last executing test programs:

3m17.760422324s ago: executing program 3 (id=662):
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e08003950323030"], 0x15)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x191, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x183, 0x0, 0x0, 0x0, 0x84, 0x0, @remote, @broadcast}, "dd9dec79219eb549dbd024c796335bc5ff0e043319357749084ca9d0ae1378f4e88112a2f7c10fd1523b9007773fd2b2bd0ebabccd2e5c35fb3baff587585840f2530c6f4d025f118440ac22a8b34da7b5e1e873bd429686be3ef84439e05fc0fefedb8b897b09445a9e10cf24aec2ff3ca6a86d94df0c4a928ed904dcfb02e6c6c5918a839d33cb9b55dfb3cd89d80eb18dc06415d313b4ea240a65eff4b941ac018e8f81de044239960271333255291b5fbfdcf8db25e175640f36986b859aeb3370ca17e6a20aeeb5c5d27eb097fc1fab796a7ff8fcbe119bbe4be2c8a5c58890191c59bea20bfe4edf9c5453e59f610d3bd1d6eb49b02e464aee0480187c5717936add1347b08cdf5b056adb941708e8a0498900419e98b75658c6dd00f88eebf8c9aaee2e38c80eafcf6ca08ea305da9c7050948ef78a1457a2e933287fe8d2e100cb00078ed829985f8812d543cc5cdb71521f4113829551efe915e4d6773f2d285cc1e8813919356ca5ef20"}}}}, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x202, 0x36)
write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0x139)

3m17.699346884s ago: executing program 3 (id=663):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x24, 0x20, 0x301, 0x1, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FRA_GENERIC_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e20}}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x20008040)

3m17.699218996s ago: executing program 3 (id=664):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x80, 0x80, 0xfd, 0x0, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000814}, 0x20000050)

3m17.608886246s ago: executing program 3 (id=666):
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)
r1 = epoll_create1(0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
fstat(r1, &(0x7f0000000180))
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket$key(0xf, 0x3, 0x2)
r2 = socket$key(0xf, 0x3, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

3m17.487878088s ago: executing program 3 (id=667):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000002280)={0x3, &(0x7f0000000180)=[{0x20, 0x0, 0x8, 0xfffff010}, {0x48}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10)
r1 = socket$inet6(0xa, 0x3, 0x3a)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4ea4, 0x0, @local, 0x3}, 0x1c)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd0}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

3m16.751748266s ago: executing program 3 (id=676):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60"], 0x0}, 0x94)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB='\v\x00\x00'], 0x119)

3m16.610070483s ago: executing program 32 (id=676):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60"], 0x0}, 0x94)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB='\v\x00\x00'], 0x119)

8.739716022s ago: executing program 1 (id=2180):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000b80), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002bbd7000fedbdf250c00000008000500cf6b95f0"], 0x1c}, 0x1, 0x0, 0x0, 0x840}, 0x40840)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

8.738873398s ago: executing program 1 (id=2181):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080)="11000000140025000307f4f9002304000a", 0x11)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="15a31ae9b77a306d5d3418def83421daef8bc61f50c603b6e2072bf9aa93746fe11ce6cc33ca4fe0f3cbfd228dd5a2951f1218dacfd2cc0e36966c9fde554cdc4ca8602ee26302ae43760573b94c", @ANYRESDEC=0x0, @ANYBLOB="2489f2ff4c07e09fa28aaf455d08a155c648b11556baff00fadda8159f18b6e4e7a72114573fc922b29302bbb534ce2e14f88c00fbf1c8d7068da0bbaa4d2073fcedfab24736f8aa1b52caa9dc7e8fc210c8c61aef60dc0b6c9bde9285aab16d91f8e551fe8636dcfa2dfdeb1a19c297dc1c9e4f1a2ba4c0607082da9e4dda7c6e70034c12891fe5163a6b9cfa6f62f012b28115f42049ddbd38b7597b28f3", @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
getresgid(&(0x7f0000000500), &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000a40))
fchownat(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', 0x0, r5, 0x400)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000100)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x2, r7}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x200ce8c4)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=<r8=>r7], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="500000000906010200000000000000e1020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00148008000140ac1414bb0c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRES16, @ANYBLOB="925368da551da92db50e2667f51a73368b0a780c9f682cf7d77c37af49f5d23f8957e47871c7782348035453f2d7a6054a8feaf23b", @ANYRES8, @ANYBLOB="f7b23a56f5ed4ced3b3267f6d8a671c76150cbe63ebb805f15c6bbbaf0a775a5ca4faa9faa67fedf398edef74b412ce99931562e35a57bcdc4c33ff5e55fbc06024562d9e28b55060904a6ac4a9356f3a71c8fe99dc08b0aa248cc77a980bf70caddd8fed63b846183a9b64d5fcdcd3d991a92c3ac86315d0655f71398d2415cb7a992ed83968d71479800f2a1f743a73cc7ea9c06bc22b11b8a50d4c1b6e642dfa5227eb451e159076b22c09cb2eff7a94e9570dd46eb5d14c6fdd4c0c8e6ab3beda09e72cc301a548df76a25a4239c687c5ad137999143086d0a272afc59bb1882f7230f3971313428b138b254c19dcc", @ANYBLOB="b9009a6e1df19ab7dc4eededb7c21f89fb6341b3b9d45c4d1731a9d52ae2047ebd1cae4aa0b687cf78ba44bec69993c662e911d5443b8eabdc797d49229d2fa88d1927f0180f3d578c2b5aecb854a6c5064fcc83be21f73875d551fedaffc412b40ca276ada84010732045d04970010da2537e3c00fb4326b86f2d3c565b4661d9265312ddb202df471353c85b1901532f4e8d066ae7992f050ac680b7167e50b56691daecd9601e169d51c8c214e97651f08ab41ea27041d86c52c0771c54683cffecd92351ee0caf31d6e8b94edd98b4b93316a4e6d790afb6fbd882079cb2", @ANYRESOCT=r8], 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x0)

7.173683638s ago: executing program 1 (id=2191):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080)="11000000140025000307f4f9002304000a", 0x11)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="15a31ae9b77a306d5d3418def83421daef8bc61f50c603b6e2072bf9aa93746fe11ce6cc33ca4fe0f3cbfd228dd5a2951f1218dacfd2cc0e36966c9fde554cdc4ca8602ee26302ae43760573b94c", @ANYRESDEC=0x0, @ANYBLOB="2489f2ff4c07e09fa28aaf455d08a155c648b11556baff00fadda8159f18b6e4e7a72114573fc922b29302bbb534ce2e14f88c00fbf1c8d7068da0bbaa4d2073fcedfab24736f8aa1b52caa9dc7e8fc210c8c61aef60dc0b6c9bde9285aab16d91f8e551fe8636dcfa2dfdeb1a19c297dc1c9e4f1a2ba4c0607082da9e4dda7c6e70034c12891fe5163a6b9cfa6f62f012b28115f42049ddbd38b7597b28f3", @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
getresgid(&(0x7f0000000500), &(0x7f0000000540)=<r5=>0x0, &(0x7f0000000a40))
fchownat(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', 0x0, r5, 0x400)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000100)={'team0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x2, r7}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x200ce8c4)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=<r8=>r7], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="500000000906010200000000000000e1020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00148008000140ac1414bb0c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRES16, @ANYBLOB="925368da551da92db50e2667f51a73368b0a780c9f682cf7d77c37af49f5d23f8957e47871c7782348035453f2d7a6054a8feaf23b", @ANYRES8, @ANYBLOB="f7b23a56f5ed4ced3b3267f6d8a671c76150cbe63ebb805f15c6bbbaf0a775a5ca4faa9faa67fedf398edef74b412ce99931562e35a57bcdc4c33ff5e55fbc06024562d9e28b55060904a6ac4a9356f3a71c8fe99dc08b0aa248cc77a980bf70caddd8fed63b846183a9b64d5fcdcd3d991a92c3ac86315d0655f71398d2415cb7a992ed83968d71479800f2a1f743a73cc7ea9c06bc22b11b8a50d4c1b6e642dfa5227eb451e159076b22c09cb2eff7a94e9570dd46eb5d14c6fdd4c0c8e6ab3beda09e72cc301a548df76a25a4239c687c5ad137999143086d0a272afc59bb1882f7230f3971313428b138b254c19dcc", @ANYBLOB="b9009a6e1df19ab7dc4eededb7c21f89fb6341b3b9d45c4d1731a9d52ae2047ebd1cae4aa0b687cf78ba44bec69993c662e911d5443b8eabdc797d49229d2fa88d1927f0180f3d578c2b5aecb854a6c5064fcc83be21f73875d551fedaffc412b40ca276ada84010732045d04970010da2537e3c00fb4326b86f2d3c565b4661d9265312ddb202df471353c85b1901532f4e8d066ae7992f050ac680b7167e50b56691daecd9601e169d51c8c214e97651f08ab41ea27041d86c52c0771c54683cffecd92351ee0caf31d6e8b94edd98b4b93316a4e6d790afb6fbd882079cb2", @ANYRESOCT=r8], 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x0)

5.61971208s ago: executing program 2 (id=2209):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x6, 0x4, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0203", 0x2, 0x0, 0x0, 0x0)
unshare(0x2c020400)
r4 = msgget$private(0x0, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r5, 0x110, 0x3)
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000000), 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f00000001c0)=[@in6={0xa, 0x4a21, 0xdec, @private2, 0x6}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r6, 0x84, 0x6d, &(0x7f0000000200)={0x0, 0x10, "69a2c521bb4fdf5d1c5e64724bab22cf"}, &(0x7f0000000100)=0x18)
msgrcv(r4, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)
syz_usb_control_io(r3, 0x0, 0x0)
r7 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_control_io(r7, &(0x7f0000000540)={0x18, &(0x7f0000000300)={0x20, 0xa, 0xf0, {0xf0, 0x22, "042965f0412066e609170839f44dedf3a246804885f28169acb82c70b035a2824c7a49710f269d8b2804c3f34a449f38e8ccbb8dc0ed78b7438735f0cdca8197172486ffb1a280174ec02b5d76c9d8edde0d6c11620594ff2badc70fa9d5b52523bc521170dbd4e9c4bba9eb925c37a3199a7eeac1064ce12c7708307fbed4746646f0a975a4954fbb1c252a7b62a70ce99ccf9f4f8b90dcf4d7af3caa2806a8b2421b3868ddb4cbce14f17d6c8e97ad76097fff097c68620b999aa14f9900770f2a3a16a5872979930d003ed96952aceabbc1a1223d1d56288451375b8d1fc7d7c17bc52361e81b35f1c66e80af"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42c}}, &(0x7f0000000240)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6e, 0x2, 0x6, 0x7, "51b4200d", "fd1e94d2"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xc, 0x2, 0x9, 0x4a, 0x9, 0x7, 0x3e}}}, &(0x7f0000000b40)={0x44, &(0x7f0000000680)={0x40, 0x13, 0xc6, "8ea1b6aa616796aea6c219b35b94bafecbd2a1dd8f7cbcb47fe97ed0d2e33611983cc894ace10514b15383c6b56285cca729c9ac1f8b5c559ba7b2a974bb913d7a2d79c8870dd062ac1b280f26f75fc64e3f69bc56b8a5cd14c5e1f0a4d3f823476e8c6a51565b0e5b7d820ebc17552cff0946b6a4a7f6fb13856458d42ca19db20ab1e19d171684f182535d4d82b4a4e87a34d2135a75fb5a2b14715bd37c985b52c24d2c06a31df49d15624458e5b2c3eb8215dac880cc48093e8f1ab81c418433b127072e"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x1}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x10}, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000780)={0x20, 0x0, 0x4, {0x140, 0x80}}, &(0x7f00000007c0)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000900)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000940)={0x40, 0xb, 0x2, "f292"}, &(0x7f0000000980)={0x40, 0xf, 0x2, 0x81}, &(0x7f00000009c0)={0x40, 0x13, 0x6, @broadcast}, 0xffffffffffffffff, &(0x7f0000000a00)={0x40, 0x19, 0x2, "1329"}, &(0x7f0000000a40)={0x40, 0x1a, 0x2, 0xd4e3}, &(0x7f0000000a80)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000ac0)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x8}})
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
ioctl$FS_IOC_GETVERSION(r8, 0xc0145b0d, &(0x7f0000000040))
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xf8, 0x0, 0xe4}]}, 0x8)
syz_usb_disconnect(r7)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)

5.478636914s ago: executing program 1 (id=2210):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)='\b\x00\x00\x00', 0x4}, {0x0, 0x18}], 0x2)
r1 = syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0185647, &(0x7f00000002c0)={0xf000000, 0x3e4, 0x84, 0xffffffffffffffff, 0x0, &(0x7f0000000280)={0xa00001, 0x4, '\x00', @string=0x0}})

5.477836405s ago: executing program 1 (id=2212):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0), 0x80)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x9, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x44004000)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000040)=ANY=[@ANYRESOCT, @ANYRES8=r0], 0x16c4}, 0x1, 0x0, 0x0, 0x4008051}, 0x24008050)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={&(0x7f0000000180), 0x0, 0x0, 0x0, 0x3, r3}, 0x38)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000340), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
openat$cgroup_ro(r4, &(0x7f0000000180)='pids.current\x00', 0x275a, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r5, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)

5.049516078s ago: executing program 1 (id=2214):
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES64=0x0], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000440)="ed", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r1, 0x0, 0x0, 0x102, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000008440000200012800b00010067656e657665000010000280040010"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_setup(0x80000001, &(0x7f00000002c0))
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x6, 0x6, 0x0, 0x0, 0x0, {0x6, 0x32, 0x3, 0x0, 0x0, 0x4, 0x0, @in=@rand_addr=0x10003300, @in6=@private2}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_address={0x3, 0x6, 0x2b, 0x0, 0x0, @in={0x2, 0x0, @private}}]}, 0x80}}, 0x0)
bind$rxrpc(r3, &(0x7f00000001c0)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x24)
close_range(r2, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
symlink(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000280)='./bus\x00')
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x40049366, 0x0)
r6 = openat$vicodec1(0xffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r6, 0x4020565b, &(0x7f0000000080)={0x0, 0xc46, 0x2})
syz_emit_ethernet(0x42, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa00000404bda25f1094a9205a37625aa26f8eb8e0fc12012bc0c3b975f1ef291aacba7a9b4bbfa4cae700"/66], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x7, 0x200000)
ioctl$SNDRV_PCM_IOCTL_LINK(r8, 0x40044160, &(0x7f0000000080)=0x5fffffff)

2.579421665s ago: executing program 2 (id=2233):
syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x20, 0x0, 0x341, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x208}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1902)

2.499024221s ago: executing program 2 (id=2236):
socket$rxrpc(0x21, 0x2, 0x2)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000180)='./file2\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x59455247, 0xf00, 0x8, 0x1, @discrete={0x5, 0x29}})
open(&(0x7f0000000380)='./file0\x00', 0x0, 0x100)
r1 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, 0x0, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r7, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
socket(0x200000000000011, 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x4, 0x0, 0x5374}, 0x1d, [0x8000, 0x78, 0xf, 0x2, 0x80, 0x6, 0x203, 0x7e, 0x4, 0x4b, 0x39cc1919, 0x42, 0x9, 0x5, 0xffff2d34, 0x881, 0x6, 0x3, 0x0, 0x5, 0x4, 0x3, 0xfffffffc, 0x100, 0x1, 0x0, 0x9, 0x2, 0x15bb, 0x2, 0x7, 0xc, 0x7, 0x3, 0x7fff, 0x7, 0x80000000, 0xa72, 0x3, 0x7ff, 0x0, 0x71, 0xe, 0x5, 0x1, 0x5, 0x9, 0x3a, 0xffffff7f, 0x6, 0x6, 0xfffc0003, 0x5, 0x4, 0x10000008, 0x101, 0x90, 0x2, 0x4, 0x9, 0x8, 0x7, 0x1f, 0x40], [0x10000007, 0x3, 0x800, 0x8000, 0x10, 0xffeffff3, 0x8, 0x200c7, 0xc137, 0x10, 0x2bf, 0x6c9, 0xfff, 0xfffffffe, 0x6, 0x0, 0xd14, 0x5, 0x2f, 0xe, 0x4312, 0x7c, 0xea4, 0x0, 0x4, 0x22, 0x1, 0x40009, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x5, 0x5f31, 0x7f9, 0x1005, 0x2, 0x2, 0x9, 0x5, 0x9, 0x8, 0x800000d, 0x88da, 0x2007, 0xd, 0x6, 0xfe000000, 0x10002, 0x2, 0x6f, 0x9, 0x3, 0x3, 0x8, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x1000042, 0xffff], [0x7, 0xf5fd, 0x0, 0x5, 0x100001, 0x100, 0xa, 0x9, 0x7, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x5, 0x20000005, 0x0, 0x1ef, 0x4, 0x8, 0x86, 0x83, 0x7, 0x3e7, 0xa, 0x5, 0x200, 0x5, 0x3, 0x8, 0x8, 0x6cfc, 0x5, 0x39, 0x7, 0x200, 0x80000000, 0x3, 0x4e0a, 0x7, 0x40, 0xa2, 0x7, 0x8, 0x1, 0x6, 0xac8, 0xffffffff, 0x2, 0x11, 0x7ff, 0xfffffff9, 0x0, 0x10000, 0xffff, 0x2b98, 0x1, 0x4, 0x120000, 0xbe, 0x0, 0xa2ed, 0x2, 0x25], [0x9, 0xd, 0x7, 0xb, 0x5, 0xf0c1, 0xa, 0x80000006, 0x1000, 0x5, 0x7d, 0xc9, 0x6, 0x6, 0x8, 0x57b, 0x7, 0x10000, 0x6, 0x7ffd, 0xfffd, 0x4, 0x20002, 0x5, 0xe8a0556, 0x2, 0x14c, 0x3, 0x6, 0x10006, 0x3, 0x80000000, 0x5, 0x8, 0xce, 0xee1, 0xfffff000, 0x179, 0x3, 0x7e, 0x100, 0x9600, 0x56e, 0x2, 0x1007, 0x9, 0x1, 0x0, 0x8, 0x4, 0x30b1d693, 0x8, 0xc, 0x8, 0xfffffffe, 0x3, 0x101, 0xffff, 0x8000007, 0x2bf, 0x3, 0x203, 0x7fffffff, 0x12]}, 0x45c)
socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000fff000800010015000800050025000000000008000400000000000c002e"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
gettid()
openat$comedi(0xffffff9c, &(0x7f00000000c0)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$XFS_IOC_FREE_EOFBLOCKS(r2, 0x8080583a, &(0x7f0000000380)={0x4f, 0x80000000, 0x2, 0x200, 0x4, 0x0, 0x6})

2.498704431s ago: executing program 2 (id=2237):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x109000, 0x0) (async)
io_setup(0x3, &(0x7f00000003c0)=<r1=>0x0)
r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000280), 0x20000, 0x0)
io_submit(r1, 0x1, &(0x7f0000000240)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0xfff5, r0, 0x0, 0x0, 0x5, 0x0, 0x1, r2}])
write$binfmt_elf32(r2, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x72, 0x2, 0x5, 0x1, 0x140000000000000, 0x3, 0x3, 0x8, 0x1ad, 0x34, 0x30b, 0x6, 0x3f1, 0x20, 0x4, 0x2, 0x5}, [{0x4, 0x3, 0xc, 0xfffffffa, 0x9, 0x1, 0x10000, 0x4}, {0x4, 0x3, 0x69, 0x0, 0x9, 0x401, 0x4, 0x80000000}, {0x6474e551, 0xddc, 0x2, 0x5, 0x6, 0x0, 0x82, 0x1}, {0x1, 0x362, 0x3e, 0xfffffff7, 0x0, 0x1, 0x0, 0x2}], "d396b0e113f81a67de4d7be12d26193055f4087e2b84fb73fdacca4fea9f21001d74e74a6545f5c9db9bbc226ed736a913a55e6da7aecf807fcc9246a69e82905e8649ad3af6c85ed93ab230850e35910ef5d06afd6edc5e97c1672b31d4cc416e039218048e81b0013694ee2ee7f44c14077cf701f47a9afed0dc3fa9b3579f1f0d5a09a80b5373ede6931a052c2a2f9e779388566b7bb13f1f88a752c9807ab48470710fd79381f707ea80d9e27d1dc93954bc13488682d8113c14dfd5a37d3b2a72b0f29939be2482a54387d8ddc3f44f7185991c451e73576552db89f3d7b0828a3c769d4d0e4a960607dfc93892a1d6dd84263a4ddb700cf65c3606e124d07b1c68b448ec9f6c8afea94627bdd3e17ffb842d63d9274f0a190546708c705bcc3e9dd3e2a8cfa3f8ebf23516c301bafe6f5376c379a23d2a1b609edb85ff409fda4a0d1cdedac3fa100b905ba9f3d6197251b18886c541beb5863d4f517ffe73c723d3b300c8b2fb5ac62a3449ac37ba3c15bf9ed2244c9b2959e8c89a7435b384a14cf2c60010c6a54a0c157d7f7b55ababf5c5d23aa8724911f6574e4cdc6528ea90a2015c03ba6bc2a290a92aea825d42fc8ae937c0734f998d426d8727071010c1ac0eb7862df8441556fd7cbeea4d55643de0660566ea3c2c9c1ca236b2ae0a23eb80eb80997197fb40f39129d37da05f6edfca0743f5031ef6c2cdddc85df1401e6c9fe8fa9732f1c20f13701452890a559873c0c52d4960f3debcdac009c2cc458b44219115945340da6e668f61f947733571399b7a804edc5067660f76123c806f8bb01f5dd4587fa72f8e423709ecde7093c6e4eea29147df7d8a87fb8649ccf06512bca0e3ac577fa67407f1f3a8cf26fe747d4a44664c3467211f04a25bb568aec008be97311f72ad1993202b501b7346cca30d4be98ea6db06c402e6a1be23ac745aa3ce1f2be85d42accf26586d01991e6be69d966fd1182e7d9a61d07e3beb6d54617e81818f828fa4ff11053b470c87636da1f86cf51c8a18f4f560b7b1ce4d9981ef6957cbba1ac93a05759e9cbf0b0841c4607cbba71699458c77f2f0d6d2f1c3cee69b148b073184703ac6a044b0240e760895404a3de2c544234314bcf66609b5213eb6d30c4b46a2de1263ff9c87e3f01d46178bf1f1ccd79695817f073fa35a4a866ff23e43939c4d895ce097a67b93db3aa378aaaaabeb51d97ddd1ec48e34ca4e1ac0fc850b28e923f440702cc2e65339c7db73b2a4c5d5519fcaf6606f7f5b294eef6691727b65d457a6d9dc695c72b61eb34df3dd2e472ef53640ddae9da693827cf57916b46f2883656a2ae1e11d70abe7d109d0a3d95936b394783211d1e01b09d26a925a00a3a3878697ae49471cf5c43513464b04cb3c57d32cad79b775eb717236c3eaba33f25a4196ab7747b8a3a82043b3cba777fba07a76cbe4540aa6a62974db4117612ab149218b501153233c931741461d487e2672a86923cd0611fe358a38298204aa1a23e0a235513ee0ed85bb56698d5ffee4980d1fdf3110d8415e6e922b46756088c2fc43c1510c544cbb9b34d4bab92944db2ed96c55eb4d148dfd34b541ea4d3da34c0eef28a80bf4810647d86e756715d185c015272ea72e6bd4acec380ac2d86671e1bd5cab91b4ffdca4aefcd55f07c536b0c1db1ae6acf584fcca0cb8c2bc1b2e803fe486100c04f0ff5f805f8d96210b0d8d389d171fefc3fc79730057ab31dfbd995d05483c28d70ced0f69526390442edf68bac90f58563f9767781109fbe07896085d51f136751d65a8dee067b5e565caa23015e554f06a0c38a910190b601362532522d523c4d5acc0524c9805aba00dd2a0d6b2e19329478164550589df4a6190c3229c162a8099e134d2f8b3a4d00c8c1df9fbb6c0c0cb072a1f09edd9d2805bedb8efdaa3fa0a1e374c327a86ca2a5c65985b7e400c6f9a5afed968eaa5e10195358bf7524158f956a743a3ac012f2ddf7b1740c7a926ead274039db476de5c3fb9981f38ac4281ba8ac91809cb2b44cc9ecff89278f13858b6f7ae40c98cfb7f939056a0704ea48995e181a9634a8eff460d920f19e883759ffdc2e3f160c700798ad29388d1ca13cb4e0ba05f18c3acf5aece9b5272c1660f2b3ff9a1a196876d1703368486c65caf51e6a97e1f298ada466a4c298c8d2c434a9196c6823b4e18e7ef249344666f5ca5913d72e4426f2ff43fb51ed64f63dad32fb4f4e829c8650bc628de2e12bdbc2832375902d77b3495d2d9143bcdd38e148f5f1b17c430c5193e6a8b684203cb997fb8bd268a0293e163b5e5126b48e8955406d7dc7e7fa22c73c08629b718817182d20e73e713936b152f7cc45ca370ca2346e2536e0ecc01d297303785e8b60c11bc94a8ef35801806b263f3b7e1434dc55ccb1c389919596a2d6733ab619c912687ad1f774994208e8b55b238f1c7382d8f998bf39af4c813dae8875dea8a718383f9188f6e2ee45f7e7fc0dc8cec32bfec5ebcc45460f48a724a4f48216ed461f0bb7dbc7c33629c0000903f8919ca8067e963a53a97de3769acaaec1bc365559e24ff20536e07aaeb9e0745be1a8e844fd6cfea8aac57cc4ca22e3fa1c66a185e935da2f3d7be6105bf45a624c7b708abcd6160286d6a0af03fbc19ad3a43f9f429be48da161a0aa877c411531cd6fa931a114cadd7b6a53962a664b7e0ee41f413a97d543283bf9d07088d0c1e0a51cd349e360ab0aa9596c85df82f9c236ef3526e70670983c193623862a4f1a3e6e33cef95a7245abc01bc822a0314bdd390862782d1f49799779c018daa3b057bcb69afb5add48b73cfe34e08e0346be52ebfc66a6fb1358fbc00d259d2ee2826fa62555748074e1c0cc0017a6656043c8b18a38862245887036382a7fe191d152b7db7fd4f0d8a030c4ea41ad46a9a74e4b27762ec472aee50522f1f8c19864847ffebff99de409a32bd681a100c252ee4679a7ce0387af21ebf64954ecd0564b9ff2ae50f0adaf4e58c86a25576ad6186caf7eb3b6fd7b6347ccce95df8cbdac077650d60c1053e9eecdd336ef8ae146c785d807ba2176cc40fb2093f8b10a236dc3c72e25ff8ab9dcb19c54a345142aad00b196ba08384a9d1963087432b828a0b179f368147ed4dfba53c2d3e715ba40ac6f229898810a21427cb129968c3ab6c04a725fd68581fa0531a0e1bbed8893e51c24919eabaef943ff278aa57b2c7822dd5377084ccc0f486ba10df00e4baa2528ad7610e0080ff78e3beb31b6107a8503ca2bc8f85ee360fe444903fa4c34bf400916f9b1559bf8796e20d97290d6fa51157b45b04d6d7b019aafd9d0a42608e5a2d7d3ebf1af399f50743cc128da02ceedcd5c3ec3c6d078604232ef61f37bca61872a6daf576cb0fbb20f7154ae96f318319a64162df68e8acc24e6afebf97b97b676cf1dca5319b4efc7dfdeb3c63e82dd36e630ff34f54d0aaa36e36947f2f49a1c0fd6be3723e8c013dfc0f0b303487d6aa73c366ea436bcb3d20ac4953f1b5508bf064110cf95804380476b65774cae02fc1734879dfab00db5dd655e958d9a8bc055f272e6039196c8c0c27755c72f3af80834c8d6f8e9c194b0436f295deba31182ff9562bacb3c5e420aa38faaf321d10bc02297cf77b87ace82e2a22313a550621f0c3b9204a0c0b0e7200a2d41ce26bf9a8c767ca4df3c6e8d4da15c38c441805a8318308d223976c97b7d7627b9a4a801c6e004b0c7f572b30298e12355cc650bf15069f21385a73d7340bb3a375b3299a91a0795595dbc7c14c5b79ad08f69492fef402320b9569eabe3197bc029eae45c042a8742a616585b84320a7c68d2373889d21d60e5d6e60798e392496a689f185c7b43a62c3c707f76ba35e8ddfef9050483b36a5fd971256b3b3ba8f29dc42457af10618a57dd337d316e14cf3d12552b86abca2113a13c7ccb8d2545ad079ed79948b5b175c1841e1fdf67859511a7d14b2ba1fa4561bd5291726a77e13d53583691d0f6aeee79c61833743bf24e4cd3c16603f3219edd64f1f999275a7750bd2d4df22954a60354abbbed7d2ff399a40122200ba4916a911854859050c8c63416208b7dd39bf228f38707c1a49f9ff2cb3676d87ff7b6dcb4aa2bb4bfc5fa45996dec6fba668d7c57b4eb8ce72b03073ae117fa34a6dd3a30fd4b2dece45aba9f29f3d4df5f845ecaed57b1d92483ac7867586b80191749518e49402fb2afa8cc050cc2d942a069100e0ff8b1d550041e8ab50adad36397b854aa0efbe5879fc0b89a1a4bd2fcbd21b1fab6bcf0edd93766e0404e1e0bb64a684455ce6207922620e2ad9a5b942116e78cfbf3e42b77a7ad1886b238d4dc8b7a8693cbf3c5de8e0f0dacceda90d8a79a2160c9020ce8e87a2228620465b6641b2f9b6089dc4793cf1be16870346b0f8dc9ef19cd5d545ec416b2fbdbfbda83e6a3f5b1f8da829dc2b6d04f13bab88cbb66088ff62b70ff528ecd88771b9d2c25681391d7375f7a83b1356b62a9e9e06a0a8dd3cc018c5a3a2e9d46ea60aace25eb9b2763918fac1a1d868772582973054edb787ffc8b47c1536aae5adcfa768491ffc39004985d305cdb1e92a2087cb75abe4c2103199aef9ab3f04c935ba3475932826aef57a977d86176ffa91b2298d403582bd4d7b2f161f0b8e7c60628f1ebd5ab18f518608a1cf698a9923dc0b6c1168cf6fbe9af8706b98391e477c36041f59b1c30a6cb5dd954f731af9f127448758cc0f84981f85ed71de445cc04408ccf34ed59abf95a0479f59571971488ea6cbdb5a562f35df02f8294ed0fe824c366e6a8a4e6ad14859c848ffa1ba9eb6c490759ca25be3fbcfc320c664c3ae7335745d35e5202c0492dbbf24d33d0a0515a51debaf8c57e76d2d438c7abd3798154f534793eda5c6383335a3f1c66bba30b9eb117a2a1cc15c217e213708e08959fa43ea412abc33f37069083d0817e46369f5392dfcec418dcc2d56f66b2986c0a744676ac77874f551a7dc8fb109ed4405d95621a38c1621d185429da187db6b0e7a2e663f1a6d641404d3680f380a3b50a3eb57d7fb8f5ad1fafe2f3cc1a06f0c93c9fc7feac49effc240b0485c358f3caeb205f317058a4386ac957e3bc83446b0460c8f22c129aba0aa1778dff0749b012c69112e99a4287f15bcbff68eea8ceb547cb83d60b8a8b26c603e76520c74b12205c93c5ab47c5595c8586207f283ccd385824bbec7bd6d2d50de65c47fc5942bc36dc34f8ab3211b8b14f004bc1e43e265ec7e15fef530893c7299d58ab225298d7f2f11f6f6f3f24b2f31aa154f47933a56558ac64d5d2aa902bf4011585cfbf93652a90b7be223daff5e981d81dd6b30d538009743f7cbf4fc0bd264fc685c2d0e6a614963f8b289710fc39fba3ff151e345657e98f708dacef57493f20e42e2e25551174ac2d47ad05857077551ec712addc84043fc1a85fab16c84321dc463aa789504a3c8f8fbe4bdef5db5eaa32d9c719e1dfa3d185ebf0b7cfdb603fdc13ca641ccb827010da6969d4a252a52b272b3fe022ec2a3f2c72c08f7bafcaaef7429a8f9f2c6fae8964296abbe38bc8ebaa7d2a927964e87f09de95fbf93516ca507392fa602c9ed95e631b7ce9b2feb580d0aeee40b3b8dd4a396cf977899119bcb810e27440087bfbfd044f53d74935ec888d93ef694ace9e6f53a8bece9ee1e52254de613c2ed5876f4b56f8d421c263be584cba0b560e405743e3b6c8df888bda52ddacf71892b952121", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x1ab4)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x600) (async)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x513602)

2.349856574s ago: executing program 2 (id=2239):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x11}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r2, 0x400c330d, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(r1, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x0, 0x0})
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x55fdb4595c3d8036)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)

1.679985225s ago: executing program 4 (id=2242):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000130001002cbd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB='G'], 0xfffffffffffffd2b}, 0x1, 0x0, 0x0, 0x80640d0}, 0x200488c9)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000180)={0x1, 0x8003}, 0x4)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x9)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f00000002c0)="05031600d3fc140000004788031c0910", 0x10, 0x4, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.679617621s ago: executing program 4 (id=2243):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
setxattr$security_ima(0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=ANY=[])
ftruncate(r0, 0x8800000)
ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x40442, 0x0)
socket(0x2a, 0x3, 0xe)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
sendmsg$nl_generic(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000011c0)={0x2c, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x10}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64=0x50}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)

1.599668237s ago: executing program 4 (id=2244):
syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x20, 0x0, 0x341, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x208}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1902)

1.509775838s ago: executing program 4 (id=2246):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x8000000003, 0xfffffffffffffffd, 0x4000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0xe, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
shutdown(r0, 0x0)

1.42990348s ago: executing program 2 (id=2247):
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f7, &(0x7f0000000100)={'ip6tnl0\x00', 0x0})
r3 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r3, 0xc0cc5640, &(0x7f0000000340)={0x8, @sdr={0x33424752, 0x8}})
ioctl$FE_SET_PROPERTY(r1, 0x40086f52, &(0x7f0000000300)={0x8, &(0x7f0000000140)=[{0x28, '\x00', @buffer={"05cd733bac609b5f8d330000010400", 0x20}, 0x9}]})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd26, 0x25dfdbfb, {0x60, 0x0, 0x0, r5, {0x0, 0xc}, {0xd, 0xa}, {0xe, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x45}, 0xc010)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, 0x0, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000e40))
getresuid(&(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500))
quotactl_fd$Q_SETQUOTA(r3, 0x2, 0x0, &(0x7f00000005c0)={0x7f, 0x9, 0x100000001, 0x9, 0x40, 0x46, 0x4, 0x8, 0x101})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
get_robust_list(r7, 0x0, &(0x7f00000006c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r8, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x4)

1.429555194s ago: executing program 0 (id=2248):
r0 = openat$cdrom(0xffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$BLKGETDISKSEQ(r1, 0x80081280, &(0x7f0000000200))
fcntl$notify(r1, 0x402, 0x8000001c)
write$vhost_msg(r1, &(0x7f0000000180)={0x1, {&(0x7f0000000000)=""/38, 0x26, &(0x7f0000000080)=""/207, 0x2, 0x3}}, 0x44)
getpeername$packet(r1, &(0x7f0000000240)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000002c0)=0x14)
r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00240000000000001c0012800e00010069703665727370616e000000080002800400120008000300", @ANYRES32=r6, @ANYBLOB="f15623bc2750c2d5a844b7626eddc5d4"], 0x44}}, 0x4000000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000440)={0x2, 0x6, 0x1, 0x9})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000900)={@fallback=r9, 0x35, 0x0, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], <r10=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000014c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="30000000eb4b1e9991d601000000", @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=r10], 0x20)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000840)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0b000000000000006f1d6928988cfc05157a3c06069d2efa87a269e7402d0ecba7ebceacb9dee0ba823eaeab1fb09d6b07c45d23b12d614d49bd7b6cf34663c75bd1339fe8be5259c24d615a9aaaef88446095716ca8179e9e6ac3bf42e50c9baafae4ef69e823dca4e8f9dc07eb274545994ce1140f1c1511ec61", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES64=r10], 0x20)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000007c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="1900edff01000000e11b8c67d5bebe589b6308aa0b2fea00000000", @ANYRES32, @ANYBLOB, @ANYRES64=r10], 0x20)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32=r8, @ANYBLOB="0d00000018000000", @ANYBLOB="84f2f6772866a8106b934ffd020062deb0f7", @ANYRESOCT=r7, @ANYBLOB, @ANYRES64=r10], 0x20)
r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./bus\x00', 0x0, 0x10}, 0x18)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=r11, @ANYRES32, @ANYRES8, @ANYRES32, @ANYBLOB, @ANYRES64=r10], 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x25, 0x9, @val=@netkit={@void, @value, @void, @void, r10}}, 0x1c)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r3, r6, 0x25, 0x2, @val=@netkit={@void, @value, @void, @void, r10}}, 0x1c)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r1, r2, 0x25, 0x8, @val=@tcx={@void, @value=r1, @void, @void, r10}}, 0x1c)
ioctl$CDROM_LOCKDOOR(r0, 0x5329, 0x0)
ioctl$CDROMSTOP(r0, 0x5307)

1.412251813s ago: executing program 0 (id=2249):
r0 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x40000090, 0xbc9faef6, 0xbf}]})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x3a, &(0x7f0000000300)={0x0, 0x0, 0x1, 0x0, 0x80}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000001880)=<r7=>0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000780)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r8, 0x0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0, 0x10042})
io_uring_enter(r5, 0x92, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)={0x18, 0x3f, 0x9, 0xf2e, 0x0, {0x4}, [@nested={0x4, 0x1}]}, 0x18}}, 0x4044080)
setsockopt$sock_attach_bpf(r9, 0x1, 0x4c, &(0x7f0000000300), 0x4)
write$binfmt_elf64(r10, &(0x7f0000000580)=ANY=[], 0x78)
recvmmsg(r9, &(0x7f0000000500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/8, 0x14}}], 0x4b, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x6, 0x4c831, 0xffffffffffffffff, 0x9fbfb000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
r11 = socket(0x400000000010, 0x3, 0x0)
mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2209006, 0x0)
r12 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r13, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x5}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x3}]}}]}, 0x40}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r11, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)

1.05944218s ago: executing program 0 (id=2250):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x2f, 0x0, 0x0, 0xa7a, 0x22, @private1, @private0, 0x80, 0x20, 0x1ff, 0x1}})
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r3, @ANYBLOB="40002700060010"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYRESDEC=r3], 0xe8}, 0x1, 0x0, 0x0, 0x4044844}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, 0x0, 0x0)
r6 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r6, r6, r6}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
keyctl$setperm(0x5, r6, 0x10000000)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
read$FUSE(r7, &(0x7f0000004180)={0x2020, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x2020)
prctl$PR_SCHED_CORE(0x3e, 0x0, r8, 0x2, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000b160000000000000000020000082c00048028000180080001006e61740099e55cd38d711c000280080001409ec8ef9dbc3800000000080003400000001408000240000000020900010073797a30000000000900020073797a320000000014000000110001000000000000000000c4b0bf08a76630ed976eb7f6ecf9ba000020000a00", @ANYRES64=r4], 0x80}, 0x1, 0x0, 0x0, 0x40}, 0x40080c0)
io_uring_setup(0x654a, &(0x7f0000000480)={0x0, 0xbcd6, 0x1000, 0x0, 0x31a})

929.732498ms ago: executing program 0 (id=2251):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000130001002cbd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB='G'], 0xfffffffffffffd2b}, 0x1, 0x0, 0x0, 0x80640d0}, 0x200488c9)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000180)={0x1, 0x8003}, 0x4)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x9)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r3=>0x0})
sendto$packet(r1, &(0x7f00000002c0)="05031600d3fc140000004788031c0910", 0x10, 0x4, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)

859.771844ms ago: executing program 0 (id=2252):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="20000000bd5261d2b5e5a8cda71fc1339970797b3840ca29e18d4a780b10800cf500a4cafe6725767ad942eb1a81baaf46915fae7958f308cbf45b3429b471949716ca88d1b819d9820ab558c84306000000f16d7f8966f588d4925cfb7ac8960f7ac6c11727", @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf251b0000000400cc0008009a0002000000"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x8c0)
r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
r3 = openat$sr(0xffffff9c, &(0x7f0000001840), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}, 0x6}, 0x1c)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
sendmsg$IPVS_CMD_SET_CONFIG(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)={0x88, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfff}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}]}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x21, 0xb}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x2}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8080}, 0x4000)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x3, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r11, {0xffff, 0xfff1}, {0xffff}, {0x2, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r12 = fcntl$dupfd(r4, 0x0, r4)
sendmsg$NL80211_CMD_SET_INTERFACE(r12, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000e40)=ANY=[], 0x20}}, 0x1)
recvmmsg(r4, &(0x7f0000006600)=[{{&(0x7f0000000440)=@isdn, 0x80, &(0x7f0000000180)=[{&(0x7f00000006c0)=""/252, 0xfc}], 0x1}, 0xb5a2}, {{0x0, 0x0, 0x0}, 0xfffff001}], 0x2, 0x21, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000001900))
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000180)=@multiplanar_userptr={0xff, 0xb, 0x4, 0x2000, 0x401, {}, {0x2, 0x0, 0xcf, 0x3, 0xc0, 0x8, "65ec72bb"}, 0x4, 0x2, {0x0}, 0x9})
r13 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
r14 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r15, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r15, 0x4008ae6a, &(0x7f00000002c0)={0x6, 0x0, [{0xd9487eb1, 0x3, 0x1, 0x0, @sint={0x80, 0x79}}, {0x10, 0x1, 0x1, 0x0, @adapter={0x5, 0x2d3, 0x7, 0xfffff51a, 0x3}}, {0x6, 0x3, 0x1, 0x0, @irqchip={0x8, 0x3}}, {0x1, 0x5, 0x1, 0x0, @adapter={0x1ff, 0xe8f, 0x85, 0x5, 0x9}}, {0xab, 0x3, 0x1, 0x0, @msi={0x200, 0x8001, 0x1, 0x10001}}, {0x40, 0x0, 0x0, 0x0, @irqchip={0x53e, 0x50}}]})
ioctl$I2C_SMBUS(r13, 0x720, &(0x7f0000000140)={0x0, 0x9, 0x1, 0x0})

632.936234ms ago: executing program 4 (id=2253):
syz_open_procfs(0x0, &(0x7f0000000040)='clear_refs\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x8, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0xa, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c57, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x9, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x400, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x81, 0x6, 0xffff8001, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0x388000, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2b, 0xe, 0x312, 0x78, 0xea4, 0x0, 0xfff, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xfe, 0x0, 0xa, 0x5, 0x1000005, 0x5f31, 0xf, 0xd86, 0x2, 0x4, 0x8, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x200004, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x5, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x8, 0x8, 0x86, 0x3, 0x3038, 0xff, 0xb, 0x2, 0x2, 0x2, 0x7, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x7, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x3, 0x5, 0x1b, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x80000000], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x400002, 0x57, 0x4, 0x3, 0x3, 0x10000, 0x9, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10000016, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x3, 0x100, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0x40b1e, 0xd7, 0x200, 0xffff3441, 0x4]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0xe15, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000000)={0x20, 0x0, 0x341, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x208}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000814}, 0x14)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x1902)

558.340274ms ago: executing program 4 (id=2254):
socket(0x39, 0x2, 0x3a)
rseq(0x0, 0x0, 0x1, 0x0)
msgget$private(0x0, 0x3ac)
setrlimit(0x0, &(0x7f0000000000)={0x0, 0xfffffffffffffffd})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000840), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r0)
socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00#\f!\x00'})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$kcm(0x10, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001040000000000000000beb126a300400000", @ANYRES32=0x0, @ANYBLOB="5d5b0000000000001c001a8018000a8014000700200100000000000000000000000000001400350077673100"/56], 0x50}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000b00020000000000400000000000000000000800"], 0x20}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x100)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_type(r5, &(0x7f00000000c0), 0x2, 0x0)
write$cgroup_type(r6, &(0x7f0000000080), 0x9)

0s ago: executing program 0 (id=2255):
socket(0x39, 0x2, 0x3a)
rseq(0x0, 0x0, 0x1, 0x0)
msgget$private(0x0, 0x3ac)
setrlimit(0x0, &(0x7f0000000000)={0x0, 0xfffffffffffffffd})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000840), 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r0)
socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00#\f!\x00'})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$kcm(0x10, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="50000000100001040000000000000000beb126a300400000", @ANYRES32=0x0, @ANYBLOB="5d5b0000000000001c001a8018000a8014000700200100000000000000000000000000001400350077673100"/56], 0x50}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000b00020000000000400000000000000000000800"], 0x20}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x100)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_type(r5, &(0x7f00000000c0), 0x2, 0x0)
write$cgroup_type(r6, &(0x7f0000000080), 0x9)

0s ago: executing program 2 (id=2257):
unshare(0x22020600)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x30, 0xe, {{{}, {}, @device_b}, 0x0, @random=0x6, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x64}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="414c5450434d20274c696e652043617074757265272030303030303030303030303030303030303030300a4c494e45320a4449474954414c330a535045414b4552202753796e7468272030303030303030303030433030303030617374657220506c61796261636b272030303030303030301a30303030303030303030300a4c494e45330a4c494e453120274d617374657220506061796261636b20d178d153424e47c2ab736a69746368"], 0xf7)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r5, r4, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f00000022c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000040}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

ions which will stop working for Wi-Fi 7 hardware; use nl80211
[   59.419531][ T6048] Set syz1 is full, maxelem 65536 reached
[   59.431490][ T6054] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   59.473157][ T6051] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   59.505021][ T6051] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   59.510524][ T6051] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   59.527038][ T6051] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   59.529778][ T6051] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   59.534604][   T63] Bluetooth: hci3: command tx timeout
[   59.536925][ T5941] Bluetooth: hci2: command tx timeout
[   59.548742][ T6051] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   59.554097][ T6051] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   59.559616][ T6056] netlink: 44 bytes leftover after parsing attributes in process `syz.1.7'.
[   59.564516][ T6051] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   59.574908][ T6051] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   59.584084][ T6051] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   59.586713][ T6051] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   59.594467][ T6051] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   59.746055][ T6058] netlink: 48 bytes leftover after parsing attributes in process `syz.0.9'.
[   60.189865][ T6062] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.193410][ T6062] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.416426][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   60.485265][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   60.533543][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   60.558475][ T6062] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   60.584933][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   60.912249][ T1213] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   60.916185][ T1213] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   60.920037][ T1213] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   60.923731][ T1213] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   61.055199][ T6068] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   61.414775][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   61.455943][   T46] wlan1: Trigger new scan to find an IBSS to join
[   61.476805][ T6071] netlink: 48 bytes leftover after parsing attributes in process `syz.3.12'.
[   61.489187][ T6076] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   61.534495][ T5941] Bluetooth: hci0: command 0x0419 tx timeout
[   61.614448][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout
[   61.616439][ T5941] Bluetooth: hci2: command 0x0c1a tx timeout
[   61.618355][ T5941] Bluetooth: hci1: command 0x0419 tx timeout
[   61.852214][ T6081] netlink: 48 bytes leftover after parsing attributes in process `syz.2.14'.
[   61.928867][ T6084] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.15' sets config #104
[   62.455086][ T6094] netlink: 48 bytes leftover after parsing attributes in process `syz.3.16'.
[   62.657811][ T6101] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   62.912445][ T6091] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   62.914584][ T6091] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   62.924691][ T6091] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   62.926744][ T6091] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   62.933210][ T6104] netlink: 48 bytes leftover after parsing attributes in process `syz.2.19'.
[   63.474610][ T6114] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   63.476676][ T6114] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   63.478614][ T6114] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   63.480564][ T6114] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   63.640547][ T6114] evm: overlay not supported
[   63.717089][ T6120] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received
[   63.745277][ T6120] netlink: 'syz.2.23': attribute type 1 has an invalid length.
[   63.748676][ T6120] netlink: 96 bytes leftover after parsing attributes in process `syz.2.23'.
[   63.752342][ T6120] netlink: 1 bytes leftover after parsing attributes in process `syz.2.23'.
[   63.756219][ T6120] netlink: 'syz.2.23': attribute type 1 has an invalid length.
[   63.762386][ T6120] netlink: 634 bytes leftover after parsing attributes in process `syz.2.23'.
[   64.058728][ T6128] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   64.354633][ T6138] netlink: 48 bytes leftover after parsing attributes in process `syz.0.26'.
[   65.454913][ T1213] wlan1: Trigger new scan to find an IBSS to join
[   65.525337][   T63] Bluetooth: hci3: command 0x0c1a tx timeout
[   65.525380][ T5941] Bluetooth: hci2: command 0x0c1a tx timeout
[   65.525432][ T5942] Bluetooth: hci0: command 0x0419 tx timeout
[   65.525509][ T5297] Bluetooth: hci1: command 0x0419 tx timeout
[   65.569512][ T6155] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   65.900884][ T6161] netlink: 48 bytes leftover after parsing attributes in process `syz.1.31'.
[   65.954664][ T6158] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   66.015370][ T6164] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   66.276720][ T6171] netlink: 48 bytes leftover after parsing attributes in process `syz.3.32'.
[   66.486738][ T1213] wlan1: Trigger new scan to find an IBSS to join
[   66.894502][   T71] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   66.913965][ T6176] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   67.048231][   T71] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   67.052946][   T71] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   67.057264][   T71] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   67.061035][   T71] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.076626][ T6174] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   67.087258][   T71] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[   67.307721][ T6174] netlink: 'syz.1.34': attribute type 8 has an invalid length.
[   67.324688][   T59] usb 6-1: USB disconnect, device number 2
[   67.333509][ T6181] __nla_validate_parse: 1 callbacks suppressed
[   67.333526][ T6181] netlink: 48 bytes leftover after parsing attributes in process `syz.2.35'.
[   67.408230][   T40] audit: type=1326 audit(1771138106.178:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.408927][ T6187] =======================================================
[   67.408927][ T6187] WARNING: The mand mount option has been deprecated and
[   67.408927][ T6187]          and is ignored by this kernel. Remove the mand
[   67.408927][ T6187]          option from the mount to silence this warning.
[   67.408927][ T6187] =======================================================
[   67.428105][   T40] audit: type=1326 audit(1771138106.178:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.439348][   T40] audit: type=1326 audit(1771138106.208:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.448984][   T40] audit: type=1326 audit(1771138106.218:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.464412][   T40] audit: type=1326 audit(1771138106.218:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf716572b code=0x7ffc0000
[   67.471982][   T40] audit: type=1326 audit(1771138106.218:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.491070][   T40] audit: type=1326 audit(1771138106.218:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.499766][   T40] audit: type=1326 audit(1771138106.218:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.514446][   T40] audit: type=1326 audit(1771138106.218:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.534464][   T40] audit: type=1326 audit(1771138106.218:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6178 comm="syz.3.36" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[   67.605209][   T63] Bluetooth: hci2: command 0x0c1a tx timeout
[   67.607222][   T63] Bluetooth: hci3: command 0x0c1a tx timeout
[   67.609359][ T5941] Bluetooth: hci1: command 0x0419 tx timeout
[   67.883849][ T6194] netlink: 24 bytes leftover after parsing attributes in process `syz.1.39'.
[   67.945517][ T6187] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[   67.978211][ T6198] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   68.253637][ T6201] netlink: 48 bytes leftover after parsing attributes in process `syz.1.41'.
[   68.347210][ T6204] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   68.724646][ T6214] netlink: 48 bytes leftover after parsing attributes in process `syz.0.42'.
[   68.917171][ T6212] netlink: 48 bytes leftover after parsing attributes in process `syz.3.43'.
[   69.028163][ T6219] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   69.304422][ T6226] netlink: 48 bytes leftover after parsing attributes in process `syz.2.44'.
[   69.592868][ T6232] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.595481][ T6232] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.806068][ T6232] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.815431][ T6232] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.908343][ T6222] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   69.919929][ T6222] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   69.930197][ T6222] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   70.174598][  T829] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   70.177887][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   70.182870][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   70.187395][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   70.191172][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   70.356141][  T829] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   70.361306][  T829] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   70.365431][  T829] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   70.368934][  T829] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.380300][ T6228] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   70.387188][  T829] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   70.484916][   T12] wlan1: Trigger new scan to find an IBSS to join
[   70.512320][ T6243] netlink: 44 bytes leftover after parsing attributes in process `syz.2.49'.
[   70.610046][ T6228] netlink: 'syz.3.48': attribute type 8 has an invalid length.
[   70.622709][  T829] usb 8-1: USB disconnect, device number 2
[   71.206065][ T5941] Bluetooth: hci1: command 0x0419 tx timeout
[   71.364527][ T1213] wlan1: Trigger new scan to find an IBSS to join
[   71.735549][ T6262] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   71.924502][ T5941] Bluetooth: hci2: command 0x0c1a tx timeout
[   72.004549][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout
[   72.431184][ T6266] netlink: 48 bytes leftover after parsing attributes in process `syz.2.55'.
[   73.454508][ T1213] wlan1: Trigger new scan to find an IBSS to join
[   73.844095][ T6293] team0 (unregistering): Port device team_slave_0 removed
[   73.844546][ T6001] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   73.853782][ T6293] team0 (unregistering): Port device team_slave_1 removed
[   74.755412][   T12] wlan1: Trigger new scan to find an IBSS to join
[   75.069961][ T6001] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   75.089625][ T6001] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   75.092704][ T6001] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   75.095548][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.107869][ T6289] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   75.118496][ T6001] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[   75.159848][ T1144] wlan1: Creating new IBSS network, BSSID de:67:4b:c8:69:c6
[   75.200409][ T6297] netlink: 'syz.2.64': attribute type 10 has an invalid length.
[   75.203092][ T6297] netlink: 40 bytes leftover after parsing attributes in process `syz.2.64'.
[   75.208597][ T6297] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   75.323568][ T6289] netlink: 'syz.0.61': attribute type 8 has an invalid length.
[   75.367673][ T6001] usb 5-1: USB disconnect, device number 2
[   76.099041][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[   76.101632][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[   76.133101][ T6294] Set syz1 is full, maxelem 65536 reached
[   76.315802][ T6315] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   77.192064][   T40] kauditd_printk_skb: 7 callbacks suppressed
[   77.192297][   T40] audit: type=1326 audit(1771138115.958:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.205411][   T40] audit: type=1326 audit(1771138115.958:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.212937][   T40] audit: type=1326 audit(1771138115.968:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.223455][   T40] audit: type=1326 audit(1771138115.968:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.234235][   T40] audit: type=1326 audit(1771138115.968:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.244575][   T40] audit: type=1326 audit(1771138115.978:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf716572b code=0x7ffc0000
[   77.251662][   T40] audit: type=1326 audit(1771138115.978:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.278135][   T40] audit: type=1326 audit(1771138115.978:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.292689][   T40] audit: type=1326 audit(1771138115.978:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.306234][   T40] audit: type=1326 audit(1771138115.978:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.1.68" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[   77.574201][ T6326] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[   77.591731][ T6336] netlink: 36 bytes leftover after parsing attributes in process `syz.3.73'.
[   77.607325][ T6336] tipc: Can't bind to reserved service type 0
[   77.662771][ T6340] netlink: 24 bytes leftover after parsing attributes in process `syz.3.76'.
[   77.727147][ T6342] fuse: Unknown parameter 'user'
[   77.829681][   T71] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   77.868608][ T6356] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   77.868650][ T1144] wlan1: Selected IBSS BSSID de:67:4b:c8:69:c6 based on configured SSID
[   78.108110][   T71] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   78.112922][   T71] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   78.134435][   T71] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   78.138462][   T71] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   78.143765][   T71] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   78.149642][   T71] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.334495][ T1213] wlan1: Trigger new scan to find an IBSS to join
[   78.452857][   T71] usb 5-1: config 0 descriptor??
[   78.649731][ T6365] netlink: 'syz.2.83': attribute type 23 has an invalid length.
[   78.996417][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   78.998918][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.000458][ T6370] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14)
[   79.001258][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.003988][ T6370] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   79.007476][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.011862][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.012504][ T6370] vhci_hcd vhci_hcd.0: Device attached
[   79.014226][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.014240][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.014252][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.023420][ T6378] vhci_hcd: connection closed
[   79.025578][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.027612][   T61] vhci_hcd vhci_hcd.3: stop threads
[   79.034780][   T71] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[   79.044824][   T61] vhci_hcd vhci_hcd.3: release socket
[   79.051964][   T61] vhci_hcd vhci_hcd.3: disconnect device
[   79.053529][   T71] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   79.237921][   T59] usb 5-1: USB disconnect, device number 3
[   79.456341][ T1144] wlan1: Creating new IBSS network, BSSID 8e:ff:63:bf:49:3d
[   79.709788][ T6392] fuse: Unknown parameter 'user'
[   79.885504][ T6405] netlink: 'syz.3.96': attribute type 12 has an invalid length.
[   79.889846][ T6406] tipc: Started in network mode
[   79.891533][ T6406] tipc: Node identity 1ecbaa77a263, cluster identity 4711
[   79.894193][ T6406] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   79.899694][ T6406] syzkaller0: entered promiscuous mode
[   79.901430][ T6406] syzkaller0: entered allmulticast mode
[   79.907077][ T6405] fuseblk: Unknown parameter '.‰s0x00000000000000030000000000000000000300000000000000000000'
[   79.909263][ T6406] tipc: Resetting bearer <eth:syzkaller0>
[   79.921392][ T6403] tipc: Resetting bearer <eth:syzkaller0>
[   79.934609][ T6403] tipc: Disabling bearer <eth:syzkaller0>
[   79.982653][ T6412] capability: warning: `syz.2.100' uses deprecated v2 capabilities in a way that may be insecure
[   79.988706][ T6412] 9p: Bad value for 'rfdno'
[   80.025262][ T6414] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   80.025333][   T61] wlan1: Selected IBSS BSSID 8e:ff:63:bf:49:3d based on configured SSID
[   81.078706][ T6439] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received
[   81.088578][ T6439] gretap1: entered promiscuous mode
[   81.118820][ T6439] netlink: 'syz.2.108': attribute type 1 has an invalid length.
[   81.121357][ T6439] netlink: 96 bytes leftover after parsing attributes in process `syz.2.108'.
[   81.126058][ T6439] netlink: 1 bytes leftover after parsing attributes in process `syz.2.108'.
[   81.128954][ T6439] netlink: 'syz.2.108': attribute type 1 has an invalid length.
[   81.131455][ T6439] netlink: 634 bytes leftover after parsing attributes in process `syz.2.108'.
[   81.200585][ T6446] netlink: 'syz.2.109': attribute type 12 has an invalid length.
[   81.208434][ T6446] fuseblk: Unknown parameter '.‰s0x00000000000000030000000000000000000300000000000000000000'
[   81.240496][ T6448] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.110'.
[   82.812255][ T6466] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   82.815902][ T1144] wlan1: Selected IBSS BSSID de:67:4b:c8:69:c6 based on configured SSID
[   83.337545][ T6486] gretap1: entered promiscuous mode
[   83.557834][ T6495] process 'syz.2.122' launched './file2' with NULL argv: empty string added
[   83.583189][ T6495] fuse: Bad value for 'group_id'
[   83.585134][ T6495] fuse: Bad value for 'group_id'
[   83.881418][ T6502] tmpfs: Bad value for 'mpol'
[   83.887574][   T40] kauditd_printk_skb: 8 callbacks suppressed
[   83.887587][   T40] audit: type=1804 audit(1771138122.658:37): pid=6502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.126" name="/newroot/29/file1" dev="fuse" ino=1 res=1 errno=0
[   83.900471][ T6507] team0 (unregistering): Port device team_slave_0 removed
[   83.910421][ T6507] team0 (unregistering): Port device team_slave_1 removed
[   85.840493][ T6526] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.870724][ T6525] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   86.212286][ T6531] Zero length message leads to an empty skb
[   86.334701][   T39] cfg80211: failed to load regulatory.db
[   86.487346][ T6538] program syz.3.135 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   86.492561][ T6538] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[   86.758519][ T6526] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.825084][ T6526] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.826963][ T6552] fuse: Unknown parameter 'fd0xffffffffffffffff'
[   86.883162][ T6526] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.908532][ T6553] netlink: 48 bytes leftover after parsing attributes in process `syz.0.133'.
[   86.947698][ T6560] netlink: 12 bytes leftover after parsing attributes in process `syz.2.142'.
[   87.043217][ T6562] netlink: 212336 bytes leftover after parsing attributes in process `syz.2.143'.
[   87.104445][   T61] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.108021][   T61] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.111657][   T61] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.115337][   T61] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.234803][ T6568] FAULT_INJECTION: forcing a failure.
[   87.234803][ T6568] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   87.239324][ T6568] CPU: 1 UID: 0 PID: 6568 Comm: syz.2.143 Not tainted syzkaller #0 PREEMPT(full) 
[   87.239338][ T6568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.239345][ T6568] Call Trace:
[   87.239349][ T6568]  <TASK>
[   87.239353][ T6568]  dump_stack_lvl+0x100/0x190
[   87.239373][ T6568]  should_fail_ex.cold+0x5/0xa
[   87.239385][ T6568]  _copy_to_user+0x32/0xd0
[   87.239399][ T6568]  simple_read_from_buffer+0xcb/0x170
[   87.239414][ T6568]  proc_fail_nth_read+0x1af/0x230
[   87.239431][ T6568]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   87.239448][ T6568]  ? rw_verify_area+0xce/0x6d0
[   87.239460][ T6568]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   87.239476][ T6568]  vfs_read+0x1e4/0xb30
[   87.239491][ T6568]  ? __pfx_vfs_read+0x10/0x10
[   87.239504][ T6568]  ? find_held_lock+0x2b/0x80
[   87.239521][ T6568]  ? __fget_files+0x215/0x3d0
[   87.239537][ T6568]  ? __fget_files+0x21f/0x3d0
[   87.239555][ T6568]  ksys_read+0x12a/0x250
[   87.239568][ T6568]  ? __pfx_ksys_read+0x10/0x10
[   87.239586][ T6568]  do_int80_emulation+0x141/0x6b0
[   87.239602][ T6568]  asm_int80_emulation+0x1a/0x20
[   87.239613][ T6568] RIP: 0023:0xf713572b
[   87.239622][ T6568] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[   87.239631][ T6568] RSP: 002b:00000000f53814bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   87.239642][ T6568] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f53815d0
[   87.239648][ T6568] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[   87.239654][ T6568] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   87.239659][ T6568] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   87.239665][ T6568] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   87.239678][ T6568]  </TASK>
[   87.521541][ T6574] syzkaller0: entered promiscuous mode
[   87.523569][ T6574] syzkaller0: entered allmulticast mode
[   87.597691][ T6575] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[   87.600291][ T6575] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   87.603648][ T6575] vhci_hcd vhci_hcd.0: Device attached
[   87.884546][   T59] usb 44-1: SetAddress Request (2) to port 0
[   87.887384][   T59] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[   88.375949][ T6579] vhci_hcd: connection reset by peer
[   88.378553][ T1213] vhci_hcd vhci_hcd.3: stop threads
[   88.380377][ T1213] vhci_hcd vhci_hcd.3: release socket
[   88.383774][ T1213] vhci_hcd vhci_hcd.3: disconnect device
[   88.434441][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   88.541391][ T6592] binder: 6591:6592 ioctl c0306201 800003c0 returned -14
[   88.606232][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[   88.610726][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   88.615073][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[   88.619550][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[   88.625725][    T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[   88.629485][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.632786][    T9] usb 5-1: Product: syz
[   88.634778][    T9] usb 5-1: Manufacturer: syz
[   88.636783][    T9] usb 5-1: SerialNumber: syz
[   88.644888][    T9] usb 5-1: config 0 descriptor??
[   88.657259][ T6599] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   88.661314][  T108] wlan1: Selected IBSS BSSID 8e:ff:63:bf:49:3d based on configured SSID
[   88.854874][    T9] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[   88.860733][ T6603] netlink: 64 bytes leftover after parsing attributes in process `syz.0.150'.
[   88.864980][ T6603] netlink: 60 bytes leftover after parsing attributes in process `syz.0.150'.
[   88.868583][ T6603] unsupported nlmsg_type 40
[   88.898955][ T6606] netlink: 48 bytes leftover after parsing attributes in process `syz.2.153'.
[   88.900651][    T9] usb 5-1: USB disconnect, device number 4
[   89.027305][ T6611] netlink: 216 bytes leftover after parsing attributes in process `syz.0.156'.
[   89.030592][ T6611] netlink: 24 bytes leftover after parsing attributes in process `syz.0.156'.
[   89.034176][ T6611] netlink: 16 bytes leftover after parsing attributes in process `syz.0.156'.
[   91.495363][ T6648] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.535397][ T6648] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.162'.
[   91.724437][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   91.895853][   T24] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   91.899501][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   91.903189][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   91.906479][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   91.910508][   T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   91.913558][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.920155][   T24] usb 7-1: config 0 descriptor??
[   92.541922][ T6637] Set syz1 is full, maxelem 65536 reached
[   92.550705][ T6645] pimreg: entered allmulticast mode
[   92.613752][ T6656] netlink: 'syz.3.163': attribute type 1 has an invalid length.
[   92.619330][   T24] usbhid 7-1:0.0: can't add hid device: -71
[   92.621311][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[   92.626156][ T6656] 8021q: adding VLAN 0 to HW filter on device bond1
[   92.641408][   T24] usb 7-1: USB disconnect, device number 2
[   92.679695][ T6653] 8021q: adding VLAN 0 to HW filter on device bond1
[   92.681999][ T6653] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[   92.685719][ T6653] bond1: (slave vxcan3): Error -95 calling set_mac_address
[   92.964824][   T59] usb 44-1: device descriptor read/8, error -110
[   93.383501][   T59] usb usb44-port1: attempt power cycle
[   93.432151][ T6674] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   93.958771][   T59] usb usb44-port1: unable to enumerate USB device
[   94.176088][ T6681] netlink: 48 bytes leftover after parsing attributes in process `syz.3.169'.
[   94.403758][ T6691] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   94.759964][ T6694] binder: 6693:6694 ioctl 80105873 80000300 returned -22
[   94.815157][ T6696] gretap1: entered promiscuous mode
[   94.995785][ T6702] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[   94.997859][ T6702] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   95.000431][ T6702] vhci_hcd vhci_hcd.0: Device attached
[   95.002680][ T6707] vhci_hcd: connection closed
[   95.003220][ T6624] vhci_hcd vhci_hcd.2: stop threads
[   95.006611][ T6624] vhci_hcd vhci_hcd.2: release socket
[   95.008350][ T6624] vhci_hcd vhci_hcd.2: disconnect device
[   97.021613][ T6725] netlink: 12 bytes leftover after parsing attributes in process `syz.3.179'.
[   97.864895][ T6737] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   97.868027][ T6625] wlan1: Selected IBSS BSSID 8e:ff:63:bf:49:3d based on configured SSID
[   98.195825][ T6745] team0 (unregistering): Port device team_slave_0 removed
[   98.205093][ T6745] team0 (unregistering): Port device team_slave_1 removed
[   98.329505][ T6748] lo speed is unknown, defaulting to 1000
[   98.331476][ T6748] lo speed is unknown, defaulting to 1000
[   98.334310][ T6748] lo speed is unknown, defaulting to 1000
[   98.338627][ T6748] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   98.345111][ T6748] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   98.363566][ T6748] lo speed is unknown, defaulting to 1000
[   98.366831][ T6748] lo speed is unknown, defaulting to 1000
[   98.369349][ T6748] lo speed is unknown, defaulting to 1000
[   98.371846][ T6748] lo speed is unknown, defaulting to 1000
[   98.396473][ T6750] binder: 6749:6750 ioctl 80105873 80000300 returned -22
[   99.633921][ T6754] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[   99.636694][ T6754] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   99.718194][ T6754] vhci_hcd vhci_hcd.0: Device attached
[   99.747559][ T6754] tmpfs: Unknown parameter 'quoti'
[  100.148073][ T6744] netlink: 48 bytes leftover after parsing attributes in process `syz.2.181'.
[  100.204479][    T9] usb 44-1: SetAddress Request (6) to port 0
[  100.207180][    T9] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd
[  100.286596][ T6777] vhci_hcd: connection reset by peer
[  100.288533][ T6625] vhci_hcd vhci_hcd.3: stop threads
[  100.290313][ T6625] vhci_hcd vhci_hcd.3: release socket
[  100.305298][ T6625] vhci_hcd vhci_hcd.3: disconnect device
[  101.161994][ T6809] netlink: 'syz.3.197': attribute type 10 has an invalid length.
[  101.172346][ T6809] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  101.860214][ T6819] syzkaller0: entered promiscuous mode
[  101.862012][ T6819] syzkaller0: entered allmulticast mode
[  101.873221][ T6819] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  102.122800][ T6825] Bluetooth: MGMT ver 1.23
[  105.123896][ T6873] netlink: 4 bytes leftover after parsing attributes in process `syz.3.213'.
[  105.201419][ T6872] netlink: 2800 bytes leftover after parsing attributes in process `syz.3.213'.
[  105.209289][ T6872] sit0: entered promiscuous mode
[  105.211857][ T6872] netlink: 'syz.3.213': attribute type 1 has an invalid length.
[  105.215224][ T6872] netlink: 1 bytes leftover after parsing attributes in process `syz.3.213'.
[  105.284437][    T9] usb 44-1: device descriptor read/8, error -110
[  105.328647][ T6878] syzkaller0: entered promiscuous mode
[  105.330457][ T6878] syzkaller0: entered allmulticast mode
[  105.335942][ T6878] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  105.924424][ T6001] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  106.090544][ T6001] usb 7-1: too many configurations: 129, using maximum allowed: 8
[  106.097235][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.101563][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.115328][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.119896][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.129279][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.135989][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.142050][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.154400][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.162666][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.171716][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.176451][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.180366][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.185749][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.189755][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.194104][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  106.197734][ T6001] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  106.203511][ T6001] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  106.206971][ T6001] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  106.209587][ T6001] usb 7-1: Product: syz
[  106.213523][ T6001] usb 7-1: Manufacturer: syz
[  106.215116][ T6001] usb 7-1: SerialNumber: syz
[  106.234935][ T6001] usb 7-1: config 0 descriptor??
[  106.240845][ T6001] hub 7-1:0.0: Invalid hub with more than one config or interface
[  106.243330][ T6001] hub 7-1:0.0: probe with driver hub failed with error -22
[  106.258178][ T6001] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input5
[  106.449256][ T6884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.453234][ T6884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.457780][ T6001] usb 7-1: USB disconnect, device number 3
[  106.812202][ T6908] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  107.013492][ T6912] netlink: 48 bytes leftover after parsing attributes in process `syz.0.225'.
[  107.156927][    T9] usb usb44-port1: attempt power cycle
[  107.745216][    T9] usb usb44-port1: unable to enumerate USB device
[  110.803930][ T6958] binder: BINDER_SET_CONTEXT_MGR already set
[  110.807163][ T6958] binder: 6957:6958 ioctl 4018620d 80004a80 returned -16
[  110.863553][ T6966] netdevsim netdevsim2 netdevsim2: entered allmulticast mode
[  111.821701][ T6995] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  111.838817][ T6623] wlan1: Selected IBSS BSSID 8e:ff:63:bf:49:3d based on configured SSID
[  111.849187][   T40] audit: type=1326 audit(1771138150.618:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.871842][   T40] audit: type=1326 audit(1771138150.618:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.904517][   T40] audit: type=1326 audit(1771138150.618:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.911545][   T40] audit: type=1326 audit(1771138150.618:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.920111][   T40] audit: type=1326 audit(1771138150.618:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.934221][   T40] audit: type=1326 audit(1771138150.618:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.951792][   T40] audit: type=1326 audit(1771138150.618:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.959697][   T40] audit: type=1326 audit(1771138150.618:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.971056][   T40] audit: type=1326 audit(1771138150.618:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  111.980397][   T40] audit: type=1326 audit(1771138150.618:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6996 comm="syz.1.249" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  112.321415][ T7001] netlink: 48 bytes leftover after parsing attributes in process `syz.2.252'.
[  112.816027][ T6624] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  113.210936][ T7025] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  113.499748][ T7035] netlink: 48 bytes leftover after parsing attributes in process `syz.3.261'.
[  113.583211][ T7042] syz.2.263 (7042): /proc/7029/oom_adj is deprecated, please use /proc/7029/oom_score_adj instead.
[  114.364545][ T7056] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  114.367489][ T6625] wlan1: Selected IBSS BSSID 8e:ff:63:bf:49:3d based on configured SSID
[  114.524651][    T9] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  114.589226][ T7059] netlink: 48 bytes leftover after parsing attributes in process `syz.2.267'.
[  114.687074][    T9] usb 5-1: too many configurations: 129, using maximum allowed: 8
[  114.698022][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.725618][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.777871][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.781689][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.790892][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.794860][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.821524][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.825935][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.837721][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.841671][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.852124][ T7062] netlink: 56 bytes leftover after parsing attributes in process `syz.1.271'.
[  114.856998][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.861172][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.868831][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.872709][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.888525][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  114.892098][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 14336, setting to 64
[  114.902476][    T9] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  114.905566][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  114.908423][    T9] usb 5-1: Product: syz
[  114.909922][    T9] usb 5-1: Manufacturer: syz
[  114.911574][    T9] usb 5-1: SerialNumber: syz
[  114.939165][    T9] usb 5-1: config 0 descriptor??
[  114.984573][    T9] hub 5-1:0.0: Invalid hub with more than one config or interface
[  114.989056][    T9] hub 5-1:0.0: probe with driver hub failed with error -22
[  115.000239][    T9] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input6
[  115.043955][ T7064] syzkaller0: entered promiscuous mode
[  115.046861][ T7064] syzkaller0: entered allmulticast mode
[  115.054991][ T7064] tipc: Started in network mode
[  115.056744][ T7064] tipc: Node identity 06b1f316de9f, cluster identity 4711
[  115.059267][ T7064] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  115.062119][ T7063] tipc: Resetting bearer <eth:syzkaller0>
[  115.068883][ T7063] tipc: Disabling bearer <eth:syzkaller0>
[  115.176905][ T7054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.179700][ T7054] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  115.183889][    T9] usb 5-1: USB disconnect, device number 5
[  115.569312][ T7073] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.572506][ T7073] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.100776][ T7073] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.167558][ T7073] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.366470][ T7079] syz.2.276 (7079) used greatest stack depth: 19088 bytes left
[  116.428746][ T7082] FAULT_INJECTION: forcing a failure.
[  116.428746][ T7082] name failslab, interval 1, probability 0, space 0, times 1
[  116.433061][ T7082] CPU: 0 UID: 60928 PID: 7082 Comm: syz.2.277 Not tainted syzkaller #0 PREEMPT(full) 
[  116.433086][ T7082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  116.433096][ T7082] Call Trace:
[  116.433101][ T7082]  <TASK>
[  116.433108][ T7082]  dump_stack_lvl+0x100/0x190
[  116.433135][ T7082]  should_fail_ex.cold+0x5/0xa
[  116.433155][ T7082]  ? tomoyo_realpath_from_path+0xb6/0x690
[  116.433178][ T7082]  should_failslab+0xc2/0x120
[  116.433200][ T7082]  __kmalloc_noprof+0xe0/0x850
[  116.433226][ T7082]  tomoyo_realpath_from_path+0xb6/0x690
[  116.433255][ T7082]  tomoyo_path2_perm+0x366/0x700
[  116.433272][ T7082]  ? __pfx_tomoyo_path2_perm+0x10/0x10
[  116.433290][ T7082]  ? __lock_acquire+0x4a5/0x2630
[  116.433316][ T7082]  tomoyo_path_rename+0x168/0x1a0
[  116.433331][ T7082]  ? __pfx_tomoyo_path_rename+0x10/0x10
[  116.433348][ T7082]  ? do_raw_spin_unlock+0x145/0x1e0
[  116.433365][ T7082]  security_path_rename+0x18e/0x3c0
[  116.433382][ T7082]  filename_renameat2+0x731/0xa60
[  116.433397][ T7082]  ? __pfx_filename_renameat2+0x10/0x10
[  116.433410][ T7082]  ? __might_fault+0xc5/0x140
[  116.433430][ T7082]  ? do_getname+0x191/0x390
[  116.433442][ T7082]  __ia32_sys_renameat2+0xee/0x140
[  116.433454][ T7082]  __do_fast_syscall_32+0xe3/0x8c0
[  116.433471][ T7082]  do_fast_syscall_32+0x32/0x70
[  116.433485][ T7082]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  116.433499][ T7082] RIP: 0023:0xf7f35f6c
[  116.433523][ T7082] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  116.433534][ T7082] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000161
[  116.433545][ T7082] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000440
[  116.433551][ T7082] RDX: 00000000ffffff9c RSI: 00000000800001c0 RDI: 0000000000000002
[  116.433557][ T7082] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  116.433563][ T7082] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  116.433573][ T7082] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  116.433586][ T7082]  </TASK>
[  116.433621][ T7082] ERROR: Out of memory at tomoyo_realpath_from_path.
[  116.566789][ T6624] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.595633][ T6624] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.599250][ T6624] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.602311][ T6624] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.952495][ T7096] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.955060][ T7096] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.050334][ T7096] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  117.068788][ T7096] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  117.211988][   T12] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.217901][   T12] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.222823][   T12] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.228052][   T12] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.457381][ T7102] No buffer was provided with the request
[  117.742236][ T7104] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  117.820139][ T7107] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  118.059531][ T7113] netlink: 48 bytes leftover after parsing attributes in process `syz.0.283'.
[  118.363586][ T7115] overlayfs: missing 'workdir'
[  118.882347][ T7127] netlink: 'syz.1.289': attribute type 11 has an invalid length.
[  118.886514][ T7127] netlink: 448 bytes leftover after parsing attributes in process `syz.1.289'.
[  119.153173][ T7138] bridge_slave_0: left allmulticast mode
[  119.155117][ T7138] bridge_slave_0: left promiscuous mode
[  119.156973][ T7138] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.189835][ T7138] bridge_slave_1: left allmulticast mode
[  119.191714][ T7138] bridge_slave_1: left promiscuous mode
[  119.194317][ T7138] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.222038][ T7138] bond0: (slave bond_slave_0): Releasing backup interface
[  119.244148][ T7138] bond0: (slave bond_slave_1): Releasing backup interface
[  119.261354][ T7138] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.267954][ T7138] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.299014][ T7138] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  120.331138][ T7149] afs: Unknown parameter 'uid>00000000000000000000'
[  120.530042][ T7158] program syz.3.299 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  120.717918][ T7154] netlink: 'syz.2.298': attribute type 4 has an invalid length.
[  124.685053][ T7211] syzkaller0: entered promiscuous mode
[  124.686846][ T7211] syzkaller0: entered allmulticast mode
[  124.765069][   T40] kauditd_printk_skb: 21 callbacks suppressed
[  124.765086][   T40] audit: type=1800 audit(1771138163.518:69): pid=7199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.310" name="bus" dev="ramfs" ino=14758 res=0 errno=0
[  124.947807][ T7221] netlink: 44 bytes leftover after parsing attributes in process `syz.1.315'.
[  125.036818][   T40] audit: type=1326 audit(1771138163.808:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  125.045145][   T40] audit: type=1326 audit(1771138163.818:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  125.057919][   T40] audit: type=1326 audit(1771138163.818:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  125.071799][   T40] audit: type=1326 audit(1771138163.818:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  125.083543][   T40] audit: type=1326 audit(1771138163.818:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf716572b code=0x7ffc0000
[  125.092570][ T7225] forcing mempool usage for bio_alloc_bioset+0x392/0x850
[  125.112542][   T40] audit: type=1326 audit(1771138163.818:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf716572b code=0x7ffc0000
[  125.124389][   T40] audit: type=1326 audit(1771138163.818:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=36 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  125.132896][   T40] audit: type=1326 audit(1771138163.868:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf716572b code=0x7ffc0000
[  125.149962][   T40] audit: type=1326 audit(1771138163.868:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7224 comm="syz.0.317" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf716572b code=0x7ffc0000
[  125.155713][ T7230] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  125.585710][ T7240] netlink: 48 bytes leftover after parsing attributes in process `syz.3.319'.
[  126.352383][ T7254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.322'.
[  126.806128][ T7264] input: syz0 as /devices/virtual/input/input7
[  129.122045][ T7294] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  129.346338][ T7297] netlink: 48 bytes leftover after parsing attributes in process `syz.2.332'.
[  131.031824][ T7322] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  131.541136][ T7338] netlink: 48 bytes leftover after parsing attributes in process `syz.3.341'.
[  131.935128][ T7340] bridge_slave_0: left allmulticast mode
[  131.936978][ T7340] bridge_slave_0: left promiscuous mode
[  131.938886][ T7340] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.083505][ T7340] bridge_slave_1: left allmulticast mode
[  132.095124][ T7340] bridge_slave_1: left promiscuous mode
[  132.103765][ T7340] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.117122][ T7340] bond0: (slave bond_slave_0): Releasing backup interface
[  132.132227][ T7340] bond0: (slave bond_slave_1): Releasing backup interface
[  132.174159][ T7340] batman_adv: batadv0: Removing interface: batadv_slave_0
[  132.178760][ T7340] batman_adv: batadv0: Removing interface: batadv_slave_1
[  132.182841][ T7340] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  133.341693][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  133.341706][   T40] audit: type=1326 audit(1771138172.108:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.342695][   T40] audit: type=1326 audit(1771138172.108:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.343588][   T40] audit: type=1326 audit(1771138172.108:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=62 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.344480][   T40] audit: type=1326 audit(1771138172.108:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.345171][   T40] audit: type=1326 audit(1771138172.118:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.345954][   T40] audit: type=1326 audit(1771138172.118:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.346848][   T40] audit: type=1326 audit(1771138172.118:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.347238][   T40] audit: type=1326 audit(1771138172.118:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.348573][   T40] audit: type=1326 audit(1771138172.118:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  133.571287][   T40] audit: type=1326 audit(1771138172.118:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7367 comm="syz.2.353" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  134.914608][ T7384] netlink: 8 bytes leftover after parsing attributes in process `syz.0.358'.
[  135.592990][ T7398] netlink: 'syz.0.359': attribute type 7 has an invalid length.
[  136.295325][ T7372] syz.2.353 (7372) used greatest stack depth: 18600 bytes left
[  136.853191][ T7436] netlink: 16 bytes leftover after parsing attributes in process `syz.1.376'.
[  137.536664][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  137.538737][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  139.034446][   T24] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  139.206650][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.210375][   T24] usb 8-1: New USB device found, idVendor=056a, idProduct=032a, bcdDevice= 0.00
[  139.233253][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.255634][   T24] usb 8-1: config 0 descriptor??
[  139.464470][    T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  139.614462][    T9] usb 6-1: Using ep0 maxpacket: 32
[  139.641190][    T9] usb 6-1: config 2 has an invalid interface number: 194 but max is 0
[  139.643716][    T9] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  139.654702][    T9] usb 6-1: config 2 has no interface number 0
[  139.656574][    T9] usb 6-1: config 2 interface 194 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  139.659862][    T9] usb 6-1: config 2 interface 194 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[  139.663821][    T9] usb 6-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6
[  139.674566][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.877549][ T2305] usb 8-1: USB disconnect, device number 3
[  139.885898][    T9] usb 6-1: string descriptor 0 read error: -71
[  139.889832][    T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  139.927003][    T9] usb 6-1: USB disconnect, device number 3
[  140.440532][ T5941] Bluetooth: hci3: unexpected event for opcode 0x204b
[  140.466421][ T7513] netlink: 132 bytes leftover after parsing attributes in process `syz.1.409'.
[  140.466908][ T5941] Bluetooth: hci2: unexpected event for opcode 0x0c26
[  140.816927][ T7524] netlink: 16 bytes leftover after parsing attributes in process `syz.3.410'.
[  142.116410][ T7554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.423'.
[  144.458616][ T5941] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  146.025067][ T7640] netlink: 4 bytes leftover after parsing attributes in process `syz.0.452'.
[  146.028478][ T7640] netlink: 277 bytes leftover after parsing attributes in process `syz.0.452'.
[  146.031280][ T7640] netlink: 277 bytes leftover after parsing attributes in process `syz.0.452'.
[  146.116074][ T7650] netlink: 'syz.1.454': attribute type 4 has an invalid length.
[  146.488557][ T5297] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  146.491359][ T7657] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  146.783700][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  146.783710][   T40] audit: type=1326 audit(1771662473.540:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.792442][   T40] audit: type=1326 audit(1771662473.540:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.801174][   T40] audit: type=1326 audit(1771662473.540:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.810043][   T40] audit: type=1326 audit(1771662473.540:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=43 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.823471][   T40] audit: type=1326 audit(1771662473.540:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.830293][   T40] audit: type=1326 audit(1771662473.540:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.855116][   T40] audit: type=1326 audit(1771662473.540:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.878440][   T40] audit: type=1326 audit(1771662473.540:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.936682][   T40] audit: type=1326 audit(1771662473.540:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  146.944105][   T40] audit: type=1326 audit(1771662473.578:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7661 comm="syz.2.460" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000
[  147.621412][ T7682] syz_tun: entered allmulticast mode
[  150.674881][ T5941] Bluetooth: hci3: unexpected event for opcode 0x0804
[  151.662985][ T7767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.503'.
[  151.673944][ T7767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.503'.
[  152.487426][   T40] kauditd_printk_skb: 216 callbacks suppressed
[  152.487443][   T40] audit: type=1804 audit(1771662479.090:337): pid=7806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.518" name="bus" dev="ramfs" ino=17997 res=1 errno=0
[  152.501550][   T40] audit: type=1804 audit(1771662479.100:338): pid=7806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.518" name="bus" dev="ramfs" ino=17997 res=1 errno=0
[  153.862160][ T7836] netlink: 32 bytes leftover after parsing attributes in process `syz.2.529'.
[  154.352459][    T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  154.504419][    T9] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  154.507003][    T9] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  154.510034][    T9] usb 8-1: config 0 interface 0 has no altsetting 0
[  154.524879][    T9] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  154.527745][    T9] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  154.530314][    T9] usb 8-1: Product: syz
[  154.531639][    T9] usb 8-1: Manufacturer: syz
[  154.533142][    T9] usb 8-1: SerialNumber: syz
[  154.544713][    T9] usb 8-1: config 0 descriptor??
[  154.557973][    T9] hub 8-1:0.0: bad descriptor, ignoring hub
[  154.559913][    T9] hub 8-1:0.0: probe with driver hub failed with error -5
[  154.563492][    T9] usb 8-1: selecting invalid altsetting 0
[  154.879870][    T9] usb 8-1: USB disconnect, device number 4
[  160.243491][ T7992] netlink: 20 bytes leftover after parsing attributes in process `syz.1.588'.
[  160.459478][ T8007] dns_resolver: Unsupported server list version (6)
[  160.770613][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.597'.
[  160.795091][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.597'.
[  160.898005][ T5941] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  160.904593][ T5941] Bluetooth: hci2: Malformed Event: 0x13
[  160.928906][ T8023] Illegal XDP return value 1160640856 on prog  (id 41) dev syz_tun, expect packet loss!
[  160.982255][ T8034] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'.
[  160.994913][ T8034] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'.
[  160.998259][ T8034] netlink: 4 bytes leftover after parsing attributes in process `syz.0.607'.
[  162.825261][ T8076] bridge0: entered allmulticast mode
[  162.834789][ T8076] bridge_slave_1: left allmulticast mode
[  162.836772][ T8076] bridge_slave_1: left promiscuous mode
[  162.839699][ T8076] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.869696][ T8076] bridge_slave_0: left allmulticast mode
[  162.871513][ T8076] bridge_slave_0: left promiscuous mode
[  162.873371][ T8076] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.864409][ T8104] netlink: 8 bytes leftover after parsing attributes in process `syz.3.634'.
[  163.914091][ T5941] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  164.732764][ T5941] Bluetooth: hci2: unexpected event for opcode 0x2031
[  164.930439][   T40] audit: type=1326 audit(1771662491.343:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8148 comm="syz.0.650" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x0
[  165.879146][ T5941] Bluetooth: hci3: unexpected event for opcode 0x1003
[  165.979232][ T5941] Bluetooth: hci1: unexpected event for opcode 0x202d
[  166.068149][ T8173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.660'.
[  166.906650][ T8206] netlink: 16 bytes leftover after parsing attributes in process `syz.1.671'.
[  166.963554][ T5941] Bluetooth: hci3: unexpected event for opcode 0x1005
[  167.825360][ T5297] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  167.828736][ T5297] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  167.831461][ T5297] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  167.835639][ T5297] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  167.838392][ T5297] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  168.066318][ T8224] chnl_net:caif_netlink_parms(): no params data found
[  168.157727][ T8224] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.160025][ T8224] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.162294][ T8224] bridge_slave_0: entered allmulticast mode
[  168.164871][ T8224] bridge_slave_0: entered promiscuous mode
[  168.168285][ T8224] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.177806][ T8224] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.180091][ T8224] bridge_slave_1: entered allmulticast mode
[  168.182696][ T8224] bridge_slave_1: entered promiscuous mode
[  168.249019][ T8224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.253421][ T8224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.292398][ T8224] team0: Port device team_slave_0 added
[  168.295622][ T8224] team0: Port device team_slave_1 added
[  168.309205][ T8224] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.311421][ T8224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  168.319426][ T8224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  168.323530][ T8224] batman_adv: batadv0: Adding interface: batadv_slave_1
[  168.325695][ T8224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  168.333894][ T8224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  168.356053][ T8224] hsr_slave_0: entered promiscuous mode
[  168.358276][ T8224] hsr_slave_1: entered promiscuous mode
[  168.360235][   T40] audit: type=1326 audit(1771662494.742:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.360563][ T8224] debugfs: 'hsr0' already exists in 'hsr'
[  168.366852][   T40] audit: type=1326 audit(1771662494.742:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=399 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.368631][ T8224] Cannot create hsr debugfs directory
[  168.378187][   T40] audit: type=1326 audit(1771662494.742:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.384890][   T40] audit: type=1326 audit(1771662494.742:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.391654][   T40] audit: type=1326 audit(1771662494.742:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=400 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.398241][   T40] audit: type=1326 audit(1771662494.742:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.404958][   T40] audit: type=1326 audit(1771662494.742:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.412504][   T40] audit: type=1326 audit(1771662494.742:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=401 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.419177][   T40] audit: type=1326 audit(1771662494.742:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8240 comm="syz.0.683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  168.485484][ T8224] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  168.543060][ T8224] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  168.563071][ T8224] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  168.569469][ T8224] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  168.592567][ T8224] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.594954][ T8224] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.597856][ T8224] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.600139][ T8224] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.632152][ T8224] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.652470][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.672203][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.680421][ T8224] 8021q: adding VLAN 0 to HW filter on device team0
[  168.686632][ T1213] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.689673][ T1213] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.705511][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.707877][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.821014][ T8224] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.961479][ T8224] veth0_vlan: entered promiscuous mode
[  168.968486][ T8224] veth1_vlan: entered promiscuous mode
[  168.983421][ T8224] veth0_macvtap: entered promiscuous mode
[  168.989119][ T8224] veth1_macvtap: entered promiscuous mode
[  168.999018][ T8224] batman_adv: batadv0: Interface activated: batadv_slave_0
[  169.006279][ T8224] batman_adv: batadv0: Interface activated: batadv_slave_1
[  169.013069][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  169.045868][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  169.050250][ T6623] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  169.053139][ T6623] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  169.081815][ T1213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.084281][ T1213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.099974][ T1213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  169.102829][ T1213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  169.931249][ T5941] Bluetooth: hci1: command tx timeout
[  170.351312][ T8301] netlink: 'syz.1.701': attribute type 2 has an invalid length.
[  170.353838][ T8301] netlink: 'syz.1.701': attribute type 1 has an invalid length.
[  171.555476][ T8330] binder: 8322:8330 ioctl c0306201 0 returned -14
[  171.602901][ T8330] binder: 8322:8330 ioctl c0306201 800003c0 returned -14
[  171.864164][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  171.864176][   T40] audit: type=1326 audit(1771662498.227:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  171.874355][   T40] audit: type=1326 audit(1771662498.227:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  171.894550][   T40] audit: type=1326 audit(1771662498.257:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  171.901567][   T40] audit: type=1326 audit(1771662498.257:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  171.917927][   T40] audit: type=1326 audit(1771662498.257:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  171.936529][   T40] audit: type=1326 audit(1771662498.257:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=255 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  171.952354][   T40] audit: type=1326 audit(1771662498.257:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  171.967693][   T40] audit: type=1326 audit(1771662498.257:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8348 comm="syz.1.721" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000
[  172.015231][ T5941] Bluetooth: hci1: command tx timeout
[  172.504373][ T5941] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  173.858605][ T8392] netlink: 4 bytes leftover after parsing attributes in process `syz.2.735'.
[  173.866292][ T8392] netlink: 277 bytes leftover after parsing attributes in process `syz.2.735'.
[  173.876131][ T8392] netlink: 277 bytes leftover after parsing attributes in process `syz.2.735'.
[  174.177770][ T5941] Bluetooth: hci1: command tx timeout
[  174.223940][ T6624] bond0: (slave netdevsim0): Releasing backup interface
[  174.678668][ T6624] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.700871][ T6624] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.711184][ T6624] bond0 (unregistering): Released all slaves
[  174.716668][ T6624] bond1 (unregistering): Released all slaves
[  174.843216][ T8422] 9p: Bad value for 'wfdno'
[  174.919386][ T6624] tipc: Left network mode
[  176.198126][ T5941] Bluetooth: hci1: command tx timeout
[  176.709188][ T6624] hsr_slave_0: left promiscuous mode
[  176.711787][ T6624] hsr_slave_1: left promiscuous mode
[  176.713942][ T6624] batman_adv: batadv0: Removing interface: batadv_slave_0
[  176.716674][ T6624] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.854876][    T9] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  177.006605][    T9] usb 9-1: config 0 has no interfaces?
[  177.010756][    T9] usb 9-1: New USB device found, idVendor=046d, idProduct=08c2, bcdDevice=d4.71
[  177.014074][    T9] usb 9-1: New USB device strings: Mfr=11, Product=2, SerialNumber=3
[  177.016772][    T9] usb 9-1: Product: syz
[  177.018121][    T9] usb 9-1: Manufacturer: syz
[  177.019595][    T9] usb 9-1: SerialNumber: syz
[  177.033348][    T9] usb 9-1: config 0 descriptor??
[  177.362119][ T5941] Bluetooth: hci1: unexpected subevent 0x0e length: 248 > 15
[  177.364608][ T5941] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[  177.378846][    T9] usb 9-1: USB disconnect, device number 2
[  177.889262][ T8490] netlink: 12 bytes leftover after parsing attributes in process `syz.1.764'.
[  178.358062][ T5941] Bluetooth: Frame is too long (len 18, expected len 4)
[  179.074351][ T8519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.775'.
[  179.082031][ T8519] netlink: 277 bytes leftover after parsing attributes in process `syz.4.775'.
[  179.084986][ T8519] netlink: 277 bytes leftover after parsing attributes in process `syz.4.775'.
[  179.675855][ T8535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.782'.
[  179.679132][ T8535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.782'.
[  179.682382][ T8535] netlink: 104 bytes leftover after parsing attributes in process `syz.0.782'.
[  179.685819][ T8535] netlink: 104 bytes leftover after parsing attributes in process `syz.0.782'.
[  180.115725][ T8548] fuse: Bad value for 'fd'
[  180.868947][ T5941] Bluetooth: hci3: adv larger than maximum supported
[  180.874340][ T8573] fuse: Bad value for 'fd'
[  181.757084][ T8603] fuse: Bad value for 'fd'
[  183.471947][ T8660] netlink: 180 bytes leftover after parsing attributes in process `syz.2.832'.
[  183.491385][ T8660] netlink: 180 bytes leftover after parsing attributes in process `syz.2.832'.
[  183.542203][ T8660] netlink: 180 bytes leftover after parsing attributes in process `syz.2.832'.
[  183.694589][ T5941] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  185.828662][ T8748] __nla_validate_parse: 1 callbacks suppressed
[  185.828676][ T8748] netlink: 8 bytes leftover after parsing attributes in process `syz.0.867'.
[  187.898633][ T5941] Bluetooth: hci3: unexpected event for opcode 0x200b
[  188.092555][ T8816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.891'.
[  189.194191][   T40] audit: type=1326 audit(1771662515.491:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8851 comm="syz.2.902" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x0
[  189.434265][ T8856] capability: warning: `syz.0.904' uses 32-bit capabilities (legacy support in use)
[  192.446901][ T8954] 9p: Bad value for 'rfdno'
[  193.949102][ T8991] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  194.120580][ T8998] netlink: 48 bytes leftover after parsing attributes in process `syz.4.950'.
[  194.723335][ T9004] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received
[  194.746430][ T9004] gretap1: entered promiscuous mode
[  195.246269][ T9026] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  195.550488][ T9033] netlink: 48 bytes leftover after parsing attributes in process `syz.2.962'.
[  196.037663][ T9035] gretap1: entered promiscuous mode
[  196.095839][ T6616] wlan1: Trigger new scan to find an IBSS to join
[  197.270766][ T9018] Set syz1 is full, maxelem 65536 reached
[  198.250337][ T9046] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.252892][ T9046] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.292672][ T9046] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  198.297486][ T9046] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  198.381006][ T6618] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.385394][ T6618] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.389247][ T6618] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.392291][ T6618] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.594346][ T9032] Set syz1 is full, maxelem 65536 reached
[  198.644612][ T9061] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  198.803658][ T9071] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  199.506561][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  199.508600][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  199.575616][ T9077] netlink: 48 bytes leftover after parsing attributes in process `syz.1.976'.
[  201.598700][   T40] audit: type=1800 audit(1771662527.883:359): pid=9084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.978" name="bus" dev="ramfs" ino=21824 res=0 errno=0
[  201.731104][ T9119] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  201.894171][ T9124] netlink: 48 bytes leftover after parsing attributes in process `syz.2.991'.
[  202.810974][ T9144] bridge_slave_0: left allmulticast mode
[  202.812882][ T9144] bridge_slave_0: left promiscuous mode
[  202.815240][ T9144] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.824019][ T9144] bridge_slave_1: left allmulticast mode
[  202.825915][ T9144] bridge_slave_1: left promiscuous mode
[  202.828540][ T9144] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.851325][ T9144] bond0: (slave bond_slave_0): Releasing backup interface
[  202.893296][ T9144] bond0: (slave bond_slave_1): Releasing backup interface
[  203.033485][ T9144] team0: Port device team_slave_0 removed
[  205.069860][ T9144] team0: Port device team_slave_1 removed
[  205.072703][ T9144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  205.193528][ T9144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  205.352400][ T9174] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1003'.
[  205.408484][ T9144] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  205.510819][ T9170] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  205.653066][ T9186] fuse: Bad value for 'fd'
[  206.808236][   T40] audit: type=1800 audit(1771662533.039:360): pid=9199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1010" name="bus" dev="ramfs" ino=20412 res=0 errno=0
[  207.265696][ T9222] fuse: Bad value for 'fd'
[  207.601290][ T9233] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  210.696201][ T9276] fuse: Bad value for 'fd'
[  211.916047][ T9289] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  212.373024][   T40] audit: type=1800 audit(1771662538.646:361): pid=9300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1040" name="bus" dev="ramfs" ino=20476 res=0 errno=0
[  214.168483][ T9359] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  217.028499][ T9391] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  219.757553][ T9445] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  219.765388][   T40] audit: type=1800 audit(1771662546.033:362): pid=9434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1083" name="bus" dev="ramfs" ino=20981 res=0 errno=0
[  222.676575][ T9492] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  225.023618][ T9545] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  226.570311][   T40] audit: type=1800 audit(1771662552.841:363): pid=9558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1116" name="bus" dev="ramfs" ino=22982 res=0 errno=0
[  226.814494][ T9594] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  227.389630][ T9600] syz.2.1133 uses obsolete (PF_INET,SOCK_PACKET)
[  227.498827][ T9608] fuse: Unknown parameter ''
[  229.368206][ T9644] fuse: Unknown parameter ''
[  229.396469][ T9646] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  229.454343][   T40] audit: type=1800 audit(1771662555.721:364): pid=9617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1137" name="bus" dev="ramfs" ino=21062 res=0 errno=0
[  230.083069][ T9674] fuse: Unknown parameter ''
[  231.719788][ T9702] fuse: Bad value for 'group_id'
[  231.721758][ T9702] fuse: Bad value for 'group_id'
[  231.749497][ T9707] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  231.977966][ T9717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1167'.
[  233.366258][ T9728] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1170'.
[  233.369317][ T9728] sctp: [Deprecated]: syz.1.1170 (pid 9728) Use of int in maxseg socket option.
[  233.369317][ T9728] Use struct sctp_assoc_value instead
[  233.660309][ T9742] fuse: Bad value for 'group_id'
[  233.662079][ T9742] fuse: Bad value for 'group_id'
[  233.838197][ T9753] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  234.876247][   T40] audit: type=1800 audit(1771662561.060:365): pid=9764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1181" name="bus" dev="ramfs" ino=22424 res=0 errno=0
[  234.969853][ T9765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1180'.
[  235.049351][ T9780] fuse: Bad value for 'group_id'
[  235.051712][ T9780] fuse: Bad value for 'group_id'
[  236.819689][ T9831] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  237.075277][ T9835] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1201'.
[  239.382336][ T9887] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  239.685918][ T9890] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1221'.
[  242.433103][ T9947] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  242.643076][ T9954] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1240'.
[  245.412274][ T9993] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  245.552277][ T9999] fuse: Unknown parameter 'grou00000000000000000000'
[  245.843300][T10006] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1255'.
[  247.686310][T10034] fuse: Unknown parameter 'grou00000000000000000000'
[  248.099813][T10042] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  248.363734][T10052] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1269'.
[  248.624350][T10061] fuse: Unknown parameter 'grou00000000000000000000'
[  248.783796][T10065] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  249.825705][T10096] fuse: Unknown parameter 'group_i00000000000000000000'
[  249.859931][T10098] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  250.612032][T10115] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1286'.
[  250.851295][T10126] fuse: Unknown parameter 'group_i00000000000000000000'
[  251.145919][T10143] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  251.213951][T10151] fuse: Unknown parameter 'group_i00000000000000000000'
[  251.360601][T10154] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1301'.
[  252.334240][T10184] fuse: Unknown parameter 'group_id00000000000000000000'
[  252.861115][T10198] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  252.923978][T10203] fuse: Unknown parameter 'group_id00000000000000000000'
[  253.507126][T10207] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1319'.
[  254.491410][T10241] fuse: Unknown parameter 'group_id00000000000000000000'
[  254.952908][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  254.956856][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.169205][T10267] fuse: Bad value for 'user_id'
[  255.171323][T10267] fuse: Bad value for 'user_id'
[  256.859433][T10311] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  256.883084][T10316] fuse: Bad value for 'user_id'
[  256.884607][T10316] fuse: Bad value for 'user_id'
[  257.080404][T10325] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1348'.
[  257.653460][T10342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1356'.
[  258.443156][T10353] fuse: Bad value for 'user_id'
[  258.449084][T10353] fuse: Bad value for 'user_id'
[  258.570804][T10366] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  259.587561][T10387] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1366'.
[  259.683288][T10396] fuse: Bad value for 'fd'
[  260.252330][   T40] audit: type=1800 audit(1771662586.509:366): pid=10378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1369" name="bus" dev="ramfs" ino=24109 res=0 errno=0
[  260.453681][T10419] fuse: Bad value for 'fd'
[  260.518588][T10425] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  260.746839][T10436] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1384'.
[  260.916553][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  260.919304][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  262.199225][T10455] fuse: Bad value for 'fd'
[  262.415354][T10472] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  262.423320][T10474] netlink: 'syz.1.1400': attribute type 1 has an invalid length.
[  262.444284][T10474] bond1: entered promiscuous mode
[  262.446545][T10474] bond1: entered allmulticast mode
[  262.449182][T10474] 8021q: adding VLAN 0 to HW filter on device bond1
[  262.714284][T10479] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1399'.
[  263.167654][T10494] fuse: Bad value for 'fd'
[  263.553086][T10516] fuse: Bad value for 'fd'
[  263.692183][T10523] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  264.073023][T10527] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1416'.
[  264.488787][   T40] audit: type=1800 audit(1771662590.749:367): pid=10513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1411" name="bus" dev="ramfs" ino=24176 res=0 errno=0
[  264.862011][T10547] fuse: Bad value for 'fd'
[  264.876148][T10549] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  265.023859][T10564] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1430'.
[  265.057540][T10563] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1425'.
[  265.822673][T10577] fuse: Invalid rootmode
[  266.531257][T10596] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  266.756617][T10600] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1441'.
[  267.520930][T10612] fuse: Invalid rootmode
[  267.904139][T10628] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  268.214056][T10631] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1451'.
[  269.249702][T10648] fuse: Invalid rootmode
[  270.446546][T10664] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  270.906933][T10680] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1469'.
[  270.963883][T10682] fuse: Bad value for 'rootmode'
[  272.128248][T10713] fuse: Bad value for 'rootmode'
[  272.707370][T10722] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  272.886904][T10732] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1478'.
[  273.244697][T10741] fuse: Bad value for 'rootmode'
[  273.778808][T10765] fuse: Unknown parameter 'use00000000000000000000'
[  273.886524][T10774] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  274.074375][T10777] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1498'.
[  274.553443][T10781] bond0: entered promiscuous mode
[  274.555727][T10781] batadv0: entered promiscuous mode
[  274.558289][T10781] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  274.561395][T10781] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  274.564993][T10781] 8021q: adding VLAN 0 to HW filter on device hsr1
[  274.732665][T10794] fuse: Unknown parameter 'use00000000000000000000'
[  274.891811][T10806] netlink: 'syz.4.1508': attribute type 1 has an invalid length.
[  274.919319][T10806] 8021q: adding VLAN 0 to HW filter on device bond1
[  274.929675][T10806] vlan2: entered allmulticast mode
[  274.931421][T10806] veth0_to_bond: entered allmulticast mode
[  274.934012][T10806] bond1: (slave vlan2): Opening slave failed
[  275.096194][T10816] 9p: Bad value for 'wfdno'
[  275.108032][T10818] fuse: Unknown parameter 'use00000000000000000000'
[  275.374003][T10833] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  275.535235][T10839] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1518'.
[  275.664446][T10846] fuse: Unknown parameter 'user_i00000000000000000000'
[  276.075544][T10869] fuse: Unknown parameter 'user_i00000000000000000000'
[  276.315368][T10892] fuse: Unknown parameter 'user_i00000000000000000000'
[  276.786553][T10906] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  276.943946][T10909] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1545'.
[  277.302830][T10921] fuse: Unknown parameter 'user_id00000000000000000000'
[  277.695386][T10942] fuse: Unknown parameter 'user_id00000000000000000000'
[  277.861323][T10957] syz_tun: entered allmulticast mode
[  278.507669][T10966] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  278.709811][T10970] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1568'.
[  278.747328][T10973] fuse: Unknown parameter 'user_id00000000000000000000'
[  279.052315][T10997] lo speed is unknown, defaulting to 1000
[  279.055855][T10997] lo speed is unknown, defaulting to 1000
[  279.058235][T10997] lo speed is unknown, defaulting to 1000
[  279.119621][T10999] ªªªªªª: renamed from lo
[  279.267436][ T2305] ªªªªªª speed is unknown, defaulting to 1000
[  279.272813][T10997] infiniband s
z1: set down
[  279.274914][T10997] infiniband s
z1: added ªªªªªª
[  279.301314][T10997] RDS/IB: s
z1: added
[  279.303110][T10997] smc: adding ib device s
z1 with port count 1
[  279.305404][T10997] smc:    ib device s
z1 port 1 has no pnetid
[  279.308414][   T59] ªªªªªª speed is unknown, defaulting to 1000
[  279.311486][T10997] ªªªªªª speed is unknown, defaulting to 1000
[  279.388675][T11007] fuse: Bad value for 'fd'
[  279.446485][T10997] ªªªªªª speed is unknown, defaulting to 1000
[  279.533395][T10997] ªªªªªª speed is unknown, defaulting to 1000
[  279.618335][T10997] ªªªªªª speed is unknown, defaulting to 1000
[  280.504375][T11029] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  280.660800][T11032] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1587'.
[  281.262559][T11037] fuse: Bad value for 'fd'
[  282.034219][T11044] fuse: Bad value for 'fd'
[  282.142203][T11058] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  282.575157][T11075] fuse: Unknown parameter '00000000000000000005'
[  282.623594][T11070] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1596'.
[  283.023672][   T40] audit: type=1800 audit(1771662609.289:368): pid=11066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1595" name="bus" dev="ramfs" ino=25519 res=0 errno=0
[  283.359692][T11090] netlink: 'syz.2.1605': attribute type 1 has an invalid length.
[  283.594043][T11102] fuse: Unknown parameter '00000000000000000005'
[  283.651594][T11105] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  283.831989][T11113] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1612'.
[  284.614234][   T40] audit: type=1800 audit(1771662610.879:369): pid=11114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1613" name="bus" dev="ramfs" ino=27161 res=0 errno=0
[  284.756818][T11132] fuse: Unknown parameter '00000000000000000005'
[  285.347417][T11153] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  285.846381][T11162] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1625'.
[  285.857371][T11159] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1625'.
[  286.475878][T11172] fuse: Unknown parameter '00000000000000000005'
[  288.471133][T11209] fuse: Unknown parameter '00000000000000000005'
[  288.568585][T11211] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  288.768880][T11225] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1641'.
[  288.772184][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1641'.
[  289.673718][   T40] audit: type=1800 audit(1771662615.939:370): pid=11230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1646" name="bus" dev="ramfs" ino=27704 res=0 errno=0
[  290.554290][T11250] fuse: Unknown parameter '00000000000000000005'
[  290.956632][T11267] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  291.284337][T11278] fuse: Unknown parameter 'fd00000000000000000005'
[  291.442474][T11283] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1657'.
[  291.446066][T11283] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1657'.
[  292.116535][T11303] fuse: Unknown parameter 'fd00000000000000000005'
[  292.289703][ T5297] Bluetooth: hci1: unexpected event for opcode 0x202d
[  293.092043][T11328] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  293.498989][T11333] fuse: Unknown parameter 'fd00000000000000000005'
[  293.576404][T11330] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1677'.
[  293.583252][T11330] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1677'.
[  294.125729][T11375] netlink: 'syz.4.1692': attribute type 2 has an invalid length.
[  294.561164][T11381] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1694'.
[  294.569628][T11381] bond0: entered promiscuous mode
[  294.571718][T11381] bond_slave_0: entered promiscuous mode
[  294.574811][T11381] bond_slave_1: entered promiscuous mode
[  294.579016][T11381] gretap0: entered promiscuous mode
[  294.582042][T11381] debugfs: 'hsr1' already exists in 'hsr'
[  294.584888][T11381] Cannot create hsr debugfs directory
[  294.587086][T11381] hsr1: entered promiscuous mode
[  294.727306][T11390] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  295.236319][T11401] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1698'.
[  295.240001][T11401] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1698'.
[  295.815628][   T40] audit: type=1800 audit(1771662622.079:371): pid=11403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1702" name="bus" dev="ramfs" ino=29732 res=0 errno=0
[  295.859854][T11426] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  296.270245][T11439] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  296.385653][T11447] fuse: Bad value for 'user_id'
[  296.387241][T11447] fuse: Bad value for 'user_id'
[  296.584154][T11448] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1714'.
[  296.592845][T11448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1714'.
[  297.645253][T11490] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  297.844357][T11501] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1731'.
[  297.847736][T11501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1731'.
[  299.142303][T11540] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  299.304783][T11543] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1747'.
[  299.308047][T11543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1747'.
[  300.321795][T11577] ªªªªªª speed is unknown, defaulting to 1000
[  300.451000][   T59] libceph: connect (1)[c::]:6789 error -101
[  300.455043][   T59] libceph: mon0 (1)[c::]:6789 connect error
[  300.473572][T11580] ceph: No mds server is up or the cluster is laggy
[  301.553379][T11606] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1762'.
[  301.607355][T11607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1762'.
[  301.733971][T11597] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  302.031412][T11627] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  302.383823][T11637] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  302.524493][T11639] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1771'.
[  302.727904][T11642] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1780'.
[  303.174108][T11644] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  303.455715][T11658] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1773'.
[  304.831490][T11684] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  305.028423][T11691] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1784'.
[  306.418439][T11708] netlink: 'syz.0.1796': attribute type 2 has an invalid length.
[  307.091538][T11729] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  307.253824][T11733] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  307.288842][T11734] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1797'.
[  307.570297][T11738] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1795'.
[  309.741142][T11779] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  309.924579][T11790] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1807'.
[  310.677098][T11798] fuse: Bad value for 'group_id'
[  310.678723][T11798] fuse: Bad value for 'group_id'
[  310.763663][T11800] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  310.925673][T11810] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1821'.
[  313.664648][T11845] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  314.626085][T11875] tmpfs: Bad value for 'mpol'
[  314.763891][T11879] ªªªªªª speed is unknown, defaulting to 1000
[  315.304240][T11888] 8021q: adding VLAN 0 to HW filter on device bond0
[  315.316466][T11888] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  315.961570][   T40] audit: type=1326 audit(1771662642.219:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11906 comm="syz.4.1843" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702ef6c code=0x0
[  316.014764][   T40] audit: type=1326 audit(1771662642.279:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11906 comm="syz.4.1843" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702ef6c code=0x0
[  318.669206][T11982] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  318.877521][T11987] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1863'.
[  319.712986][   T59] IPVS: starting estimator thread 0...
[  319.813110][T12008] IPVS: using max 45 ests per chain, 108000 per kthread
[  319.885103][T12019] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1873'.
[  320.803266][T12031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1875'.
[  320.889624][T12035] tc_dump_action: action bad kind
[  320.916948][T12038] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  321.144727][T12041] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1878'.
[  321.866365][T12062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1885'.
[  321.965229][T12072] netlink: 'syz.0.1887': attribute type 3 has an invalid length.
[  322.039941][   T40] audit: type=1326 audit(1771662648.299:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12077 comm="syz.2.1889" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f35f6c code=0x0
[  322.251640][T12085] Set syz1 is full, maxelem 65536 reached
[  322.285806][T12087] netlink: 'syz.4.1892': attribute type 1 has an invalid length.
[  322.311129][T12087] 8021q: adding VLAN 0 to HW filter on device bond2
[  322.354770][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  322.357159][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  322.907355][T12091] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  323.156893][T12118] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1893'.
[  323.307882][T12138] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1907'.
[  323.504744][T12155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1913'.
[  323.515598][   T40] audit: type=1326 audit(1771662649.779:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12154 comm="syz.2.1914" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f35f6c code=0x0
[  323.562333][T12155] trusted_key: syz.0.1913 sent an empty control message without MSG_MORE.
[  323.857134][T12170] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  324.654921][T12209] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  325.101393][T12216] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1924'.
[  325.927181][   T40] audit: type=1800 audit(1771662652.189:376): pid=12244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1935" name="nullb0" dev="tmpfs" ino=2745 res=0 errno=0
[  325.971177][T12249] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  326.193602][T12275] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1942'.
[  326.196660][T12275] hsr_slave_0: left promiscuous mode
[  326.198914][T12275] hsr_slave_1: left promiscuous mode
[  326.262381][T12279] bond2: option arp_validate: invalid value (524288)
[  326.266810][T12279] bond2 (unregistering): Released all slaves
[  326.311629][T12272] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.1941'.
[  327.821881][T12319] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1951'.
[  328.964661][T12337] Set syz1 is full, maxelem 65536 reached
[  329.059936][T12339] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  329.073135][T12351] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  329.177710][T12358] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1961'.
[  329.255197][T12358] "syz.4.1961" (12358) uses obsolete ecb(arc4) skcipher
[  329.355089][T12357] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1956'.
[  331.148033][T12381] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1965'.
[  333.055140][T12402] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  333.370224][T12415] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1972'.
[  333.385411][T12417] tipc: Started in network mode
[  333.387684][T12417] tipc: Node identity 4, cluster identity 4711
[  333.390410][T12417] tipc: Node number set to 4
[  334.269606][T12412] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1975'.
[  334.904403][T12442] Set syz1 is full, maxelem 65536 reached
[  334.953983][T12444] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1985'.
[  335.012346][T12446] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  336.573954][T12452] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1986'.
[  337.174672][T12493] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1997'.
[  337.804976][T12532] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2009'.
[  338.313588][T12562] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2019'.
[  338.318592][T12563] 9p: Bad value for 'wfdno'
[  338.584793][T12582] netlink: 'syz.2.2025': attribute type 10 has an invalid length.
[  339.181406][T12607] Set syz1 is full, maxelem 65536 reached
[  339.916419][T12633] fuse: Unknown parameter '0x0000000000000003'
[  340.066645][T12640] overlayfs: failed to clone upperpath
[  340.070438][T12640] netlink: 212344 bytes leftover after parsing attributes in process `syz.2.2041'.
[  341.850934][T12684] IPv6: NLM_F_CREATE should be specified when creating new route
[  341.854692][   T40] audit: type=1326 audit(1771662668.119:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.861763][   T40] audit: type=1326 audit(1771662668.119:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.868585][   T40] audit: type=1326 audit(1771662668.119:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.875508][   T40] audit: type=1326 audit(1771662668.119:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.882270][   T40] audit: type=1326 audit(1771662668.119:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.893622][   T40] audit: type=1326 audit(1771662668.119:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.900670][   T40] audit: type=1326 audit(1771662668.119:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.908624][   T40] audit: type=1326 audit(1771662668.119:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.922897][   T40] audit: type=1326 audit(1771662668.119:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.929667][   T40] audit: type=1326 audit(1771662668.119:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12683 comm="syz.4.2054" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[  341.931212][T12694] overlayfs: failed to clone upperpath
[  342.004276][T12701] CIFS: VFS: Malformed UNC in devname
[  342.417084][T12715] fuse: Invalid rootmode
[  343.677796][T12771] ªªªªªª speed is unknown, defaulting to 1000
[  343.820029][  T829] libceph: connect (1)[c::]:6789 error -101
[  343.822185][  T829] libceph: mon0 (1)[c::]:6789 connect error
[  344.083983][  T829] libceph: connect (1)[c::]:6789 error -101
[  344.085912][  T829] libceph: mon0 (1)[c::]:6789 connect error
[  344.507073][T12804] netlink: 1047 bytes leftover after parsing attributes in process `syz.4.2095'.
[  344.510101][T12804] bridge_slave_1: default FDB implementation only supports local addresses
[  344.602928][  T829] libceph: connect (1)[c::]:6789 error -101
[  344.605654][  T829] libceph: mon0 (1)[c::]:6789 connect error
[  344.645424][T12779] ceph: No mds server is up or the cluster is laggy
[  344.794348][T12818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  344.819694][T12826] bond0: entered promiscuous mode
[  344.822464][T12826] batadv0: entered promiscuous mode
[  344.825473][T12826] debugfs: 'hsr0' already exists in 'hsr'
[  344.827672][T12826] Cannot create hsr debugfs directory
[  344.829555][T12826] hsr0: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  344.833673][T12826] hsr0: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  344.837571][T12826] 8021q: adding VLAN 0 to HW filter on device hsr0
[  344.892728][T12828] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  345.098403][T12832] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2103'.
[  345.650401][T12854] netlink: 'syz.2.2110': attribute type 1 has an invalid length.
[  345.662239][T12854] 8021q: adding VLAN 0 to HW filter on device bond1
[  345.668456][T12853] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2110'.
[  345.907154][T12867] syz.1.2115 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  345.975845][T12865] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2114'.
[  346.232430][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2121'.
[  346.235542][T12885] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2121'.
[  346.319131][T12891] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  346.446556][T12882] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2120'.
[  346.793567][T12895] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2123'.
[  346.812927][T12895] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2123'.
[  347.469179][T12931] xt_CT: You must specify a L4 protocol and not use inversions on it
[  347.917105][T12936] overlayfs: failed to clone upperpath
[  347.927780][T12936] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2135'.
[  347.996085][T12939] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  348.287847][T12944] 9p: Bad value for 'wfdno'
[  348.473408][T12949] fuse: Bad value for 'fd'
[  349.785118][T12969] netlink: 'syz.4.2145': attribute type 1 has an invalid length.
[  349.796599][T12969] 8021q: adding VLAN 0 to HW filter on device bond3
[  349.808009][T12969] bond3: (slave geneve2): making interface the new active one
[  349.811112][T12969] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  349.814209][T10293] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  349.817886][T10293] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  349.823017][T10293] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  349.827609][T10293] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  349.910483][T12974] netlink: 'syz.1.2144': attribute type 1 has an invalid length.
[  349.996225][T12976] bond2: (slave geneve2): making interface the new active one
[  349.999993][T12976] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  350.019117][T10293] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  350.032823][T10293] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  350.052657][T10293] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  350.055296][T10293] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  350.057904][T10293] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  350.060662][T10293] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  350.073252][T10289] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  350.076257][T10289] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  350.733106][T10293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  350.736615][T10293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.085479][T13008] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  351.244941][T13011] __nla_validate_parse: 3 callbacks suppressed
[  351.244954][T13011] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2155'.
[  351.250187][T13011] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2155'.
[  351.324844][T13013] netlink: 'syz.2.2156': attribute type 15 has an invalid length.
[  352.957209][T13046] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  353.151027][T13052] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2166'.
[  353.155054][T13052] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2166'.
[  353.253454][T10287] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  353.256123][T10287] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  353.436606][T13063] pimreg: left allmulticast mode
[  353.438673][T13063] netdevsim netdevsim2 netdevsim2: left allmulticast mode
[  353.883706][T13070] netlink: 'syz.1.2174': attribute type 28 has an invalid length.
[  355.903541][T13109] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  356.133339][T13113] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2182'.
[  356.143348][T13113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2182'.
[  356.355590][T13118] Invalid source name
[  356.357204][T13118] UBIFS error (pid: 13118): cannot open "./file0", error -22
[  356.503714][T13128] overlayfs: failed to clone upperpath
[  356.509473][T13128] syz_tun: entered allmulticast mode
[  356.518268][T13127] syz_tun: left allmulticast mode
[  356.575602][T13132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2188'.
[  356.579696][T13132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2188'.
[  356.583995][T13133] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2188'.
[  356.586854][T13133] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2188'.
[  357.154456][T13137] Process accounting resumed
[  357.424520][T13145] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2194'.
[  358.077913][T13158] netlink: 57 bytes leftover after parsing attributes in process `syz.0.2198'.
[  358.491327][T13182] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2206'.
[  358.941343][T13210] ªªªªªª speed is unknown, defaulting to 1000
[  359.334343][T13222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2214'.
[  359.338123][T13222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2214'.
[  360.713720][T13244] mmap: syz.4.2222 (13244) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  361.497216][T13263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2226'.
[  361.776505][T13285] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2236'.
[  361.781340][T13281] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  361.828060][   T40] kauditd_printk_skb: 97 callbacks suppressed
[  361.828073][   T40] audit: type=1326 audit(1771662688.089:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13290 comm="syz.0.2238" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702ef6c code=0x0
[  362.334522][ T5297] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  362.337524][ T5297] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  362.340863][ T5297] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  362.345162][ T5297] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  362.347690][ T5297] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  362.371453][T13298] ªªªªªª speed is unknown, defaulting to 1000
[  362.399814][ T5943] syz_tun (unregistering): left allmulticast mode
[  362.471951][T10283] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  362.550532][T10283] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  362.589353][T13298] chnl_net:caif_netlink_parms(): no params data found
[  362.632824][T13298] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.635103][T13311] openvswitch: netlink: IP tunnel dst address not specified
[  362.635393][T13298] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.640115][T13298] bridge_slave_0: entered allmulticast mode
[  362.642851][T13298] bridge_slave_0: entered promiscuous mode
[  362.646678][T13298] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.649149][T13298] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.651372][T13298] bridge_slave_1: entered allmulticast mode
[  362.655830][T13298] bridge_slave_1: entered promiscuous mode
[  362.669299][T10283] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  362.686974][T13298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  362.692193][T13298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  362.729861][T13298] team0: Port device team_slave_0 added
[  362.733397][T13298] team0: Port device team_slave_1 added
[  362.744858][T10283] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  362.771561][T13298] batman_adv: batadv0: Adding interface: batadv_slave_0
[  362.774044][T13298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  362.782441][T13298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  362.787735][T13298] batman_adv: batadv0: Adding interface: batadv_slave_1
[  362.790041][T13298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  362.800866][T13298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  362.846911][T13298] hsr_slave_0: entered promiscuous mode
[  362.849885][T13298] hsr_slave_1: entered promiscuous mode
[  362.852742][T13298] debugfs: 'hsr0' already exists in 'hsr'
[  362.855022][T13298] Cannot create hsr debugfs directory
[  363.065917][T10283] bond2 (unregistering): (slave geneve2): Releasing active interface
[  363.146683][T10283] bond0 (unregistering): left promiscuous mode
[  363.149158][T10283] bond0 (unregistering): Released all slaves
[  363.154089][T10283] bond1 (unregistering): Released all slaves
[  363.160864][T10283] bond2 (unregistering): Released all slaves
[  363.294245][T10283] tipc: Left network mode
[  363.717734][T10283] batadv0: left promiscuous mode
[  363.911079][T13369] mac80211_hwsim hwsim15 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  363.972024][T13369] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2254'.
[  363.998136][T13298] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  364.019029][T13298] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  364.045784][T13298] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  364.062013][T13298] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  364.146117][T13298] 8021q: adding VLAN 0 to HW filter on device bond0
[  364.162298][T13298] 8021q: adding VLAN 0 to HW filter on device team0
[  364.176643][T10295] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.178824][T10295] bridge0: port 1(bridge_slave_0) entered forwarding state
[  364.183241][T10295] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.185457][T10295] bridge0: port 2(bridge_slave_1) entered forwarding state
[  364.284135][T13388] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  364.314137][T10283] IPVS: stop unused estimator thread 0...
[  364.352693][ T5297] Bluetooth: hci4: command tx timeout
[  364.358032][T13298] 8021q: adding VLAN 0 to HW filter on device batadv0
[  364.395058][T13298] veth0_vlan: entered promiscuous mode
[  364.399952][T13298] veth1_vlan: entered promiscuous mode
[  364.402953][T13395] ==================================================================
[  364.405534][T13395] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x105/0x130
[  364.408240][T13395] Read of size 8 at addr ffff88801d68a0c0 by task syz.2.2257/13395
[  364.411792][T13395] 
[  364.412840][T13395] CPU: 3 UID: 0 PID: 13395 Comm: syz.2.2257 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  364.412859][T13395] Tainted: [L]=SOFTLOCKUP
[  364.412864][T13395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  364.412871][T13395] Call Trace:
[  364.412876][T13395]  <TASK>
[  364.412881][T13395]  dump_stack_lvl+0x100/0x190
[  364.412899][T13395]  print_report+0x156/0x4c9
[  364.412914][T13395]  ? __virt_addr_valid+0x81/0x620
[  364.412927][T13395]  ? __phys_addr+0xe8/0x180
[  364.412940][T13395]  ? __list_add_valid_or_report+0x105/0x130
[  364.412957][T13395]  kasan_report+0xdf/0x1e0
[  364.412974][T13395]  ? __list_add_valid_or_report+0x105/0x130
[  364.412992][T13395]  __list_add_valid_or_report+0x105/0x130
[  364.413008][T13395]  clone_mnt+0x633/0x930
[  364.413021][T13395]  copy_tree+0xfc/0xbf0
[  364.413036][T13395]  ? __pfx_down_write+0x10/0x10
[  364.413053][T13395]  copy_mnt_ns+0x2bd/0xc30
[  364.413063][T13395]  ? create_new_namespaces+0x30/0xac0
[  364.413080][T13395]  ? rcu_is_watching+0x12/0xc0
[  364.413096][T13395]  create_new_namespaces+0xd3/0xac0
[  364.413113][T13395]  ? bpf_lsm_capable+0x9/0x10
[  364.413129][T13395]  ? security_capable+0x80/0x260
[  364.413145][T13395]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  364.413157][T13395]  ksys_unshare+0x455/0xab0
[  364.413169][T13395]  ? rcu_is_watching+0x12/0xc0
[  364.413184][T13395]  ? __pfx_ksys_unshare+0x10/0x10
[  364.413198][T13395]  __ia32_sys_unshare+0x30/0x40
[  364.413211][T13395]  __do_fast_syscall_32+0xe3/0x8c0
[  364.413226][T13395]  do_fast_syscall_32+0x32/0x70
[  364.413240][T13395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  364.413253][T13395] RIP: 0023:0xf7f35f6c
[  364.413262][T13395] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  364.413273][T13395] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000136
[  364.413284][T13395] RAX: ffffffffffffffda RBX: 0000000022020600 RCX: 0000000000000000
[  364.413291][T13395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  364.413298][T13395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  364.413304][T13395] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  364.413310][T13395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  364.413320][T13395]  </TASK>
[  364.413323][T13395] 
[  364.417744][T13298] veth0_macvtap: entered promiscuous mode
[  364.418065][T13395] Allocated by task 13278:
[  364.418073][T13395]  kasan_save_stack+0x30/0x50
[  364.423564][T13298] veth1_macvtap: entered promiscuous mode
[  364.424982][T13395]  kasan_save_track+0x14/0x30
[  364.437961][T13298] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.438020][T13395]  __kasan_slab_alloc+0x89/0x90
[  364.444474][T13298] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.445913][T13395]  kmem_cache_alloc_noprof+0x241/0x6e0
[  364.504009][T13395]  alloc_vfsmnt+0x23/0x6a0
[  364.505377][T13395]  clone_mnt+0x4b/0x930
[  364.506647][T13395]  vfs_open_tree+0xb02/0x1500
[  364.508138][T13395]  __ia32_sys_open_tree+0xa3/0x150
[  364.509779][T13395]  __do_fast_syscall_32+0xe3/0x8c0
[  364.511396][T13395]  do_fast_syscall_32+0x32/0x70
[  364.512960][T13395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  364.514894][T13395] 
[  364.515647][T13395] Freed by task 0:
[  364.516789][T13395]  kasan_save_stack+0x30/0x50
[  364.518249][T13395]  kasan_save_track+0x14/0x30
[  364.519728][T13395]  kasan_save_free_info+0x3b/0x70
[  364.521309][T13395]  __kasan_slab_free+0x5f/0x80
[  364.522775][T13395]  kmem_cache_free+0x124/0x6a0
[  364.524224][T13395]  rcu_core+0x5a2/0x10d0
[  364.525593][T13395]  handle_softirqs+0x1eb/0x9e0
[  364.527113][T13395]  __irq_exit_rcu+0xef/0x150
[  364.528580][T13395]  irq_exit_rcu+0x9/0x30
[  364.529921][T13395]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  364.531710][T13395]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  364.533608][T13395] 
[  364.534364][T13395] Last potentially related work creation:
[  364.536075][T13395]  kasan_save_stack+0x30/0x50
[  364.537521][T13395]  kasan_record_aux_stack+0xa7/0xc0
[  364.539133][T13395]  __call_rcu_common.constprop.0+0xa5/0x9b0
[  364.540963][T13395]  task_work_run+0x150/0x240
[  364.542382][T13395]  exit_to_user_mode_loop+0x100/0x4a0
[  364.544026][T13395]  __do_fast_syscall_32+0x578/0x8c0
[  364.545695][T13395]  do_fast_syscall_32+0x32/0x70
[  364.547249][T13395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  364.549256][T13395] 
[  364.550029][T13395] Second to last potentially related work creation:
[  364.552088][T13395]  kasan_save_stack+0x30/0x50
[  364.553603][T13395]  kasan_record_aux_stack+0xa7/0xc0
[  364.555234][T13395]  task_work_add+0x28b/0x3b0
[  364.556686][T13395]  mntput_no_expire_slowpath+0x3da/0xb00
[  364.558410][T13395]  mntput_no_expire+0x1fd/0x220
[  364.559908][T13395]  mntput+0x6b/0xa0
[  364.561102][T13395]  vfs_open_tree+0x1235/0x1500
[  364.562577][T13395]  __ia32_sys_open_tree+0xa3/0x150
[  364.564166][T13395]  __do_fast_syscall_32+0xe3/0x8c0
[  364.565773][T13395]  do_fast_syscall_32+0x32/0x70
[  364.567290][T13395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  364.569305][T13395] 
[  364.570093][T13395] The buggy address belongs to the object at ffff88801d68a000
[  364.570093][T13395]  which belongs to the cache mnt_cache of size 352
[  364.574323][T13395] The buggy address is located 192 bytes inside of
[  364.574323][T13395]  freed 352-byte region [ffff88801d68a000, ffff88801d68a160)
[  364.579504][T13395] 
[  364.580476][T13395] The buggy address belongs to the physical page:
[  364.582710][T13395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801d68ba40 pfn:0x1d68a
[  364.585860][T13395] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  364.588855][T13395] memcg:ffff888012948301
[  364.590337][T13395] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  364.593260][T13395] page_type: f5(slab)
[  364.594633][T13395] raw: 00fff00000000240 ffff88801d2f2b40 ffffea0000813290 ffffea000072cc10
[  364.597228][T13395] raw: ffff88801d68ba40 000000080012000d 00000000f5000000 ffff888012948301
[  364.599800][T13395] head: 00fff00000000240 ffff88801d2f2b40 ffffea0000813290 ffffea000072cc10
[  364.602431][T13395] head: ffff88801d68ba40 000000080012000d 00000000f5000000 ffff888012948301
[  364.605046][T13395] head: 00fff00000000001 ffffea000075a281 00000000ffffffff 00000000ffffffff
[  364.607691][T13395] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  364.610372][T13395] page dumped because: kasan: bad access detected
[  364.612414][T13395] page_owner tracks the page as allocated
[  364.614195][T13395] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 0, tgid 0 (swapper/0), ts 1854953788, free_ts 0
[  364.620164][T13395]  post_alloc_hook+0x153/0x170
[  364.621988][T13395]  get_page_from_freelist+0x111d/0x3140
[  364.624134][T13395]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[  364.626373][T13395]  new_slab+0xa6/0x6e0
[  364.627960][T13395]  refill_objects+0x26b/0x400
[  364.629825][T13395]  __pcs_replace_empty_main+0x19f/0x600
[  364.631952][T13395]  kmem_cache_alloc_noprof+0x480/0x6e0
[  364.634097][T13395]  alloc_vfsmnt+0x23/0x6a0
[  364.635816][T13395]  fc_mount+0x105/0x220
[  364.637463][T13395]  vfs_kern_mount.part.0+0x10e/0x120
[  364.639505][T13395]  kern_mount+0x49/0xc0
[  364.641150][T13395]  shmem_init+0xfe/0x340
[  364.642861][T13395]  mnt_init+0x20a/0x9b0
[  364.644502][T13395]  vfs_caches_init+0x13e/0x2b0
[  364.646200][T13395]  start_kernel+0x439/0x480
[  364.647897][T13395]  x86_64_start_reservations+0x24/0x30
[  364.650011][T13395] page_owner free stack trace missing
[  364.652117][T13395] 
[  364.653096][T13395] Memory state around the buggy address:
[  364.655313][T13395]  ffff88801d689f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  364.658487][T13395]  ffff88801d68a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  364.661659][T13395] >ffff88801d68a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  364.664834][T13395]                                            ^
[  364.667261][T13395]  ffff88801d68a100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  364.670095][T13395]  ffff88801d68a180: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  364.672657][T13395] ==================================================================
[  364.683985][T10295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.686818][T10295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.691094][T13395] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  364.693921][T13395] CPU: 0 UID: 0 PID: 13395 Comm: syz.2.2257 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  364.697973][T13395] Tainted: [L]=SOFTLOCKUP
[  364.699559][T13395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  364.703506][T13395] Call Trace:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  364.704980][T13395]  <TASK>
[  364.706346][T13395]  dump_stack_lvl+0x100/0x190
[  364.708243][T13395]  vpanic+0x552/0x970
[  364.709724][T13395]  ? __pfx_vpanic+0x10/0x10
[  364.711574][T13395]  ? __list_add_valid_or_report+0x105/0x130
[  364.714026][T13395]  panic+0xd1/0xe0
[  364.715585][T13395]  ? __pfx_panic+0x10/0x10
[  364.717418][T13395]  ? __list_add_valid_or_report+0x105/0x130
[  364.719836][T13395]  ? preempt_schedule_common+0x42/0xc0
[  364.721923][T13395]  check_panic_on_warn.cold+0x19/0x34
[  364.724053][T13395]  end_report.part.0+0x3a/0x90
[  364.726025][T13395]  kasan_report.cold+0xe/0x18
[  364.727975][T13395]  ? __list_add_valid_or_report+0x105/0x130
[  364.730462][T13395]  __list_add_valid_or_report+0x105/0x130
[  364.732772][T13395]  clone_mnt+0x633/0x930
[  364.734515][T13395]  copy_tree+0xfc/0xbf0
[  364.736215][T13395]  ? __pfx_down_write+0x10/0x10
[  364.738283][T13395]  copy_mnt_ns+0x2bd/0xc30
[  364.740168][T13395]  ? create_new_namespaces+0x30/0xac0
[  364.742177][T13395]  ? rcu_is_watching+0x12/0xc0
[  364.743960][T13395]  create_new_namespaces+0xd3/0xac0
[  364.745758][T13395]  ? bpf_lsm_capable+0x9/0x10
[  364.747260][T13395]  ? security_capable+0x80/0x260
[  364.748866][T13395]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  364.750631][T13395]  ksys_unshare+0x455/0xab0
[  364.752024][T13395]  ? rcu_is_watching+0x12/0xc0
[  364.753660][T13395]  ? __pfx_ksys_unshare+0x10/0x10
[  364.755420][T13395]  __ia32_sys_unshare+0x30/0x40
[  364.757194][T13395]  __do_fast_syscall_32+0xe3/0x8c0
[  364.758891][T13395]  do_fast_syscall_32+0x32/0x70
[  364.760432][T13395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  364.762405][T13395] RIP: 0023:0xf7f35f6c
[  364.763671][T13395] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  364.769728][T13395] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000136
[  364.772272][T13395] RAX: ffffffffffffffda RBX: 0000000022020600 RCX: 0000000000000000
[  364.774755][T13395] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  364.777211][T13395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  364.779688][T13395] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  364.782078][T13395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  364.784518][T13395]  </TASK>
[  364.786132][T13395] Kernel Offset: disabled
[  364.787482][T13395] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:53:23  Registers:
info registers vcpu 0

CPU#0
RAX=000000000081111d RBX=ffffffff8e4975c0 RCX=ffffffff8b8b8c75 RDX=0000000000000000
RSI=ffffffff8de7571f RDI=ffffffff8c1adca0 RBP=0000000000000000 RSP=ffffffff8e407e00
R8 =0000000000000001 R9 =ffffed1005646795 R10=ffff88802b233cab R11=0000000000000000
R12=fffffbfff1c92eb8 R13=0000000000000000 R14=ffffffff90d95310 R15=0000000000000000
RIP=ffffffff8b8b75df RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809715a000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001018 CR3=000000004deeb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000ddcfce0774 RBX=ffff88802b323f80 RCX=00000000000006e0 RDX=00000000000000dd
RSI=ffff88802b323f80 RDI=00000000000532c8 RBP=00000000000532c8 RSP=ffffc900045cfb00
R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=0000000000000000
R12=0000000000000001 R13=0000000000000001 R14=0000000000000019 R15=ffffffff940ce4c0
RIP=ffffffff81b4ef45 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809725a000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080007018 CR3=0000000056e1e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000004 RBX=ffff888022dc5440 RCX=0000000000000001 RDX=0000000000000002
RSI=0000000000000000 RDI=ffffffff8e9aafc0 RBP=ffff888022dc4900 RSP=ffffc9000439eca8
R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff8e9aafc0 R11=0000000000000000
R12=0000000000000000 R13=00000000000000b1 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81e41866 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809735a000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fdeebc12e9c CR3=0000000072312000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff 007061747663616d
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8575a885 RDI=ffffffff9b47de40 RBP=ffffffff9b47de00 RSP=ffffc90006657638
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3130383838666666
R12=0000000000000000 R13=0000000000000020 R14=0000000000000010 R15=ffffffff8575a820
RIP=ffffffff8575a8af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809745a000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f721b932 CR3=00000000721c3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000