last executing test programs:

10m36.472831862s ago: executing program 0 (id=1):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCSPASS(r1, 0x40087447, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
r2 = getpgrp(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x5}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c000000190001000100000000000a0080201400000400050000081e0e00030008"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
r7 = openat$sndseq(0xffffff9c, 0x0, 0x40)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r7, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0x4}, 'port1\x00', 0x786520dbf34c807c, 0x20a03, 0x20000003, 0x0, 0x0, 0xc, 0x400, 0x0, 0x0, 0x87})
r8 = openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x123482, 0x0)
dup3(r8, r7, 0x0)
syz_pidfd_open(r2, 0x0)
gettid()
r9 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000240)=@security={'security\x00', 0xe, 0x4, 0x3a0, 0xffffffff, 0x0, 0x210, 0x210, 0xffffffff, 0xffffffff, 0x344, 0x344, 0x344, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf4, 0x0, {}, [@common=@inet=@l2tp={{0x2c}, {0x3, 0x2, 0x3, 0x1, 0xc}}]}, @common=@unspec=@NFQUEUE0={0x24, 'NFQUEUE\x00', 0x0, {0x9}}}, {{@uncond, 0x0, 0xa4, 0xd4}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x1, 0x4, 0x6}, {0x3, 0x1, 0x5}, 0x4, 0x9}}}, {{@ipv6={@remote, @mcast1, [0xffffffff, 0xffffff00, 0x0, 0xffff00], [0xffffffff, 0xff, 0xff000000, 0xffffff00], 'wlan0\x00', 'gretap0\x00', {}, {0xff}, 0x11, 0x5, 0x2, 0x8}, 0x0, 0xa4, 0x110}, @common=@unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0x498da750, 0x8, 0x8, 0x1, 0x0, "2bc012ebcd5750b41d3f78e22e1e3b517175db1dfd8eb441c158fcb0ca40f2860f83c70787f3eac7ad609a9cfa386b36b143c4624b03d87fa41a62e623eee2ae"}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3fc)
close_range(r0, 0xffffffffffffffff, 0x0)

10m35.755558472s ago: executing program 0 (id=7):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0), 0x800000, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}})
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c272074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca36507002b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x130, 0x0, 0x403, {0x1, 0x5, 0x0, '\x00', {0x1, 0xad4, 0x4, 0x8, r2, r3, 0xa000, '\x00', 0x1, 0x4, 0x9, 0x6, {0x6, 0x6}, {0x4}, {0x100000000, 0x9}, {0x8, 0xa04}, 0x4, 0x80000b, 0x4, 0x3}}}})
write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x0, r1}, 0x50)
unlink(&(0x7f0000000100)='./file0\x00')
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x804, 0x103)

10m35.495633907s ago: executing program 0 (id=8):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f0000000100)=0x1)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r2, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x2, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8, "fee8a2ab78fc2000001ea89de2b7fb0000e60080b8785d9600010000000000fdff1f00000000f700", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000800", "90be8b1c551265406c7f306003d8a0f4bd00", [0x1000000, 0x9]}})
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB="70000000000905030000000000000000000000000900010073797a31000000000c00048004000140000000003c0002000c0002800500010000005b002c000180140000000000000006000000000000000000000014000400fe8000000000000000000000000000bb080005000000000061919ee653972286f6806fcd5043e0c8733d229281951f6965e331c86cb30f38a81c91a3b2f0fa851430426515b546"], 0x70}}, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r5, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="020000002c2ca50731d1475a45c8d67cd6cbaf3f5e8c5dbf479822", @ANYRES32=r0, @ANYRESOCT, @ANYRES8], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ec000000", @ANYRES16=0x0, @ANYBLOB="00042cbd7000fcdbdf250f0000002c00028008000500ff0f000008000800ff000000080006000501000006000e004e22000008000900ff0300002c000180080009002b000000060004004e240000080009001000000008000600776c6300080009002300000008000600e10300000c000180060001000200000008000600040000002800028014000100e000000100000000000000000000000008000800ffffff7f08000300020000003000028014000100fc010000000000000000000000000000080007000200000006000f000100000005000d00010000000c0002800800090007000000"], 0xec}, 0x1, 0x0, 0x0, 0x800}, 0xa005)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x2}, 0x0)
sendfile(r4, r4, 0x0, 0x24002de8)

10m32.825791709s ago: executing program 0 (id=20):
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x2000000, @empty}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, 0x0)
setsockopt(r1, 0x800000000010d, 0x8000000011, &(0x7f00001c9fff), 0xc5)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r1, &(0x7f0000002980), 0x400000000000239, 0x1f)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan1\x00'})
close_range(r0, 0xffffffffffffffff, 0x0)

10m32.8043379s ago: executing program 32 (id=20):
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x2000000, @empty}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, 0x0)
setsockopt(r1, 0x800000000010d, 0x8000000011, &(0x7f00001c9fff), 0xc5)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r1, &(0x7f0000002980), 0x400000000000239, 0x1f)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan1\x00'})
close_range(r0, 0xffffffffffffffff, 0x0)

7.957022148s ago: executing program 2 (id=2505):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a49040000000000000000020000000900020073797a32000000000900010073797a300000000004000480140000001100010000000000000000000000000a"], 0x58}}, 0x0)
semget$private(0x0, 0x207, 0x480)
r4 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x0)
openat$btrfs_control(0xffffff9c, 0x0, 0x2001, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x0)
io_uring_setup(0x172b, &(0x7f0000000000)={0x0, 0xe69, 0x8000, 0x2, 0x155})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r5, 0x0, 0x0, 0x24000000, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_KEEP_ORPHAN(r6, 0x2287, 0x0)
socket$igmp(0x2, 0x3, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

6.939413603s ago: executing program 2 (id=2510):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = syz_open_dev$vivid(&(0x7f0000000180), 0x3, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000001c0)={0x3, 0xa07, 0x2})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x1}, 0x20)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)="1400000032000b0fd25a806c8c6f94f90324fc60", 0x14}], 0x1}, 0x0)

5.94913096s ago: executing program 2 (id=2515):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ptrace$ARCH_GET_GS(0x1e, 0x0, 0x0, 0x1004)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58)
clock_getres(0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[])
chdir(&(0x7f0000000300)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19)

4.867224026s ago: executing program 3 (id=2518):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a49040000000000000000020000000900020073797a32000000000900010073797a300000000004000480140000001100010000000000000000000000000a"], 0x58}}, 0x0)
semget$private(0x0, 0x207, 0x480)
r4 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x0)
openat$btrfs_control(0xffffff9c, 0x0, 0x2001, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x30, 0x3, "5fad843dc5c1efe84ced18d4422d5b0b86e8441958d3d2ea41149f1e55359af069a2a5e039ccf56f068a5a0b"}, @NFTA_TARGET_NAME={0x9, 0x1, 'SNAT\x00'}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xf8}, 0x1, 0x0, 0x0, 0x4}, 0x0)
io_uring_setup(0x172b, &(0x7f0000000000)={0x0, 0xe69, 0x8000, 0x2, 0x155})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r5, 0x0, 0x0, 0x24000000, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_KEEP_ORPHAN(r6, 0x2287, 0x0)
socket$igmp(0x2, 0x3, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

4.054381658s ago: executing program 2 (id=2522):
syz_open_dev$ndb(&(0x7f0000019300), 0x0, 0x101101)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
shutdown(r0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000240)={0x100171, 0xf9}, 0x20)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000280)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000500000000000000", @ANYRES32, @ANYBLOB="8400000000000000000000001500000800000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x340, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0x160, 0x190, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x2}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r5, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0xffffff6a)
sendfile(r5, r6, 0x0, 0xffffffff000)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x10, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYRESHEX=r2], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)

3.849444526s ago: executing program 3 (id=2524):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x8002, 0x40a00)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000080)=""/169)
mkdirat(0xffffffffffffffff, 0x0, 0x40)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f00000000c0)='./file0\x00')
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x1, &(0x7f00000000c0)=0x8, 0x4)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_X86_SET_MCE(r6, 0x4040ae9e, &(0x7f0000000000)={0x8080000000000000, 0x8bb82ea3ffc2355c, 0x6, 0x50526f97c641ce4a, 0x19})
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000500)=ANY=[@ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf250001000a009d3ecb0cf628230600060004004e2400"], 0x28}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f00000003c0)=0xc)
setresuid(0x0, r7, 0x0)
write(0xffffffffffffffff, &(0x7f0000000340), 0x11000)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x3, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4c040}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r6, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

3.353669528s ago: executing program 3 (id=2525):
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r2, 0x4f, 0x1dc0, 0x4000, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000001c40)=""/76, 0x0, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x0, 0x13}, 0x22)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000018c0)={0x14, r4, 0xa29}, 0x14}}, 0x0)

3.305655147s ago: executing program 3 (id=2526):
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4)
syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @mcast1, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8}]}]}}}}}}}, 0x0)
recvmmsg(r3, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c000000d49ed0be0c000000070000000600000000000006900d0600f12cd961616100"], 0x0, 0x2b, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x40000)
r4 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x40080, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4048aec9, &(0x7f0000000980)={0x0, 0x0, @pic={0x3, 0x4, 0x3b, 0xe5, 0x4, 0x2, 0xa, 0x9, 0x27, 0x2, 0x82, 0x2, 0x7, 0x0, 0x1, 0xd}})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x5, 0x0, "0062ba7d8200000400f6eb2bda00"})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x492492492492846, 0x0)
connect$unix(r7, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
dup3(0xffffffffffffffff, r6, 0x0)
ioctl$TIOCSTI(r6, 0x5412, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

3.140667277s ago: executing program 1 (id=2527):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x0, 0x1}})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000001040)={{0x1, 0x1, 0x18, <r1=>r0, {0x5}}, './file0/file0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f00000d2000/0x1000)=nil, 0x1000, 0x4, 0x10, r1, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)
r2 = socket$pptp(0x18, 0x1, 0x2)
recvmmsg(r2, &(0x7f0000000fc0)=[{{&(0x7f00000002c0)=@ax25={{0x3, @rose}, [@default, @default, @netrom, @rose, @bcast, @null, @remote, @netrom]}, 0x80, 0x0, 0x0, &(0x7f0000000840)=""/180, 0xb4}, 0xe7}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000440)=""/48, 0x30}], 0x1, &(0x7f0000000940)=""/177, 0xb1}, 0x7}], 0x2, 0x2, &(0x7f0000000bc0)={0x0, 0x3938700})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r3 = io_uring_setup(0x4a1f, &(0x7f0000000180)={0x0, 0xbd12, 0x200, 0x0, 0x3a7})
syz_io_uring_setup(0x2dee, &(0x7f0000000080)={0x0, 0xbab7, 0x10000, 0x0, 0x4, 0x0, r3}, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x1005c20, &(0x7f0000000240)={0x0, 0x0, 0x13290, 0x3}, &(0x7f0000000100), &(0x7f0000000000))
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
lstat64(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f00000068c0)='./file0\x00', 0x105500, 0x281)
getdents64(r6, &(0x7f0000000000)=""/30, 0x1e)
sendmsg$alg(r5, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562", 0x1c}, {&(0x7f0000008c80)="9d", 0x1}], 0x2}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00'})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380))
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)=@newtaction={0x51c, 0x30, 0x1, 0x0, 0x0, {}, [{0x508, 0x1, [@m_tunnel_key={0x7c, 0x16, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x7}]}, {0x43, 0x6, "9f11dec7825897df287c1262927371da9a7eca50cf01658ec6e34a2e380cf0739795028d874137e874f71d93cea4fffc0ee005d4b71d2b3eb4210ad9109c83"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_tunnel_key={0x118, 0x22, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}]}, {0xcf, 0x6, "fbb532720543cef7fe82ca7fa9bb3ded3fbd082d5916ee027748181874b9dbd03da7e579b7ae641833c8a4a67aa74dc816ef2b10e1dc2b46debcfaf7e0258d68db2ed4a6faa1c8daf965d67b810082c9d8df369941143c6f90d76be46c9e822bdc26bec2008e74e470e3fc5753d1d405e5cb963ed4b9c5b06decd82f8f6a7eda0622546a9191bc6e1d253c5514b0405b4612dd979e529d4e0af409d0b3562141e5500299a6105e02ff3fcd5a37b7cbd2c6eb073e7680b9db9e03baa6c04ad1e0250db4f70a81c4178437f5"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xa8, 0x9, 0x0, 0x0, {{0x7}, {0x54, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x2}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_ACTION={0x6, 0x3, 0x20}, @TCA_CT_MARK={0x8, 0x5, 0x5}, @TCA_CT_ZONE={0x6, 0x4, 0x6a0}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}]}, {0x30, 0x6, "7d16c5822dfe60ea8d52fbf0945930abdf7bd0d5f97228b2c8c29f4c71a42c98d3d2be4e9b7edf101ba03f40"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0xe4, 0x9, 0x0, 0x0, {{0xf}, {0x74, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @loopback}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @local}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x401}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, {0x42, 0x6, "2c1b296992adc8c1ed3ed7248603f75a4aa1f815da020858659752ffbb72f934851a1f4c2f15da212f7a5361627faeb6c3bbb6fd1864a6c351d7d21146ce"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_connmark={0xc0, 0xb, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x14, 0x10000000, 0x1b, 0xffffffff}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x1000002, 0xffffffffffffffff, 0x40, 0x2}, 0x815}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x8, 0x3, 0x1b, 0x1}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x75c1, 0x10000000, 0x7, 0x1}, 0x3}}]}, {0x20, 0x6, "e2bfb19e6ef8ef9f5a9e177e17178c00328d2a74c868f21d35369ced"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ctinfo={0x124, 0x9, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x8, 0x1, 0xffffffffffffffff, 0x6, 0x3}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x9}, @TCA_CTINFO_ACT={0x18, 0x3, {0x3, 0x3ff, 0x1, 0x7, 0xffff0001}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x6}, @TCA_CTINFO_ACT={0x18, 0x3, {0x6, 0x0, 0x5, 0x4, 0xffffff01}}]}, {0x98, 0x6, "0efc0cffb60a9952405bce4447c223bb8345853e6f1b3483f263ec4467bd8e6c2efb78748bf3923b3218f6b4946c86e7296e5efe6ed737aa1771e533bffbbdbf2dc1216994db81b6809cdb668adbe4337452d49c821ba16e767296dd031a3db9e69109a6bc251d010906d9026d702c977558a7d17f1bc3a277bf09c7998581a07574e72b36e0ac6d1816c66cf2bf8b59364f1c5f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x51c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.789937343s ago: executing program 4 (id=2529):
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc25c4110, &(0x7f0000002700)={0x0, [[0x1, 0x0, 0x0, 0x9, 0xb, 0xb36c], [0x8, 0x500, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2], [0x4, 0x0, 0x4, 0x3, 0x0, 0xffffffff]], '\x00', [{0xffffffff, 0x0, 0x0, 0x1, 0x1}, {0x7fffffff, 0x0, 0x0, 0x1}, {0x0, 0xe}, {0x5}, {}, {0x0, 0x2}, {}, {}, {0xfffffefc}, {0x2}, {}, {0x8ef}], '\x00', 0x4d})
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="06000000040000000800", @ANYBLOB="0000f9b8170e0400000000000800007bb7bf9565b16d56793bf39e64060604e2e4da871a520fc1c1e4fbacfed9d60a865a7c5da0bb19698873ff26dd6a65a0e0c2e22498e4f2ca8445fa28e6ef7bc9cf585d1c84c705c0d6a3189597fef4192d1dd637b372577af534e29728eb613eb76439e3808068901cf76db4745e743de78f344c75f4817c28cd2d6f907bd8c829a49235c08b0353"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r1}, 0x18)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, &(0x7f0000000180)=0xc, 0x4)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000000c0))
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2481, 0x0) (fail_nth: 11)
ioctl$SNAPSHOT_UNFREEZE(r2, 0x3302)

2.653082369s ago: executing program 4 (id=2530):
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4)
syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @mcast1, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8}]}]}}}}}}}, 0x0)
recvmmsg(r3, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c000000d49ed0be0c000000070000000600000000000006900d0600f12cd961616100"], 0x0, 0x2b, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x40000)
r4 = openat$kvm(0xffffff9c, 0x0, 0x40080, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4048aec9, &(0x7f0000000980)={0x0, 0x0, @pic={0x3, 0x4, 0x3b, 0xe5, 0x4, 0x2, 0xa, 0x9, 0x27, 0x2, 0x82, 0x2, 0x7, 0x0, 0x1, 0xd}})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x5, 0x0, "0062ba7d8200000400f6eb2bda00"})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x492492492492846, 0x0)
connect$unix(r7, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
dup3(0xffffffffffffffff, r6, 0x0)
ioctl$TIOCSTI(r6, 0x5412, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

2.59009204s ago: executing program 1 (id=2531):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x48080) (fail_nth: 5)

2.52979428s ago: executing program 1 (id=2532):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a49040000000000000000020000000900020073797a32000000000900010073797a300000000004000480140000001100010000000000000000000000000a"], 0x58}}, 0x0)
semget$private(0x0, 0x207, 0x480)
r4 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x0)
openat$btrfs_control(0xffffff9c, 0x0, 0x2001, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x30, 0x3, "5fad843dc5c1efe84ced18d4422d5b0b86e8441958d3d2ea41149f1e55359af069a2a5e039ccf56f068a5a0b"}, @NFTA_TARGET_NAME={0x9, 0x1, 'SNAT\x00'}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x32}]}]}], {0x14}}, 0x104}, 0x1, 0x0, 0x0, 0x4}, 0x0)
io_uring_setup(0x172b, &(0x7f0000000000)={0x0, 0xe69, 0x8000, 0x2, 0x155})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r5, 0x0, 0x0, 0x24000000, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_KEEP_ORPHAN(r6, 0x2287, 0x0)
socket$igmp(0x2, 0x3, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

2.345475232s ago: executing program 4 (id=2533):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000140)={{0x0, 0x1}, {0x4f}, 0x0, 0x6, 0x40})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000280)=0xf381)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2)
socket$netlink(0x10, 0x3, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000380)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4, 0x300})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})

2.344966245s ago: executing program 2 (id=2534):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5640, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) (fail_nth: 11)

2.139543554s ago: executing program 3 (id=2535):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x0, 0x1}})
mmap$IORING_OFF_SQ_RING(&(0x7f00000d2000/0x1000)=nil, 0x1000, 0x4, 0x10, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)
r2 = socket$pptp(0x18, 0x1, 0x2)
recvmmsg(r2, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=""/180, 0xb4}, 0xe7}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000440)=""/48, 0x30}], 0x1, &(0x7f0000000940)=""/177, 0xb1}, 0x7}], 0x2, 0x2, &(0x7f0000000bc0)={0x0, 0x3938700})
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r3 = io_uring_setup(0x4a1f, &(0x7f0000000180)={0x0, 0xbd12, 0x200, 0x0, 0x3a7})
syz_io_uring_setup(0x2dee, &(0x7f0000000080)={0x0, 0xbab7, 0x10000, 0x0, 0x4, 0x0, r3}, 0x0, 0x0)
syz_io_uring_setup(0x1005c20, 0x0, &(0x7f0000000100), &(0x7f0000000000))
r4 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
lstat64(0x0, 0x0)
open$dir(&(0x7f00000068c0)='./file0\x00', 0x105500, 0x281)
sendmsg$alg(r6, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562bbf652", 0x1f}, {&(0x7f0000008c80)="9d", 0x7fffefe1}], 0x2}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380))
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)=@newtaction={0x51c, 0x30, 0x1, 0x0, 0x0, {}, [{0x508, 0x1, [@m_tunnel_key={0x7c, 0x16, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x7}]}, {0x43, 0x6, "9f11dec7825897df287c1262927371da9a7eca50cf01658ec6e34a2e380cf0739795028d874137e874f71d93cea4fffc0ee005d4b71d2b3eb4210ad9109c83"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_tunnel_key={0x118, 0x22, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}]}, {0xcf, 0x6, "fbb532720543cef7fe82ca7fa9bb3ded3fbd082d5916ee027748181874b9dbd03da7e579b7ae641833c8a4a67aa74dc816ef2b10e1dc2b46debcfaf7e0258d68db2ed4a6faa1c8daf965d67b810082c9d8df369941143c6f90d76be46c9e822bdc26bec2008e74e470e3fc5753d1d405e5cb963ed4b9c5b06decd82f8f6a7eda0622546a9191bc6e1d253c5514b0405b4612dd979e529d4e0af409d0b3562141e5500299a6105e02ff3fcd5a37b7cbd2c6eb073e7680b9db9e03baa6c04ad1e0250db4f70a81c4178437f5"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xa8, 0x9, 0x0, 0x0, {{0x7}, {0x54, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x2}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_ACTION={0x6, 0x3, 0x20}, @TCA_CT_MARK={0x8, 0x5, 0x5}, @TCA_CT_ZONE={0x6, 0x4, 0x6a0}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}]}, {0x30, 0x6, "7d16c5822dfe60ea8d52fbf0945930abdf7bd0d5f97228b2c8c29f4c71a42c98d3d2be4e9b7edf101ba03f40"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0xe4, 0x9, 0x0, 0x0, {{0xf}, {0x74, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @loopback}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @local}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x401}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, {0x42, 0x6, "2c1b296992adc8c1ed3ed7248603f75a4aa1f815da020858659752ffbb72f934851a1f4c2f15da212f7a5361627faeb6c3bbb6fd1864a6c351d7d21146ce"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_connmark={0xc0, 0xb, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x14, 0x10000000, 0x1b, 0xffffffff}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x1000002, 0xffffffffffffffff, 0x40, 0x2}, 0x815}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x8, 0x3, 0x1b, 0x1}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x75c1, 0x10000000, 0x7, 0x1}, 0x3}}]}, {0x20, 0x6, "e2bfb19e6ef8ef9f5a9e177e17178c00328d2a74c868f21d35369ced"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ctinfo={0x124, 0x9, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x8, 0x1, 0xffffffffffffffff, 0x6, 0x3}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x9}, @TCA_CTINFO_ACT={0x18, 0x3, {0x3, 0x3ff, 0x1, 0x7, 0xffff0001}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x6}, @TCA_CTINFO_ACT={0x18, 0x3, {0x6, 0x0, 0x5, 0x4, 0xffffff01}}]}, {0x98, 0x6, "0efc0cffb60a9952405bce4447c223bb8345853e6f1b3483f263ec4467bd8e6c2efb78748bf3923b3218f6b4946c86e7296e5efe6ed737aa1771e533bffbbdbf2dc1216994db81b6809cdb668adbe4337452d49c821ba16e767296dd031a3db9e69109a6bc251d010906d9026d702c977558a7d17f1bc3a277bf09c7998581a07574e72b36e0ac6d1816c66cf2bf8b59364f1c5f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x51c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1.63930544s ago: executing program 2 (id=2536):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ptrace$ARCH_GET_GS(0x1e, 0x0, 0x0, 0x1004)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58)
clock_getres(0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
ptrace$ARCH_SET_CPUID(0x1e, 0x0, 0x1, 0x1012)
madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19)

1.559446219s ago: executing program 1 (id=2537):
r0 = socket$unix(0x1, 0x1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0xa821bc5f33dfcfd1, 0x2f, 0x0, @empty, @loopback, {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x8}}}}}}}, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000000000000040000000000000b01d5597cfab9c4600000000000000380005"], 0x40)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
bind$unix(r0, &(0x7f0000003000)=@file={0x1}, 0x6e)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000003000)=@abs={0x1, 0x0, 0xffffffff}, 0x6e)

1.559115998s ago: executing program 1 (id=2538):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ptrace$ARCH_GET_GS(0x1e, 0x0, 0x0, 0x1004)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58)
clock_getres(0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB])
chdir(&(0x7f0000000300)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
madvise(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x19)

1.341569411s ago: executing program 4 (id=2539):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x0, 0x1}})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000001040)={{0x1, 0x1, 0x18, <r1=>r0, {0x5}}, './file0/file0\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f00000d2000/0x1000)=nil, 0x1000, 0x4, 0x10, r1, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)
r2 = socket$pptp(0x18, 0x1, 0x2)
recvmmsg(r2, &(0x7f0000000fc0)=[{{&(0x7f00000002c0)=@ax25={{0x3, @rose}, [@default, @default, @netrom, @rose, @bcast, @null, @remote, @netrom]}, 0x80, 0x0, 0x0, &(0x7f0000000840)=""/180, 0xb4}, 0xe7}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000440)=""/48, 0x30}], 0x1, &(0x7f0000000940)=""/177, 0xb1}, 0x7}], 0x2, 0x2, &(0x7f0000000bc0)={0x0, 0x3938700})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r3 = io_uring_setup(0x4a1f, &(0x7f0000000180)={0x0, 0xbd12, 0x200, 0x0, 0x3a7})
syz_io_uring_setup(0x2dee, &(0x7f0000000080)={0x0, 0xbab7, 0x10000, 0x0, 0x4, 0x0, r3}, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x1005c20, &(0x7f0000000240)={0x0, 0x0, 0x13290, 0x3}, &(0x7f0000000100), &(0x7f0000000000))
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(0xffffffffffffffff, 0x80083313, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
lstat64(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f00000068c0)='./file0\x00', 0x105500, 0x281)
getdents64(r6, &(0x7f0000000000)=""/30, 0x1e)
sendmsg$alg(r5, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562", 0x1c}, {&(0x7f0000008c80)="9d", 0x1}], 0x2}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000300)}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00'})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380))
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)=@newtaction={0x51c, 0x30, 0x1, 0x0, 0x0, {}, [{0x508, 0x1, [@m_tunnel_key={0x7c, 0x16, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x7}]}, {0x43, 0x6, "9f11dec7825897df287c1262927371da9a7eca50cf01658ec6e34a2e380cf0739795028d874137e874f71d93cea4fffc0ee005d4b71d2b3eb4210ad9109c83"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_tunnel_key={0x118, 0x22, 0x0, 0x0, {{0xf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}]}, {0xcf, 0x6, "fbb532720543cef7fe82ca7fa9bb3ded3fbd082d5916ee027748181874b9dbd03da7e579b7ae641833c8a4a67aa74dc816ef2b10e1dc2b46debcfaf7e0258d68db2ed4a6faa1c8daf965d67b810082c9d8df369941143c6f90d76be46c9e822bdc26bec2008e74e470e3fc5753d1d405e5cb963ed4b9c5b06decd82f8f6a7eda0622546a9191bc6e1d253c5514b0405b4612dd979e529d4e0af409d0b3562141e5500299a6105e02ff3fcd5a37b7cbd2c6eb073e7680b9db9e03baa6c04ad1e0250db4f70a81c4178437f5"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xa8, 0x9, 0x0, 0x0, {{0x7}, {0x54, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x2}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_ACTION={0x6, 0x3, 0x20}, @TCA_CT_MARK={0x8, 0x5, 0x5}, @TCA_CT_ZONE={0x6, 0x4, 0x6a0}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}]}, {0x30, 0x6, "7d16c5822dfe60ea8d52fbf0945930abdf7bd0d5f97228b2c8c29f4c71a42c98d3d2be4e9b7edf101ba03f40"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0xe4, 0x9, 0x0, 0x0, {{0xf}, {0x74, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @loopback}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @local}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x401}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, {0x42, 0x6, "2c1b296992adc8c1ed3ed7248603f75a4aa1f815da020858659752ffbb72f934851a1f4c2f15da212f7a5361627faeb6c3bbb6fd1864a6c351d7d21146ce"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_connmark={0xc0, 0xb, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x14, 0x10000000, 0x1b, 0xffffffff}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x1000002, 0xffffffffffffffff, 0x40, 0x2}, 0x815}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x8, 0x3, 0x1b, 0x1}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x75c1, 0x10000000, 0x7, 0x1}, 0x3}}]}, {0x20, 0x6, "e2bfb19e6ef8ef9f5a9e177e17178c00328d2a74c868f21d35369ced"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ctinfo={0x124, 0x9, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x8, 0x1, 0xffffffffffffffff, 0x6, 0x3}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x9}, @TCA_CTINFO_ACT={0x18, 0x3, {0x3, 0x3ff, 0x1, 0x7, 0xffff0001}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x6}, @TCA_CTINFO_ACT={0x18, 0x3, {0x6, 0x0, 0x5, 0x4, 0xffffff01}}]}, {0x98, 0x6, "0efc0cffb60a9952405bce4447c223bb8345853e6f1b3483f263ec4467bd8e6c2efb78748bf3923b3218f6b4946c86e7296e5efe6ed737aa1771e533bffbbdbf2dc1216994db81b6809cdb668adbe4337452d49c821ba16e767296dd031a3db9e69109a6bc251d010906d9026d702c977558a7d17f1bc3a277bf09c7998581a07574e72b36e0ac6d1816c66cf2bf8b59364f1c5f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x51c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

709.918829ms ago: executing program 3 (id=2540):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
creat(0x0, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x20000000002)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=ANY=[@ANYBLOB="70010000100033060000000000000000fc000000000000000000000000000000fc0100000000000000000000000000004000"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414000000000000000000000000000000000032000000fe80000000000000000000000000000b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0001000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00200000004e2100000000ac1e00010000000000000000000000001c0004000200"/292], 0x170}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88b81, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100)=0x14)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r8, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r9 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x100, 0x1c4)
openat(r9, &(0x7f0000000040)='./file0\x00', 0x18801, 0x100)
ioctl$sock_ifreq(0xffffffffffffffff, 0x89a2, &(0x7f0000000280)={'bridge0\x00', @ifru_settings={0x43, 0x0, @sync=0x0}})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="cf04003e29724fc834d4d38e45000000fcfffffffcff000008000300", @ANYRES32=r1, @ANYBLOB], 0x1c}}, 0x4040004)

69.983628ms ago: executing program 4 (id=2542):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002cbd7000ffdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)
sendmmsg$inet(r1, &(0x7f0000002a80)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000000c0)="f9", 0x1}], 0x1}}], 0x1, 0x1000)

62.506891ms ago: executing program 1 (id=2543):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a49040000000000000000020000000900020073797a32000000000900010073797a3000000000040004801400000011000100"/87], 0x58}}, 0x0)
semget$private(0x0, 0x207, 0x480)
r4 = socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)}, 0x0)
openat$btrfs_control(0xffffff9c, &(0x7f0000000380), 0x2001, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x30, 0x3, "5fad843dc5c1efe84ced18d4422d5b0b86e8441958d3d2ea41149f1e55359af069a2a5e039ccf56f068a5a0b"}, @NFTA_TARGET_NAME={0x9, 0x1, 'SNAT\x00'}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x32}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x300}]}]}], {0x14}}, 0x10c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
io_uring_setup(0x172b, &(0x7f0000000000)={0x0, 0xe69, 0x8000, 0x2, 0x155})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r5, 0x0, 0x0, 0x24000000, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_KEEP_ORPHAN(r6, 0x2287, 0x0)
socket$igmp(0x2, 0x3, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

0s ago: executing program 4 (id=2544):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
socket$igmp(0x2, 0x3, 0x2)
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='autofs\x00', 0x26c02, &(0x7f0000001540)='\r\x87\x17^\x981\xd5\x14\xe2\x81\xa6\xcd\t\xa5\xbasG\x88\x7f]\x03\xf3\xd5t\x97\x9f\xee\"\xebU\xccM\x02\x17\x0f[\x9c\x9e\xa6\xd2\xe4(\xea\x7f\xe4\x90K\xcb\xb5;f\x02}\x147\x04=\xe50\x8d;\x90!\x01,\xdb,\xb9\x8e\t\x13\x1eh\xbc^<\xd2\x809G\xe6H\xbb&^\\\x9c\xady\xd9\xb5\xa3\x16\xd0\xdf\x1a\xaa\xfcHz\x89\x19\xe1\xe6+\xf6\xc3\xad\x80\x98\xc2\x10\x91\xec\xf6\x93=\xbe\x10\xfc`\x86\xa7\xe6\xae\x00*R\x92\x05\xf6\x80u\xf9\xb7S{\xd6\x99\x9a\xf3\xcc\x04o\xdd\x91 \x92;\x87\xfb\x82c>\x82VR8\xe5\x0f\xeb\xcdJz\f\xf5.\xd7!\xa1\xfe\xc8\xf0\xb5\\\xc2\xc7\xc7\xaa\xd9:\xa3+\x12\x9f\xfc\xf6@},`=\xea\x91\fJ\xe4\rC\xa9\xe0\x8b%\x9f\'\xbdX\xbfS\x00\x8c\x84\x10\xcf\xf0\xd7\xe0\xf9\xf8E\xa3?\x17\\\x9e\n\xa1h!\x9e\xd8\xe8\xa5\xc5\xbf_\xa7\xc9\x91U\x86=\xa5\xf7g~\xaa\xc8N\"^\x8e%')
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDGKBDIACR(r7, 0x4bfa, 0x0)
syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x84000)
ioctl$sock_SIOCBRDELBR(r6, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r8=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)={0x24, r2, 0x1, 0xfffffffc, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r8}]}, 0x24}, 0x1, 0x0, 0x0, 0x6000}, 0x40004840)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="01002dbd7000fbdbdf25"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20008800)

kernel console output (not intermixed with test programs):

rotocol
[  472.477610][T13373] usb 6-1: reset high-speed USB device number 19 using dummy_hcd
[  472.742834][T13400] netlink: 'syz.2.1832': attribute type 2 has an invalid length.
[  472.745059][T13400] netlink: 'syz.2.1832': attribute type 1 has an invalid length.
[  472.747147][T13400] netlink: 'syz.2.1832': attribute type 1 has an invalid length.
[  472.881065][T13373] overlayfs: workdir and upperdir must reside under the same mount
[  472.983428][ T6115] usb 6-1: USB disconnect, device number 19
[  473.095946][T13403] 9pnet_virtio: no channels available for device syz
[  473.888243][T13417] bond0: (slave netdevsim0): Releasing backup interface
[  473.973174][T13417] team0: Port device netdevsim0 added
[  473.988505][T13419] team0: Port device netdevsim0 removed
[  473.992783][T13419] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  474.683458][T13434] 9pnet_virtio: no channels available for device syz
[  475.801141][T13456] sg_write: data in/out 142/154 bytes for SCSI command 0x0-- guessing data in;
[  475.801141][T13456]    program syz.1.1847 not setting count and/or reply_len properly
[  476.340032][T13469] 9pnet_fd: Insufficient options for proto=fd
[  476.428432][T13471] 9pnet_virtio: no channels available for device syz
[  478.243307][T13495] sg_write: data in/out 142/154 bytes for SCSI command 0x0-- guessing data in;
[  478.243307][T13495]    program syz.2.1856 not setting count and/or reply_len properly
[  478.412353][T13503] 9pnet_fd: Insufficient options for proto=fd
[  478.469055][T13505] validate_nla: 5 callbacks suppressed
[  478.469066][T13505] netlink: 'syz.3.1858': attribute type 2 has an invalid length.
[  478.473036][T13505] netlink: 'syz.3.1858': attribute type 1 has an invalid length.
[  478.475197][T13505] netlink: 'syz.3.1858': attribute type 1 has an invalid length.
[  479.471536][T13519] 9pnet_virtio: no channels available for device syz
[  479.689706][T13522] 9pnet_virtio: no channels available for device syz
[  481.619329][T13548] sg_write: data in/out 142/154 bytes for SCSI command 0x0-- guessing data in;
[  481.619329][T13548]    program syz.3.1869 not setting count and/or reply_len properly
[  481.722991][T13201] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  481.963034][T13201] usb 6-1: Using ep0 maxpacket: 8
[  481.966081][T13201] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.968926][T13201] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  481.971403][T13201] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  481.999821][T13201] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  482.024428][T13201] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  482.027025][T13201] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.040850][T13201] hub 6-1:1.0: bad descriptor, ignoring hub
[  482.042593][T13201] hub 6-1:1.0: probe with driver hub failed with error -5
[  482.054315][T13201] cdc_wdm 6-1:1.0: skipping garbage
[  482.059463][T13201] cdc_wdm 6-1:1.0: skipping garbage
[  482.071912][T13201] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  482.080265][T13201] cdc_wdm 6-1:1.0: Unknown control protocol
[  482.923768][T13546] usb 6-1: reset high-speed USB device number 20 using dummy_hcd
[  483.395129][T13546] 9pnet_virtio: no channels available for device syz
[  483.611991][T13546] overlay: Unknown parameter 'subj_role'
[  483.743267][ T6557] usb 6-1: USB disconnect, device number 20
[  483.795425][T13573] 9pnet_fd: Insufficient options for proto=fd
[  484.011671][T13580] netlink: 'syz.4.1876': attribute type 10 has an invalid length.
[  484.018019][T13580] bond0: (slave netdevsim0): Releasing backup interface
[  484.024061][T13580] team0: Port device netdevsim0 added
[  484.031108][T13580] netlink: 'syz.4.1876': attribute type 10 has an invalid length.
[  484.037799][T13580] team0: Port device netdevsim0 removed
[  484.043743][T13580] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  484.560898][T13596] 9pnet_virtio: no channels available for device syz
[  485.147713][T13603] 9pnet_virtio: no channels available for device syz
[  485.532654][T13609] netlink: 'syz.1.1883': attribute type 2 has an invalid length.
[  485.534966][T13609] netlink: 'syz.1.1883': attribute type 1 has an invalid length.
[  485.537149][T13609] netlink: 'syz.1.1883': attribute type 1 has an invalid length.
[  486.353028][   T65] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  486.513030][   T65] usb 7-1: Using ep0 maxpacket: 8
[  486.519056][   T65] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  486.522251][   T65] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  486.525235][   T65] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  486.528792][   T65] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  486.532106][   T65] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  486.535681][   T65] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.539981][   T65] hub 7-1:1.0: bad descriptor, ignoring hub
[  486.541629][   T65] hub 7-1:1.0: probe with driver hub failed with error -5
[  486.543903][   T65] cdc_wdm 7-1:1.0: skipping garbage
[  486.545347][   T65] cdc_wdm 7-1:1.0: skipping garbage
[  486.548043][   T65] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  486.549682][   T65] cdc_wdm 7-1:1.0: Unknown control protocol
[  487.061213][T13626] syz.4.1889 (13626): drop_caches: 3
[  487.132505][T13631] netlink: 'syz.3.1890': attribute type 10 has an invalid length.
[  487.135821][T13631] netlink: 'syz.3.1890': attribute type 10 has an invalid length.
[  487.493274][T13615] usb 7-1: reset high-speed USB device number 24 using dummy_hcd
[  487.861461][T13615] overlay: Unknown parameter 'subj_role'
[  487.963705][  T833] usb 7-1: USB disconnect, device number 24
[  488.051474][T13642] 9pnet_virtio: no channels available for device syz
[  488.163126][ T5996] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  488.323120][ T5996] usb 8-1: Using ep0 maxpacket: 8
[  488.326482][ T5996] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  488.330102][ T5996] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  488.333653][ T5996] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  488.337740][ T5996] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  488.341656][ T5996] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  488.345260][ T5996] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.351497][ T5996] hub 8-1:1.0: bad descriptor, ignoring hub
[  488.353939][ T5996] hub 8-1:1.0: probe with driver hub failed with error -5
[  488.356712][ T5996] cdc_wdm 8-1:1.0: skipping garbage
[  488.358724][ T5996] cdc_wdm 8-1:1.0: skipping garbage
[  488.361726][ T5996] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  488.363971][ T5996] cdc_wdm 8-1:1.0: Unknown control protocol
[  488.963456][T13641] usb 8-1: reset high-speed USB device number 17 using dummy_hcd
[  489.347290][T13641] 9pnet_virtio: no channels available for device syz
[  489.351930][T13641] overlay: Unknown parameter 'subj_role'
[  489.443275][  T833] usb 8-1: USB disconnect, device number 17
[  489.727120][T13665] netlink: 'syz.2.1899': attribute type 2 has an invalid length.
[  489.729813][T13665] netlink: 'syz.2.1899': attribute type 1 has an invalid length.
[  489.732535][T13665] netlink: 'syz.2.1899': attribute type 1 has an invalid length.
[  490.055042][T13673] netlink: 'syz.1.1901': attribute type 10 has an invalid length.
[  490.109042][T13674] netlink: 'syz.1.1901': attribute type 10 has an invalid length.
[  490.372422][T13673] bond0: (slave netdevsim0): Releasing backup interface
[  490.378025][T13673] team0: Port device netdevsim0 added
[  490.381715][T13674] team0: Port device netdevsim0 removed
[  490.384870][T13674] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  490.885868][T13683] netlink: 'syz.4.1904': attribute type 10 has an invalid length.
[  490.939434][T13686] netlink: 'syz.4.1904': attribute type 10 has an invalid length.
[  491.238941][T13683] bond0: (slave netdevsim0): Releasing backup interface
[  491.242829][T13683] team0: Port device netdevsim0 added
[  491.249549][T13686] team0: Port device netdevsim0 removed
[  491.252182][T13686] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  491.507284][T13692] netlink: 'syz.1.1906': attribute type 10 has an invalid length.
[  491.511889][T13692] bond0: (slave netdevsim0): Releasing backup interface
[  491.515569][T13692] team0: Port device netdevsim0 added
[  491.524738][T13692] netlink: 'syz.1.1906': attribute type 10 has an invalid length.
[  491.534776][T13692] team0: Port device netdevsim0 removed
[  491.537451][T13692] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  492.272889][T13709] 9pnet_virtio: no channels available for device syz
[  492.746621][T13715] netlink: 'syz.3.1912': attribute type 2 has an invalid length.
[  493.213383][T13722] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1914'.
[  493.261492][T13722] bond0: (slave netdevsim0): Releasing backup interface
[  493.280867][T13722] team0: Port device netdevsim0 added
[  493.304522][T13722] team0: Port device netdevsim0 removed
[  493.318631][T13722] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  494.546414][T13746] syz.2.1921 (13746): drop_caches: 3
[  496.566997][T13775] validate_nla: 7 callbacks suppressed
[  496.567036][T13775] netlink: 'syz.4.1928': attribute type 2 has an invalid length.
[  496.570667][T13775] netlink: 'syz.4.1928': attribute type 1 has an invalid length.
[  496.572909][T13775] netlink: 'syz.4.1928': attribute type 1 has an invalid length.
[  496.978626][T13784] 9pnet_virtio: no channels available for device syz
[  497.716303][T13793] syz.4.1933 (13793): drop_caches: 3
[  499.739845][T13818] netlink: 'syz.2.1938': attribute type 10 has an invalid length.
[  499.765724][T13818] bond0: (slave netdevsim0): Releasing backup interface
[  499.773970][T13818] team0: Port device netdevsim0 added
[  499.787256][T13818] netlink: 'syz.2.1938': attribute type 10 has an invalid length.
[  499.801058][T13818] team0: Port device netdevsim0 removed
[  499.811170][T13818] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  499.892119][T13812] netlink: 'syz.4.1937': attribute type 2 has an invalid length.
[  499.896460][T13812] netlink: 'syz.4.1937': attribute type 1 has an invalid length.
[  499.909486][T13812] netlink: 'syz.4.1937': attribute type 1 has an invalid length.
[  500.216671][T13828] 9pnet_virtio: no channels available for device syz
[  500.491532][T13832] netlink: 'syz.2.1941': attribute type 2 has an invalid length.
[  500.506915][T13832] netlink: 'syz.2.1941': attribute type 1 has an invalid length.
[  500.885142][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  500.887410][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  501.906370][   T40] audit: type=1800 audit(1742253111.108:51): pid=13842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1943" name="/" dev="fuse" ino=0 res=0 errno=0
[  502.437372][T13861] validate_nla: 4 callbacks suppressed
[  502.437408][T13861] netlink: 'syz.1.1949': attribute type 10 has an invalid length.
[  502.447299][T13861] bond0: (slave netdevsim0): Releasing backup interface
[  502.457627][T13861] team0: Port device netdevsim0 added
[  502.466109][T13861] netlink: 'syz.1.1949': attribute type 10 has an invalid length.
[  502.474714][T13861] team0: Port device netdevsim0 removed
[  502.480946][T13861] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  502.896004][T13868] netlink: 'syz.2.1950': attribute type 2 has an invalid length.
[  502.898293][T13868] netlink: 'syz.2.1950': attribute type 1 has an invalid length.
[  502.900485][T13868] netlink: 'syz.2.1950': attribute type 1 has an invalid length.
[  503.444860][T13878] syz.1.1952 (13878): drop_caches: 3
[  504.542663][T13890] syz.1.1954 (13890): drop_caches: 3
[  504.581205][T13891] netlink: 'syz.2.1955': attribute type 10 has an invalid length.
[  504.587622][T13891] bond0: (slave netdevsim0): Releasing backup interface
[  504.596951][T13891] team0: Port device netdevsim0 added
[  504.758393][T13891] netlink: 'syz.2.1955': attribute type 10 has an invalid length.
[  504.763899][T13891] team0: Port device netdevsim0 removed
[  504.768557][T13891] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  505.923148][   T10] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  506.083071][   T10] usb 9-1: Using ep0 maxpacket: 8
[  506.091760][   T10] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  506.098078][   T10] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  506.103929][   T10] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  506.108299][   T10] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  506.115149][   T10] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  506.120768][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.175881][   T10] hub 9-1:1.0: bad descriptor, ignoring hub
[  506.178336][   T10] hub 9-1:1.0: probe with driver hub failed with error -5
[  506.183515][   T10] cdc_wdm 9-1:1.0: skipping garbage
[  506.185361][   T10] cdc_wdm 9-1:1.0: skipping garbage
[  506.191416][   T10] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  506.194125][   T10] cdc_wdm 9-1:1.0: Unknown control protocol
[  506.350110][T13915] 9pnet_fd: Insufficient options for proto=fd
[  507.062906][T13932] 9pnet_virtio: no channels available for device syz
[  507.123649][T13909] usb 9-1: reset high-speed USB device number 24 using dummy_hcd
[  507.502333][T13909] 9pnet_virtio: no channels available for device syz
[  507.506393][T13909] overlay: Unknown parameter 'subj_role'
[  507.603720][ T5996] usb 9-1: USB disconnect, device number 24
[  508.712180][T13956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1970'.
[  508.736917][T13956] netlink: 'syz.1.1970': attribute type 10 has an invalid length.
[  508.749437][T13956] bond0: (slave netdevsim0): Releasing backup interface
[  508.761387][T13956] team0: Port device netdevsim0 added
[  508.769182][T13956] netlink: 'syz.1.1970': attribute type 10 has an invalid length.
[  508.776703][T13956] team0: Port device netdevsim0 removed
[  508.788172][T13956] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  509.153762][T13962] netlink: 'syz.3.1972': attribute type 2 has an invalid length.
[  509.156090][T13962] netlink: 'syz.3.1972': attribute type 1 has an invalid length.
[  509.158269][T13962] netlink: 'syz.3.1972': attribute type 1 has an invalid length.
[  509.178431][T13963] 9pnet_fd: Insufficient options for proto=fd
[  510.263947][T13976] 9pnet_virtio: no channels available for device syz
[  511.203054][  T833] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  511.258308][T13988] 9pnet_virtio: no channels available for device syz
[  511.663438][  T833] usb 6-1: Using ep0 maxpacket: 8
[  511.666250][  T833] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  511.675119][  T833] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  511.677734][  T833] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  511.695168][  T833] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  511.698435][  T833] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  511.701043][  T833] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.715372][  T833] hub 6-1:1.0: bad descriptor, ignoring hub
[  511.717145][  T833] hub 6-1:1.0: probe with driver hub failed with error -5
[  511.719363][  T833] cdc_wdm 6-1:1.0: skipping garbage
[  511.720899][  T833] cdc_wdm 6-1:1.0: skipping garbage
[  511.726433][  T833] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  511.728126][  T833] cdc_wdm 6-1:1.0: Unknown control protocol
[  512.417554][T14001] 9pnet_virtio: no channels available for device syz
[  512.673346][T13982] usb 6-1: reset high-speed USB device number 21 using dummy_hcd
[  512.763653][T14005] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1981'.
[  512.781848][T14005] netlink: 'syz.4.1981': attribute type 10 has an invalid length.
[  512.835962][T14006] netlink: 'syz.4.1981': attribute type 10 has an invalid length.
[  512.854023][T14005] bond0: (slave netdevsim0): Releasing backup interface
[  512.884840][T14005] team0: Port device netdevsim0 added
[  512.898100][T14006] team0: Port device netdevsim0 removed
[  512.901044][T14006] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  513.143598][T13982] overlay: Unknown parameter 'subj_role'
[  513.243634][    T9] usb 6-1: USB disconnect, device number 21
[  513.427480][ T5995] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  513.431509][T14016] 9pnet_virtio: no channels available for device syz
[  513.582990][ T5995] usb 7-1: Using ep0 maxpacket: 8
[  513.586814][ T5995] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  513.590359][ T5995] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  513.593404][ T5995] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  513.597581][ T5995] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  513.600855][ T5995] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  513.603868][ T5995] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.617782][ T5995] hub 7-1:1.0: bad descriptor, ignoring hub
[  513.619910][ T5995] hub 7-1:1.0: probe with driver hub failed with error -5
[  513.633089][ T5995] cdc_wdm 7-1:1.0: skipping garbage
[  513.635216][ T5995] cdc_wdm 7-1:1.0: skipping garbage
[  513.638125][ T5995] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  513.640439][ T5995] cdc_wdm 7-1:1.0: Unknown control protocol
[  514.233500][T14011] usb 7-1: reset high-speed USB device number 25 using dummy_hcd
[  514.613803][T14011] 9pnet_virtio: no channels available for device syz
[  514.619446][T14011] overlay: Unknown parameter 'fscontext'
[  514.713161][   T65] usb 7-1: USB disconnect, device number 25
[  515.450114][T14040] syz.2.1989 (14040): drop_caches: 3
[  516.678965][T14060] 9pnet_virtio: no channels available for device syz
[  516.932924][T14064] 9pnet_virtio: no channels available for device syz
[  517.196162][   T40] audit: type=1800 audit(1742253126.398:52): pid=14054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1992" name="/" dev="fuse" ino=0 res=0 errno=0
[  517.389587][T14071] 9pnet_virtio: no channels available for device syz
[  518.677716][T14090] netlink: 'syz.2.2000': attribute type 2 has an invalid length.
[  518.680601][T14090] netlink: 'syz.2.2000': attribute type 1 has an invalid length.
[  518.683525][T14090] netlink: 'syz.2.2000': attribute type 1 has an invalid length.
[  519.699844][T14108] 9pnet_virtio: no channels available for device syz
[  520.209152][T14113] 9pnet_virtio: no channels available for device syz
[  521.388048][T14130] 9pnet_fd: Insufficient options for proto=fd
[  521.819421][T14144] 9pnet_virtio: no channels available for device syz
[  521.946195][T14148] 9pnet_virtio: no channels available for device syz
[  522.704393][T14155] syz.3.2014 (14155): drop_caches: 3
[  522.892804][T14160] netlink: 'syz.1.2015': attribute type 2 has an invalid length.
[  522.896019][T14160] netlink: 'syz.1.2015': attribute type 1 has an invalid length.
[  522.899146][T14160] netlink: 'syz.1.2015': attribute type 1 has an invalid length.
[  523.275139][T14164] Cache volume key already in use (9p,syz,)
[  523.373758][T14167] 9pnet_virtio: no channels available for device syz
[  524.515328][   T40] audit: type=1800 audit(1742253133.718:53): pid=14172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2018" name="/" dev="fuse" ino=0 res=0 errno=0
[  524.671834][T14188] 9pnet_virtio: no channels available for device syz
[  525.704238][T14205] netlink: 'syz.3.2026': attribute type 2 has an invalid length.
[  525.706745][T14205] netlink: 'syz.3.2026': attribute type 1 has an invalid length.
[  525.709075][T14205] netlink: 'syz.3.2026': attribute type 1 has an invalid length.
[  526.115730][T14208] 9pnet_virtio: no channels available for device syz
[  526.744451][T14213] 9pnet_virtio: no channels available for device syz
[  527.104627][T14218] 9pnet_virtio: no channels available for device syz
[  528.071204][T14226] syz.4.2030 (14226): drop_caches: 3
[  529.823820][T14255] 9pnet_fd: Insufficient options for proto=fd
[  529.925635][T14258] 9pnet_virtio: no channels available for device syz
[  530.540894][T14266] 9pnet_virtio: no channels available for device syz
[  531.016383][T14277] netlink: 'syz.4.2039': attribute type 10 has an invalid length.
[  531.103061][T14278] netlink: 'syz.4.2039': attribute type 10 has an invalid length.
[  531.175113][T14277] bond0: (slave netdevsim0): Releasing backup interface
[  531.179253][T14277] team0: Port device netdevsim0 added
[  531.363302][T14278] team0: Port device netdevsim0 removed
[  531.445290][T14278] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  531.751664][T14288] netlink: 'syz.3.2042': attribute type 10 has an invalid length.
[  531.757971][T14288] netlink: 'syz.3.2042': attribute type 10 has an invalid length.
[  532.158592][T14287] syz.2.2041 (14287): drop_caches: 3
[  533.814442][T14317] 9pnet_virtio: no channels available for device syz
[  534.490341][T14328] netlink: 'syz.1.2052': attribute type 10 has an invalid length.
[  534.505470][T14328] bond0: (slave netdevsim0): Releasing backup interface
[  534.554460][T14329] netlink: 'syz.1.2052': attribute type 10 has an invalid length.
[  534.563914][T14328] team0: Port device netdevsim0 added
[  534.586678][T14329] team0: Port device netdevsim0 removed
[  534.589246][T14329] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  534.886759][T14335] netlink: 'syz.3.2053': attribute type 10 has an invalid length.
[  534.890998][T14335] netlink: 'syz.3.2053': attribute type 10 has an invalid length.
[  535.057194][T14333] 9pnet_fd: Insufficient options for proto=fd
[  535.624905][T14352] 9pnet_virtio: no channels available for device syz
[  536.735146][T14366] 9pnet_virtio: no channels available for device syz
[  537.686164][T14380] 9pnet_virtio: no channels available for device syz
[  539.076836][T14403] netlink: 'syz.1.2064': attribute type 10 has an invalid length.
[  539.151100][T14404] netlink: 'syz.1.2064': attribute type 10 has an invalid length.
[  539.418371][T14400] syz.3.2066 (14400): drop_caches: 3
[  539.473501][T14403] bond0: (slave netdevsim0): Releasing backup interface
[  539.478987][T14403] team0: Port device netdevsim0 added
[  539.489401][T14404] team0: Port device netdevsim0 removed
[  539.492140][T14404] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  539.546516][T14399] syz.2.2065 (14399): drop_caches: 3
[  540.062210][T14419] netlink: 'syz.2.2069': attribute type 2 has an invalid length.
[  540.066690][T14419] netlink: 'syz.2.2069': attribute type 1 has an invalid length.
[  540.068957][T14419] netlink: 'syz.2.2069': attribute type 1 has an invalid length.
[  540.943643][T14427] netlink: 'syz.4.2071': attribute type 10 has an invalid length.
[  541.016040][T14428] netlink: 'syz.4.2071': attribute type 10 has an invalid length.
[  541.205068][T14427] bond0: (slave netdevsim0): Releasing backup interface
[  541.208858][T14427] team0: Port device netdevsim0 added
[  541.224302][T14428] team0: Port device netdevsim0 removed
[  541.226981][T14428] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  541.372002][T14434] 9pnet_virtio: no channels available for device syz
[  541.826368][T14440] netlink: 'syz.4.2074': attribute type 2 has an invalid length.
[  541.829092][T14440] netlink: 'syz.4.2074': attribute type 1 has an invalid length.
[  541.844845][T14440] netlink: 'syz.4.2074': attribute type 1 has an invalid length.
[  543.125668][T14458] bond0: (slave netdevsim0): Releasing backup interface
[  543.129244][T14458] team0: Port device netdevsim0 added
[  543.132298][T14459] team0: Port device netdevsim0 removed
[  543.135202][T14459] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  543.407359][T14462] 9pnet_fd: Insufficient options for proto=fd
[  544.051045][T14471] bond0: (slave netdevsim0): Releasing backup interface
[  544.055612][T14471] team0: Port device netdevsim0 added
[  544.064633][T14472] team0: Port device netdevsim0 removed
[  544.069169][T14472] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  544.173026][T14480] validate_nla: 6 callbacks suppressed
[  544.173037][T14480] netlink: 'syz.3.2082': attribute type 2 has an invalid length.
[  544.176992][T14480] netlink: 'syz.3.2082': attribute type 1 has an invalid length.
[  544.179562][T14480] netlink: 'syz.3.2082': attribute type 1 has an invalid length.
[  544.325397][T14484] netlink: 'syz.2.2083': attribute type 10 has an invalid length.
[  544.366451][T14484] bond0: (slave netdevsim0): Releasing backup interface
[  544.373095][T14484] team0: Port device netdevsim0 added
[  544.378705][T14484] netlink: 'syz.2.2083': attribute type 10 has an invalid length.
[  544.428541][T14484] team0: Port device netdevsim0 removed
[  544.434717][T14484] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  545.128666][T14497] netlink: 'syz.3.2086': attribute type 2 has an invalid length.
[  545.131515][T14497] netlink: 'syz.3.2086': attribute type 1 has an invalid length.
[  545.134278][T14497] netlink: 'syz.3.2086': attribute type 1 has an invalid length.
[  545.603736][T14503] netlink: 'syz.2.2087': attribute type 10 has an invalid length.
[  545.657685][T14504] netlink: 'syz.2.2087': attribute type 10 has an invalid length.
[  545.847702][T14503] bond0: (slave netdevsim0): Releasing backup interface
[  545.850971][T14503] team0: Port device netdevsim0 added
[  545.862622][T14504] team0: Port device netdevsim0 removed
[  545.865259][T14504] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  546.018583][T14510] 9pnet_virtio: no channels available for device syz
[  546.626480][T14517] bond0: (slave netdevsim0): Releasing backup interface
[  546.629478][T14517] team0: Port device netdevsim0 added
[  546.643586][T14516] team0: Port device netdevsim0 removed
[  546.649897][T14516] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  547.394113][T14532] 9pnet_virtio: no channels available for device syz
[  549.568170][T14558] 9pnet_virtio: no channels available for device syz
[  549.590660][T14559] validate_nla: 4 callbacks suppressed
[  549.590810][T14559] netlink: 'syz.3.2097': attribute type 10 has an invalid length.
[  549.598197][T14559] netlink: 'syz.3.2097': attribute type 10 has an invalid length.
[  549.725022][T14562] netlink: 'syz.4.2099': attribute type 10 has an invalid length.
[  549.767077][T14562] bond0: (slave netdevsim0): Releasing backup interface
[  549.770193][T14562] team0: Port device netdevsim0 added
[  549.779519][T14561] netlink: 'syz.4.2099': attribute type 10 has an invalid length.
[  549.789670][T14561] team0: Port device netdevsim0 removed
[  549.795031][T14561] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  550.601087][T14574] netlink: 'syz.3.2100': attribute type 10 has an invalid length.
[  550.613217][T14574] netlink: 'syz.3.2100': attribute type 10 has an invalid length.
[  551.810051][T14593] netlink: 'syz.3.2105': attribute type 10 has an invalid length.
[  551.812868][T14593] netlink: 'syz.3.2105': attribute type 10 has an invalid length.
[  551.980583][T14595] netlink: 'syz.2.2106': attribute type 10 has an invalid length.
[  552.034624][T14596] netlink: 'syz.2.2106': attribute type 10 has an invalid length.
[  552.064363][T14595] bond0: (slave netdevsim0): Releasing backup interface
[  552.070789][T14595] team0: Port device netdevsim0 added
[  552.077064][T14596] team0: Port device netdevsim0 removed
[  552.079744][T14596] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  552.473074][   T65] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  552.643007][   T65] usb 9-1: Using ep0 maxpacket: 8
[  552.645961][   T65] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  552.648677][   T65] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  552.651111][   T65] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  552.654474][   T65] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  552.657535][   T65] usb 9-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  552.660046][   T65] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.664819][   T65] hub 9-1:1.0: bad descriptor, ignoring hub
[  552.666426][   T65] hub 9-1:1.0: probe with driver hub failed with error -5
[  552.669310][   T65] cdc_wdm 9-1:1.0: skipping garbage
[  552.670790][   T65] cdc_wdm 9-1:1.0: skipping garbage
[  552.672789][   T65] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  552.674722][   T65] cdc_wdm 9-1:1.0: Unknown control protocol
[  553.273616][T14600] usb 9-1: reset high-speed USB device number 25 using dummy_hcd
[  553.310516][T14615] 9pnet_virtio: no channels available for device syz
[  553.635869][T14600] 9pnet_virtio: no channels available for device syz
[  553.638529][T14600] overlay: Unknown parameter 'subj_role'
[  553.723155][  T833] usb 9-1: USB disconnect, device number 25
[  553.982735][T14621] 9pnet_virtio: no channels available for device syz
[  554.770712][T14637] 9pnet_virtio: no channels available for device syz
[  555.342825][T14640] validate_nla: 3 callbacks suppressed
[  555.342841][T14640] netlink: 'syz.2.2117': attribute type 10 has an invalid length.
[  556.145021][T14660] netlink: 'syz.3.2120': attribute type 10 has an invalid length.
[  556.147988][T14660] netlink: 'syz.3.2120': attribute type 10 has an invalid length.
[  558.310121][T14683] netlink: 'syz.1.2126': attribute type 10 has an invalid length.
[  558.318698][T14683] bond0: (slave netdevsim0): Releasing backup interface
[  558.321694][T14683] team0: Port device netdevsim0 added
[  558.330048][T14683] netlink: 'syz.1.2126': attribute type 10 has an invalid length.
[  558.336587][T14683] team0: Port device netdevsim0 removed
[  558.339415][T14683] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  558.363038][    T9] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  558.527403][T14696] netlink: 'syz.4.2130': attribute type 2 has an invalid length.
[  558.529587][T14696] netlink: 'syz.4.2130': attribute type 1 has an invalid length.
[  558.531714][T14696] netlink: 'syz.4.2130': attribute type 1 has an invalid length.
[  558.603002][    T9] usb 7-1: Using ep0 maxpacket: 8
[  558.607494][    T9] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  558.610949][    T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  558.613909][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  558.617090][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  558.620406][    T9] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  558.623819][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  558.630215][    T9] hub 7-1:1.0: bad descriptor, ignoring hub
[  558.632024][    T9] hub 7-1:1.0: probe with driver hub failed with error -5
[  558.635601][    T9] cdc_wdm 7-1:1.0: skipping garbage
[  558.637073][    T9] cdc_wdm 7-1:1.0: skipping garbage
[  558.640816][    T9] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  558.645290][T14700] netlink: 'syz.3.2129': attribute type 10 has an invalid length.
[  558.650244][T14700] netlink: 'syz.3.2129': attribute type 10 has an invalid length.
[  558.656961][    T9] cdc_wdm 7-1:1.0: Unknown control protocol
[  559.083816][T14704] 9pnet_fd: Insufficient options for proto=fd
[  559.807836][T14678] usb 7-1: reset high-speed USB device number 26 using dummy_hcd
[  560.093036][   T65] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  560.204232][T14678] overlay: Unknown parameter 'subj_role'
[  560.263025][   T65] usb 6-1: Using ep0 maxpacket: 8
[  560.265644][   T65] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  560.268494][   T65] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  560.270953][   T65] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  560.274295][   T65] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  560.277388][   T65] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  560.279895][   T65] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.285955][   T65] hub 6-1:1.0: bad descriptor, ignoring hub
[  560.287692][   T65] hub 6-1:1.0: probe with driver hub failed with error -5
[  560.289955][   T65] cdc_wdm 6-1:1.0: skipping garbage
[  560.291454][   T65] cdc_wdm 6-1:1.0: skipping garbage
[  560.294799][   T65] cdc_wdm 6-1:1.0: cdc-wdm1: USB WDM device
[  560.296659][   T65] cdc_wdm 6-1:1.0: Unknown control protocol
[  560.303320][    T9] usb 7-1: USB disconnect, device number 26
[  560.386121][T14723] 9pnet_virtio: no channels available for device syz
[  560.603122][ T5995] usb 6-1: USB disconnect, device number 22
[  560.726307][T14726] netlink: 'syz.4.2136': attribute type 10 has an invalid length.
[  560.740519][T14726] bond0: (slave netdevsim0): Releasing backup interface
[  560.752355][T14726] team0: Port device netdevsim0 added
[  561.043725][T14721] netlink: 'syz.4.2136': attribute type 10 has an invalid length.
[  561.048357][T14721] team0: Port device netdevsim0 removed
[  561.052346][T14721] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  561.073026][   T65] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  561.261103][   T65] usb 6-1: Using ep0 maxpacket: 8
[  561.263882][   T65] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  561.266626][   T65] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  561.269363][   T65] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  561.272355][   T65] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  561.275555][   T65] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  561.278015][   T65] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.286214][   T65] hub 6-1:1.0: bad descriptor, ignoring hub
[  561.287879][   T65] hub 6-1:1.0: probe with driver hub failed with error -5
[  561.290062][   T65] cdc_wdm 6-1:1.0: skipping garbage
[  561.291516][   T65] cdc_wdm 6-1:1.0: skipping garbage
[  561.293633][   T65] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  561.295301][   T65] cdc_wdm 6-1:1.0: Unknown control protocol
[  561.395361][T14735] netlink: 'syz.3.2139': attribute type 10 has an invalid length.
[  561.433001][T14735] netlink: 'syz.3.2139': attribute type 10 has an invalid length.
[  561.569222][T14714] overlay: Unknown parameter 'subj_role'
[  561.683200][   T65] usb 6-1: USB disconnect, device number 23
[  562.221598][T14745] netlink: 'syz.2.2141': attribute type 2 has an invalid length.
[  562.223913][T14745] netlink: 'syz.2.2141': attribute type 1 has an invalid length.
[  562.226100][T14745] netlink: 'syz.2.2141': attribute type 1 has an invalid length.
[  562.314126][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  562.316027][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  563.176620][T14759] syz.2.2145 (14759): drop_caches: 3
[  563.385023][T14769] 9pnet_virtio: no channels available for device syz
[  563.687102][T14775] netlink: 'syz.3.2148': attribute type 10 has an invalid length.
[  563.690006][T14775] netlink: 'syz.3.2148': attribute type 10 has an invalid length.
[  565.580884][T14802] netlink: 'syz.3.2153': attribute type 2 has an invalid length.
[  565.874165][T14808] validate_nla: 2 callbacks suppressed
[  565.874188][T14808] netlink: 'syz.1.2154': attribute type 10 has an invalid length.
[  565.906922][ T1321] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  565.913279][T14808] bond0: (slave netdevsim0): Releasing backup interface
[  565.917584][T14808] team0: Port device netdevsim0 added
[  565.929080][T14801] netlink: 'syz.1.2154': attribute type 10 has an invalid length.
[  565.933076][T14801] team0: Port device netdevsim0 removed
[  565.935667][T14801] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  566.052992][ T1321] usb 7-1: Using ep0 maxpacket: 8
[  566.055729][ T1321] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  566.058599][ T1321] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  566.060833][ T1321] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  566.063981][ T1321] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  566.067094][ T1321] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  566.069661][ T1321] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.076247][ T1321] hub 7-1:1.0: bad descriptor, ignoring hub
[  566.078036][ T1321] hub 7-1:1.0: probe with driver hub failed with error -5
[  566.080453][ T1321] cdc_wdm 7-1:1.0: skipping garbage
[  566.081975][ T1321] cdc_wdm 7-1:1.0: skipping garbage
[  566.084210][ T1321] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  566.085967][ T1321] cdc_wdm 7-1:1.0: Unknown control protocol
[  566.973937][T14798] usb 7-1: reset high-speed USB device number 27 using dummy_hcd
[  567.081535][T14821] syz.4.2158 (14821): drop_caches: 3
[  567.419540][T14798] overlay: Unknown parameter 'subj_role'
[  567.523206][  T833] usb 7-1: USB disconnect, device number 27
[  567.547676][T14828] 9pnet_fd: Insufficient options for proto=fd
[  567.593648][T14829] netlink: 'syz.3.2160': attribute type 10 has an invalid length.
[  567.597201][T14829] netlink: 'syz.3.2160': attribute type 10 has an invalid length.
[  568.312854][T14837] netlink: 'syz.4.2162': attribute type 10 has an invalid length.
[  568.331905][T14837] bond0: (slave netdevsim0): Releasing backup interface
[  568.366678][T14840] netlink: 'syz.4.2162': attribute type 10 has an invalid length.
[  568.419141][T14837] team0: Port device netdevsim0 added
[  568.423149][T14840] team0: Port device netdevsim0 removed
[  568.425723][T14840] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  568.642987][ T5995] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  568.674863][T14847] netlink: 'syz.1.2164': attribute type 2 has an invalid length.
[  568.677914][T14847] netlink: 'syz.1.2164': attribute type 1 has an invalid length.
[  568.680843][T14847] netlink: 'syz.1.2164': attribute type 1 has an invalid length.
[  568.804957][ T5995] usb 7-1: Using ep0 maxpacket: 8
[  568.807853][ T5995] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  568.810644][ T5995] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  568.813141][ T5995] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  568.816732][ T5995] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  568.820141][ T5995] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  568.822614][ T5995] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.831451][ T5995] hub 7-1:1.0: bad descriptor, ignoring hub
[  568.833662][ T5995] hub 7-1:1.0: probe with driver hub failed with error -5
[  568.838614][ T5995] cdc_wdm 7-1:1.0: skipping garbage
[  568.841362][ T5995] cdc_wdm 7-1:1.0: skipping garbage
[  568.844210][ T5995] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  568.848661][ T5995] cdc_wdm 7-1:1.0: Unknown control protocol
[  569.232749][T14853] netlink: 'syz.4.2165': attribute type 10 has an invalid length.
[  569.237082][T14853] bond0: (slave netdevsim0): Releasing backup interface
[  569.240776][T14853] team0: Port device netdevsim0 added
[  569.252511][T14853] team0: Port device netdevsim0 removed
[  569.256928][T14853] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  569.697156][T14858] bond0: (slave netdevsim0): Releasing backup interface
[  569.743642][T14836] usb 7-1: reset high-speed USB device number 28 using dummy_hcd
[  569.784178][T14858] team0: Port device netdevsim0 added
[  569.789304][T14861] team0: Port device netdevsim0 removed
[  569.791896][T14861] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  570.175171][T14836] overlay: Unknown parameter 'subj_role'
[  570.263217][   T10] usb 7-1: USB disconnect, device number 28
[  570.389299][T14870] 9pnet_virtio: no channels available for device syz
[  571.489209][T14888] validate_nla: 3 callbacks suppressed
[  571.489478][T14888] netlink: 'syz.1.2172': attribute type 10 has an invalid length.
[  571.542414][T14890] netlink: 'syz.1.2172': attribute type 10 has an invalid length.
[  571.611508][T14889] netlink: 'syz.3.2180': attribute type 10 has an invalid length.
[  571.656097][T14892] netlink: 'syz.3.2180': attribute type 10 has an invalid length.
[  571.803187][T14888] bond0: (slave netdevsim0): Releasing backup interface
[  571.809765][T14888] team0: Port device netdevsim0 added
[  571.828993][T14890] team0: Port device netdevsim0 removed
[  571.833015][T14890] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  572.490560][T14906] 9pnet_virtio: no channels available for device syz
[  573.298738][T14911] netlink: 'syz.2.2175': attribute type 10 has an invalid length.
[  573.303598][T14911] bond0: (slave netdevsim0): Releasing backup interface
[  573.309635][T14911] team0: Port device netdevsim0 added
[  573.315969][T14911] netlink: 'syz.2.2175': attribute type 10 has an invalid length.
[  573.327827][T14911] team0: Port device netdevsim0 removed
[  573.334091][T14911] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  573.777737][T14921] 9pnet_fd: Insufficient options for proto=fd
[  573.806593][T14920] netlink: 'syz.1.2178': attribute type 2 has an invalid length.
[  573.808734][T14920] netlink: 'syz.1.2178': attribute type 1 has an invalid length.
[  573.810901][T14920] netlink: 'syz.1.2178': attribute type 1 has an invalid length.
[  573.940267][T14924] netlink: 'syz.4.2177': attribute type 10 has an invalid length.
[  574.135851][T14924] bond0: (slave netdevsim0): Releasing backup interface
[  574.139876][T14924] team0: Port device netdevsim0 added
[  574.143980][T14925] team0: Port device netdevsim0 removed
[  574.147900][T14925] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  574.825113][T14941] 9pnet_virtio: no channels available for device syz
[  576.190494][T14954] bond0: (slave netdevsim0): Releasing backup interface
[  576.202669][T14954] team0: Port device netdevsim0 added
[  576.392753][T14955] team0: Port device netdevsim0 removed
[  576.395456][T14955] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  577.096662][T14972] validate_nla: 3 callbacks suppressed
[  577.096675][T14972] netlink: 'syz.2.2189': attribute type 10 has an invalid length.
[  577.226208][T14968] netlink: 'syz.2.2189': attribute type 10 has an invalid length.
[  577.341996][T14972] bond0: (slave netdevsim0): Releasing backup interface
[  577.347075][T14972] team0: Port device netdevsim0 added
[  577.352237][T14968] team0: Port device netdevsim0 removed
[  577.356069][T14968] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  577.777585][T14980] netlink: 'syz.1.2190': attribute type 10 has an invalid length.
[  577.794730][T14980] bond0: (slave netdevsim0): Releasing backup interface
[  577.798209][T14980] team0: Port device netdevsim0 added
[  577.810710][T14979] netlink: 'syz.1.2190': attribute type 10 has an invalid length.
[  577.819470][T14979] team0: Port device netdevsim0 removed
[  577.826113][T14979] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  577.953068][T14943] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  578.123196][T14943] usb 7-1: Using ep0 maxpacket: 8
[  578.127106][T14943] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  578.130692][T14943] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  578.134026][T14943] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  578.138033][T14943] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  578.141977][T14943] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  578.145226][T14943] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.152541][T14943] hub 7-1:1.0: bad descriptor, ignoring hub
[  578.155291][T14943] hub 7-1:1.0: probe with driver hub failed with error -5
[  578.158019][T14943] cdc_wdm 7-1:1.0: skipping garbage
[  578.159949][T14943] cdc_wdm 7-1:1.0: skipping garbage
[  578.163203][T14943] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  578.165957][T14943] cdc_wdm 7-1:1.0: Unknown control protocol
[  579.055390][T14978] usb 7-1: reset high-speed USB device number 29 using dummy_hcd
[  579.153476][T14992] 9pnet_virtio: no channels available for device syz
[  579.433440][T14978] 9pnet_virtio: no channels available for device syz
[  579.437722][T14978] overlay: Unknown parameter 'subj_role'
[  579.533347][ T6252] usb 7-1: USB disconnect, device number 29
[  580.377712][T15012] netlink: 'syz.2.2198': attribute type 10 has an invalid length.
[  580.432693][T15016] netlink: 'syz.2.2198': attribute type 10 has an invalid length.
[  580.526916][T15012] bond0: (slave netdevsim0): Releasing backup interface
[  580.533088][T15012] team0: Port device netdevsim0 added
[  580.537845][T15016] team0: Port device netdevsim0 removed
[  580.541769][T15016] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  581.297188][T15028] netlink: 'syz.2.2202': attribute type 10 has an invalid length.
[  581.332595][T15029] 9pnet_virtio: no channels available for device syz
[  581.332740][T15028] bond0: (slave netdevsim0): Releasing backup interface
[  581.355542][T15028] team0: Port device netdevsim0 added
[  581.365093][T15030] netlink: 'syz.2.2202': attribute type 10 has an invalid length.
[  581.655357][T15037] 9pnet_virtio: no channels available for device syz
[  581.973877][T15030] team0: Port device netdevsim0 removed
[  582.083133][T15030] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  582.554845][T15048] 9pnet_virtio: no channels available for device syz
[  582.835268][T15053] 9pnet_virtio: no channels available for device syz
[  584.208982][T15073] 9pnet_virtio: no channels available for device syz
[  585.375078][T15089] netlink: 'syz.3.2212': attribute type 10 has an invalid length.
[  585.408846][T15089] netlink: 'syz.3.2212': attribute type 10 has an invalid length.
[  585.687365][T15097] 9pnet_virtio: no channels available for device syz
[  586.749395][T15112] netlink: 'syz.1.2218': attribute type 2 has an invalid length.
[  586.752561][T15112] netlink: 'syz.1.2218': attribute type 1 has an invalid length.
[  586.755777][T15112] netlink: 'syz.1.2218': attribute type 1 has an invalid length.
[  587.754912][T15124] netlink: 'syz.2.2220': attribute type 10 has an invalid length.
[  587.758493][T15124] bond0: (slave netdevsim0): Releasing backup interface
[  587.859369][T15125] netlink: 'syz.2.2220': attribute type 10 has an invalid length.
[  587.947056][T15124] team0: Port device netdevsim0 added
[  587.953644][T15125] team0: Port device netdevsim0 removed
[  587.956584][T15125] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  588.944043][T15140] netlink: 'syz.2.2224': attribute type 10 has an invalid length.
[  588.986283][T15140] bond0: (slave netdevsim0): Releasing backup interface
[  588.990279][T15140] team0: Port device netdevsim0 added
[  589.023732][T15137] netlink: 'syz.2.2224': attribute type 10 has an invalid length.
[  589.028041][T15137] team0: Port device netdevsim0 removed
[  589.030586][T15137] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  589.594208][T15154] netlink: 'syz.4.2227': attribute type 10 has an invalid length.
[  589.774753][T15154] bond0: (slave netdevsim0): Releasing backup interface
[  589.777550][T15154] team0: Port device netdevsim0 added
[  589.784492][T15156] team0: Port device netdevsim0 removed
[  589.787163][T15156] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  589.821121][T15157] bond0: (slave netdevsim0): Releasing backup interface
[  589.824134][T15157] team0: Port device netdevsim0 added
[  589.829299][T15159] team0: Port device netdevsim0 removed
[  589.831865][T15159] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  590.055467][T15162] 9pnet_fd: Insufficient options for proto=fd
[  591.008306][T15176] validate_nla: 3 callbacks suppressed
[  591.008357][T15176] netlink: 'syz.2.2231': attribute type 2 has an invalid length.
[  591.013533][T15176] netlink: 'syz.2.2231': attribute type 1 has an invalid length.
[  591.016759][T15176] netlink: 'syz.2.2231': attribute type 1 has an invalid length.
[  591.205884][T15181] Cache volume key already in use (9p,syz,)
[  591.217309][T15182] 9pnet_virtio: no channels available for device syz
[  591.430425][T15189] netlink: 'syz.3.2234': attribute type 2 has an invalid length.
[  591.432704][T15189] netlink: 'syz.3.2234': attribute type 1 has an invalid length.
[  591.435069][T15189] netlink: 'syz.3.2234': attribute type 1 has an invalid length.
[  592.558079][T15205] 9pnet_virtio: no channels available for device syz
[  593.653618][T15221] 9pnet_fd: Insufficient options for proto=fd
[  594.158773][T15230] netlink: 'syz.2.2243': attribute type 2 has an invalid length.
[  594.160933][T15230] netlink: 'syz.2.2243': attribute type 1 has an invalid length.
[  594.163284][T15230] netlink: 'syz.2.2243': attribute type 1 has an invalid length.
[  595.199882][T15250] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2247'.
[  595.338300][T15248] netlink: 'syz.3.2247': attribute type 10 has an invalid length.
[  597.150790][T15280] 9pnet_virtio: no channels available for device syz
[  598.293938][T15297] 9pnet_fd: Insufficient options for proto=fd
[  598.955454][T15309] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2258'.
[  598.990227][T15309] validate_nla: 1 callbacks suppressed
[  598.990311][T15309] netlink: 'syz.3.2258': attribute type 10 has an invalid length.
[  598.997720][T15309] netlink: 'syz.3.2258': attribute type 10 has an invalid length.
[  600.098936][T15321] 9pnet_virtio: no channels available for device syz
[  600.953004][ T6252] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  600.987636][T15334] netlink: 'syz.4.2263': attribute type 10 has an invalid length.
[  601.041604][T15335] netlink: 'syz.4.2263': attribute type 10 has an invalid length.
[  601.054612][T15334] bond0: (slave netdevsim0): Releasing backup interface
[  601.057734][T15334] team0: Port device netdevsim0 added
[  601.102978][ T6252] usb 6-1: Using ep0 maxpacket: 8
[  601.198261][ T6252] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  601.201448][ T6252] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  601.204138][ T6252] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  601.207737][ T6252] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  601.210903][ T6252] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  601.213638][ T6252] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.220074][ T6252] hub 6-1:1.0: bad descriptor, ignoring hub
[  601.222214][ T6252] hub 6-1:1.0: probe with driver hub failed with error -5
[  601.224760][ T6252] cdc_wdm 6-1:1.0: skipping garbage
[  601.226298][ T6252] cdc_wdm 6-1:1.0: skipping garbage
[  601.228367][ T6252] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  601.230103][ T6252] cdc_wdm 6-1:1.0: Unknown control protocol
[  601.245654][T15335] team0: Port device netdevsim0 removed
[  601.248298][T15335] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  602.135176][T15331] usb 6-1: reset high-speed USB device number 24 using dummy_hcd
[  602.497412][T15331] 9pnet_virtio: no channels available for device syz
[  602.500391][T15331] overlay: Unknown parameter 'fscontext'
[  602.569887][T15354] netlink: 'syz.3.2268': attribute type 10 has an invalid length.
[  602.573733][T15354] netlink: 'syz.3.2268': attribute type 10 has an invalid length.
[  602.703187][ T5996] usb 6-1: USB disconnect, device number 24
[  602.766631][T15357] netlink: 'syz.2.2269': attribute type 10 has an invalid length.
[  602.795562][T15358] netlink: 'syz.2.2269': attribute type 10 has an invalid length.
[  602.858454][T15357] bond0: (slave netdevsim0): Releasing backup interface
[  602.865108][T15357] team0: Port device netdevsim0 added
[  602.868809][T15358] team0: Port device netdevsim0 removed
[  602.871423][T15358] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  603.603654][T15371] netlink: 'syz.1.2271': attribute type 10 has an invalid length.
[  603.619155][T15371] bond0: (slave netdevsim0): Releasing backup interface
[  603.659141][T15372] netlink: 'syz.1.2271': attribute type 10 has an invalid length.
[  603.717162][T15371] team0: Port device netdevsim0 added
[  603.721038][T15372] team0: Port device netdevsim0 removed
[  603.723841][T15372] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  604.466339][T15382] validate_nla: 3 callbacks suppressed
[  604.466369][T15382] netlink: 'syz.4.2273': attribute type 2 has an invalid length.
[  604.470459][T15382] netlink: 'syz.4.2273': attribute type 1 has an invalid length.
[  604.478045][T15382] netlink: 'syz.4.2273': attribute type 1 has an invalid length.
[  606.009681][T15405] netlink: 'syz.1.2279': attribute type 10 has an invalid length.
[  606.020333][T15405] bond0: (slave netdevsim0): Releasing backup interface
[  606.034105][T15405] team0: Port device netdevsim0 added
[  606.056662][T15405] netlink: 'syz.1.2279': attribute type 10 has an invalid length.
[  606.190445][T15405] team0: Port device netdevsim0 removed
[  606.195666][T15405] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  606.484892][T15413] netlink: 'syz.4.2280': attribute type 10 has an invalid length.
[  606.493813][T15413] bond0: (slave netdevsim0): Releasing backup interface
[  606.504180][T15413] team0: Port device netdevsim0 added
[  606.509139][T15413] netlink: 'syz.4.2280': attribute type 10 has an invalid length.
[  606.518740][T15413] team0: Port device netdevsim0 removed
[  606.525681][T15413] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  606.659722][T15417] 9pnet_virtio: no channels available for device syz
[  607.833349][  T833] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  607.838289][T15430] netlink: 'syz.4.2284': attribute type 10 has an invalid length.
[  607.898182][T15430] bond0: (slave netdevsim0): Releasing backup interface
[  607.903419][T15430] team0: Port device netdevsim0 added
[  608.205765][  T833] usb 6-1: Using ep0 maxpacket: 8
[  608.214309][  T833] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  608.225994][  T833] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  608.233452][  T833] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  608.238723][  T833] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  608.243770][  T833] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  608.247213][  T833] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.274077][  T833] hub 6-1:1.0: bad descriptor, ignoring hub
[  608.276521][  T833] hub 6-1:1.0: probe with driver hub failed with error -5
[  608.280516][  T833] cdc_wdm 6-1:1.0: skipping garbage
[  608.283042][  T833] cdc_wdm 6-1:1.0: skipping garbage
[  608.288626][  T833] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  608.290759][  T833] cdc_wdm 6-1:1.0: Unknown control protocol
[  608.923479][T15423] usb 6-1: reset high-speed USB device number 25 using dummy_hcd
[  609.314953][T15448] 9pnet_fd: Insufficient options for proto=fd
[  609.329216][T15423] overlay: Unknown parameter 'fscontext'
[  609.423369][ T6252] usb 6-1: USB disconnect, device number 25
[  611.081998][T15470] 9pnet_fd: Insufficient options for proto=fd
[  611.274142][T15477] netlink: 'syz.3.2293': attribute type 10 has an invalid length.
[  611.277840][T15477] netlink: 'syz.3.2293': attribute type 10 has an invalid length.
[  611.475261][T15482] netlink: 'syz.1.2292': attribute type 10 has an invalid length.
[  611.525325][T15482] bond0: (slave netdevsim0): Releasing backup interface
[  611.530003][T15482] team0: Port device netdevsim0 added
[  611.562986][T15481] netlink: 'syz.1.2292': attribute type 10 has an invalid length.
[  611.718296][T15481] team0: Port device netdevsim0 removed
[  611.723168][T15481] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  612.599991][T15500] 9pnet_virtio: no channels available for device syz
[  613.088223][T15489] netlink: 'syz.3.2296': attribute type 10 has an invalid length.
[  613.092119][T15489] netlink: 'syz.3.2296': attribute type 10 has an invalid length.
[  613.505543][T15513] netlink: 'syz.1.2301': attribute type 10 has an invalid length.
[  613.634314][T15514] netlink: 'syz.3.2302': attribute type 10 has an invalid length.
[  613.638062][T15514] netlink: 'syz.3.2302': attribute type 10 has an invalid length.
[  614.535435][T15530] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2305'.
[  614.539888][T15530] netlink: 'syz.4.2305': attribute type 10 has an invalid length.
[  614.700222][T15525] team0: Port device netdevsim0 removed
[  614.702818][T15525] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  615.721775][T15550] 9pnet_virtio: no channels available for device syz
[  616.941087][T15562] validate_nla: 5 callbacks suppressed
[  616.942314][T15562] netlink: 'syz.3.2312': attribute type 10 has an invalid length.
[  616.955725][T15562] netlink: 'syz.3.2312': attribute type 10 has an invalid length.
[  617.854849][T15577] netlink: 'syz.4.2314': attribute type 10 has an invalid length.
[  618.291676][T15582] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2316'.
[  618.298545][T15582] netlink: 'syz.1.2316': attribute type 10 has an invalid length.
[  618.305576][T15582] bond0: (slave netdevsim0): Releasing backup interface
[  618.313801][T15582] team0: Port device netdevsim0 added
[  618.321100][T15582] netlink: 'syz.1.2316': attribute type 10 has an invalid length.
[  618.333449][T15582] team0: Port device netdevsim0 removed
[  618.345948][T15582] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  618.603768][T15586] 9pnet_virtio: no channels available for device syz
[  619.044473][   T67] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  619.049251][   T67] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  619.051833][   T67] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  619.054710][   T67] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  619.057266][   T67] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  619.060107][   T67] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  619.101003][T15593] lo speed is unknown, defaulting to 1000
[  619.148392][T15593] lo speed is unknown, defaulting to 1000
[  619.548468][T15604] netlink: 'syz.1.2320': attribute type 10 has an invalid length.
[  619.679117][T15602] netlink: 'syz.1.2320': attribute type 10 has an invalid length.
[  619.694843][ T1134] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  619.708626][T15604] bond0: (slave netdevsim0): Releasing backup interface
[  619.712663][T15604] team0: Port device netdevsim0 added
[  619.717356][T15602] team0: Port device netdevsim0 removed
[  619.720151][T15602] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  619.726085][T15593] chnl_net:caif_netlink_parms(): no params data found
[  619.764640][ T1134] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  619.801697][T15593] bridge0: port 1(bridge_slave_0) entered blocking state
[  619.803862][T15593] bridge0: port 1(bridge_slave_0) entered disabled state
[  619.805911][T15593] bridge_slave_0: entered allmulticast mode
[  619.808093][T15593] bridge_slave_0: entered promiscuous mode
[  619.811572][T15593] bridge0: port 2(bridge_slave_1) entered blocking state
[  619.813818][T15593] bridge0: port 2(bridge_slave_1) entered disabled state
[  619.815889][T15593] bridge_slave_1: entered allmulticast mode
[  619.818061][T15593] bridge_slave_1: entered promiscuous mode
[  619.856608][T15593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  619.862219][T15593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  619.891107][ T1134] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  619.996962][ T1134] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.026970][T15593] team0: Port device team_slave_0 added
[  620.043495][T15593] team0: Port device team_slave_1 added
[  620.294841][T15593] batman_adv: batadv0: Adding interface: batadv_slave_0
[  620.297555][T15593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  620.305566][T15593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  620.312117][T15593] batman_adv: batadv0: Adding interface: batadv_slave_1
[  620.317647][T15593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  620.325248][T15593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  620.378482][T15593] hsr_slave_0: entered promiscuous mode
[  620.380541][T15593] hsr_slave_1: entered promiscuous mode
[  620.383518][T15593] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  620.385652][T15593] Cannot create hsr debugfs directory
[  620.402700][ T1134] bridge_slave_1: left allmulticast mode
[  620.404810][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  620.413985][ T1134] bridge_slave_0: left allmulticast mode
[  620.415983][ T1134] bridge_slave_0: left promiscuous mode
[  620.417589][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  620.818172][T15624] 9pnet_fd: Insufficient options for proto=fd
[  620.845588][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  620.850002][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  620.854799][ T1134] bond0 (unregistering): Released all slaves
[  620.976650][ T1134] tipc: Left network mode
[  621.114130][   T67] Bluetooth: hci2: command tx timeout
[  621.357003][ T1134] hsr_slave_0: left promiscuous mode
[  621.359959][ T1134] hsr_slave_1: left promiscuous mode
[  621.361891][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  621.367163][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  621.370345][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  621.372483][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  621.400283][ T1134] veth1_macvtap: left promiscuous mode
[  621.402683][ T1134] veth0_macvtap: left promiscuous mode
[  621.404472][ T1134] veth1_vlan: left promiscuous mode
[  621.407527][ T1134] veth0_vlan: left promiscuous mode
[  621.483668][T15646] 9pnet_virtio: no channels available for device syz
[  622.710804][T15660] netlink: 'syz.1.2328': attribute type 10 has an invalid length.
[  622.767150][T15661] netlink: 'syz.1.2328': attribute type 10 has an invalid length.
[  623.193045][   T67] Bluetooth: hci2: command tx timeout
[  623.667341][T15660] bond0: (slave netdevsim0): Releasing backup interface
[  623.670778][T15660] team0: Port device netdevsim0 added
[  623.674485][T15661] team0: Port device netdevsim0 removed
[  623.677133][T15661] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  623.749111][T15680] 9pnet_fd: Insufficient options for proto=fd
[  623.769835][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  623.774652][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  623.919755][T15593] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  623.929879][T15593] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  623.950975][T15593] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  623.959713][T15593] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  623.995872][T15593] 8021q: adding VLAN 0 to HW filter on device bond0
[  624.007232][T15593] 8021q: adding VLAN 0 to HW filter on device team0
[  624.011562][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.013627][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  624.025213][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.027916][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  624.117423][T15593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  624.144581][T15593] veth0_vlan: entered promiscuous mode
[  624.149660][T15593] veth1_vlan: entered promiscuous mode
[  624.162157][T15593] veth0_macvtap: entered promiscuous mode
[  624.166060][T15593] veth1_macvtap: entered promiscuous mode
[  624.175325][T15593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  624.178174][T15593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.180788][T15593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  624.183660][T15593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.186325][T15593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  624.189152][T15593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.192897][T15593] batman_adv: batadv0: Interface activated: batadv_slave_0
[  624.201748][T15593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.204601][T15593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.207255][T15593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.210097][T15593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.212800][T15593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.216475][T15593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.220005][T15593] batman_adv: batadv0: Interface activated: batadv_slave_1
[  624.224715][T15593] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  624.227144][T15593] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  624.229524][T15593] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  624.232220][T15593] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  624.270080][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  624.272251][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  624.287396][ T1185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  624.290184][ T1185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  624.344255][T15699] 9pnet_fd: Insufficient options for proto=fd
[  624.640691][T15705] netlink: 'syz.2.2335': attribute type 10 has an invalid length.
[  624.697335][T15706] netlink: 'syz.2.2335': attribute type 10 has an invalid length.
[  624.963271][T15705] bond0: (slave netdevsim0): Releasing backup interface
[  624.966265][T15705] team0: Port device netdevsim0 added
[  624.970465][T15706] team0: Port device netdevsim0 removed
[  624.973565][T15706] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  625.250302][ T5966] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  625.257560][ T5966] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  625.260712][ T5966] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  625.266946][ T5966] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  625.274791][ T5966] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  625.277640][ T5966] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  625.287240][T15714] Bluetooth: hci2: command tx timeout
[  625.348908][T15712] lo speed is unknown, defaulting to 1000
[  625.387246][T15712] lo speed is unknown, defaulting to 1000
[  625.456431][T15712] chnl_net:caif_netlink_parms(): no params data found
[  625.491563][ T1134] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.612376][ T1134] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.620044][T15723] netlink: 'syz.2.2337': attribute type 10 has an invalid length.
[  625.661768][T15712] bridge0: port 1(bridge_slave_0) entered blocking state
[  625.669154][T15712] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.671920][T15712] bridge_slave_0: entered allmulticast mode
[  625.675566][T15712] bridge_slave_0: entered promiscuous mode
[  625.695998][ T1134] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.708033][T15712] bridge0: port 2(bridge_slave_1) entered blocking state
[  625.710211][T15712] bridge0: port 2(bridge_slave_1) entered disabled state
[  625.712457][T15712] bridge_slave_1: entered allmulticast mode
[  625.717139][T15712] bridge_slave_1: entered promiscuous mode
[  625.749232][T15712] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  625.758254][T15712] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  625.783903][T15712] team0: Port device team_slave_0 added
[  625.788652][T15712] team0: Port device team_slave_1 added
[  625.830558][T15712] batman_adv: batadv0: Adding interface: batadv_slave_0
[  625.832528][T15712] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  625.846663][T15712] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  625.861733][ T1134] bond0: (slave netdevsim0): Releasing backup interface
[  625.868569][ T1134] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.875250][T15712] batman_adv: batadv0: Adding interface: batadv_slave_1
[  625.877751][T15712] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  625.885718][T15712] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  625.915334][T15712] hsr_slave_0: entered promiscuous mode
[  625.917364][T15712] hsr_slave_1: entered promiscuous mode
[  626.176208][ T1134] bridge_slave_1: left promiscuous mode
[  626.185229][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  626.226355][ T1134] bridge_slave_0: left allmulticast mode
[  626.228521][ T1134] bridge_slave_0: left promiscuous mode
[  626.230259][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  626.667599][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  626.671615][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  626.675753][ T1134] bond0 (unregistering): Released all slaves
[  627.050969][ T1134] hsr_slave_0: left promiscuous mode
[  627.052812][ T1134] hsr_slave_1: left promiscuous mode
[  627.058320][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  627.060452][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  627.062799][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  627.064938][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  627.081582][ T1134] veth1_macvtap: left promiscuous mode
[  627.087931][ T1134] veth0_macvtap: left promiscuous mode
[  627.089617][ T1134] veth1_vlan: left promiscuous mode
[  627.091420][ T1134] veth0_vlan: left promiscuous mode
[  627.357094][   T67] Bluetooth: hci3: command tx timeout
[  627.357099][ T5966] Bluetooth: hci2: command tx timeout
[  627.881544][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  628.011574][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  628.625920][   T13] smc: removing ib device s
z1
[  628.649361][ T6252] lo speed is unknown, defaulting to 1000
[  628.656270][ T6252] infiniband syz2: ib_query_port failed (-19)
[  628.715741][T15712] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  628.752395][T15712] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  628.903110][T15712] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  628.919912][T15712] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  629.002149][T15712] 8021q: adding VLAN 0 to HW filter on device bond0
[  629.029719][T15712] 8021q: adding VLAN 0 to HW filter on device team0
[  629.040614][T15665] bridge0: port 1(bridge_slave_0) entered blocking state
[  629.042684][T15665] bridge0: port 1(bridge_slave_0) entered forwarding state
[  629.071388][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  629.073398][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  629.301807][T15712] 8021q: adding VLAN 0 to HW filter on device batadv0
[  629.349444][T15793] 9pnet_virtio: no channels available for device syz
[  629.360803][T15712] veth0_vlan: entered promiscuous mode
[  629.366126][T15712] veth1_vlan: entered promiscuous mode
[  629.384908][T15712] veth0_macvtap: entered promiscuous mode
[  629.389358][T15712] veth1_macvtap: entered promiscuous mode
[  629.398469][T15712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  629.401529][T15712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.404798][T15712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  629.407964][T15712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.410815][T15712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  629.414149][T15712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.418334][T15712] batman_adv: batadv0: Interface activated: batadv_slave_0
[  629.425460][T15712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.428668][T15712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.431537][T15712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.436470][T15712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.439481][T15712] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.442554][T15712] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.446717][T15712] batman_adv: batadv0: Interface activated: batadv_slave_1
[  629.454818][T15712] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  629.457583][T15712] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  629.460370][T15712] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  629.463685][T15712] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  629.513053][ T5966] Bluetooth: hci3: command tx timeout
[  629.754641][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  629.760046][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  629.764452][T15786] netfs: Couldn't get user pages (rc=-14)
[  629.791902][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  629.800091][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  630.016170][T15802] 9pnet_virtio: no channels available for device syz
[  631.593105][ T5966] Bluetooth: hci3: command tx timeout
[  632.520997][T15825] netlink: 'syz.4.2355': attribute type 2 has an invalid length.
[  632.523747][T15825] netlink: 'syz.4.2355': attribute type 1 has an invalid length.
[  632.526265][T15825] netlink: 'syz.4.2355': attribute type 1 has an invalid length.
[  632.897868][T15832] 9pnet_virtio: no channels available for device syz
[  633.643262][T15838] netlink: 'syz.4.2358': attribute type 10 has an invalid length.
[  633.647189][T15838] bond0: (slave netdevsim0): Releasing backup interface
[  633.652497][T15838] team0: Port device netdevsim0 added
[  633.661078][T15838] netlink: 'syz.4.2358': attribute type 10 has an invalid length.
[  633.667998][T15838] team0: Port device netdevsim0 removed
[  633.673181][T15838] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  633.683715][ T5966] Bluetooth: hci3: command tx timeout
[  634.075608][T15843] netlink: 'syz.2.2359': attribute type 2 has an invalid length.
[  634.078480][T15843] netlink: 'syz.2.2359': attribute type 1 has an invalid length.
[  634.081270][T15843] netlink: 'syz.2.2359': attribute type 1 has an invalid length.
[  636.339872][T15877] netfs: Couldn't get user pages (rc=-14)
[  636.771913][T15879] netlink: 'syz.3.2367': attribute type 10 has an invalid length.
[  636.787221][T15879] team0: Port device netdevsim0 added
[  636.794788][T15879] netlink: 'syz.3.2367': attribute type 10 has an invalid length.
[  636.809278][T15879] team0: Port device netdevsim0 removed
[  636.813558][T15879] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  637.373585][T15893] 9pnet_virtio: no channels available for device syz
[  638.311534][T15902] 9pnet_virtio: no channels available for device syz
[  639.653164][T15920] netlink: 'syz.4.2375': attribute type 10 has an invalid length.
[  639.659525][T15920] bond0: (slave netdevsim0): Releasing backup interface
[  639.664683][T15920] team0: Port device netdevsim0 added
[  639.674271][T15920] netlink: 'syz.4.2375': attribute type 10 has an invalid length.
[  639.680318][T15920] team0: Port device netdevsim0 removed
[  639.685423][T15920] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  640.607669][T15929] 9pnet_fd: Insufficient options for proto=fd
[  641.588868][T15950] netlink: 'syz.2.2383': attribute type 2 has an invalid length.
[  641.591201][T15950] netlink: 'syz.2.2383': attribute type 1 has an invalid length.
[  641.593873][T15950] netlink: 'syz.2.2383': attribute type 1 has an invalid length.
[  641.864783][T15954] 9pnet_fd: Insufficient options for proto=fd
[  642.645389][T15961] netfs: Couldn't get user pages (rc=-14)
[  642.698696][T15969] 9pnet_virtio: no channels available for device syz
[  643.527861][T15980] netlink: 'syz.1.2387': attribute type 10 has an invalid length.
[  643.550895][T15980] team0: Port device netdevsim0 added
[  643.555521][T15980] netlink: 'syz.1.2387': attribute type 10 has an invalid length.
[  643.564817][T15980] team0: Port device netdevsim0 removed
[  643.570883][T15980] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  643.952293][T15985] FAULT_INJECTION: forcing a failure.
[  643.952293][T15985] name failslab, interval 1, probability 0, space 0, times 0
[  643.956701][T15985] CPU: 1 UID: 0 PID: 15985 Comm: syz.3.2389 Not tainted 6.14.0-rc7-syzkaller #0
[  643.956720][T15985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  643.956729][T15985] Call Trace:
[  643.956734][T15985]  <TASK>
[  643.956741][T15985]  dump_stack_lvl+0x16c/0x1f0
[  643.956783][T15985]  should_fail_ex+0x50a/0x650
[  643.956809][T15985]  should_failslab+0xc2/0x120
[  643.956825][T15985]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  643.956847][T15985]  ? trace_lock_acquire+0x14e/0x1f0
[  643.956860][T15985]  ? skb_clone+0x190/0x3f0
[  643.956872][T15985]  skb_clone+0x190/0x3f0
[  643.956882][T15985]  dev_queue_xmit_nit+0x38f/0xbc0
[  643.956900][T15985]  ? netif_skb_features+0x3b0/0xd50
[  643.956915][T15985]  dev_hard_start_xmit+0x283/0x7b0
[  643.956931][T15985]  __dev_queue_xmit+0x7f0/0x43e0
[  643.956946][T15985]  ? hlock_class+0x4e/0x130
[  643.956956][T15985]  ? __lock_acquire+0x15a9/0x3c40
[  643.956974][T15985]  ? __pfx___dev_queue_xmit+0x10/0x10
[  643.956988][T15985]  ? hlock_class+0x4e/0x130
[  643.956999][T15985]  ? __pfx___lock_acquire+0x10/0x10
[  643.957018][T15985]  ? find_held_lock+0x2d/0x110
[  643.957031][T15985]  ? ip6_finish_output2+0xb20/0x20a0
[  643.957046][T15985]  ? __pfx_lock_release+0x10/0x10
[  643.957061][T15985]  ? trace_lock_acquire+0x14e/0x1f0
[  643.957073][T15985]  ? ip6_finish_output2+0xb20/0x20a0
[  643.957091][T15985]  neigh_connected_output+0x3da/0x620
[  643.957112][T15985]  ip6_finish_output2+0xb20/0x20a0
[  643.957132][T15985]  ip6_finish_output+0x3f9/0x1360
[  643.957149][T15985]  ip6_output+0x1f8/0x540
[  643.957169][T15985]  ? __pfx_ip6_output+0x10/0x10
[  643.957191][T15985]  ip6_local_out+0xcd/0x4a0
[  643.957210][T15985]  ip6_send_skb+0x112/0x460
[  643.957226][T15985]  udp_v6_send_skb+0x900/0x1840
[  643.957242][T15985]  udpv6_sendmsg+0x259f/0x3080
[  643.957252][T15985]  ? __pfx_mark_lock+0x10/0x10
[  643.957266][T15985]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  643.957287][T15985]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  643.957298][T15985]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  643.957329][T15985]  ? __pfx_aa_sk_perm+0x10/0x10
[  643.957340][T15985]  ? trace_lock_acquire+0x14e/0x1f0
[  643.957353][T15985]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  643.957365][T15985]  ? inet6_sendmsg+0x105/0x140
[  643.957376][T15985]  inet6_sendmsg+0x105/0x140
[  643.957389][T15985]  ____sys_sendmsg+0x68c/0xc90
[  643.957403][T15985]  ? __pfx_____sys_sendmsg+0x10/0x10
[  643.957415][T15985]  ? get_compat_msghdr+0x11b/0x170
[  643.957431][T15985]  ? ___sys_sendmsg+0x142/0x1e0
[  643.957454][T15985]  ___sys_sendmsg+0x135/0x1e0
[  643.957471][T15985]  ? __pfx____sys_sendmsg+0x10/0x10
[  643.957493][T15985]  ? trace_lock_acquire+0x14e/0x1f0
[  643.957517][T15985]  ? __pfx___might_resched+0x10/0x10
[  643.957546][T15985]  __sys_sendmmsg+0x2fa/0x420
[  643.957572][T15985]  ? __pfx___sys_sendmmsg+0x10/0x10
[  643.957606][T15985]  ? fput+0x67/0x440
[  643.957621][T15985]  ? ksys_write+0x1ba/0x250
[  643.957647][T15985]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  643.957667][T15985]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  643.957690][T15985]  __do_fast_syscall_32+0x73/0x120
[  643.957713][T15985]  do_fast_syscall_32+0x32/0x80
[  643.957734][T15985]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  643.957759][T15985] RIP: 0023:0xf7f14579
[  643.957771][T15985] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  643.957788][T15985] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  643.957803][T15985] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080003cc0
[  643.957814][T15985] RDX: 0000000000000172 RSI: 0000000000000000 RDI: 0000000000000000
[  643.957823][T15985] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  643.957832][T15985] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  643.957841][T15985] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  643.957864][T15985]  </TASK>
[  643.965865][T15987] 9pnet: Unknown protocol version 9
[  644.706850][T16001] FAULT_INJECTION: forcing a failure.
[  644.706850][T16001] name failslab, interval 1, probability 0, space 0, times 0
[  644.710558][T16001] CPU: 1 UID: 0 PID: 16001 Comm: syz.1.2391 Not tainted 6.14.0-rc7-syzkaller #0
[  644.710581][T16001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  644.710588][T16001] Call Trace:
[  644.710592][T16001]  <TASK>
[  644.710596][T16001]  dump_stack_lvl+0x16c/0x1f0
[  644.710615][T16001]  should_fail_ex+0x50a/0x650
[  644.710626][T16001]  ? fs_reclaim_acquire+0xae/0x150
[  644.710640][T16001]  ? lsm_blob_alloc+0x68/0x90
[  644.710656][T16001]  should_failslab+0xc2/0x120
[  644.710667][T16001]  __kmalloc_noprof+0xcb/0x510
[  644.710683][T16001]  ? __pfx_perf_event_init_task+0x10/0x10
[  644.710699][T16001]  ? audit_alloc+0xa3/0x7b0
[  644.710712][T16001]  lsm_blob_alloc+0x68/0x90
[  644.710728][T16001]  security_task_alloc+0x2d/0x260
[  644.710744][T16001]  copy_process+0x24cc/0x8c50
[  644.710754][T16001]  ? arch_stack_walk+0xa7/0x100
[  644.710773][T16001]  ? __pfx_copy_process+0x10/0x10
[  644.710783][T16001]  ? create_io_worker+0x49/0x5d0
[  644.710799][T16001]  ? kasan_save_stack+0x42/0x60
[  644.710814][T16001]  ? kasan_save_stack+0x33/0x60
[  644.710828][T16001]  ? kasan_save_track+0x14/0x30
[  644.710843][T16001]  ? __kasan_kmalloc+0xaa/0xb0
[  644.710857][T16001]  ? create_io_worker+0xcc/0x5d0
[  644.710871][T16001]  ? io_wq_enqueue+0x664/0xb30
[  644.710886][T16001]  ? io_queue_iowq+0x28b/0x5c0
[  644.710902][T16001]  ? io_queue_async+0x1e7/0x420
[  644.710917][T16001]  ? io_submit_sqes+0x17bf/0x2670
[  644.710927][T16001]  ? __do_sys_io_uring_enter+0xd60/0x1670
[  644.710938][T16001]  ? __do_fast_syscall_32+0x73/0x120
[  644.710953][T16001]  ? do_fast_syscall_32+0x32/0x80
[  644.710967][T16001]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  644.710989][T16001]  ? __pfx_io_wq_worker+0x10/0x10
[  644.711005][T16001]  ? create_io_worker+0x49/0x5d0
[  644.711020][T16001]  create_io_thread+0xbf/0x100
[  644.711030][T16001]  ? __pfx_create_io_thread+0x10/0x10
[  644.711044][T16001]  ? __pfx_io_wq_worker+0x10/0x10
[  644.711061][T16001]  ? lockdep_init_map_type+0x16d/0x7d0
[  644.711079][T16001]  ? __init_swait_queue_head+0xca/0x150
[  644.711092][T16001]  create_io_worker+0x1c2/0x5d0
[  644.711109][T16001]  io_wq_enqueue+0x664/0xb30
[  644.711127][T16001]  ? __pfx_io_wq_enqueue+0x10/0x10
[  644.711142][T16001]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  644.711158][T16001]  ? io_prep_async_work+0x654/0x770
[  644.711176][T16001]  io_queue_iowq+0x28b/0x5c0
[  644.711193][T16001]  io_queue_async+0x1e7/0x420
[  644.711210][T16001]  io_submit_sqes+0x17bf/0x2670
[  644.711227][T16001]  __do_sys_io_uring_enter+0xd60/0x1670
[  644.711240][T16001]  ? __pfx___schedule+0x10/0x10
[  644.711252][T16001]  ? __fget_files+0x206/0x3a0
[  644.711267][T16001]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  644.711280][T16001]  ? fput+0x67/0x440
[  644.711291][T16001]  ? ksys_write+0x1ba/0x250
[  644.711310][T16001]  __do_fast_syscall_32+0x73/0x120
[  644.711325][T16001]  do_fast_syscall_32+0x32/0x80
[  644.711340][T16001]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  644.711357][T16001] RIP: 0023:0xf7f1f579
[  644.711366][T16001] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  644.711376][T16001] RSP: 002b:00000000f500455c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  644.711386][T16001] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000003516
[  644.711393][T16001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  644.711399][T16001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  644.711404][T16001] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  644.711410][T16001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  644.711422][T16001]  </TASK>
[  644.820248][T16000] netlink: 'syz.3.2392': attribute type 2 has an invalid length.
[  644.822654][T16000] netlink: 'syz.3.2392': attribute type 1 has an invalid length.
[  644.827045][T16000] netlink: 'syz.3.2392': attribute type 1 has an invalid length.
[  645.819248][T16013] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2395'.
[  645.825518][T16013] netlink: 'syz.3.2395': attribute type 10 has an invalid length.
[  645.831943][T16013] bond0: (slave netdevsim0): Releasing backup interface
[  645.838770][T16013] team0: Port device netdevsim0 added
[  645.848482][T16013] netlink: 'syz.3.2395': attribute type 10 has an invalid length.
[  645.863035][T16013] team0: Port device netdevsim0 removed
[  645.869395][T16013] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  646.863057][T16031] netlink: 'syz.3.2399': attribute type 10 has an invalid length.
[  646.974051][T16032] netlink: 'syz.3.2399': attribute type 10 has an invalid length.
[  647.116731][T16031] bond0: (slave netdevsim0): Releasing backup interface
[  647.122313][T16031] team0: Port device netdevsim0 added
[  647.134783][T16032] team0: Port device netdevsim0 removed
[  647.140900][T16032] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  647.581428][T16044] 9pnet: Unknown protocol version 9
[  648.127643][T16050] netfs: Couldn't get user pages (rc=-14)
[  648.907491][T16060] netlink: 'syz.3.2404': attribute type 10 has an invalid length.
[  648.916350][T16060] bond0: (slave netdevsim0): Releasing backup interface
[  648.922411][T16060] team0: Port device netdevsim0 added
[  648.931714][T16060] netlink: 'syz.3.2404': attribute type 10 has an invalid length.
[  648.938978][T16060] team0: Port device netdevsim0 removed
[  648.944242][T16060] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  649.873078][T16073] 9pnet_virtio: no channels available for device syz
[  653.455608][T16105] orangefs_mount: mount request failed with -4
[  653.456171][T16097] dvmrp0: entered allmulticast mode
[  653.816662][T16117] 9pnet_fd: Insufficient options for proto=fd
[  653.926704][T16116] netfs: Couldn't get user pages (rc=-14)
[  654.641223][T16122] FAULT_INJECTION: forcing a failure.
[  654.641223][T16122] name failslab, interval 1, probability 0, space 0, times 0
[  654.644934][T16122] CPU: 3 UID: 0 PID: 16122 Comm: syz.1.2419 Not tainted 6.14.0-rc7-syzkaller #0
[  654.644957][T16122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  654.644964][T16122] Call Trace:
[  654.644968][T16122]  <TASK>
[  654.644972][T16122]  dump_stack_lvl+0x16c/0x1f0
[  654.644991][T16122]  should_fail_ex+0x50a/0x650
[  654.645002][T16122]  ? fs_reclaim_acquire+0xae/0x150
[  654.645016][T16122]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  654.645036][T16122]  should_failslab+0xc2/0x120
[  654.645046][T16122]  __kmalloc_noprof+0xcb/0x510
[  654.645061][T16122]  ? __pfx___mutex_trylock_common+0x10/0x10
[  654.645078][T16122]  ? genl_rcv_msg+0x580/0x800
[  654.645090][T16122]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  654.645111][T16122]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  654.645122][T16122]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  654.645140][T16122]  ? trace_cap_capable+0x1a2/0x210
[  654.645155][T16122]  ? bpf_lsm_capable+0x9/0x10
[  654.645167][T16122]  ? security_capable+0x7e/0x260
[  654.645178][T16122]  ? ns_capable+0xd7/0x110
[  654.645194][T16122]  genl_rcv_msg+0x565/0x800
[  654.645206][T16122]  ? __pfx_genl_rcv_msg+0x10/0x10
[  654.645216][T16122]  ? __pfx_wg_set_device+0x10/0x10
[  654.645233][T16122]  netlink_rcv_skb+0x16b/0x440
[  654.645248][T16122]  ? __pfx_genl_rcv_msg+0x10/0x10
[  654.645259][T16122]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  654.645280][T16122]  ? down_read+0xc9/0x330
[  654.645295][T16122]  ? __pfx_down_read+0x10/0x10
[  654.645311][T16122]  ? netlink_deliver_tap+0x1ae/0xd30
[  654.645328][T16122]  genl_rcv+0x28/0x40
[  654.645343][T16122]  netlink_unicast+0x53c/0x7f0
[  654.645360][T16122]  ? __pfx_netlink_unicast+0x10/0x10
[  654.645375][T16122]  ? __phys_addr_symbol+0x30/0x80
[  654.645390][T16122]  ? __check_object_size+0x488/0x710
[  654.645402][T16122]  netlink_sendmsg+0x8b8/0xd70
[  654.645420][T16122]  ? __pfx_netlink_sendmsg+0x10/0x10
[  654.645440][T16122]  ____sys_sendmsg+0xaaf/0xc90
[  654.645454][T16122]  ? __pfx_____sys_sendmsg+0x10/0x10
[  654.645466][T16122]  ? get_compat_msghdr+0x11b/0x170
[  654.645485][T16122]  ___sys_sendmsg+0x135/0x1e0
[  654.645502][T16122]  ? __pfx____sys_sendmsg+0x10/0x10
[  654.645524][T16122]  ? __pfx_lock_release+0x10/0x10
[  654.645538][T16122]  ? trace_lock_acquire+0x14e/0x1f0
[  654.645555][T16122]  ? __fget_files+0x206/0x3a0
[  654.645574][T16122]  __sys_sendmsg+0x16e/0x220
[  654.645590][T16122]  ? __pfx___sys_sendmsg+0x10/0x10
[  654.645614][T16122]  __do_fast_syscall_32+0x73/0x120
[  654.645631][T16122]  do_fast_syscall_32+0x32/0x80
[  654.645645][T16122]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  654.645663][T16122] RIP: 0023:0xf7f1f579
[  654.645672][T16122] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  654.645682][T16122] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  654.645693][T16122] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000b80
[  654.645699][T16122] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  654.645705][T16122] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  654.645711][T16122] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  654.645717][T16122] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  654.645729][T16122]  </TASK>
[  654.824541][T16125] tipc: Started in network mode
[  654.826373][T16125] tipc: Node identity 0e797f8b9ad3, cluster identity 4711
[  654.828304][T16125] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  654.834992][T16124] tipc: Resetting bearer <eth:syzkaller0>
[  656.169816][   T64] tipc: Node number set to 2494201739
[  656.509359][T16124] tipc: Disabling bearer <eth:syzkaller0>
[  656.704528][T16143] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  656.709874][T16143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2425'.
[  656.712679][T16143] batadv1: left allmulticast mode
[  656.716902][T16143] batadv1: left promiscuous mode
[  656.719515][T16143] bridge0: port 3(batadv1) entered disabled state
[  656.725547][T16143] bridge_slave_1: left allmulticast mode
[  656.730374][T16143] bridge_slave_1: left promiscuous mode
[  656.736217][T16143] bridge0: port 2(bridge_slave_1) entered disabled state
[  656.740496][T16143] bridge_slave_0: left allmulticast mode
[  656.742168][T16143] bridge_slave_0: left promiscuous mode
[  656.744252][T16143] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.040480][T16152] FAULT_INJECTION: forcing a failure.
[  657.040480][T16152] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.050220][T16152] CPU: 3 UID: 0 PID: 16152 Comm: syz.4.2428 Not tainted 6.14.0-rc7-syzkaller #0
[  657.050243][T16152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  657.050250][T16152] Call Trace:
[  657.050254][T16152]  <TASK>
[  657.050258][T16152]  dump_stack_lvl+0x16c/0x1f0
[  657.050278][T16152]  should_fail_ex+0x50a/0x650
[  657.050314][T16152]  _copy_from_user+0x2e/0xd0
[  657.050330][T16152]  cmsghdr_from_user_compat_to_kern+0x377/0x800
[  657.050350][T16152]  ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10
[  657.050365][T16152]  ? __import_iovec+0x1f2/0x6a0
[  657.050380][T16152]  ____sys_sendmsg+0x45c/0xc90
[  657.050394][T16152]  ? __pfx_____sys_sendmsg+0x10/0x10
[  657.050406][T16152]  ? get_compat_msghdr+0x11b/0x170
[  657.050424][T16152]  ___sys_sendmsg+0x135/0x1e0
[  657.050441][T16152]  ? __pfx____sys_sendmsg+0x10/0x10
[  657.050463][T16152]  ? trace_lock_acquire+0x14e/0x1f0
[  657.050484][T16152]  __sys_sendmmsg+0x2fa/0x420
[  657.050502][T16152]  ? __pfx___sys_sendmmsg+0x10/0x10
[  657.050523][T16152]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  657.050542][T16152]  ? fput+0x67/0x440
[  657.050554][T16152]  ? ksys_write+0x1ba/0x250
[  657.050567][T16152]  ? __pfx_ksys_write+0x10/0x10
[  657.050584][T16152]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  657.050598][T16152]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  657.050613][T16152]  __do_fast_syscall_32+0x73/0x120
[  657.050629][T16152]  do_fast_syscall_32+0x32/0x80
[  657.050644][T16152]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  657.050661][T16152] RIP: 0023:0xf7f37579
[  657.050669][T16152] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  657.050680][T16152] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  657.050691][T16152] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001280
[  657.050702][T16152] RDX: 0000000000000001 RSI: 0000000000004000 RDI: 0000000000000000
[  657.050711][T16152] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  657.050720][T16152] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  657.050730][T16152] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  657.050742][T16152]  </TASK>
[  657.413210][T16167] 9pnet: Unknown protocol version 9p200
[  659.818101][   T67] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  659.821969][   T67] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  659.824980][   T67] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  659.827387][   T67] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  659.830058][   T67] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  659.833931][   T67] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  660.006650][T16206] 9pnet_fd: Insufficient options for proto=fd
[  660.129485][T16200] chnl_net:caif_netlink_parms(): no params data found
[  660.321575][ T1134] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.345796][T16200] bridge0: port 1(bridge_slave_0) entered blocking state
[  660.347971][T16200] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.350229][T16200] bridge_slave_0: entered allmulticast mode
[  660.352569][T16200] bridge_slave_0: entered promiscuous mode
[  660.355501][T16200] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.357624][T16200] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.359895][T16200] bridge_slave_1: entered allmulticast mode
[  660.361992][T16200] bridge_slave_1: entered promiscuous mode
[  660.426587][T16200] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  660.430450][T16200] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  660.436878][T16213] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2440'.
[  660.444547][T16213] netlink: 173 bytes leftover after parsing attributes in process `syz.2.2440'.
[  660.464210][ T1134] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.510025][T16200] team0: Port device team_slave_0 added
[  660.513398][T16200] team0: Port device team_slave_1 added
[  660.533019][T16200] batman_adv: batadv0: Adding interface: batadv_slave_0
[  660.534987][T16200] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  660.542154][T16200] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  660.546793][T16200] batman_adv: batadv0: Adding interface: batadv_slave_1
[  660.548764][T16200] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  660.556288][T16200] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  660.627708][ T1134] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.810748][T16200] hsr_slave_0: entered promiscuous mode
[  660.812714][T16200] hsr_slave_1: entered promiscuous mode
[  660.815024][T16200] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  660.817854][T16200] Cannot create hsr debugfs directory
[  660.885489][ T1134] bond0: (slave netdevsim0): Releasing backup interface
[  660.889171][ T1134] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.957417][T16223] netlink: 'syz.3.2443': attribute type 10 has an invalid length.
[  660.968960][T16223] bond0: (slave netdevsim0): Releasing backup interface
[  660.975501][T16223] team0: Port device netdevsim0 added
[  660.987667][T16223] netlink: 'syz.3.2443': attribute type 10 has an invalid length.
[  660.999712][T16223] team0: Port device netdevsim0 removed
[  661.006469][T16223] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  661.453299][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  661.457579][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  661.460789][ T1134] bond0 (unregistering): Released all slaves
[  661.913225][   T67] Bluetooth: hci4: command tx timeout
[  661.999634][ T1134] tipc: Left network mode
[  662.510705][ T1134] hsr_slave_0: left promiscuous mode
[  662.518407][ T1134] hsr_slave_1: left promiscuous mode
[  662.520744][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  662.524941][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  662.528287][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  662.531040][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  662.562738][ T1134] veth1_macvtap: left promiscuous mode
[  662.565334][ T1134] veth0_macvtap: left promiscuous mode
[  662.566938][ T1134] veth1_vlan: left promiscuous mode
[  662.568422][ T1134] veth0_vlan: left promiscuous mode
[  663.729183][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  663.812805][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  664.000133][   T67] Bluetooth: hci4: command tx timeout
[  664.506850][T16200] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  664.524282][T16200] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  664.544317][T16200] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  664.548533][T16200] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  664.597161][   T40] audit: type=1326 audit(1742253273.798:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16295 comm="syz.1.2451" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f1f579 code=0x0
[  664.607573][T16200] 8021q: adding VLAN 0 to HW filter on device bond0
[  664.624666][T16200] 8021q: adding VLAN 0 to HW filter on device team0
[  664.631047][ T1185] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.633068][ T1185] bridge0: port 1(bridge_slave_0) entered forwarding state
[  664.637555][ T1185] bridge0: port 2(bridge_slave_1) entered blocking state
[  664.639511][ T1185] bridge0: port 2(bridge_slave_1) entered forwarding state
[  664.689045][T16200] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  664.693263][T16200] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  664.829923][T16200] 8021q: adding VLAN 0 to HW filter on device batadv0
[  664.934709][T16200] veth0_vlan: entered promiscuous mode
[  664.940012][T16200] veth1_vlan: entered promiscuous mode
[  664.960576][T16200] veth0_macvtap: entered promiscuous mode
[  664.970551][T16200] veth1_macvtap: entered promiscuous mode
[  664.981123][T16200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.984276][T16200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.987126][T16200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.990111][T16200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  664.994044][T16200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  664.997897][T16200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.003539][T16200] batman_adv: batadv0: Interface activated: batadv_slave_0
[  665.012709][T16200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.018370][T16200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.021950][T16200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.025712][T16200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.028617][T16200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  665.032427][T16200] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  665.037541][T16200] batman_adv: batadv0: Interface activated: batadv_slave_1
[  665.071061][T16200] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  665.073894][T16200] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  665.076390][T16200] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  665.079374][T16200] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  665.148885][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  665.151082][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.165031][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  665.167836][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  665.888433][T16333] 9pnet: Unknown protocol version 9p200
[  666.000117][T16334] netlink: 'syz.3.2454': attribute type 10 has an invalid length.
[  666.056375][T16335] netlink: 'syz.3.2454': attribute type 10 has an invalid length.
[  666.073161][   T67] Bluetooth: hci4: command tx timeout
[  666.231789][T16334] bond0: (slave netdevsim0): Releasing backup interface
[  666.240179][T16334] team0: Port device netdevsim0 added
[  666.313970][T16335] team0: Port device netdevsim0 removed
[  666.316649][T16335] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  667.176183][T16357] FAULT_INJECTION: forcing a failure.
[  667.176183][T16357] name failslab, interval 1, probability 0, space 0, times 0
[  667.181292][T16357] CPU: 3 UID: 0 PID: 16357 Comm: syz.1.2462 Not tainted 6.14.0-rc7-syzkaller #0
[  667.181307][T16357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  667.181314][T16357] Call Trace:
[  667.181318][T16357]  <TASK>
[  667.181322][T16357]  dump_stack_lvl+0x16c/0x1f0
[  667.181343][T16357]  should_fail_ex+0x50a/0x650
[  667.181354][T16357]  ? fs_reclaim_acquire+0xae/0x150
[  667.181369][T16357]  should_failslab+0xc2/0x120
[  667.181380][T16357]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  667.181396][T16357]  ? __kernfs_new_node+0xd3/0x890
[  667.181413][T16357]  __kernfs_new_node+0xd3/0x890
[  667.181428][T16357]  ? hlock_class+0x4e/0x130
[  667.181440][T16357]  ? __pfx___kernfs_new_node+0x10/0x10
[  667.181459][T16357]  ? __pfx___lock_acquire+0x10/0x10
[  667.181473][T16357]  ? kernfs_add_one+0x182/0x520
[  667.181491][T16357]  kernfs_new_node+0x186/0x240
[  667.181507][T16357]  ? lock_acquire.part.0+0x11b/0x380
[  667.181523][T16357]  kernfs_create_dir_ns+0x4c/0x150
[  667.181541][T16357]  sysfs_create_dir_ns+0x13b/0x2b0
[  667.181555][T16357]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  667.181569][T16357]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  667.181579][T16357]  ? kobject_add_internal+0x12d/0x990
[  667.181596][T16357]  ? class_dir_child_ns_type+0xd/0x60
[  667.181613][T16357]  kobject_add_internal+0x2c8/0x990
[  667.181631][T16357]  kobject_add+0x16f/0x240
[  667.181647][T16357]  ? __pfx_kobject_add+0x10/0x10
[  667.181665][T16357]  ? kobject_put+0xab/0x5a0
[  667.181685][T16357]  ? device_add+0xc02/0x1a70
[  667.181708][T16357]  device_add+0x289/0x1a70
[  667.181729][T16357]  ? __pfx_dev_set_name+0x10/0x10
[  667.181753][T16357]  ? __pfx_device_add+0x10/0x10
[  667.181777][T16357]  ? __init_waitqueue_head+0xca/0x150
[  667.181799][T16357]  wakeup_source_device_create+0x214/0x2a0
[  667.181817][T16357]  wakeup_source_sysfs_add+0x1c/0x90
[  667.181831][T16357]  wakeup_source_register+0xaa/0x140
[  667.181843][T16357]  ep_create_wakeup_source+0x1df/0x2e0
[  667.181857][T16357]  ? __pfx_ep_create_wakeup_source+0x10/0x10
[  667.181869][T16357]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  667.181887][T16357]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  667.181898][T16357]  ? lock_acquire+0x2f/0xb0
[  667.181911][T16357]  ? do_epoll_ctl+0x2290/0x35d0
[  667.181926][T16357]  do_epoll_ctl+0x1dab/0x35d0
[  667.181946][T16357]  ? __pfx_do_epoll_ctl+0x10/0x10
[  667.181962][T16357]  ? __might_fault+0xe3/0x190
[  667.181977][T16357]  ? __ia32_sys_epoll_ctl+0x15c/0x1e0
[  667.181990][T16357]  __ia32_sys_epoll_ctl+0x15c/0x1e0
[  667.182005][T16357]  ? __pfx___ia32_sys_epoll_ctl+0x10/0x10
[  667.182023][T16357]  __do_fast_syscall_32+0x73/0x120
[  667.182038][T16357]  do_fast_syscall_32+0x32/0x80
[  667.182053][T16357]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  667.182071][T16357] RIP: 0023:0xf7f1f579
[  667.182079][T16357] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  667.182090][T16357] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 00000000000000ff
[  667.182101][T16357] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[  667.182108][T16357] RDX: 0000000000000003 RSI: 0000000080000000 RDI: 0000000000000000
[  667.182114][T16357] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  667.182119][T16357] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  667.182125][T16357] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  667.182137][T16357]  </TASK>
[  667.182149][T16357] kobject: kobject_add_internal failed for wakeup21 (error: -12 parent: wakeup)
[  667.549879][T16365] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  667.560782][T16365] netlink: 'syz.2.2464': attribute type 1 has an invalid length.
[  667.566727][T16365] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2464'.
[  668.054774][T16378] netlink: 'syz.1.2467': attribute type 10 has an invalid length.
[  668.061483][T16378] bond0: (slave netdevsim0): Releasing backup interface
[  668.071196][T16378] team0: Port device netdevsim0 added
[  668.082335][T16378] netlink: 'syz.1.2467': attribute type 10 has an invalid length.
[  668.091453][T16378] team0: Port device netdevsim0 removed
[  668.097687][T16378] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  668.156397][   T67] Bluetooth: hci4: command tx timeout
[  669.048208][   T67] Bluetooth: Frame is too long (len 28, expected len 4)
[  671.696835][T16417] netlink: 'syz.2.2476': attribute type 10 has an invalid length.
[  671.706061][T16417] bond0: (slave netdevsim0): Releasing backup interface
[  671.718436][T16417] team0: Port device netdevsim0 added
[  671.751952][T16417] netlink: 'syz.2.2476': attribute type 10 has an invalid length.
[  671.807465][T16417] team0: Port device netdevsim0 removed
[  671.811599][T16417] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  671.967828][T16426] 9pnet: Unknown protocol version 9
[  672.586939][T16431] netlink: 'syz.3.2480': attribute type 10 has an invalid length.
[  673.428034][T16451] netlink: 'syz.3.2484': attribute type 10 has an invalid length.
[  673.480997][T16451] bond0: (slave netdevsim0): Releasing backup interface
[  673.487503][T16452] netlink: 'syz.3.2484': attribute type 10 has an invalid length.
[  673.493935][T16451] team0: Port device netdevsim0 added
[  673.554055][T16452] team0: Port device netdevsim0 removed
[  673.556721][T16452] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  673.726197][T16458] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2485'.
[  676.762387][T16140] kernel write not supported for file [eventfd] (pid: 16140 comm: kworker/1:5)
[  676.803429][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.806168][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.808717][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.811383][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.816561][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.820488][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.830826][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.834805][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  676.837640][T16519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2502'.
[  677.069324][T16529] netlink: 'syz.1.2503': attribute type 10 has an invalid length.
[  677.292761][T16533] netlink: 'syz.4.2504': attribute type 10 has an invalid length.
[  677.309314][T16533] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  678.333987][T16553] 9pnet_fd: Insufficient options for proto=fd
[  678.783776][T16563] __nla_validate_parse: 24 callbacks suppressed
[  678.783788][T16563] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2512'.
[  679.100027][T16572] netlink: 'syz.4.2514': attribute type 10 has an invalid length.
[  679.910067][T16573] netfs: Couldn't get user pages (rc=-14)
[  680.653008][T15796] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  680.804329][T15796] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  680.807334][T15796] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  680.810221][T15796] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  680.813220][T15796] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.817892][T16600] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  680.821483][T15796] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  681.534780][T15796] usb 9-1: USB disconnect, device number 26
[  682.196422][T16629] random: crng reseeded on system resumption
[  682.203774][T16629] FAULT_INJECTION: forcing a failure.
[  682.203774][T16629] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  682.208300][T16629] CPU: 2 UID: 0 PID: 16629 Comm: syz.4.2529 Not tainted 6.14.0-rc7-syzkaller #0
[  682.208316][T16629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  682.208323][T16629] Call Trace:
[  682.208327][T16629]  <TASK>
[  682.208331][T16629]  dump_stack_lvl+0x16c/0x1f0
[  682.208404][T16629]  should_fail_ex+0x50a/0x650
[  682.208431][T16629]  ? __pfx___might_resched+0x10/0x10
[  682.208451][T16629]  should_fail_alloc_page+0xe7/0x130
[  682.208463][T16629]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  682.208480][T16629]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  682.208500][T16629]  ? stack_trace_save+0x95/0xd0
[  682.208513][T16629]  ? __pfx_stack_trace_save+0x10/0x10
[  682.208524][T16629]  ? hlock_class+0x4e/0x130
[  682.208535][T16629]  ? stack_depot_save_flags+0x28/0x9c0
[  682.208553][T16629]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  682.208572][T16629]  ? kasan_save_stack+0x42/0x60
[  682.208587][T16629]  ? kasan_save_stack+0x33/0x60
[  682.208601][T16629]  ? kasan_save_track+0x14/0x30
[  682.208618][T16629]  ? vfs_open+0x82/0x3f0
[  682.208628][T16629]  ? path_openat+0x1e88/0x2d80
[  682.208643][T16629]  ? do_filp_open+0x20c/0x470
[  682.208657][T16629]  ? do_sys_openat2+0x17a/0x1e0
[  682.208668][T16629]  ? __ia32_compat_sys_openat+0x16e/0x210
[  682.208684][T16629]  ? __do_fast_syscall_32+0x73/0x120
[  682.208703][T16629]  ? do_fast_syscall_32+0x32/0x80
[  682.208723][T16629]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  682.208749][T16629]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  682.208774][T16629]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  682.208796][T16629]  ? policy_nodemask+0xea/0x4e0
[  682.208808][T16629]  alloc_pages_mpol+0x1fc/0x540
[  682.208818][T16629]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  682.208832][T16629]  alloc_pages_noprof+0x131/0x390
[  682.208843][T16629]  get_zeroed_page_noprof+0x14/0x50
[  682.208855][T16629]  get_image_page+0x18/0x190
[  682.208867][T16629]  alloc_rtree_node+0x3c/0xb0
[  682.208878][T16629]  memory_bm_create+0x41b/0x810
[  682.208894][T16629]  create_basic_memory_bitmaps+0xc3/0x680
[  682.208909][T16629]  snapshot_open+0x235/0x2b0
[  682.208924][T16629]  ? __pfx_snapshot_open+0x10/0x10
[  682.208938][T16629]  misc_open+0x35a/0x420
[  682.208950][T16629]  ? __pfx_misc_open+0x10/0x10
[  682.208960][T16629]  chrdev_open+0x237/0x6a0
[  682.208976][T16629]  ? __pfx_apparmor_file_open+0x10/0x10
[  682.208990][T16629]  ? __pfx_chrdev_open+0x10/0x10
[  682.209007][T16629]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  682.209024][T16629]  do_dentry_open+0x735/0x1c40
[  682.209039][T16629]  ? __pfx_chrdev_open+0x10/0x10
[  682.209056][T16629]  ? inode_permission+0xdd/0x5f0
[  682.209069][T16629]  vfs_open+0x82/0x3f0
[  682.209079][T16629]  ? may_open+0x1f2/0x400
[  682.209092][T16629]  path_openat+0x1e88/0x2d80
[  682.209112][T16629]  ? __pfx_path_openat+0x10/0x10
[  682.209127][T16629]  ? __pfx___lock_acquire+0x10/0x10
[  682.209141][T16629]  ? lock_acquire.part.0+0x11b/0x380
[  682.209155][T16629]  ? find_held_lock+0x2d/0x110
[  682.209172][T16629]  do_filp_open+0x20c/0x470
[  682.209188][T16629]  ? __pfx_do_filp_open+0x10/0x10
[  682.209204][T16629]  ? find_held_lock+0x2d/0x110
[  682.209236][T16629]  ? alloc_fd+0x41f/0x760
[  682.209265][T16629]  do_sys_openat2+0x17a/0x1e0
[  682.209281][T16629]  ? __pfx_do_sys_openat2+0x10/0x10
[  682.209301][T16629]  ? __fget_files+0x206/0x3a0
[  682.209329][T16629]  __ia32_compat_sys_openat+0x16e/0x210
[  682.209347][T16629]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  682.209365][T16629]  ? ksys_write+0x1ba/0x250
[  682.209396][T16629]  __do_fast_syscall_32+0x73/0x120
[  682.209502][T16629]  do_fast_syscall_32+0x32/0x80
[  682.209538][T16629]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  682.209563][T16629] RIP: 0023:0xf746e579
[  682.209576][T16629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  682.209588][T16629] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  682.209598][T16629] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  682.209606][T16629] RDX: 0000000000002481 RSI: 0000000000000000 RDI: 0000000000000000
[  682.209612][T16629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  682.209618][T16629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  682.209624][T16629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  682.209636][T16629]  </TASK>
[  682.378760][T16633] FAULT_INJECTION: forcing a failure.
[  682.378760][T16633] name failslab, interval 1, probability 0, space 0, times 0
[  682.382234][T16633] CPU: 3 UID: 0 PID: 16633 Comm: syz.1.2531 Not tainted 6.14.0-rc7-syzkaller #0
[  682.382248][T16633] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  682.382255][T16633] Call Trace:
[  682.382259][T16633]  <TASK>
[  682.382263][T16633]  dump_stack_lvl+0x16c/0x1f0
[  682.382281][T16633]  should_fail_ex+0x50a/0x650
[  682.382295][T16633]  should_failslab+0xc2/0x120
[  682.382306][T16633]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  682.382322][T16633]  ? skb_clone+0x190/0x3f0
[  682.382335][T16633]  skb_clone+0x190/0x3f0
[  682.382345][T16633]  netlink_deliver_tap+0xabd/0xd30
[  682.382363][T16633]  netlink_unicast+0x5e1/0x7f0
[  682.382380][T16633]  ? __pfx_netlink_unicast+0x10/0x10
[  682.382396][T16633]  ? __phys_addr_symbol+0x30/0x80
[  682.382408][T16633]  ? __check_object_size+0x488/0x710
[  682.382420][T16633]  netlink_sendmsg+0x8b8/0xd70
[  682.382437][T16633]  ? __pfx_netlink_sendmsg+0x10/0x10
[  682.382457][T16633]  ____sys_sendmsg+0xaaf/0xc90
[  682.382471][T16633]  ? __pfx_____sys_sendmsg+0x10/0x10
[  682.382483][T16633]  ? get_compat_msghdr+0x11b/0x170
[  682.382502][T16633]  ___sys_sendmsg+0x135/0x1e0
[  682.382519][T16633]  ? __pfx____sys_sendmsg+0x10/0x10
[  682.382546][T16633]  ? __pfx_lock_release+0x10/0x10
[  682.382561][T16633]  ? trace_lock_acquire+0x14e/0x1f0
[  682.382577][T16633]  ? __fget_files+0x206/0x3a0
[  682.382596][T16633]  __sys_sendmsg+0x16e/0x220
[  682.382612][T16633]  ? __pfx___sys_sendmsg+0x10/0x10
[  682.382636][T16633]  __do_fast_syscall_32+0x73/0x120
[  682.382653][T16633]  do_fast_syscall_32+0x32/0x80
[  682.382679][T16633]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  682.382696][T16633] RIP: 0023:0xf7f1f579
[  682.382705][T16633] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  682.382716][T16633] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  682.382726][T16633] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  682.382733][T16633] RDX: 0000000000048080 RSI: 0000000000000000 RDI: 0000000000000000
[  682.382739][T16633] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  682.382746][T16633] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  682.382752][T16633] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  682.382764][T16633]  </TASK>
[  682.446685][    C3] vkms_vblank_simulate: vblank timer overrun
[  683.013745][T16647] FAULT_INJECTION: forcing a failure.
[  683.013745][T16647] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.018476][T16647] CPU: 2 UID: 0 PID: 16647 Comm: syz.2.2534 Not tainted 6.14.0-rc7-syzkaller #0
[  683.018496][T16647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  683.018506][T16647] Call Trace:
[  683.018511][T16647]  <TASK>
[  683.018518][T16647]  dump_stack_lvl+0x16c/0x1f0
[  683.018547][T16647]  should_fail_ex+0x50a/0x650
[  683.018569][T16647]  _copy_to_user+0x32/0xd0
[  683.018590][T16647]  simple_read_from_buffer+0xd0/0x160
[  683.018616][T16647]  proc_fail_nth_read+0x198/0x270
[  683.018637][T16647]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  683.018659][T16647]  ? rw_verify_area+0xcf/0x680
[  683.018679][T16647]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  683.018700][T16647]  vfs_read+0x1df/0xbf0
[  683.018723][T16647]  ? __fget_files+0x1fc/0x3a0
[  683.018747][T16647]  ? __pfx___mutex_lock+0x10/0x10
[  683.018771][T16647]  ? __pfx_vfs_read+0x10/0x10
[  683.018801][T16647]  ? __fget_files+0x206/0x3a0
[  683.018832][T16647]  ksys_read+0x12b/0x250
[  683.018855][T16647]  ? __pfx_ksys_read+0x10/0x10
[  683.018885][T16647]  __do_fast_syscall_32+0x73/0x120
[  683.018910][T16647]  do_fast_syscall_32+0x32/0x80
[  683.018933][T16647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.018960][T16647] RIP: 0023:0xf7fe1579
[  683.018974][T16647] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  683.018991][T16647] RSP: 002b:00000000f50c4590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  683.019008][T16647] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f50c4620
[  683.019019][T16647] RDX: 000000000000000f RSI: 00000000f746cff4 RDI: 0000000000000000
[  683.019030][T16647] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  683.019040][T16647] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  683.019051][T16647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.019074][T16647]  </TASK>
[  683.599075][T16662] 9pnet_virtio: no channels available for device syz
[  684.615516][T16671] netlink: 'syz.3.2540': attribute type 32 has an invalid length.
[  684.617758][T16671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2540'.
[  684.620345][T16671] netlink: 'syz.3.2540': attribute type 32 has an invalid length.
[  684.949956][ T5966] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  684.959264][ T5966] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  684.963597][ T5966] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  684.970444][ T5966] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  684.978883][ T5966] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  684.985413][ T5966] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  685.127043][ T5950] bridge0: port 4(syz_tun) entered disabled state
[  685.185191][ T5950] syz_tun (unregistering): left allmulticast mode
[  685.187544][ T5950] syz_tun (unregistering): left promiscuous mode
[  685.189815][ T5950] bridge0: port 4(syz_tun) entered disabled state
[  685.195582][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  685.197564][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  685.200323][ T1413] ==================================================================
[  685.202604][ T1413] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90
[  685.204697][ T1413] Read of size 8 at addr ffff888026a77020 by task aoe_tx0/1413
[  685.208897][ T1413] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  685.209860][ T1413] CPU: 3 UID: 0 PID: 1413 Comm: aoe_tx0 Not tainted 6.14.0-rc7-syzkaller #0
[  685.209881][ T1413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  685.209893][ T1413] Call Trace:
[  685.209899][ T1413]  <TASK>
[  685.209907][ T1413]  dump_stack_lvl+0x116/0x1f0
[  685.209933][ T1413]  print_report+0xc3/0x670
[  685.209950][ T1413]  ? __virt_addr_valid+0x5e/0x590
[  685.209968][ T1413]  ? __phys_addr+0xc6/0x150
[  685.209986][ T1413]  kasan_report+0xd9/0x110
[  685.210002][ T1413]  ? tty_write_room+0x7d/0x90
[  685.210018][ T1413]  ? tty_write_room+0x7d/0x90
[  685.210058][ T1413]  tty_write_room+0x7d/0x90
[  685.210074][ T1413]  handle_tx+0x151/0x630
[  685.210092][ T1413]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  685.210117][ T1413]  dev_hard_start_xmit+0x9a/0x7b0
[  685.210141][ T1413]  __dev_queue_xmit+0x7f0/0x43e0
[  685.210166][ T1413]  ? __pfx___dev_queue_xmit+0x10/0x10
[  685.210188][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  685.210212][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  685.210235][ T1413]  ? lock_acquire.part.0+0x11b/0x380
[  685.210258][ T1413]  ? find_held_lock+0x2d/0x110
[  685.210276][ T1413]  ? find_held_lock+0x2d/0x110
[  685.210293][ T1413]  ? tx+0xa8/0x190
[  685.210310][ T1413]  ? __pfx_lock_release+0x10/0x10
[  685.210331][ T1413]  ? lock_acquire+0x2f/0xb0
[  685.210356][ T1413]  tx+0xcc/0x190
[  685.210373][ T1413]  ? __pfx_tx+0x10/0x10
[  685.210388][ T1413]  kthread+0x1e7/0x3c0
[  685.210415][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.210440][ T1413]  ? __pfx_default_wake_function+0x10/0x10
[  685.210463][ T1413]  ? lockdep_hardirqs_on+0x7c/0x110
[  685.210485][ T1413]  ? __kthread_parkme+0x148/0x220
[  685.210503][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.210526][ T1413]  kthread+0x3af/0x750
[  685.210546][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.210566][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.210586][ T1413]  ret_from_fork+0x45/0x80
[  685.210607][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.210626][ T1413]  ret_from_fork_asm+0x1a/0x30
[  685.210650][ T1413]  </TASK>
[  685.210656][ T1413] 
[  685.278445][ T1413] Allocated by task 16671:
[  685.280218][ T1413]  kasan_save_stack+0x33/0x60
[  685.282069][ T1413]  kasan_save_track+0x14/0x30
[  685.283923][ T1413]  __kasan_kmalloc+0xaa/0xb0
[  685.285571][ T1413]  alloc_tty_struct+0x98/0x8d0
[  685.287478][ T1413]  tty_init_dev.part.0+0x1e/0x660
[  685.289406][ T1413]  tty_init_dev+0x60/0x80
[  685.291089][ T1413]  ptmx_open+0x10d/0x360
[  685.292513][ T1413]  chrdev_open+0x237/0x6a0
[  685.293764][ T1413]  do_dentry_open+0x735/0x1c40
[  685.295283][ T1413]  vfs_open+0x82/0x3f0
[  685.296711][ T1413]  path_openat+0x1e88/0x2d80
[  685.297996][ T1413]  do_filp_open+0x20c/0x470
[  685.299116][ T1413]  do_sys_openat2+0x17a/0x1e0
[  685.300279][ T1413]  __ia32_compat_sys_openat+0x16e/0x210
[  685.301751][ T1413]  __do_fast_syscall_32+0x73/0x120
[  685.303187][ T1413]  do_fast_syscall_32+0x32/0x80
[  685.304589][ T1413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  685.306972][ T1413] 
[  685.307931][ T1413] Freed by task 16140:
[  685.309491][ T1413]  kasan_save_stack+0x33/0x60
[  685.311241][ T1413]  kasan_save_track+0x14/0x30
[  685.313092][ T1413]  kasan_save_free_info+0x3b/0x60
[  685.315074][ T1413]  __kasan_slab_free+0x51/0x70
[  685.316939][ T1413]  kfree+0x2c4/0x4d0
[  685.318449][ T1413]  process_one_work+0x9c5/0x1ba0
[  685.320273][ T1413]  worker_thread+0x6c8/0xf00
[  685.322122][ T1413]  kthread+0x3af/0x750
[  685.323582][ T1413]  ret_from_fork+0x45/0x80
[  685.324852][ T1413]  ret_from_fork_asm+0x1a/0x30
[  685.326209][ T1413] 
[  685.326893][ T1413] Last potentially related work creation:
[  685.328437][ T1413]  kasan_save_stack+0x33/0x60
[  685.329741][ T1413]  kasan_record_aux_stack+0xb8/0xd0
[  685.331258][ T1413]  insert_work+0x36/0x230
[  685.332457][ T1413]  __queue_work+0x97e/0x10f0
[  685.333755][ T1413]  queue_work_on+0x11a/0x140
[  685.335071][ T1413]  release_tty+0x4de/0x5d0
[  685.336317][ T1413]  tty_release_struct+0xb7/0xe0
[  685.337671][ T1413]  tty_release+0xe25/0x1410
[  685.338957][ T1413]  __fput+0x3ff/0xb70
[  685.340079][ T1413]  task_work_run+0x14e/0x250
[  685.341397][ T1413]  syscall_exit_to_user_mode+0x27b/0x2a0
[  685.343000][ T1413]  __do_fast_syscall_32+0x80/0x120
[  685.344423][ T1413]  do_fast_syscall_32+0x32/0x80
[  685.345684][ T1413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  685.347448][ T1413] 
[  685.348128][ T1413] The buggy address belongs to the object at ffff888026a77000
[  685.348128][ T1413]  which belongs to the cache kmalloc-cg-2k of size 2048
[  685.352154][ T1413] The buggy address is located 32 bytes inside of
[  685.352154][ T1413]  freed 2048-byte region [ffff888026a77000, ffff888026a77800)
[  685.356020][ T1413] 
[  685.356697][ T1413] The buggy address belongs to the physical page:
[  685.358564][ T1413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26a70
[  685.361159][ T1413] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  685.363475][ T1413] memcg:ffff88800057df01
[  685.364652][ T1413] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  685.366795][ T1413] page_type: f5(slab)
[  685.367866][ T1413] raw: 00fff00000000040 ffff88801b050140 ffffea0001a1b800 dead000000000002
[  685.370191][ T1413] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88800057df01
[  685.372488][ T1413] head: 00fff00000000040 ffff88801b050140 ffffea0001a1b800 dead000000000002
[  685.374826][ T1413] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88800057df01
[  685.377174][ T1413] head: 00fff00000000003 ffffea00009a9c01 ffffffffffffffff 0000000000000000
[  685.379563][ T1413] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  685.382132][ T1413] page dumped because: kasan: bad access detected
[  685.383939][ T1413] page_owner tracks the page as allocated
[  685.385502][ T1413] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5961, tgid 5961 (syz-executor), ts 46952030117, free_ts 46939019823
[  685.391429][ T1413]  post_alloc_hook+0x181/0x1b0
[  685.392755][ T1413]  get_page_from_freelist+0xfce/0x2f80
[  685.394267][ T1413]  __alloc_frozen_pages_noprof+0x221/0x2470
[  685.396008][ T1413]  alloc_pages_mpol+0x1fc/0x540
[  685.397352][ T1413]  new_slab+0x23d/0x330
[  685.398531][ T1413]  ___slab_alloc+0xc5d/0x1720
[  685.399841][ T1413]  __slab_alloc.constprop.0+0x56/0xb0
[  685.401356][ T1413]  __kmalloc_cache_noprof+0xfa/0x410
[  685.402939][ T1413]  ipv6_add_dev+0xfe/0x13f0
[  685.404215][ T1413]  addrconf_notify+0x53e/0x19c0
[  685.405524][ T1413]  notifier_call_chain+0xb7/0x410
[  685.406951][ T1413]  call_netdevice_notifiers_info+0xbe/0x140
[  685.408571][ T1413]  register_netdevice+0x17c2/0x1eb0
[  685.410008][ T1413]  veth_newlink+0x291/0x8f0
[  685.411318][ T1413]  rtnl_newlink+0xb95/0x1d60
[  685.412605][ T1413]  rtnetlink_rcv_msg+0x95b/0xea0
[  685.414009][ T1413] page last free pid 5951 tgid 5951 stack trace:
[  685.415752][ T1413]  free_frozen_pages+0x6db/0xfb0
[  685.417134][ T1413]  qlist_free_all+0x4e/0x120
[  685.418328][ T1413]  kasan_quarantine_reduce+0x195/0x1e0
[  685.419785][ T1413]  __kasan_slab_alloc+0x69/0x90
[  685.421142][ T1413]  __kmalloc_cache_noprof+0x243/0x410
[  685.422579][ T1413]  ref_tracker_alloc+0x17c/0x5b0
[  685.423915][ T1413]  netdev_queue_update_kobjects+0x24c/0x5b0
[  685.425691][ T1413]  netdev_register_kobject+0x28c/0x3a0
[  685.427161][ T1413]  register_netdevice+0x147b/0x1eb0
[  685.428551][ T1413]  veth_newlink+0x3c2/0x8f0
[  685.429816][ T1413]  rtnl_newlink+0xb95/0x1d60
[  685.431497][ T1413]  rtnetlink_rcv_msg+0x95b/0xea0
[  685.432878][ T1413]  netlink_rcv_skb+0x16b/0x440
[  685.434229][ T1413]  netlink_unicast+0x53c/0x7f0
[  685.435565][ T1413]  netlink_sendmsg+0x8b8/0xd70
[  685.436898][ T1413]  __sys_sendto+0x488/0x4f0
[  685.438180][ T1413] 
[  685.438864][ T1413] Memory state around the buggy address:
[  685.440413][ T1413]  ffff888026a76f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  685.442840][ T1413]  ffff888026a76f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  685.445043][ T1413] >ffff888026a77000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  685.447227][ T1413]                                ^
[  685.448631][ T1413]  ffff888026a77080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  685.450850][ T1413]  ffff888026a77100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  685.453038][ T1413] ==================================================================
[  685.455663][ T1413] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  685.457649][ T1413] CPU: 3 UID: 0 PID: 1413 Comm: aoe_tx0 Not tainted 6.14.0-rc7-syzkaller #0
[  685.460190][ T1413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  685.463197][ T1413] Call Trace:
[  685.464149][ T1413]  <TASK>
[  685.464982][ T1413]  dump_stack_lvl+0x3d/0x1f0
[  685.466446][ T1413]  panic+0x71d/0x800
[  685.467548][ T1413]  ? mark_held_locks+0x9f/0xe0
[  685.468881][ T1413]  ? __pfx_panic+0x10/0x10
[  685.470135][ T1413]  ? irqentry_exit+0x3b/0x90
[  685.471616][ T1413]  ? lockdep_hardirqs_on+0x7c/0x110
[  685.473077][ T1413]  ? check_panic_on_warn+0x1f/0xb0
[  685.474499][ T1413]  check_panic_on_warn+0xab/0xb0
[  685.475867][ T1413]  end_report+0x117/0x180
[  685.477067][ T1413]  kasan_report+0xe9/0x110
[  685.478320][ T1413]  ? tty_write_room+0x7d/0x90
[  685.479626][ T1413]  ? tty_write_room+0x7d/0x90
[  685.480983][ T1413]  tty_write_room+0x7d/0x90
[  685.482249][ T1413]  handle_tx+0x151/0x630
[  685.483434][ T1413]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  685.485063][ T1413]  dev_hard_start_xmit+0x9a/0x7b0
[  685.486467][ T1413]  __dev_queue_xmit+0x7f0/0x43e0
[  685.487842][ T1413]  ? __pfx___dev_queue_xmit+0x10/0x10
[  685.489327][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  685.490841][ T1413]  ? __pfx___lock_acquire+0x10/0x10
[  685.492317][ T1413]  ? lock_acquire.part.0+0x11b/0x380
[  685.493782][ T1413]  ? find_held_lock+0x2d/0x110
[  685.495166][ T1413]  ? find_held_lock+0x2d/0x110
[  685.496509][ T1413]  ? tx+0xa8/0x190
[  685.497643][ T1413]  ? __pfx_lock_release+0x10/0x10
[  685.499059][ T1413]  ? lock_acquire+0x2f/0xb0
[  685.500333][ T1413]  tx+0xcc/0x190
[  685.501362][ T1413]  ? __pfx_tx+0x10/0x10
[  685.502688][ T1413]  kthread+0x1e7/0x3c0
[  685.503904][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.505197][ T1413]  ? __pfx_default_wake_function+0x10/0x10
[  685.506834][ T1413]  ? lockdep_hardirqs_on+0x7c/0x110
[  685.508239][ T1413]  ? __kthread_parkme+0x148/0x220
[  685.509652][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.511112][ T1413]  kthread+0x3af/0x750
[  685.512258][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.513542][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.514843][ T1413]  ret_from_fork+0x45/0x80
[  685.516088][ T1413]  ? __pfx_kthread+0x10/0x10
[  685.517370][ T1413]  ret_from_fork_asm+0x1a/0x30
[  685.518708][ T1413]  </TASK>
[  685.520129][ T1413] Kernel Offset: disabled
[  685.521357][ T1413] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:14:54  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=000055f853d7b000 RCX=ffffffff816a593a RDX=ffff888021422440
RSI=000055f853d7b000 RDI=00007fffffffefff RBP=00007fffffffefff RSP=ffffc90002c5ff10
R8 =0000000000000007 R9 =ffffffffff600000 R10=000055f853d7b000 R11=0000000000000000
R12=0000000000000006 R13=000055f853d7b000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81b9ecf8 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff1acebdd00 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055f853d7b000 CR3=000000004c3fc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=6935197369351973 6935197369351973 6935197369351973 6935197369351973 6935197369351973 6935197369351973 6935197369351973 6935197369351973
ZMM22=8cc819c68cc819c6 8cc819c68cc819c6 8cc819c68cc819c6 8cc819c68cc819c6 8cc819c68cc819c6 8cc819c68cc819c6 8cc819c68cc819c6 8cc819c68cc819c6
ZMM23=3ffdab8c3ffdab8c 3ffdab8c3ffdab8c 3ffdab8c3ffdab8c 3ffdab8c3ffdab8c 3ffdab8c3ffdab8c 3ffdab8c3ffdab8c 3ffdab8c3ffdab8c 3ffdab8c3ffdab8c
ZMM24=ec96f0c2ec96f0c2 ec96f0c2ec96f0c2 ec96f0c2ec96f0c2 ec96f0c2ec96f0c2 ec96f0c2ec96f0c2 ec96f0c2ec96f0c2 ec96f0c2ec96f0c2 ec96f0c2ec96f0c2
ZMM25=ba0db35aba0db35a ba0db35aba0db35a ba0db35aba0db35a ba0db35aba0db35a ba0db35aba0db35a ba0db35aba0db35a ba0db35aba0db35a ba0db35aba0db35a
ZMM26=51c6130f51c6130f 51c6130f51c6130f 51c6130f51c6130f 51c6130f51c6130f 51c6130f51c6130f 51c6130f51c6130f 51c6130f51c6130f 51c6130f51c6130f
ZMM27=86d3965986d39659 86d3965986d39659 86d3965986d39659 86d3965986d39659 86d3965986d39659 86d3965986d39659 86d3965986d39659 86d3965986d39659
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=f4250000f4250000 f4250000f4250000 f4250000f4250000 f4250000f4250000 f4250000f4250000 f4250000f4250000 f4250000f4250000 f4250000f4250000
info registers vcpu 1

CPU#1
RAX=0000000000000046 RBX=ffff888022c85370 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff8b6cfee0 RDI=ffffffff8bd35a60 RBP=ffffffff8e1bd0e0 RSP=ffffc90007b5fa60
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000002
R12=ffff888022c84880 R13=0000000000000000 R14=00000000ffffffff R15=0000000000000001
RIP=ffffffff8b5556a7 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f72b0207 CR3=0000000012516000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000004 RBX=0000000000000000 RCX=0000000000000001 RDX=0000000000000000
RSI=1ffff1100459015d RDI=ffff888022c80b11 RBP=0000000000000004 RSP=ffffc900072777e8
R8 =0000000000000000 R9 =fffffbfff2dd839f R10=ffffffff96ec1cff R11=0000000000000000
R12=0000000000000000 R13=ffff888022c80000 R14=0000000000000001 R15=ffff888022c80af0
RIP=ffffffff81967640 RFL=00000802 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c33e818 CR3=0000000049de6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff853e91d5 RDI=ffffffff9ab71ea0 RBP=ffffffff9ab71e60 RSP=ffffc90007ccf430
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000034 R14=ffffffff9ab71e60 R15=0000000000000000
RIP=ffffffff853e91ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000577a04c0 CR3=000000006a434000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000