last executing test programs:

1m31.961239245s ago: executing program 3 (id=224):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180000002c000100000000000000000004000080040010"], 0x18}], 0x1}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000640), 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r5}})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r7 = openat(r6, &(0x7f0000000000)='./file0\x00', 0x10880, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000040)={0xc, <r8=>0x0})
ioctl$IOMMU_IOAS_COPY(r7, 0x3b83, &(0x7f0000000080)={0x28, 0x3, 0x0, r8, 0x9, 0x8000000000000001, 0x3ff})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r5, 0x3b87, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = gettid()
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702a0ffff0d1400bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r11, 0x2000012, 0xffe, 0x0, &(0x7f0000000c40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x43, 0x9, 0xffffffff, 0x25dfdbfd, {0x1}, [@typed={0x8, 0x2, 0x0, 0x0, @pid=r10}]}, 0x1c}}, 0x44850)
ioctl$SIOCSIFHWADDR(r4, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})

1m31.060042576s ago: executing program 3 (id=232):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x4, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0xff, @remote, @local, {[], {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0xc2, 0x0, 0x0, 0x10, {[@mss={0x1e, 0x4}]}}}}}}}}, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040)=0x7)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x82825)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r4, 0xc0684113, &(0x7f0000000300)={0x0, 0x200, 0x4, 0xe, 0x3, 0x9, 0x7, 0xf2, 0x9, 0xffffff98, 0xfffffffe})

1m30.169795231s ago: executing program 3 (id=243):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_TABLE(r0, 0x0, 0xd1, &(0x7f0000000f80)=0xfd, 0x4)
r1 = syz_io_uring_setup(0x19f2, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x8000000}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff04, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb0100180000000000000010000000100000000200000000000000ff000001"], 0x0, 0x2a, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0)
sysfs$1(0x1, &(0x7f00000001c0)=',.){!%+[}\':\xe5^@^\x00')
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc2c45512, &(0x7f0000000380)={{0x7, 0x1, 0x7, 0x7, 'syz0\x00', 0x3}, 0x0, [0x3, 0x2, 0xfd4a, 0x5, 0x1, 0xffff, 0x0, 0x1000, 0x8a1d, 0x200, 0x6, 0xd41, 0x4, 0x1000, 0x4, 0x0, 0x9, 0x3, 0x1, 0x7ffffffd, 0xf5, 0xc, 0x1ff, 0x1, 0x1, 0x800, 0x7, 0x800, 0x2, 0x6, 0x8, 0xff, 0x7f, 0x6, 0x3, 0x1, 0x4f0, 0xf, 0x14000, 0x8, 0x8001, 0x4, 0x9, 0x515d4e05, 0x7, 0x7, 0x1, 0x8e8, 0x1ff, 0x4, 0xf, 0x9, 0x1, 0xa7, 0x76, 0xffff, 0x0, 0x1, 0x80000001, 0x7, 0x7f, 0x8, 0x2a, 0x8, 0x7fff, 0xfff, 0x80, 0xb, 0x5, 0xb, 0x5, 0x401, 0x8001, 0x9, 0xe116, 0x4, 0x1, 0x3, 0x2, 0x1, 0x101, 0xffffffff, 0x4, 0x8, 0x6, 0x2, 0x3, 0x9, 0x67cd, 0x3, 0x2, 0x4, 0x5, 0x4, 0x10001, 0x4, 0x215, 0x10001, 0x40, 0x7fffffff, 0xa, 0x819, 0x4, 0x8, 0x2, 0x0, 0x400, 0x4, 0x80000000, 0x3, 0xfff, 0x4, 0x5, 0xc, 0x4, 0x4, 0x45e, 0x80000000, 0x10001, 0x6, 0xc, 0x0, 0x1, 0x5, 0x8, 0x6, 0x2, 0x3]})
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r4, 0x0})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x2, 0x101840)
r6 = dup3(0xffffffffffffffff, r5, 0x0)
r7 = syz_io_uring_setup(0x1e1e, &(0x7f0000000280)={0x0, 0x3c3d, 0x2000, 0x2, 0x0, 0x0, r6}, &(0x7f0000002000)=<r8=>0x0, &(0x7f0000000000)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r7, 0x48e9, 0x0, 0x2, 0x0, 0x0)
memfd_secret(0x80000)
r10 = socket$inet_smc(0x2b, 0x1, 0x0)
r11 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
ioctl$TCSBRKP(r11, 0x5425, 0x0)
ioctl$TCSETSW2(r11, 0x5425, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r10, 0x6, 0x1d, &(0x7f0000000040)={0x85, 0x1, 0x6d6a, 0x0, 0x284}, 0x14)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040e0488072040e6e88d56a96a02f7c428d23a7d08ff511c1c989c3bb1f1cfa1570a4fed8d36f237e058"], 0x7)

1m30.107546049s ago: executing program 3 (id=244):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
syz_open_dev$tty20(0xc, 0x4, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x402, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4004841}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0xb)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000180), r0)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB='\f\x00yz1\x00\x00\x00\x00'], 0x20}, 0x1, 0x0, 0x0, 0x8801}, 0x20000000)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
keyctl$join(0x1, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000300)=ANY=[@ANYBLOB="000202bc00000000ff0200000000000000000000000000011f927cc9ebed174550015b2983f6a5ecdd457a349cd04776a07aaed5bbdb3cb33bfd1c4bc19ed6fb21a1aa40b2c3c8fd1e69e0f495d60e5aa5dd7149fa92fc8c8348260355f91d01fad16316b516ba553027e8066232aa79a1b0fbf96dbe4fb3d9972f6cef01631c7ef84fb4740edc7e9773569eba301ab8c12a72ffb2de065ac7d0c9d6fad8f7656912088ebd998e2739acdd9748a4c93f8a949b5dd2bc4e8c4c8617c071c9104faa7c4dd1326bd18963e441aefcf948a3f0b7ab1dc5a9c6a750af"], 0x18)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000480)=0x9, 0x4)
socket$can_bcm(0x1d, 0x2, 0x2)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r7=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r5, r7, 0x25, 0x0, @void}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000000000000000000000000001800000008000000000000006e14000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m29.181420742s ago: executing program 3 (id=253):
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0xa000000, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})

1m29.181140626s ago: executing program 3 (id=254):
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0x9, 0x1]}, 0x8)
write(r0, &(0x7f0000000100)="b8c09346f45aa33f68e24109c401dc42c05c96e7abf14ba6b311c0602ba3f86e8bcb5902f322e693fdc676de7b459ba2de64bd98d24d5f5216d7869fca3ce63a9de1822193292a55f7464b2b6ec13b44818804d65eee98552f354d8f985373233c69ac0896611da45bcce7b2049ce7b75855f89063fa2748f05742ba5a551983e4094a6c5f170e0044dab74c7d94440407ed9a9b68d5ea4b919ff34f6b4d7f75c44de4eed91143ef46e68c005901b8ef9c114a78b36fad24e99e3f7eae627272582ef5ca9450291d0b26afd2c30ece76c7c2f33d6e0bba6f61794ad5eaad3b8dd4a6e26e0e0d527fd92cd2f1b49d0b9cf9ecf365f1", 0xf5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = epoll_create(0x10001)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x108000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

1m14.050602966s ago: executing program 32 (id=254):
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0x9, 0x1]}, 0x8)
write(r0, &(0x7f0000000100)="b8c09346f45aa33f68e24109c401dc42c05c96e7abf14ba6b311c0602ba3f86e8bcb5902f322e693fdc676de7b459ba2de64bd98d24d5f5216d7869fca3ce63a9de1822193292a55f7464b2b6ec13b44818804d65eee98552f354d8f985373233c69ac0896611da45bcce7b2049ce7b75855f89063fa2748f05742ba5a551983e4094a6c5f170e0044dab74c7d94440407ed9a9b68d5ea4b919ff34f6b4d7f75c44de4eed91143ef46e68c005901b8ef9c114a78b36fad24e99e3f7eae627272582ef5ca9450291d0b26afd2c30ece76c7c2f33d6e0bba6f61794ad5eaad3b8dd4a6e26e0e0d527fd92cd2f1b49d0b9cf9ecf365f1", 0xf5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = epoll_create(0x10001)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x108000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

39.49167332s ago: executing program 0 (id=421):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
close(0x3)
socket$packet(0x11, 0x2, 0x300)
setuid(0xee01)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) (async)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4) (async)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) (async)
close(0x3) (async)
socket$packet(0x11, 0x2, 0x300) (async)
setuid(0xee01) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) (async)

32.097839779s ago: executing program 0 (id=421):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
close(0x3)
socket$packet(0x11, 0x2, 0x300)
setuid(0xee01)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) (async)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4) (async)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) (async)
close(0x3) (async)
socket$packet(0x11, 0x2, 0x300) (async)
setuid(0xee01) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) (async)

24.787053458s ago: executing program 0 (id=421):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
close(0x3)
socket$packet(0x11, 0x2, 0x300)
setuid(0xee01)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) (async)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4) (async)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) (async)
close(0x3) (async)
socket$packet(0x11, 0x2, 0x300) (async)
setuid(0xee01) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) (async)

17.501487078s ago: executing program 0 (id=421):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
close(0x3)
socket$packet(0x11, 0x2, 0x300)
setuid(0xee01)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) (async)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4) (async)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) (async)
close(0x3) (async)
socket$packet(0x11, 0x2, 0x300) (async)
setuid(0xee01) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) (async)

9.968558673s ago: executing program 0 (id=421):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
close(0x3)
socket$packet(0x11, 0x2, 0x300)
setuid(0xee01)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) (async)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4) (async)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) (async)
close(0x3) (async)
socket$packet(0x11, 0x2, 0x300) (async)
setuid(0xee01) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) (async)

6.930344527s ago: executing program 4 (id=852):
mkdir(0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x28, 0x1, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000019c0)=@delchain={0x24, 0x66, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff2}, {0x0, 0xb}, {0x0, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x70bd2c, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x6, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x800000}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
write$sndseq(r3, 0x0, 0x0)
poll(&(0x7f0000000080)=[{r3}], 0x1, 0x100)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000001140)={0x80, 0x1})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r4)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x2c, r5, 0x431, 0x70bd28, 0x0, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20b73b172a619a9c}, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0)
writev(r7, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac7102d000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r9 = getpid()
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x3000)=nil)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r11, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r9, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5.490226599s ago: executing program 4 (id=856):
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x7ffffffffffffd9, 0x80)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
poll(0x0, 0x0, 0xffffffff)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x2c, 0x3d, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x79, 0x0, 0x1, [@nested={0x4, 0x17}]}]}, 0x2c}}, 0x4c000)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000400)=ANY=[@ANYRESDEC=r0, @ANYBLOB="10a1db0705d67a71467f929729fa70fd2093f984590f794bd32169d38b", @ANYRESDEC=r2, @ANYRESDEC=r3, @ANYRESOCT=r2, @ANYRESDEC=r5, @ANYRESOCT, @ANYRESDEC], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x47, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r6, 0x28, 0x2, &(0x7f0000000180)=""/55, &(0x7f0000000000)=0x37)
chdir(&(0x7f00000003c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

4.552504522s ago: executing program 4 (id=861):
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
socket$netlink(0x10, 0x3, 0x6)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="1400000001070700000000000900000001000005"], 0x14}, 0x1, 0x0, 0x0, 0x48801}, 0x20004000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000200)={0x3, &(0x7f0000000040)=[{0x4, 0x3, 0x9, 0x40}, {0x9, 0x3, 0x4}, {0x0, 0x4, 0x40, 0xb9}]})
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000180)=0x800001, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0x80045300, 0x0)
tkill(0x0, 0x7)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x6, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r7 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r5, 0x5)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
accept4(r5, 0x0, 0x0, 0x800)

3.110122352s ago: executing program 4 (id=879):
syz_io_uring_submit(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000004c00)={{0x1, 0x1, 0x18, r0, {<r1=>0xee01, 0xffffffffffffffff}}, './file0\x00'})
getsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000004c40)={@multicast1, @multicast1, <r2=>0x0}, &(0x7f0000004e80)=0xc)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, <r4=>0x0}, &(0x7f0000000280)=0x5)
setresuid(0x0, r4, 0xee01)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000005080)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000005040)={&(0x7f00000050c0)=ANY=[@ANYBLOB="780100001700eb0828bd7000fcdbdf25fe8000000000000000000000000000bb000004d63300000064010102000000000000000000000000ac1414bb000000000000000000000000ff0200000000000000000000000000014e2410004e2400000a00808032000000", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="fe8000000000000000000000000000aaac1414aa0000000000000000000000004e2100004e230000020000002e000000", @ANYRES32=r2, @ANYRES32=r4, @ANYBLOB="0900000000000000cd0c00000000000000ffffffffffffffff0100000000000009000000000000000900000000000000ffffff7f00000000001000000000000006000000000000007be600000000000004000000000000000b00000000000000f8fa0000b86b6e000000000305000000050000007e0b00002cbd70002c001300e0000002000000000000000000000000ac1e0101000000000000000000000000000000000a00000028000000000000000000000000000a0101020000000000000000000000000a000000000000000000e7e06ae177f9820ae559971b81b735126dce37ea28af723769dfd1"], 0x178}, 0x1, 0x0, 0x0, 0x4000000}, 0x2804)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f0000004d80)=[{{&(0x7f0000000300)=@nfc_llcp, 0x80, &(0x7f0000000780)=[{&(0x7f0000000100)=""/53, 0x35}, {&(0x7f0000000380)=""/144, 0x90}, {&(0x7f0000000440)=""/86, 0x56}, {&(0x7f00000004c0)=""/255, 0xff}, {&(0x7f00000005c0)=""/88, 0x58}, {&(0x7f0000000640)=""/102, 0x66}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/164, 0xa4}, {&(0x7f0000002a00)=""/254, 0xfe}], 0xa, &(0x7f0000002b00)=""/4096, 0x1000}, 0x59}, {{&(0x7f0000000900)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000004c80)=[{&(0x7f0000000280)=""/62, 0x3e}, {&(0x7f0000000800)=""/52, 0x34}, {&(0x7f0000003b00)=""/4096, 0x1000}, {&(0x7f0000004b00)=""/186, 0xba}, {&(0x7f0000004bc0)=""/12, 0xc}, {&(0x7f0000004dc0)=""/182, 0xb6}], 0x6, &(0x7f0000004cc0)=""/178, 0xb2}, 0x2e63}], 0x2, 0x102, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x3, 0x7ffc1ffb}]})
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @local, 0x6}, 0x1c)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r8, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
writev(r8, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r8, 0x1)

2.380089009s ago: executing program 0 (id=421):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
close(0x3)
socket$packet(0x11, 0x2, 0x300)
setuid(0xee01)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}}, 0x24004000) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000001240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="3d25ab555b19c4cbd00170850800", 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r6, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) (async)
setsockopt$inet6_tcp_int(r6, 0x6, 0xa, &(0x7f0000001100)=0x4, 0x4) (async)
sendto$inet6(r6, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) (async)
close(0x3) (async)
socket$packet(0x11, 0x2, 0x300) (async)
setuid(0xee01) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) (async)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) (async)

1.250211475s ago: executing program 2 (id=884):
r0 = syz_io_uring_setup(0x10c, &(0x7f0000000300)={0x0, 0x6b9f, 0x80, 0x0, 0x289}, &(0x7f0000000280)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000025c0)=ANY=[@ANYBLOB="0c2200003c000701fbffffff00000000047c0000700038801552a6c5b89cd1d7231de6eab8ac363d986df1455e1e0f7fdd1e0423f4c03a1693f6d8c8cdc8443e51aa7eeff341fdeb07dc60b40610838f6f22d0729e927c20d317540622f50c7601e536161b213ced88ef66839eff52c123a3613d5e20539d14fa35263e7d2b855b947df2bc0624909425eb9f5763a4cd776620963b78d3cc46ded3e65a64788d45d28eb224dc5a72063989211938203b83f0f1e5a75f50b4de3f29ce2af7b27b7d392fd8db3ffec7cb675c1c7aafeb86eb6ac2b3300881d33cae66daff95f4ae574de2138d7b5117796d6a1ff958dfc489734e9cec64ca8632bbe21e6376b9cf5d924df6f750af9a7ef28fbdd3925abe2be08e1a7b6ebd4999890b97da2fede4c507b8f6a554fb8f53652d82c7edf8efe063a893901ee5d5a39e2463b4f247514d457f2e98204d14d07f8dd0109700bc32b9c82ccbb2983ca7afe0360e3d571db34f9b51a08fdfe524ee438aae66759e329c1cab7bc6fa73a6e09d792caf4bcd51157be5489271a39256430548b6d28ffc65c2d42ba4fdef440fcd2582075bd7f71f24de9dbf622160514ff6f77436b68db4e5bccf79b815b32caac65db04d642ed2c1184d84b9640d57ac0d0fbc5f80dc57c735f8325ca7324d5061b19dd6d2924f505eabdd2e29e777ee33d6bb2308bfc3d20cd67c620d40fecfe623ccc74b1e9473fb48f5731b9c7983cf098aaa43418aede9c0e5c48b1452fdacb2d351d346c9611acea353e81eb3703b3b4b2236346eaf8e9072a898a848713f59aeb1184f2054a325c27ba9e7d6e932296c2513b5190ef832047428bef792ff4e3bb5d9360389e6dae4314eaaf7655d8b67a9ea52dd9d3ff06a621dedb7f81e3d40570453af4f938d1da3e837a02de240db9d8032c653230e44e7d78b3fdc5fee1082ff1d7fcc929f9ba07d508510219c02af12e1d419dd2d3bcd2f245ab044260760a4367edee3ff5d6cfbe4da0647930c04dab52a669c8eff0778771a69acf8947f1c83c1558270db6659b7a162b42b37e452d35622ac39a689c53e82eb42e65b34eeff4393ba660e9a0db6f538856d8c6b055a43c79464d3267957311476ffceb0a419bb576927c282c1a752369aaf99f9377f75da6c3e619c0f709b48741466b46f4250bc1d5222dfbeea4e0e29dc2b86d536360a0c4f5c001416d91b485039ec0331ba3c02b96d1b071f96bf60c8927a0784b5f37c27d8d0382b0aab6b6d0ef7180c22503cd26c8b353542bd1b134ab658ea89c56bb4ca0a2cd89d23cbe2929dc0239303b14462e2fbd1c0661bdc1996dd939a71ce2712a215ca2ed13efa78f15f6c44e8f90ba7fe7fc620e45eaa9ca59241522a59a9f9d013db815432f7dfda56f0310faf2e00a39acebb20b263ca247b81469581276dcbab6885c7e4bc860edb72f735c06b9bc8e9178e79e2b71d12c1a2e40062341f234e3961bc9636bbf19ad81c5b15181e3733d1033f24335f4f8dfbe0f1509c8369b40ef7b4e737856b8c87cfd386496d8a83875fce1f2f386e7433145c9399b53020bdb93531f6a476a469a9315302c3789c8e9aa824d2fa7d2d8d1ea3fde77df92f5a1c4372341965c0d0e6cfc2207ac0eeeb9b46e7b790442b86bbb1e0ae7a05347ea68217c9c46206783e2ceb2e3073f202c1cf4d3808a552d9318c36b6b88ba0f364c0b45792f3cce11c804bb358614c0c308c5ca6a462443c0a84d8646ec4ec36bf3e229e02a1f84290e5b7764de207b30964940e94600c1c43551ef315d72edaab1a0ec3e5ca41fa4ed9351dc8eb1b3079a663e76b99efb08bd562fb39caec44c7d2a0e917c2483f81c8ffc0a11a07293fa850a33a96a6c53eb8e9152096af4e3baf37b9b27bd24f5163612c03dc215671acdf1e1cd83fe2a97b0c2dd332c90672a2b57b63266eb8c6cfc3a134c2e715f53fa3be62aad0e7313d9626283ccfcea211a8f3839f96e8e488cbc06a3fa08291b7f20c2d51e536ab520d23bc8a3089340f5b4d6cff877b43d804038e39ef838cd05e424f9a993c834b7c482e448acb1d092086250bd60d163445a3d1c0aa37b2c48847d19a7881d499a72383918c57b79cfa6b9dbc6e678d465745f0a4f92ef4da516c555a8b8208fc9a818179bba5d7d44726ab5483a020f59981d511a9ef41c7f72859c35ddb6c1c0047bfddb54a01b8a1dcd8cb05349885e00af9b8910d29267d3c8eaa039b6ada72f990b4f6897d729f2f7d9086d8d5ede7eab9ba656a6eed1302dd2dfd19e4d38bcef7ae45a61d5668662cf74b371769e7a8f6bc4957805459d28d24c953b82904e3c483fb48d28b755eaffd82ed424655b45e5c0ed20dc7440742109a77da35244e291f4e983778ef7877b9d8b409329c7bae40119057543f93bce0329cd7d672b933aef6a9b8bec603b8f403426ed64d3fc0cbd2257442db1b045298f5b1141cc29d011ac77b25f8a2ad926b5e5196b922e4717c289e9f538aafc8432a186df5d14a2422a0b00ba416cf5cd3caaff42acaf5737c7d75240d4fccfe2eb52c56ab510c76040daff61e8a1c25a47a5bb8cf58a90ce9e5d75d5e453e1d070fb971ea4ecee5ef504b4bc57fdd87ed94812151bfdb9867ffed118034908aadca2df3e1fdc1e79510857db0f8cc1e284bf21af053ba13debe4d813dd4ff1ca8d60c7a652073e300112a203d7195d6644a1bb7e9a5feccac3bf0222faff456c2c0a52c5c764a0daa49824580f6831560ecdb3b61272b4b75bf4516970b51b69c8230165f6fad774683320dcfa2b92b98f86b9b78a77c1ac4ebe85b7c29ad89dc348004fd767c8f9975361c355eba9a3b7d7d7cd487023e84ab7f6e3126f392c816b15fba75ac14fab138f9edc089374387021d70830b3aa8ae700f4ef3b0689856162b3c580e7f3f998695ab325ba30b45ea71fa7d11b7adb7d2383def2494a7781303dc52e93664a181d1c9fc02ad84945610b6daf2c814e42b9db81bda6909f5901ba3d239973d3ed434382b88132acdbfc674b60e6bd7d6d87da50abb2af99568f261b0306f5ee076ee5d169f0451415cec845fd904f02a38a85ccc1b9872ce258db17a5af45529ad9052ac407a2e97ae8c171530b078193796485d24802e44bf660a59d570f29315ad7cc4029ceeb3ec18bf562cf7cfc7d78bdf5dc7837e51226f7e3c2a786296775dba2c262f761e7bd6b95bd38a62a73d7a24776f551215b3a2cbfea650d6bb246ee6a9e0cc47d1494eda68b6bea55205788caaa0bbd31b5d75d7a43201e4606d371306e8b4ab072d646bfc24e1a4b3dc62b1af85f498bd590634977e2b7f29ddcadbeb8190f3f80fcd26c0c4665e0241d55c78c446d79d024be201ff1569c5f0cfb48877ad34b8e9bae59945b514b363e184042ab7c956246b17812c137887ccf607c12f5fa5554d384a0bbd1a55353dd5349c33a7140bb2463b5345c8553b76fd273a37ed445b8b8f89d9fdc6c0fe96e88e157b4ccb205eb0b9c46cb42e3f1553827be1ab73fa2e513832392c09fae715fc75342bcd9a090c157c09d6b353b9a70dae82e9f01b4bd84c03697ed4e5ecbd70a78dcf41ed5114caf6491c0f1bd1bb7938607c4f78e8a9be87dffd41d75fd41a46d539b43fb6d51c53bef6edccbce961c08fc4e82b0b2adbe78cbd57dbd011c16b4ac171163a2d8e36d502d7fe970ef1cf7d4aa7a557c943d3d5be1797fb2e95e5b008cddabb72cfed3ca7c4dad53ec364f110044ae42513f419854f9b480e14dfa736fcb3c81ee82838dacb4abf0ae62c56d7d8b9582a8b344121bbd70707d13749b83c6a1c69212e1c59ad80d92e1802a45cfebc0e934887245000c877745a4df662ba042100469844d49c997b3bf24a3f74e13412c060ea34ca94a52e7369228033ecd0e6b2b11236295641a244e2180da6f9f227ba866f705e0061e40c534d29b0809ea863ee7db3e1970b7b341a9427bb1401535b6da0663baf25c94e807cd44e303b90a7ffea7fafc419623f32e1c9538bd7af351247cc218d652a761687f005e36401c486ae72ef659455f48931c15cd624b9052b3487acbdfb6c7eb8d19bc41bf0f43132f9917a101d0f88d836a183232b4f921601ef20083111e844ac199c1732af4f2237d6be392bfef9be9ad340f355bafdb66654b704a8159af568bc4acfe7867fea4f9a9f24fdad637f967d21553eb6fe6a2043851f9d508db790afd915e877f42d8e3d380464a9fc798404bfb9df70398173abbc5b699083fd22a9e5ca2f6c5dcb1d048a00d27a62109dc9953e9e162205f6da8b65cc3fca7f35213a99e9697547993164a13c8fa9ef8b3b6e0c0c2e313ceb4374e02df40a4996e1f3dc73b10d20da54957ac5784cca612748485e8dc9d9381788a9ab2f5fb4660d97ed94e3c4b11b1e7f75460c38259870e1212f3c4ec8ef2c47d45152c69c16010349283983fc745096c88eb7e5b6184eea3c0499b2b912f6d3526ff22acead7056c3da016ce6d5f7dcecc41b73a8d47002c8235d8a37aef52e99093dbf65085b45572d8348348c692bb69bb6066973b263ef27b1c952c00db237202b4349309e4bfb10b185eca6c7075ff4db14f1a8a0b424fa0e8ae846138cd44c73bedc21ba007381fd5961b94d77071b7476b053f9829f2259f7920d3fc06207d94c995a5506005a0837502150880c3efb58cc249220f6a87cb1fc6cea322c19b1e9f6e5edf6732e0c74ca80c0e00e5b69e654890bc327ee3412f755a5e83aa939e26e4a9413182f103edb10616ec94bef1178c10c068a154f6a34227a1ee15a5360864e49f17fc9922acb7cd1c45250866c5bc4d115049d84a72362b000bc92dd38618b667e26cdab989d38c1baecb5af240c9701fb2d730f13b3b2f78442173b31fa99da5366cae8e338aa9d5ac2eefec6f12764326a1033ae7cbb39262722196ed80537ce54e459e4c3e43b1ecf47a80379ebb4c2774ba3c786dbc6cf3971dc20c00b45b8e6d34a31c2bf044cb8d2463158b061ad562d7fb4c0b671511f1cb66adf6d9ec96a26a244462dac63bd0f6b59e2177bab44b659725794a76f255dcbb3e87cfda8096e9daa4039a5ee96d6152a6dfba5a6d5e3678de7763c1c499edf6608fe6fd5f2934c002ffcdfa5bbb50b497f38e0d3b22f511635b69cc73b08156f479afba6eff38b960465871b5b700342ebc1bc55fdaefbce160ff1b1f1475bd0023cb7ad89b6aba58177f82bc534dea79a88d3afdcb39685d1b4c16b651b14638a192eee8f1038c12fd1326ccb4e4f61c96b7afb83a318b1d265f172ac15b49adcf22aae5aa3932f23cd5201b5df08d08726f074d2ed9612f6b9b78d8ec17277b1e941779d78b7899d7db8b39454e485f4310d0ddb435d82dfb8ed9d56f592ac39b4f5b8dbd976b34129e127edd5231fdd92d18ef01ceff50453dfe484e852b489816377bbf53b45191f9c06640172bd5b893021a218f986f054c6793b0995f14b28fb1828d23dc94735ed4337be158fba02800ef84c8bde0d6fbc42ad9402a5a3d43ee02dba66a238863ea8053760e293d9bbf24f6ca48803ee98b4340c5afa28d8b72f830922c54ed6efff0d5b2db05a0e00df9cbdc8a3fa266033d4fe164cf12f9cebdeedf2719532228ab6552d8d25971fb804df7a6ce4a9f013c61faed5af135dfac515cee42da42944c33281105ead082f4bde4ab792d4cd0e9492176a5beda516417e85334bb873a4423de67e0eb2e56feaad8c6b3c9402facad086df1ece8573d7c426962c7d13b08c54bb83d39ee65fc90e87f36f7a4f094a0744fc25156125724900b3da3f72af2c2ceccca03d44dac25fbdc221e0eed578402133c8a04116f5ec49bb45f4a07f4b823beea1add55146a787fd7fb8870c60ed28f4fc59cbea349a90d10bbad37a5118ede5bd1e7f8297862cbe37dff66306d0ea495e9082c460ec16e5c2a8dd2e8a4937c8f5cd7f8c13eb970a3b8af2399decc236aec9e3f373e9bef89fdacc1be8e0489684d2024e1a3003282731fa5e93ccc47427213d0fac8f767fd26bc44c84ca619a966c685aa8c1e3e4f31f551b8b1f03844c165b92e6f784cc2f8aff93437239b1f22f9d81cad80456e80c23d9c057a070983da17580226fbb3c6e00ce491a31504a98ca0817f075f9fb1ef0bfc541ef9876fe4c41035d3eabc0c17c05e852d7cb2315893412085cf76c92cc00719ea49db6e2b5e15279e85a40d99483295cc51564d5ae1d5a526e29743292f775dd2f74a29766b12bbc5bc82761e074e2840d0508004600e0000001af3ce3e4ea4986e180e89ba787e21f4b3161021388f730bfb3afca42766a2a7b2680321ae8f2590507d76ad3979bcb844f706db5abfa589a3695ed26cca85f9a86ab56e613a5a7112516b8fbda086d9c730edd31c6432b4ee74e3397c6352f1720a778d604190d76cfd0d3863ad66e939dd0430ae9454ab735400a1ca4cae1d07f3d0de8d0a7747a9136da214b99aa4390a7b956f2dbb0d8fcd4c2bdad1cbc4f38f07d2776406ae00ea73959bfaba6b3daf043fde3dd35ac72e571cb83692ba7f4610ce645c7a235ca7a61bf2a7907914f92864dcc023b5101c9c8c2f43fefd3f5cb9e64a111148fa41a435b7f201482d0b2af625749f6a3b7ef24b4d3baf765dec8b5f0f110d2c3fe9b2293ef121e798400867caff26177577ae4ba9747a8613ac9d80160cafa8dfe5e6f8cbf7b537d53f2a347a41c056161fe44fca0980d6928ec27506a8c4dd28390d6c7bb4fd2bb609c102c9530fffa804f8aea8ed17e4bcbe8b07498776ee8a9af7595783b17b325252e45bdc120310664f5bf2592391261143764a025be1e837b1edd02ff2f595ec50f9b9af484ceed986f634365d1cb7e1498aa3c993b008cda14eb8bd8136ecbb529acff517f69a8da0f9676395b9139c55b06b013e5b77faf94d7a683ff1f564cafeffad343f44d43e8ccdf23d2e655d905d4e9b96706d83384abe057b6a8a2535eeb5a9961c329230cd31952b26e41fb933e7dd2b8b4ed5179304caee9e449a4d06ee79765cd5251004f16b6ff166865632e0f4010464cfa18081d4c3aefb3880f572ff8ea48a1cedefd5ccf13543a86ac6b7470cf9d9e09ad2432aed66487db3cc3a10b1c2cb7a87f199c1aa282f84481fb761b1280e21bf612cdae1dafadcdfb396bc837219774f2ecffa2b73e335740163816c6270970378d5bf0168983cec9e25ef8bff4b471a2eb85619ab505b4ac22404206a9e4a594496bb10145d95b455eed68e7224fc072db21baf03316438b2dc60cc84e397c604a6ce4cdf8627dcf454cfbca1af88acb39a187537f5c63347f966f4dd52a276534658a66628e0f30f8b0999163db9bf032c79ca7ef99207ad52bc57a6f6b637ccc7ec0068c5f85f9761bb37f2b995f1cfd997756dd46568b16368acc2f47b4102bc81d474fa8efb22f314b91121014bc0c480d1f2fbb51ecb06844888e62e52a5d1e7152e306e9e803b56b14868dc3be81de2914b42d3dcc2dd473ce1ac7d93b6e2bba9327827ec030edd79269fbc6d68e59750f577985cf5b04665535800700b16853200a31d69fe5333d7728264d6cd825685a3e75ab1f346eaccb42858a395d3b571dfa5116e14153403c86f96f90221aeafdcc2d8ad0ddd65c5091d1c455ea17386e1559448948eee73eceb22f3c85dca6f72e0d99e1706a0a194e951767ce38d1e1b1446bffcf741a3e3b6d998ba9993755e57726b96c91eb9a1d3eef877c0bdb0b72a4c2cd7a27ab2e224a7af9f206d9524052ba8ba98a006affda2e37c3809996ac29f54585e9797e1a733081ef4e9a039d28aec39ce999516a4695c09d64feb6c283193d4749ca07b1b16fb843b0d1df94df992865d66e1f02d706f30a2fc80e5e59fdabb4c43941216bc82951252bd0fb8ce5add071fe1dde6313cff3da9364c2e088dcfe54eeaff7045e045d817ba85a91de42135502db1632d4729f86fccde11ab26ec03f8bd883ea04a3d577ded9153ed211575d66c01fa2ef815dd03799aa9a29c43ba50d7de705c4b0558dce77a16c9a5bc15fb50f473eeabd9776f22f7bfdd77b406929ffcdbf3802ed30d286e666f18e40117ac423e002e2f65a9b7d2f41bc84a7d4790de9ddb0caa837fb0f21b630f09387effa689faac566d7d3d1b4bd22ffd8a4541b6389a567d94ad418f2105e75dcf5374ea942d864e77ab5fd92ac59a774367afd2c0637c7873a0bee4fe2feef690dc43a72152e3c3703b65e3f19d81043185699b961f4038d8185a654b4e413e13f916889d67cf3f16f6d7b79ea3f15df1b03112ef320201800fac31f14cd394543dc7d11dd2ebc23ced45fae4379e2f77e698868d9f05551c99ab0fa1ee7df42340ea5a05c2673cf900a055c94ff03ff2eefcfbce6787ddbd3e08f13306985c8a2fb42fdef057618a8add9a8780c7f8efed7de3595abc2e3ffd031a5261c0ceaec346c8457f9963d444ecdd7fd4732e1804e01bd927024fde15867aab9119a5a04250bdfae329ae1e1a51068663f79de7bc5bdad97db30a10cce01df4d9e9269e3bea3b17af073a0aa2c855c5e102de9f73372bc42cd81fe1fcf9b74b866c5385fd1983b1b8db4d263457d9311af7816143be684ed0e20421055f7b0faa4819a44835573e798b784261832d049f969fd5bbdacdcb9576c428c730aa328aedcff796d6d57c3b3bd8417b6bd47395115830f4a8e2e8195726cf4ae683e486bdeb8659d6b606eccfb8519d7f90af8ca9ba47c75301168857898fa6106924242d074fe4cce33cfb56c586f37a3709c0d68d9b651f2475cf363f79451076a86bb1fd491d9ed1009074a49dfccb24c5795dc4b75c5b75789fbcf0d1c1e630baa0e9e9047416da3ad14cef5357b0302d47d4d3f68810c10a35e8827b059477d02c100d8948a0dfc975473a6943c4affb6c8dffb93e28b63e97cdda3733013eb4dec503f63bb5652be25c4dc999cfedc313d0e9ab26cbb75ebe636ebce726734c3014300050ea3862fb274f716e209b4d2fa7c26ef5fe6de194f7102583e0a432ebed65e35a966eeb41d3fe6f78a05b7fccf2212797699738f8b3bf78f05069f4528bb22474abda35dbdcd752352ed811658aff70fff56cd54725a7c0bbf2badee0cacda35e5fe068d5b77e70575dbf1d15722ec770f7bc153f0ce6d523357b73dd552abb53463cf75181731ccf3ff4be468b39d3e1a42c6015f5813e490c7d13337d8115a1a65147dfcca5f18217af80bad0ecd8017fd541c2bf0a1d6c48e336c5946ef3bab7ffc16197731d58a01bf898250ffaf73c0a2a75a387277c6e2701bc2b2cb30ff67e35c7fba22f14008103380ced18e6579e8c3e322a5350146b7edcb9812bfbd4b69a886c81891dfdbcd733de0bec5c3bb3b625f5481c617c1575365645fe4921160cf8cef1b2edd9b68535ca8cd92a766a9bc361c5eb593ffbd1dc20882e411b1b501435e9e3d0d98174fbd3fcf5d2eceabb17dffddcb1a02e72698f3f47a64723e650bf680943d9075a758090798e1c1b75efa9d045a101904a0ad569c59e4673e751075e5240f7a9109525962f64462e465e7840bdf343148b7c221193baa7ab093fce472eadd9abf9bcedb54868a2bce9af694c5c11eb4bd3bdb210c1a4e4acd0a89835fd979342a40d432fd412df2dbf079110b82ddf5887ba857e1d99d84caaaf1a4173f29123906f80e2891e757f0df2b8dd741554cb21fd2101612fc0927fd91d9582038031b353b0b0094ccceefc830ae7971d95cde8f74167549d3bf5390d506e9be1017781f3261f74270f6faddac30624c41c9e955a39c0c89e8fa25ce8013b5fab46f30fa2b5dbaee9f879d9c372f2c11a4415c1893bd44dd01b4fd5e267515bfd5ced5e2a3bfe25460438b8dd70e4ebe9f81be347db73fb1ffd076d59de0958e5fc716d4c3c0d012f358f7c9b00805ea2aafbfbac574a0acb4e7c0a1325da75dccb548a067ba30189277ce22ed79ef32168a88cb47a9103a8591b92911dd9a3b9c1085145ec8991c95109dbed8f6d693313172009380e831a4fd67f407abddfe8128d9f12e4695fb1b648529030588a707fa4670df096942f6fcd4ecaa8ba5f9bc4e575f2d9f902d10502552ed33b01caf6b6f747c2a46ab13c8e509406283037398e660df73c6e80a7666adc8477dafa081323bd2fe91f7a953527a98ce22a35452fd6923752a7103d1be08f12648b6416c5dfc923d1c783a093024644fc00bec72b599f9528307983d165db3a83b2d812c223b4603a37565c112187df33c2c5a08d41bdc4a49e717a88cacf2fc96288d1de5d9dc45a4e2c4a8593a274f45128241ff7df994d2cf7a60993da11028c160b4dbe0935b34958bd0ddda196e0e2dc28b32e0d54f41f2fb3cf0b3c71538aa54a1b0336bfa217d84d386ae33bd1ae60dc23bc45af5772d9488634f78128a1230c9e09c1347814075cbf7820e75ef6642c796154c3390f46ec596ca816f4cc4ad798a33813abadf78de5aaed54d0c2951d9ac44a7796b749defb85f1b4ce460f9fb138fb7c14c636cd5205852e087a6c2d9872a4afb90794e99337e076f1078ef0671cf7a3988267a2ace50e2494781ba5ca2980793d1e8462ad161d2ddc19967ca0129b06e9b56c6ebcdeb639c664b44fa4c559c3d45146b609ebe49df3f7ef6435d78b7e8d331e13c770dc0a7f64a98be17103697344469624491695360ea54de5a923a3d71d38478bec0b3b6d0fe9036967ea076af95d8175eb4e8672cadae81bfaf97150040c271128d945ca498726b7574f43c0c14d67b9c36b638a84495cd7d0039fba12c14542995ac206f57c7786a4856435f14b744eee5fbfda805f1ca92ddbe5c6e158527eea8a81babe9d5338ee9fb1a574ff0159c33a5abe03d5bc4da3fc590aa0f7205e3bf0af94a6589d2ed42d54dbc68c8f1fe235ddb878ea0094a6634b33d87762386dd09ad68ccc746669f6e0b679877a07cbc839266f6ec2ad01ec34e3ee5b12c3411c356e134324e2be19d7656a6cc2d999633e04c06cd77351f542e35ef68beda378d6c8393d0f3ad81ede159d603a0456833095e37b7f6baaa4e52106f4d9a86a9e12a5f4c5c0a7853e4be450a119bd57168eee4512bb271dc8144eb1456ea2fdba8259387b6839c9cf9e1fc17e84e1e048a2a8532b5574452b9981ed1bd30b6c485fc4b2a86954a76950bca1c8cae91cba6d5e2d00ba259fea38ad9eae4951e0753092b6a9123ab682dff4e6a5275dab5bee0c6ff8a8566f9e31d98db2376c4cff1bf92ee00978834343cbd3e98d5545cd2940b7b2f6a6e0089578d3233c0740d994d41ca55361e969ac4a7ab4c0cee074c56721645527ae7d928ebdf77d24f520990bcb8d0996e78972ec2dbd56a8b4f5da7b6da3046dde3a2eadac27bed86ec76bb860fe054a17f1ae4a884899b3ce2a69de5729a42c228bb7608d401d1f027b27b8a1993598ec23d203b56991efb5987a2c4c7175e3429c180150cf6de87390ece3a294b77080e1ac7585674f4a979bbe7a489ca14fb5384cd12de54605cdfac80751ef1cd687ae9eedc883302c12017e6e6a009e02785b406df4e954a6e448276d37206a221f974531fb201434a076f80b7d9ec51d3437e2d4011dc64036e126279396bfff95b36f0326e57c0ad7a08990428bb7d98c22fd668d292c26b007c41ecd2f39ab2c544e86b457622a56f0b41533394e814dcf309d92dd33ab49723f7404749d33b75023078dbf51305f4feeacd187cabd83308423e34e0b8299549a80d40ad1d88b2305e52a3b47a10e3c7fe4a27182abbd633586b1ea80f78468f0f69acb901e13033220e7f747e8e73ba19717743647751107c06ed83ce30beb068d7f715433fd19f1726e1399075ba195bd407a081975c3d50b6c0144f2c37e53e7b747c7795e935dea4157e99c98fe80bb72c14ab78b7cdf95d2922baaba24b763343aa82330c43f911f0e96abcd63366c7ff25787fa33d5f68759d311ff22c03076e5d88edcd247a452960fa698d9998952e91af51b3f354c1ef9f0e84337753c38abd06f42dcefaf2f580248d11d65e12f7754c9808005f00"/8567, @ANYRES32=r0, @ANYBLOB="8e0010800c00220000000000000000000800c2005b000000d24210b2dc0f80d357db570e1d8e666643073ef226e1bc7adaa2cebf7ceb76a06ab45c4201b240e6d43f5c5131d2d4cbb016b63fa0505f3eb2a6e76ec07b0a73244b86a36eb5d70950f7481d143245103e4aa2deabf58c580508cf70a3cba56d9013772d87996a96b6dd6a46abdadad08cd28258dc72000000"], 0x220c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r4)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x1c, r5, 0x1, 0x0, 0x0, {0x4}, [@L2TP_ATTR_CONN_ID={0x8}]}, 0x1c}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x118, &(0x7f0000000000), 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x87a767c3723f047e})
io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0)

1.249914715s ago: executing program 4 (id=885):
r0 = syz_open_dev$cec(&(0x7f0000000340), 0x0, 0x20800)
ioctl$CEC_RECEIVE(r0, 0xc0386106, &(0x7f0000000380)={0x2, 0x800, 0x81, 0xfffffffa, 0xc0000000, 0xb889, "4ba6d3d373851f6d7abdc9a95c3e021b", 0x9, 0x8, 0x67, 0x7, 0x38, 0x80, 0x4})
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0), 0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prlimit64(r3, 0x1, &(0x7f00000001c0)={0x3, 0x8}, &(0x7f0000000280))
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
getsockopt$TIPC_IMPORTANCE(r6, 0x10f, 0x7f, &(0x7f00000006c0), &(0x7f0000000700)=0x4)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newspdinfo={0x24, 0x24, 0x103, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x24}}, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYBLOB="1709000000000000000001000000050007000000000008000900000000001400200000000000000000000400ffffe000fd6e08000a0000000004060002000100000014001f"], 0x5c}, 0x1, 0x620b}, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8)
close(r1)

1.249590779s ago: executing program 1 (id=886):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x8, &(0x7f0000000240)={[{@index_off}]})
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x1, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='stat\x00')
read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0xffffffffffffffa0)
connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c00000010000108000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="0040000080a004000c002b80088001004fb17ea2459ea2ab491f59d81a4abdf9e7d4e5e02ef212e3ea3f4388ea214f5d357576e14536637e2a319a741782792175dae77a122ea05624e391a987a39d3585c21264f570b55a528310938378605cbadedc348cecae64ae258a9a08bb25c24c1fab85fe275a3cf89dd38e9ad6abca1f07", @ANYRES32, @ANYBLOB], 0x2c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x22800)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc2c45512, &(0x7f0000000a00)={{0x3, 0x4, 0x7, 0x7, '\x00', 0x5}, 0x0, [0x9, 0x1, 0xb5d, 0x8000, 0x5525, 0x2, 0x800, 0xc, 0xb184, 0x8, 0xffffff3d, 0x5, 0x3, 0x7, 0x3, 0x8, 0x510, 0xd0, 0x2, 0x400, 0x435ba235, 0x1ff, 0x5, 0x3, 0xdc99, 0x3, 0x0, 0xb3, 0x7fc3, 0x9d, 0xa, 0x2, 0xff, 0xfffffffc, 0x80, 0x100, 0x10000, 0x1, 0xd343, 0x100, 0x75, 0x5, 0x8, 0x7, 0xad0, 0xfffffffd, 0x8b, 0x7, 0x4, 0x2, 0xc3, 0x4, 0x4, 0x7, 0x8, 0xd2ea, 0x8, 0x80000001, 0x6, 0x1, 0x1, 0x3, 0xe5600000, 0xfffffff7, 0x2, 0x3, 0xa, 0x100, 0x4, 0x2, 0x5, 0x2, 0x3ccc, 0x199e, 0x8, 0x110, 0x200, 0x15b, 0xf, 0x3ff, 0x2, 0x450, 0x800, 0x1, 0x6, 0x80000001, 0x3, 0x4, 0x8, 0x8, 0x40, 0x8001, 0x6, 0x80000001, 0xfffffffb, 0x7fff, 0x3, 0x3, 0x7cb5fd2f, 0x53c, 0x5, 0x0, 0xfffffff4, 0x404, 0x1ff, 0x4, 0x2, 0xffff6090, 0x1, 0x3, 0x8001, 0x9, 0x2, 0xb, 0x35, 0x3, 0xb, 0x601, 0x7, 0x9, 0x79, 0x7, 0x2, 0xfffffff9, 0x7f, 0x10001, 0x0, 0x4]})
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x104}, 0x1, 0x0, 0x0, 0x10}, 0x40000)

1.24738677s ago: executing program 2 (id=887):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x8, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x0, 0x0, 0x9, 0x1, 0x458, 0x9, 0x9, 0x2, 0x7, 'syz0\x00'})
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000000)={0x407, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0xfffffffd, @remote}}}, 0x104)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r7, 0x0, 0x7f}, 0x18)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x408, 0x0, 0x11, 0x148, 0x14c, 0x10, 0x374, 0x2a8, 0x2a8, 0x374, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x104, 0x14c, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@limit={{0x3c}, {0x6, 0x8, 0x2, 0x12, 0x0, 0x7, 0x3}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x1ff, 0x0, 0x2, 'snmp\x00', {0xff}}}}, {{@ip={@multicast1, @rand_addr=0x64010102, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x228, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x459, 0x0, 0x48, 0x0, 0x0, 0x3, 0x2, 0x80, 0x0, 0x18}, {0x91}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x1, 0x3, 0x2, 0x0, 0x2, 0x1]}, {0x1, [0x3, 0x2, 0x1, 0x0, 0x3, 0x5], 0x4}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x464)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r8, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "5d7a000600"}, @NL80211_KEY_IDX={0x5, 0x2, 0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac04}]}]}, 0x3c}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="0100de61000000000000170000e3d46058b9"], 0x18}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

363.916362ms ago: executing program 4 (id=888):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_emit_ethernet(0x15c, &(0x7f0000000b40)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa8100000008004d27014a006500000c0690787f0000017f000001071fd964010102e0000002e00000020a010102ac1e01017f0000017f00000186400000000300048e61000dd795354de2480465b4e416010677827deb0209f1fbd507a857aeb00af492e2cea9b9e0bc071033197c156eb432d60e517bf84d5e004e234e23", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b0400000907800040516000000060000000000000005000000030000000401005689651b9f11c7bab6febde87974356e1986cd37e2e5106aac210233a62e6b1220a0700e58fb88e6e19672c4d849808bfe0900aea493df308ef0cd303c9e01afd77f11d5b6d02777dd6c0f9616667beebe9f54a2ceb0e6edead12c0129d3e12e1073b9c09e749e86dd8ee76eecced2462616675eb82a065e6092d8c2f34cc14bd54865c79c008b0491ad927504a837d32b3fb38477ac356b179c3dc786ed2895f8c9a64b94478f6b58f90058f5a33aff02649335b9a47930567dd3465cfebf2db6c07567452338c2c259c78e71a1f8ac68f7ce798def0cbf7054ef749e345406ba2ea0df336d005f84a0c70b8695cb423716dd9700000000000000064823f0cce0c9a2aa550ded11a915c0d3f64b"], 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000200), 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000002010101000000000000000000000002e50736f0e8375ceeb9148d2439068b2fbd774cc03169ae332f26f4d000a2f90f04207f8db5650bde9066b602b3961ed14f439ded771cd93898b15848e949b445078875d2cfcfdec7dda5dbed41b9f5b3d01e5fa2801736080716e2b9b7f927d376a856dcf178f63a225b23c3a9dfd005f77ec277dd56a615bcdbc986271e2d6f0979cf67d2723207f34694789e616527211327a53bdc23da8bf8f9e0c310366146d019a6848f2c91ee11757ad78bdde8651d77100795562e9927185ba47d37c7eaf94013d484b9b116a3add062b0e9008d44d9d5cd7208260097c05ee30b54ee4500"/258], 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000081cb976ef5f1bf6f000000000000"], 0x48)
r5 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
symlinkat(&(0x7f0000000080)='./file1\x00', r2, &(0x7f0000000140)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1e, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000fe6f3665de8a9308000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pselect6(0x40, &(0x7f0000000080)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0x7fff, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x1000000000007fc, 0x6, 0x800000, 0x0, 0x0, 0x80000001, 0x0, 0x7}, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000280)=ANY=[@ANYBLOB="780000002c00010026bd7000fcdbdf25040000000800080002000000a95add6489064f487041808e5d6a8a8b7ce1364de28bf60a55e5a5b9d155ef0c7555e25bd4f6645d2b49c111718a52e437f7901048655cbaae090df369dd38b47748d8a8e6a69532a48f5f8734d924e06234400412070a9e1b0e7a65"], 0x78}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000200009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00'})

356.858294ms ago: executing program 2 (id=889):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
sendmmsg(r0, 0x0, 0x0, 0x0)

355.059091ms ago: executing program 1 (id=890):
socket$l2tp6(0xa, 0x2, 0x73)
r0 = socket$kcm(0xa, 0x2, 0x73)
close(r0)
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x240080, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r2, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfa, 0x400000}, 0xc)
ioctl$CDROM_NEXT_WRITABLE(r1, 0x5394, &(0x7f00000003c0))

276.160891ms ago: executing program 1 (id=891):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e24, 0x9, @loopback, 0x5}, 0x1c)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r1, 0x47bc, 0xff000000, 0x0, 0x0, 0x0)

275.993871ms ago: executing program 2 (id=892):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

275.790609ms ago: executing program 2 (id=893):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00')
openat$random(0xffffff9c, &(0x7f0000000840), 0x82000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000ac0)={0x2020}, 0x2020)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x300000000000000, 0x0, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x7}, 0x0, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xbfff, 0x0, "ec28a144f13d7607"})
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xffffffffffffffff)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x4, 0x0, 0x3, "0062ba7d820000a75e0000000000fcff00"})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x44)

271.363048ms ago: executing program 1 (id=894):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) (async)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000280), 0x0, 0x80)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r2, 0xc25c4110, &(0x7f0000000380)={0x0, [[0x1], [0x0, 0x5], [0x3]], '\x00', [{0x0, 0x81}, {0x3, 0x3ff}, {0x0, 0xe}, {0xbb}], '\x00', 0x400}) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge0\x00', <r3=>0x0})
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x6) (async)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r9, 0x4008af60, &(0x7f0000000040)={@my=0x1})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r10 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$vga_arbiter(r10, &(0x7f0000000600)=ANY=[@ANYBLOB='\x00\x00\x005\r\x00\x00\x00\x00\x00\x00\x00'], 0xc) (async)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0)

130.436457ms ago: executing program 2 (id=895):
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000480)={0x80000000000039e, 0x0, [{0x3000, 0x0, &(0x7f0000000100)=""/48}, {0x6000, 0x0, &(0x7f0000000380)=""/217}, {0xdddd1000, 0x0, &(0x7f0000000780)=""/4096}, {0xd000, 0x0, &(0x7f0000001780)=""/4096}]})
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = syz_io_uring_setup(0x3094, &(0x7f0000000480)={0x0, 0x8, 0x0, 0x0, 0x1fa}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x10)
syz_open_dev$MSR(&(0x7f0000000000), 0x200, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
socket$tipc(0x1e, 0x2, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

343.243µs ago: executing program 1 (id=896):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000380)=ANY=[@ANYRES32=0x0], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000340)={0x0, 0x6}, 0x8)

0s ago: executing program 1 (id=897):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d500987f70e06d038e7ff7fc6e5539b0d47078b089b3907346d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r0, 0x8b27, &(0x7f0000000040))
r1 = syz_open_dev$MSR(&(0x7f0000001040), 0x3, 0x0)
read$msr(r1, &(0x7f0000001080)=""/58, 0x3a)

kernel console output (not intermixed with test programs):

 T6889]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   83.072323][ T6889]  ? policy_nodemask+0xea/0x4e0
[   83.072334][ T6889]  alloc_pages_mpol+0x1fc/0x540
[   83.072344][ T6889]  ? __pfx_alloc_pages_mpol+0x10/0x10
[   83.072354][ T6889]  ? xas_load+0x49/0x5b0
[   83.072368][ T6889]  ? filemap_get_entry+0xd0/0x3c0
[   83.072383][ T6889]  folio_alloc_noprof+0x20/0x2d0
[   83.072395][ T6889]  filemap_alloc_folio_noprof+0x39b/0x470
[   83.072407][ T6889]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[   83.072425][ T6889]  __filemap_get_folio+0x5e9/0xc10
[   83.072441][ T6889]  simple_write_begin+0x61/0x3c0
[   83.072456][ T6889]  generic_perform_write+0x3e9/0x940
[   83.072471][ T6889]  ? __pfx_generic_perform_write+0x10/0x10
[   83.072482][ T6889]  ? inode_needs_update_time.part.0+0x191/0x270
[   83.072502][ T6889]  __generic_file_write_iter+0x1f7/0x240
[   83.072517][ T6889]  generic_file_write_iter+0xe1/0x3b0
[   83.072533][ T6889]  iter_file_splice_write+0x90f/0x10b0
[   83.072553][ T6889]  ? __pfx_iter_file_splice_write+0x10/0x10
[   83.072571][ T6889]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   83.072587][ T6889]  ? splice_direct_to_actor+0x346/0xa40
[   83.072602][ T6889]  ? __pfx_iter_file_splice_write+0x10/0x10
[   83.072616][ T6889]  direct_splice_actor+0x18f/0x6c0
[   83.072631][ T6889]  splice_direct_to_actor+0x346/0xa40
[   83.072644][ T6889]  ? __pfx_direct_splice_actor+0x10/0x10
[   83.072660][ T6889]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   83.072674][ T6889]  ? __fget_files+0x1fc/0x3a0
[   83.072689][ T6889]  do_splice_direct+0x178/0x250
[   83.072702][ T6889]  ? __pfx_do_splice_direct+0x10/0x10
[   83.072716][ T6889]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   83.072730][ T6889]  ? rw_verify_area+0xcf/0x680
[   83.072743][ T6889]  do_sendfile+0xafb/0xe40
[   83.072759][ T6889]  ? __pfx_do_sendfile+0x10/0x10
[   83.072771][ T6889]  ? __pfx___schedule+0x10/0x10
[   83.072783][ T6889]  ? __fget_files+0x206/0x3a0
[   83.072800][ T6889]  __ia32_compat_sys_sendfile+0x1e7/0x230
[   83.072809][ T6889]  ? ksys_write+0x1ba/0x250
[   83.072822][ T6889]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[   83.072836][ T6889]  __do_fast_syscall_32+0x73/0x120
[   83.072852][ T6889]  do_fast_syscall_32+0x32/0x80
[   83.072866][ T6889]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   83.072882][ T6889] RIP: 0023:0xf748e579
[   83.072890][ T6889] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   83.072900][ T6889] RSP: 002b:00000000f50d455c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[   83.072909][ T6889] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000008
[   83.072915][ T6889] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
[   83.072920][ T6889] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   83.072925][ T6889] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   83.072930][ T6889] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   83.072942][ T6889]  </TASK>
[   83.616971][ T6904] netlink: 12 bytes leftover after parsing attributes in process `syz.3.211'.
[   83.625236][ T6904] netlink: 8 bytes leftover after parsing attributes in process `syz.3.211'.
[   83.680257][ T6907] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   83.687741][ T6907] CIFS mount error: No usable UNC path provided in device string!
[   83.687741][ T6907] 
[   83.691020][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[   83.692143][ T6907] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   83.768766][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout
[   83.768823][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout
[   83.770743][ T5942] Bluetooth: hci3: command 0x0c1a tx timeout
[   84.048302][ T6912] input: syz0 as /devices/virtual/input/input19
[   84.162052][ T6920] lo speed is unknown, defaulting to 1000
[   84.163916][ T6920] lo speed is unknown, defaulting to 1000
[   84.166621][ T6920] lo speed is unknown, defaulting to 1000
[   84.174049][ T6920] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   84.184215][ T6920] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   84.195581][ T6920] lo speed is unknown, defaulting to 1000
[   84.199129][ T6920] lo speed is unknown, defaulting to 1000
[   84.203021][ T6920] lo speed is unknown, defaulting to 1000
[   84.205124][ T6920] lo speed is unknown, defaulting to 1000
[   84.227470][ T6920] netlink: 'syz.0.214': attribute type 12 has an invalid length.
[   84.445674][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.218'.
[   84.723112][ T6935] FAULT_INJECTION: forcing a failure.
[   84.723112][ T6935] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   84.726782][ T6935] CPU: 3 UID: 0 PID: 6935 Comm: syz.3.220 Not tainted 6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[   84.726795][ T6935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.726801][ T6935] Call Trace:
[   84.726805][ T6935]  <TASK>
[   84.726809][ T6935]  dump_stack_lvl+0x16c/0x1f0
[   84.726828][ T6935]  should_fail_ex+0x50a/0x650
[   84.726840][ T6935]  _copy_from_iter+0x2a1/0x1560
[   84.726852][ T6935]  ? trace_lock_acquire+0x14e/0x1f0
[   84.726864][ T6935]  ? __alloc_skb+0x1fe/0x380
[   84.726879][ T6935]  ? __pfx__copy_from_iter+0x10/0x10
[   84.726889][ T6935]  ? __virt_addr_valid+0x1a4/0x590
[   84.726900][ T6935]  ? __virt_addr_valid+0x5e/0x590
[   84.726910][ T6935]  ? __phys_addr_symbol+0x30/0x80
[   84.726919][ T6935]  ? __check_object_size+0x488/0x710
[   84.726931][ T6935]  netlink_sendmsg+0x813/0xd70
[   84.726948][ T6935]  ? __pfx_netlink_sendmsg+0x10/0x10
[   84.726967][ T6935]  ____sys_sendmsg+0xaaf/0xc90
[   84.726980][ T6935]  ? __pfx_____sys_sendmsg+0x10/0x10
[   84.726991][ T6935]  ? get_compat_msghdr+0x11b/0x170
[   84.727009][ T6935]  ___sys_sendmsg+0x135/0x1e0
[   84.727025][ T6935]  ? __pfx____sys_sendmsg+0x10/0x10
[   84.727045][ T6935]  ? __pfx_lock_release+0x10/0x10
[   84.727058][ T6935]  ? trace_lock_acquire+0x14e/0x1f0
[   84.727072][ T6935]  ? __fget_files+0x206/0x3a0
[   84.727089][ T6935]  __sys_sendmsg+0x16e/0x220
[   84.727098][ T6935]  ? __pfx___sys_sendmsg+0x10/0x10
[   84.727114][ T6935]  __do_fast_syscall_32+0x73/0x120
[   84.727130][ T6935]  do_fast_syscall_32+0x32/0x80
[   84.727145][ T6935]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   84.727161][ T6935] RIP: 0023:0xf7fe8579
[   84.727169][ T6935] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   84.727179][ T6935] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   84.727192][ T6935] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[   84.727200][ T6935] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   84.727207][ T6935] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   84.727214][ T6935] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   84.727221][ T6935] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   84.727237][ T6935]  </TASK>
[   85.227518][ T6953] 9pnet_fd: Insufficient options for proto=fd
[   85.242421][ T6953] warning: `syz.3.224' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   85.489561][ T6971] lo speed is unknown, defaulting to 1000
[   85.769148][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[   85.848762][ T5942] Bluetooth: hci1: command 0x0c1a tx timeout
[   85.850532][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout
[   85.858744][ T5942] Bluetooth: hci3: command 0x0c1a tx timeout
[   85.887445][ T6985] netlink: 24 bytes leftover after parsing attributes in process `syz.1.233'.
[   86.537206][ T7012] workqueue: Failed to create a rescuer kthread for wq "nfc8_nci_tx_wq": -EINTR
[   87.251600][ T7054] netlink: 36 bytes leftover after parsing attributes in process `syz.0.248'.
[   87.422770][ T7052] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.494713][ T7052] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.530636][ T7067] bond0: Error: Cannot enslave bond to itself.
[   87.582364][ T7052] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.724580][ T7052] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.782686][ T7052] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.790772][ T7052] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.795364][ T7052] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.800634][ T7052] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.848732][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[   87.928884][ T5942] Bluetooth: hci1: command 0x0c1a tx timeout
[   87.940487][ T5942] Bluetooth: hci3: command 0x0c1a tx timeout
[   87.940504][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout
[   88.201245][ T7076] netlink: 12 bytes leftover after parsing attributes in process `syz.2.256'.
[   88.232314][ T7076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.256'.
[   88.362811][ T7081] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0
[   88.998708][  T835] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   89.162578][  T835] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   89.169062][  T835] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   89.172615][  T835] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.175509][  T835] usb 6-1: Product: syz
[   89.177034][  T835] usb 6-1: Manufacturer: syz
[   89.178841][  T835] usb 6-1: SerialNumber: syz
[   89.392833][  T835] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[   89.594386][  T835] usb 6-1: USB disconnect, device number 3
[   89.598292][  T835] usblp0: removed
[   89.740622][ T7097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.263'.
[   90.018772][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout
[   91.004750][ T7126] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   91.538094][ T7142] netlink: 16 bytes leftover after parsing attributes in process `syz.0.277'.
[   91.543347][ T7142] batman_adv: batadv0: Adding interface: ipvlan2
[   91.545329][ T7142] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.552472][ T7142] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active
[   91.772368][ T7148] netlink: 28 bytes leftover after parsing attributes in process `syz.0.280'.
[   91.796549][ T7150] netlink: 23 bytes leftover after parsing attributes in process `syz.0.281'.
[   91.993319][ T7162] team0: Device gtp1 is of different type
[   93.255392][ T7192] lo speed is unknown, defaulting to 1000
[   94.142391][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.144576][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.146623][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.151189][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.153606][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.156399][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.160170][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.164475][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.166891][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.169210][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.171219][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.173243][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.175281][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.177299][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.180372][ T6008] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[   94.189820][ T6008] hid-generic FFF9:0000:0203.0002: hidraw1: <UNKNOWN> HID v80000.00 Device [syz0] on syz1
[   94.530230][ T7223] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 108
[   94.534405][ T7223] netlink: 32 bytes leftover after parsing attributes in process `syz.1.304'.
[   94.623868][ T7225] netlink: 16 bytes leftover after parsing attributes in process `syz.1.305'.
[   94.800993][ T7235] lo speed is unknown, defaulting to 1000
[   94.897448][ T7241] netlink: 5164 bytes leftover after parsing attributes in process `syz.1.310'.
[   94.917492][ T1170] Bluetooth: hci4: Frame reassembly failed (-84)
[   96.161125][ T7244] Bluetooth: hci0: Opcode 0x0401 failed: -4
[   96.222029][ T7252] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.377276][ T7252] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   96.380250][ T7252] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   96.641187][ T7270] batman_adv: batadv0: Removing interface: ipvlan2
[   96.773264][ T7281] netlink: 'syz.0.321': attribute type 1 has an invalid length.
[   96.795501][ T7281] 8021q: adding VLAN 0 to HW filter on device bond2
[   96.798325][ T7281] bond1: (slave bond2): making interface the new active one
[   96.800825][ T7281] bond1: (slave bond2): Enslaving as an active interface with an up link
[   96.968763][ T5947] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   96.968777][ T5936] Bluetooth: hci4: command 0x1003 tx timeout
[   97.392908][ T7292] netlink: 52 bytes leftover after parsing attributes in process `syz.1.324'.
[   97.403155][ T7292] xt_CT: You must specify a L4 protocol and not use inversions on it
[   97.448917][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[   98.943001][   T40] kauditd_printk_skb: 85 callbacks suppressed
[   98.943013][   T40] audit: type=1326 audit(1742671014.289:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7313 comm="syz.2.332" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x0
[   99.238719][  T835] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   99.390559][  T835] usb 5-1: config 2 has an invalid interface number: 43 but max is 3
[   99.392625][  T835] usb 5-1: config 2 contains an unexpected descriptor of type 0x1, skipping
[   99.394940][  T835] usb 5-1: config 2 has an invalid interface number: 236 but max is 3
[   99.396928][  T835] usb 5-1: config 2 has an invalid interface number: 118 but max is 3
[   99.399207][  T835] usb 5-1: config 2 contains an unexpected descriptor of type 0x1, skipping
[   99.401969][  T835] usb 5-1: config 2 has an invalid descriptor of length 1, skipping remainder of the config
[   99.404633][  T835] usb 5-1: config 2 has 3 interfaces, different from the descriptor's value: 4
[   99.406829][  T835] usb 5-1: config 2 has no interface number 0
[   99.408322][  T835] usb 5-1: config 2 has no interface number 1
[   99.410025][  T835] usb 5-1: config 2 has no interface number 2
[   99.411539][  T835] usb 5-1: config 2 interface 43 altsetting 13 endpoint 0xB has an invalid bInterval 0, changing to 4
[   99.414139][  T835] usb 5-1: config 2 interface 43 altsetting 13 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[   99.416955][  T835] usb 5-1: config 2 interface 43 altsetting 13 has a duplicate endpoint with address 0xB, skipping
[   99.419519][  T835] usb 5-1: config 2 interface 43 altsetting 13 endpoint 0xE has invalid maxpacket 512, setting to 64
[   99.422439][  T835] usb 5-1: config 2 interface 236 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[   99.425168][  T835] usb 5-1: config 2 interface 236 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   99.427712][  T835] usb 5-1: config 2 interface 236 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[   99.430269][  T835] usb 5-1: config 2 interface 118 altsetting 255 has a duplicate endpoint with address 0xC, skipping
[   99.432832][  T835] usb 5-1: config 2 interface 118 altsetting 255 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[   99.435602][  T835] usb 5-1: config 2 interface 118 altsetting 255 has a duplicate endpoint with address 0x4, skipping
[   99.438130][  T835] usb 5-1: config 2 interface 118 altsetting 255 has a duplicate endpoint with address 0xF, skipping
[   99.441891][  T835] usb 5-1: config 2 interface 118 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[   99.444610][  T835] usb 5-1: config 2 interface 118 altsetting 255 has 6 endpoint descriptors, different from the interface descriptor's value: 9
[   99.449402][  T835] usb 5-1: config 2 interface 43 has no altsetting 0
[   99.451145][  T835] usb 5-1: config 2 interface 118 has no altsetting 0
[   99.454331][  T835] usb 5-1: New USB device found, idVendor=1546, idProduct=1311, bcdDevice=b6.f6
[   99.457168][  T835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.460635][  T835] usb 5-1: Product: ஢슀옮泵�숫▪ꢽᗣ�Ḯ槶⺳ԯ䠿攵㲿䊘쒧䃞꒩�㿊㶆ꤨ�홈�洺㟻喺
[   99.464797][  T835] usb 5-1: Manufacturer: �㕣穰䭇辞갷㤘��죧㈿�汘ⓢ퀦验�ㄷ眃�৶蓙輛쒊湀��푹䉱騀䂭冃歓뭧⾗�槩Ɗ��痻ḃ⣾෫乺稔缔�席ऩ壵깚
[   99.469579][  T835] usb 5-1: SerialNumber: ꧲춆▿舨뇌꤭ט扽糧ꙕओሧ悲�潆᭖茨ᣚ�阱ꀕ⛣炗匜袿栉䭯貧�슞뜇迺耺�临餤깾酟약ᧃ�冹瘆��斂맞꒛餥�谀��䶛�笔䳷Ὂ�Ｋ
[   99.672300][ T7341] netlink: 60 bytes leftover after parsing attributes in process `syz.1.338'.
[   99.698345][  T835] option 5-1:2.43: GSM modem (1-port) converter detected
[   99.705475][  T835] option 5-1:2.236: GSM modem (1-port) converter detected
[   99.709055][  T835] option 5-1:2.118: GSM modem (1-port) converter detected
[   99.712540][  T835] usb 5-1: USB disconnect, device number 3
[   99.717904][  T835] option 5-1:2.43: device disconnected
[   99.721465][  T835] option 5-1:2.236: device disconnected
[   99.723501][  T835] option 5-1:2.118: device disconnected
[   99.923307][ T7353] fuse: Unknown parameter 'BV‹�'
[  100.240342][ T7367] 9pnet_virtio: no channels available for device ./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  100.685182][ T7371] wireguard0: entered promiscuous mode
[  100.711191][ T7371] wireguard0: entered allmulticast mode
[  101.439811][   T40] audit: type=1326 audit(1742671016.789:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.445686][   T40] audit: type=1326 audit(1742671016.789:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.454198][   T40] audit: type=1326 audit(1742671016.789:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.460482][   T40] audit: type=1326 audit(1742671016.789:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.466341][   T40] audit: type=1326 audit(1742671016.789:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.473650][   T40] audit: type=1326 audit(1742671016.799:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.480328][   T40] audit: type=1326 audit(1742671016.799:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.488792][   T40] audit: type=1326 audit(1742671016.799:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.495389][   T40] audit: type=1326 audit(1742671016.799:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7409 comm="syz.1.360" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf748e579 code=0x7ffc0000
[  101.584675][ T7418] netlink: 'syz.1.362': attribute type 8 has an invalid length.
[  101.760603][ T7421] lo speed is unknown, defaulting to 1000
[  102.489589][ T7439] lo speed is unknown, defaulting to 1000
[  102.515849][ T7436] netlink: 32 bytes leftover after parsing attributes in process `syz.1.368'.
[  102.627109][ T7442] netlink: 4 bytes leftover after parsing attributes in process `syz.2.367'.
[  102.955845][ T5936] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  102.959465][ T7456] tipc: Started in network mode
[  102.960413][ T5936] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  102.960998][ T7456] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  102.964111][ T5936] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  102.966622][ T7456] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  102.971453][ T7456] tipc: Enabled bearer <udp:syz1>, priority 10
[  102.972126][ T5936] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  102.979517][ T5936] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  102.981707][ T5936] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  103.025822][ T7453] lo speed is unknown, defaulting to 1000
[  103.107770][ T7453] chnl_net:caif_netlink_parms(): no params data found
[  103.219408][ T7453] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.222121][ T7453] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.224917][ T7453] bridge_slave_0: entered allmulticast mode
[  103.231271][ T7453] bridge_slave_0: entered promiscuous mode
[  103.239609][ T7453] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.241805][ T7453] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.243885][ T7453] bridge_slave_1: entered allmulticast mode
[  103.246458][ T7453] bridge_slave_1: entered promiscuous mode
[  103.270253][ T7453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.280303][ T7453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.310840][ T7453] team0: Port device team_slave_0 added
[  103.317949][ T7453] team0: Port device team_slave_1 added
[  103.337052][ T7453] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.340572][ T7453] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.347741][ T7453] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.356841][ T7453] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.363308][ T7453] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.370632][ T7453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.380396][ T7485] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  103.415305][   T70] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.422915][ T7453] hsr_slave_0: entered promiscuous mode
[  103.424834][ T7453] hsr_slave_1: entered promiscuous mode
[  103.426615][ T7453] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.430134][ T7453] Cannot create hsr debugfs directory
[  103.467782][ T7488] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  103.498516][   T70] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.544080][   T70] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.551925][ T7453] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  103.556249][ T7453] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  103.561311][ T7453] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  103.566344][ T7453] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  103.578238][ T7453] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.581628][ T7453] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.584455][ T7453] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.586974][ T7453] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.612433][ T7453] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.620953][ T7453] 8021q: adding VLAN 0 to HW filter on device team0
[  103.625256][ T1171] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.628454][ T1171] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.644230][   T77] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.647447][   T77] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.653107][   T70] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.668424][ T1171] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.671512][ T1171] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.691245][ T7494] netlink: 'syz.2.384': attribute type 12 has an invalid length.
[  103.739569][   T70] bridge_slave_1: left allmulticast mode
[  103.741348][   T70] bridge_slave_1: left promiscuous mode
[  103.742304][ T7501] netlink: 'syz.2.385': attribute type 5 has an invalid length.
[  103.743994][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.752316][   T70] bridge_slave_0: left allmulticast mode
[  103.754070][   T70] bridge_slave_0: left promiscuous mode
[  103.755986][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.045125][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.050743][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.054499][   T70] bond0 (unregistering): Released all slaves
[  104.059452][   T70] bond1 (unregistering): (slave bond2): Releasing backup interface
[  104.063211][   T70] bond1 (unregistering): Released all slaves
[  104.092150][   T58] tipc: Node number set to 1
[  104.145641][   T70] bond2 (unregistering): Released all slaves
[  104.160922][ T7453] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.303784][ T7453] veth0_vlan: entered promiscuous mode
[  104.308811][ T7453] veth1_vlan: entered promiscuous mode
[  104.317917][ T7453] veth0_macvtap: entered promiscuous mode
[  104.323902][ T7453] veth1_macvtap: entered promiscuous mode
[  104.329659][ T7453] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  104.332545][ T7453] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  104.335748][ T7453] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.340768][ T7453] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  104.343690][ T7453] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  104.346963][ T7453] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.364772][ T7453] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.367198][ T7453] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.370172][ T7453] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.372555][ T7453] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.420021][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.424335][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.433612][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.435836][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.478722][   T70] hsr_slave_0: left promiscuous mode
[  104.480987][   T70] hsr_slave_1: left promiscuous mode
[  104.483171][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.485716][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.488980][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.491453][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.521149][   T70] veth1_macvtap: left promiscuous mode
[  104.523387][   T70] veth0_macvtap: left promiscuous mode
[  104.526333][   T70] veth1_vlan: left promiscuous mode
[  104.528299][   T70] veth0_vlan: left promiscuous mode
[  104.574990][ T7521] Bluetooth: MGMT ver 1.23
[  104.586563][ T7519] Bluetooth: hci0: Opcode 0x0401 failed: -112
[  104.899331][ T5936] Bluetooth: hci3: command 0x0c1a tx timeout
[  104.979879][ T7528] input: syz0 as /devices/virtual/input/input22
[  105.058968][ T5942] Bluetooth: hci1: command tx timeout
[  105.334418][   T70] team0 (unregistering): Port device team_slave_1 removed
[  105.425178][   T70] team0 (unregistering): Port device team_slave_0 removed
[  105.697995][ T7540] loop2: detected capacity change from 0 to 7
[  105.715364][ T7540] Dev loop2: unable to read RDB block 7
[  105.716929][ T7540]  loop2: unable to read partition table
[  105.719323][ T7540] loop2: partition table beyond EOD, truncated
[  105.721136][ T7540] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  106.490225][ T7563] input: syz0 as /devices/virtual/input/input23
[  106.638699][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[  106.641668][ T5947] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  106.657901][ T7564] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  107.138942][ T5942] Bluetooth: hci1: command tx timeout
[  107.162274][ T7585] netlink: 'syz.4.400': attribute type 9 has an invalid length.
[  107.431566][ T7592] input: syz1 as /devices/virtual/input/input24
[  107.826634][ T7605] kernel profiling enabled (shift: 17)
[  108.494675][ T7617] input: syz0 as /devices/virtual/input/input25
[  108.593654][ T7622] overlayfs: failed to clone upperpath
[  108.648805][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[  109.218710][ T5942] Bluetooth: hci1: command tx timeout
[  109.370192][ T6974] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  109.499373][ T7650] wireguard0: entered promiscuous mode
[  109.501856][ T7650] wireguard0: entered allmulticast mode
[  109.517513][ T7653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.420'.
[  109.561584][ T7653] x_tables: duplicate underflow at hook 1
[  109.615637][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  109.624103][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  109.628787][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  109.640684][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  109.650180][ T5947] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  109.655190][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  109.698296][ T7658] lo speed is unknown, defaulting to 1000
[  109.821264][ T7658] chnl_net:caif_netlink_parms(): no params data found
[  109.946791][ T7658] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.951176][ T7658] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.953840][ T7658] bridge_slave_0: entered allmulticast mode
[  109.956119][ T7658] bridge_slave_0: entered promiscuous mode
[  109.959402][ T7658] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.965429][ T7658] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.967430][ T7658] bridge_slave_1: entered allmulticast mode
[  109.970302][ T7658] bridge_slave_1: entered promiscuous mode
[  110.009240][ T7658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.023423][ T7658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.054984][ T7658] team0: Port device team_slave_0 added
[  110.060766][ T7658] team0: Port device team_slave_1 added
[  110.083050][ T1136] bridge_slave_1: left promiscuous mode
[  110.084793][ T1136] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.088058][ T1136] bridge_slave_0: left promiscuous mode
[  110.090072][ T1136] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.138549][   T40] kauditd_printk_skb: 42 callbacks suppressed
[  110.138559][   T40] audit: type=1326 audit(1742671025.479:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.149767][   T40] audit: type=1326 audit(1742671025.479:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.155619][   T40] audit: type=1326 audit(1742671025.489:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.161700][   T40] audit: type=1326 audit(1742671025.489:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.168265][   T40] audit: type=1326 audit(1742671025.489:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.175944][   T40] audit: type=1326 audit(1742671025.489:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.181938][   T40] audit: type=1326 audit(1742671025.489:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.187785][   T40] audit: type=1326 audit(1742671025.489:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.194055][   T40] audit: type=1326 audit(1742671025.489:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.200044][   T40] audit: type=1326 audit(1742671025.489:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7685 comm="syz.1.430" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  110.386477][ T1136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  110.400190][ T1136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  110.422960][ T1136] bond0 (unregistering): Released all slaves
[  110.461596][ T1136] bond1 (unregistering): (slave bond2): Releasing backup interface
[  110.464862][ T1136] bond1 (unregistering): Released all slaves
[  110.538192][ T1136] bond2 (unregistering): Released all slaves
[  110.542436][ T7658] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.544323][ T7658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.551485][ T7658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.555712][ T7658] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.568984][ T7658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.577930][ T7658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.598971][ T7658] hsr_slave_0: entered promiscuous mode
[  110.600973][ T7658] hsr_slave_1: entered promiscuous mode
[  110.624996][ T1136] : left promiscuous mode
[  110.837086][ T1136] hsr_slave_0: left promiscuous mode
[  110.844379][ T1136] hsr_slave_1: left promiscuous mode
[  110.848011][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.850638][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.030751][ T7704] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  111.288756][ T5942] Bluetooth: hci1: command tx timeout
[  111.556403][ T1136] team0 (unregistering): Port device team_slave_1 removed
[  111.642633][ T1136] team0 (unregistering): Port device team_slave_0 removed
[  111.692171][ T5942] Bluetooth: hci3: command tx timeout
[  112.093452][ T7718] netlink: 'syz.2.438': attribute type 10 has an invalid length.
[  112.147184][ T7719] netlink: 'syz.2.438': attribute type 10 has an invalid length.
[  112.403122][ T7715] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  112.419325][ T6008] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  112.555410][ T7658] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.558958][ T7658] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.562812][ T7658] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.576227][ T7658] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.621000][ T7658] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.626934][ T7658] 8021q: adding VLAN 0 to HW filter on device team0
[  112.633040][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.635169][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.640739][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.642882][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.691839][ T1136] IPVS: stop unused estimator thread 0...
[  112.722055][ T7727] syz_tun: entered allmulticast mode
[  112.755631][ T7658] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.771010][ T7658] veth0_vlan: entered promiscuous mode
[  112.775323][ T7658] veth1_vlan: entered promiscuous mode
[  112.785490][ T7658] veth0_macvtap: entered promiscuous mode
[  112.791141][ T7658] veth1_macvtap: entered promiscuous mode
[  112.798038][ T7658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  112.802353][ T7658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.805650][ T7658] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.809934][ T7658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  112.812950][ T7658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  112.817023][ T7658] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.822342][ T7726] syz_tun: left allmulticast mode
[  112.824846][ T7658] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.827208][ T7658] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.830088][ T7658] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.832426][ T7658] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.844860][ T7736] 9pnet_fd: Insufficient options for proto=fd
[  112.864463][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.867109][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.876703][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.879514][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.078203][ T7747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.445'.
[  113.087718][ T7747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.445'.
[  113.091733][ T7747] netlink: 177 bytes leftover after parsing attributes in process `syz.2.445'.
[  113.184347][ T7750] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  113.988280][ T7753] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  114.002176][ T7753] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.062789][ T7753] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.134818][ T7753] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.215340][ T7753] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.324894][ T7753] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.382356][ T7753] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.388316][ T7753] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.394407][ T7753] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.898456][ T1136] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.993516][   T64] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  116.069601][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  116.074051][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  116.078782][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  116.086302][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  116.089867][ T5947] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  116.091829][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  116.151923][   T64] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  116.159301][   T64] usb 7-1: config 0 interface 0 has no altsetting 0
[  116.166195][   T64] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  116.175772][   T64] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  116.177991][   T64] usb 7-1: Product: syz
[  116.179963][   T64] usb 7-1: Manufacturer: syz
[  116.181240][   T64] usb 7-1: SerialNumber: syz
[  116.190416][   T64] usb 7-1: config 0 descriptor??
[  116.202252][ T7784] chnl_net:caif_netlink_parms(): no params data found
[  116.207608][   T64] usb 7-1: selecting invalid altsetting 0
[  116.320160][ T7801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.454'.
[  116.323129][ T7801] netlink: 12 bytes leftover after parsing attributes in process `syz.1.454'.
[  116.334196][ T7784] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.336995][ T7784] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.339888][ T7784] bridge_slave_0: entered allmulticast mode
[  116.344672][ T7784] bridge_slave_0: entered promiscuous mode
[  116.351387][ T7784] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.353795][ T7784] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.356059][ T7784] bridge_slave_1: entered allmulticast mode
[  116.358110][ T7784] bridge_slave_1: entered promiscuous mode
[  116.414607][ T7784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.418044][ T7784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.443830][ T7805] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  116.445780][ T7805] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  116.450865][ T7805] vhci_hcd vhci_hcd.0: Device attached
[  116.457007][ T7784] team0: Port device team_slave_0 added
[  116.464269][ T7784] team0: Port device team_slave_1 added
[  116.484807][ T7784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.486777][ T7784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.494269][ T7784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.497910][ T7784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.500520][ T7784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.507476][ T7784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.531639][ T7784] hsr_slave_0: entered promiscuous mode
[  116.533528][ T7784] hsr_slave_1: entered promiscuous mode
[  116.535304][ T7784] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  116.537336][ T7784] Cannot create hsr debugfs directory
[  116.638667][   T57] vhci_hcd: vhci_device speed not set
[  116.668920][ T6005] usb 7-1: USB disconnect, device number 4
[  116.688701][   T64] usb 9-1: new low-speed USB device number 2 using dummy_hcd
[  116.698762][   T57] usb 45-1: new full-speed USB device number 2 using vhci_hcd
[  116.839909][   T64] usb 9-1: config 0 has no interfaces?
[  116.841948][   T64] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  116.845109][   T64] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.848881][   T64] usb 9-1: config 0 descriptor??
[  117.013539][ T7813] netlink: 'syz.1.458': attribute type 16 has an invalid length.
[  117.052991][ T7806] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 1
[  117.057533][   T70] vhci_hcd: stop threads
[  117.059005][   T70] vhci_hcd: release socket
[  117.060970][ T6008] usb 9-1: USB disconnect, device number 2
[  117.061679][   T70] vhci_hcd: disconnect device
[  117.713391][ T1136] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.796874][ T1136] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.851399][ T1136] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.976295][ T1136] bridge_slave_1: left allmulticast mode
[  117.979295][ T1136] bridge_slave_1: left promiscuous mode
[  117.982489][ T1136] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.988576][ T1136] bridge_slave_0: left allmulticast mode
[  117.992343][ T1136] bridge_slave_0: left promiscuous mode
[  117.996639][ T1136] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.169376][ T5947] Bluetooth: hci3: command tx timeout
[  118.271133][ T1136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  118.274867][ T1136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  118.278032][ T1136] bond0 (unregistering): Released all slaves
[  118.723825][ T1136] hsr_slave_0: left promiscuous mode
[  118.726027][ T1136] hsr_slave_1: left promiscuous mode
[  118.729558][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  118.732395][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_0
[  118.736302][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  118.738974][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.768456][ T1136] veth1_macvtap: left promiscuous mode
[  118.771663][ T1136] veth0_macvtap: left promiscuous mode
[  118.773756][ T1136] veth1_vlan: left promiscuous mode
[  118.775571][ T1136] veth0_vlan: left promiscuous mode
[  119.271060][ T7856] netlink: 24 bytes leftover after parsing attributes in process `syz.4.469'.
[  119.305670][ T7862] autofs: Unknown parameter '0x0000000000000000'
[  119.307820][ T5947] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  119.311734][ T7856] trusted_key: syz.4.469 sent an empty control message without MSG_MORE.
[  119.675954][ T1136] team0 (unregistering): Port device team_slave_1 removed
[  119.752856][ T1136] team0 (unregistering): Port device team_slave_0 removed
[  120.258739][ T5947] Bluetooth: hci3: command tx timeout
[  120.357783][ T7784] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  120.380330][ T7784] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  120.395837][ T7784] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  120.416783][ T7784] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  120.441598][ T7877] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  120.524539][ T7784] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.541745][ T7784] 8021q: adding VLAN 0 to HW filter on device team0
[  120.551133][  T212] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.553139][  T212] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.558902][  T212] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.560943][  T212] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.673362][ T7784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.687934][ T7887] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  120.704192][ T7784] veth0_vlan: entered promiscuous mode
[  120.714275][ T7784] veth1_vlan: entered promiscuous mode
[  120.761938][ T7784] veth0_macvtap: entered promiscuous mode
[  120.768043][ T7784] veth1_macvtap: entered promiscuous mode
[  120.781693][ T7784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.785121][ T7784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.788475][ T7784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.803536][ T7784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.806596][ T7784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.811204][ T7784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.868536][ T7784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.871930][ T7784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.875126][ T7784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.878248][ T7784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  120.940482][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.941434][   T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.944726][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.945680][   T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.858827][   T57] vhci_hcd: vhci_device speed not set
[  122.363634][ T7930] syz.4.489 (7930): drop_caches: 2
[  122.367432][ T7930] syz.4.489 (7930): drop_caches: 2
[  123.035150][ T7939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.492'.
[  123.260251][   T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.301563][ T7946] netlink: 48 bytes leftover after parsing attributes in process `syz.1.494'.
[  123.304083][ T7946] netlink: 48 bytes leftover after parsing attributes in process `syz.1.494'.
[  123.410116][ T5942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  123.413855][ T5942] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  123.416362][ T5942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  123.419056][ T5942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  123.421616][ T5942] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  123.427437][ T5942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  123.507490][ T7968] overlayfs: missing 'lowerdir'
[  123.557346][ T7956] chnl_net:caif_netlink_parms(): no params data found
[  123.627458][ T7956] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.632797][ T7956] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.635120][ T7956] bridge_slave_0: entered allmulticast mode
[  123.637702][ T7956] bridge_slave_0: entered promiscuous mode
[  123.640825][ T7956] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.643172][ T7956] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.645467][ T7956] bridge_slave_1: entered allmulticast mode
[  123.647856][ T7956] bridge_slave_1: entered promiscuous mode
[  123.680840][ T7956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.686900][ T7956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.712793][ T7956] team0: Port device team_slave_0 added
[  123.716863][ T7956] team0: Port device team_slave_1 added
[  123.755687][ T7956] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.758431][ T7956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.768028][ T7956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.774529][ T7956] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.777372][ T7956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.785433][ T7956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.834838][ T7956] hsr_slave_0: entered promiscuous mode
[  123.837425][ T7956] hsr_slave_1: entered promiscuous mode
[  124.451432][ T7987] orangefs_mount: mount request failed with -4
[  124.776352][ T8019] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  124.778741][ T8019] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  124.788874][ T8019] vhci_hcd vhci_hcd.0: Device attached
[  124.793887][ T8020] vhci_hcd: cannot find a urb of seqnum 94 max seqnum 1
[  124.798905][ T1170] vhci_hcd: stop threads
[  124.800696][ T1170] vhci_hcd: release socket
[  124.802398][ T1170] vhci_hcd: disconnect device
[  125.047306][   T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.112704][   T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.243245][   T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.346222][   T70] bridge_slave_1: left allmulticast mode
[  125.347845][   T70] bridge_slave_1: left promiscuous mode
[  125.350100][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.353809][   T70] bridge_slave_0: left allmulticast mode
[  125.355537][   T70] bridge_slave_0: left promiscuous mode
[  125.357128][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.460423][ T5942] Bluetooth: hci3: command tx timeout
[  125.744260][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.751304][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.757416][   T70] bond0 (unregistering): Released all slaves
[  126.025387][ T8048] netlink: 596 bytes leftover after parsing attributes in process `syz.1.529'.
[  126.165149][   T70] hsr_slave_0: left promiscuous mode
[  126.167287][   T70] hsr_slave_1: left promiscuous mode
[  126.170192][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  126.172341][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  126.175707][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  126.179422][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  126.213549][   T70] veth1_macvtap: left promiscuous mode
[  126.215829][   T70] veth0_macvtap: left promiscuous mode
[  126.218215][   T70] veth1_vlan: left promiscuous mode
[  126.229312][   T70] veth0_vlan: left promiscuous mode
[  127.068646][   T70] team0 (unregistering): Port device team_slave_1 removed
[  127.166460][   T70] team0 (unregistering): Port device team_slave_0 removed
[  127.528813][ T5942] Bluetooth: hci3: command tx timeout
[  127.813847][ T8057] all: renamed from bridge_slave_0 (while UP)
[  127.856114][ T7956] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  127.860423][ T7956] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  127.868474][ T7956] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  127.873877][ T7956] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  127.915538][ T7956] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.935647][ T7956] 8021q: adding VLAN 0 to HW filter on device team0
[  127.941297][   T77] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.943325][   T77] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.949482][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.951557][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.026890][ T8067] input: syz0 as /devices/virtual/input/input26
[  128.084705][ T7956] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.113851][ T7956] veth0_vlan: entered promiscuous mode
[  128.117997][ T7956] veth1_vlan: entered promiscuous mode
[  128.132550][ T7956] veth0_macvtap: entered promiscuous mode
[  128.135786][ T7956] veth1_macvtap: entered promiscuous mode
[  128.142561][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.145417][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.154141][ T7956] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.161604][ T7956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.164489][ T7956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.173542][ T7956] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.178522][ T7956] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.181169][ T7956] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.183566][ T7956] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.185995][ T7956] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.228712][  T212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.230966][  T212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.247193][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.250467][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.556530][ T8092] netlink: 12 bytes leftover after parsing attributes in process `syz.2.540'.
[  129.246349][   T40] kauditd_printk_skb: 59 callbacks suppressed
[  129.246359][   T40] audit: type=1326 audit(1742671044.589:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.262352][   T40] audit: type=1326 audit(1742671044.599:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.268344][ T8100] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  129.275065][   T40] audit: type=1326 audit(1742671044.609:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.277444][ T8100] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  129.292071][   T40] audit: type=1326 audit(1742671044.609:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.292455][ T8100] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  129.305985][   T40] audit: type=1326 audit(1742671044.609:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.307074][ T8100] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  129.320447][   T40] audit: type=1326 audit(1742671044.609:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.332806][ T8100] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  129.332859][   T40] audit: type=1326 audit(1742671044.609:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.335372][ T8100] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  129.335393][ T8100] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  129.349850][   T40] audit: type=1326 audit(1742671044.609:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.349885][   T40] audit: type=1326 audit(1742671044.609:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.352594][ T8100] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  129.364760][   T40] audit: type=1326 audit(1742671044.609:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8099 comm="syz.1.544" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf748e579 code=0x7ffc0000
[  129.382865][ T8100] geneve3: entered promiscuous mode
[  129.384351][ T8100] geneve3: entered allmulticast mode
[  129.567251][ T8112] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  129.638172][ T8117] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.551'.
[  129.640983][ T8117] openvswitch: netlink: Missing key (keys=40, expected=80)
[  129.883818][   T12] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting
[  129.895536][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.897735][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.089449][ T5942] Bluetooth: hci1: Malformed LE Event: 0x0d
[  130.144361][ T8146] netlink: 'syz.4.559': attribute type 10 has an invalid length.
[  130.148326][ T8146] team0: Cannot enslave team device to itself
[  130.511159][   T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.066791][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  131.072808][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  131.076746][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  131.085183][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  131.088543][ T5947] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  131.095196][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  131.175092][ T8160] chnl_net:caif_netlink_parms(): no params data found
[  131.262592][ T8160] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.264890][ T8160] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.267334][ T8160] bridge_slave_0: entered allmulticast mode
[  131.270021][ T8160] bridge_slave_0: entered promiscuous mode
[  131.277925][ T8160] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.285871][ T8160] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.290200][ T8160] bridge_slave_1: entered allmulticast mode
[  131.293517][ T8177] overlayfs: failed to clone upperpath
[  131.294988][ T8160] bridge_slave_1: entered promiscuous mode
[  131.339146][ T8160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.351240][ T8160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.383383][ T8160] team0: Port device team_slave_0 added
[  131.387422][ T8160] team0: Port device team_slave_1 added
[  131.409383][ T8160] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.411394][ T8160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.420073][ T8160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.424389][ T8160] batman_adv: batadv0: Adding interface: batadv_slave_1
[  131.426334][ T8160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.433482][ T8160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  131.459764][ T8160] hsr_slave_0: entered promiscuous mode
[  131.461694][ T8160] hsr_slave_1: entered promiscuous mode
[  131.463459][ T8160] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  131.465665][ T8160] Cannot create hsr debugfs directory
[  131.656347][ T8186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.572'.
[  131.798799][ T8153] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  131.875167][ T8194] netlink: 16 bytes leftover after parsing attributes in process `syz.1.574'.
[  131.882009][ T8194] overlayfs: failed to clone upperpath
[  132.107834][ T8201] netlink: 'syz.4.573': attribute type 9 has an invalid length.
[  132.115934][ T8201] fuse: Bad value for 'fd'
[  132.250496][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  132.269176][   T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.317847][   T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.412577][   T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.517263][   T70] bridge_slave_1: left allmulticast mode
[  132.519019][   T70] bridge_slave_1: left promiscuous mode
[  132.520699][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.523540][   T70] bridge_slave_0: left allmulticast mode
[  132.525125][   T70] bridge_slave_0: left promiscuous mode
[  132.526747][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.777427][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  132.781194][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  132.784454][   T70] bond0 (unregistering): Released all slaves
[  132.978857][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[  133.118016][   T70] hsr_slave_0: left promiscuous mode
[  133.120049][   T70] hsr_slave_1: left promiscuous mode
[  133.121817][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.124384][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.127191][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.128764][ T5942] Bluetooth: hci3: command tx timeout
[  133.129369][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.153355][   T70] veth1_macvtap: left promiscuous mode
[  133.154936][   T70] veth0_macvtap: left promiscuous mode
[  133.156498][   T70] veth1_vlan: left promiscuous mode
[  133.158045][   T70] veth0_vlan: left promiscuous mode
[  133.841703][   T70] team0 (unregistering): Port device team_slave_1 removed
[  133.922532][   T70] team0 (unregistering): Port device team_slave_0 removed
[  134.471607][ T8160] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  134.491368][ T8160] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  134.495398][ T8160] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  134.499739][ T8160] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  134.553329][ T8160] 8021q: adding VLAN 0 to HW filter on device bond0
[  134.561934][ T8160] 8021q: adding VLAN 0 to HW filter on device team0
[  134.566598][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.569381][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.581945][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.583970][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.679702][ T8160] 8021q: adding VLAN 0 to HW filter on device batadv0
[  134.705793][ T8160] veth0_vlan: entered promiscuous mode
[  134.721638][ T8160] veth1_vlan: entered promiscuous mode
[  134.732211][ T8160] veth0_macvtap: entered promiscuous mode
[  134.735225][ T8160] veth1_macvtap: entered promiscuous mode
[  134.741175][ T8160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.744072][ T8160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.747222][ T8160] batman_adv: batadv0: Interface activated: batadv_slave_0
[  134.753367][ T8160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.756239][ T8160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.760072][ T8160] batman_adv: batadv0: Interface activated: batadv_slave_1
[  134.763758][ T8160] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.766182][ T8160] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.768699][ T8160] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.771093][ T8160] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.802990][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  134.806312][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  134.816654][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  134.825511][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  135.150886][ T8277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.592'.
[  135.551318][ T8295] overlay: ./file0 is not a directory
[  136.039313][ T8327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  136.114172][ T8329] overlayfs: failed to clone upperpath
[  136.426997][ T8332] netlink: 4 bytes leftover after parsing attributes in process `syz.2.609'.
[  136.880731][ T8354] input: syz0 as /devices/virtual/input/input27
[  137.056351][ T8361] overlay: ./file1 is not a directory
[  137.060844][ T8361] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  137.064528][ T8361] overlayfs: missing 'lowerdir'
[  137.323052][ T8377] batman_adv: batadv0: Adding interface: ip6gretap1
[  137.325755][ T8377] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[  137.333337][ T8377] batman_adv: batadv0: Interface activated: ip6gretap1
[  137.354069][ T8377] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input28
[  137.390361][ T5942] Bluetooth: hci1: Malformed LE Event: 0x0d
[  137.540901][   T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.117545][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  138.121626][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  138.126770][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  138.131314][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  138.134823][ T5947] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  138.137075][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  138.235090][ T8392] chnl_net:caif_netlink_parms(): no params data found
[  138.330585][ T8392] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.332602][ T8392] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.334605][ T8392] bridge_slave_0: entered allmulticast mode
[  138.336675][ T8392] bridge_slave_0: entered promiscuous mode
[  138.339906][ T8392] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.342537][ T8392] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.344812][ T8392] bridge_slave_1: entered allmulticast mode
[  138.347062][ T8392] bridge_slave_1: entered promiscuous mode
[  138.376365][ T8392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.381305][ T8392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.410622][ T8392] team0: Port device team_slave_0 added
[  138.414146][ T8392] team0: Port device team_slave_1 added
[  138.432390][ T8392] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.434406][ T8392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.441746][ T8392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.445648][ T8392] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.447268][ T8409] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  138.447611][ T8392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.456687][ T8392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.490287][ T8392] hsr_slave_0: entered promiscuous mode
[  138.492162][ T8392] hsr_slave_1: entered promiscuous mode
[  139.050992][ T8421] netlink: 'syz.4.636': attribute type 10 has an invalid length.
[  139.454622][   T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.533341][   T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.608689][   T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.687670][   T70] bridge_slave_1: left allmulticast mode
[  139.692132][   T70] bridge_slave_1: left promiscuous mode
[  139.694121][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.698101][   T70] bridge_slave_0: left allmulticast mode
[  139.700577][   T70] bridge_slave_0: left promiscuous mode
[  139.702392][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.740648][ T8443] fuse: Bad value for 'fd'
[  139.743046][ T8443] futex_wake_op: syz.2.642 tries to shift op by 32; fix this program
[  140.011746][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.016561][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.020419][   T70] bond0 (unregistering): Released all slaves
[  140.058924][ T8445] e1000 0000:00:06.0 eth0: Unsupported Speed/Duplex configuration
[  140.168746][ T5942] Bluetooth: hci3: command tx timeout
[  140.364454][   T70] hsr_slave_0: left promiscuous mode
[  140.366515][   T70] hsr_slave_1: left promiscuous mode
[  140.368238][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.370591][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.373016][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.375104][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.395734][   T70] veth1_macvtap: left promiscuous mode
[  140.397349][   T70] veth0_macvtap: left promiscuous mode
[  140.399007][   T70] veth1_vlan: left promiscuous mode
[  140.400529][   T70] veth0_vlan: left promiscuous mode
[  141.333637][   T70] team0 (unregistering): Port device team_slave_1 removed
[  141.408807][   T70] team0 (unregistering): Port device team_slave_0 removed
[  141.932159][ T8475] tipc: Started in network mode
[  141.933568][ T8475] tipc: Node identity ffffffff, cluster identity 4711
[  141.935400][ T8475] tipc: Node number set to 4294967295
[  142.137950][ T8392] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  142.143347][ T8392] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  142.146917][ T8392] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  142.150955][ T8392] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  142.199574][ T8392] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.204569][ T8491] netlink: 12 bytes leftover after parsing attributes in process `syz.2.655'.
[  142.213217][ T8392] 8021q: adding VLAN 0 to HW filter on device team0
[  142.221405][ T1171] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.223495][ T1171] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.230948][  T212] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.233013][  T212] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.259879][ T5942] Bluetooth: hci3: command tx timeout
[  142.376487][ T8392] 8021q: adding VLAN 0 to HW filter on device batadv0
[  142.403365][ T8505] SET target dimension over the limit!
[  142.408061][ T8392] veth0_vlan: entered promiscuous mode
[  142.414557][ T8392] veth1_vlan: entered promiscuous mode
[  142.425025][ T8392] veth0_macvtap: entered promiscuous mode
[  142.428057][ T8392] veth1_macvtap: entered promiscuous mode
[  142.439071][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.442082][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.445433][ T8392] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.450927][ T8392] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.453821][ T8392] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.457145][ T8392] batman_adv: batadv0: Interface activated: batadv_slave_1
[  142.461372][ T8392] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.463801][ T8392] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  142.466223][ T8392] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  142.468815][ T8392] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  142.503297][  T212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.506119][  T212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.518129][  T212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.521397][  T212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.059436][ T8516] syz_tun: entered allmulticast mode
[  143.062233][ T8515] syz_tun: left allmulticast mode
[  143.062566][ T8512] input: syz0 as /devices/virtual/input/input29
[  143.494541][ T8527] batman_adv: batadv0: Adding interface: ip6gretap1
[  143.496583][ T8527] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560.
[  143.505197][ T8527] batman_adv: batadv0: Interface activated: ip6gretap1
[  143.525186][ T5942] Bluetooth: hci2: Malformed LE Event: 0x0d
[  143.584868][ T8529] 9pnet: Could not find request transport: xen
[  144.337337][   T40] kauditd_printk_skb: 23 callbacks suppressed
[  144.337352][   T40] audit: type=1804 audit(1742671572.673:437): pid=8540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.671" name="/newroot/64/file0" dev="tmpfs" ino=359 res=1 errno=0
[  144.796070][   T70] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.805190][ T8557] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  144.813943][ T8557] netlink: 52 bytes leftover after parsing attributes in process `syz.4.677'.
[  145.579555][ T8576] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  145.703504][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  145.708101][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  145.711923][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  145.716843][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  145.767507][ T5947] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  145.770641][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  145.881371][ T8582] chnl_net:caif_netlink_parms(): no params data found
[  146.023002][ T8582] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.025908][ T8582] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.032288][ T8582] bridge_slave_0: entered allmulticast mode
[  146.035525][ T8582] bridge_slave_0: entered promiscuous mode
[  146.040368][ T8582] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.043239][ T8582] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.046151][ T8582] bridge_slave_1: entered allmulticast mode
[  146.054096][ T8582] bridge_slave_1: entered promiscuous mode
[  146.096278][ T8582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.102652][ T8582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.132251][ T8582] team0: Port device team_slave_0 added
[  146.136609][ T8582] team0: Port device team_slave_1 added
[  146.159461][ T8582] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.161513][ T8582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.170474][ T8582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.174375][ T8582] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.176388][ T8582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.184587][ T8582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  146.210332][ T8582] hsr_slave_0: entered promiscuous mode
[  146.212477][ T8582] hsr_slave_1: entered promiscuous mode
[  146.214586][ T8582] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  146.216941][ T8582] Cannot create hsr debugfs directory
[  146.379506][ T8594] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  146.382661][ T8594] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0
[  146.555750][   T70] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.639332][   T70] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.743139][   T70] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.825416][   T70] bridge_slave_1: left allmulticast mode
[  146.827580][   T70] bridge_slave_1: left promiscuous mode
[  146.829664][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.834519][   T70] bridge_slave_0: left allmulticast mode
[  146.838642][   T70] bridge_slave_0: left promiscuous mode
[  146.842597][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.051513][ T5942] Bluetooth: hci2: unexpected event for opcode 0x040d
[  147.131147][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  147.135123][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  147.138650][   T70] bond0 (unregistering): Released all slaves
[  147.280814][ T8622] 9pnet: Could not find request transport: xen
[  147.496216][   T70] hsr_slave_0: left promiscuous mode
[  147.501153][   T70] hsr_slave_1: left promiscuous mode
[  147.503633][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  147.506149][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  147.509165][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  147.511383][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  147.538227][   T70] veth1_macvtap: left promiscuous mode
[  147.542476][   T70] veth0_macvtap: left promiscuous mode
[  147.544632][   T70] veth1_vlan: left promiscuous mode
[  147.546326][   T70] veth0_vlan: left promiscuous mode
[  147.848880][ T5942] Bluetooth: hci3: command tx timeout
[  148.348554][   T70] team0 (unregistering): Port device team_slave_1 removed
[  148.443326][   T70] team0 (unregistering): Port device team_slave_0 removed
[  148.969554][ T8660] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  149.312967][ T8582] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  149.316657][ T8582] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  149.320015][ T8582] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  149.324574][ T8582] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  149.372986][ T8582] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.393341][ T8582] 8021q: adding VLAN 0 to HW filter on device team0
[  149.430529][ T8681] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.432501][ T8681] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.437408][ T8681] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.440005][ T8681] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.564194][ T8582] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.585465][ T8582] veth0_vlan: entered promiscuous mode
[  149.591023][ T8582] veth1_vlan: entered promiscuous mode
[  149.606979][ T8582] veth0_macvtap: entered promiscuous mode
[  149.610717][ T8582] veth1_macvtap: entered promiscuous mode
[  149.618271][ T8582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.622960][ T8582] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.626667][ T8582] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.632518][ T8582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.635782][ T8582] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.639330][ T8582] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.643354][ T8582] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.646003][ T8582] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.649770][ T8582] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.653002][ T8582] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.683881][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.686151][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.694367][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.698376][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  149.714595][ T8695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.712'.
[  150.148769][ T8716] overlayfs: failed to clone lowerpath
[  150.844858][ T8728] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[  150.846676][ T8728] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  150.850414][ T8728] vhci_hcd vhci_hcd.0: Device attached
[  151.088701][ T6005] usb 45-1: new high-speed USB device number 3 using vhci_hcd
[  151.309834][ T5942] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  151.312663][ T5942] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  151.375048][ T8756] netlink: 'syz.2.735': attribute type 1 has an invalid length.
[  151.382076][ T8756] bond1: entered promiscuous mode
[  151.383521][ T8756] bond1: entered allmulticast mode
[  151.670552][ T8729] vhci_hcd: connection reset by peer
[  151.674507][ T8685] vhci_hcd: stop threads
[  151.676104][ T8685] vhci_hcd: release socket
[  151.677420][ T8685] vhci_hcd: disconnect device
[  152.111120][ T1170] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.910090][ T8776] netlink: 12 bytes leftover after parsing attributes in process `syz.1.739'.
[  152.940874][ T8776] 8021q: adding VLAN 0 to HW filter on device bond4
[  152.999048][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  153.000901][ T8776] 8021q: adding VLAN 0 to HW filter on device bond4
[  153.004376][ T8776] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  153.004401][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  153.007708][ T8776] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  153.010921][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  153.014280][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  153.016826][ T5947] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  153.019566][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  153.090794][ T8781] chnl_net:caif_netlink_parms(): no params data found
[  153.208719][   T58] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  153.221897][ T8781] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.223915][ T8781] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.225936][ T8781] bridge_slave_0: entered allmulticast mode
[  153.228378][ T8781] bridge_slave_0: entered promiscuous mode
[  153.245577][ T8781] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.248367][ T8781] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.250815][ T8781] bridge_slave_1: entered allmulticast mode
[  153.254206][ T8781] bridge_slave_1: entered promiscuous mode
[  153.299350][ T8781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.303032][ T8781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.355949][ T8781] team0: Port device team_slave_0 added
[  153.362507][ T8781] team0: Port device team_slave_1 added
[  153.390096][ T8781] batman_adv: batadv0: Adding interface: batadv_slave_0
[  153.392157][ T8781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.402073][   T58] usb 9-1: Using ep0 maxpacket: 16
[  153.403772][ T8781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  153.408244][   T58] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  153.409999][ T8781] batman_adv: batadv0: Adding interface: batadv_slave_1
[  153.412233][   T58] usb 9-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  153.414716][ T8781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.417292][   T58] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.427595][ T8781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  153.429829][   T58] usb 9-1: config 0 descriptor??
[  153.438279][   T58] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input30
[  153.582981][ T8781] hsr_slave_0: entered promiscuous mode
[  153.584822][ T8781] hsr_slave_1: entered promiscuous mode
[  153.694325][ T8780] autofs: Bad value for 'fd'
[  153.697394][ T5344] bcm5974 9-1:0.0: could not read from device
[  153.701202][   T58] bcm5974 9-1:0.0: could not read from device
[  153.708079][ T5344] bcm5974 9-1:0.0: could not read from device
[  153.713580][ T5344] bcm5974 9-1:0.0: could not read from device
[  153.721473][ T8806] 9pnet_fd: Insufficient options for proto=fd
[  153.737069][   T58] input: failed to attach handler mousedev to device input30, error: -5
[  153.748778][   T58] usb 9-1: USB disconnect, device number 3
[  153.750499][ T5344] bcm5974 9-1:0.0: could not read from device
[  153.753298][ T5344] bcm5974 9-1:0.0: could not read from device
[  153.942857][ T1170] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.028344][ T1170] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.115134][ T1170] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.205766][ T1170] bridge_slave_1: left allmulticast mode
[  154.207486][ T1170] bridge_slave_1: left promiscuous mode
[  154.209382][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.212885][ T1170] bridge_slave_0: left allmulticast mode
[  154.214480][ T1170] bridge_slave_0: left promiscuous mode
[  154.216156][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.540456][ T1170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.547226][ T1170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.559130][ T1170] bond0 (unregistering): Released all slaves
[  155.049193][ T5947] Bluetooth: hci3: command tx timeout
[  155.056473][ T1170] hsr_slave_0: left promiscuous mode
[  155.059227][ T1170] hsr_slave_1: left promiscuous mode
[  155.061712][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  155.064409][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  155.068108][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  155.071638][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.098150][ T1170] veth1_macvtap: left promiscuous mode
[  155.101817][ T1170] veth0_macvtap: left promiscuous mode
[  155.108772][ T1170] veth1_vlan: left promiscuous mode
[  155.110613][ T1170] veth0_vlan: left promiscuous mode
[  156.032638][ T1170] team0 (unregistering): Port device team_slave_1 removed
[  156.125644][ T1170] team0 (unregistering): Port device team_slave_0 removed
[  156.262308][ T6005] vhci_hcd: vhci_device speed not set
[  156.781124][ T8843] 8021q: adding VLAN 0 to HW filter on device bond5
[  156.800681][ T8847] netlink: 24 bytes leftover after parsing attributes in process `syz.2.760'.
[  156.826422][ T8847] netlink: 32 bytes leftover after parsing attributes in process `syz.2.760'.
[  156.919558][ T8843] bond5 (unregistering): Released all slaves
[  156.988520][ T8781] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  157.003035][ T8781] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  157.007993][ T8781] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  157.014784][ T8781] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  157.042569][ T8857] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  157.085540][ T8781] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.097170][ T8781] 8021q: adding VLAN 0 to HW filter on device team0
[  157.104314][ T8683] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.107069][ T8683] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.125703][ T8683] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.128522][ T8683] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.138742][ T5947] Bluetooth: hci3: command tx timeout
[  157.240217][ T8781] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.263484][ T8781] veth0_vlan: entered promiscuous mode
[  157.269277][ T8781] veth1_vlan: entered promiscuous mode
[  157.285185][ T8781] veth0_macvtap: entered promiscuous mode
[  157.288317][ T8781] veth1_macvtap: entered promiscuous mode
[  157.295143][ T8781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  157.298002][ T8781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.301641][ T8781] batman_adv: batadv0: Interface activated: batadv_slave_0
[  157.306646][ T8781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  157.309901][ T8781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  157.313171][ T8781] batman_adv: batadv0: Interface activated: batadv_slave_1
[  157.317109][ T8781] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  157.319808][ T8781] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  157.322257][ T8781] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  157.325006][ T8781] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  157.349625][   T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.352519][   T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.362353][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.365197][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.596341][ T8874] netlink: 68 bytes leftover after parsing attributes in process `syz.1.768'.
[  157.601261][ T8874] ip6t_srh: unknown srh invflags 85DA
[  158.122001][   T57] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  158.278870][   T57] usb 9-1: Using ep0 maxpacket: 8
[  158.285137][   T57] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  158.289976][   T57] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  158.293936][   T57] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  158.300127][   T57] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  158.303943][   T57] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  158.309907][   T57] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  158.313397][   T57] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.500590][ T8883] netlink: 52 bytes leftover after parsing attributes in process `syz.1.771'.
[  158.506115][ T8883] xt_CT: You must specify a L4 protocol and not use inversions on it
[  158.525455][   T57] usb 9-1: GET_CAPABILITIES returned 0
[  158.527121][   T57] usbtmc 9-1:16.0: can't read capabilities
[  158.636223][ T8891] tmpfs: Group quota block hardlimit too large.
[  158.680565][ T8895] netlink: 20 bytes leftover after parsing attributes in process `syz.2.776'.
[  158.728425][  T835] usb 9-1: USB disconnect, device number 4
[  158.974844][ T8901] overlayfs: failed to clone upperpath
[  159.430485][ T8685] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.559362][  T835] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  160.259283][ T8914] overlayfs: missing 'lowerdir'
[  160.274366][ T8916] overlayfs: failed to clone upperpath
[  160.342916][ T8921] netlink: 24 bytes leftover after parsing attributes in process `syz.1.784'.
[  160.376313][ T5942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  160.383978][ T5942] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  160.387610][ T5942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  160.391255][ T5942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  160.393870][ T5942] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  160.396631][ T5942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  160.412057][ T8928] netlink: 16 bytes leftover after parsing attributes in process `syz.1.786'.
[  160.512514][ T8925] chnl_net:caif_netlink_parms(): no params data found
[  160.607017][ T8925] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.610013][ T8925] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.612783][ T8925] bridge_slave_0: entered allmulticast mode
[  160.612812][ T8940] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  160.615901][ T8925] bridge_slave_0: entered promiscuous mode
[  160.626806][ T8925] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.629884][ T8925] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.635000][ T8925] bridge_slave_1: entered allmulticast mode
[  160.638141][ T8925] bridge_slave_1: entered promiscuous mode
[  160.707686][ T8925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  160.716318][ T8925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  160.759935][ T8925] team0: Port device team_slave_0 added
[  160.767453][ T8925] team0: Port device team_slave_1 added
[  160.808488][ T8925] batman_adv: batadv0: Adding interface: batadv_slave_0
[  160.811556][ T8925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.822113][ T8925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  160.827391][ T8925] batman_adv: batadv0: Adding interface: batadv_slave_1
[  160.830770][ T8925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.840892][ T8925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.887504][ T8925] hsr_slave_0: entered promiscuous mode
[  160.890830][ T8925] hsr_slave_1: entered promiscuous mode
[  160.893585][ T8925] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  160.896381][ T8925] Cannot create hsr debugfs directory
[  161.164531][ T8685] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.268000][ T8685] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.371487][ T8685] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.523917][ T8685] bridge_slave_1: left allmulticast mode
[  161.525500][   T40] audit: type=1800 audit(1742671589.863:438): pid=8951 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.790" name="nullb0" dev="tmpfs" ino=757 res=0 errno=0
[  161.525663][ T8685] bridge_slave_1: left promiscuous mode
[  161.541680][ T8685] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.547411][ T8685] bridge_slave_0: left allmulticast mode
[  161.550159][ T8685] bridge_slave_0: left promiscuous mode
[  161.551925][ T8685] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.808765][ T8685] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  161.813380][ T8685] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  161.816998][ T8685] bond0 (unregistering): Released all slaves
[  162.231949][ T8685] hsr_slave_0: left promiscuous mode
[  162.234919][ T8685] hsr_slave_1: left promiscuous mode
[  162.236593][ T8685] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  162.238729][ T8685] batman_adv: batadv0: Removing interface: batadv_slave_0
[  162.241093][ T8685] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  162.243249][ T8685] batman_adv: batadv0: Removing interface: batadv_slave_1
[  162.268758][ T8685] veth1_macvtap: left promiscuous mode
[  162.270404][ T8685] veth0_macvtap: left promiscuous mode
[  162.272067][ T8685] veth1_vlan: left promiscuous mode
[  162.273624][ T8685] veth0_vlan: left promiscuous mode
[  162.301512][ T8967] netlink: 'syz.1.796': attribute type 8 has an invalid length.
[  162.493072][ T5947] Bluetooth: hci3: command tx timeout
[  162.689575][ T8977] Cannot find add_set index 3 as target
[  162.705915][ T8977] overlayfs: failed to resolve './file0/file0': -2
[  163.054328][ T8685] team0 (unregistering): Port device team_slave_1 removed
[  163.100949][ T7518] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  163.143732][ T8685] team0 (unregistering): Port device team_slave_0 removed
[  163.252277][ T7518] usb 9-1: Using ep0 maxpacket: 16
[  163.261506][ T7518] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  163.266132][ T7518] usb 9-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  163.270190][ T7518] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.276019][ T7518] usb 9-1: config 0 descriptor??
[  163.281793][ T7518] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input31
[  163.494560][ T7518] bcm5974 9-1:0.0: could not read from device
[  163.513008][ T7518] input: failed to attach handler mousedev to device input31, error: -5
[  163.516666][ T7518] usb 9-1: USB disconnect, device number 5
[  163.527129][ T5344] bcm5974 9-1:0.0: could not read from device
[  163.888842][ T8925] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  163.892575][ T8925] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  163.896805][ T8925] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  163.900384][ T8925] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  163.912587][ T8996] overlayfs: failed to clone upperpath
[  163.950177][ T8993] capability: warning: `syz.2.805' uses 32-bit capabilities (legacy support in use)
[  163.969492][ T8925] 8021q: adding VLAN 0 to HW filter on device bond0
[  163.985855][ T8925] 8021q: adding VLAN 0 to HW filter on device team0
[  163.989987][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.992054][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.996958][   T70] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.999022][   T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.117361][ T8925] 8021q: adding VLAN 0 to HW filter on device batadv0
[  164.137296][ T8925] veth0_vlan: entered promiscuous mode
[  164.142426][ T8925] veth1_vlan: entered promiscuous mode
[  164.158270][ T8925] veth0_macvtap: entered promiscuous mode
[  164.162434][ T8925] veth1_macvtap: entered promiscuous mode
[  164.169467][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.172358][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.175985][ T8925] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.182728][ T8925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  164.185671][ T8925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.189344][ T8925] batman_adv: batadv0: Interface activated: batadv_slave_1
[  164.193208][ T8925] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.195647][ T8925] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.198058][ T8925] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.201079][ T8925] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  164.231625][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.234030][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.235059][ T8684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.240496][ T8684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.104059][ T9017] netlink: 'syz.2.809': attribute type 1 has an invalid length.
[  165.431093][ T9026] delete_channel: no stack
[  166.938845][ T8683] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.971380][ T5942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  167.977158][ T5942] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  167.983126][ T5942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  167.986878][ T5942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  167.992022][ T5942] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  167.994334][ T5942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  168.071117][ T9098] chnl_net:caif_netlink_parms(): no params data found
[  168.131906][ T9112] overlayfs: failed to clone lowerpath
[  168.167619][ T9098] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.176642][ T9098] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.179679][ T9098] bridge_slave_0: entered allmulticast mode
[  168.181872][ T9098] bridge_slave_0: entered promiscuous mode
[  168.201014][ T9098] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.203507][ T9098] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.207924][ T9098] bridge_slave_1: entered allmulticast mode
[  168.214599][ T9098] bridge_slave_1: entered promiscuous mode
[  168.272080][ T9098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.286735][ T9098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.326496][ T9098] team0: Port device team_slave_0 added
[  168.331674][ T9098] team0: Port device team_slave_1 added
[  168.364677][ T9098] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.368030][ T9098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.378749][ T9098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  168.382565][ T9098] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.384501][ T9098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  168.391811][ T9098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  168.422068][ T9098] hsr_slave_0: entered promiscuous mode
[  168.424056][ T9098] hsr_slave_1: entered promiscuous mode
[  168.656486][ T9124] FAULT_INJECTION: forcing a failure.
[  168.656486][ T9124] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.660367][ T9124] CPU: 1 UID: 0 PID: 9124 Comm: syz.4.841 Not tainted 6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  168.660391][ T9124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  168.660399][ T9124] Call Trace:
[  168.660403][ T9124]  <TASK>
[  168.660408][ T9124]  dump_stack_lvl+0x16c/0x1f0
[  168.660428][ T9124]  should_fail_ex+0x50a/0x650
[  168.660441][ T9124]  _copy_from_user+0x2e/0xd0
[  168.660453][ T9124]  generic_map_update_batch+0x391/0x5f0
[  168.660472][ T9124]  ? __pfx_generic_map_update_batch+0x10/0x10
[  168.660487][ T9124]  ? __fget_files+0x206/0x3a0
[  168.660503][ T9124]  ? __pfx_generic_map_update_batch+0x10/0x10
[  168.660518][ T9124]  bpf_map_do_batch+0x5a8/0x670
[  168.660533][ T9124]  __sys_bpf+0x1ce4/0x49c0
[  168.660548][ T9124]  ? __pfx_lock_release+0x10/0x10
[  168.660562][ T9124]  ? __pfx___sys_bpf+0x10/0x10
[  168.660577][ T9124]  ? vfs_write+0x306/0x1150
[  168.660592][ T9124]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  168.660614][ T9124]  ? fput+0x67/0x440
[  168.660624][ T9124]  ? ksys_write+0x1ba/0x250
[  168.660637][ T9124]  ? __pfx_ksys_write+0x10/0x10
[  168.660652][ T9124]  __ia32_sys_bpf+0x76/0xe0
[  168.660662][ T9124]  __do_fast_syscall_32+0x73/0x120
[  168.660678][ T9124]  do_fast_syscall_32+0x32/0x80
[  168.660692][ T9124]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  168.660708][ T9124] RIP: 0023:0xf7f67579
[  168.660716][ T9124] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  168.660726][ T9124] RSP: 002b:00000000f506555c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  168.660735][ T9124] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000080000300
[  168.660741][ T9124] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  168.660747][ T9124] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  168.660752][ T9124] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  168.660758][ T9124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  168.660769][ T9124]  </TASK>
[  168.738356][ T8683] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.839076][ T8683] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.912524][ T8683] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.036803][ T8683] bridge_slave_1: left allmulticast mode
[  169.039153][ T8683] bridge_slave_1: left promiscuous mode
[  169.040894][ T8683] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.045240][ T8683] bridge_slave_0: left allmulticast mode
[  169.047107][ T8683] bridge_slave_0: left promiscuous mode
[  169.053326][ T8683] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.342311][ T8683] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  169.346533][ T8683] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.350631][ T8683] bond0 (unregistering): Released all slaves
[  169.676535][ T8683] hsr_slave_0: left promiscuous mode
[  169.679998][ T8683] hsr_slave_1: left promiscuous mode
[  169.682705][ T8683] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.686918][ T8683] batman_adv: batadv0: Removing interface: batadv_slave_0
[  169.695000][ T8683] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  169.698003][ T8683] batman_adv: batadv0: Removing interface: batadv_slave_1
[  169.740653][ T8683] veth1_macvtap: left promiscuous mode
[  169.742822][ T8683] veth0_macvtap: left promiscuous mode
[  169.744489][ T8683] veth1_vlan: left promiscuous mode
[  169.748783][ T8683] veth0_vlan: left promiscuous mode
[  170.010090][ T5942] Bluetooth: hci3: command tx timeout
[  170.110781][ T9159] netlink: 'syz.4.852': attribute type 10 has an invalid length.
[  170.113737][ T9159] netlink: 2 bytes leftover after parsing attributes in process `syz.4.852'.
[  170.514026][ T8683] team0 (unregistering): Port device team_slave_1 removed
[  170.615051][ T8683] team0 (unregistering): Port device team_slave_0 removed
[  171.280745][ T9159] team0: entered promiscuous mode
[  171.282189][ T9159] team_slave_0: entered promiscuous mode
[  171.283906][ T9159] team_slave_1: entered promiscuous mode
[  171.286384][ T9159] 8021q: adding VLAN 0 to HW filter on device team0
[  171.290859][ T9159] bridge0: port 3(team0) entered blocking state
[  171.293309][ T9159] bridge0: port 3(team0) entered disabled state
[  171.296772][ T9159] team0: entered allmulticast mode
[  171.298764][ T9159] team_slave_0: entered allmulticast mode
[  171.301439][ T9159] team_slave_1: entered allmulticast mode
[  171.304152][ T9159] bridge0: port 3(team0) entered blocking state
[  171.305900][ T9159] bridge0: port 3(team0) entered forwarding state
[  171.418453][ T9098] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  171.431293][ T9098] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  171.434963][ T9098] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  171.438511][ T9098] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  171.469603][ T9098] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.476573][ T9098] 8021q: adding VLAN 0 to HW filter on device team0
[  171.481225][ T8684] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.483246][ T8684] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.487953][ T8685] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.490083][ T8685] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.681388][ T9098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  171.718535][ T9098] veth0_vlan: entered promiscuous mode
[  171.724361][ T9098] veth1_vlan: entered promiscuous mode
[  171.740183][ T9098] veth0_macvtap: entered promiscuous mode
[  171.750404][ T9098] veth1_macvtap: entered promiscuous mode
[  171.761391][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  171.765186][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  171.770097][ T9098] batman_adv: batadv0: Interface activated: batadv_slave_0
[  171.770211][ T9183] openvswitch: netlink: Flow actions attr not present in new flow.
[  171.774570][ T9098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  171.779951][ T9098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  171.784252][ T9098] batman_adv: batadv0: Interface activated: batadv_slave_1
[  171.790391][ T9098] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  171.793704][ T9098] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  171.796636][ T9098] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  171.799369][ T9098] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  171.835345][ T8684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  171.838255][ T8684] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  171.852748][ T8684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  171.855184][ T8684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  172.442519][   T40] audit: type=1326 audit(1742671600.783:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9191 comm="syz.4.861" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f67579 code=0x0
[  172.499599][ T9203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  172.509930][ T9203] netlink: 4 bytes leftover after parsing attributes in process `syz.4.861'.
[  172.552474][ T9205] overlayfs: failed to clone upperpath
[  172.604592][ T9207] SET target dimension over the limit!
[  173.940902][   T40] audit: type=1326 audit(1742671602.283:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.946999][   T40] audit: type=1326 audit(1742671602.283:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.953074][   T40] audit: type=1326 audit(1742671602.283:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.959096][   T40] audit: type=1326 audit(1742671602.283:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.964913][   T40] audit: type=1326 audit(1742671602.283:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.971099][   T40] audit: type=1326 audit(1742671602.283:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.976929][   T40] audit: type=1326 audit(1742671602.283:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.982898][   T40] audit: type=1326 audit(1742671602.283:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  173.988780][   T40] audit: type=1326 audit(1742671602.283:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9241 comm="syz.4.879" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  174.517608][ T8685] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.527025][ T9255] netlink: 'syz.2.882': attribute type 4 has an invalid length.
[  175.584284][ T9258] netlink: 8692 bytes leftover after parsing attributes in process `syz.2.884'.
[  175.623438][ T9265] overlayfs: missing 'lowerdir'
[  175.691134][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  175.696135][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  175.700450][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  175.704907][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  175.707815][ T5947] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  175.710769][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  175.808507][ T9267] chnl_net:caif_netlink_parms(): no params data found
[  175.973055][ T9267] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.977175][ T9267] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.984563][ T9267] bridge_slave_0: entered allmulticast mode
[  175.997263][ T9267] bridge_slave_0: entered promiscuous mode
[  176.002635][ T9267] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.004593][ T9267] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.007074][ T9267] bridge_slave_1: entered allmulticast mode
[  176.009851][ T9267] bridge_slave_1: entered promiscuous mode
[  176.034318][ T9267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.038313][ T9267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  176.076548][ T8685] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.084843][ T9267] team0: Port device team_slave_0 added
[  176.089614][ T9267] team0: Port device team_slave_1 added
[  176.122308][ T9267] batman_adv: batadv0: Adding interface: batadv_slave_0
[  176.124758][ T9267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.133545][ T9267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  176.139451][ T9267] batman_adv: batadv0: Adding interface: batadv_slave_1
[  176.141848][ T9267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.150597][ T9267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.208284][ T8685] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.214891][ T9267] hsr_slave_0: entered promiscuous mode
[  176.216938][ T9267] hsr_slave_1: entered promiscuous mode
[  176.219081][ T9267] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.221530][ T9267] Cannot create hsr debugfs directory
[  176.269971][ T8685] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.365982][ T8685] bridge_slave_1: left allmulticast mode
[  176.368077][ T8685] bridge_slave_1: left promiscuous mode
[  176.370712][ T8685] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.375142][ T8685] bridge_slave_0: left allmulticast mode
[  176.377112][ T8685] bridge_slave_0: left promiscuous mode
[  176.378959][ T8685] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.623399][ T9298] netlink: 'syz.4.888': attribute type 8 has an invalid length.
[  176.710273][ T9300] 9pnet_fd: Insufficient options for proto=fd
[  176.760625][ T8685] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  176.764808][ T8685] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  176.768572][ T8685] bond0 (unregistering): Released all slaves
[  176.867223][ T9300] ------------[ cut here ]------------
[  176.869921][ T9300] refcount_t: underflow; use-after-free.
[  176.872372][ T9300] WARNING: CPU: 1 PID: 9300 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  176.876017][ T9300] Modules linked in:
[  176.877598][ T9300] CPU: 1 UID: 0 PID: 9300 Comm: syz.2.895 Not tainted 6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  176.883306][ T9300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  176.887012][ T9300] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  176.889028][ T9300] Code: ff 89 de e8 e8 34 f7 fc 84 db 0f 85 66 ff ff ff e8 3b 3a f7 fc c6 05 ef 62 88 0b 01 90 48 c7 c7 e0 06 d3 8b e8 27 6b b7 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 18 3a f7 fc 0f b6 1d ca 62 88 0b 31
[  176.894550][ T9300] RSP: 0018:ffffc900038479b8 EFLAGS: 00010282
[  176.896326][ T9300] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90007921000
[  176.898699][ T9300] RDX: 0000000000080000 RSI: ffffffff817a2276 RDI: 0000000000000001
[  176.901485][ T9300] RBP: ffff888067447550 R08: 0000000000000001 R09: 0000000000000000
[  176.904455][ T9300] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
[  176.907439][ T9300] R13: 0000000000000000 R14: ffff888067447550 R15: ffff88800ddbc000
[  176.910718][ T9300] FS:  0000000000000000(0000) GS:ffff88802b500000(0063) knlGS:00000000f50d6b40
[  176.913321][ T9300] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  176.915161][ T9300] CR2: 0000000081000000 CR3: 0000000068ba6000 CR4: 0000000000352ef0
[  176.918070][ T9300] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  176.920966][ T9300] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  176.923314][ T9300] Call Trace:
[  176.924291][ T9300]  <TASK>
[  176.925170][ T9300]  ? __warn+0xea/0x3c0
[  176.926353][ T9300]  ? preempt_schedule_notrace+0x62/0xe0
[  176.928065][ T9300]  ? refcount_warn_saturate+0x14a/0x210
[  176.929741][ T9300]  ? report_bug+0x3c0/0x580
[  176.931096][ T9300]  ? handle_bug+0x54/0xa0
[  176.932332][ T9300]  ? exc_invalid_op+0x17/0x50
[  176.934029][ T9300]  ? asm_exc_invalid_op+0x1a/0x20
[  176.936016][ T9300]  ? __warn_printk+0x1a6/0x350
[  176.937881][ T9300]  ? refcount_warn_saturate+0x14a/0x210
[  176.939544][ T9300]  ? refcount_warn_saturate+0x149/0x210
[  176.941144][ T9300]  io_tx_ubuf_complete+0x236/0x280
[  176.942617][ T9300]  ? __io_submit_flush_completions+0xb85/0x1df0
[  176.944393][ T9300]  io_send_zc_cleanup+0x8a/0x1c0
[  176.945857][ T9300]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[  176.947416][ T9300]  __io_submit_flush_completions+0xcb3/0x1df0
[  176.949284][ T9300]  ctx_flush_and_put.constprop.0+0x9a/0x410
[  176.950959][ T9300]  io_handle_tw_list+0x3df/0x540
[  176.952397][ T9300]  ? __pfx_io_handle_tw_list+0x10/0x10
[  176.953988][ T9300]  tctx_task_work_run+0xac/0x390
[  176.955388][ T9300]  tctx_task_work+0x7b/0xd0
[  176.956713][ T9300]  ? __pfx_tctx_task_work+0x10/0x10
[  176.958242][ T9300]  task_work_run+0x14e/0x250
[  176.959630][ T9300]  ? __pfx_task_work_run+0x10/0x10
[  176.961132][ T9300]  get_signal+0x1d3/0x26c0
[  176.962435][ T9300]  ? __pfx_get_signal+0x10/0x10
[  176.964019][ T9300]  ? fput+0x67/0x440
[  176.965232][ T9300]  ? __do_sys_io_uring_enter+0x60f/0x1670
[  176.966874][ T9300]  arch_do_signal_or_restart+0x90/0x7e0
[  176.968451][ T9300]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  176.970320][ T9300]  ? rcu_is_watching+0x12/0xc0
[  176.971709][ T9300]  syscall_exit_to_user_mode+0x150/0x2a0
[  176.973375][ T9300]  __do_fast_syscall_32+0x80/0x120
[  176.974862][ T9300]  do_fast_syscall_32+0x32/0x80
[  176.976399][ T9300]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  176.979105][ T9300] RIP: 0023:0xf7fb1579
[  176.980723][ T9300] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  176.987973][ T9300] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  176.991190][ T9300] RAX: 0000000000004000 RBX: 0000000000000005 RCX: 00000000000047bc
[  176.993738][ T9300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  176.995919][ T9300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  176.998105][ T9300] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  177.000365][ T9300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.002561][ T9300]  </TASK>
[  177.003743][ T9300] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  177.006435][ T9300] CPU: 1 UID: 0 PID: 9300 Comm: syz.2.895 Not tainted 6.14.0-rc7-syzkaller-00196-g88d324e69ea9 #0
[  177.009357][ T9300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  177.012302][ T9300] Call Trace:
[  177.013479][ T9300]  <TASK>
[  177.014317][ T9300]  dump_stack_lvl+0x3d/0x1f0
[  177.016066][ T9300]  panic+0x71d/0x800
[  177.017602][ T9300]  ? __pfx_panic+0x10/0x10
[  177.019019][ T9300]  ? show_trace_log_lvl+0x29d/0x3d0
[  177.020561][ T9300]  ? refcount_warn_saturate+0x14a/0x210
[  177.022160][ T9300]  check_panic_on_warn+0xab/0xb0
[  177.023625][ T9300]  __warn+0xf6/0x3c0
[  177.025016][ T9300]  ? preempt_schedule_notrace+0x62/0xe0
[  177.027146][ T9300]  ? refcount_warn_saturate+0x14a/0x210
[  177.028966][ T9300]  report_bug+0x3c0/0x580
[  177.030232][ T9300]  handle_bug+0x54/0xa0
[  177.031433][ T9300]  exc_invalid_op+0x17/0x50
[  177.032933][ T9300]  asm_exc_invalid_op+0x1a/0x20
[  177.034794][ T9300] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  177.036577][ T9300] Code: ff 89 de e8 e8 34 f7 fc 84 db 0f 85 66 ff ff ff e8 3b 3a f7 fc c6 05 ef 62 88 0b 01 90 48 c7 c7 e0 06 d3 8b e8 27 6b b7 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 18 3a f7 fc 0f b6 1d ca 62 88 0b 31
[  177.043400][ T9300] RSP: 0018:ffffc900038479b8 EFLAGS: 00010282
[  177.045762][ T9300] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90007921000
[  177.048752][ T9300] RDX: 0000000000080000 RSI: ffffffff817a2276 RDI: 0000000000000001
[  177.051787][ T9300] RBP: ffff888067447550 R08: 0000000000000001 R09: 0000000000000000
[  177.054807][ T9300] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001
[  177.057821][ T9300] R13: 0000000000000000 R14: ffff888067447550 R15: ffff88800ddbc000
[  177.060836][ T9300]  ? __warn_printk+0x1a6/0x350
[  177.062693][ T9300]  ? refcount_warn_saturate+0x149/0x210
[  177.064835][ T9300]  io_tx_ubuf_complete+0x236/0x280
[  177.066778][ T9300]  ? __io_submit_flush_completions+0xb85/0x1df0
[  177.069188][ T9300]  io_send_zc_cleanup+0x8a/0x1c0
[  177.071118][ T9300]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[  177.073239][ T9300]  __io_submit_flush_completions+0xcb3/0x1df0
[  177.075223][ T9300]  ctx_flush_and_put.constprop.0+0x9a/0x410
[  177.077513][ T9300]  io_handle_tw_list+0x3df/0x540
[  177.079430][ T9300]  ? __pfx_io_handle_tw_list+0x10/0x10
[  177.080969][ T9300]  tctx_task_work_run+0xac/0x390
[  177.082353][ T9300]  tctx_task_work+0x7b/0xd0
[  177.083629][ T9300]  ? __pfx_tctx_task_work+0x10/0x10
[  177.085106][ T9300]  task_work_run+0x14e/0x250
[  177.086410][ T9300]  ? __pfx_task_work_run+0x10/0x10
[  177.087851][ T9300]  get_signal+0x1d3/0x26c0
[  177.089223][ T9300]  ? __pfx_get_signal+0x10/0x10
[  177.090595][ T9300]  ? fput+0x67/0x440
[  177.091700][ T9300]  ? __do_sys_io_uring_enter+0x60f/0x1670
[  177.093292][ T9300]  arch_do_signal_or_restart+0x90/0x7e0
[  177.095004][ T9300]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  177.097042][ T9300]  ? rcu_is_watching+0x12/0xc0
[  177.098647][ T9300]  syscall_exit_to_user_mode+0x150/0x2a0
[  177.100520][ T9300]  __do_fast_syscall_32+0x80/0x120
[  177.101965][ T9300]  do_fast_syscall_32+0x32/0x80
[  177.103334][ T9300]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  177.105093][ T9300] RIP: 0023:0xf7fb1579
[  177.106368][ T9300] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  177.111753][ T9300] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  177.114116][ T9300] RAX: 0000000000004000 RBX: 0000000000000005 RCX: 00000000000047bc
[  177.116473][ T9300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  177.118646][ T9300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.120832][ T9300] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  177.123055][ T9300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.125255][ T9300]  </TASK>
[  177.126724][ T9300] Kernel Offset: disabled
[  177.128008][ T9300] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:18:12  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000354a29 RBX=0000000000000000 RCX=ffffffff8b557469 RDX=0000000000000000
RSI=ffffffff8b6cfc80 RDI=ffffffff8bd359e0 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20
R8 =0000000000000001 R9 =ffffed1005686f85 R10=ffff88802b437c2b R11=0000000000000000
R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff90628e10 R15=0000000000000000
RIP=ffffffff8b55884f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080f1f000 CR3=000000005bc5a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff853eaa55 RDI=ffffffff9ab72ea0 RBP=ffffffff9ab72e60 RSP=ffffc90003847338
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000005
R12=0000000000000000 R13=0000000000000033 R14=ffffffff9ab72e60 R15=0000000000000000
RIP=ffffffff853eaa7f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000081000000 CR3=0000000068ba6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000001a6c79 RBX=0000000000000002 RCX=ffffffff8b557469 RDX=0000000000000000
RSI=ffffffff8b6cfc80 RDI=ffffffff8bd359e0 RBP=ffffed1003ad0488 RSP=ffffc9000049fe08
R8 =0000000000000001 R9 =ffffed10056c6f85 R10=ffff88802b637c2b R11=0000000000000000
R12=0000000000000002 R13=ffff88801d682440 R14=ffffffff90628e10 R15=0000000000000000
RIP=ffffffff8b55884f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f74b6188 CR3=0000000068ba6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000003 RBX=0000000000000011 RCX=1ffff110081d4001 RDX=dffffc0000000000
RSI=ffffffff8b7d79e0 RDI=ffff888040ea0008 RBP=000000000000000e RSP=ffffc90003077760
R8 =ffffffffffffffff R9 =0000000000045e00 R10=ffffffff96ec2cc7 R11=0000000000000003
R12=0000000000046480 R13=ffff888040e8e730 R14=ffff888040e8e000 R15=0000000000000088
RIP=ffffffff8223f9a3 RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7fd6e40 CR3=000000004abf4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f746cff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000