last executing test programs:

6m20.158554178s ago: executing program 4 (id=89):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340))
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})
ioctl$VHOST_NET_SET_BACKEND(r0, 0xaf02, 0x0)

6m19.912695585s ago: executing program 4 (id=92):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=@known='user.syz\x00')

6m19.625062093s ago: executing program 4 (id=95):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@ipv6_newroute={0x20, 0x18, 0x1, 0x0, 0xfffffffc, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}, [@RTA_METRICS={0x4}]}, 0x20}}, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x80)
syz_usb_connect(0x0, 0x24, &(0x7f0000002180)=ANY=[@ANYBLOB="12010000c7ce360863078020abd00102030109021200010000000009040000"], 0x0)
r2 = socket(0x10, 0x2, 0x0)
write(r2, &(0x7f0000000100)="240000001e005f0014f9f407faac470002000000010000000000080008000100000000ff", 0x24)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)=0xfffffffc)

6m17.943838834s ago: executing program 4 (id=107):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x1001402, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

6m17.329914218s ago: executing program 4 (id=109):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="83cd9b", 0x3}], 0x1}, 0x2000c815)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x85}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

6m17.024960061s ago: executing program 4 (id=113):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000080), 0x12)

6m16.705477562s ago: executing program 32 (id=113):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000080), 0x12)

6m3.710140711s ago: executing program 5 (id=114):
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000600)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000000401000006020202020202"], 0x36)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x5c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}], @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x811, 0x1, 0x6, 0x0, {0xc3, 0x3, 0x0, 0x37a, 0x0, 0x1, 0x1, 0x3, 0x1}, 0x1, 0x3ff, 0x4}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000815}, 0x850)

6m2.727460722s ago: executing program 5 (id=187):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)

6m2.461759579s ago: executing program 5 (id=189):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r2 = socket(0x1e, 0x1, 0x0)
connect$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r2, &(0x7f0000000080), 0x2000011a)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

5m59.275345049s ago: executing program 5 (id=196):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

5m59.097814681s ago: executing program 33 (id=196):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

1m31.373729719s ago: executing program 0 (id=880):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001805000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000b9060000850000000400000085000000230000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c000780080008400000000c0500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

1m17.443507623s ago: executing program 0 (id=880):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001805000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000b9060000850000000400000085000000230000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c000780080008400000000c0500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

59.070731236s ago: executing program 0 (id=880):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001805000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000b9060000850000000400000085000000230000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c000780080008400000000c0500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

41.81706212s ago: executing program 0 (id=880):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001805000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000b9060000850000000400000085000000230000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c000780080008400000000c0500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

20.734262301s ago: executing program 0 (id=880):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001805000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000b9060000850000000400000085000000230000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c000780080008400000000c0500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

11.933845582s ago: executing program 1 (id=2056):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x8000}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r2, &(0x7f00000000c0)='!', 0xb7f40}])
dup3(r2, r0, 0x0)

11.266129261s ago: executing program 1 (id=2061):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x28011, r2, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000010c0)=ANY=[])

8.189447256s ago: executing program 1 (id=2075):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r2, 0x47f9, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)

6.833800982s ago: executing program 2 (id=2086):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
r5 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})

6.518313647s ago: executing program 3 (id=2088):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000004280)={0x2020, 0x0, <r1=>0x0, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0xeea390, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000066c0)="a062030607792c01386f28a428828947de99f79cc542703d923c7cb9d4e1f6fd95fbf2f747ab32f6fb041861fb3f87a88cb85405b4e73c0b6b12c81e42a9f13d82c32b7ddb172bcba1aac5c38f083747ac179f08d4d6d342a87ba8dd9bb7a9680f27433c3357b4f6ac97b19a973592f1ac6e7853a0b15ba42a28efb9cc30b146346b546018966e94976ca28f26a1950dd64c0adbb0c2e09bbd9caa9e7886a2b3d6e2b6d6616b718f1322ea2881ca59ef73948b1bcdc2dd3970e63cbc1043ce42af0ea1f95d17268cbc3ef062c8c31a537e94a20c1c505a6022d5ece7f51bd9c754d8c47cbe80bbb30b2159991a94dd3a25e64aff8a7a17374b5a71e0c7c241cbfd7f084e18a50bea512ada902210a3881ffcd42071ab09c4d80139d8980d6dc5d12c2595ced445caf22f80d8fb1a4c243da47fadb8e28e9c04fea820a8a2f032f5adff8b7d9269e63db68d196bf7f416405e52b6b8abd8bb9d9694b8b5eddae348209963738cd9710bd6c291af1c8eaf0e52d2f2f24bef8c8bc9f77eed40104e07c8ee1b4cb358fc73e2653fef6232b5e9f5d0be26b91a0b7967ed5e3bf10c449424ff4d11951d963677001d9576425d6a9c4503268a407d74854f5e1caacc0ccc463dc56e684db1d80b370da238915579ab82cdbd7d155adf10b96ed71100ea92834e8a4e4f5b7b831bff6fb4febe01bb398ea4065446f277f107aa3cc06e0b7a6e98434bf57744ba9ecb8effe704d7f852e16bc33ac113649f7540b7a7a67cf5493b400ce06e571d485af1732938b79ded4de7dad97a7e1c0be7bd479dc264647bb76503168423e3f6fc95f8ac8ea35e39f476ab54e88286fcf73eead1f794784465592fe4ad112ac63bbc3b3f35b87c40bc5fa6e3ca6cad878f9772a61a23aa00491a9e2442eb90a32af2bd74e99d075bcda20288bfc30f3b00a7e8e1a0b4791573abd65284bbb53e2b7d667239b95b332dd423e4d7c512de559bd53fde5285add9795bda81ec142620e693af9c787a4499dd76ca0d77d9c7c4043e537ec6c1cd0b9a642b12adc782a0e00f6c1ed7379d5fff4c2feb19182db977f657b195e4710ff00f78e35a146119897495b0e1a0068a6606292ee72bf65adcd2cd29b4e59a4b3f82eac77d5254013d03d2fb2511975558906741912d09304f0d4cf08c8f62690c67968c869f75a4025224d8e84baf7a42e01b4ecf7e55d7c45839778c2266880d1bb73e3aad618d1a4f8d5a16914d64d70438a88512649fd4caa90506e5a2d58a33ecaebc9b2e5f8a4fbeca57c829ae02fd2dc146e939c3d295ada7df4a07e74b356c6ffd7a9c546b9eddf7e013cbcb2b57ae0d225249f7e06a415681d9f597a060fd55e39bd56f04b863efeca458a0cbc54b660db50ca40d27a3fda3416860e691cfc780593f06b467700968bb918c32547e378b14b4e0dcd11cb0b2fb36ea70946ac62290184b4eed38b51c322a75367b50f558e063bf363341a17c28ddcbf9ce53da06f26303fd156423a25f686809bc9845a78e0cc3d94e04bc8da85f22a4a8ece2c4ac2c79e54dcc4eabc61e067060ad880377a71fe0c2c0305256e4f3c637575f086e4ae3d7ab5d106fde03d24c47dccba3da23a244c1f50a4f60cd8d71b77390c5ce6d5612fd0260a2f33389b064ae6acac783eca62874232fd3808fb2188151a43de6cebc7e245106183f7d929f1eeff6f972da3e3d967170247925fb0f04bf38e88d06321f9ff9d2c296553d842b69036a2b6de2aad3879aedee723ff00736f7b0dffe6182104105ff0f0b636f5192d6bb5ae7ef950825827d2f3d6285d83aedca3f31474e0ad50ce6290a0e546c30d900e5b4208ecc8b3aca0ba3d110fc3c0a7e004a53e5d0ba1cc1c2bb42c3dbcbb4ceb6674151932ae56f6b03cc34ce450c292fecd2456ddcf42b075e6fd49305fbf265a36f3cff61321dd60f16e844089d659130947672a2d059e04af9ef653e8afec926b5a5d411f60a2a435437095a1df8dc60a616bd1a1ce7b5251ed8f905becffebd635eee8ff0055c40f146f1350a406b853ecb005c6ede4dc270ce6751cff915aa27f5f6b0736da14c9949de599d57868c29cc97ad03bd89502a34b88ad29c8762d0dc24a6df759821882a32e70531cab51fa1752a4fc49cf0706cb24d203174b2940f29ef8b0ce65b40cfde4e0c7310c685cc8de8384e485a951192fa8c36c11f9b88a48caf027dca480caa4fccae70ea6c837eb82f926ad7691c7709f217220d71f6e374fb8522a84c118b5c25f3d56acfb25afbe676fc9e574b6c5a59c00a0bbeeff61fd82a1677f3da9bb596133db491a8f11b945d930c8a67de9ce80025c764d518efcbae25d9194dc96c31ed02c63b1ac976715f7233ffed7cb6e929bbb5afabd34bc37c095acd0abbbdb1ea48e40a30ac99550f0ccca19ecef5acb2604c48fffb53b352d114fac72d6fc019ddec558406668f773fed9476148133c0f9ca4d1fd7e70dd04bfa089dc57e5940f29a5fd33dc79913ff48853794fdaf891d71de94c4a4fed0544e09f2bd578b07003031b8602f08ca8a79fa5ebfd5477f4d4f031c3efe0db273446a99d0cbe21a3cf43f3b82774e4657bb4f9675adbaf71c52953f0b18a61e05a9c770536fbad215848f8238e8730b9085189ea4621780dac500d7d7dc7815b45e232f86592498f1515ac8c50306013524cc5f0a74b67bc85d435d332ce69f00641c86a3e91be84b78ac358f35b18d69679df4197d3be8554417cf44aee6dc623f68ce3388df18168efa1c87c776cbda792f6110b6af178eb8200a91dfb72c1e23b5e5a66b5a3ee3f4c2bba2ccac939dcb036006b86e894093922a95fd70baba9424a3d0327a0f209fe10b39f3cec3f669d301a2834e58fd56f94d622dccf653f08e776c9f3e1b0e5b3cdef133834b93c41c70438d51a0b127262868d49ca91623c3d8b75c2cce0b771b9ac941bb96029e782224a3686a7c0dd164e162ede667e0e5817e7bde85ad3bf30a6a5bdc420f751679be74a02f84aa93b971c3f45a67d155f7ecb1d5284660918dbf102bc16f496fb62a1290e6b88ddaff55740583cba13076afd623276634e0c11663be50766980949095003ef5bc6f90a98bbad436b67928513e70115224f672ca2a24e27bb98bd5288c49ea23d47ef13c5ff28c43ce53ca16a6caeccc1f601226253c4a38a88a93828f6c800547cadbaa6d7ad26db618cccd38a671507cad5ba0065ce2edba81a059b95c36c5d04ab456fd6fd81ec3738ebe546d973c0886a5e7b83dd9c2f58f5d6c19519e67575b3732a486555f8d8c4ae004a62e8d07ab2c8ef74cdb96aa99d75aeb1c25985996f281d71106910a3c3da17de35e04dbe00e2b7b75ec2fed177a7f2d04fbf68bd0b8af682b30911867d4d1497ba060b662f4e97a8e7fd3613015cc34302377497cd08bcdc29f06dae240820d2ccddbf8c95c76a4ba5d3e1b37a62369ce3f79fb74ebd9bc82c3fa3edad4034b6715c2853fa7781c974b5a4e541e8b69bf4bd653fcce4e4340d9409fe9112e4d253a3b7e9d43f4426127b10f2d5d3fcd2193490f7d933e0cc53dae552f2d7c9d77b8f9b27c59105cfae43a0aab314a0820fbb5684bf20986e3be215688b42938d272c4c0edd17bcdc84a514d2483456d6cfb4f5c1218859ee55bfc77da36c9c75734932a12fd03df38232063ed92024f8ee7c21f314129feb10670bb4d6a0ad4fb3dc57a64cfe6509a0770650cdec0efd5e0b1fd29433cf871c9ddbe648319bd481357326ac1eb32b4bef4ad89ab6122e92dc786decac88624a4a3963ae771f8023b9a92e446114764c53d7efc07e3ea77a9daac5cabbe648a223e249db62102ef7b7b6d06df46b6ff913911b89848a47aecc0563fb06b6d77fe1daf4541cf619105ab68e0bcdf7a05af22b0551323bf33dec8167df2b7fac62dc9e286dd3462f488c82ad194f7fd5d3ca72fe9c0c37cdb6d75684326e5cb30319ab333fc70bb197320acda161d2e685e78ac2cb1417223f64742b12a316d590b18a4173b2a105a381baf6f383ec2e81d04860b5cc536475d7c5d05bd6a7db1a5d93930bacba8c1de63707bd24785e19fc1f15ba724660ac00d0f2ebbcd5528b8cbe4f3ca332e8611e937a310fc79d234be6c1cd09d6a5cb06ab36a9d667188144c81f86aaf0851763573b36cc21462ba4f3d6e95d38d1e9b943085661d234ef6d079bc9d84c7447c85baba88263451ba10559e1ce326fee5074b26b54872e690a9a1e589e1c444daa3224b292bf9ec4a604dc512760084084f27386c89a1190b8905f0d720508c0ed69272f396725805480188aa4602a26e833c16aa5079c0577a8203ec0b2b929ef3b410bb427c168b7fefd1be652f06efc61c7a295a5d07a9fd61bd5bfe67ac5f74e485a66c92950a1b460257084ca3a3489943ad450300967234b487fa3def4010f9b715196562ebb0846b7ac3eba47646af6285582b4402f64aa684dff7d9cf81fbe1aa88959f7906f06839389f2ad56efb5029afe1d5ceac99a3e698f49ff0da7db06d7c9e94a8773a13fab93def139667b4dc6b741bd2769da7786acecbe315f9006bb6b72abe5bdc587d8d5aa8f67aaefef68197fd2e7874d9b7da2c3a5618720c12e8fc31db3e334c47abcbf10c6181ec14af4f9e90e19a35360a793b1e9b336e49b3ed67568a860cd4c298f967ba323d315821959629e5b7aaac367e1ddb8a1c5d61500afa69331a4c90861852f533657b28b97a343bc531a11ff634b157a6d859a35f0d2a595375e11a32457575f1d73da033bf5eeda12337b9fdd46bce192d3aaaa240a8c65bf47704d6aa64a9531f9de14a96fc9fe380db35dd5ec52321c67fb4c18abcaf22fbe8f602ed201232251317e1a1b71e1e2c924a92d84685de348eec97fed954b7f6681ddf521b4ee03a1aeb2e446ee2a7f4dfa37b1c53831139fc624c14dcc4d144ccdf758fd9f344b4cdc1df70f6a24fa78cab136c912d1ebffa7053ccbc9b9445762236dca409820f738370117d5c369dfc50fd42277f14eeaf29110aedcd503008c42914d04e219a8b6c01e337d04724919b07157e2275ba6365a9dba5ebc8019bd1aa1b8668023f64cf47e1b49b4fbcfc10d560bb74405c90751504db8100d8a8a1a3ff84d98f1262fbbd6b962f492b9531a7411c08e7e56eb0f838075f754b6a395b6b58a8e4c47eb46bfaba2ac94800a396749d18ba0e6219f8d616ec71a1e60b3bcc24e19d4a20ddbc6a871e6d7efa50a362610598d892a5adecbcfe217534deee3620dfc88c7992ec2e710e083ef0a50c20621405f654804d1af4f24d22b8ca48f26303e6969127a74f0b276a5624c3b84410d4d5ee3c62605876e60a88df2bd6e8db8c7e486fdb452178563e7add6bc126b721b9ef8b12181989b87031573a4010d88e34f15a2344e4808b74c99ad68f0c2aca4e8d504397c03e1328c4b1ec43fd902d206c3cfb63d7541ac57fdbc70b0033f87514286101231fe7e79668c802e1c23d61540cdf13a5e675b736e221ddc29ab747d9c64f6213f51d3c1ded2e2b0efc4e45183d90468f61ec1720f7a0b87947e2c54125cebe6563ee4415d886bbe869d17d36371c942c11db1e13c1dd40ed24cabaf7ee80eae6c4db934e982d9619d753dcd679c5650cd95d21582e31b259043a0d03371cd294f4cc028042c75070c9b534a2d79f164ab9d773295795280d1584ca664b53b263fe2e23534d27b0d85742fae8061e03187795129dd272041c6eb9c10c3406da1f752f4ca697bdbddd74975cd4dbba5687fb30ac4fd5d2579494eac73053a63821a852cf41a80f6668006f7e1c4e30b48d638ebab470c558d42baeed1adc8fc71f73e95f3ca212a4b009b508e89898727f805685e4e7650a2961d62c117d1ee9017236a6bffa0c36ae11bc52d346c83399e43c42cdb9f443aa307109a97ee66ceb7a29eeb2f1a2bb3ee1492229116db07301b2aa4126aee7775daa2d0eab4d206fae11b3c6b565dcc4c7b4dd1cf2abec81150d0629803f6eb221be384b8772fe6d6c4fa98c928a9d0a02e9ff8bb7a2168dbebe140323d93bee8983c496bccf752c372b795a3493624cefb3cfeb4307bd39826cac1ea3f18912deef1b8c8db30bc016990a477bc0a925fb36453a9e21354b2d7e6e3d4ca4dd20f27a8db05429d44b7a485365191dc4ba977a815958faf6434813a9f4046054763dd55dbb7fae892b746e169ae046ae3361a9f75cf622b03f75b1633da864395bd1c3a594fab0b1fb37f088dd1f2776e2b795c78635c2026a8ce7ff40968a1960786049a217dd8872ac0c01f4bafcf2d3d751dd46a5e1bec00540a9ca7afca3ef37575d4a8b1291d05be94913092890a9b4bfff39edbff307e5654896e79228777c0f8ea46c55bfe19e522bf457ab4e6b0167d776dbcd0160598370a12c4a03e4edc82b245a7608797b03d4ed89dfc2a5bf07b9fcb251fb8608553f3b3774818717a9aabe6b2ded811515ba454b390a6065bbc59552f3bfe51d38f139792e1aae60093a7c5770b52a1730feb1049c14a7d5261d644f6b738e22ee72aafa422bd93f61e1ccac0a5ef4726c66f61bb539acb937bd63da82c700c0860be90ce5621ced22b52b63d041266fc258fbfa6641aef22e97804e5138ad2ce4405eaf76bb0acd7fc61b2d6de4aabc5c28a850fcf219cff77c97d3cb6bec0067c171b912d11d82c56cbad56c0032a9657d4cdd1eacaca53f40f5e3fe911127e1cd30781351f180e1413933cee2d46ca0eea31ee01fe4e99a567edd0b10565d47b87c8a48366143e889e52d0ff13c920aea092c2545fa9b7056204fec156549d3c0a997bc1cf4a01338483bf5c69d6958ae038f1c3e3b84baeb2c1f9e064c0750602c34c6c483c316391d975f94f21f6dfe74e92c33228b408a9e2b9abcda33c497abba9c48a63e5c8f1a8d0f4c24d36a44e1601e8a09e8a5c7179bd4c44b17e542dd99cace87aab60a5e53325d544c991b6fa5deffa49fd886332980deeca9229cb2f67f495a7b743153854ed81e1623b12dbd65512d08a5732fee2db3fb455cf6df5a1701a2b8674633c6792162dc86ac76e30da225b0167a7e704ad33ba694f9c902afbeed58eef609874767053f59414d4d3eccbbcdbc7eba997c71f9b1f5139bb020d5dae1db6e2dcfbb51b5371b08bdbc3312b05ee6d8c03c8b5a7d4f23da45f276394f222b1a0bdf4e2603243cdba60ee0530387c88bb457ca9932f2283a4d55bb1195e6d325ed93f714e21908b1baafa467f1cec7fa26e5c384ee6828e77978bd1abd014de549a5e5966f2b2f4ba000f9d77f1abfe3a6c337cdb852c1ec59f61b63d543f3062dd2616a163ed7ca60168b0347b5c5646a678dafb4c502c333a0a48f0341b47f5c5946e42e571db0bfa0682a449ca64e71b5661a842975182399245c6de241512c67ac918d7e0c5cb66565010e881b8333567ca584321ead1c383b099d8bf1c56dac08cb218cde4226ad420d6d6313f9c4884d6394722304fdaa76e61db8c0d54eb1151344c41ce1130272928eecb2f9f0f23c752622374eb1223a80efcf0b937dff7d813d7be0340226c0a7b163741d9aecafcb7ddae5a219323323f621c802be82399e06d2e1cc582e759ffa303c5103f8a44d7129d2853b02e506abda57ad2836d7ff16f95232149fbeb8b62e586d3536bb4ae042ecd9e25d1dee789353071f9c89d4361000c47b763556e8902f1f25cbd8ae71679e03ff27db0ec75eeee3fccafc7fcf22c377ac60d3c61a43cb53abf6162118f2efc86a5ce80e69a02bc1db80018beeef6d567941232e4412a958ed012bf7a832c1eaf68134ecabc4927ad666b3d0f21d4e8d52fa37e0a9751124efed8bf47544299138a6f69d89e295677f12606c79b72451c263fca3eec22bf0c47c641159a0bbfb3b2b03154af533e5c06a149e52adcfae31bfc55f30064a8903c8d3b828d275a937b1e4adffa0597da5e253b50bd71b33f057ffeff0b2a0829b3bf33350fbe67c7c79034f80d69e6a21be495a848d328f416f15966491b218eab390544e39d498258ad80ddae248634c845cbe6f1c1e93e7c2b02075411e075fe936bcc75f4a4e1a3687cb3dbbb61cb31ddfbbc87a1859b3a48fccdd8e5915c8bf4eebe8f7093cef6a7a91c8682915f9908c854c483e90c9643467292884d284134dbaddafdbc74d94a5f9713719d62b4f6b4236803d210181847ca27129fde264156895f4e1822ef78a3b215ef56d7e36d2b94c93f5e931a0d13a3a3030061ce62de595eecf47eae6bf698530145757700df18f66fd7261a12c119d6679663b3c0f99d1705aebe66dc862eb21ccb7360b93f54507149b577abf521113991e06f345e8282fdc18de673e1ca7b188ee34b14f37f86ddcf97fef0b913c33cf8e5d5d33707dbcdbe4b27cef056670252f186735cdd02f6ed6bfe5318a704f00e34ffc4fda9855bf37c51be6a7423e44dd8a98883c8fa82ca37c90d681fb7a0db915576b50e49aff545b99aa3aa6343b814ba0bf64e53b2a1edcae2231bf20d65e4bb4da6dc8382120ede652adfb7c30a46e0ee784cbde74563d83eb8d89a1573fa104fddca9d4833c49dc904bda905426c7dee3e48b596c8ee201bea57fedb1a0649457eaac3c5b5f4519af3adb66f10b861e711cd4034448890e15047c2f8902588268b5645051f3f3968ed8d630e050ccef0d01b61ffeade51e4e72d8fd46bba4c20009396e984c424d174934a67a1930665fbea04c809e7cda0a2cdfd3a14d6b99c3a8d8b3691825830456876f188ff871fc861e4c6a0ca377dc1f0cb0f929f7eb1f5da045d9a588a393312acacca5c5a3b15bb1b488b08fc40ad65ae2c1df187eccd8377525a81d80df57579ae52f775fb2efdd172a41c370300fcc594c2635dcf50e9eb9d34fa8b4bbfd13078422e3a7734a8ae6cc09e39d07c7ee19838f8da4cbafe4162c8f8dc44e284840bd0a5c80bfc657c22e37e0d9a96dda34a51ce616c9ccdc95955cf85d93860da902ab30f11aa333eacc25c47981d8636038761ed4d84fcbb0ca92dd2e07863b9505b451c3c49e36a172527578123049ff2dc2b4e258a3f698a12ca4705a6fd0ce6bc4f1767b4d9c2e57c9ed1388527964ac96ff5e4cf5ad6fdb6a853b43905df32af8bd788b520fd526cbb95195a1bc00d654cb080acdf67938517a6cdac741d86730358be16465b4e1301f47f6a444c4e8d2980b8bd98a8dcd6617cde0b287e2d1f59167b5c445146fa49728111b8a2729428cabd02facb8fbddbdb2769680f288648d6baac53e0d909335da3e2b4c13ebd41f32820c9f491e9124ca444a0532f60e2816e15a5810baa91f64454aa355f9d362c7d1a461561689d08b1350a216b6f1bda57aae0706b3710a1b8e52a7e3084e600b5ee3dc540bba0c16267d549304a7840659a32e40070715c9bb912792d4a7b84fa06e73b9ddbc2f06c4edc19d25f5a198c7e3fc6226842e6215da5d826fcf5949612889f78e9de39d4e64b86b7033b5717a21f8f2b81c799a3fc0bfe6f5837b252eefa360c91a6148296bd19d50a343d909c1edf5261e70c8dfb2c488940cf236941ad3fd01247e37902a4bbfdd1839f7c92c260a2c494022fac08629303c8e54108d78ae2c94289c7f998ba3b622b48931ee7c17c59f5499d282467a1b8050acc94a0b17b21836c80b69f519b9b077d18e33c027faad562fa09f2cc6120f8cf5ee18cf7db9d729ffbb9de58885713215b7aebb8c98d9fa009be0a9ef3ceccdb2b31968db555b26c5c94e382d06ebf6d356e8caa85def5813dd1596d823924c4fb63dba5bd094cb64f204d1e59d31287715f831a1f0be95d8749f2166ba0b0b6b64a37991be1fe1c1e922835f2da0c074ec9413561d52166576b1c4f1e18f078dc046d1c284964b80217b55c59a474740c3649116b33e927479736bff6005859c7c00598f22cb8eca38af802f4c86836e8330492ac7ef3707890a8ff856dc7786ed769bba75b18484b257b3b022eeb51aa720639f79e6e6bd3d3c9a61f7822abe562867b4693f0b2f61135aaeaa510b31112efeec48d2602c6d4f2ddeeb51bb03ab18c18d8e127a37e22881febca47742b9332d3f2251003b1a46c40eca111d02446466b669568c70971bd33254ca577777f126f86f8a3665f065b645ff261e78e0f532e83a81b99c5de3488de74ca82daa0e4e7404eff911ae955acbb800f9f91b774e472bc14aa92817b6d85877b1861a6ca92c03c83b6f1490068bad8eab1f58c9e91e1029683de2ca45c99966966031ee86d8c9995f0612480e2a6d5396e8ae361d6fd2e24557613a1191f5019d4c8078628013512ea3a59532efffa6cfe4970d28d8c7aa8c866c4275ff2b0b4ef1a7e56854d7ee4bc445713da9349d13e30a4a802cb9db2f10280fd9ea043b5b3480441e8ed2d907eae1259befba9d87a04ce42b0010c70af157b90e0bf72549852fd122edd6cf3475f76852b13b4bf887cf32e25ad34aed7fd5a6e97b307f9b4ff1c07b2b55beef5ef3dd96eeb2a57720c18209d911a55341cee67e6ff577f7acaba01c2c9690b15a3b8aaa5b9d734196467a8c074b2eeeb5ae931ddf3deb15b1a8d603e72125c2e68ad206f2c4252a659f8248ff882a8e54126ebc0c77a46101072272460e683d465279a3695be6b64c9eeb4a576d95fd520be42eab5c95cbace0dfd80e2d67bab9f683a1cc9c006c02f0f90a21a0f51218c628f5608fbf1abc79aa63452bde1002383033578f32980e3779a8edeb226f6d3f9b36d8f07bddd7479b60346a4b4fa883940e3aef8ad8d834dad4405960a4409a6255e8753d0c0ad0960ff3ef48ce93fbe6b165e86eab36fccb8b989f5b54e6ccaa19749ff065a0a732d15c41b9072bbc6f07e1fd5a3df2775874e46b61ed50714e8c403fbed6884ec06f52ab71d2c191fcc56ac0b17ba3c46d2dab3e11c79383bd8867ff14b5fbca73b9ae594b6a09fb73a2e8f15aee59150e8d6d3dad9659025d045bbd1b9ca257c67bb78abe8f7eb9c8b3bc32951c41f7390bacc8c7059a2a9b078ab50413605aec604e4666a6ace765b0e7ab558fe6232f2703d07811e3d0ac5bf9434e87876e99250ee9db6527a8ccb4a3ee3bde738563c9746f941cf2cd7efacdbd2593cafdbe5171864b2982b54dc5a32c86638c0e650a331625033b8dd65851965ae791880349d5cd52548f4422a317f96ed79e7ccf3bd671e6dc70365f521c65206386eb1f99570a544d11b3d36fea285f8a3770ca303a965a0c1d598ebe3696e647be734ccf760d3d47dec75e236d7ac08019b6622a7b9f08bc8f0937ab75e75a047a7386befbd56fc4b2f89c852dadce8df946cb3fafe4eed2678caadf1a913ae32b2c0b8a37984cb700343c5e24609f8c5ddeff5e653837a9332a41c8e21466a13d79224125d5f6a4fef79b5adae7f4ab7d351c55400545edd3c00637bd27164828925e9bb5d79f1f1e6eb3270ab799ae38772f779565d92c47503de695f7aad7ddacda6f6c71e755b3737231b64715bf07849d3466e4f92239f733436ce674389bd16900", 0x2000, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x100000000404, 0x0, 0xc, 0x0, 0x8000000, 0x0, {0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa000, 0x0, 0x0, r2}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r0, &(0x7f0000008bc0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
creat(&(0x7f0000000180)='./file0/file0/file0/file0/file0/file0\x00', 0x2)
readlink(&(0x7f0000000000)='./file0/file0/file0/file0/file0\x00', &(0x7f00000005c0)=""/176, 0xb0)
write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, r3, {0x7, 0x24, 0x0, 0x0, 0x0, 0x0, 0x800}}, 0x50)

6.489113887s ago: executing program 2 (id=2089):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x71, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

6.267629182s ago: executing program 3 (id=2091):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000380)={0xa, 0x14e24, 0x0, @empty}, 0x1c)
recvmmsg(r2, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}}], 0x4000000000002b1, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)

6.031077733s ago: executing program 2 (id=2092):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000140)=@nat={'nat\x00', 0x670, 0x5, 0x318, 0xa8, 0xa8, 0xfeffffff, 0x0, 0xa8, 0x280, 0x280, 0xffffffff, 0x280, 0x280, 0x5, 0x0, {[{{@ip={@broadcast, @local, 0x0, 0x0, 'gretap0\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x6000, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @icmp_id, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1e8}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x392)

4.888502672s ago: executing program 2 (id=2093):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000"], 0x48)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r0=>0x0})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x7, 0x800, 0x18, "1000a87d827bc2c95a5947380b00"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xe, 0x4, 0x174b, 0x3, 0x0, r3, 0x0, '\x00', r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r4, &(0x7f0000000340), 0x0}, 0x20)
syz_usb_connect$uac1(0x0, 0xd3, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902c10003010000020904000000010100000a240100000002010213240600000600000000000000000200dd000009240300000000030009240500070000000009240300000304048006240504"], 0x0)

4.849297298s ago: executing program 3 (id=2094):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x7fff}]}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x44}}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000e80)=[{{&(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10, 0x0}}], 0x1, 0xc044)
write$binfmt_misc(r3, &(0x7f0000000300), 0xfdef)

4.805778802s ago: executing program 1 (id=2095):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x1, 0x800001, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mlock2(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x0)
mincore(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)

4.687309063s ago: executing program 6 (id=2096):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x98}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.22922682s ago: executing program 6 (id=2097):
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="820000000000000070000040"])

2.735851906s ago: executing program 6 (id=2098):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28)
writev(r0, &(0x7f00000016c0)=[{&(0x7f00000006c0)="5877e793bdd3904c578c5f40b7152e75a59e12363e30d3ee58b6f647fb73147821d9a29d0212b2edaecc1a5978089305ca9f34a10af97dc62319ba64324a7334b999e2698637655505acadf0407dd666d52c09998f0cf4083c15c88fd2bcd2619a3dd393d3efcf07dcfe62b16094ce9fcf3c9580397365a1070bd2be36038daba08d3158698305413707acafc7d240bcaac5d61cf012e2c9a3b2df5ff1f53e48a8167ff81489569b0cf155df2b2ef9d5c640beed0d3d3f8f47decc377cf0747583ef41802c202f0c5b84010c853c5d05a38c7fefd32921a4b5f18104466cef98f81dcf5433c2db944be8246fa69b476c1d5d5438665aaa36488f8ad185af6d87a9ea21d818454dee5f3d244083b5438c2a1759c63a19c7badacd410d269e1e277b57b34a8d6a7fb183c8ab6587329b36b3d52c65d8aa7417335736ab8b739a54b7e3f6be647946e4b0aa0f22168edeacf84a3f99a87ca3e87ea400255728614f6b3e13ab4e7da164d5f3634dd7c710d809573077288c848983dffb2bdce18a2aaaa877eaea4d973660834b8c61e1693b28a62e9407945267f7130c84909dbf5556a5c53268f3a70867ac5806d041e495a446867bf348baff0ec4b457cc9d8bd1544ac2faa9231cf7aeb642b93a50d909de176bdf16626759c5d8fc22877b00c12bbf9d3bb1a68f8f534ecddb6d629ba51977d8088a2e81a65486678f0718afbc675186b4c6658a67226f38fee16d81771f1af75b984a5779364c1eb9ee504799b5d686172325dc32a2b956c05dcbdba0ee208a9df44a06ac735d6c882a1e21da78a619a9f1c8c45a582cbc4adf7a551490f4651fa327e4eaeeea278fb0ad823624e0defd6d38c9fa74dee4b83b869e07ee7e7451db226cfa1bcc3a5fc0ec3f32b1acf53389da7933559d3874336fe754c9df4a82e46713ba501ae87dd6d51622d50a10b4cc6de95713a5034d01670395825f3f543f5dfbe31e303b2bc3a2a37ed377d95a6bc25096fe707615eb9a3d5b0eeacbfb6e0fc42402817479bcc7fc79960f6fd5631ba39e607287c4f4c838ab8701dc8e4e9470324233adbfd0abab44bb9870ed92e1c98d98aa6692bd00ed76fc253e94f105f4d246efa6b5ef55e30466609b247cc757b3fe3758a4f64b55eb2635c65a4045ca912323bd9d2d4d64d4bebd74be60d0df519498cc1223718b3f37cdde7f039cfe0de9e2fd41f94d01fefeb2cc7d65f1164428122bab44f33aad4e7da6181635f2a3c7b5ec0b5759ad1a5ea1c802bc5bd3efc2c631c1925c23f308de11cedefef2ac8a8c49c4e7cdc39f37bf9eaefb2a4bc4655f3dff0cb4820f6d14a4b831705568fc14cb5b7562b66fd3950b8dd2e1c1d1d7827d12f2d47badd604ef02e6f04cd376f99c52f776c4e70385d5b548054525a74d0dd65b26032520c4a37769b5839bb26df61861b31d8e514c344481f69cd8de9a3a7d01b5414f8a411463354ce0d7524c01323049d242c1be20e8b70efda38888a8e106c85fc11cd240b286e4201d8bfa5ae020f60d81abc3717801cfd51ee0f1fe2affc8f27d4b96c6feece17733d7fb27d32bd32df291be81a5e48e03217d22e1deaf7bc42019f60e64c8bd6a4c9046cc1afb8c8cf084d494ca3ef367945c1d7649d733fa9b3ae93fbd4dc207474d2e4f5be0b4369b9921880296a3584ad947d6283e3de254939ddf41d6e0153aaf8defedac8eeba6ef4b1112f0fa6ac946e1cc06e2146aa5ee47e7e7af3edbdc9d12e13eff32062d59cb3778dc5f24a171af6dcfc1dfca8dc74e07b91c5cc0954090cbe4ab7149d92f307970e4530d9641b6baf77f6548a0ee90a073a17ddabb081ac6fd20a43414c7649b7f2585e3de48c862edcc6da4e12d8cb98ff77c320024fd0265a90342f6d08ba7a3ce2982808f13be4ea859a294828751bf0c720217518db0cfd6aa0cad16bb8458dfb66f0fdd3d8ee5d419492a18cf5372abd860491024d7d134927f2a81b51a8a2b1f706884e9ebc2655178b2254b2fd40f08858bb719bba3963b07b859aea89f8e2c139bdf1a4173cd6cf46e6878a18b9e95b0412dd788d0753f3be106601a4433ec243d4cda3834e1e63c392396632847e29d327e32ec24608f2ec946b649a342832e9ea3cfd4749a22250e0c6a991677cf0bae2dba73559d857e024d65fd03e4682025f57d90d7992d80b6edd3e9abe039bb09ab0c12305a36d41b35f91e7255624eb13e852db8d19c520a18b6668170715959d8e41b59639055a867024102953da2da4d31d35d8bad2862bb7402105951c535ee852c2002c6e7f3e0b6cbd3b5a94ae1b28b0bb18517fa97ef2a1eb9a4c08dc25cde6fbe2ea75b0ae839b70b80a97be8d2b905de9a93539cfdc267a16e4c3dfc63dec90bb972d2237697c331a4e426657cb644ba6c89b9524f1fad9580055feb9707ed6c47fb5f852dea1e851aa2b72d640fb5384b396055d714c4e3019d39b58419f534c06ed6c00eb861a21caf77fa50f47bc4575a2b68b38574966649cb7bcdf32ab528d1bebe30946d30b9cf1ae4f604e3b1927fd912a02ca7d3e4f9a2cfb2e46a3c6685d37001ffe5d9a64b0201ea7812f444c4dbc2631de0cdb1303fecc320c32cead7c9abd6502f43e09413ca0946b3dc382d1e1cf66fbb5e5e55d2e26a19167fcfd486589334e4e76466e806eca87cac854a66d683812a6d508f6552fb78882b55b92cc1fb8baa443e889fd68abecb3c2cd3898897a1c8af87b3a9a0e5d51eafe1dc8a2428a46635caf1cdcc10212d71645b0755aac857cfa3a7fb78f22c861a657837d00dd3778d4bf0153c2925ecc28590257754805dc95e7aecc8513be0eacacb64e20af29ff0037206bd9e6fdb5a863921fc0b3e8c70aaa13a2f140b9812005e1284175b2403c27ae5aa950e66f8211c402637d1200cc6691147bb7ed558f1ce60e072bb71dabf0836efaaeb194c23a2bff70765282dbc447d8134d79c7284728d2279acc12351dfcfe3bb97945e4f0fe6d5166f66a612ec4341857c9c5162b7306c81f372a0c77e7bc85ffaf0afac4f8a732b7ce0c5201f6f9312fed8d7e25a669bd0a1f37fcf9f41a3d728305ac8a7c44477610d1bb698e278baa5182ecc817cf08ad8a45dec298df7d2b933aa5c0a3f45982ab5bf879027bb513c412f384c4ee80b769b0d79ed88ad03fedd0b325f0f26fa2c8c1c4ed9b2711b99e31b6ae19b0eb10c8bde73da63bf81571a7a7e1e6761a472930e3d406e699c677a95cd595c9794cf6f3155d106b6e558c5049bb9b162a3c5f1a50822667cb2837badf480a16d1155563aae7d96755671b72192522337f5379e7378f8bdba099f20dabafa62cdaf680744dc343ece76b09bf3ccafdb40a7ee43276d1c5a9dd6e64cbc2f0dce166983a020752cd13946682e2fd03bc9d09928c756996a4e2dadca37563480bf8c731155861123215a0b25f31d9cbe1dc9b8b16fa5b00f8c05c39b551a3291539a95a6a5eeafc962ebbe6e82515ceb9d735f463702b2bf0cf810e838027ee262d27a7d1219256f961363cee8c77a9e22d26936e3ec9dde4084258c2a33c55e200bb2a570cba4eeaf3d30e6d510eff36932b079bc13911c7a4994a006fb5708428f060aa85e000a0c7e8bc9d9dff0d4ae075feb9e12d85149f9e26c732b7cd289bf351b533d961e5e8fa29e46013e19f8f6ee6e1fb5b49b45e8b1375c81ecf6342e299528a2e57fb65c2ae5faa613dbf76e0b3cd8b2e5166352d90ec29c52df33f29cccf105a252c7f0ac3cdf6ed96f3405e78990668987748cb81cc020fe311c3b8b0a02865fd05af919c6165bf8f378c6f19b3f12cb8fa45532a89777902ae0977679d4c18480f2489c58f9a42a1867690afc4cb8dbf20be7675bbfe4088d571e67d2e6ff812e876bf30097e55109568d4e5a4332399503a9123ca5ca21e03af2745db6b38cde8218ac56e7f2da8aa3986dc0c0276486666ae24815a2916be4f40b54d7a83d1e134c02c74b6205964edbbabcc92fee28c55ebacdf8112b3fbdba7efbf8180060ff4df7bf78a58a8cf984ebc237a116488f792886bab0e2da27a9027a4c928f175ac73fcbb2daa05458d8a0bda365e253e852c3a47ac8ff6f728b3d7b6d2e83eccc49ab9f125e550342d7b88d72fa2808cf797327ead3ef7add455b3ec33ee420fccbfe6f3d5272226911722a7d7b7f1d8b639939a0d0555bc1272ef9e01b46095d1b05ce9c64276b6a8885b9a141dddf1dc82fe91529b1f82ed1edab1cc2e5ac2c5250968a9020d15ef0472e298069d05b35362a57cc661196c99fa4e154565af00ece065942883faaf3a3e40266c319e346b3027019832e25393e12ae6ff1c67225d8659a718d2ede443b43568a68491623343bc9c9456768c858ccd5ef9e853b292ca39472af4e1126f161e795f740e424da22f23d04ab98ab295c8edc8fc685c060fd96a9a44c0dd823be8dddae0961ee6845c70ae3e3e45ee3491ba46fefd2741b9c836a9dae77d277dc8d457fcde6aeb51eca8f31dfc277f30bcb081886977117b92829ede770cbb37af378da2909ae035af12a49a75093a69bcc63fa3579b54894e0b3ab4dc9cd6307abc631a95c3629c86aee445a5e075476bf4394a5cfc9050e58ee98e5fe165a7d11a6495939e56e11b788c23c0de9fb4ab48850c3c975fb4c8650bfded88865deb6ace3fbb023b6667ee96c69d6206d78a587e7b561809eaca69a32ea982f358acb8962fcaeda809849a2fee54d45162242d7b8f0b50924cc201bd39bf5b6239bff0f84a22e4e65d26eb653e9408684", 0xd41}], 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1, 0x10012, r1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "0daf7461cfccf6ce"}, 0x28)
recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/111, 0xff1}], 0x1}, 0x0)

2.245561136s ago: executing program 6 (id=2099):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x24, 0xc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
pipe(&(0x7f00000007c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1)
close(r1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000100)=0x3915, 0x4)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x2d, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0)

1.90658515s ago: executing program 6 (id=2100):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
write$char_usb(r1, &(0x7f0000000200)="2437b7e4f1aaba2cf5db9d96a7ce54d387ad4a1f86e66afa42ffdd565809cd73692219b4351030bac4f5552224df13696d0f31a21411f11e85f096c1", 0x3c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x7546, 0x5435, 0x4d, 0x0, 0xfffffffffffffff3)
io_setup(0x8, &(0x7f0000000680)=<r5=>0x0)
io_pgetevents(r5, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], 0x0, 0x0)

1.761406305s ago: executing program 3 (id=2101):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r0, r2, 0x1, 0x0, @val=@iter={0x0}}, 0x40)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
unshare(0x2040400)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r3, r5, 0x1, 0x0, @val=@iter={0x0}}, 0x40)

1.544442437s ago: executing program 2 (id=2102):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x78, 0x0, 0x1, 0x301, 0x0, 0x0, {0x5}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast1}}}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0x2}, {0x8, 0x2, @local}}}]}, @CTA_LABELS={0x4}, @CTA_PROTOINFO={0x8, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x4}}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x10}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_LABELS_MASK={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000094}, 0x880)
r3 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.543581327s ago: executing program 3 (id=2103):
modify_ldt$write(0x1, &(0x7f00000000c0)={0xc11, 0x20000800, 0x1000, 0x1, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000000)={0x0, 0x1000, 0xffffffffffffffff, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1}, 0x10)

1.512379853s ago: executing program 1 (id=2104):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001640)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdir(&(0x7f0000000380)='./file1/file0\x00', 0x1e)

1.199300039s ago: executing program 1 (id=2105):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345})
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x0)
r0 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x1, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1fffffffffffffaa, &(0x7f0000000200)=[{0x30, 0x9, 0x0, 0x6}]}, 0xfffffffffffffdf1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd, 0x9be, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x21, 0x0, 0x0)

240.478261ms ago: executing program 3 (id=2106):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r2, 0x47f9, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)

142.251355ms ago: executing program 2 (id=2107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000180)="1400000017000b63d25a80648c2594f917a3c92b", 0x14}], 0x1}, 0x0)

71.357648ms ago: executing program 6 (id=2108):
r0 = socket$inet(0x2, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x33, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000680)={0x2, 0x4e1e, @private=0xa010101}, 0x10)

0s ago: executing program 0 (id=880):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001805000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000b9060000850000000400000085000000230000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c000780080008400000000c0500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

kernel console output (not intermixed with test programs):

vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  319.846317][ T5828] Bluetooth: hci0: command tx timeout
[  319.958090][T10327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1344'.
[  319.990088][ T5875] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  320.150344][T10146] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  320.171240][T10146] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  320.187919][ T5875] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.199977][ T5875] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.218697][T10146] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  320.232618][ T5875] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  320.255771][ T5875] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.268835][T10146] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  320.292265][ T5875] usb 7-1: config 0 descriptor??
[  320.397274][T10335] tipc: Failed to remove unknown binding: 66,1,1/1006234366:3616086341/3616086343
[  320.423821][T10335] tipc: Failed to remove unknown binding: 66,1,1/1006234366:3616086341/3616086343
[  320.530479][T10146] 8021q: adding VLAN 0 to HW filter on device bond0
[  320.596287][ T5875] usbhid 7-1:0.0: can't add hid device: -71
[  320.602383][ T5875] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  320.623348][T10146] 8021q: adding VLAN 0 to HW filter on device team0
[  320.642415][ T5875] usb 7-1: USB disconnect, device number 13
[  320.683725][ T9781] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.690944][ T9781] bridge0: port 1(bridge_slave_0) entered forwarding state
[  320.738298][ T9781] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.745671][ T9781] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.069674][T10353] lo speed is unknown, defaulting to 1000
[  321.181725][T10146] 8021q: adding VLAN 0 to HW filter on device batadv0
[  321.429559][T10146] veth0_vlan: entered promiscuous mode
[  321.471432][T10146] veth1_vlan: entered promiscuous mode
[  321.558553][T10146] veth0_macvtap: entered promiscuous mode
[  321.585134][T10146] veth1_macvtap: entered promiscuous mode
[  321.621488][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  321.632280][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.642968][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  321.653710][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.664536][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  321.675363][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.685378][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  321.707668][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.739414][T10146] batman_adv: batadv0: Interface activated: batadv_slave_0
[  321.759266][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.784566][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.821435][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.863128][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.883648][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.911610][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.931830][T10146] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.955670][T10146] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.977158][T10146] batman_adv: batadv0: Interface activated: batadv_slave_1
[  321.998886][T10146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  322.016197][T10146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  322.042490][T10146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  322.052937][T10146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  322.166613][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  322.245544][ T9801] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.278215][ T9801] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.352066][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  322.365918][    T9] usb 4-1: Using ep0 maxpacket: 8
[  322.370348][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  322.388448][    T9] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  322.409160][    T9] usb 4-1: config 0 has no interface number 0
[  322.415320][    T9] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  322.447880][    T9] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  322.464940][    T9] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  322.512077][    T9] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  322.535583][    T9] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  322.566665][ T5906] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  322.585235][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.616225][    T9] usb 4-1: config 0 descriptor??
[  322.653292][    T9] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  322.745866][ T5906] usb 7-1: Using ep0 maxpacket: 16
[  322.754364][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.800539][ T5906] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  322.838671][    T9] usb 4-1: USB disconnect, device number 17
[  322.850531][    T9] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  322.857359][ T5906] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  322.874799][ T5906] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  322.884310][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.897728][ T5906] usb 7-1: config 0 descriptor??
[  323.116586][ T5906] usbhid 7-1:0.0: can't add hid device: -71
[  323.129907][ T5906] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  323.140895][ T5906] usb 7-1: USB disconnect, device number 14
[  323.525898][T10391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1365'.
[  323.900774][ T1105] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.073173][ T1105] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.248054][ T1105] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.314965][ T1105] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  324.404739][ T1105] bridge_slave_1: left allmulticast mode
[  324.410690][ T1105] bridge_slave_1: left promiscuous mode
[  324.416523][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  324.428512][ T1105] bridge_slave_0: left allmulticast mode
[  324.434201][ T1105] bridge_slave_0: left promiscuous mode
[  324.441372][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  325.496723][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  325.507661][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  325.522135][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  325.531271][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  325.540041][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  325.554838][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  325.567653][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  325.575814][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  325.592720][ T1105] bond0 (unregistering): Released all slaves
[  325.657077][T10427] overlayfs: failed to clone upperpath
[  325.658431][T10423] lo speed is unknown, defaulting to 1000
[  325.714557][T10429] tipc: Failed to remove unknown binding: 66,1,1/0:4093872998/4093873000
[  325.756147][T10429] tipc: Failed to remove unknown binding: 66,1,1/0:4093872998/4093873000
[  325.767319][T10429] tipc: Failed to remove unknown binding: 66,1,1/0:4093872998/4093873000
[  326.267385][T10423] chnl_net:caif_netlink_parms(): no params data found
[  326.374300][T10449] netlink: 'syz.3.1388': attribute type 4 has an invalid length.
[  326.461948][T10449] netlink: 'syz.3.1388': attribute type 4 has an invalid length.
[  326.501609][ T1105] hsr_slave_0: left promiscuous mode
[  326.526553][ T1105] hsr_slave_1: left promiscuous mode
[  326.558106][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  326.655418][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  326.696728][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  326.714516][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  326.826463][ T1105] veth1_macvtap: left promiscuous mode
[  326.853384][ T1105] veth0_macvtap: left promiscuous mode
[  326.876006][ T1105] veth1_vlan: left promiscuous mode
[  326.915436][ T1105] veth0_vlan: left promiscuous mode
[  327.234582][T10471] xt_hashlimit: size too large, truncated to 1048576
[  327.241876][T10471] xt_hashlimit: invalid rate
[  327.617889][ T5831] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  327.692638][ T5828] Bluetooth: hci0: command tx timeout
[  328.069399][ T5831] usb 7-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=c2.f4
[  328.105786][ T5831] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.114405][ T5831] usb 7-1: Product: syz
[  328.135673][ T5831] usb 7-1: Manufacturer: syz
[  328.160233][ T5831] usb 7-1: SerialNumber: syz
[  328.181590][ T5831] usb 7-1: config 0 descriptor??
[  328.883127][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  328.987367][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  329.812696][    T9] lo speed is unknown, defaulting to 1000
[  329.846669][    T9] usb 7-1: USB disconnect, device number 15
[  329.850243][ T5828] Bluetooth: hci0: command tx timeout
[  329.894073][T10423] bridge0: port 1(bridge_slave_0) entered blocking state
[  329.903900][T10423] bridge0: port 1(bridge_slave_0) entered disabled state
[  329.936189][T10423] bridge_slave_0: entered allmulticast mode
[  329.942979][T10423] bridge_slave_0: entered promiscuous mode
[  329.995892][T10423] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.003113][T10423] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.030329][T10423] bridge_slave_1: entered allmulticast mode
[  330.046774][T10423] bridge_slave_1: entered promiscuous mode
[  330.216124][T10423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  330.236972][T10423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  330.425254][T10423] team0: Port device team_slave_0 added
[  330.624088][T10423] team0: Port device team_slave_1 added
[  331.231799][T10423] batman_adv: batadv0: Adding interface: batadv_slave_0
[  331.267616][T10423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.305811][T10423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  331.336618][T10423] batman_adv: batadv0: Adding interface: batadv_slave_1
[  331.345688][T10423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.390040][T10423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  331.434516][T10509] lo speed is unknown, defaulting to 1000
[  331.561820][T10423] hsr_slave_0: entered promiscuous mode
[  331.573208][T10423] hsr_slave_1: entered promiscuous mode
[  331.617520][T10423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  331.635951][T10423] Cannot create hsr debugfs directory
[  331.925813][ T5828] Bluetooth: hci0: command tx timeout
[  333.157137][T10535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1417'.
[  334.005756][ T5828] Bluetooth: hci0: command tx timeout
[  336.110077][T10574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1432'.
[  336.359238][    C0] vcan0: j1939_tp_rxtimer: 0xffff888032c15800: rx timeout, send abort
[  336.859318][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880577a4800: rx timeout, send abort
[  336.875692][    C0] vcan0: j1939_tp_rxtimer: 0xffff888032c15800: abort rx timeout. Force session deactivation
[  337.367630][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880577a4800: abort rx timeout. Force session deactivation
[  337.654693][T10584] input: syz1 as /devices/virtual/input/input23
[  338.670215][T10591] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1437'.
[  338.851504][    C0] vcan0: j1939_tp_rxtimer: 0xffff88814ceb0800: rx timeout, send abort
[  339.347912][    C0] vcan0: j1939_tp_rxtimer: 0xffff88814ceb2000: rx timeout, send abort
[  339.360737][    C0] vcan0: j1939_tp_rxtimer: 0xffff88814ceb0800: abort rx timeout. Force session deactivation
[  339.857131][    C0] vcan0: j1939_tp_rxtimer: 0xffff88814ceb2000: abort rx timeout. Force session deactivation
[  341.015786][T10423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  341.058419][T10423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  341.084868][T10423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  341.112014][T10423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  341.158853][T10608] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4017050179 (64272802864 ns) > initial count (43813986880 ns). Using initial count to start timer.
[  341.229750][T10608] kvm: pic: single mode not supported
[  341.236163][T10608] kvm: pic: single mode not supported
[  341.401709][T10423] 8021q: adding VLAN 0 to HW filter on device bond0
[  341.446845][T10423] 8021q: adding VLAN 0 to HW filter on device team0
[  341.459902][ T5960] bridge0: port 1(bridge_slave_0) entered blocking state
[  341.467119][ T5960] bridge0: port 1(bridge_slave_0) entered forwarding state
[  341.532468][ T5960] bridge0: port 2(bridge_slave_1) entered blocking state
[  341.539692][ T5960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  342.102362][T10423] 8021q: adding VLAN 0 to HW filter on device batadv0
[  342.260050][T10423] veth0_vlan: entered promiscuous mode
[  342.320527][T10423] veth1_vlan: entered promiscuous mode
[  342.430804][T10423] veth0_macvtap: entered promiscuous mode
[  342.449322][T10423] veth1_macvtap: entered promiscuous mode
[  342.497534][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.526069][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.574249][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.605670][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.630742][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.675922][T10637] Mount JFS Failure: -22
[  342.715884][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.741138][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.761551][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.811736][T10423] batman_adv: batadv0: Interface activated: batadv_slave_0
[  342.829130][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  342.869380][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.910449][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  342.940570][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.971123][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  342.996008][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.012843][T10423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  343.027804][T10423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.055962][T10423] batman_adv: batadv0: Interface activated: batadv_slave_1
[  343.157887][T10648] bond1 (unregistering): Released all slaves
[  343.251183][T10423] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  343.279226][T10423] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  343.326462][T10423] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  343.335233][T10423] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  343.616432][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.624404][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.712449][ T6308] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.740604][ T6308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.606911][ T2012] usb 3-1: new low-speed USB device number 19 using dummy_hcd
[  344.837479][ T2012] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  344.848103][ T2012] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B is Bulk; changing to Interrupt
[  344.858916][ T2012] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  344.874184][ T2012] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  344.937499][ T2012] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.951020][ T2012] usbtmc 3-1:16.0: bulk endpoints not found
[  345.198940][T10680] netlink: 'syz.2.1467': attribute type 1 has an invalid length.
[  345.949512][   T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  346.138974][T10680] bond1: entered promiscuous mode
[  346.186549][T10680] 8021q: adding VLAN 0 to HW filter on device bond1
[  346.263240][T10692] ipip0: entered promiscuous mode
[  346.268506][T10692] ipip0: entered allmulticast mode
[  346.292121][T10692] 8021q: adding VLAN 0 to HW filter on device bond1
[  346.299598][T10692] bond1: (slave ipip0): The slave device specified does not support setting the MAC address
[  346.310251][T10692] bond1: (slave ipip0): Setting fail_over_mac to active for active-backup mode
[  346.328498][T10692] bond1: (slave ipip0): making interface the new active one
[  346.417709][T10692] bond1: (slave ipip0): Enslaving as an active interface with an up link
[  346.506349][ T2012] usb 3-1: USB disconnect, device number 19
[  346.519001][   T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  346.584006][   T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  346.712434][   T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  346.852035][   T63] bridge_slave_1: left allmulticast mode
[  346.867981][   T63] bridge_slave_1: left promiscuous mode
[  346.873705][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  346.913478][   T63] bridge_slave_0: left allmulticast mode
[  346.919413][   T63] bridge_slave_0: left promiscuous mode
[  346.931698][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.305384][T10701] Bluetooth: (null): Out-of-order packet arrived (6 != 0)
[  347.392571][T10700] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  347.893446][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  347.906511][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  347.916658][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  347.942547][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  347.961324][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  347.971704][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  348.067387][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  348.095314][T10725] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  348.109479][T10725] Error validating options; rc = [-22]
[  348.133046][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  348.157686][   T63] bond0 (unregistering): Released all slaves
[  348.244804][T10718] lo speed is unknown, defaulting to 1000
[  348.801351][   T63] hsr_slave_0: left promiscuous mode
[  348.815717][   T63] hsr_slave_1: left promiscuous mode
[  348.832389][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  348.854718][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  348.888947][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  348.916077][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  348.979675][   T63] veth1_macvtap: left promiscuous mode
[  348.985449][   T63] veth0_macvtap: left promiscuous mode
[  348.991990][   T63] veth1_vlan: left promiscuous mode
[  348.998939][   T63] veth0_vlan: left promiscuous mode
[  349.349824][T10765] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  349.357454][   T30] audit: type=1804 audit(1742594094.118:105): pid=10765 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1496" name="/newroot/316/file0" dev="tmpfs" ino=1768 res=1 errno=0
[  349.391114][T10765] ref_ctr increment failed for inode: 0x6e8 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880472b4440
[  349.764019][   T63] team0 (unregistering): Port device team_slave_1 removed
[  349.832103][   T63] team0 (unregistering): Port device team_slave_0 removed
[  350.005835][ T5828] Bluetooth: hci0: command tx timeout
[  350.402724][T10755] bond1: (slave dummy0): Releasing active interface
[  350.438545][T10755] bridge_slave_0: left allmulticast mode
[  350.446077][T10755] bridge_slave_0: left promiscuous mode
[  350.451940][T10755] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.477239][T10755] bridge_slave_1: left allmulticast mode
[  350.483081][T10755] bridge_slave_1: left promiscuous mode
[  350.489002][T10755] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.504477][T10755] bond0: (slave bond_slave_0): Releasing backup interface
[  350.535154][T10755] bond0: (slave bond_slave_1): Releasing backup interface
[  350.655379][T10755] team0: Port device team_slave_0 removed
[  351.294489][T10755] team0: Port device team_slave_1 removed
[  351.341140][T10755] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  351.380768][T10755] batman_adv: batadv0: Removing interface: batadv_slave_0
[  351.419909][T10755] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  351.485905][T10755] batman_adv: batadv0: Removing interface: batadv_slave_1
[  351.521547][T10755] bond1: (slave veth3): Releasing active interface
[  351.670573][T10718] chnl_net:caif_netlink_parms(): no params data found
[  351.902577][T10718] bridge0: port 1(bridge_slave_0) entered blocking state
[  351.936298][T10718] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.943818][T10718] bridge_slave_0: entered allmulticast mode
[  351.951347][T10718] bridge_slave_0: entered promiscuous mode
[  351.962608][T10718] bridge0: port 2(bridge_slave_1) entered blocking state
[  351.970695][T10718] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.978187][T10718] bridge_slave_1: entered allmulticast mode
[  351.985862][T10718] bridge_slave_1: entered promiscuous mode
[  352.095791][ T5828] Bluetooth: hci0: command tx timeout
[  352.114676][T10718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.199833][T10718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.308536][T10718] team0: Port device team_slave_0 added
[  352.319935][T10718] team0: Port device team_slave_1 added
[  352.714924][T10718] batman_adv: batadv0: Adding interface: batadv_slave_0
[  352.744522][T10718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.789053][T10718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  352.880547][T10718] batman_adv: batadv0: Adding interface: batadv_slave_1
[  352.889726][T10718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.916945][T10718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  353.041439][T10718] hsr_slave_0: entered promiscuous mode
[  353.067270][T10718] hsr_slave_1: entered promiscuous mode
[  353.073496][T10718] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  353.117344][T10718] Cannot create hsr debugfs directory
[  354.166274][ T5828] Bluetooth: hci0: command tx timeout
[  354.996828][T10718] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  355.184140][T10718] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  355.225095][T10845] devtmpfs: Unknown parameter 'nr_'
[  355.427844][T10718] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  355.613233][T10718] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  355.833048][T10718] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.036223][T10718] 8021q: adding VLAN 0 to HW filter on device team0
[  356.325971][ T5828] Bluetooth: hci0: command tx timeout
[  358.013352][ T9793] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.020663][ T9793] bridge0: port 1(bridge_slave_0) entered forwarding state
[  358.098213][ T9793] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.105365][ T9793] bridge0: port 2(bridge_slave_1) entered forwarding state
[  358.176445][    T9] kernel write not supported for file bpf-prog (pid: 9 comm: kworker/0:0)
[  358.230081][T10867] overlayfs: failed to clone upperpath
[  358.462369][   T30] audit: type=1804 audit(1742594103.228:106): pid=10872 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1530" name="/newroot/328/file0" dev="tmpfs" ino=1844 res=1 errno=0
[  358.670440][T10872] ref_ctr_offset mismatch. inode: 0x734 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8
[  358.735013][T10718] 8021q: adding VLAN 0 to HW filter on device batadv0
[  358.869257][T10718] veth0_vlan: entered promiscuous mode
[  358.902628][T10718] veth1_vlan: entered promiscuous mode
[  358.991196][T10718] veth0_macvtap: entered promiscuous mode
[  359.054276][T10718] veth1_macvtap: entered promiscuous mode
[  359.100549][T10718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  359.112124][T10718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.122799][T10718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  359.138225][T10718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.169502][T10718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  359.180279][T10718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.191655][T10718] batman_adv: batadv0: Interface activated: batadv_slave_0
[  359.207630][T10718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.223096][T10718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.233271][T10718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.245479][T10718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.256455][T10718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.267622][T10718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.279313][T10718] batman_adv: batadv0: Interface activated: batadv_slave_1
[  359.290234][T10718] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  359.300736][T10718] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  359.310060][T10718] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  359.319321][T10718] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  359.457025][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  359.482922][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  359.544283][ T9793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  359.573495][ T9793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  359.633582][T10893] syz_tun: entered allmulticast mode
[  359.661324][T10892] syz_tun: left allmulticast mode
[  360.129505][T10903] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  360.556826][T10918] netlink: 'syz.2.1545': attribute type 10 has an invalid length.
[  360.572181][ T9801] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.673126][T10918] 8021q: adding VLAN 0 to HW filter on device team0
[  360.708063][T10918] bond0: (slave team0): Enslaving as an active interface with an up link
[  360.860152][ T9801] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.261725][ T9801] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.559554][ T9801] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.788457][ T9801] bridge_slave_1: left allmulticast mode
[  361.794913][ T9801] bridge_slave_1: left promiscuous mode
[  361.805653][ T9801] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.821578][ T9801] bridge_slave_0: left allmulticast mode
[  361.843101][ T9801] bridge_slave_0: left promiscuous mode
[  361.862467][ T9801] bridge0: port 1(bridge_slave_0) entered disabled state
[  361.971047][T10926] kvm: pic: non byte write
[  362.216716][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  362.229925][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  362.253524][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  362.262888][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  362.277092][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  362.286466][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  362.543409][ T5906] hid-generic 0000:0003:0000.000E: unknown main item tag 0x0
[  362.552954][ T5906] hid-generic 0000:0003:0000.000E: unknown main item tag 0x0
[  362.587024][ T5906] hid-generic 0000:0003:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  362.765445][ T9801] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  362.791195][ T9801] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  362.807694][T10956] kernel read not supported for file /file1 (pid: 10956 comm: syz.3.1556)
[  362.823917][ T9801] bond0 (unregistering): Released all slaves
[  362.830376][   T30] audit: type=1800 audit(1742594107.598:107): pid=10956 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1556" name="file1" dev="mqueue" ino=40406 res=0 errno=0
[  362.923598][T10942] lo speed is unknown, defaulting to 1000
[  363.376834][T10953] Process accounting resumed
[  363.483102][ T9801] hsr_slave_0: left promiscuous mode
[  363.493219][ T9801] hsr_slave_1: left promiscuous mode
[  363.501662][ T9801] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  363.513416][ T9801] batman_adv: batadv0: Removing interface: batadv_slave_0
[  363.546874][ T9801] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  363.562773][ T9801] batman_adv: batadv0: Removing interface: batadv_slave_1
[  363.629539][ T9801] veth1_macvtap: left promiscuous mode
[  363.635449][ T9801] veth0_macvtap: left promiscuous mode
[  363.643697][ T9801] veth1_vlan: left promiscuous mode
[  363.649692][ T9801] veth0_vlan: left promiscuous mode
[  364.640289][ T5826] Bluetooth: hci0: command tx timeout
[  364.913880][T10979] overlayfs: failed to clone upperpath
[  366.725999][ T5826] Bluetooth: hci0: command tx timeout
[  366.978812][ T9801] team0 (unregistering): Port device team_slave_1 removed
[  367.164242][ T9801] team0 (unregistering): Port device team_slave_0 removed
[  368.571584][T10942] chnl_net:caif_netlink_parms(): no params data found
[  368.724510][T11037] Bluetooth: MGMT ver 1.23
[  368.806701][ T5826] Bluetooth: hci0: command tx timeout
[  368.936236][T11042] Bluetooth: hci0: too big key_count value 32768
[  368.937282][T10942] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.996931][T10942] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.027098][T10942] bridge_slave_0: entered allmulticast mode
[  369.064001][T10942] bridge_slave_0: entered promiscuous mode
[  369.135698][T11047] netlink: 'syz.6.1585': attribute type 1 has an invalid length.
[  369.147635][T11047] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  369.169542][T10942] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.239487][T10942] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.345428][T10942] bridge_slave_1: entered allmulticast mode
[  369.459742][T10942] bridge_slave_1: entered promiscuous mode
[  369.806988][T10942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  369.853999][T10942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  370.029726][T10942] team0: Port device team_slave_0 added
[  370.053265][T10942] team0: Port device team_slave_1 added
[  370.763582][T11059] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.897604][ T5826] Bluetooth: hci0: command tx timeout
[  371.267143][T10942] batman_adv: batadv0: Adding interface: batadv_slave_0
[  371.274156][T10942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.314652][T10942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  371.347940][T10942] batman_adv: batadv0: Adding interface: batadv_slave_1
[  371.354947][T10942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  371.417199][T10942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  371.534217][T11059] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.788586][T11059] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.920003][T10942] hsr_slave_0: entered promiscuous mode
[  371.976670][T10942] hsr_slave_1: entered promiscuous mode
[  371.982965][T10942] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  372.220151][T10942] Cannot create hsr debugfs directory
[  372.247164][T11075] lo speed is unknown, defaulting to 1000
[  372.325133][T11059] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.450783][T11088] 9pnet_virtio: no channels available for device ype_id=3 index_type_id=1 nr_elems=1
[  372.450783][T11088] [1] ARRAY (anon) type_id=3 index_type_id=1 nr_elems=1 Loop detected
[  372.450783][T11088] 
[  372.767086][T11059] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.822140][T11059] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.837333][T11059] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.867788][T11059] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  374.541838][T11112] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1607'.
[  375.042964][T10942] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  375.071478][T10942] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  375.122552][T10942] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  375.155287][T10942] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  375.310375][T11122] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  375.438958][T10942] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.478331][T10942] 8021q: adding VLAN 0 to HW filter on device team0
[  375.529525][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.536783][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  375.572911][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.580168][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  375.789898][T11135] overlayfs: failed to resolve './file0': -2
[  376.150289][T10942] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.254390][T10942] veth0_vlan: entered promiscuous mode
[  376.274593][T10942] veth1_vlan: entered promiscuous mode
[  376.355266][T10942] veth0_macvtap: entered promiscuous mode
[  376.403437][T10942] veth1_macvtap: entered promiscuous mode
[  376.448045][T10942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.466238][T10942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.483412][T10942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.505323][T10942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.521601][T10942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  376.533871][T10942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.558313][T10942] batman_adv: batadv0: Interface activated: batadv_slave_0
[  376.587163][T10942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.642178][T10942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.659346][T10942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.684900][T10942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.702728][T10942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  376.713983][T10942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  376.730262][T10942] batman_adv: batadv0: Interface activated: batadv_slave_1
[  376.764684][T10942] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  376.782638][T10942] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  376.802448][T10942] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.870802][T10942] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.907854][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  378.937668][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  378.944016][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  378.970868][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  379.977743][ T9801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.996367][ T9801] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.814938][ T9801] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.994305][ T9801] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.115161][ T9801] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.195134][ T9801] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.303541][ T9801] bridge_slave_1: left allmulticast mode
[  383.311490][ T9801] bridge_slave_1: left promiscuous mode
[  383.317603][ T9801] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.326580][ T9801] bridge_slave_0: left allmulticast mode
[  383.332259][ T9801] bridge_slave_0: left promiscuous mode
[  383.338749][ T9801] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.747142][ T9801] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  383.759766][ T9801] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  383.770776][ T9801] bond0 (unregistering): Released all slaves
[  384.020581][ T9801] hsr_slave_0: left promiscuous mode
[  384.030782][ T9801] hsr_slave_1: left promiscuous mode
[  384.038833][ T9801] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  384.046403][ T9801] batman_adv: batadv0: Removing interface: batadv_slave_0
[  384.054229][ T9801] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  384.061822][ T9801] batman_adv: batadv0: Removing interface: batadv_slave_1
[  384.085264][ T9801] veth1_macvtap: left promiscuous mode
[  384.093010][ T9801] veth0_macvtap: left promiscuous mode
[  384.098711][ T9801] veth1_vlan: left promiscuous mode
[  384.104017][ T9801] veth0_vlan: left promiscuous mode
[  384.858330][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  384.873808][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  384.883602][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  384.916466][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  384.934749][ T5828] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  384.946407][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  385.005805][  T975] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  385.166056][  T975] usb 7-1: Using ep0 maxpacket: 32
[  385.196778][  T975] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  385.227625][  T975] usb 7-1: config 0 has no interfaces?
[  385.242916][  T975] usb 7-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=70.f8
[  385.254008][  T975] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.260716][T11226] TCP: out of memory -- consider tuning tcp_mem
[  385.274045][  T975] usb 7-1: Product: syz
[  385.279535][  T975] usb 7-1: Manufacturer: syz
[  385.284175][  T975] usb 7-1: SerialNumber: syz
[  385.300917][  T975] usb 7-1: config 0 descriptor??
[  387.048957][ T5826] Bluetooth: hci0: command tx timeout
[  387.140453][ T9801] team0 (unregistering): Port device team_slave_1 removed
[  387.491489][ T9801] team0 (unregistering): Port device team_slave_0 removed
[  387.532253][T11260] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1657'.
[  387.714157][  T975] usb 7-1: USB disconnect, device number 16
[  387.780452][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806134ac00: rx timeout, send abort
[  388.280537][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806134a000: rx timeout, send abort
[  388.288978][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806134ac00: abort rx timeout. Force session deactivation
[  388.575166][T11236] lo speed is unknown, defaulting to 1000
[  388.797598][    C1] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff88806134a000: abort rx timeout. Force session deactivation
[  389.128065][ T5826] Bluetooth: hci0: command tx timeout
[  389.360000][T11236] chnl_net:caif_netlink_parms(): no params data found
[  390.328404][T11236] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.335970][T11236] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.343305][T11236] bridge_slave_0: entered allmulticast mode
[  390.351211][T11236] bridge_slave_0: entered promiscuous mode
[  390.359757][T11236] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.367273][T11236] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.375945][T11236] bridge_slave_1: entered allmulticast mode
[  390.406660][T11236] bridge_slave_1: entered promiscuous mode
[  390.507873][T11236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.548503][T11236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.638777][T11236] team0: Port device team_slave_0 added
[  390.680135][T11236] team0: Port device team_slave_1 added
[  390.810483][T11236] batman_adv: batadv0: Adding interface: batadv_slave_0
[  390.826028][T11236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.889852][T11236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  390.949646][T11236] batman_adv: batadv0: Adding interface: batadv_slave_1
[  390.964795][T11236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.994646][T11236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.073670][T11236] hsr_slave_0: entered promiscuous mode
[  391.096926][T11236] hsr_slave_1: entered promiscuous mode
[  391.108755][T11236] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  391.125467][T11236] Cannot create hsr debugfs directory
[  391.214756][ T5826] Bluetooth: hci0: command tx timeout
[  391.257093][T11317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1668'.
[  391.267888][T11317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1668'.
[  392.086185][  T975] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  392.160573][T11236] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  392.183061][T11236] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  392.203381][T11236] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  392.218768][T11236] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  392.237588][  T975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  392.248332][  T975] usb 3-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  392.266049][  T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.340823][  T975] usb 3-1: config 0 descriptor??
[  392.524573][T11236] 8021q: adding VLAN 0 to HW filter on device bond0
[  392.630715][T11236] 8021q: adding VLAN 0 to HW filter on device team0
[  392.663038][ T3484] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.670275][ T3484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  392.686763][ T3484] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.693979][ T3484] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.771060][  T975] logitech 0003:046D:C293.000F: collection stack underflow
[  392.778600][  T975] logitech 0003:046D:C293.000F: item 0 1 0 12 parsing failed
[  392.787617][  T975] logitech 0003:046D:C293.000F: parse failed
[  392.793826][  T975] logitech 0003:046D:C293.000F: probe with driver logitech failed with error -22
[  392.990587][  T975] usb 3-1: USB disconnect, device number 20
[  393.023469][T11365] bond_slave_1: entered promiscuous mode
[  393.034081][T11236] 8021q: adding VLAN 0 to HW filter on device batadv0
[  393.038909][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1693'.
[  393.088085][T11365] bond_slave_1 (unregistering): left promiscuous mode
[  393.177821][T11236] veth0_vlan: entered promiscuous mode
[  393.210690][T11236] veth1_vlan: entered promiscuous mode
[  393.269849][T11236] veth0_macvtap: entered promiscuous mode
[  393.291098][T11236] veth1_macvtap: entered promiscuous mode
[  393.295714][ T5826] Bluetooth: hci0: command tx timeout
[  393.354003][T11236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.415121][T11236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.454560][T11236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.485813][T11236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.525856][T11236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  393.555654][T11236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.588229][T11236] batman_adv: batadv0: Interface activated: batadv_slave_0
[  393.624578][T11236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.678566][T11236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.705760][T11236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.754962][T11236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.783434][T11236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  393.815063][T11236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  393.836637][T11236] batman_adv: batadv0: Interface activated: batadv_slave_1
[  393.897600][T11236] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  393.934644][T11236] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.955666][T11236] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.984805][T11236] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  393.999059][T11384] kvm: pic: non byte read
[  394.029396][T11384] kvm: pic: level sensitive irq not supported
[  394.030224][T11384] kvm: pic: non byte read
[  394.243038][ T9781] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.284045][ T9781] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.321781][T11391] syzkaller1: entered promiscuous mode
[  394.342330][T11391] syzkaller1: entered allmulticast mode
[  394.476615][ T9793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.501158][ T9793] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.447250][T11422] overlayfs: failed to clone upperpath
[  395.629842][ T9781] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.998748][ T9781] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.102661][ T9781] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.197017][ T9781] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.330632][ T9781] bridge_slave_1: left allmulticast mode
[  396.336562][ T9781] bridge_slave_1: left promiscuous mode
[  396.342269][ T9781] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.351281][ T9781] bridge_slave_0: left allmulticast mode
[  396.357390][ T9781] bridge_slave_0: left promiscuous mode
[  396.363155][ T9781] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.787106][ T9781] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  396.798083][ T9781] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  396.812656][ T9781] bond0 (unregistering): Released all slaves
[  397.261016][ T9781] hsr_slave_0: left promiscuous mode
[  397.296452][ T9781] hsr_slave_1: left promiscuous mode
[  397.305443][ T9781] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  397.343201][ T9781] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.370508][ T9781] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.385824][ T9781] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.452541][ T9781] veth1_macvtap: left promiscuous mode
[  397.475753][ T9781] veth0_macvtap: left promiscuous mode
[  397.486785][ T9781] veth1_vlan: left promiscuous mode
[  397.499021][ T9781] veth0_vlan: left promiscuous mode
[  397.547014][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  397.558023][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  397.567904][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  397.594593][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  397.617687][ T5828] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  397.629180][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  397.651878][T11445] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1718'.
[  398.712992][T11456] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma?
[  399.777084][ T5828] Bluetooth: hci0: command tx timeout
[  400.377458][ T9781] team0 (unregistering): Port device team_slave_1 removed
[  400.469943][ T9781] team0 (unregistering): Port device team_slave_0 removed
[  401.278823][T11464] netlink: 'syz.6.1725': attribute type 3 has an invalid length.
[  401.305953][T11464] netlink: 'syz.6.1725': attribute type 3 has an invalid length.
[  401.333129][T11441] lo speed is unknown, defaulting to 1000
[  401.851155][ T5828] Bluetooth: hci0: command tx timeout
[  401.912532][T11441] chnl_net:caif_netlink_parms(): no params data found
[  401.934994][T11493] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1737'.
[  402.148963][T11507] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1740'.
[  402.210209][T11510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1742'.
[  402.284670][T11441] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.297715][T11441] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.331251][T11441] bridge_slave_0: entered allmulticast mode
[  402.340653][T11441] bridge_slave_0: entered promiscuous mode
[  402.365010][T11441] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.385850][T11441] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.393308][T11441] bridge_slave_1: entered allmulticast mode
[  402.409624][T11441] bridge_slave_1: entered promiscuous mode
[  402.521926][T11441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.544998][T11522] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1748'.
[  402.549980][T11441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.739922][T11441] team0: Port device team_slave_0 added
[  402.751208][T11441] team0: Port device team_slave_1 added
[  402.877811][T11441] batman_adv: batadv0: Adding interface: batadv_slave_0
[  402.904789][T11441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  402.991921][T11441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  403.028346][T11441] batman_adv: batadv0: Adding interface: batadv_slave_1
[  403.062238][T11441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.138402][T11441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  403.269220][   T30] audit: type=1804 audit(1742594148.028:108): pid=11543 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1756" name="file0" dev="ramfs" ino=43507 res=1 errno=0
[  403.306862][T11441] hsr_slave_0: entered promiscuous mode
[  403.328108][T11441] hsr_slave_1: entered promiscuous mode
[  403.352347][T11441] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  403.384789][T11441] Cannot create hsr debugfs directory
[  403.401117][T11548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1758'.
[  403.496528][T11548] bridge0: port 1(vlan2) entered disabled state
[  403.927024][ T5828] Bluetooth: hci0: command tx timeout
[  404.573242][T11441] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  404.591610][T11441] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  404.614146][T11441] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  404.656817][T11441] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  405.003149][T11441] 8021q: adding VLAN 0 to HW filter on device bond0
[  405.072759][T11441] 8021q: adding VLAN 0 to HW filter on device team0
[  405.110432][ T3484] bridge0: port 1(bridge_slave_0) entered blocking state
[  405.117654][ T3484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  405.178469][ T6308] bridge0: port 2(bridge_slave_1) entered blocking state
[  405.185665][ T6308] bridge0: port 2(bridge_slave_1) entered forwarding state
[  405.307195][T11441] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  405.717035][T11593] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1774'.
[  406.007727][ T5828] Bluetooth: hci0: command tx timeout
[  406.094547][T11441] 8021q: adding VLAN 0 to HW filter on device batadv0
[  407.599857][T11441] veth0_vlan: entered promiscuous mode
[  407.630376][T11441] veth1_vlan: entered promiscuous mode
[  407.662133][T11441] veth0_macvtap: entered promiscuous mode
[  407.671778][T11441] veth1_macvtap: entered promiscuous mode
[  407.727595][T11441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  407.799622][T11441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  407.845263][T11441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  407.893218][T11441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  407.943344][T11441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  407.955731][T11611] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1780'.
[  407.979803][T11441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.012895][T11441] batman_adv: batadv0: Interface activated: batadv_slave_0
[  408.060504][T11441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  408.074682][T11441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.094135][T11441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  408.108073][T11441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.130578][T11441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  408.145504][T11441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  408.164582][T11441] batman_adv: batadv0: Interface activated: batadv_slave_1
[  408.194211][T11441] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  408.209048][T11441] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  408.234907][T11441] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  408.261852][   T30] audit: type=1326 audit(1742594153.028:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11616 comm="syz.3.1781" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f361938d169 code=0x0
[  408.265040][T11441] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  408.411478][ T5960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  408.431112][ T5960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.467371][ T5960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  408.476297][ T5960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.841272][   T30] audit: type=1326 audit(1742594153.608:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  408.888777][   T30] audit: type=1326 audit(1742594153.608:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  408.911626][   T30] audit: type=1326 audit(1742594153.628:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  408.933743][   T30] audit: type=1326 audit(1742594153.638:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  408.964852][   T30] audit: type=1326 audit(1742594153.638:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  408.992865][T11631] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.004058][   T30] audit: type=1326 audit(1742594153.638:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  409.026610][   T30] audit: type=1326 audit(1742594153.638:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  409.049876][   T30] audit: type=1326 audit(1742594153.638:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  409.072708][   T30] audit: type=1326 audit(1742594153.638:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  409.094717][T11632] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.111941][   T30] audit: type=1326 audit(1742594153.638:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11627 comm="syz.1.1785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f696d38d169 code=0x7ffc0000
[  409.177780][T11634] netlink: 'syz.3.1787': attribute type 3 has an invalid length.
[  409.186472][T11631] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  409.191016][T11634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1787'.
[  409.426856][ T3484] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.666772][ T3484] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.875281][ T3484] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.019654][ T3484] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.125443][ T3484] bridge_slave_1: left allmulticast mode
[  410.132677][ T3484] bridge_slave_1: left promiscuous mode
[  410.138579][ T3484] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.147668][ T3484] bridge_slave_0: left allmulticast mode
[  410.153383][ T3484] bridge_slave_0: left promiscuous mode
[  410.159537][ T3484] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.622318][ T3484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  410.633435][ T3484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  410.646481][ T3484] bond0 (unregistering): Released all slaves
[  410.849412][T11639] uprobe: syz.3.1790:11639 failed to unregister, leaking uprobe
[  411.172041][ T3484] hsr_slave_0: left promiscuous mode
[  411.224873][ T3484] hsr_slave_1: left promiscuous mode
[  411.251538][ T3484] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  411.268334][ T3484] batman_adv: batadv0: Removing interface: batadv_slave_0
[  411.296883][ T3484] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  411.313437][ T3484] batman_adv: batadv0: Removing interface: batadv_slave_1
[  411.350706][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  411.362592][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  411.373681][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  411.383719][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  411.391802][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  411.402695][T11660] TCP: out of memory -- consider tuning tcp_mem
[  411.411009][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  411.466142][ T3484] veth1_macvtap: left promiscuous mode
[  411.471821][ T3484] veth0_macvtap: left promiscuous mode
[  411.477642][ T3484] veth1_vlan: left promiscuous mode
[  411.483087][ T3484] veth0_vlan: left promiscuous mode
[  412.350402][ T3484] team0 (unregistering): Port device team_slave_1 removed
[  412.413028][ T3484] team0 (unregistering): Port device team_slave_0 removed
[  413.193022][T11651] bridge0: port 1(vlan1) entered blocking state
[  413.199662][T11651] bridge0: port 1(vlan1) entered disabled state
[  413.207258][T11651] vlan1: entered allmulticast mode
[  413.212447][T11651] ip6gretap0: entered allmulticast mode
[  413.219568][T11651] vlan1: entered promiscuous mode
[  413.224644][T11651] ip6gretap0: entered promiscuous mode
[  413.232393][T11651] bridge0: port 1(vlan1) entered blocking state
[  413.239444][T11651] bridge0: port 1(vlan1) entered forwarding state
[  413.279370][T11690] bridge_slave_0: left allmulticast mode
[  413.315912][T11690] bridge_slave_0: left promiscuous mode
[  413.333276][T11690] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.374985][T11690] bridge_slave_1: left allmulticast mode
[  413.385928][T11690] bridge_slave_1: left promiscuous mode
[  413.391880][T11690] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.423287][T11690] bond0: (slave bond_slave_0): Releasing backup interface
[  413.438364][T11690] bond0: (slave bond_slave_1): Releasing backup interface
[  413.447718][ T5828] Bluetooth: hci0: command tx timeout
[  413.486089][T11690] team0: Port device team_slave_0 removed
[  413.502218][T11690] team0: Port device team_slave_1 removed
[  413.511668][T11690] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  413.520643][T11690] batman_adv: batadv0: Removing interface: batadv_slave_0
[  413.530177][T11690] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  413.538257][T11690] batman_adv: batadv0: Removing interface: batadv_slave_1
[  413.601161][T11691] team0: Mode changed to "loadbalance"
[  413.644554][T11695] netlink: 'syz.3.1811': attribute type 49 has an invalid length.
[  413.739866][T11698] mkiss: ax0: crc mode is auto.
[  414.089689][T11658] lo speed is unknown, defaulting to 1000
[  415.037135][T11724] overlayfs: failed to clone upperpath
[  415.916449][ T5828] Bluetooth: hci0: command tx timeout
[  416.028489][T11658] chnl_net:caif_netlink_parms(): no params data found
[  416.232218][T11658] bridge0: port 1(bridge_slave_0) entered blocking state
[  416.244502][T11658] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.268944][T11658] bridge_slave_0: entered allmulticast mode
[  416.294952][T11658] bridge_slave_0: entered promiscuous mode
[  416.322733][T11658] bridge0: port 2(bridge_slave_1) entered blocking state
[  416.330087][T11658] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.337513][T11658] bridge_slave_1: entered allmulticast mode
[  416.344676][T11658] bridge_slave_1: entered promiscuous mode
[  416.465996][ T2012] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  416.706044][ T2012] usb 7-1: Using ep0 maxpacket: 16
[  416.791790][ T2012] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  417.051658][T11658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  417.085608][ T2012] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  417.122702][T11658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  417.154703][ T2012] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  417.184728][ T2012] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.204430][ T2012] usb 7-1: Product: syz
[  417.234788][ T2012] usb 7-1: Manufacturer: syz
[  417.256796][ T2012] usb 7-1: SerialNumber: syz
[  417.278912][ T2012] usb 7-1: config 0 descriptor??
[  417.299381][ T2012] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  417.312360][T11749] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  417.320419][T11749] IPv6: NLM_F_CREATE should be set when creating new route
[  417.327746][T11749] IPv6: NLM_F_CREATE should be set when creating new route
[  417.337372][ T2012] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  417.348078][T11752] lo: entered allmulticast mode
[  417.364908][T11752] tunl0: entered allmulticast mode
[  417.375168][T11752] gre0: entered allmulticast mode
[  417.392779][T11752] gretap0: entered allmulticast mode
[  417.412956][T11752] erspan0: entered allmulticast mode
[  417.449693][T11752] ip_vti0: entered allmulticast mode
[  417.459026][T11752] ip6_vti0: entered allmulticast mode
[  417.478052][T11752] sit0: entered allmulticast mode
[  417.484530][T11752] ip6tnl0: entered allmulticast mode
[  417.506172][T11752] ip6gre0: entered allmulticast mode
[  417.755065][T11752] syz_tun: entered allmulticast mode
[  417.791230][T11752] ip6gretap0: entered allmulticast mode
[  417.800175][T11752] tipc: Resetting bearer <eth:bond0>
[  417.821575][T11752] bond0: entered allmulticast mode
[  417.841185][T11752] dummy0: entered allmulticast mode
[  417.966320][ T5828] Bluetooth: hci0: command tx timeout
[  417.996072][T11752] nlmon0: entered allmulticast mode
[  418.080811][T11752] caif0: entered allmulticast mode
[  418.117646][T11752] batadv0: entered allmulticast mode
[  418.207515][T11752] veth0: entered allmulticast mode
[  418.244951][T11752] veth1: entered allmulticast mode
[  418.313332][T11752] wg0: entered allmulticast mode
[  418.671100][ T2012] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  418.688829][ T2012] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  418.729432][T11752] wg1: entered allmulticast mode
[  418.764651][T11752] wg2: entered allmulticast mode
[  418.811811][T11752] veth0_to_bridge: entered allmulticast mode
[  418.832585][T11752] bridge_slave_0: entered allmulticast mode
[  418.850499][T11752] veth1_to_bridge: entered allmulticast mode
[  418.912341][T11752] bridge_slave_1: entered allmulticast mode
[  418.926683][T11752] veth0_to_bond: entered allmulticast mode
[  418.943900][T11752] bond_slave_0: entered allmulticast mode
[  418.950552][T11752] veth0_to_team: entered allmulticast mode
[  418.961098][T11752] team_slave_0: entered allmulticast mode
[  418.967897][T11752] veth1_to_team: entered allmulticast mode
[  418.977078][T11752] team_slave_1: entered allmulticast mode
[  418.984345][T11752] veth0_to_batadv: entered allmulticast mode
[  419.006450][T11752] batadv_slave_0: entered allmulticast mode
[  419.024313][T11752] veth1_to_batadv: entered allmulticast mode
[  419.042973][T11752] batadv_slave_1: entered allmulticast mode
[  419.067726][T11752] xfrm0: entered allmulticast mode
[  419.113659][T11752] veth0_to_hsr: entered allmulticast mode
[  419.127437][T11752] hsr_slave_0: entered allmulticast mode
[  419.136602][T11752] veth1_to_hsr: entered allmulticast mode
[  419.150740][T11752] hsr_slave_1: entered allmulticast mode
[  419.294082][T11752] hsr0: entered allmulticast mode
[  419.533515][T11752] veth1_virt_wifi: entered allmulticast mode
[  419.889775][T11752] veth0_virt_wifi: entered allmulticast mode
[  419.902447][T11752] veth1_macvtap: entered allmulticast mode
[  419.912062][T11752] veth0_macvtap: entered allmulticast mode
[  419.925062][T11752] macvtap0: entered allmulticast mode
[  419.945218][T11752] macsec0: entered allmulticast mode
[  419.968241][T11752] geneve0: entered allmulticast mode
[  420.004348][T11752] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.014404][ T5828] Bluetooth: hci0: command tx timeout
[  420.033160][T11752] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.037082][ T2012] em28xx 7-1:0.0: AC97 vendor ID = 0x00fc00fe
[  420.075748][T11752] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.084701][T11752] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  420.134092][T11752] geneve1: entered allmulticast mode
[  420.146514][ T2012] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[  420.155788][ T2012] em28xx 7-1:0.0: couldn't setup AC97 register 2
[  420.162568][ T2012] em28xx 7-1:0.0: couldn't setup AC97 register 4
[  420.170736][ T2012] em28xx 7-1:0.0: couldn't setup AC97 register 6
[  420.178439][ T2012] em28xx 7-1:0.0: couldn't setup AC97 register 54
[  420.182760][T11752] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  420.185221][ T2012] em28xx 7-1:0.0: couldn't setup AC97 register 56
[  420.202020][ T2012] usb 7-1: USB disconnect, device number 17
[  420.208719][T11752] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  420.230347][T11752] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  420.293697][T11752] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  420.331029][T11752] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  420.385200][T11752] bridge1: entered allmulticast mode
[  420.393431][T11752] veth2: entered allmulticast mode
[  420.419307][T11752] veth3: entered allmulticast mode
[  420.446566][T11752] bridge0: entered allmulticast mode
[  420.457326][T11752] ipip0: entered allmulticast mode
[  420.464143][T11752] bridge2: entered allmulticast mode
[  420.477315][T11752] gre1: entered allmulticast mode
[  420.488669][T11752] veth4: entered allmulticast mode
[  420.495154][T11752] veth5: entered allmulticast mode
[  420.525255][T11658] team0: Port device team_slave_0 added
[  420.546700][ T5875] lo speed is unknown, defaulting to 1000
[  420.560591][T11658] team0: Port device team_slave_1 added
[  420.648973][T11658] batman_adv: batadv0: Adding interface: batadv_slave_0
[  420.667564][T11658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  420.699748][T11658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  420.741857][T11658] batman_adv: batadv0: Adding interface: batadv_slave_1
[  420.758387][T11658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  420.824284][T11658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  420.945529][T11658] hsr_slave_0: entered promiscuous mode
[  420.952976][T11658] hsr_slave_1: entered promiscuous mode
[  420.961907][T11658] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  420.993688][T11658] Cannot create hsr debugfs directory
[  421.270205][T11794] netlink: 296 bytes leftover after parsing attributes in process `syz.1.1840'.
[  421.940721][T11658] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  421.984478][T11658] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  422.026965][T11658] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  422.065825][T11658] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  422.236309][T11658] 8021q: adding VLAN 0 to HW filter on device bond0
[  422.284299][T11658] 8021q: adding VLAN 0 to HW filter on device team0
[  422.321210][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  422.328466][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  422.357471][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  422.364673][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.900872][T11658] 8021q: adding VLAN 0 to HW filter on device batadv0
[  424.043408][T11658] veth0_vlan: entered promiscuous mode
[  424.074994][T11658] veth1_vlan: entered promiscuous mode
[  424.178549][T11658] veth0_macvtap: entered promiscuous mode
[  424.208487][T11658] veth1_macvtap: entered promiscuous mode
[  424.294017][T11658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  424.376172][T11658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  424.478515][T11658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  424.561906][T11658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  424.597051][T11658] batman_adv: batadv0: Interface activated: batadv_slave_0
[  424.610254][T11658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  424.726151][T11658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  424.796063][T11658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  424.850977][T11658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  424.871431][T11658] batman_adv: batadv0: Interface activated: batadv_slave_1
[  425.091825][T11658] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  425.468114][T11658] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  425.488078][T11658] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  425.505806][T11658] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  425.653732][T11893] overlayfs: failed to clone upperpath
[  426.155973][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  426.189505][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  426.247904][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  426.285720][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.031748][   T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.598556][   T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.795684][   T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.989269][   T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.228806][   T63] bridge_slave_1: left allmulticast mode
[  429.234827][   T63] bridge_slave_1: left promiscuous mode
[  429.241351][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.254271][   T63] bridge_slave_0: left allmulticast mode
[  429.265724][   T63] bridge_slave_0: left promiscuous mode
[  429.271653][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.814135][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  429.826226][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  429.841709][   T63] bond0 (unregistering): Released all slaves
[  430.843315][T11937] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1872'.
[  430.890918][T11942] overlayfs: failed to clone upperpath
[  431.151425][   T63] hsr_slave_0: left promiscuous mode
[  431.180259][T11950] fuse: Bad value for 'rootmode'
[  431.196033][   T63] hsr_slave_1: left promiscuous mode
[  431.202186][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  431.245893][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  431.281642][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  431.308096][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  431.428675][   T63] veth1_macvtap: left promiscuous mode
[  431.443953][   T63] veth0_macvtap: left promiscuous mode
[  431.455498][   T63] veth1_vlan: left promiscuous mode
[  431.499368][   T63] veth0_vlan: left promiscuous mode
[  431.585170][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  431.598243][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  431.607653][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  431.616670][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  431.627296][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  431.636208][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  432.320711][T11976] overlayfs: failed to clone upperpath
[  433.707757][ T5826] Bluetooth: hci0: command tx timeout
[  434.190963][T11997] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1893'.
[  434.657224][T12003] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1895'.
[  434.955282][   T63] team0 (unregistering): Port device team_slave_1 removed
[  435.043655][   T63] team0 (unregistering): Port device team_slave_0 removed
[  435.662527][T11997] vlan2: entered allmulticast mode
[  435.677430][T11997] bridge0: entered allmulticast mode
[  435.765665][ T5826] Bluetooth: hci0: command tx timeout
[  435.766756][T11997] bridge0: left allmulticast mode
[  435.884287][T11964] lo speed is unknown, defaulting to 1000
[  436.419475][T11964] chnl_net:caif_netlink_parms(): no params data found
[  436.567650][T11964] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.595419][T11964] bridge0: port 1(bridge_slave_0) entered disabled state
[  436.616783][T11964] bridge_slave_0: entered allmulticast mode
[  436.642537][T11964] bridge_slave_0: entered promiscuous mode
[  436.672705][T11964] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.695779][T11964] bridge0: port 2(bridge_slave_1) entered disabled state
[  436.703152][T11964] bridge_slave_1: entered allmulticast mode
[  436.717204][T11964] bridge_slave_1: entered promiscuous mode
[  436.798339][T11964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  436.832852][T11964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  436.926236][T11964] team0: Port device team_slave_0 added
[  436.932555][T12036] tipc: Started in network mode
[  436.961319][T12036] tipc: Node identity 7f000001, cluster identity 4711
[  436.990380][T12036] tipc: Enabled bearer <udp:syz2>, priority 10
[  437.011319][T11964] team0: Port device team_slave_1 added
[  437.080632][T12039] kvm: pic: level sensitive irq not supported
[  437.080849][T12039] kvm: pic: single mode not supported
[  437.087296][T12039] kvm: pic: level sensitive irq not supported
[  437.100643][T12039] kvm: pic: single mode not supported
[  437.110025][T12039] kvm: pic: single mode not supported
[  437.150781][T11964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  437.175666][T11964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  437.240891][T11964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  437.260940][T11964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  437.272348][T11964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  437.311385][T11964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  437.490352][T11964] hsr_slave_0: entered promiscuous mode
[  437.496920][T11964] hsr_slave_1: entered promiscuous mode
[  437.502989][T11964] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  437.511800][T11964] Cannot create hsr debugfs directory
[  437.725113][ T5876] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  437.845908][ T5826] Bluetooth: hci0: command tx timeout
[  437.887671][ T5876] usb 3-1: Using ep0 maxpacket: 16
[  437.908585][ T5876] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  437.929757][ T5876] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  437.946476][ T5876] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  437.966937][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.983965][ T5876] usb 3-1: Product: syz
[  437.988405][ T2012] tipc: Node number set to 2130706433
[  438.005216][ T5876] usb 3-1: Manufacturer: syz
[  438.017404][ T5876] usb 3-1: SerialNumber: syz
[  438.231821][ T5876] usb 3-1: 0:2 : does not exist
[  438.246901][ T5876] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  438.291647][T11964] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  438.297579][ T5876] usb 3-1: USB disconnect, device number 21
[  438.311130][T11964] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  438.331305][T11964] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  438.363695][T11964] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  438.383095][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  438.383116][   T30] audit: type=1326 audit(1742594183.148:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12071 comm="syz.6.1919" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74d198d169 code=0x0
[  438.449494][T11964] 8021q: adding VLAN 0 to HW filter on device bond0
[  438.469701][T11964] 8021q: adding VLAN 0 to HW filter on device team0
[  438.481749][ T6308] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.489022][ T6308] bridge0: port 1(bridge_slave_0) entered forwarding state
[  438.508614][ T9793] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.515818][ T9793] bridge0: port 2(bridge_slave_1) entered forwarding state
[  438.703294][T11964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  438.741524][T11964] veth0_vlan: entered promiscuous mode
[  438.754399][T11964] veth1_vlan: entered promiscuous mode
[  438.811280][T11964] veth0_macvtap: entered promiscuous mode
[  438.833617][T11964] veth1_macvtap: entered promiscuous mode
[  438.884057][T11964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  438.914816][T12080] overlayfs: failed to clone upperpath
[  438.923124][T11964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  438.936218][T11964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  438.954501][T11964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  438.974932][T11964] batman_adv: batadv0: Interface activated: batadv_slave_0
[  439.029804][T11964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.055736][T11964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.072990][T11964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.084634][T11964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.098456][T11964] batman_adv: batadv0: Interface activated: batadv_slave_1
[  439.113978][T11964] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  439.123536][T11964] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  439.144193][T12087] netlink: 'syz.2.1923': attribute type 1 has an invalid length.
[  439.146378][T11964] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  439.185248][T11964] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  439.338045][T12087] 8021q: adding VLAN 0 to HW filter on device bond2
[  439.449234][T12090] bond2: (slave veth9): Enslaving as an active interface with a down link
[  439.985631][ T5826] Bluetooth: hci0: command tx timeout
[  440.242953][T12087] bond2: (slave vlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  440.477574][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  440.484030][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  441.923263][ T9793] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.954903][ T9793] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.048694][T12111] overlayfs: failed to clone upperpath
[  442.631409][T11876] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.665684][T11876] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  443.008540][T12126] lo speed is unknown, defaulting to 1000
[  446.298230][ T5960] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.755425][ T5960] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.919319][ T5960] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.041734][ T5960] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.190349][ T5960] bridge_slave_1: left allmulticast mode
[  447.203870][ T5960] bridge_slave_1: left promiscuous mode
[  447.212115][ T5960] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.227130][ T5960] bridge_slave_0: left allmulticast mode
[  447.232957][ T5960] bridge_slave_0: left promiscuous mode
[  447.244587][ T5960] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.838852][ T5960] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  447.849700][ T5960] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  447.860488][ T5960] bond0 (unregistering): Released all slaves
[  448.333251][   T30] audit: type=1804 audit(1742594193.098:132): pid=12172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1951" name="/newroot/412/file0" dev="tmpfs" ino=2316 res=1 errno=0
[  448.408829][   T30] audit: type=1804 audit(1742594193.148:133): pid=12172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1951" name="/newroot/412/file0" dev="tmpfs" ino=2316 res=1 errno=0
[  448.456851][ T5960] hsr_slave_0: left promiscuous mode
[  448.505859][ T5960] hsr_slave_1: left promiscuous mode
[  448.511856][ T5960] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  448.525773][ T5960] batman_adv: batadv0: Removing interface: batadv_slave_0
[  448.546666][ T5960] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  448.565879][ T5960] batman_adv: batadv0: Removing interface: batadv_slave_1
[  448.608511][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  448.625960][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  448.635844][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  448.651743][ T5960] veth1_macvtap: left promiscuous mode
[  448.657765][ T5960] veth0_macvtap: left promiscuous mode
[  448.663338][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  448.670935][ T5960] veth1_vlan: left promiscuous mode
[  448.680310][ T5960] veth0_vlan: left promiscuous mode
[  448.686252][ T5828] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  448.695958][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  449.056596][T12189] netlink: 34 bytes leftover after parsing attributes in process `syz.6.1959'.
[  450.154848][ T5960] team0 (unregistering): Port device team_slave_1 removed
[  450.310277][ T5960] team0 (unregistering): Port device team_slave_0 removed
[  450.727012][ T5828] Bluetooth: hci0: command tx timeout
[  451.301303][T12221] overlayfs: failed to clone upperpath
[  451.328786][T12221] Invalid ELF header magic: != ELF
[  451.517304][T12223] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1972'.
[  451.944663][T12177] lo speed is unknown, defaulting to 1000
[  452.224620][T12237] netlink: 'syz.1.1978': attribute type 1 has an invalid length.
[  452.334132][T12237] 8021q: adding VLAN 0 to HW filter on device bond3
[  452.539175][T12245] bond3: (slave veth9): Enslaving as an active interface with a down link
[  452.592325][T12177] chnl_net:caif_netlink_parms(): no params data found
[  452.937588][ T5828] Bluetooth: hci0: command tx timeout
[  453.607295][T12237] bond3: (slave gretap1): making interface the new active one
[  453.623744][T12237] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  455.046906][ T5826] Bluetooth: hci0: command tx timeout
[  455.240020][T12177] bridge0: port 1(bridge_slave_0) entered blocking state
[  455.261837][T12177] bridge0: port 1(bridge_slave_0) entered disabled state
[  455.273189][T12177] bridge_slave_0: entered allmulticast mode
[  455.281170][T12177] bridge_slave_0: entered promiscuous mode
[  455.292467][T12266] netlink: 'syz.6.1985': attribute type 3 has an invalid length.
[  455.300721][T12266] netlink: 666 bytes leftover after parsing attributes in process `syz.6.1985'.
[  455.332983][T12177] bridge0: port 2(bridge_slave_1) entered blocking state
[  455.340849][T12177] bridge0: port 2(bridge_slave_1) entered disabled state
[  455.348590][T12177] bridge_slave_1: entered allmulticast mode
[  455.355876][T12177] bridge_slave_1: entered promiscuous mode
[  455.671912][T12177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  456.183866][T12177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  456.780329][T12177] team0: Port device team_slave_0 added
[  456.838534][T12177] team0: Port device team_slave_1 added
[  457.149558][ T5828] Bluetooth: hci0: command tx timeout
[  457.160052][T12177] batman_adv: batadv0: Adding interface: batadv_slave_0
[  457.188446][T12177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.170587][T12177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  458.263368][T12177] batman_adv: batadv0: Adding interface: batadv_slave_1
[  458.322145][T12177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  458.374750][T12177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  459.717096][T12177] hsr_slave_0: entered promiscuous mode
[  459.777229][T12177] hsr_slave_1: entered promiscuous mode
[  459.783957][T12177] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  459.827269][T12177] Cannot create hsr debugfs directory
[  460.078061][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  461.123926][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  462.051621][T12177] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  462.070439][T12177] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  462.089931][T12177] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  462.108746][T12177] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  462.154973][T12336] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  462.184374][T12336] kvm: pic: non byte read
[  462.202062][T12336] kvm: pic: level sensitive irq not supported
[  462.202200][T12336] kvm: pic: non byte read
[  462.233441][T12336] kvm: pic: level sensitive irq not supported
[  462.233563][T12336] kvm: pic: non byte read
[  462.272072][T12336] kvm: pic: level sensitive irq not supported
[  462.272222][T12336] kvm: pic: non byte read
[  462.306277][T12336] kvm: pic: level sensitive irq not supported
[  462.306681][T12336] kvm: pic: non byte read
[  462.337598][T12177] 8021q: adding VLAN 0 to HW filter on device bond0
[  462.386644][T12177] 8021q: adding VLAN 0 to HW filter on device team0
[  462.424450][T11871] bridge0: port 1(bridge_slave_0) entered blocking state
[  462.431659][T11871] bridge0: port 1(bridge_slave_0) entered forwarding state
[  462.447562][T11871] bridge0: port 2(bridge_slave_1) entered blocking state
[  462.454718][T11871] bridge0: port 2(bridge_slave_1) entered forwarding state
[  462.483892][T12177] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  462.517421][T12177] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  463.015832][ T5831] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  463.049087][T12177] 8021q: adding VLAN 0 to HW filter on device batadv0
[  463.175980][ T5831] usb 3-1: Using ep0 maxpacket: 16
[  463.190880][T12177] veth0_vlan: entered promiscuous mode
[  463.225478][ T5831] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  463.229862][T12177] veth1_vlan: entered promiscuous mode
[  463.343716][ T5831] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  463.377523][ T5831] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  463.389203][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.408949][ T5831] usb 3-1: Product: syz
[  463.413547][T12177] veth0_macvtap: entered promiscuous mode
[  463.418918][ T5831] usb 3-1: Manufacturer: syz
[  463.429805][ T5831] usb 3-1: SerialNumber: syz
[  463.449282][ T5831] usb 3-1: config 0 descriptor??
[  463.451935][T12177] veth1_macvtap: entered promiscuous mode
[  463.564868][ T5831] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  463.595209][ T5831] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  463.601737][T12177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  463.654211][T12177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  463.715295][T12177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  463.740050][T12177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  463.792415][T12177] batman_adv: batadv0: Interface activated: batadv_slave_0
[  463.867575][T12177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  463.919856][T12177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  463.969172][T12177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  464.010494][T12177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  464.046919][T12177] batman_adv: batadv0: Interface activated: batadv_slave_1
[  464.107827][ T5831] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  464.122395][T12177] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  464.133836][ T5831] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  464.153910][T12177] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  464.168616][T12177] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  464.183385][T12177] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  464.431315][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.461186][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.560959][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  464.615844][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  464.762647][T12374] delete_channel: no stack
[  464.772585][ T5831] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  464.781627][T12382] netlink: 'syz.3.2021': attribute type 10 has an invalid length.
[  464.830771][T12382] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2021'.
[  465.202159][ T5831] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  465.216252][ T5831] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  465.228501][ T5831] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  465.246046][ T5831] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  465.257512][ T5831] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  465.275039][ T5831] usb 3-1: USB disconnect, device number 22
[  465.569322][   T30] audit: type=1326 audit(1742594210.338:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74d198d169 code=0x7ffc0000
[  465.605767][   T30] audit: type=1326 audit(1742594210.338:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74d198d169 code=0x7ffc0000
[  465.657509][   T30] audit: type=1326 audit(1742594210.338:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74d198d169 code=0x7ffc0000
[  465.686088][   T30] audit: type=1326 audit(1742594210.338:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f74d1929359 code=0x7ffc0000
[  465.709399][   T30] audit: type=1326 audit(1742594210.338:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74d198d169 code=0x7ffc0000
[  465.739543][   T30] audit: type=1326 audit(1742594210.338:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f74d1929359 code=0x7ffc0000
[  465.786112][   T30] audit: type=1326 audit(1742594210.338:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74d198d169 code=0x7ffc0000
[  465.836088][   T30] audit: type=1326 audit(1742594210.368:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f74d1929359 code=0x7ffc0000
[  465.895172][   T30] audit: type=1326 audit(1742594210.368:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74d198d169 code=0x7ffc0000
[  465.919082][   T30] audit: type=1326 audit(1742594210.378:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12399 comm="syz.6.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f74d1929359 code=0x7ffc0000
[  466.271370][ T9810] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.762826][ T9810] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.853249][ T9810] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.931794][ T9810] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  467.012269][ T9810] bridge_slave_1: left allmulticast mode
[  467.018333][ T9810] bridge_slave_1: left promiscuous mode
[  467.024024][ T9810] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.033004][ T9810] bridge_slave_0: left allmulticast mode
[  467.038983][ T9810] bridge_slave_0: left promiscuous mode
[  467.044827][ T9810] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.518557][ T9810] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  467.530333][ T9810] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  467.541649][ T9810] bond0 (unregistering): Released all slaves
[  467.769008][ T9810] hsr_slave_0: left promiscuous mode
[  467.774932][ T9810] hsr_slave_1: left promiscuous mode
[  467.782893][ T9810] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  467.790994][ T9810] batman_adv: batadv0: Removing interface: batadv_slave_0
[  467.798985][ T9810] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  467.806531][ T9810] batman_adv: batadv0: Removing interface: batadv_slave_1
[  467.831354][ T9810] veth1_macvtap: left promiscuous mode
[  467.837584][ T9810] veth0_macvtap: left promiscuous mode
[  467.843171][ T9810] veth1_vlan: left promiscuous mode
[  467.848956][ T9810] veth0_vlan: left promiscuous mode
[  468.463398][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  468.475110][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  468.484336][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  468.512107][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  468.533037][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  468.549297][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  468.852104][ T9810] team0 (unregistering): Port device team_slave_1 removed
[  468.903315][ T9810] team0 (unregistering): Port device team_slave_0 removed
[  469.579060][T12425] syz.3.2038: vmalloc error: size 33554432, failed to allocated page array size 65536, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  469.597834][T12425] CPU: 0 UID: 0 PID: 12425 Comm: syz.3.2038 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[  469.597863][T12425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  469.597878][T12425] Call Trace:
[  469.597885][T12425]  <TASK>
[  469.597894][T12425]  dump_stack_lvl+0x241/0x360
[  469.597927][T12425]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.597949][T12425]  ? __pfx__printk+0x10/0x10
[  469.597988][T12425]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  469.598015][T12425]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  469.598045][T12425]  warn_alloc+0x278/0x410
[  469.598078][T12425]  ? __pfx_warn_alloc+0x10/0x10
[  469.598112][T12425]  ? xp_create_and_assign_umem+0x17b/0xc50
[  469.598141][T12425]  ? __get_vm_area_node+0x1c8/0x2d0
[  469.598164][T12425]  ? __get_vm_area_node+0x25c/0x2d0
[  469.598195][T12425]  __vmalloc_node_range_noprof+0x62f/0x1380
[  469.598222][T12425]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  469.598281][T12425]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  469.598318][T12425]  ? rcu_is_watching+0x15/0xb0
[  469.598341][T12425]  ? trace_kmalloc+0x1f/0xd0
[  469.598360][T12425]  ? __kmalloc_node_noprof+0x2ad/0x4d0
[  469.598380][T12425]  ? __kvmalloc_node_noprof+0x72/0x190
[  469.598410][T12425]  __kvmalloc_node_noprof+0x142/0x190
[  469.598436][T12425]  ? xp_create_and_assign_umem+0x17b/0xc50
[  469.598467][T12425]  xp_create_and_assign_umem+0x17b/0xc50
[  469.598511][T12425]  ? dev_get_by_index+0x23/0x2d0
[  469.598542][T12425]  xsk_bind+0x388/0xfe0
[  469.598576][T12425]  __sys_bind+0x1e4/0x290
[  469.598609][T12425]  ? __pfx___sys_bind+0x10/0x10
[  469.598654][T12425]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  469.598688][T12425]  ? do_syscall_64+0x100/0x230
[  469.598726][T12425]  __x64_sys_bind+0x7a/0x90
[  469.598758][T12425]  do_syscall_64+0xf3/0x230
[  469.598790][T12425]  ? clear_bhb_loop+0x35/0x90
[  469.598825][T12425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.598860][T12425] RIP: 0033:0x7f361938d169
[  469.598885][T12425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  469.598903][T12425] RSP: 002b:00007f361a2c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  469.598926][T12425] RAX: ffffffffffffffda RBX: 00007f36195a5fa0 RCX: 00007f361938d169
[  469.598942][T12425] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003
[  469.598955][T12425] RBP: 00007f361940e2a0 R08: 0000000000000000 R09: 0000000000000000
[  469.598969][T12425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  469.598981][T12425] R13: 0000000000000000 R14: 00007f36195a5fa0 R15: 00007ffd0b4cce98
[  469.599015][T12425]  </TASK>
[  469.599024][T12425] Mem-Info:
[  469.868781][T12425] active_anon:893 inactive_anon:22303 isolated_anon:0
[  469.868781][T12425]  active_file:19480 inactive_file:37699 isolated_file:0
[  469.868781][T12425]  unevictable:256 dirty:230 writeback:0
[  469.868781][T12425]  slab_reclaimable:10908 slab_unreclaimable:102089
[  469.868781][T12425]  mapped:28581 shmem:17803 pagetables:1031
[  469.868781][T12425]  sec_pagetables:0 bounce:0
[  469.868781][T12425]  kernel_misc_reclaimable:0
[  469.868781][T12425]  free:1265907 free_pcp:5236 free_cma:0
[  469.914664][T12425] Node 0 active_anon:2548kB inactive_anon:89212kB active_file:77848kB inactive_file:150796kB unevictable:512kB isolated(anon):0kB isolated(file):0kB mapped:114324kB dirty:920kB writeback:0kB shmem:69676kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11944kB pagetables:4124kB sec_pagetables:0kB all_unreclaimable? no
[  469.948083][T12425] Node 1 active_anon:1024kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:512kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  469.978479][T12425] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  470.005683][T12425] lowmem_reserve[]: 0 2490 2490 2490 2490
[  470.011539][T12425] Node 0 DMA32 free:1160760kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:2544kB inactive_anon:89180kB active_file:77572kB inactive_file:150744kB unevictable:512kB writepending:920kB present:3129332kB managed:2550312kB mlocked:0kB bounce:0kB free_pcp:4224kB local_pcp:3952kB free_cma:0kB
[  470.042711][T12425] lowmem_reserve[]: 0 0 0 0 0
[  470.047602][T12425] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:32kB active_file:276kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:368kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  470.074876][T12425] lowmem_reserve[]: 0 0 0 0 0
[  470.079778][T12425] Node 1 Normal free:3888104kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:1024kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:512kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:16120kB local_pcp:1212kB free_cma:0kB
[  470.109385][T12425] lowmem_reserve[]: 0 0 0 0 0
[  470.114128][T12425] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  470.126902][T12425] Node 0 DMA32: 46*4kB (UE) 38*8kB (UME) 68*16kB (UME) 159*32kB (UME) 54*64kB (UME) 64*128kB (UME) 28*256kB (UME) 12*512kB (UME) 19*1024kB (UM) 7*2048kB (UME) 268*4096kB (UM) = 1163144kB
[  470.146084][T12425] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  470.157768][T12425] Node 1 Normal: 11*4kB (UE) 52*8kB (UE) 53*16kB (UE) 232*32kB (UE) 48*64kB (UME) 4*128kB (UE) 8*256kB (UM) 12*512kB (UM) 7*1024kB (UME) 1*2048kB (E) 942*4096kB (UM) = 3888156kB
[  470.175897][T12425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  470.185474][T12425] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  470.194862][T12425] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  470.206952][T12425] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  470.216368][T12425] 74984 total pagecache pages
[  470.221079][T12425] 1 pages in swap cache
[  470.225273][T12425] Free swap  = 124812kB
[  470.229553][T12425] Total swap = 124996kB
[  470.233822][T12425] 2097051 pages RAM
[  470.237747][T12425] 0 pages HighMem/MovableOnly
[  470.242827][T12425] 427749 pages reserved
[  470.247123][T12425] 0 pages cma reserved
[  470.355139][T12428] lo speed is unknown, defaulting to 1000
[  470.387586][T12435] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  470.394928][T12435] IPv6: NLM_F_CREATE should be set when creating new route
[  470.453642][T12436] lo: entered allmulticast mode
[  470.491475][T12436] tunl0: entered allmulticast mode
[  470.523202][T12436] gre0: entered allmulticast mode
[  470.562301][T12436] gretap0: entered allmulticast mode
[  470.577728][T12436] erspan0: entered allmulticast mode
[  470.593902][T12436] ip_vti0: entered allmulticast mode
[  470.611103][T12436] ip6_vti0: entered allmulticast mode
[  470.623065][T12436] sit0: entered allmulticast mode
[  470.641678][T12436] ip6tnl0: entered allmulticast mode
[  470.658542][ T5828] Bluetooth: hci0: command tx timeout
[  470.799884][T12436] ip6gre0: entered allmulticast mode
[  471.184001][T12436] ip6gretap0: entered allmulticast mode
[  471.671967][T12436] bond0: entered allmulticast mode
[  471.745653][T12436] bond_slave_0: entered allmulticast mode
[  471.773673][T12436] bond_slave_1: entered allmulticast mode
[  471.797313][T12436] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  471.813241][T12436] team0: entered allmulticast mode
[  471.823446][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  471.823465][   T30] audit: type=1326 audit(1742594216.588:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12448 comm="syz.3.2046" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f361938d169 code=0x0
[  471.865632][T12436] team_slave_0: entered allmulticast mode
[  471.874252][T12436] team_slave_1: entered allmulticast mode
[  471.887021][T12436] dummy0: entered allmulticast mode
[  471.904921][T12436] nlmon0: entered allmulticast mode
[  471.912850][T12436] caif0: entered allmulticast mode
[  471.924338][T12436] batadv0: entered allmulticast mode
[  471.941823][T12436] veth0: entered allmulticast mode
[  471.942023][T12452] cgroup: Unknown subsys name 'cpuset'
[  471.951393][T12436] veth1: entered allmulticast mode
[  471.974383][T12436] wg0: entered allmulticast mode
[  471.993551][T12436] wg1: entered allmulticast mode
[  472.011692][T12436] wg2: entered allmulticast mode
[  472.027841][T12436] veth0_to_bridge: entered allmulticast mode
[  472.037805][T12436] bridge_slave_0: entered allmulticast mode
[  472.052279][T12436] veth0_to_bond: entered allmulticast mode
[  472.062828][T12454] ceph: No mds server is up or the cluster is laggy
[  472.065290][T12436] veth1_to_bond: entered allmulticast mode
[  472.127426][T12436] veth0_to_team: entered allmulticast mode
[  472.140132][T12436] veth1_to_team: entered allmulticast mode
[  472.197551][T12436] veth0_to_batadv: entered allmulticast mode
[  472.220223][T12436] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  472.241140][T12436] batadv_slave_0: entered allmulticast mode
[  472.269744][T12436] veth1_to_batadv: entered allmulticast mode
[  472.288914][T12436] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  472.298134][T12436] batadv_slave_1: entered allmulticast mode
[  472.318190][T12436] xfrm0: entered allmulticast mode
[  472.328533][T12436] veth0_to_hsr: entered allmulticast mode
[  472.339969][T12436] hsr_slave_0: entered allmulticast mode
[  472.361751][T12436] veth1_to_hsr: entered allmulticast mode
[  472.378418][T12436] hsr_slave_1: entered allmulticast mode
[  472.394449][T12436] hsr0: entered allmulticast mode
[  472.412477][T12436] veth1_virt_wifi: entered allmulticast mode
[  472.430506][T12436] veth0_virt_wifi: entered allmulticast mode
[  472.450903][T12436] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  472.470400][T12436] veth1_vlan: entered allmulticast mode
[  472.484404][T12436] veth0_vlan: entered allmulticast mode
[  472.615182][T12436] vlan0: entered allmulticast mode
[  472.620754][T12436] vlan1: entered allmulticast mode
[  472.628169][T12436] macvlan0: entered allmulticast mode
[  472.644523][T12436] macvlan1: entered allmulticast mode
[  473.195691][ T5828] Bluetooth: hci0: command tx timeout
[  473.564384][T12436] ipvlan0: entered allmulticast mode
[  473.580753][T12436] ipvlan1: entered allmulticast mode
[  473.697584][T12436] veth0_macvtap: entered allmulticast mode
[  473.723041][T12436] macvtap0: entered allmulticast mode
[  473.734569][T12436] macsec0: left promiscuous mode
[  473.784631][T12436] geneve0: entered allmulticast mode
[  473.804578][T12474] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2055'.
[  473.815965][T12436] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.828065][T12436] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  473.855032][T12436] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  474.230696][T12436] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  474.828066][T12436] geneve1: entered allmulticast mode
[  474.908444][T12436] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  474.966436][T12436] veth2: entered allmulticast mode
[  474.971784][T12436] veth3: entered allmulticast mode
[  475.004503][T12436] veth4: entered allmulticast mode
[  475.010899][T12436] veth5: entered allmulticast mode
[  475.024540][T12436] bond1: left promiscuous mode
[  475.030099][T12436] bond1: entered allmulticast mode
[  475.047101][T12436] ipip0: left promiscuous mode
[  475.073612][T12436] netdevsim netdevsim2 eth0: entered allmulticast mode
[  475.101321][T12436] netdevsim netdevsim2 eth1: entered allmulticast mode
[  475.108459][T12436] netdevsim netdevsim2 eth2: entered allmulticast mode
[  475.116068][T12436] netdevsim netdevsim2 eth3: entered allmulticast mode
[  475.123102][T12436] veth6: entered allmulticast mode
[  475.143083][T12436] veth7: entered allmulticast mode
[  475.215633][ T5828] Bluetooth: hci0: command tx timeout
[  475.316752][T12436] bond2: entered allmulticast mode
[  475.344423][T12436] veth8: entered allmulticast mode
[  475.375194][T12436] veth9: entered allmulticast mode
[  475.622396][T12495] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  475.940955][T12428] chnl_net:caif_netlink_parms(): no params data found
[  476.167357][T12428] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.180462][T12428] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.196698][T12428] bridge_slave_0: entered allmulticast mode
[  476.217001][T12428] bridge_slave_0: entered promiscuous mode
[  476.230037][T12428] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.245068][T12428] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.255126][T12428] bridge_slave_1: entered allmulticast mode
[  476.270786][T12428] bridge_slave_1: entered promiscuous mode
[  476.361005][T12428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  476.404183][T12428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.519664][T12428] team0: Port device team_slave_0 added
[  476.649096][T12428] team0: Port device team_slave_1 added
[  477.287068][ T5828] Bluetooth: hci0: command tx timeout
[  477.357616][T12428] batman_adv: batadv0: Adding interface: batadv_slave_0
[  477.371668][T12428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.462948][T12428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  477.494723][T12428] batman_adv: batadv0: Adding interface: batadv_slave_1
[  477.524469][T12428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.580850][T12428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  477.684699][T12428] hsr_slave_0: entered promiscuous mode
[  477.699903][T12428] hsr_slave_1: entered promiscuous mode
[  477.714449][T12428] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  477.743623][T12428] Cannot create hsr debugfs directory
[  478.112745][   T30] audit: type=1800 audit(1742594222.878:173): pid=12537 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.2071" name="/" dev="9p" ino=2 res=0 errno=0
[  479.224623][T12428] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  479.247887][T12428] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  479.328673][T12428] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  479.376429][T12428] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  479.692922][T12428] 8021q: adding VLAN 0 to HW filter on device bond0
[  479.784527][T12428] 8021q: adding VLAN 0 to HW filter on device team0
[  479.814139][ T5960] bridge0: port 1(bridge_slave_0) entered blocking state
[  479.821342][ T5960] bridge0: port 1(bridge_slave_0) entered forwarding state
[  479.889517][ T5960] bridge0: port 2(bridge_slave_1) entered blocking state
[  479.896707][ T5960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  479.984614][T12576] netlink: 'syz.3.2085': attribute type 1 has an invalid length.
[  480.102870][T12576] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  480.126115][T12576] bond1: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  480.138631][T12576] bond1: (slave vti0): making interface the new active one
[  480.146871][T12576] bond1: (slave vti0): Enslaving as an active interface with an up link
[  480.165269][T12576] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2085'.
[  480.177125][T12576] 8021q: adding VLAN 0 to HW filter on device bond1
[  480.693129][T12428] 8021q: adding VLAN 0 to HW filter on device batadv0
[  480.978575][T12428] veth0_vlan: entered promiscuous mode
[  480.996948][T12428] veth1_vlan: entered promiscuous mode
[  481.111404][T12602] xt_nat: multiple ranges no longer supported
[  481.912660][T12428] veth0_macvtap: entered promiscuous mode
[  481.998108][T12428] veth1_macvtap: entered promiscuous mode
[  482.083235][T12428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  482.104783][T12428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.128357][T12428] batman_adv: batadv0: Interface activated: batadv_slave_0
[  482.150968][T12428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  482.174265][T12428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.207149][T12428] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.285747][ T5876] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  482.430419][T12428] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  483.545679][ T5876] usb 3-1: Using ep0 maxpacket: 16
[  483.555694][ T5876] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  483.566165][ T5876] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  483.579272][ T5876] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  483.795680][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.803740][ T5876] usb 3-1: Product: syz
[  483.810709][ T5876] usb 3-1: Manufacturer: syz
[  483.815334][ T5876] usb 3-1: SerialNumber: syz
[  483.820347][T12428] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  483.865751][T12428] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  483.898075][T12428] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  484.191760][ T9793] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.221509][ T9793] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.317563][ T5960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.358107][ T5960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.526950][ T5876] usb 3-1: 0:2 : does not exist
[  484.573796][ T5876] usb 3-1: USB disconnect, device number 23
[  485.333996][T12636] overlayfs: failed to clone upperpath
[  488.636438][T12642] ------------[ cut here ]------------
[  488.642474][T12642] refcount_t: underflow; use-after-free.
[  488.736328][T12642] WARNING: CPU: 0 PID: 12642 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[  488.745981][T12642] Modules linked in:
[  488.750002][T12642] CPU: 0 UID: 0 PID: 12642 Comm: syz.1.2105 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[  488.760899][T12642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  488.771168][T12642] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[  488.777850][T12642] Code: c0 e1 7f 8c e8 d7 bc 93 fc 90 0f 0b 90 90 eb 99 e8 6b 01 d4 fc c6 05 97 15 38 0b 01 90 48 c7 c7 20 e2 7f 8c e8 b7 bc 93 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 48 01 d4 fc c6 05 71 15 38 0b 01 90
[  488.797838][T12642] RSP: 0000:ffffc900039178c0 EFLAGS: 00010246
[  488.803924][T12642] RAX: a468194e8a315900 RBX: ffff88807c56cdd0 RCX: 0000000000080000
[  488.812157][T12642] RDX: ffffc9000c649000 RSI: 000000000007ffff RDI: 0000000000080000
[  488.820253][T12642] RBP: 0000000000000003 R08: ffffffff81819d62 R09: fffffbfff1d3a69c
[  488.828302][T12642] R10: dffffc0000000000 R11: fffffbfff1d3a69c R12: dffffc0000000000
[  488.836823][T12642] R13: 1ffff1100aa37080 R14: 1ffff1100f8ad996 R15: ffff88807c56ccb0
[  488.844835][T12642] FS:  00007f696e1a86c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  488.855272][T12642] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  488.862368][T12642] CR2: 0000001b2fb17ff8 CR3: 0000000032df2000 CR4: 00000000003526f0
[  488.870705][T12642] DR0: 0000000000001000 DR1: 00000000ffffffff DR2: 0000000000000002
[  488.878970][T12642] DR3: 8000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  488.887783][T12642] Call Trace:
[  488.891105][T12642]  <TASK>
[  488.894070][T12642]  ? __warn+0x165/0x4d0
[  488.899008][T12642]  ? refcount_warn_saturate+0x15a/0x1d0
[  488.904612][T12642]  ? report_bug+0x2b3/0x500
[  488.909571][T12642]  ? refcount_warn_saturate+0x15a/0x1d0
[  488.915472][T12642]  ? handle_bug+0x60/0x90
[  488.921301][T12642]  ? exc_invalid_op+0x1a/0x50
[  488.926449][T12642]  ? asm_exc_invalid_op+0x1a/0x20
[  488.931528][T12642]  ? __warn_printk+0x292/0x360
[  488.936656][T12642]  ? refcount_warn_saturate+0x15a/0x1d0
[  488.942255][T12642]  io_send_zc_cleanup+0x121/0x170
[  488.947654][T12642]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[  488.953252][T12642]  io_clean_op+0x58c/0x9a0
[  488.958024][T12642]  ? __io_submit_flush_completions+0xa9f/0xd20
[  488.964230][T12642]  __io_submit_flush_completions+0xc16/0xd20
[  488.970803][T12642]  ? __pfx___io_submit_flush_completions+0x10/0x10
[  488.977446][T12642]  ? io_req_task_complete+0xec/0x1a0
[  488.983160][T12642]  ? io_notif_tw_complete+0x337/0x350
[  488.989058][T12642]  io_handle_tw_list+0x473/0x500
[  488.994059][T12642]  tctx_task_work_run+0x9a/0x370
[  488.999127][T12642]  tctx_task_work+0x9a/0x100
[  489.003761][T12642]  ? __pfx_tctx_task_work+0x10/0x10
[  489.009113][T12642]  ? _raw_spin_unlock_irq+0x23/0x50
[  489.014358][T12642]  ? lockdep_hardirqs_on+0x99/0x150
[  489.019634][T12642]  task_work_run+0x24f/0x310
[  489.024257][T12642]  ? __pfx_task_work_run+0x10/0x10
[  489.029478][T12642]  ? futex_wait+0x285/0x360
[  489.034035][T12642]  ? __pfx_futex_wait+0x10/0x10
[  489.039028][T12642]  get_signal+0x15d1/0x1720
[  489.043576][T12642]  ? do_mprotect_pkey+0xbda/0xdd0
[  489.049312][T12642]  ? l2tp_mt_check6+0x80/0x1b0
[  489.054142][T12642]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  489.060260][T12642]  ? __pfx_get_signal+0x10/0x10
[  489.065164][T12642]  arch_do_signal_or_restart+0x96/0x860
[  489.070838][T12642]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  489.077114][T12642]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  489.083537][T12642]  ? syscall_exit_to_user_mode+0xa3/0x340
[  489.089845][T12642]  syscall_exit_to_user_mode+0xce/0x340
[  489.095461][T12642]  do_syscall_64+0x100/0x230
[  489.100148][T12642]  ? clear_bhb_loop+0x35/0x90
[  489.104890][T12642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.110864][T12642] RIP: 0033:0x7f696d38d169
[  489.115300][T12642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.135116][T12642] RSP: 002b:00007f696e1a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  489.143634][T12642] RAX: 0000000000001000 RBX: 00007f696d5a5fa0 RCX: 00007f696d38d169
[  489.151663][T12642] RDX: 0000000000000000 RSI: 00000000000047bc RDI: 0000000000000007
[  489.159682][T12642] RBP: 00007f696d40e2a0 R08: 0000000000000000 R09: 0000000000000000
[  489.167716][T12642] R10: 0000000000000021 R11: 0000000000000246 R12: 0000000000000000
[  489.175751][T12642] R13: 0000000000000000 R14: 00007f696d5a5fa0 R15: 00007ffe833ce5f8
[  489.184142][T12642]  </TASK>
[  489.187557][T12642] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  489.194847][T12642] CPU: 0 UID: 0 PID: 12642 Comm: syz.1.2105 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[  489.205615][T12642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  489.215702][T12642] Call Trace:
[  489.219009][T12642]  <TASK>
[  489.221940][T12642]  dump_stack_lvl+0x241/0x360
[  489.226628][T12642]  ? __pfx_dump_stack_lvl+0x10/0x10
[  489.231833][T12642]  ? __pfx__printk+0x10/0x10
[  489.236436][T12642]  ? _printk+0xd5/0x120
[  489.240602][T12642]  ? __init_begin+0x41000/0x41000
[  489.245645][T12642]  ? vscnprintf+0x5d/0x90
[  489.250033][T12642]  panic+0x349/0x880
[  489.253947][T12642]  ? __warn+0x174/0x4d0
[  489.258114][T12642]  ? __pfx_panic+0x10/0x10
[  489.262552][T12642]  __warn+0x344/0x4d0
[  489.266568][T12642]  ? refcount_warn_saturate+0x15a/0x1d0
[  489.272131][T12642]  report_bug+0x2b3/0x500
[  489.276471][T12642]  ? refcount_warn_saturate+0x15a/0x1d0
[  489.282029][T12642]  handle_bug+0x60/0x90
[  489.286202][T12642]  exc_invalid_op+0x1a/0x50
[  489.290734][T12642]  asm_exc_invalid_op+0x1a/0x20
[  489.295602][T12642] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[  489.301787][T12642] Code: c0 e1 7f 8c e8 d7 bc 93 fc 90 0f 0b 90 90 eb 99 e8 6b 01 d4 fc c6 05 97 15 38 0b 01 90 48 c7 c7 20 e2 7f 8c e8 b7 bc 93 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 48 01 d4 fc c6 05 71 15 38 0b 01 90
[  489.321406][T12642] RSP: 0000:ffffc900039178c0 EFLAGS: 00010246
[  489.327500][T12642] RAX: a468194e8a315900 RBX: ffff88807c56cdd0 RCX: 0000000000080000
[  489.335495][T12642] RDX: ffffc9000c649000 RSI: 000000000007ffff RDI: 0000000000080000
[  489.343485][T12642] RBP: 0000000000000003 R08: ffffffff81819d62 R09: fffffbfff1d3a69c
[  489.351552][T12642] R10: dffffc0000000000 R11: fffffbfff1d3a69c R12: dffffc0000000000
[  489.359533][T12642] R13: 1ffff1100aa37080 R14: 1ffff1100f8ad996 R15: ffff88807c56ccb0
[  489.367518][T12642]  ? __warn_printk+0x292/0x360
[  489.372343][T12642]  io_send_zc_cleanup+0x121/0x170
[  489.377430][T12642]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[  489.383025][T12642]  io_clean_op+0x58c/0x9a0
[  489.387486][T12642]  ? __io_submit_flush_completions+0xa9f/0xd20
[  489.393668][T12642]  __io_submit_flush_completions+0xc16/0xd20
[  489.399682][T12642]  ? __pfx___io_submit_flush_completions+0x10/0x10
[  489.406204][T12642]  ? io_req_task_complete+0xec/0x1a0
[  489.411505][T12642]  ? io_notif_tw_complete+0x337/0x350
[  489.416901][T12642]  io_handle_tw_list+0x473/0x500
[  489.421859][T12642]  tctx_task_work_run+0x9a/0x370
[  489.426815][T12642]  tctx_task_work+0x9a/0x100
[  489.431414][T12642]  ? __pfx_tctx_task_work+0x10/0x10
[  489.436625][T12642]  ? _raw_spin_unlock_irq+0x23/0x50
[  489.441842][T12642]  ? lockdep_hardirqs_on+0x99/0x150
[  489.447067][T12642]  task_work_run+0x24f/0x310
[  489.451678][T12642]  ? __pfx_task_work_run+0x10/0x10
[  489.456802][T12642]  ? futex_wait+0x285/0x360
[  489.461328][T12642]  ? __pfx_futex_wait+0x10/0x10
[  489.466200][T12642]  get_signal+0x15d1/0x1720
[  489.470714][T12642]  ? do_mprotect_pkey+0xbda/0xdd0
[  489.475759][T12642]  ? l2tp_mt_check6+0x80/0x1b0
[  489.480547][T12642]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  489.486543][T12642]  ? __pfx_get_signal+0x10/0x10
[  489.491415][T12642]  arch_do_signal_or_restart+0x96/0x860
[  489.496985][T12642]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  489.503173][T12642]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  489.509206][T12642]  ? syscall_exit_to_user_mode+0xa3/0x340
[  489.514967][T12642]  syscall_exit_to_user_mode+0xce/0x340
[  489.520545][T12642]  do_syscall_64+0x100/0x230
[  489.525164][T12642]  ? clear_bhb_loop+0x35/0x90
[  489.529870][T12642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.535783][T12642] RIP: 0033:0x7f696d38d169
[  489.540214][T12642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  489.560110][T12642] RSP: 002b:00007f696e1a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  489.568549][T12642] RAX: 0000000000001000 RBX: 00007f696d5a5fa0 RCX: 00007f696d38d169
[  489.576535][T12642] RDX: 0000000000000000 RSI: 00000000000047bc RDI: 0000000000000007
[  489.584602][T12642] RBP: 00007f696d40e2a0 R08: 0000000000000000 R09: 0000000000000000
[  489.592582][T12642] R10: 0000000000000021 R11: 0000000000000246 R12: 0000000000000000
[  489.600576][T12642] R13: 0000000000000000 R14: 00007f696d5a5fa0 R15: 00007ffe833ce5f8
[  489.608578][T12642]  </TASK>
[  489.611923][T12642] Kernel Offset: disabled
[  489.616341][T12642] Rebooting in 86400 seconds..