6001] usb 9-1: device descriptor read/64, error -71
[  206.032113][ T6001] usb usb9-port1: attempt power cycle
[  206.082349][T15027] usb 1-1: USB disconnect, device number 2
[  206.124973][T15027] xt_l2tp: wrong L2TP version: 0
[  206.171011][T15035] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=15035 comm=syz.2.2639
[  206.207447][T15042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2641'.
[  206.210308][T15042] tipc: Started in network mode
[  206.211615][T15043] netfs: Couldn't get user pages (rc=-14)
[  206.211782][T15042] tipc: Node identity 7, cluster identity 5
[  206.215980][T15042] tipc: Node number set to 7
[  206.400241][ T6001] usb 9-1: new low-speed USB device number 22 using dummy_hcd
[  206.401969][T15054] syz.1.2646: attempt to access beyond end of device
[  206.401969][T15054] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0
[  206.406976][T15054] befs: (nbd1): unable to read superblock
[  206.420624][ T6001] usb 9-1: device descriptor read/8, error -71
[  206.496075][T15060] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2649'.
[  206.508919][T15060] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2649'.
[  206.512372][T15060] bridge_slave_0: default FDB implementation only supports local addresses
[  206.515922][T15060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2649'.
[  206.630606][   T39] audit: type=1400 audit(1738745204.834:90733): avc:  denied  { unmount } for  pid=12282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  206.660087][ T6001] usb 9-1: new low-speed USB device number 23 using dummy_hcd
[  206.660337][T15072] netfs: Couldn't get user pages (rc=-14)
[  206.677426][T15074] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2654'.
[  206.680686][ T6001] usb 9-1: device descriptor read/8, error -71
[  206.686646][T15076] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2654'.
[  206.734928][T15079] xt_SECMARK: invalid mode: 0
[  206.790385][ T6001] usb usb9-port1: unable to enumerate USB device
[  206.927450][T15089] openvswitch: netlink: Unknown nsh attribute 0
[  206.929843][T15089] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  206.963625][T15094] overlayfs: failed to resolve './file1': -2
[  206.974474][T15094] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2660'.
[  207.106237][T15106] netfs: Couldn't get user pages (rc=-14)
[  207.205452][T15119] loop8: detected capacity change from 0 to 7
[  207.210401][T15119] Dev loop8: unable to read RDB block 7
[  207.212150][T15119]  loop8: AHDI p1 p3 p4
[  207.213381][T15119] loop8: partition table partially beyond EOD, truncated
[  207.216493][T15119] loop8: p1 start 975770946 is beyond EOD, truncated
[  207.218437][T15119] loop8: p3 start 6514546 is beyond EOD, truncated
[  207.249040][T15124] loop8: detected capacity change from 0 to 8
[  207.252604][T15124] Dev loop8: unable to read RDB block 8
[  207.254436][T15124]  loop8: unable to read partition table
[  207.256191][T15124] loop8: partition table beyond EOD, truncated
[  207.258052][T15124] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  207.258052][T15124] 
) failed (rc=-5)
[  207.295794][   T72] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.857347][T15127] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  207.870874][T15127] kvm: pic: non byte read
[  207.873530][T15127] kvm: pic: non byte read
[  207.876514][T15127] kvm: pic: non byte read
[  207.879048][T15127] kvm: pic: single mode not supported
[  207.879411][T15127] kvm: pic: non byte read
[  207.926390][   T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  207.932818][   T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  207.936318][   T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  207.939710][   T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  207.946303][   T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  207.948520][   T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  207.965788][T15133] wg1 speed is unknown, defaulting to 1000
[  208.026838][T15133] chnl_net:caif_netlink_parms(): no params data found
[  208.092312][T15133] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.094436][T15133] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.096557][T15133] bridge_slave_0: entered allmulticast mode
[  208.099005][T15133] bridge_slave_0: entered promiscuous mode
[  208.101980][T15133] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.104108][T15133] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.106204][T15133] bridge_slave_1: entered allmulticast mode
[  208.108429][T15133] bridge_slave_1: entered promiscuous mode
[  208.129776][T15133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.141117][T15133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.172819][T15133] team0: Port device team_slave_0 added
[  208.175317][T15147] netfs: Couldn't get user pages (rc=-14)
[  208.179779][ T7890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  208.185900][T15133] team0: Port device team_slave_1 added
[  208.190766][ T7890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  208.214690][T15145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  208.219104][T15133] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.224423][T15133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.232596][T15133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.236443][T15133] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.238433][T15133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.246180][T15133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.272157][T15133] hsr_slave_0: entered promiscuous mode
[  208.274195][T15133] hsr_slave_1: entered promiscuous mode
[  208.276082][T15133] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  208.278395][T15133] Cannot create hsr debugfs directory
[  208.293332][T15153] sp0: Synchronizing with TNC
[  208.391638][   T65] Bluetooth: hci4: command 0x0405 tx timeout
[  209.053380][   T72] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.119233][   T72] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.151242][T15175] __nla_validate_parse: 1 callbacks suppressed
[  209.151252][T15175] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2683'.
[  209.193851][T15181] netfs: Couldn't get user pages (rc=-14)
[  209.208630][   T72] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.240164][T15179] vlan2: entered promiscuous mode
[  209.241753][T15179] syz_tun: entered promiscuous mode
[  209.335310][T15184] netfs: Couldn't get user pages (rc=-14)
[  209.364102][   T72] bridge_slave_1: left allmulticast mode
[  209.365623][   T72] bridge_slave_1: left promiscuous mode
[  209.367140][   T72] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.370710][   T72] bridge_slave_0: left allmulticast mode
[  209.372268][   T72] bridge_slave_0: left promiscuous mode
[  209.373808][   T72] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.384631][   T39] audit: type=1400 audit(1738745207.584:90734): avc:  denied  { read } for  pid=15189 comm="syz.2.2689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  209.393971][T15190] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2689'.
[  209.427424][   T39] audit: type=1400 audit(1738745207.624:90735): avc:  denied  { ioctl } for  pid=15186 comm="syz.1.2688" path="/629/file0/cpu.stat" dev="9p" ino=36050163 ioctlcmd=0xae80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  209.428645][T15198] trusted_key: encrypted_key: insufficient parameters specified
[  209.431150][T15187] netfs: Couldn't get user pages (rc=-14)
[  209.445155][T15198] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=44560 sclass=netlink_route_socket pid=15198 comm=syz.4.2687
[  209.492048][T15198] usb usb4: usbfs: process 15198 (syz.4.2687) did not claim interface 0 before use
[  209.681106][   T39] audit: type=1400 audit(1738745207.884:90736): avc:  denied  { nlmsg_tty_audit } for  pid=15205 comm="syz.1.2690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  209.692918][   T72] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  209.696868][   T72] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  209.700468][   T72] bond0 (unregistering): Released all slaves
[  209.822289][T15221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2693'.
[  209.825003][T15221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2693'.
[  209.847277][   T65] 
[  209.848047][   T65] ======================================================
[  209.850076][   T65] WARNING: possible circular locking dependency detected
[  209.852148][   T65] 6.14.0-rc1-syzkaller-00028-g5c8c229261f1 #0 Not tainted
[  209.855137][   T65] ------------------------------------------------------
[  209.857657][   T65] kworker/u33:0/65 is trying to acquire lock:
[  209.859438][   T65] ffff888065fb6258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3bc/0xc00
[  209.860105][   T39] audit: type=1400 audit(1738745208.054:90737): avc:  denied  { write } for  pid=5923 comm="syz-executor" path="pipe:[6793]" dev="pipefs" ino=6793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  209.862517][   T65] 
[  209.862517][   T65] but task is already holding lock:
[  209.862522][   T65] ffff88811c339820 (&conn->lock#2){+.+.}-{3:3}, at: sco_connect_cfm+0x29f/0xc00
[  209.874102][   T65] 
[  209.874102][   T65] which lock already depends on the new lock.
[  209.874102][   T65] 
[  209.877067][   T65] 
[  209.877067][   T65] the existing dependency chain (in reverse order) is:
[  209.879643][   T65] 
[  209.879643][   T65] -> #1 (&conn->lock#2){+.+.}-{3:3}:
[  209.881807][   T65]        _raw_spin_lock+0x2e/0x40
[  209.883308][   T65]        sco_sock_connect+0x3b2/0xcc0
[  209.884866][   T65]        __sys_connect_file+0x13e/0x1a0
[  209.886466][   T65]        __sys_connect+0x14f/0x170
[  209.887959][   T65]        __x64_sys_connect+0x72/0xb0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  209.889495][   T65]        do_syscall_64+0xcd/0x250
[  209.891075][   T65]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.892980][   T65] 
[  209.892980][   T65] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}:
[  209.895616][   T65]        __lock_acquire+0x249e/0x3c40
[  209.897181][   T65]        lock_acquire.part.0+0x11b/0x380
[  209.898824][   T65]        lock_sock_nested+0x3a/0xf0
[  209.900342][   T65]        sco_connect_cfm+0x3bc/0xc00
[  209.901893][   T65]        hci_sync_conn_complete_evt+0x421/0xa80
[  209.903709][   T65]        hci_event_packet+0x9eb/0x1180
[  209.905286][   T65]        hci_rx_work+0x2c5/0x16b0
[  209.906746][   T65]        process_one_work+0x9c5/0x1ba0
[  209.908339][   T65]        worker_thread+0x6c8/0xf00
[  209.909830][   T65]        kthread+0x3af/0x750
[  209.911214][   T65]        ret_from_fork+0x45/0x80
[  209.912672][   T65]        ret_from_fork_asm+0x1a/0x30
[  209.914211][   T65] 
[  209.914211][   T65] other info that might help us debug this:
[  209.914211][   T65] 
[  209.917118][   T65]  Possible unsafe locking scenario:
[  209.917118][   T65] 
[  209.919262][   T65]        CPU0                    CPU1
[  209.920814][   T65]        ----                    ----
[  209.922374][   T65]   lock(&conn->lock#2);
[  209.923644][   T65]                                lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[  209.926038][   T65]                                lock(&conn->lock#2);
[  209.927997][   T65]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO);
[  209.929704][   T65] 
[  209.929704][   T65]  *** DEADLOCK ***
[  209.929704][   T65] 
[  209.932149][   T65] 4 locks held by kworker/u33:0/65:
[  209.933677][   T65]  #0: ffff888025032948 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  209.936656][   T65]  #1: ffffc90000d2fd18 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  209.939929][   T65]  #2: ffff8880658c0078 (&hdev->lock){+.+.}-{4:4}, at: hci_sync_conn_complete_evt+0x199/0xa80
[  209.942865][   T65]  #3: ffff88811c339820 (&conn->lock#2){+.+.}-{3:3}, at: sco_connect_cfm+0x29f/0xc00
[  209.945588][   T65] 
[  209.945588][   T65] stack backtrace:
[  209.947299][   T65] CPU: 0 UID: 0 PID: 65 Comm: kworker/u33:0 Not tainted 6.14.0-rc1-syzkaller-00028-g5c8c229261f1 #0
[  209.947313][   T65] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  209.947321][   T65] Workqueue: hci4 hci_rx_work
[  209.947336][   T65] Call Trace:
[  209.947341][   T65]  <TASK>
[  209.947347][   T65]  dump_stack_lvl+0x116/0x1f0
[  209.947359][   T65]  print_circular_bug+0x490/0x760
[  209.947375][   T65]  check_noncircular+0x31a/0x400
[  209.947389][   T65]  ? __pfx_check_noncircular+0x10/0x10
[  209.947404][   T65]  ? lockdep_lock+0xc6/0x200
[  209.947414][   T65]  ? __pfx_lockdep_lock+0x10/0x10
[  209.947426][   T65]  __lock_acquire+0x249e/0x3c40
[  209.947442][   T65]  ? __pfx___lock_acquire+0x10/0x10
[  209.947454][   T65]  ? __pfx___lock_acquire+0x10/0x10
[  209.947466][   T65]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  209.947481][   T65]  ? lockdep_hardirqs_on+0x7c/0x110
[  209.947492][   T65]  lock_acquire.part.0+0x11b/0x380
[  209.947504][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  209.947515][   T65]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  209.947528][   T65]  ? rcu_is_watching+0x12/0xc0
[  209.947537][   T65]  ? trace_lock_acquire+0x14e/0x1f0
[  209.947547][   T65]  ? __pfx_lock_release+0x10/0x10
[  209.947558][   T65]  ? trace_lock_acquire+0x14e/0x1f0
[  209.947567][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  209.947577][   T65]  ? lock_acquire+0x2f/0xb0
[  209.947589][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  209.947599][   T65]  lock_sock_nested+0x3a/0xf0
[  209.947611][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  209.947621][   T65]  sco_connect_cfm+0x3bc/0xc00
[  209.947632][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  209.947643][   T65]  ? hci_cb_lookup+0x319/0x4e0
[  209.947655][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  209.947665][   T65]  hci_sync_conn_complete_evt+0x421/0xa80
[  209.947676][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  209.947687][   T65]  ? skb_pull_data+0x166/0x210
[  209.947700][   T65]  hci_event_packet+0x9eb/0x1180
[  209.947711][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  209.947720][   T65]  ? __pfx_hci_event_packet+0x10/0x10
[  209.947730][   T65]  ? mark_held_locks+0x9f/0xe0
[  209.947742][   T65]  ? kcov_remote_start+0x3cf/0x6e0
[  209.947756][   T65]  ? lockdep_hardirqs_on+0x7c/0x110
[  209.947766][   T65]  hci_rx_work+0x2c5/0x16b0
[  209.947783][   T65]  ? process_one_work+0x921/0x1ba0
[  209.947801][   T65]  process_one_work+0x9c5/0x1ba0
[  209.947819][   T65]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  209.947831][   T65]  ? __pfx_process_one_work+0x10/0x10
[  209.947852][   T65]  ? assign_work+0x1a0/0x250
[  209.947863][   T65]  worker_thread+0x6c8/0xf00
[  209.947878][   T65]  ? __pfx_worker_thread+0x10/0x10
[  209.947891][   T65]  kthread+0x3af/0x750
[  209.947903][   T65]  ? __pfx_kthread+0x10/0x10
[  209.947915][   T65]  ? lock_acquire+0x2f/0xb0
[  209.947938][   T65]  ? __pfx_kthread+0x10/0x10
[  209.947949][   T65]  ret_from_fork+0x45/0x80
[  209.947962][   T65]  ? __pfx_kthread+0x10/0x10
[  209.947973][   T65]  ret_from_fork_asm+0x1a/0x30
[  209.947987][   T65]  </TASK>
[  210.032701][   T65] BUG: sleeping function called from invalid context at net/core/sock.c:3647
[  210.035240][   T65] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 65, name: kworker/u33:0
[  210.035317][ T5948] Bluetooth: hci0: command tx timeout
[  210.037828][   T65] preempt_count: 1, expected: 0
[  210.037836][   T65] RCU nest depth: 0, expected: 0
[  210.037847][   T65] INFO: lockdep is turned off.
[  210.037850][   T65] Preemption disabled at:
[  210.037853][   T65] [<0000000000000000>] 0x0
[  210.037865][   T65] CPU: 0 UID: 0 PID: 65 Comm: kworker/u33:0 Not tainted 6.14.0-rc1-syzkaller-00028-g5c8c229261f1 #0
[  210.037877][   T65] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  210.037883][   T65] Workqueue: hci4 hci_rx_work
[  210.037899][   T65] Call Trace:
[  210.037902][   T65]  <TASK>
[  210.037905][   T65]  dump_stack_lvl+0x16c/0x1f0
[  210.037916][   T65]  __might_resched+0x3c0/0x5e0
[  210.037930][   T65]  ? __pfx_lock_release+0x10/0x10
[  210.037943][   T65]  ? __pfx___might_resched+0x10/0x10
[  210.037956][   T65]  ? lock_acquire+0x2f/0xb0
[  210.037967][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  210.037978][   T65]  lock_sock_nested+0x4b/0xf0
[  210.037990][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  210.038000][   T65]  sco_connect_cfm+0x3bc/0xc00
[  210.038009][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  210.038019][   T65]  ? hci_cb_lookup+0x319/0x4e0
[  210.038031][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  210.038040][   T65]  hci_sync_conn_complete_evt+0x421/0xa80
[  210.038050][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  210.038059][   T65]  ? skb_pull_data+0x166/0x210
[  210.038069][   T65]  hci_event_packet+0x9eb/0x1180
[  210.038079][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  210.038088][   T65]  ? __pfx_hci_event_packet+0x10/0x10
[  210.038099][   T65]  ? mark_held_locks+0x9f/0xe0
[  210.038110][   T65]  ? kcov_remote_start+0x3cf/0x6e0
[  210.038122][   T65]  ? lockdep_hardirqs_on+0x7c/0x110
[  210.038133][   T65]  hci_rx_work+0x2c5/0x16b0
[  210.038143][   T65]  ? process_one_work+0x921/0x1ba0
[  210.038155][   T65]  process_one_work+0x9c5/0x1ba0
[  210.038167][   T65]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  210.038179][   T65]  ? __pfx_process_one_work+0x10/0x10
[  210.038190][   T65]  ? assign_work+0x1a0/0x250
[  210.038200][   T65]  worker_thread+0x6c8/0xf00
[  210.038213][   T65]  ? __pfx_worker_thread+0x10/0x10
[  210.038223][   T65]  kthread+0x3af/0x750
[  210.038233][   T65]  ? __pfx_kthread+0x10/0x10
[  210.038243][   T65]  ? lock_acquire+0x2f/0xb0
[  210.038254][   T65]  ? __pfx_kthread+0x10/0x10
[  210.038264][   T65]  ret_from_fork+0x45/0x80
[  210.038274][   T65]  ? __pfx_kthread+0x10/0x10
[  210.038284][   T65]  ret_from_fork_asm+0x1a/0x30
[  210.038295][   T65]  </TASK>
[  210.038300][   T65] ==================================================================
[  210.111129][   T65] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x271/0x2c0
[  210.113408][   T65] Read of size 4 at addr ffff888065fb61c4 by task kworker/u33:0/65
[  210.115673][   T65] 
[  210.116390][   T65] CPU: 0 UID: 0 PID: 65 Comm: kworker/u33:0 Tainted: G        W          6.14.0-rc1-syzkaller-00028-g5c8c229261f1 #0
[  210.116403][   T65] Tainted: [W]=WARN
[  210.116406][   T65] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  210.116413][   T65] Workqueue: hci4 hci_rx_work
[  210.116428][   T65] Call Trace:
[  210.116431][   T65]  <TASK>
[  210.116436][   T65]  dump_stack_lvl+0x116/0x1f0
[  210.116448][   T65]  print_report+0xc3/0x620
[  210.116459][   T65]  ? __virt_addr_valid+0x5e/0x590
[  210.116469][   T65]  ? __phys_addr+0xc6/0x150
[  210.116480][   T65]  kasan_report+0xd9/0x110
[  210.116490][   T65]  ? do_raw_spin_lock+0x271/0x2c0
[  210.116499][   T65]  ? do_raw_spin_lock+0x271/0x2c0
[  210.116509][   T65]  do_raw_spin_lock+0x271/0x2c0
[  210.116518][   T65]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  210.116526][   T65]  ? lock_acquire+0x2f/0xb0
[  210.116538][   T65]  ? lock_sock_nested+0x5f/0xf0
[  210.116551][   T65]  lock_sock_nested+0x5f/0xf0
[  210.116562][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  210.116572][   T65]  sco_connect_cfm+0x3bc/0xc00
[  210.116583][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  210.116594][   T65]  ? hci_cb_lookup+0x319/0x4e0
[  210.116606][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  210.116616][   T65]  hci_sync_conn_complete_evt+0x421/0xa80
[  210.116626][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  210.116635][   T65]  ? skb_pull_data+0x166/0x210
[  210.116648][   T65]  hci_event_packet+0x9eb/0x1180
[  210.116659][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  210.116668][   T65]  ? __pfx_hci_event_packet+0x10/0x10
[  210.116679][   T65]  ? mark_held_locks+0x9f/0xe0
[  210.116691][   T65]  ? kcov_remote_start+0x3cf/0x6e0
[  210.116704][   T65]  ? lockdep_hardirqs_on+0x7c/0x110
[  210.116715][   T65]  hci_rx_work+0x2c5/0x16b0
[  210.116727][   T65]  ? process_one_work+0x921/0x1ba0
[  210.116739][   T65]  process_one_work+0x9c5/0x1ba0
[  210.116753][   T65]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  210.116765][   T65]  ? __pfx_process_one_work+0x10/0x10
[  210.116778][   T65]  ? assign_work+0x1a0/0x250
[  210.116789][   T65]  worker_thread+0x6c8/0xf00
[  210.116803][   T65]  ? __pfx_worker_thread+0x10/0x10
[  210.116815][   T65]  kthread+0x3af/0x750
[  210.116825][   T65]  ? __pfx_kthread+0x10/0x10
[  210.116835][   T65]  ? lock_acquire+0x2f/0xb0
[  210.116853][   T65]  ? __pfx_kthread+0x10/0x10
[  210.116864][   T65]  ret_from_fork+0x45/0x80
[  210.116876][   T65]  ? __pfx_kthread+0x10/0x10
[  210.116888][   T65]  ret_from_fork_asm+0x1a/0x30
[  210.116902][   T65]  </TASK>
[  210.116905][   T65] 
[  210.188700][   T65] Allocated by task 15216:
[  210.190006][   T65]  kasan_save_stack+0x33/0x60
[  210.191394][   T65]  kasan_save_track+0x14/0x30
[  210.192760][   T65]  __kasan_kmalloc+0xaa/0xb0
[  210.194117][   T65]  __kmalloc_noprof+0x21c/0x510
[  210.195537][   T65]  sk_prot_alloc+0x1a8/0x2a0
[  210.196892][   T65]  sk_alloc+0x36/0xb90
[  210.198092][   T65]  bt_sock_alloc+0x3b/0x3a0
[  210.199423][   T65]  sco_sock_create+0xe3/0x3c0
[  210.200801][   T65]  bt_sock_create+0x182/0x350
[  210.202188][   T65]  __sock_create+0x335/0x8d0
[  210.203549][   T65]  __sys_socket+0x14f/0x260
[  210.204872][   T65]  __x64_sys_socket+0x72/0xb0
[  210.206228][   T65]  do_syscall_64+0xcd/0x250
[  210.207546][   T65]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.209247][   T65] 
[  210.209954][   T65] Freed by task 15216:
[  210.211094][   T65]  kasan_save_stack+0x33/0x60
[  210.212392][   T65]  kasan_save_track+0x14/0x30
[  210.213750][   T65]  kasan_save_free_info+0x3b/0x60
[  210.215206][   T65]  __kasan_slab_free+0x51/0x70
[  210.216584][   T65]  kfree+0x2c4/0x4d0
[  210.217733][   T65]  __sk_destruct+0x5eb/0x720
[  210.219073][   T65]  sk_destruct+0xc2/0xf0
[  210.220306][   T65]  __sk_free+0xf4/0x3e0
[  210.221519][   T65]  sk_free+0x6a/0x90
[  210.222653][   T65]  sco_sock_kill+0x11a/0x1c0
[  210.224007][   T65]  sco_sock_release+0x154/0x2d0
[  210.225409][   T65]  __sock_release+0xb0/0x270
[  210.226754][   T65]  sock_close+0x1c/0x30
[  210.227975][   T65]  __fput+0x3ff/0xb70
[  210.229141][   T65]  task_work_run+0x14e/0x250
[  210.230503][   T65]  do_exit+0xad8/0x2d70
[  210.231731][   T65]  do_group_exit+0xd3/0x2a0
[  210.233060][   T65]  get_signal+0x24ed/0x26c0
[  210.234392][   T65]  arch_do_signal_or_restart+0x90/0x7e0
[  210.235986][   T65]  syscall_exit_to_user_mode+0x150/0x2a0
[  210.237604][   T65]  do_syscall_64+0xda/0x250
[  210.238950][   T65]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.240694][   T65] 
[  210.241418][   T65] The buggy address belongs to the object at ffff888065fb6000
[  210.241418][   T65]  which belongs to the cache kmalloc-2k of size 2048
[  210.245376][   T65] The buggy address is located 452 bytes inside of
[  210.245376][   T65]  freed 2048-byte region [ffff888065fb6000, ffff888065fb6800)
[  210.249278][   T65] 
[  210.249992][   T65] The buggy address belongs to the physical page:
[  210.251848][   T65] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x65fb0
[  210.254363][   T65] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  210.256780][   T65] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  210.258940][   T65] page_type: f5(slab)
[  210.260115][   T65] raw: 00fff00000000040 ffff88801b042f00 ffffea0001376400 dead000000000002
[  210.262558][   T65] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  210.265004][   T65] head: 00fff00000000040 ffff88801b042f00 ffffea0001376400 dead000000000002
[  210.267461][   T65] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  210.269908][   T65] head: 00fff00000000003 ffffea000197ec01 ffffffffffffffff 0000000000000000
[  210.272394][   T65] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  210.274848][   T65] page dumped because: kasan: bad access detected
[  210.276676][   T65] page_owner tracks the page as allocated
[  210.278304][   T65] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14020, tgid 14019 (syz.2.2358), ts 182705538361, free_ts 182704866433
[  210.284331][   T65]  post_alloc_hook+0x181/0x1b0
[  210.285722][   T65]  get_page_from_freelist+0xfce/0x2f80
[  210.287303][   T65]  __alloc_frozen_pages_noprof+0x221/0x2470
[  210.289008][   T65]  alloc_pages_mpol+0x1fc/0x540
[  210.290432][   T65]  new_slab+0x23d/0x330
[  210.291667][   T65]  ___slab_alloc+0xc5d/0x1720
[  210.293035][   T65]  __slab_alloc.constprop.0+0x56/0xb0
[  210.294608][   T65]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  210.296436][   T65]  kmalloc_reserve+0xef/0x2c0
[  210.297781][   T65]  __alloc_skb+0x164/0x380
[  210.299018][   T65]  audit_log_start+0x2e1/0x7e0
[  210.300422][   T65]  audit_seccomp+0x61/0x280
[  210.301730][   T65]  __seccomp_filter+0x670/0xf40
[  210.303096][   T65]  __secure_computing+0x26c/0x3f0
[  210.304502][   T65]  syscall_trace_enter+0x8b/0x260
[  210.305964][   T65]  do_syscall_64+0x1ee/0x250
[  210.307323][   T65] page last free pid 14020 tgid 14019 stack trace:
[  210.309187][   T65]  free_frozen_pages+0x6db/0xfb0
[  210.310657][   T65]  __put_partials+0x14c/0x170
[  210.312050][   T65]  qlist_free_all+0x4e/0x120
[  210.313412][   T65]  kasan_quarantine_reduce+0x195/0x1e0
[  210.314987][   T65]  __kasan_slab_alloc+0x69/0x90
[  210.316403][   T65]  kmem_cache_alloc_noprof+0x226/0x3d0
[  210.317971][   T65]  audit_log_start+0x2bc/0x7e0
[  210.319343][   T65]  audit_seccomp+0x61/0x280
[  210.320679][   T65]  __seccomp_filter+0x670/0xf40
[  210.322099][   T65]  __secure_computing+0x26c/0x3f0
[  210.323570][   T65]  syscall_trace_enter+0x8b/0x260
[  210.325038][   T65]  do_syscall_64+0x1ee/0x250
[  210.326371][   T65]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.328080][   T65] 
[  210.328790][   T65] Memory state around the buggy address:
[  210.330416][   T65]  ffff888065fb6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  210.332726][   T65]  ffff888065fb6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  210.335019][   T65] >ffff888065fb6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  210.337301][   T65]                                            ^
[  210.339071][   T65]  ffff888065fb6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  210.341384][   T65]  ffff888065fb6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  210.343691][   T65] ==================================================================
[  210.346030][   T65] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  210.348166][   T65] CPU: 0 UID: 0 PID: 65 Comm: kworker/u33:0 Tainted: G        W          6.14.0-rc1-syzkaller-00028-g5c8c229261f1 #0
[  210.351703][   T65] Tainted: [W]=WARN
[  210.352818][   T65] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  210.355888][   T65] Workqueue: hci4 hci_rx_work
[  210.357249][   T65] Call Trace:
[  210.358235][   T65]  <TASK>
[  210.359097][   T65]  dump_stack_lvl+0x3d/0x1f0
[  210.360448][   T65]  panic+0x71d/0x800
[  210.361598][   T65]  ? __pfx_panic+0x10/0x10
[  210.362903][   T65]  ? trace_irq_enable.constprop.0+0xea/0x140
[  210.364644][   T65]  check_panic_on_warn+0xab/0xb0
[  210.366077][   T65]  end_report+0x117/0x180
[  210.367336][   T65]  kasan_report+0xe9/0x110
[  210.368627][   T65]  ? do_raw_spin_lock+0x271/0x2c0
[  210.370082][   T65]  ? do_raw_spin_lock+0x271/0x2c0
[  210.371581][   T65]  do_raw_spin_lock+0x271/0x2c0
[  210.372993][   T65]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  210.374554][   T65]  ? lock_acquire+0x2f/0xb0
[  210.375884][   T65]  ? lock_sock_nested+0x5f/0xf0
[  210.377287][   T65]  lock_sock_nested+0x5f/0xf0
[  210.378656][   T65]  ? sco_connect_cfm+0x3bc/0xc00
[  210.380095][   T65]  sco_connect_cfm+0x3bc/0xc00
[  210.381494][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  210.383019][   T65]  ? hci_cb_lookup+0x319/0x4e0
[  210.384421][   T65]  ? __pfx_sco_connect_cfm+0x10/0x10
[  210.385936][   T65]  hci_sync_conn_complete_evt+0x421/0xa80
[  210.387569][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  210.389409][   T65]  ? skb_pull_data+0x166/0x210
[  210.390820][   T65]  hci_event_packet+0x9eb/0x1180
[  210.392296][   T65]  ? __pfx_hci_sync_conn_complete_evt+0x10/0x10
[  210.394099][   T65]  ? __pfx_hci_event_packet+0x10/0x10
[  210.395646][   T65]  ? mark_held_locks+0x9f/0xe0
[  210.397032][   T65]  ? kcov_remote_start+0x3cf/0x6e0
[  210.398516][   T65]  ? lockdep_hardirqs_on+0x7c/0x110
[  210.400024][   T65]  hci_rx_work+0x2c5/0x16b0
[  210.401347][   T65]  ? process_one_work+0x921/0x1ba0
[  210.402846][   T65]  process_one_work+0x9c5/0x1ba0
[  210.404306][   T65]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  210.405932][   T65]  ? __pfx_process_one_work+0x10/0x10
[  210.407486][   T65]  ? assign_work+0x1a0/0x250
[  210.408824][   T65]  worker_thread+0x6c8/0xf00
[  210.410144][   T65]  ? __pfx_worker_thread+0x10/0x10
[  210.411593][   T65]  kthread+0x3af/0x750
[  210.412786][   T65]  ? __pfx_kthread+0x10/0x10
[  210.414141][   T65]  ? lock_acquire+0x2f/0xb0
[  210.415469][   T65]  ? __pfx_kthread+0x10/0x10
[  210.416819][   T65]  ret_from_fork+0x45/0x80
[  210.418135][   T65]  ? __pfx_kthread+0x10/0x10
[  210.419493][   T65]  ret_from_fork_asm+0x1a/0x30
[  210.420894][   T65]  </TASK>
[  210.422401][   T65] Kernel Offset: disabled
[  210.423676][   T65] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:46:48  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85402955 RDI=ffffffff9ab78740 RBP=ffffffff9ab78700 RSP=ffffc90000d2f0d8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e34312e36
R12=0000000000000000 R13=0000000000000031 R14=ffffffff9ab78700 R15=0000000000000000
RIP=ffffffff8540297f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f73f4204870 CR3=000000002ad70000 CR4=00352ef0
DR0=00000000000000fa DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fefeffd0 Opmask01=0000000000000003 Opmask02=000000000000ffdf Opmask03=8200002022100080
Opmask04=00000000ffffdfff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005560a131fb80 00005560a1334990
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff0000000000 00000000ff000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373470773 431e161e035c1810
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000141 0000000000000000 44455a494c414954 494e495f43455355
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 000000000000303a 346963682f346963
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005565f73bea69 0000000000000021 0000000000000030
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000261 0000000000000070 302e0033746e6500 307761726469682f
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 333b263d333b263f 333b2639333b2638 333b263b333b263a 333b264c323b264f
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88806a73fe00 RCX=ffffffff81ade8c4 RDX=ffff88801dac8000
RSI=0000000000000000 RDI=0000000000000005 RBP=ffffc90000167d10 RSP=ffffc90000167c38
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c38f3e
R12=1ffff9200002cf8c R13=0000000000000001 R14=0000000000000003 R15=ffffed100d4e7fc1
RIP=ffffffff81b9cb92 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffe468a4f80 CR3=00000000372bc000 CR4=00352ef0
DR0=0000000000000000 DR1=000000000000002b DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdfb7a4410 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd5e800f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd5e800f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd5e800f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd5e800f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd5e800f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd5e800f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000080000001 RBX=ffffea00017c60c0 RCX=ffffffff8209fd06 RDX=ffff888023214880
RSI=000000000005f183 RDI=0000000000000006 RBP=ffffea00017c60c0 RSP=ffffc900033977d0
R8 =0000000000000006 R9 =000000000005f183 R10=00000000000137fd R11=0000000000000000
R12=000000000005f183 R13=0000000000000001 R14=0000000000000000 R15=00000000000137fd
RIP=ffffffff81b9cb8c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f0613cd7d60 CR3=000000002f094000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f061317c6a3 00007f061317c6a3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc917315f0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555848b7613 00005555848b74a0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555848414a0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005555848b57d5 00005555848b5350
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff0405c003 20080005b8030008 0005b0030fffffff ffffff0405a00310
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010180c0100001a7 8004010000080806 06014e9802a01000 0480040a10000601
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 02e000080006a003 0008000698032008 000690030fffffff ffffff040680030f
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0405 f00300080005e803 00080005e0030008 0005d80300080005
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d0030fffffffffff ff0405c003200800 05b80300080005b0 030fffffffffffff
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000000001b05a4 RBX=0000000000000003 RCX=ffffffff8b565469 RDX=ffffed100d526f86
RSI=ffffffff8bd34c00 RDI=ffffffff81906ff9 RBP=ffffed1003b5c488 RSP=ffffc900001a7e08
R8 =0000000000000000 R9 =ffffed100d526f85 R10=ffff88806a937c2b R11=0000000000000000
R12=0000000000000003 R13=ffff88801dae2440 R14=ffffffff90622810 R15=0000000000000000
RIP=ffffffff8b56684f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f1711ba7bac CR3=0000000049100000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711a0f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711a0f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711a0f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711a0f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711a0f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711a0f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711b7c488 00007f1711b7c480 00007f1711b7c478 00007f1711b7c450
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f17126dd100 00007f1711b7c440 00007f1711b7c458 00007f1711b7c4a0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f1711b7c498 00007f1711b7c490 00007f1711b7c488 00007f1711b7c480
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000