last executing test programs:

2m4.427364971s ago: executing program 3 (id=2416):
creat(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m4.426444382s ago: executing program 3 (id=2420):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)
r2 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0)
close(r2)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f00000004c0)={[&(0x7f0000000000)='\x00', &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0)

2m4.360133341s ago: executing program 3 (id=2422):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000280)={'#! ', './file0'}, 0x38d2)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f000000c180)=@gcm_128={{0x304}, "54a910d91edfa12e", "6a907ad196346583cc3992826e72b4c0", "8da662f9", "978d8d03a58d256a"}, 0x28)
sendfile(r0, r1, &(0x7f0000000100)=0x6, 0x100000000010001)

2m4.357746451s ago: executing program 3 (id=2423):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x10dc43, 0x0)
umount2(&(0x7f0000000340)='./file0/file0\x00', 0x1)

2m4.356303751s ago: executing program 3 (id=2424):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc010)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
r1 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

2m4.228239018s ago: executing program 3 (id=2425):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}, {@index_off}]})

2m4.228014192s ago: executing program 32 (id=2425):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}, {@index_off}]})

2m1.621657712s ago: executing program 0 (id=2465):
r0 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r0, &(0x7f0000000980)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
setresgid(0x0, r1, r1)
r2 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r3)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r2, &(0x7f0000000180)='attr/prev\x00')

2m1.553518839s ago: executing program 0 (id=2468):
socket(0x1e, 0x4, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000086dd61fbddf100083afffe88000000000000000000000000010100000000000000000000000000000001"], 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x5, 0xb68, 0xfffffffffffffeb9, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0xe}, 0x48)

2m1.411548362s ago: executing program 0 (id=2471):
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x31, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@ipv6_delrule={0x1c, 0x21, 0x1, 0x70bd2c, 0x25dfdbf9, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1, 0x10007}}, 0x1c}}, 0x20040000)

2m1.373784948s ago: executing program 0 (id=2473):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x304}, "a95972fc5ec50719", "8e003700daf3826d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff004)

2m1.255117632s ago: executing program 0 (id=2478):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10)
mount$tmpfs(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x1, 0x0)

2m1.211924821s ago: executing program 0 (id=2481):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
open$dir(&(0x7f00000000c0)='./file1\x00', 0x80, 0x1a2)
unlinkat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x200)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

1m53.546397759s ago: executing program 4 (id=2610):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r2, 0x26, &(0x7f00000031c0)={0x1})
fcntl$lock(r2, 0x26, &(0x7f0000000080))
close_range(r0, 0xffffffffffffffff, 0x0)

1m53.377970487s ago: executing program 4 (id=2611):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a000000000005001d"], 0x44}}, 0x0)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$NFT_MSG_GETGEN(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2010}, 0x4000)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)

1m52.535657261s ago: executing program 4 (id=2620):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in=@remote, 0x0, 0x400, 0x0, 0x0, 0xa, 0x60, 0x0, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff}, {0x3}, 0x6}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc000000000000000000000000000000ac1414bb00000000000000000000000000000400000000000a006000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'/110], 0xb8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {0x0, 0x0, 0x1}}}, 0xb8}}, 0x4000)

1m52.531911249s ago: executing program 4 (id=2621):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
close_range(r0, 0xffffffffffffffff, 0x0)

1m52.00834396s ago: executing program 4 (id=2623):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
setpgid(0x0, r0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)

1m52.002388229s ago: executing program 4 (id=2624):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x403, 0x0, 0xfffffd, {0x0, 0x0, 0x3, r5, 0x0, 0x70}, [@IFLA_MASTER={0x8, 0x4040}]}, 0x28}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

1m46.19535249s ago: executing program 33 (id=2481):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
open$dir(&(0x7f00000000c0)='./file1\x00', 0x80, 0x1a2)
unlinkat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x200)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

1m36.750492702s ago: executing program 34 (id=2624):
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x403, 0x0, 0xfffffd, {0x0, 0x0, 0x3, r5, 0x0, 0x70}, [@IFLA_MASTER={0x8, 0x4040}]}, 0x28}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

1m35.59421158s ago: executing program 6 (id=2862):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

1m35.544590413s ago: executing program 6 (id=2873):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000003c0)={0x108, 0x23, 0x20, 0x70bd25, 0x25dfdbfc, "", [@typed={0x5, 0x4b, 0x0, 0x0, @str='\x00'}, @generic="beb0a0560a761e7dded9b61af4ff1336a5637fad6188a5e51f2b2f7646286fce40c6cee437e94972bcc8a4617bd23ee3f2619d3e57621189b4a1321cf9e95516f6de75558a305ad2b9060614c4a46f555fcbf89142551dd0fee5d46d52fd08f16d3809ff5e297a5be6e3b90114a2155f810a061d326cb43a280e4f1301d86946853016756ac20496a41de408d1a31802a37e6a0a", @typed={0xc, 0xf1, 0x0, 0x0, @u64=0x7fff}, @generic="a94d6ff9ec65abd58079bcf838fff43a7f31618a1dbfe59a45ce3c72807dbb74d21e70782385dc8e4d77803352514b6a16455f3c24f56667297e9bbc98", @nested={0x10, 0xa4, 0x0, 0x1, [@nested={0x4, 0x31}, @typed={0x5, 0x113, 0x0, 0x0, @str='\x00'}]}]}, 0x108}], 0x1, 0x0, 0x0, 0x4}, 0x20000050)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xc7, 0x19, 0x4, '\x00', 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m20.541826553s ago: executing program 35 (id=2873):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000003c0)={0x108, 0x23, 0x20, 0x70bd25, 0x25dfdbfc, "", [@typed={0x5, 0x4b, 0x0, 0x0, @str='\x00'}, @generic="beb0a0560a761e7dded9b61af4ff1336a5637fad6188a5e51f2b2f7646286fce40c6cee437e94972bcc8a4617bd23ee3f2619d3e57621189b4a1321cf9e95516f6de75558a305ad2b9060614c4a46f555fcbf89142551dd0fee5d46d52fd08f16d3809ff5e297a5be6e3b90114a2155f810a061d326cb43a280e4f1301d86946853016756ac20496a41de408d1a31802a37e6a0a", @typed={0xc, 0xf1, 0x0, 0x0, @u64=0x7fff}, @generic="a94d6ff9ec65abd58079bcf838fff43a7f31618a1dbfe59a45ce3c72807dbb74d21e70782385dc8e4d77803352514b6a16455f3c24f56667297e9bbc98", @nested={0x10, 0xa4, 0x0, 0x1, [@nested={0x4, 0x31}, @typed={0x5, 0x113, 0x0, 0x0, @str='\x00'}]}]}, 0x108}], 0x1, 0x0, 0x0, 0x4}, 0x20000050)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xc7, 0x19, 0x4, '\x00', 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m9.023583424s ago: executing program 7 (id=3292):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
ioprio_set$uid(0x3, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)

1m8.950924802s ago: executing program 7 (id=3293):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r0 = syz_io_uring_setup(0x17dc, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1)
sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r0, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

1m8.78808956s ago: executing program 7 (id=3294):
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x80})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10)
listen(r4, 0xf)
accept4$unix(r4, 0x0, 0x0, 0x0)

1m7.925292388s ago: executing program 7 (id=3307):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1m7.885581712s ago: executing program 7 (id=3308):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

1m7.878912001s ago: executing program 7 (id=3310):
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f00000000c0)={{@host}, @host, 0x0, 0x0, 0x1, 0x4})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x1, 0x0)
preadv(r0, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x1, 0x0)
ioctl$MON_IOCX_GETX(r0, 0x80089203, 0x0)
r1 = openat$pmem0(0xffffff9c, &(0x7f0000000080), 0x600102, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000200)={0x1, 0xa64})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRESOCT=0x0, @ANYBLOB="010000000000000000000900000030000a841400b900736974a1e6dc90088c51fec13000000000000000000000000006000400ffe300001600"], 0x44}}, 0x0)

52.219029425s ago: executing program 36 (id=3310):
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f00000000c0)={{@host}, @host, 0x0, 0x0, 0x1, 0x4})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x1, 0x0)
preadv(r0, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x1, 0x0)
ioctl$MON_IOCX_GETX(r0, 0x80089203, 0x0)
r1 = openat$pmem0(0xffffff9c, &(0x7f0000000080), 0x600102, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000200)={0x1, 0xa64})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRESOCT=0x0, @ANYBLOB="010000000000000000000900000030000a841400b900736974a1e6dc90088c51fec13000000000000000000000000006000400ffe300001600"], 0x44}}, 0x0)

6.486376699s ago: executing program 5 (id=3941):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000180), 0xc06620, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

5.605516272s ago: executing program 5 (id=3954):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000740)={<r2=>0x0})
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000000c0)={r2})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000003c0)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r6, 0x3, r0, 0x5})

4.726284963s ago: executing program 5 (id=3962):
syz_open_dev$vim2m(&(0x7f0000000080), 0x9, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r2, 0x7323, 0x0, 0x5, 0x0, 0x0)

3.792809554s ago: executing program 5 (id=3976):
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000)
sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000000340)=ANY=[], 0x2b08}}, 0x4004006)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000100)=@ccm_128={{0x304}, "2697312e4e898ca7", "35e23ca3a988def7dfbd438c536346cd", "11398f4a", "50cc97386065eda9"}, 0x28)
recvmmsg(r0, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x2002}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/94, 0x5e}], 0x1}, 0x4}], 0x2, 0x40000002, 0x0)

3.384240925s ago: executing program 8 (id=3969):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000e40)=@delchain={0x40, 0x2c, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xfff3}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0xfff3}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010)

3.322576529s ago: executing program 8 (id=3970):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$alg(0x26, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0)
ioctl$VIDIOC_G_ENC_INDEX(r1, 0x8818564c, &(0x7f0000000840))
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r3}, 0x38)

3.206874135s ago: executing program 5 (id=3974):
ioperm(0x284, 0x7f, 0xe3)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)

2.882630224s ago: executing program 1 (id=3980):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x8084)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

2.882486013s ago: executing program 8 (id=3981):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000000)='./file2\x00', 0xa1)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000040)={{}, 0x5, 0x5, 0x490})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x380})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00014004fcff", 0x58}], 0x1)

2.880884523s ago: executing program 2 (id=3988):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000840)=ANY=[], 0xffdd)
close(0x3)
close(0x4)

2.817448213s ago: executing program 2 (id=3982):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_io_uring_setup(0x327c, &(0x7f0000000480)={0x0, 0xc0fc, 0x10, 0x0, 0x351}, &(0x7f0000000440)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1b2fd2c5}, @NFTA_HOOK_DEV={0x14, 0x3, 'ip6gre0\x00'}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x37, 0x0, 0x0, 0x8000004}]}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0x0, 0x28, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWSET={0xf4, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2c}, @NFTA_SET_DESC={0xb0, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_DESC_CONCAT={0xa4, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x764f15e2}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x28}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xcb}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}]}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa4}]}], {0x14, 0x10}}, 0x11c}}, 0x0)

2.817150457s ago: executing program 2 (id=3983):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r0, 0xa, 0x13)
fcntl$setlease(r0, 0x400, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x3)
fcntl$setsig(r1, 0xa, 0x12)
ppoll(&(0x7f0000000000)=[{r2, 0x8402}], 0x1, 0x0, 0x0, 0x0)
dup2(r1, r2)
r3 = getpgid(0x0)
fcntl$setown(r1, 0x8, r3)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)

2.607584898s ago: executing program 8 (id=3984):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x3, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x20048005)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

2.027341027s ago: executing program 8 (id=3985):
syz_emit_ethernet(0x126, &(0x7f0000000640)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0xf0, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, '\t\x00', 0x0, 0x11, 0x0, @local, @empty, [@fragment, @hopopts={0x0, 0x15, '\x00', [@generic={0xf}, @generic, @ra, @generic={0x0, 0x85, "65fd1a52737fa1ec91495f4d25a766a5dd36bcffb376f4b35d4a5bc51b0f8fb9a273282a9c8ef192a4de26c8732765dbeb6ce083e81cebf0612d1cc7956b78fb34ce0e4a867c8b4094bab04b23680ba97ad5c624055e8504a7a121cf38a402a7aa80e05dbe56fecab8b014420231c0e997cbfda9bdc7f29e3a8b13dcfc396cf6ff1fcd8a7f"}, @generic={0x0, 0xe, "8b168e4b48529453d91cea424030"}, @calipso={0x7, 0x8}]}]}}}}}}}, 0x0)
unshare(0x2000400)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000940)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x0, 0x0, 0xfffffffb}, 0x10}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000180)={'netdevsim0\x00', 0x7fff})

1.94752569s ago: executing program 1 (id=3986):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000340)='./file0/file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)

1.94727978s ago: executing program 1 (id=3987):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@flat=@binder={0x73622a85, 0x110b, 0x3}, @flat=@weak_handle={0x77682a85, 0x1001}, @flat=@binder={0x73622a85, 0x1000}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x190b, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x1000000000000, 0x0})

1.940828207s ago: executing program 1 (id=3995):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(&(0x7f0000000240)=@sr0, &(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)='gfs2\x00', 0x0, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='gfs2meta\x00', 0x2000493, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f0000000140)={<r2=>0x0, 0x0, 0x0, [0x7, 0x6, 0x2, 0x8, 0x9], [0x2, 0x8000, 0x6, 0x0, 0x3, 0x8000000000000001, 0x0, 0x8, 0x4, 0x3, 0x3, 0x4, 0x2800000, 0x7, 0x8a, 0x6, 0x6, 0xdbec, 0x5, 0xfff, 0x3, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0xd2, 0x7, 0x9, 0x7, 0xffffffffffffffff, 0x2, 0x1000, 0x28e, 0x9, 0x4, 0x9, 0x2, 0x30000, 0x0, 0xffffffffffffffff, 0x8, 0x7, 0x5, 0x4, 0xffff, 0x80000000, 0x2, 0x2, 0x25, 0x0, 0x3, 0x10, 0x0, 0xa8, 0xfffffffffffffff9, 0x80000000, 0x0, 0x1, 0x3, 0x6, 0x1, 0xc, 0xd728, 0x7, 0x89e, 0x6, 0x1000, 0x0, 0xa, 0xffffffffffffa709, 0x3, 0x1, 0x6c1, 0x9, 0x1, 0xfffffffffffffffb, 0x2, 0x8, 0x1ff, 0x80000000, 0x80, 0x100000001, 0x4, 0x2000000, 0x2, 0x200, 0x100000001, 0x4, 0x40, 0xfffffffffffffffb, 0xe47, 0x100, 0xba, 0x7, 0x2, 0x3ff, 0x1993, 0x6, 0x7, 0x8, 0xc, 0x1, 0x80c3, 0x8, 0xfffffffffffffff1, 0x9, 0xb20, 0x2, 0xfffffffffffffff9, 0x7fffffffffffffff, 0x1, 0x5, 0x1, 0x100000001, 0x7679515e, 0xfffffffffffffffe, 0x3, 0x7, 0x0, 0x3, 0x716, 0x3]})
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000580)={r2, 0x1ff, 0xad, 0x1})
rt_sigtimedwait(0x0, 0x0, 0x0, 0x8)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r0], 0x248}}, 0x0)

1.939468867s ago: executing program 2 (id=3996):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000001d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='udp_fail_queue_rcv_skb\x00', r1, 0x0, 0x6}, 0x18)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000001d40)=ANY=[], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='udp_fail_queue_rcv_skb\x00', r3, 0x0, 0x6}, 0x18)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "5bc30902bb4778ac28351b1ed825bc864d0288b120f8b0adbe789794a17ad7cf", "0c3bca7525cd0ddc78cd3c6999d4e1d2", {"4ff87eb55d22ff51c76255150fc3012e", "3bb94479a0e045949ced474f08f33e97"}}}}}}}, 0x0)

95.22338ms ago: executing program 5 (id=3989):
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$alg(0x26, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0)
ioctl$VIDIOC_G_ENC_INDEX(r1, 0x8818564c, &(0x7f0000000840))
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r3}, 0x38)

95.080358ms ago: executing program 1 (id=3990):
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa)

94.952531ms ago: executing program 2 (id=3991):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000041c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000006280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda451852e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x5, 0x0, 0x0, {0x0, 0x0, 0x20, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x2, r2}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x400, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x27, 0x0, 0x801001a, 0x66d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50)
rename(&(0x7f0000000100)='./file0/../file0/file0\x00', &(0x7f00000000c0)='./file0/../file0/file0\x00')

94.851292ms ago: executing program 8 (id=3992):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x180000f, 0x13, r1, 0x2000)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)

1.634679ms ago: executing program 1 (id=3993):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f00000001c0)=0x7, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000300)=""/29, &(0x7f0000000240)=0x1d)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r1, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
close(r1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000040)=[{{}, {0x3, 0x1, 0x1, 0x1}}, {{0x0, 0x1, 0x0, 0x1}, {0x4, 0x0, 0x1}}, {{0x3, 0x1, 0x1}, {0x4, 0x1, 0x1}}, {{0x3, 0x0, 0x1}, {0x1, 0x0, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x1}}], 0x28)
syz_usb_connect(0x0, 0x35, &(0x7f0000000f80)={{0x12, 0x1, 0x310, 0x28, 0xec, 0xb9, 0x20, 0x403, 0xf06f, 0xbc01, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x23, 0x1, 0x2, 0x6, 0x0, 0x8, [{{0x9, 0x4, 0xa6, 0x81, 0x1, 0x98, 0x3c, 0x67, 0xa, [], [{{0x9, 0x5, 0xa, 0x1, 0x200, 0x3, 0x9, 0x3, [@generic={0x8, 0xb, "147e0274bf11"}]}}]}}]}}]}}, &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0})

0s ago: executing program 2 (id=3994):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x4, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@updpolicy={0xc0, 0x19, 0x1, 0x70bd29, 0x25dfdbfe, {{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x3, 0x0, 0x2, 0xfffffffffffffffd}, {0x0, 0x5, 0x6}, 0x0, 0x0, 0x1, 0x0, 0x2}, [@XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x5}]}, 0xc0}, 0x1, 0x0, 0x0, 0x24008040}, 0x8000)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x56, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @timestamp={0x44, 0x10, 0x5, 0x3, 0x0, [0x10000, 0x0, 0x0]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

.40
[  120.277892][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.281021][   T24] usb 7-1: Product: syz
[  120.282867][   T24] usb 7-1: Manufacturer: syz
[  120.285218][   T24] usb 7-1: SerialNumber: syz
[  120.422417][T10403] pim6reg1: entered promiscuous mode
[  120.424235][T10403] pim6reg1: entered allmulticast mode
[  120.694059][   T24] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  121.877704][   T10] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  122.049046][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.053260][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.056568][   T10] usb 8-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  122.059898][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.063495][   T10] usb 8-1: config 0 descriptor??
[  122.273453][   T10] usbhid 8-1:0.0: can't add hid device: -71
[  122.275452][   T10] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  122.279089][   T10] usb 8-1: USB disconnect, device number 9
[  122.361136][T10444] netlink: 'syz.1.1813': attribute type 1 has an invalid length.
[  122.370331][T10444] 8021q: adding VLAN 0 to HW filter on device bond5
[  122.870274][T10465] netlink: 'syz.3.1822': attribute type 1 has an invalid length.
[  122.883691][T10465] 8021q: adding VLAN 0 to HW filter on device bond5
[  122.885069][   T24] usb 7-1: USB disconnect, device number 10
[  122.897902][   T24] usblp0: removed
[  123.177691][ T1458] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  123.327631][ T1458] usb 8-1: Using ep0 maxpacket: 8
[  123.331963][ T1458] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  123.335460][ T1458] usb 8-1: config 0 has no interface number 0
[  123.338726][ T1458] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  123.342341][ T1458] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  123.346886][ T1458] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  123.352046][ T1458] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  123.356300][ T1458] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  123.359477][ T1458] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.364340][ T1458] usb 8-1: config 0 descriptor??
[  123.369213][ T1458] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  123.667221][ T1458] usb 8-1: USB disconnect, device number 10
[  123.672539][ T1458] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  123.957718][ T6856] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  123.991942][T10543] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  124.117772][ T6856] usb 7-1: Using ep0 maxpacket: 16
[  124.120827][ T6856] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.124590][ T6856] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.128056][ T6856] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  124.133366][ T6856] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  124.137510][ T6856] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.141630][ T6856] usb 7-1: config 0 descriptor??
[  124.374081][T10555] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1859'.
[  124.517639][T10568] netlink: 'syz.1.1864': attribute type 3 has an invalid length.
[  124.520692][T10568] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1864'.
[  124.553268][ T6856] input: HID 0955:7214 Haptics as /devices/virtual/input/input16
[  124.563978][ T6856] shield 0003:0955:7214.000B: Registered Thunderstrike controller
[  124.567388][ T6856] shield 0003:0955:7214.000B: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  124.602191][T10576] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0
[  124.752283][   T54] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  124.756818][   T54] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  124.761891][   T54] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  124.766788][   T54] shield 0003:0955:7214.000B: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  124.766831][ T6035] usb 7-1: USB disconnect, device number 11
[  124.782568][T10590] netlink: 'syz.1.1873': attribute type 1 has an invalid length.
[  124.812029][T10590] bond6: (slave geneve2): making interface the new active one
[  124.815587][T10590] bond6: (slave geneve2): Enslaving as an active interface with an up link
[  124.820343][ T1175] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0
[  124.823697][ T1175] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0
[  124.827037][ T1175] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0
[  124.837692][ T1175] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0
[  125.034780][T10616] netlink: 'syz.0.1883': attribute type 1 has an invalid length.
[  125.035859][T10615] tipc: Started in network mode
[  125.041558][T10615] tipc: Node identity aaaaaaaaaa35, cluster identity 4711
[  125.044210][T10615] tipc: Enabled bearer <eth:macvlan1>, priority 10
[  125.064221][T10616] bond1: (slave geneve2): making interface the new active one
[  125.068530][T10616] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  125.072403][ T1175] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20004 - 0
[  125.075678][ T1175] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20004 - 0
[  125.079547][ T1175] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20004 - 0
[  125.083045][ T1175] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20004 - 0
[  125.367972][T10650] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1899'.
[  125.665659][   T40] audit: type=1326 audit(1755890273.052:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10660 comm="syz.2.1903" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706e579 code=0x0
[  126.107749][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  126.177685][ T6147] tipc: Node number set to 10463914
[  126.495405][   T54] libceph: connect (1)[c::]:6789 error -101
[  126.498110][   T54] libceph: mon0 (1)[c::]:6789 connect error
[  126.508625][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  126.512209][T10713] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[  126.644813][T10707] ceph: No mds server is up or the cluster is laggy
[  126.738303][T10730] uprobe: syz.1.1928:10730 failed to unregister, leaking uprobe
[  126.817753][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  127.575621][T10760] netfs: Couldn't get user pages (rc=-14)
[  128.075032][T10794] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  128.111813][ T9321] Bluetooth: hci4: Frame reassembly failed (-84)
[  128.114341][ T5979] Bluetooth: hci4: unexpected event 0x0f length: 0 < 4
[  128.598347][T10804] netlink: 'syz.1.1958': attribute type 10 has an invalid length.
[  128.602034][T10804] bridge0: left promiscuous mode
[  128.649165][T10806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1958'.
[  128.729651][T10804] bridge0: entered promiscuous mode
[  128.731851][T10804] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  128.734662][T10806] bridge_slave_1: left allmulticast mode
[  128.736574][T10806] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.740097][T10806] bridge_slave_0: left allmulticast mode
[  128.741966][T10806] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.856986][T10806] bond0: (slave bridge0): Releasing backup interface
[  128.859877][T10806] bridge0 (unregistering): left promiscuous mode
[  129.059663][T10825] netlink: 'syz.3.1964': attribute type 1 has an invalid length.
[  129.077072][T10825] bond6: (slave bridge1): making interface the new active one
[  129.080028][T10825] bond6: (slave bridge1): Enslaving as an active interface with an up link
[  129.151995][T10830] 9pnet_fd: p9_fd_create_unix (10830): problem connecting socket: ./file0: -13
[  129.670031][T10873] input: syz1 as /devices/virtual/input/input17
[  129.737108][T10875] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  129.750805][   T40] audit: type=1804 audit(1755890277.142:62): pid=10875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1984" name="/newroot/482/bus/file0" dev="overlay" ino=35913859 res=1 errno=0
[  129.751252][T10875] evm: overlay not supported
[  129.758293][   T40] audit: type=1800 audit(1755890277.142:63): pid=10875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1984" name="file0" dev="overlay" ino=35913859 res=0 errno=0
[  130.147723][ T5338] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  130.147757][ T5979] Bluetooth: hci4: command 0x1003 tx timeout
[  130.176827][T10881] netlink: 'syz.0.1986': attribute type 1 has an invalid length.
[  130.198982][T10881] bond2: (slave bridge2): making interface the new active one
[  130.202597][T10881] bond2: (slave bridge2): Enslaving as an active interface with an up link
[  130.244207][T10891] netlink: 'syz.1.1990': attribute type 11 has an invalid length.
[  130.246888][T10891] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1990'.
[  130.294697][  T840] Process accounting resumed
[  130.334830][T10902] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1995'.
[  130.338081][T10902] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1995'.
[  130.361568][T10906] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1997'.
[  130.418007][T10911] netlink: 'syz.1.1998': attribute type 1 has an invalid length.
[  130.440331][T10911] bond7: (slave bridge0): making interface the new active one
[  130.442960][T10911] bond7: (slave bridge0): Enslaving as an active interface with an up link
[  130.468824][T10921] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2001'.
[  130.469754][T10922] overlayfs: failed to clone upperpath
[  130.472716][T10921] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2001'.
[  130.499635][T10927] netlink: 830 bytes leftover after parsing attributes in process `syz.2.2006'.
[  130.587676][T10943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.596958][T10943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.681767][T10956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2019'.
[  131.007704][ T6147] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  131.177669][ T6147] usb 8-1: Using ep0 maxpacket: 8
[  131.180956][ T6147] usb 8-1: config index 0 descriptor too short (expected 28277, got 36)
[  131.183583][ T6147] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.186767][ T6147] usb 8-1: config 0 has no interfaces?
[  131.188682][ T6147] usb 8-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  131.191716][ T6147] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.195924][ T6147] usb 8-1: config 0 descriptor??
[  131.318822][T10977] bridge0: port 3(syz_tun) entered blocking state
[  131.320993][T10977] bridge0: port 3(syz_tun) entered disabled state
[  131.323350][T10977] syz_tun: entered allmulticast mode
[  131.325774][T10977] syz_tun: entered promiscuous mode
[  131.327980][T10977] bridge0: port 3(syz_tun) entered blocking state
[  131.330201][T10977] bridge0: port 3(syz_tun) entered forwarding state
[  131.336427][T10977] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2026'.
[  131.341389][T10977] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2026'.
[  131.504577][T10983] netlink: 'syz.2.2029': attribute type 10 has an invalid length.
[  131.507199][T10983] bridge0: port 3(syz_tun) entered disabled state
[  131.509453][T10983] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.511836][T10983] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.518202][T10983] bridge0: port 3(syz_tun) entered blocking state
[  131.521043][T10983] bridge0: port 3(syz_tun) entered forwarding state
[  131.523424][T10983] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.525681][T10983] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.528372][T10983] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.530852][T10983] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.534806][T10983] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  131.546434][T10983] syz_tun: left allmulticast mode
[  131.548469][T10983] syz_tun: left promiscuous mode
[  131.550275][T10983] bridge0: port 3(syz_tun) entered disabled state
[  131.553171][T10983] bridge_slave_1: left allmulticast mode
[  131.555020][T10983] bridge_slave_1: left promiscuous mode
[  131.556891][T10983] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.560240][T10983] bridge_slave_0: left allmulticast mode
[  131.562040][T10983] bridge_slave_0: left promiscuous mode
[  131.563841][T10983] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.569608][T10983] bond0: (slave bridge0): Releasing backup interface
[  132.733341][T11014] netlink: 'syz.0.2040': attribute type 10 has an invalid length.
[  132.736197][T11014] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.737021][   T40] audit: type=1326 audit(1755890280.122:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.1.2041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x7ffc0000
[  132.740260][T11014] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.747965][   T40] audit: type=1326 audit(1755890280.122:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.1.2041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x7ffc0000
[  132.751286][T11014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.752448][T11014] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  132.769342][   T40] audit: type=1326 audit(1755890280.122:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.1.2041" exe="/syz-executor" sig=0 arch=40000003 syscall=372 compat=1 ip=0xf7fe1579 code=0x7ffc0000
[  132.778555][   T40] audit: type=1326 audit(1755890280.122:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.1.2041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x7ffc0000
[  132.779164][T11014] bridge_slave_0: left allmulticast mode
[  132.786481][   T40] audit: type=1326 audit(1755890280.122:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11017 comm="syz.1.2041" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x7ffc0000
[  132.795368][T11014] bridge_slave_0: left promiscuous mode
[  132.797306][T11014] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.803095][T11014] bond0: (slave bridge0): Releasing backup interface
[  132.896205][T11031] netlink: 'syz.1.2048': attribute type 4 has an invalid length.
[  132.902630][T11031] netlink: 'syz.1.2048': attribute type 4 has an invalid length.
[  133.189837][T11058] netlink: 'syz.1.2061': attribute type 1 has an invalid length.
[  133.192375][T11058] netlink: 'syz.1.2061': attribute type 4 has an invalid length.
[  133.195731][T11058] netlink: 'syz.1.2061': attribute type 1 has an invalid length.
[  133.198305][T11058] netlink: 'syz.1.2061': attribute type 4 has an invalid length.
[  133.681139][  T840] usb 8-1: USB disconnect, device number 11
[  134.176992][T11118] sit0: entered promiscuous mode
[  136.685484][T11218] __nla_validate_parse: 20 callbacks suppressed
[  136.685502][T11218] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2126'.
[  136.693162][T11218] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2126'.
[  136.796142][T11226] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  136.839968][T11229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2130'.
[  136.877886][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  136.883094][T11226] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  136.909910][T11233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2132'.
[  136.914193][T11233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2132'.
[  136.920563][T11233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2132'.
[  136.926600][T11233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2132'.
[  136.941581][T11226] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  137.003554][T11226] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  137.064521][ T9285] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  137.070745][ T9285] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  137.079525][ T9285] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  137.088811][ T9322] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  137.125171][T11248] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2139'.
[  137.909227][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  137.912153][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  138.029901][T11262] overlayfs: failed to clone upperpath
[  138.068220][  T840] libceph: connect (1)[c::]:6789 error -101
[  138.070412][  T840] libceph: mon0 (1)[c::]:6789 connect error
[  138.222306][T11270] ceph: No mds server is up or the cluster is laggy
[  138.271495][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  138.487704][   T54] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  138.613150][T11294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2156'.
[  138.617478][T11294] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2156'.
[  138.659875][   T54] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  138.664354][   T54] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  138.668096][   T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.672621][   T54] usb 5-1: config 0 descriptor??
[  138.886135][   T54] usbhid 5-1:0.0: can't add hid device: -71
[  138.888795][   T54] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  138.893757][   T54] usb 5-1: USB disconnect, device number 10
[  139.327896][ T6147] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  139.332336][T11319] veth0_virt_wifi: Caught tx_queue_len zero misconfig
[  139.497724][ T6147] usb 5-1: Using ep0 maxpacket: 32
[  139.501271][ T6147] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.505363][ T6147] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  139.508860][ T6147] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.512320][ T6147] usb 5-1: config 0 descriptor??
[  139.515059][ T6147] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  139.518685][ T6147] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  139.912264][T11352] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  139.919360][   T54] usb 5-1: USB disconnect, device number 11
[  139.925665][   T54] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  140.026872][ T6147] libceph: connect (1)[c::]:6789 error -13
[  140.029099][ T6147] libceph: mon0 (1)[c::]:6789 connect error
[  140.180975][T11371] ceph: No mds server is up or the cluster is laggy
[  140.508827][   T40] audit: type=1326 audit(1755890287.902:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11414 comm="syz.1.2203" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7fe1579 code=0x0
[  142.197826][T11528] __nla_validate_parse: 8 callbacks suppressed
[  142.197838][T11528] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2248'.
[  142.252507][T11534] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2251'.
[  142.869484][T11553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2259'.
[  143.617431][T11634] netlink: 2020 bytes leftover after parsing attributes in process `syz.3.2293'.
[  143.620586][T11634] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2293'.
[  144.123456][T11638] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2295'.
[  144.295531][T11645] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2298'.
[  144.297956][ T6035] e1000 0000:00:06.0 eth0: Reset adapter
[  146.468721][   T54] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[  154.927007][T11691] validate_nla: 1 callbacks suppressed
[  154.927018][T11691] netlink: 'syz.0.2304': attribute type 27 has an invalid length.
[  154.977398][T11691] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  154.983789][T11691] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  154.988571][T11703] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2309'.
[  155.054077][T11701] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.058249][T11701] 8021q: adding VLAN 0 to HW filter on device team0
[  155.064579][T11701] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  155.073939][ T9321] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  155.076917][ T9321] netdevsim netdevsim0 eth0: unset [1, 1] type 2 family 0 port 20004 - 0
[  155.080920][ T9321] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  155.084558][ T9321] netdevsim netdevsim0 eth1: unset [1, 1] type 2 family 0 port 20004 - 0
[  155.084924][T11711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2312'.
[  155.091633][ T9321] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  155.095073][ T9321] netdevsim netdevsim0 eth2: unset [1, 1] type 2 family 0 port 20004 - 0
[  155.099209][ T9285] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  155.101994][ T9285] netdevsim netdevsim0 eth3: unset [1, 1] type 2 family 0 port 20004 - 0
[  155.114808][T11711] veth15: entered promiscuous mode
[  155.147323][T11719] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2315'.
[  155.177527][T11722] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2317'.
[  155.308119][T11739] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2324'.
[  155.440867][T11752] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2330'.
[  155.473718][T11756] netlink: 'syz.0.2331': attribute type 10 has an invalid length.
[  155.479002][T11756] team0: Port device dummy0 added
[  155.592124][T11760] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  155.969393][T11792] netlink: 240 bytes leftover after parsing attributes in process `syz.1.2343'.
[  156.641264][T11821] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2356'.
[  156.742073][   T40] audit: type=1326 audit(1755890304.132:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11829 comm="syz.2.2360" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x0
[  157.592068][T11860] ip6tnl0: Master is either lo or non-ether device
[  157.841396][T11879] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.2379'.
[  157.845201][T11879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2379'.
[  157.859230][   T40] audit: type=1326 audit(1755890305.252:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11880 comm="syz.3.2380" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x0
[  158.365331][T11899] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  158.368574][T11899] overlayfs: failed to set xattr on upper
[  158.371125][T11899] overlayfs: ...falling back to redirect_dir=nofollow.
[  158.374095][T11899] overlayfs: ...falling back to index=off.
[  158.376598][T11899] overlayfs: ...falling back to uuid=null.
[  158.436672][T11903] overlayfs: failed to clone upperpath
[  158.585444][T11919] overlayfs: failed to clone upperpath
[  158.768178][   T40] audit: type=1326 audit(1755890306.162:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  158.775894][   T40] audit: type=1326 audit(1755890306.162:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  158.785242][   T40] audit: type=1326 audit(1755890306.162:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  158.792046][T11955] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  158.792265][   T40] audit: type=1326 audit(1755890306.162:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  158.805473][   T40] audit: type=1326 audit(1755890306.162:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  158.815894][   T40] audit: type=1326 audit(1755890306.162:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  158.824451][   T40] audit: type=1326 audit(1755890306.162:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  158.832913][   T40] audit: type=1326 audit(1755890306.162:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11949 comm="syz.0.2410" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x50000
[  159.019829][ T6277] syz_tun (unregistering): left promiscuous mode
[  159.237778][ T5979] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  159.240393][ T5979] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  159.242969][ T5979] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  159.245734][ T5979] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  159.248675][ T5979] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  159.252423][ T5338] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  159.255787][ T5338] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  159.259401][ T5338] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  159.263192][ T5338] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  159.266590][ T5338] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  159.333320][T11985] chnl_net:caif_netlink_parms(): no params data found
[  159.367398][T11985] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.370566][T11985] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.373313][T11985] bridge_slave_0: entered allmulticast mode
[  159.375612][T11985] bridge_slave_0: entered promiscuous mode
[  159.379970][T11985] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.383093][T11985] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.385987][T11985] bridge_slave_1: entered allmulticast mode
[  159.388764][T11985] bridge_slave_1: entered promiscuous mode
[  159.419084][T11985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  159.424816][T11985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  159.458177][T11985] team0: Port device team_slave_0 added
[  159.463027][T11985] team0: Port device team_slave_1 added
[  159.486531][T11985] batman_adv: batadv0: Adding interface: batadv_slave_0
[  159.489432][T11985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.501210][T11985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  159.506331][T11985] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.509097][T11985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.519543][T11985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  159.555714][T11985] hsr_slave_0: entered promiscuous mode
[  159.558799][T11985] hsr_slave_1: entered promiscuous mode
[  159.624752][T11985] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  159.636707][T11985] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  159.642665][T11985] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  159.647288][T11985] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  159.662442][T11985] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.665660][T11985] bridge0: port 2(bridge_slave_1) entered forwarding state
[  159.668309][T11985] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.671620][T11985] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.698871][T11985] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.705671][ T9321] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.709583][ T9321] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.716537][T11985] 8021q: adding VLAN 0 to HW filter on device team0
[  159.722496][ T9321] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.725070][ T9321] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.730193][ T9306] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.732544][ T9306] bridge0: port 2(bridge_slave_1) entered forwarding state
[  159.831196][T11985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  159.958698][T11985] veth0_vlan: entered promiscuous mode
[  159.963617][T11985] veth1_vlan: entered promiscuous mode
[  159.978229][T11985] veth0_macvtap: entered promiscuous mode
[  159.984149][T11985] veth1_macvtap: entered promiscuous mode
[  159.995782][T11985] batman_adv: batadv0: Interface activated: batadv_slave_0
[  160.002828][T11985] batman_adv: batadv0: Interface activated: batadv_slave_1
[  160.008912][ T9321] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  160.011900][ T9321] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  160.015422][ T9321] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  160.018351][ T9321] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.045295][ T9306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.049702][ T9306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  160.061581][ T9321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.064785][ T9321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  160.201914][T12038] __nla_validate_parse: 1 callbacks suppressed
[  160.201930][T12038] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2437'.
[  160.209767][T12038] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2437'.
[  160.283193][T12044] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2440'.
[  160.471528][T12051] overlayfs: failed to clone upperpath
[  160.510208][T12055] bridge0: entered allmulticast mode
[  160.513055][T12055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2445'.
[  160.794851][T12073] overlayfs: failed to clone upperpath
[  160.829237][T12075] netlink: 'syz.2.2453': attribute type 10 has an invalid length.
[  161.347701][ T5338] Bluetooth: hci2: command tx timeout
[  161.502140][T12086] netlink: 'syz.1.2458': attribute type 1 has an invalid length.
[  161.514974][T12086] 8021q: adding VLAN 0 to HW filter on device bond8
[  161.546577][T12086] bond8: (slave veth17): Enslaving as an active interface with a down link
[  161.573834][T12086] dummy0: left promiscuous mode
[  161.579114][T12086] bond8: (slave dummy0): making interface the new active one
[  161.582124][T12086] dummy0: entered promiscuous mode
[  161.584049][T12086] bond8: (slave dummy0): Enslaving as an active interface with an up link
[  161.672843][T12091] netlink: 'syz.1.2460': attribute type 5 has an invalid length.
[  161.995582][T12123] overlayfs: failed to clone upperpath
[  162.970164][T12196] vivid-004: disconnect
[  162.973480][T12194] vivid-004: reconnect
[  163.049473][T12199] netlink: 2036 bytes leftover after parsing attributes in process `syz.4.2504'.
[  163.052454][T12199] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2504'.
[  163.427830][ T5338] Bluetooth: hci2: command tx timeout
[  163.437327][T12204] netlink: 892 bytes leftover after parsing attributes in process `syz.2.2506'.
[  163.441017][T12204] netlink: 892 bytes leftover after parsing attributes in process `syz.2.2506'.
[  163.780176][T12215] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  163.961080][T12229] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2515'.
[  164.139136][T12243] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2522'.
[  164.568033][T12258] netlink: 'syz.2.2528': attribute type 10 has an invalid length.
[  165.214449][T12293] __nla_validate_parse: 1 callbacks suppressed
[  165.214464][T12293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2541'.
[  165.509010][ T5338] Bluetooth: hci2: command tx timeout
[  165.747385][   T40] kauditd_printk_skb: 68 callbacks suppressed
[  165.747403][   T40] audit: type=1326 audit(1755890313.132:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.1.2546" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x0
[  166.057201][T12295] Set syz1 is full, maxelem 65536 reached
[  166.635988][T12333] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2551'.
[  166.751231][ T6035] kernel read not supported for file inotify (pid: 6035 comm: kworker/2:3)
[  166.830727][T12345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2556'.
[  166.877710][T12349] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2558'.
[  167.241469][   T40] audit: type=1326 audit(1755890314.632:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12387 comm="syz.2.2576" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x0
[  167.587728][ T5338] Bluetooth: hci2: command tx timeout
[  168.083118][T12391] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2577'.
[  168.113191][T12397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2580'.
[  168.345612][T12411] overlayfs: failed to clone upperpath
[  168.993790][T12429] uprobe: syz.1.2594:12429 failed to unregister, leaking uprobe
[  169.067141][T12432] netlink: 'syz.1.2595': attribute type 2 has an invalid length.
[  169.138535][T12436] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2597'.
[  169.404086][T12448] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  169.994164][T12471] netlink: 2048 bytes leftover after parsing attributes in process `syz.4.2611'.
[  169.997097][T12471] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2611'.
[  170.252451][T12477] netlink: 'syz.2.2614': attribute type 3 has an invalid length.
[  170.254988][T12477] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2614'.
[  170.588784][T12488] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  170.790567][T12490] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2620'.
[  170.795608][T12490] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2620'.
[  170.800977][T12490] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2620'.
[  170.805961][T12490] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2620'.
[  170.924067][ T5339] libceph: connect (1)[c::]:6789 error -101
[  170.926218][ T5339] libceph: mon0 (1)[c::]:6789 connect error
[  170.947977][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  170.965783][T12495] ceph: No mds server is up or the cluster is laggy
[  172.158140][T12529] overlayfs: failed to clone upperpath
[  172.316241][T12537] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2640'.
[  172.484718][T12547] dvmrp8: entered allmulticast mode
[  172.493125][T12546] dvmrp8: left allmulticast mode
[  172.837734][ T9321] dummy0: left promiscuous mode
[  172.903785][T12570] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[  173.011591][T12580] overlayfs: failed to clone upperpath
[  173.100910][T12588] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2659'.
[  173.107634][T12588] bond1: (slave vxcan1): Releasing backup interface
[  173.111110][T12588] bond1: Destroying bond
[  173.114446][T12588] bond1 (unregistering): Released all slaves
[  173.700826][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2663'.
[  173.704502][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2663'.
[  173.707852][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2663'.
[  173.805171][T12609] overlayfs: failed to clone upperpath
[  173.831989][T12613] uprobe: syz.2.2669:12613 failed to unregister, leaking uprobe
[  173.865712][   T40] audit: type=1804 audit(1755890321.252:150): pid=12615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2670" name="file0" dev="tmpfs" ino=5229 res=1 errno=0
[  173.865909][T12615] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1
[  173.874774][T12615] ref_ctr increment failed for inode: 0x146d offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801b87d600
[  173.965369][T12619] overlayfs: failed to clone upperpath
[  174.087902][T12632] netlink: 'syz.2.2678': attribute type 1 has an invalid length.
[  174.098993][T12632] 8021q: adding VLAN 0 to HW filter on device bond2
[  174.122697][T12632] bond2: (slave veth11): Enslaving as an active interface with a down link
[  174.144017][T12632] 8021q: adding VLAN 0 to HW filter on device batadv1
[  174.146487][T12632] bond2: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  174.271058][T12643] overlayfs: failed to clone upperpath
[  174.322592][T12647] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1
[  174.324627][   T40] audit: type=1804 audit(1755890321.712:151): pid=12647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2685" name="file0" dev="tmpfs" ino=3434 res=1 errno=0
[  174.325336][T12647] ref_ctr increment failed for inode: 0xd6a offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88806c5f35c0
[  174.454027][T12654] overlayfs: failed to clone upperpath
[  175.478943][T12687] vlan0: left promiscuous mode
[  175.480438][T12687] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  175.807846][T12711] __nla_validate_parse: 2 callbacks suppressed
[  175.807858][T12711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2713'.
[  175.837434][T12714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2715'.
[  175.841523][T12714] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2715'.
[  175.891879][T12722] overlayfs: failed to clone upperpath
[  177.180293][T12757] netlink: 'syz.1.2732': attribute type 10 has an invalid length.
[  177.184211][T12757] bond8: (slave dummy0): Releasing active interface
[  177.188770][T12757] dummy0: entered promiscuous mode
[  177.252585][ T5979] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  177.257492][ T5979] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  177.261918][ T5979] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  177.265118][ T5979] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  177.268295][ T5979] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  177.291261][T12771] overlayfs: failed to clone upperpath
[  177.294640][T12773] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2734'.
[  177.345959][T12765] chnl_net:caif_netlink_parms(): no params data found
[  177.389481][T12782] netlink: 'syz.1.2745': attribute type 3 has an invalid length.
[  177.392021][T12782] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2745'.
[  177.403662][T12765] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.406625][T12765] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.411216][T12765] bridge_slave_0: entered allmulticast mode
[  177.414466][T12765] bridge_slave_0: entered promiscuous mode
[  177.418488][T12765] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.421025][T12765] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.423610][T12765] bridge_slave_1: entered allmulticast mode
[  177.426021][T12765] bridge_slave_1: entered promiscuous mode
[  177.453641][T12765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.460143][T12765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.485476][T12765] team0: Port device team_slave_0 added
[  177.488851][T12765] team0: Port device team_slave_1 added
[  177.504485][T12765] batman_adv: batadv0: Adding interface: batadv_slave_0
[  177.506701][T12765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.514987][T12765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  177.518982][T12765] batman_adv: batadv0: Adding interface: batadv_slave_1
[  177.521237][T12765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.530546][T12765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  177.557826][T12765] hsr_slave_0: entered promiscuous mode
[  177.560216][T12765] hsr_slave_1: entered promiscuous mode
[  177.562600][T12765] debugfs: 'hsr0' already exists in 'hsr'
[  177.565491][T12765] Cannot create hsr debugfs directory
[  177.623693][T12765] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  177.627485][T12765] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  177.631093][T12765] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  177.634487][T12765] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  177.645475][T12765] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.648102][T12765] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.650539][T12765] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.652987][T12765] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.672052][T12765] 8021q: adding VLAN 0 to HW filter on device bond0
[  177.680092][T12765] 8021q: adding VLAN 0 to HW filter on device team0
[  177.685827][ T9354] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.689561][ T9354] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.696371][ T9285] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.696659][T12799] netlink: 'syz.2.2741': attribute type 10 has an invalid length.
[  177.698612][ T9285] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.708605][ T9285] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.710847][ T9285] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.736012][T12765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  177.861743][ T9322] bond1 (unregistering): (slave geneve2): Releasing active interface
[  177.934708][ T9322] bond2 (unregistering): (slave bridge2): Releasing active interface
[  177.989088][ T9322] bridge0 (unregistering): left allmulticast mode
[  178.270726][ T9322] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  178.275110][ T9322] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  178.283680][ T9322] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  178.286995][ T9322] bond0 (unregistering): Released all slaves
[  178.292465][ T9322] bond1 (unregistering): Released all slaves
[  178.296234][ T9322] bond2 (unregistering): Released all slaves
[  178.314380][T12765] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.420734][T12765] veth0_vlan: entered promiscuous mode
[  178.424659][T12765] veth1_vlan: entered promiscuous mode
[  178.429558][ T9322] IPVS: stopping master sync thread 10576 ...
[  178.433324][ T9322] batman_adv: batadv0: Removing interface: wlan1
[  178.443667][T12765] veth0_macvtap: entered promiscuous mode
[  178.446771][T12765] veth1_macvtap: entered promiscuous mode
[  178.453629][T12765] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.459293][T12765] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.464441][ T1175] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.472095][ T1175] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.476127][ T1175] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.480745][ T1175] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.514770][ T9306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.518206][ T9306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  178.534095][ T9285] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.537486][ T9285] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  178.600307][ T9322] hsr_slave_0: left promiscuous mode
[  178.608399][ T9322] hsr_slave_1: left promiscuous mode
[  178.610353][ T9322] batman_adv: batadv0: Removing interface: batadv_slave_0
[  178.613631][ T9322] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.347786][ T5338] Bluetooth: hci4: command tx timeout
[  179.415227][ T9322] team0 (unregistering): Port device team_slave_1 removed
[  179.492232][T12825] overlayfs: failed to clone upperpath
[  179.527762][ T9322] team0 (unregistering): Port device dummy0 removed
[  179.540448][   T40] audit: type=1804 audit(1755890326.932:152): pid=12827 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2748" name="file0" dev="tmpfs" ino=3596 res=1 errno=0
[  179.565412][T12829] netlink: 'syz.5.2731': attribute type 4 has an invalid length.
[  179.644625][T12839] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  179.713517][T12833] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2750'.
[  179.981675][T12863] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.989085][   T53] libceph: connect (1)[c::]:6789 error -101
[  179.991252][   T53] libceph: mon0 (1)[c::]:6789 connect error
[  180.140443][T12865] ceph: No mds server is up or the cluster is laggy
[  180.178288][   T40] audit: type=1804 audit(1755890327.572:153): pid=12872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2759" name="file0" dev="tmpfs" ino=3612 res=1 errno=0
[  180.283691][   T34] IPVS: starting estimator thread 0...
[  180.367671][T12875] IPVS: using max 29 ests per chain, 69600 per kthread
[  180.515812][T12884] lo: left promiscuous mode
[  180.731613][T12863] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.015858][T12901] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  181.425633][T12912] bridge: RTM_NEWNEIGH with invalid ether address
[  181.427706][ T5338] Bluetooth: hci4: command tx timeout
[  181.446189][T12914] overlayfs: failed to clone upperpath
[  181.770525][T12863] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.800804][T12929] tipc: Started in network mode
[  181.802432][T12929] tipc: Node identity 4, cluster identity 4711
[  181.804372][T12929] tipc: Node number set to 4
[  181.831888][T12863] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.915390][ T9321] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  181.920439][ T9321] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  181.926837][ T9321] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  181.930020][ T9321] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  182.004913][ T5338] Bluetooth: hci4: Malformed LE Event: 0x1b
[  182.153919][T12942] overlayfs: failed to clone upperpath
[  182.309156][T12952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2790'.
[  182.824152][T12961] overlayfs: failed to clone upperpath
[  182.831138][T12962] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2794'.
[  183.262973][T12978] overlayfs: failed to clone upperpath
[  183.491087][T12994] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2807'.
[  183.507683][ T5338] Bluetooth: hci4: command tx timeout
[  183.582395][T13000] overlayfs: failed to clone upperpath
[  183.668503][T13008] overlayfs: failed to clone upperpath
[  183.912695][T13016] ceph: No mds server is up or the cluster is laggy
[  184.020485][T13026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2820'.
[  184.386521][T13036] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2824'.
[  184.458372][T13042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2827'.
[  184.488982][T13044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2828'.
[  185.170794][T13063] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.597767][ T5338] Bluetooth: hci4: command tx timeout
[  185.605337][T13063] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.673732][T13063] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.743044][T13063] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.827299][ T9306] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.831452][ T9306] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  185.840146][ T9306] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  185.844259][ T9306] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  185.886702][T13093] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2845'.
[  185.892265][T13093] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2845'.
[  185.896863][T13093] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2845'.
[  186.017453][T13108] tipc: Failed to remove unknown binding: 66,1,1/10463914:2502590004/2502590006
[  186.022268][T13108] tipc: Failed to remove unknown binding: 66,1,1/10463914:2502590004/2502590006
[  186.047422][ T9306] Bluetooth: hci3: Frame reassembly failed (-84)
[  186.048781][ T5979] Bluetooth: hci3: unexpected event 0x0f length: 0 < 4
[  186.107845][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  186.690748][ T5989] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  186.693380][ T5989] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  186.696165][ T5989] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  186.703592][ T5989] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  186.711419][ T5989] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  186.765142][ T9353] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.782932][T13130] chnl_net:caif_netlink_parms(): no params data found
[  186.805769][T13144] overlayfs: failed to clone upperpath
[  186.822551][ T9353] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.863951][T13130] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.867263][T13130] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.871103][T13130] bridge_slave_0: entered allmulticast mode
[  186.878276][T13130] bridge_slave_0: entered promiscuous mode
[  186.883850][ T9353] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.888667][T13130] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.891831][T13130] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.894909][T13130] bridge_slave_1: entered allmulticast mode
[  186.900709][T13130] bridge_slave_1: entered promiscuous mode
[  186.936569][T13130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.943986][T13130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.964783][ T9353] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.988097][T13130] team0: Port device team_slave_0 added
[  186.992346][T13130] team0: Port device team_slave_1 added
[  187.022235][T13130] batman_adv: batadv0: Adding interface: batadv_slave_0
[  187.025205][T13130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.036003][T13130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  187.043054][T13130] batman_adv: batadv0: Adding interface: batadv_slave_1
[  187.046160][T13130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.057717][T13130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  187.096088][T13130] hsr_slave_0: entered promiscuous mode
[  187.099158][T13130] hsr_slave_1: entered promiscuous mode
[  187.101439][T13130] debugfs: 'hsr0' already exists in 'hsr'
[  187.103592][T13130] Cannot create hsr debugfs directory
[  187.113251][ T9353] bridge_slave_1: left allmulticast mode
[  187.115665][ T9353] bridge_slave_1: left promiscuous mode
[  187.118847][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.122843][ T9353] bridge_slave_0: left allmulticast mode
[  187.125109][ T9353] bridge_slave_0: left promiscuous mode
[  187.127643][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.224415][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.229230][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.233243][ T9353] bond0 (unregistering): Released all slaves
[  187.292380][T13130] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  187.295933][T13130] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  187.299685][T13130] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  187.304627][T13130] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  187.334252][T13130] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.342227][T13130] 8021q: adding VLAN 0 to HW filter on device team0
[  187.347673][ T9306] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.350303][ T9306] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.356117][ T9322] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.359217][ T9322] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.445349][T13130] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.471770][ T9353] hsr_slave_0: left promiscuous mode
[  187.474342][ T9353] hsr_slave_1: left promiscuous mode
[  187.476305][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.478875][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.481736][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.484153][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.488371][ T9353] veth1_macvtap: left promiscuous mode
[  187.490122][ T9353] veth0_macvtap: left promiscuous mode
[  187.491958][ T9353] veth1_vlan: left promiscuous mode
[  187.493623][ T9353] veth0_vlan: left promiscuous mode
[  187.548812][ T9353] team0 (unregistering): Port device team_slave_1 removed
[  187.553729][ T9353] team0 (unregistering): Port device team_slave_0 removed
[  187.666181][T13130] veth0_vlan: entered promiscuous mode
[  187.670645][T13130] veth1_vlan: entered promiscuous mode
[  187.680889][T13130] veth0_macvtap: entered promiscuous mode
[  187.684467][T13130] veth1_macvtap: entered promiscuous mode
[  187.691770][T13130] batman_adv: batadv0: Interface activated: batadv_slave_0
[  187.696723][T13130] batman_adv: batadv0: Interface activated: batadv_slave_1
[  187.702442][ T1175] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  187.706242][ T1175] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  187.710618][ T1175] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  187.714335][ T1175] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  187.736336][ T1175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.739001][ T1175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.747250][ T1175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.750116][ T1175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  188.067735][ T5989] Bluetooth: hci3: command 0x1003 tx timeout
[  188.067832][ T5338] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  188.091811][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.094225][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.096662][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.100268][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.103230][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.106002][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.108625][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.111009][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.113492][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.115884][    C3] IPv4: Oversized IP packet from 172.20.20.10
[  188.787768][ T5338] Bluetooth: hci2: command tx timeout
[  188.854828][T13205] netlink: 'syz.2.2884': attribute type 13 has an invalid length.
[  188.858479][T13205] netlink: 'syz.2.2884': attribute type 17 has an invalid length.
[  188.872777][T13205] sit0: left promiscuous mode
[  188.984840][T13207] netlink: 'syz.2.2885': attribute type 4 has an invalid length.
[  188.995766][T13207] netlink: 'syz.2.2885': attribute type 4 has an invalid length.
[  189.315227][T13219] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  189.322111][T13219] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  189.369209][T13219] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  189.430824][ T9321] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  189.433796][ T9321] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  189.436635][ T9321] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  189.441881][ T9321] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  189.498232][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  189.682236][T13251] overlayfs: failed to clone upperpath
[  189.780671][T13259] overlayfs: failed lookup in lower (newroot/24, name='bus', err=-40): overlapping layers
[  189.918102][T13271] __nla_validate_parse: 3 callbacks suppressed
[  189.918115][T13271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2911'.
[  190.738951][T13289] gtp0: entered promiscuous mode
[  190.861403][T13301] tipc: New replicast peer: 255.255.255.255
[  190.863697][T13301] tipc: Enabled bearer <udp:syz2>, priority 10
[  190.866259][T13301] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2923'.
[  190.867834][ T5338] Bluetooth: hci2: command tx timeout
[  190.871818][T13301] tipc: Disabling bearer <udp:syz2>
[  192.472923][T13343] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2939'.
[  192.544055][T13349] futex_wake_op: syz.5.2942 tries to shift op by -1; fix this program
[  192.896507][T13363] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2949'.
[  192.928809][T13363] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2949'.
[  192.948615][ T5338] Bluetooth: hci2: command tx timeout
[  193.363095][T13377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2955'.
[  193.403316][T13386] overlayfs: failed to clone upperpath
[  194.254382][T13407] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  194.517441][T13414] netlink: 'syz.1.2969': attribute type 4 has an invalid length.
[  194.524168][T13414] netlink: 'syz.1.2969': attribute type 4 has an invalid length.
[  195.037668][ T5338] Bluetooth: hci2: command tx timeout
[  195.436653][T13426] tipc: New replicast peer: 255.255.255.255
[  195.441545][T13426] tipc: Enabled bearer <udp:syz2>, priority 10
[  196.197483][T13446] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2981'.
[  196.467208][T13451] fuse: root generation should be zero
[  197.380952][T13473] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2990'.
[  198.392927][T13496] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  198.550787][T13509] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3004'.
[  199.349037][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  199.351634][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  199.587329][T13539] overlayfs: failed to clone upperpath
[  199.590119][T13541] overlayfs: failed to clone upperpath
[  200.928307][T13613] overlayfs: failed to clone upperpath
[  201.005589][T13621] overlayfs: failed to clone upperpath
[  201.612838][T13631] overlayfs: failed to clone upperpath
[  201.800408][T13643] overlayfs: failed to clone upperpath
[  201.876314][T13654] overlayfs: failed to clone lowerpath
[  201.882552][T13654] overlayfs: failed to clone upperpath
[  202.109513][T13671] ref_ctr increment failed for inode: 0x17ca offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880253fe0c0
[  202.110162][   T40] audit: type=1804 audit(1755890349.502:154): pid=13671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3067" name="file0" dev="tmpfs" ino=6090 res=1 errno=0
[  202.115019][T13670] uprobe: syz.1.3067:13670 failed to unregister, leaking uprobe
[  202.409837][T13686] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3073'.
[  202.449851][   T40] audit: type=1804 audit(1755890349.842:155): pid=13688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3074" name="file0" dev="ramfs" ino=40813 res=1 errno=0
[  202.501168][T13645] net_ratelimit: 23 callbacks suppressed
[  202.501182][T13645] Set syz1 is full, maxelem 65536 reached
[  202.576868][T13700] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3080'.
[  202.588468][T13703] 9pnet: Found fid 0 not clunked
[  202.592693][T13700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3080'.
[  202.615707][T13705] syz_tun: entered promiscuous mode
[  202.618321][T13705] batadv_slave_0: entered promiscuous mode
[  202.620484][T13705] hsr0: Slave A (syz_tun) is not up; please bring it up to get a fully working HSR network
[  202.623638][T13705] hsr0: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network
[  202.627065][T13705] hsr0: entered allmulticast mode
[  202.629330][T13705] syz_tun: entered allmulticast mode
[  202.631038][T13705] batadv_slave_0: entered allmulticast mode
[  202.717939][T13721] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  202.908382][ T5989] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  202.910817][ T5989] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  202.913738][ T5989] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  202.916320][ T5989] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  202.919231][ T5989] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  202.975109][T13756] overlayfs: failed to clone upperpath
[  202.978229][T13744] chnl_net:caif_netlink_parms(): no params data found
[  203.013385][T13744] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.015987][T13744] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.018391][T13744] bridge_slave_0: entered allmulticast mode
[  203.020700][T13744] bridge_slave_0: entered promiscuous mode
[  203.023350][T13744] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.023568][T13764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3105'.
[  203.025828][T13744] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.031276][T13744] bridge_slave_1: entered allmulticast mode
[  203.034345][T13744] bridge_slave_1: entered promiscuous mode
[  203.056152][T13744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.060890][T13744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.076796][ T1175] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.091030][T13744] team0: Port device team_slave_0 added
[  203.094590][T13744] team0: Port device team_slave_1 added
[  203.119033][T13744] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.121379][T13744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.130582][T13744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.136020][ T1175] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.140398][T13744] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.142575][T13744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.151490][T13744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.172723][T13744] hsr_slave_0: entered promiscuous mode
[  203.174993][T13744] hsr_slave_1: entered promiscuous mode
[  203.177074][T13744] debugfs: 'hsr0' already exists in 'hsr'
[  203.179052][T13744] Cannot create hsr debugfs directory
[  203.203675][ T1175] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.260554][ T1175] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.270240][T13744] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  203.273830][T13744] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  203.277240][T13744] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  203.282115][T13744] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  203.292329][T13744] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.294910][T13744] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.297319][T13744] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.299574][T13744] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.319955][T13744] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.326270][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.330696][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.335930][T13744] 8021q: adding VLAN 0 to HW filter on device team0
[  203.341730][ T9353] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.344159][ T9353] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.351903][ T9285] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.354199][ T9285] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.366275][ T1175] bridge_slave_1: left allmulticast mode
[  203.368760][ T1175] bridge_slave_1: left promiscuous mode
[  203.371205][ T1175] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.375438][ T1175] bridge_slave_0: left allmulticast mode
[  203.377231][ T1175] bridge_slave_0: left promiscuous mode
[  203.380352][ T1175] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.454358][ T1175] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  203.458008][ T1175] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  203.461226][ T1175] bond0 (unregistering): Released all slaves
[  203.565025][T13744] 8021q: adding VLAN 0 to HW filter on device batadv0
[  203.689460][T13744] veth0_vlan: entered promiscuous mode
[  203.693691][T13744] veth1_vlan: entered promiscuous mode
[  203.708551][ T1175] hsr_slave_0: left promiscuous mode
[  203.711312][ T1175] hsr_slave_1: left promiscuous mode
[  203.713977][ T1175] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.717172][ T1175] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.721007][ T1175] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.723627][ T1175] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.728035][ T1175] veth1_macvtap: left promiscuous mode
[  203.729777][ T1175] veth0_macvtap: left promiscuous mode
[  203.731576][ T1175] veth1_vlan: left promiscuous mode
[  203.733287][ T1175] veth0_vlan: left promiscuous mode
[  203.823673][ T1175] team0 (unregistering): Port device team_slave_1 removed
[  203.833490][ T1175] team0 (unregistering): Port device team_slave_0 removed
[  203.867192][T13744] veth0_macvtap: entered promiscuous mode
[  203.871578][T13814] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  203.875677][T13744] veth1_macvtap: entered promiscuous mode
[  203.884106][T13744] batman_adv: batadv0: Interface activated: batadv_slave_0
[  203.889472][T13744] batman_adv: batadv0: Interface activated: batadv_slave_1
[  203.896104][ T9353] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  203.899804][ T9353] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  203.903306][ T9353] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  203.906291][ T9353] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  203.923654][ T9285] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.926989][ T9285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.936952][ T9285] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.940840][ T9285] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  204.011066][   T40] audit: type=1804 audit(1755890351.402:156): pid=13825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3124" name="file0" dev="tmpfs" ino=6226 res=1 errno=0
[  204.227083][T13832] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3127'.
[  204.380015][T13847] overlayfs: failed to clone upperpath
[  204.505308][T13860] overlayfs: failed to clone lowerpath
[  204.509123][T13860] overlayfs: failed to clone upperpath
[  204.629788][   T40] audit: type=1804 audit(1755890352.022:157): pid=13867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3142" name="file0" dev="tmpfs" ino=6312 res=1 errno=0
[  204.638937][T13867] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1
[  204.641654][T13867] ref_ctr increment failed for inode: 0x18a8 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802478d600
[  204.905209][T13890] bridge: RTM_NEWNEIGH with invalid ether address
[  204.945797][T13894] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  204.947875][ T5989] Bluetooth: hci2: command tx timeout
[  205.731159][T13919] veth0_vlan: entered allmulticast mode
[  205.740527][T13919] veth0_vlan: left promiscuous mode
[  205.742376][T13919] veth0_vlan: entered promiscuous mode
[  205.930806][   T40] audit: type=1326 audit(1755890353.322:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13905 comm="syz.1.3153" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x7fc00000
[  205.954943][T13930] batman_adv: batadv0: Adding interface: dummy0
[  205.957892][T13930] batman_adv: batadv0: The MTU of interface dummy0 is too small (1280) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1340.
[  205.966397][T13930] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  205.977003][T13930] netlink: 'syz.1.3163': attribute type 10 has an invalid length.
[  205.980436][T13930] batadv0: left promiscuous mode
[  205.983611][T13930] 8021q: adding VLAN 0 to HW filter on device batadv0
[  205.986302][T13930] batadv0: entered promiscuous mode
[  205.988489][T13930] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  206.062870][T13225] IPVS: starting estimator thread 0...
[  206.147891][T13943] IPVS: using max 58 ests per chain, 139200 per kthread
[  206.317778][T13966] netlink: 'syz.1.3177': attribute type 1 has an invalid length.
[  206.332098][T13966] 8021q: adding VLAN 0 to HW filter on device bond9
[  206.335261][T13966] bond1: (slave bond9): making interface the new active one
[  206.338374][T13966] bond1: (slave bond9): Enslaving as an active interface with an up link
[  206.344131][T13966] bridge0: Device is already in use.
[  207.027970][ T5989] Bluetooth: hci2: command tx timeout
[  207.126448][T13999] kvm: pic: non byte read
[  207.129703][T13999] kvm: pic: non byte read
[  207.132968][T13999] kvm: pic: non byte read
[  207.136069][T13999] kvm: pic: non byte read
[  207.139145][T13999] kvm: pic: non byte read
[  207.141982][T13999] kvm: pic: level sensitive irq not supported
[  207.142219][T13999] kvm: pic: non byte read
[  207.146962][T13999] kvm: pic: single mode not supported
[  207.146970][T13999] kvm: pic: level sensitive irq not supported
[  207.149107][T13999] kvm: pic: non byte read
[  207.153997][T13999] kvm: pic: level sensitive irq not supported
[  207.154265][T13999] kvm: pic: non byte read
[  207.159198][T13999] kvm: pic: single mode not supported
[  207.159205][T13999] kvm: pic: level sensitive irq not supported
[  207.161231][T13999] kvm: pic: non byte read
[  207.173552][T14002] tipc: Failed to remove unknown binding: 66,1,1/4:1652569001/1652569003
[  207.176326][T14002] tipc: Failed to remove unknown binding: 66,1,1/4:1652569001/1652569003
[  207.285556][T14018] wg2: entered promiscuous mode
[  207.287264][T14018] wg2: entered allmulticast mode
[  207.392854][T14034] overlayfs: failed to get inode (-116)
[  207.395066][T14034] overlayfs: failed to get inode (-116)
[  208.470784][T14084] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  208.788400][T14100] netlink: 'syz.2.3223': attribute type 4 has an invalid length.
[  208.792838][T14100] netlink: 'syz.2.3223': attribute type 4 has an invalid length.
[  209.107696][ T5989] Bluetooth: hci2: command tx timeout
[  209.228201][   T40] audit: type=1800 audit(1755890356.622:159): pid=14082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.3212" name="/" dev="fuse" ino=5 res=0 errno=0
[  209.626516][T14153] binder_alloc: 14151: binder_alloc_buf size 12280 failed, no address space
[  209.633569][T14153] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[  209.833021][ T6042] IPVS: starting estimator thread 0...
[  209.917941][T14173] IPVS: using max 57 ests per chain, 136800 per kthread
[  209.993761][T14182] netlink: 'syz.7.3255': attribute type 13 has an invalid length.
[  209.996197][T14182] netlink: 'syz.7.3255': attribute type 17 has an invalid length.
[  210.148041][T14182] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  210.285780][T14189] õý
[  210.503124][T14195] overlayfs: failed to clone upperpath
[  210.687196][T14208] netlink: 'syz.1.3265': attribute type 13 has an invalid length.
[  210.690669][T14208] netlink: 'syz.1.3265': attribute type 17 has an invalid length.
[  210.693942][T14208] tunl0: left promiscuous mode
[  210.696525][T14208] gre0: left promiscuous mode
[  210.699170][T14208] gretap0: left promiscuous mode
[  210.795178][T14208] erspan0: left promiscuous mode
[  210.820067][T14208] ip_vti0: left promiscuous mode
[  210.822171][T14208] ip6_vti0: left promiscuous mode
[  210.824323][T14208] sit0: left promiscuous mode
[  210.827418][T14208] ip6tnl0: left promiscuous mode
[  210.829683][T14208] ip6gre0: left promiscuous mode
[  210.831881][T14208] syz_tun: left promiscuous mode
[  210.856416][T14208] ip6gretap0: left promiscuous mode
[  210.875671][T14208] vcan0: left promiscuous mode
[  210.878208][T14208] bond0: left promiscuous mode
[  210.879881][T14208] bond_slave_0: left promiscuous mode
[  210.881661][T14208] batadv0: left promiscuous mode
[  210.883805][T14208] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.886336][T14208] team0: left promiscuous mode
[  210.888362][T14208] 8021q: adding VLAN 0 to HW filter on device team0
[  210.891674][T14208] batman_adv: batadv0: Interface activated: dummy0
[  210.893678][T14208] batadv0: mtu less than device minimum
[  210.895609][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.898902][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.902106][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.905291][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.908513][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.911750][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.915026][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.918331][T14208] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  210.924261][T14208] nlmon0: left promiscuous mode
[  210.926390][T14208] caif0: left promiscuous mode
[  210.962333][T14211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3266'.
[  210.965435][T14211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3266'.
[  210.968908][T14211] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3266'.
[  211.134734][T14240] overlayfs: failed to clone upperpath
[  211.187655][ T5989] Bluetooth: hci2: command tx timeout
[  211.217978][ T6856] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  211.265013][T14238] batman_adv: batadv0: Interface deactivated: dummy0
[  211.290423][ T9284] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 20004 - 0
[  211.293032][ T9284] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 20004 - 0
[  211.296057][ T9284] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 20004 - 0
[  211.299896][ T9284] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 20004 - 0
[  211.367684][ T6856] usb 10-1: Using ep0 maxpacket: 16
[  211.370524][ T6856] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  211.374912][ T6856] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  211.377984][ T6856] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.380516][ T6856] usb 10-1: Product: syz
[  211.381834][ T6856] usb 10-1: Manufacturer: syz
[  211.383315][ T6856] usb 10-1: SerialNumber: syz
[  211.385576][ T6856] usb 10-1: config 0 descriptor??
[  211.389148][ T6856] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  211.392065][ T6856] em28xx 10-1:0.0: DVB interface 0 found: bulk
[  211.992459][ T6856] em28xx 10-1:0.0: unknown em28xx chip ID (0)
[  212.397454][ T6856] em28xx 10-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  212.400147][ T6856] em28xx 10-1:0.0: board has no eeprom
[  213.437722][T14214] em28xx 10-1:0.0: reading from i2c device at 0x0 failed (error=-5)
[  213.497864][ T6856] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  213.500610][ T6856] em28xx 10-1:0.0: dvb set to bulk mode.
[  213.503328][   T54] em28xx 10-1:0.0: Binding DVB extension
[  213.506253][ T6856] usb 10-1: USB disconnect, device number 2
[  213.508989][ T6856] em28xx 10-1:0.0: Disconnecting em28xx
[  213.524264][   T54] em28xx 10-1:0.0: Registering input extension
[  213.526307][ T6856] em28xx 10-1:0.0: Closing input extension
[  213.529760][ T6856] em28xx 10-1:0.0: Freeing device
[  213.964129][   T40] audit: type=1326 audit(1755890361.352:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14255 comm="syz.1.3282" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x0
[  214.010737][T14254] netlink: 'syz.5.3281': attribute type 13 has an invalid length.
[  214.013334][T14254] netlink: 'syz.5.3281': attribute type 17 has an invalid length.
[  215.188476][T14534] netlink: 'syz.2.3300': attribute type 13 has an invalid length.
[  215.190967][T14534] netlink: 'syz.2.3300': attribute type 17 has an invalid length.
[  215.205747][T14534] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.209640][T14534] net_ratelimit: 13 callbacks suppressed
[  215.209647][T14534] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  215.280896][T14546] overlayfs: failed to clone upperpath
[  215.527389][T14561] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3312'.
[  215.566146][T14563] Invalid ELF header magic: != ELF
[  215.643633][T14565] netlink: 'syz.2.3314': attribute type 13 has an invalid length.
[  215.646513][T14565] netlink: 'syz.2.3314': attribute type 17 has an invalid length.
[  215.651649][T14565] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  215.830839][T14580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  215.882621][   T40] audit: type=1326 audit(1755890363.272:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14585 comm="syz.1.3324" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x0
[  215.885339][T14580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  215.945894][T14580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  216.261564][T14589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3325'.
[  217.010761][T14632] overlayfs: failed to clone upperpath
[  217.639832][   T40] audit: type=1326 audit(1755890365.032:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.647491][   T40] audit: type=1326 audit(1755890365.032:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.654259][   T40] audit: type=1326 audit(1755890365.032:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.661913][   T40] audit: type=1326 audit(1755890365.032:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.669862][   T40] audit: type=1326 audit(1755890365.032:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.679877][   T40] audit: type=1326 audit(1755890365.032:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.686995][   T40] audit: type=1326 audit(1755890365.032:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.699566][   T40] audit: type=1326 audit(1755890365.032:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.706581][   T40] audit: type=1326 audit(1755890365.032:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14668 comm="syz.2.3363" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf706e579 code=0x7ffc0000
[  217.834644][T14690] ptrace attach of "/syz-executor exec"[12765] was attempted by "/syz-executor exec"[14690]
[  218.825914][T14717] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3372'.
[  220.239933][T14751] bridge_slave_0: left allmulticast mode
[  220.241978][T14751] bridge_slave_0: left promiscuous mode
[  220.243940][T14751] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.248138][T14751] bridge_slave_1: left allmulticast mode
[  220.250065][T14751] bridge_slave_1: left promiscuous mode
[  220.252198][T14751] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.257957][T14751] bond0: (slave bond_slave_0): Releasing backup interface
[  220.263490][T14751] bond0: (slave bond_slave_1): Releasing backup interface
[  220.270424][T14751] team0: Port device team_slave_0 removed
[  220.274606][T14751] team0: Port device team_slave_1 removed
[  220.276999][T14751] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  220.279679][T14751] batman_adv: batadv0: Removing interface: batadv_slave_0
[  220.282756][T14751] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  220.285114][T14751] batman_adv: batadv0: Removing interface: batadv_slave_1
[  220.412659][T14758] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3388'.
[  221.013710][T14785] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.101656][T14793] Set syz0 is full, maxelem 0 reached
[  221.125699][T14785] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.181009][T14785] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.240224][T14785] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.289683][ T1175] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.292455][ T1175] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.299283][ T1175] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.307887][ T1175] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.554611][   T40] kauditd_printk_skb: 12 callbacks suppressed
[  221.554627][   T40] audit: type=1326 audit(1755890368.942:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14819 comm="syz.5.3413" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x0
[  221.664117][T14825] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3415'.
[  222.508510][T14835] tipc: Started in network mode
[  222.510133][T14835] tipc: Node identity ac14140f, cluster identity 4711
[  222.512430][T14835] tipc: New replicast peer: 255.255.255.255
[  222.514536][T14835] tipc: Enabled bearer <udp:s>, priority 10
[  223.647756][T12821] tipc: Node number set to 2886997007
[  231.235534][ T5338] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  231.239251][ T5338] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  231.242103][ T5338] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  231.245000][ T5338] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  231.248729][ T5338] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  231.359408][T14875] chnl_net:caif_netlink_parms(): no params data found
[  231.413100][T14875] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.415411][T14875] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.417777][T14875] bridge_slave_0: entered allmulticast mode
[  231.420057][T14875] bridge_slave_0: entered promiscuous mode
[  231.422747][T14875] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.424932][T14875] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.427180][T14875] bridge_slave_1: entered allmulticast mode
[  231.429662][T14875] bridge_slave_1: entered promiscuous mode
[  231.447607][T14875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  231.452483][T14875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  231.457413][ T9306] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.477681][T14875] team0: Port device team_slave_0 added
[  231.480473][T14875] team0: Port device team_slave_1 added
[  231.497390][T14875] batman_adv: batadv0: Adding interface: batadv_slave_0
[  231.499735][T14875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.508723][T14875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  231.513941][T14875] batman_adv: batadv0: Adding interface: batadv_slave_1
[  231.516677][T14875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  231.527155][T14875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  231.533573][ T9306] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.567983][T14875] hsr_slave_0: entered promiscuous mode
[  231.570542][T14875] hsr_slave_1: entered promiscuous mode
[  231.572974][T14875] debugfs: 'hsr0' already exists in 'hsr'
[  231.575352][T14875] Cannot create hsr debugfs directory
[  231.596149][ T9306] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.635943][T14887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3434'.
[  231.651610][T14887] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3434'.
[  231.673865][T14875] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  231.678027][T14875] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  231.681574][T14875] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  231.685043][T14875] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  231.697795][ T9306] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.712104][T14875] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.714641][T14875] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.717996][T14875] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.720532][T14875] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.743377][T14910] futex_wake_op: syz.2.3442 tries to shift op by -1; fix this program
[  231.758547][T14875] 8021q: adding VLAN 0 to HW filter on device bond0
[  231.783663][ T9321] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.791798][ T9321] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.801616][T14875] 8021q: adding VLAN 0 to HW filter on device team0
[  231.808327][ T9306] bridge_slave_1: left allmulticast mode
[  231.810952][ T9306] bridge_slave_1: left promiscuous mode
[  231.813413][ T9306] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.819889][ T9306] bridge_slave_0: left allmulticast mode
[  231.822182][ T9306] bridge_slave_0: left promiscuous mode
[  231.824645][ T9306] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.954633][ T9306] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  231.959006][ T9306] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  231.962748][ T9306] bond0 (unregistering): Released all slaves
[  231.970475][ T9353] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.973768][ T9353] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.979756][ T9322] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.982081][ T9322] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.082085][T14875] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.176906][T14875] veth0_vlan: entered promiscuous mode
[  232.180568][T14875] veth1_vlan: entered promiscuous mode
[  232.190979][T14875] veth0_macvtap: entered promiscuous mode
[  232.194026][T14875] veth1_macvtap: entered promiscuous mode
[  232.200860][T14875] batman_adv: batadv0: Interface activated: batadv_slave_0
[  232.205755][T14875] batman_adv: batadv0: Interface activated: batadv_slave_1
[  232.212008][ T9306] hsr_slave_0: left promiscuous mode
[  232.213944][ T9306] hsr_slave_1: left promiscuous mode
[  232.216210][ T9306] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  232.219220][ T9306] batman_adv: batadv0: Removing interface: batadv_slave_0
[  232.221961][ T9306] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  232.224242][ T9306] batman_adv: batadv0: Removing interface: batadv_slave_1
[  232.228763][ T9306] veth1_macvtap: left promiscuous mode
[  232.230448][ T9306] veth0_macvtap: left promiscuous mode
[  232.232116][ T9306] veth1_vlan: left promiscuous mode
[  232.297378][ T9306] team0 (unregistering): Port device team_slave_1 removed
[  232.304898][ T9306] team0 (unregistering): Port device team_slave_0 removed
[  232.356872][ T1175] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.360135][ T1175] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.364653][ T1175] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.367372][ T1175] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  232.387289][ T9353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.389873][ T9353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.406126][ T1175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  232.409483][ T1175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  232.436993][T14940] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.532100][T14943] netlink: 'syz.5.3447': attribute type 10 has an invalid length.
[  232.536538][T14943] 8021q: adding VLAN 0 to HW filter on device team0
[  232.548902][T14943] vlan2: entered promiscuous mode
[  232.550818][T14943] team0: entered promiscuous mode
[  232.552511][T14943] vlan2: entered allmulticast mode
[  232.554095][T14943] team0: entered allmulticast mode
[  232.556213][T14943] bond0: (slave vlan2): Opening slave failed
[  232.562755][T14940] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.660491][T14940] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.681413][T14953] futex_wake_op: syz.1.3450 tries to shift op by -1; fix this program
[  232.772030][T14940] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.844661][ T9306] IPVS: stop unused estimator thread 0...
[  233.267858][ T5989] Bluetooth: hci2: command tx timeout
[  233.606900][T14974] overlayfs: failed to clone upperpath
[  234.124282][ T9321] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.129364][ T9321] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.135230][ T9321] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.140829][ T9321] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.644965][T15017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3478'.
[  234.651053][T15017] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3478'.
[  235.347797][ T5989] Bluetooth: hci2: command tx timeout
[  235.411909][T15030] 9pnet: p9_errstr2errno: server reported unknown error 184467440737
[  236.628489][T15056] overlayfs: failed to clone upperpath
[  236.662652][T15066] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  236.696393][T15075] netdevsim netdevsim8 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.793517][T15082] overlayfs: failed to clone upperpath
[  236.800521][T15075] netdevsim netdevsim8 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.861899][T15075] netdevsim netdevsim8 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.870441][T15092] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3502'.
[  236.891930][T15094] overlayfs: failed to clone upperpath
[  236.920160][T15075] netdevsim netdevsim8 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.437996][ T5989] Bluetooth: hci2: command tx timeout
[  238.075967][ T9285] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  238.085787][ T9285] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  238.090775][ T9285] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  238.097406][ T9285] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  238.157935][T15123] overlayfs: failed to clone upperpath
[  238.350050][T15138] netlink: 'syz.8.3519': attribute type 4 has an invalid length.
[  238.360706][T15138] netlink: 'syz.8.3519': attribute type 4 has an invalid length.
[  238.698008][T15152] overlayfs: failed to clone upperpath
[  238.726983][T15155] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3525'.
[  238.752993][T15158] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3527'.
[  238.810553][T15163] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3529'.
[  238.818219][T15163] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3529'.
[  239.507688][ T5989] Bluetooth: hci2: command tx timeout
[  239.818966][T15190] netlink: 'syz.2.3537': attribute type 4 has an invalid length.
[  239.829370][T15190] netlink: 'syz.2.3537': attribute type 4 has an invalid length.
[  240.707714][ T5989] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  240.710210][ T5989] Bluetooth: hci4: Injecting HCI hardware error event
[  240.712312][ T5989] Bluetooth: hci4: hardware error 0x00
[  242.312116][T15228] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  242.376653][T15243] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3554'.
[  242.787648][ T5989] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  243.414783][T15265] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3564'.
[  243.419908][T15265] macsec1: entered promiscuous mode
[  243.421663][T15265] macsec1: entered allmulticast mode
[  243.423436][T15265] veth1_to_hsr: entered allmulticast mode
[  243.427324][T15265] veth1_to_hsr: left allmulticast mode
[  243.544490][T15273] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3568'.
[  244.474407][T15288] overlayfs: failed to clone upperpath
[  244.883646][T15307] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3580'.
[  245.410021][T15318] netlink: 56 bytes leftover after parsing attributes in process `syz.8.3585'.
[  245.619102][T15343] overlayfs: failed to clone upperpath
[  245.761867][   T40] audit: type=1804 audit(1755890393.152:184): pid=15357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.3602" name="/newroot/34/file0" dev="tmpfs" ino=214 res=1 errno=0
[  245.762045][T15357] ref_ctr increment failed for inode: 0xd6 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88801336eb80
[  245.787900][T15356] uprobe: syz.8.3602:15356 failed to unregister, leaking uprobe
[  246.086355][T15369] pim6reg1: entered promiscuous mode
[  246.088544][T15369] pim6reg1: entered allmulticast mode
[  247.421477][T15383] Set syz1 is full, maxelem 65536 reached
[  247.439861][T15409] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3618'.
[  247.444643][T15409] veth1_to_hsr: entered promiscuous mode
[  247.446509][T15409] macsec1: entered promiscuous mode
[  247.448391][T15409] macsec1: entered allmulticast mode
[  247.450105][T15409] veth1_to_hsr: entered allmulticast mode
[  247.452844][T15409] veth1_to_hsr: left allmulticast mode
[  247.454632][T15409] veth1_to_hsr: left promiscuous mode
[  247.988250][T15431] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3625'.
[  248.058482][T15433] ref_ctr increment failed for inode: 0x3fe offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804bc80000
[  248.060451][   T40] audit: type=1804 audit(1755890395.452:185): pid=15433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3626" name="/newroot/179/file0" dev="tmpfs" ino=1022 res=1 errno=0
[  248.068964][T15432] uprobe: syz.5.3626:15432 failed to unregister, leaking uprobe
[  248.640230][T15447] tipc: Started in network mode
[  248.641908][T15447] tipc: Node identity 06adc9fcbc4, cluster identity 4711
[  248.644332][T15447] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  248.653771][T15446] tipc: Resetting bearer <eth:syzkaller0>
[  248.719675][T15446] tipc: Disabling bearer <eth:syzkaller0>
[  248.828713][   T40] audit: type=1804 audit(1755890396.222:186): pid=15460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.3639" name="/newroot/46/file0" dev="tmpfs" ino=286 res=1 errno=0
[  249.417884][T15475] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3645'.
[  249.781149][T15496] syz_tun: entered promiscuous mode
[  249.786604][T15496] debugfs: 'hsr1' already exists in 'hsr'
[  249.789131][T15496] Cannot create hsr debugfs directory
[  249.792312][T15496] hsr1: Slave A (syz_tun) is not up; please bring it up to get a fully working HSR network
[  249.795496][T15496] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network
[  249.807174][T15496] hsr1: entered allmulticast mode
[  249.809517][T15496] syz_tun: entered allmulticast mode
[  249.812674][T15496] batadv_slave_0: entered allmulticast mode
[  250.574572][T15517] bridge: RTM_NEWNEIGH with invalid ether address
[  250.619846][T15520] tipc: New replicast peer: 255.255.255.255
[  250.622016][T15520] tipc: Enabled bearer <udp:syz2>, priority 10
[  250.645813][T15525] veth0_vlan: entered allmulticast mode
[  250.648725][T15502] Set syz1 is full, maxelem 65536 reached
[  250.663505][T15522] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1
[  250.663693][   T40] audit: type=1804 audit(1755890398.052:187): pid=15522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3659" name="file0" dev="tmpfs" ino=5292 res=1 errno=0
[  250.666139][T15522] ref_ctr increment failed for inode: 0x14ac offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804d42ab00
[  250.677261][T15525] veth0_vlan: left promiscuous mode
[  250.679171][T15525] veth0_vlan: entered promiscuous mode
[  254.753702][   T40] audit: type=1804 audit(1755890402.142:188): pid=15562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3675" name="/newroot/202/bus/file0" dev="overlay" ino=1169 res=1 errno=0
[  256.588355][T15604] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3701'.
[  256.611128][T15604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3701'.
[  257.036162][   T40] audit: type=1804 audit(1755890404.422:189): pid=15612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3690" name="/newroot/207/file0" dev="tmpfs" ino=1197 res=1 errno=0
[  257.036367][T15612] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1
[  257.045957][T15612] ref_ctr increment failed for inode: 0x4ad offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff8880253feb80
[  257.124656][T15615] bridge: RTM_NEWNEIGH with invalid ether address
[  257.191825][T15622] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  257.195708][T15621] tipc: Resetting bearer <eth:syzkaller0>
[  257.235775][T15621] tipc: Disabling bearer <eth:syzkaller0>
[  258.220134][T15654] batman_adv: batadv0: Adding interface: dummy0
[  258.222273][T15654] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.230550][T15654] batman_adv: batadv0: Interface activated: dummy0
[  258.235362][T15654] batadv0: mtu less than device minimum
[  258.237452][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.241131][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.245325][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.249109][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.252551][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.256018][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.259560][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.262971][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.266438][T15654] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  258.287735][T15654] netlink: 'syz.2.3708': attribute type 10 has an invalid length.
[  258.295869][T15654] 8021q: adding VLAN 0 to HW filter on device batadv0
[  258.298954][T15654] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  259.055547][   T40] audit: type=1800 audit(1755890406.442:190): pid=15657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3709" name="/" dev="fuse" ino=1 res=0 errno=0
[  259.257911][T15684] netlink: 'syz.5.3722': attribute type 4 has an invalid length.
[  259.290823][T15684] netlink: 'syz.5.3722': attribute type 4 has an invalid length.
[  260.003612][T15694] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  260.339461][T15720] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3732'.
[  260.552526][T15723] syzkaller0: entered promiscuous mode
[  260.554442][T15723] syzkaller0: entered allmulticast mode
[  260.789973][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  260.792853][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  261.814535][   T40] audit: type=1800 audit(1755890409.202:191): pid=15734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.3737" name="/" dev="fuse" ino=1 res=0 errno=0
[  261.847372][T15756] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3743'.
[  263.191606][T16042] overlayfs: failed to clone upperpath
[  263.221201][   T40] audit: type=1326 audit(1755890410.612:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.1.3760" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe1579 code=0x0
[  263.438043][ T9353] net_ratelimit: 21 callbacks suppressed
[  263.438056][ T9353] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  263.947723][ T9353] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  264.457816][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  264.969475][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  265.035534][T16092] binder: 16091:16092 ioctl c0306201 80000080 returned -14
[  265.040888][T16092] binder: 16091:16092 ioctl c0306201 80000180 returned -11
[  265.174015][T16114] overlayfs: failed to clone upperpath
[  265.349318][T16125] õý
[  265.488716][ T9353] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  265.683098][T16147] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3795'.
[  265.688254][T16147] netlink: 173 bytes leftover after parsing attributes in process `syz.5.3795'.
[  265.692373][T16147] netlink: 277 bytes leftover after parsing attributes in process `syz.5.3795'.
[  265.695735][T16147] netlink: 277 bytes leftover after parsing attributes in process `syz.5.3795'.
[  265.784189][T16156] binder: 16155:16156 unknown command 0
[  265.786496][T16156] binder: 16155:16156 ioctl c0306201 80004a40 returned -22
[  266.007804][ T9353] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  266.518674][ T9353] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  266.678204][T16187] overlayfs: failed to clone upperpath
[  267.011564][T16203] netlink: 1347 bytes leftover after parsing attributes in process `syz.2.3814'.
[  267.030604][ T9322] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  267.539727][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  267.949550][T16225] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3822'.
[  268.049972][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  268.567847][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  268.767792][   T10] usb 13-1: new full-speed USB device number 2 using dummy_hcd
[  268.915215][T16259] overlayfs: failed to clone upperpath
[  268.939390][   T10] usb 13-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  268.945605][   T10] usb 13-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  268.945818][T16263] netlink: 'syz.2.3839': attribute type 1 has an invalid length.
[  268.952847][   T10] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.956357][   T10] usb 13-1: Product: syz
[  268.959826][   T10] usb 13-1: Manufacturer: syz
[  268.961785][   T10] usb 13-1: SerialNumber: syz
[  268.965514][T16263] 8021q: adding VLAN 0 to HW filter on device bond4
[  268.966391][   T10] usb 13-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  269.056228][T16269] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3838'.
[  269.059742][T16269] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3838'.
[  269.067065][T16269] vlan3: entered allmulticast mode
[  269.070429][T16269] hsr0: entered allmulticast mode
[  269.072787][T16269] hsr_slave_0: entered allmulticast mode
[  269.075429][T16269] hsr_slave_1: entered allmulticast mode
[  269.078120][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  269.373591][   T10] usb 13-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  269.382101][   T10] usb 13-1: USB disconnect, device number 2
[  269.520464][T16280] overlayfs: failed to clone upperpath
[  269.588111][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  269.737769][T16295] overlayfs: failed to clone upperpath
[  269.882953][T16300] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3852'.
[  270.097910][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  270.139057][T16303] Set syz1 is full, maxelem 65536 reached
[  270.538776][T16341] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3865'.
[  270.607978][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  270.818795][T16356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3871'.
[  270.882188][T16364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3873'.
[  271.128317][ T9322] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  271.418221][ T6042] usb 13-1: new high-speed USB device number 3 using dummy_hcd
[  271.577781][ T6042] usb 13-1: Using ep0 maxpacket: 16
[  271.581081][ T6042] usb 13-1: config 0 has no interfaces?
[  271.584700][ T6042] usb 13-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  271.588863][ T6042] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.592693][ T6042] usb 13-1: Product: syz
[  271.594871][ T6042] usb 13-1: Manufacturer: syz
[  271.596929][ T6042] usb 13-1: SerialNumber: syz
[  271.600590][ T6042] usb 13-1: config 0 descriptor??
[  271.638427][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  272.147847][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  272.321986][   T10] usb 13-1: USB disconnect, device number 3
[  272.336918][T16382] binder: 16381:16382 unknown command 0
[  272.339575][T16382] binder: 16381:16382 ioctl c0306201 80004a40 returned -22
[  272.343292][T16386] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3888'.
[  272.348350][T16386] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3888'.
[  272.401253][T16397] overlayfs: failed to clone upperpath
[  272.426723][   T40] audit: type=1326 audit(1755890419.812:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16398 comm="syz.1.3887" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x0
[  272.667740][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  272.948143][T16423] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3897'.
[  272.992081][T16425] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3898'.
[  272.995786][T16425] bridge_slave_1: left allmulticast mode
[  272.998226][T16425] bridge_slave_1: left promiscuous mode
[  273.000644][T16425] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.005223][T16425] bridge_slave_0: left allmulticast mode
[  273.007785][T16425] bridge_slave_0: left promiscuous mode
[  273.010334][T16425] bridge0: port 1(bridge_slave_0) entered disabled state
[  273.055323][T16430] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3898'.
[  273.058513][T16430] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3898'.
[  273.278298][   T54] usb 10-1: new full-speed USB device number 3 using dummy_hcd
[  273.440492][   T54] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  273.444523][   T54] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2
[  273.447327][   T54] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  273.450928][   T54] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.455793][   T54] usb 10-1: config 0 descriptor??
[  273.458870][   T54] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  273.461591][   T54] dvb-usb: bulk message failed: -22 (3/0)
[  273.464470][   T54] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  273.467660][   T54] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  273.470753][   T54] usb 10-1: media controller created
[  273.473645][   T54] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  273.482105][   T54] dvb-usb: bulk message failed: -22 (6/0)
[  273.484179][   T54] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  273.487502][   T54] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb10/10-1/input/input19
[  273.494857][   T54] dvb-usb: schedule remote query interval to 150 msecs.
[  273.501540][   T54] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  273.658009][   T54] dvb-usb: bulk message failed: -22 (1/0)
[  273.660246][   T54] dvb-usb: error while querying for an remote control event.
[  273.663218][T12821] usb 10-1: USB disconnect, device number 3
[  273.670706][T12821] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  273.697950][ T9353] net_ratelimit: 1 callbacks suppressed
[  273.697967][ T9353] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  274.219049][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  274.501224][T16466] overlayfs: failed to clone upperpath
[  274.529056][T16470] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3921'.
[  274.561213][T16473] block device autoloading is deprecated and will be removed.
[  274.615630][T16483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3913'.
[  274.652905][T16487] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3920'.
[  274.727794][ T9321] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  274.805703][T16500] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  274.820248][T16500] kvm: pic: non byte read
[  274.825849][T16500] kvm: pic: non byte read
[  274.830057][T16500] kvm: pic: non byte read
[  274.835890][T16500] kvm: pic: non byte read
[  274.840626][T16500] kvm: pic: single mode not supported
[  274.840641][T16500] kvm: pic: level sensitive irq not supported
[  274.843874][T16500] kvm: pic: non byte read
[  274.849806][T16500] kvm: pic: level sensitive irq not supported
[  274.850420][T16500] kvm: pic: non byte read
[  274.858582][T16500] kvm: pic: non byte read
[  274.862679][T16500] kvm: pic: single mode not supported
[  274.863192][T16500] kvm: pic: non byte read
[  274.870033][T16500] kvm: pic: non byte read
[  274.873215][T16500] kvm: pic: single mode not supported
[  274.873665][T16500] kvm: pic: non byte read
[  274.959654][   T54] libceph: connect (1)[c::]:6789 error -101
[  274.961902][   T54] libceph: mon0 (1)[c::]:6789 connect error
[  275.113733][T16510] ceph: No mds server is up or the cluster is laggy
[  275.237841][ T9322] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  275.428724][   T54] usb 13-1: new high-speed USB device number 4 using dummy_hcd
[  275.577812][   T54] usb 13-1: Using ep0 maxpacket: 8
[  275.589387][   T54] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  275.593428][   T54] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  275.598093][   T54] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  275.601330][   T54] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  275.605389][   T54] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  275.611220][   T54] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  275.615500][   T54] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.758417][ T9285] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  275.827062][   T54] usb 13-1: GET_CAPABILITIES returned 0
[  275.829968][   T54] usbtmc 13-1:16.0: can't read capabilities
[  276.028675][T12821] usb 13-1: USB disconnect, device number 4
[  276.147855][    C3] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17
[  276.267750][ T9322] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  276.778437][ T9285] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  276.979058][T16549] netlink: 'syz.1.3942': attribute type 12 has an invalid length.
[  276.982097][T16549] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.3942'.
[  277.298411][ T9322] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  277.366450][T16558] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3947'.
[  277.807946][ T9285] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  277.938023][T16585] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3956'.
[  278.827769][ T1175] net_ratelimit: 1 callbacks suppressed
[  278.827785][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  279.337915][ T9353] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  279.848090][ T1175] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  279.870330][T16621] Set syz1 is full, maxelem 65536 reached
[  279.983249][T16638] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3969'.
[  280.114887][T16646] batman_adv: batadv0: Interface deactivated: dummy0
[  280.118052][T16646] batman_adv: batadv0: Removing interface: dummy0
[  280.122684][T16646] bond0: (slave batadv0): Releasing backup interface
[  280.126584][T16646] bond0: (slave bond_slave_0): Releasing backup interface
[  280.130290][T16646] bond0: (slave bond_slave_1): Releasing backup interface
[  280.133781][T16646] batman_adv: batadv0: Removing interface: batadv_slave_0
[  280.137301][T16646] batman_adv: batadv0: Removing interface: batadv_slave_1
[  280.141617][T16646] bond1: (slave gretap1): Releasing active interface
[  280.145016][T16646] batman_adv: batadv0: Removing interface: ip6gretap1
[  280.148919][T16646] bond2: (slave veth11): Releasing active interface
[  280.190734][T16646] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check.
[  281.291100][T16677] bond0: (slave bond_slave_0): Releasing backup interface
[  281.296071][T16677] bond0: (slave bond_slave_1): Releasing backup interface
[  281.303130][T16677] team0: Port device team_slave_0 removed
[  281.308666][T16677] team0: Port device team_slave_1 removed
[  281.311755][T16677] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  281.314732][T16677] batman_adv: batadv0: Removing interface: batadv_slave_0
[  281.328002][T16677] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  281.331861][T16677] batman_adv: batadv0: Removing interface: batadv_slave_1
[  281.375879][T16677] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  283.361433][T16702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3994'.
[  283.371828][T16702] ------------[ cut here ]------------
[  283.373613][T16702] WARNING: CPU: 0 PID: 16702 at net/ipv4/route.c:1269 ip_rt_bug+0x2b/0x120
[  283.376362][T16702] Modules linked in:
[  283.378153][T16702] CPU: 0 UID: 0 PID: 16702 Comm: syz.2.3994 Not tainted syzkaller #0 PREEMPT(full) 
[  283.382614][T16702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  283.385948][T16702] RIP: 0010:ip_rt_bug+0x2b/0x120
[  283.387543][T16702] Code: 0f 1e fa 41 54 55 53 48 89 d3 48 83 ec 08 e8 0c 52 c6 f7 66 90 e8 05 52 c6 f7 ba 02 00 00 00 48 89 de 31 ff e8 f6 8d 70 ff 90 <0f> 0b 90 48 83 c4 08 31 c0 5b 5d 41 5c c3 cc cc cc cc e8 de 51 c6
[  283.393586][T16702] RSP: 0018:ffffc9000d64f3b8 EFLAGS: 00010287
[  283.395638][T16702] RAX: 0000000000000bf5 RBX: ffff8880131ba140 RCX: ffffc90004361000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  283.398441][T16702] RDX: 0000000000080000 RSI: ffffffff89f4bbea RDI: ffffffff8220827a
[  283.401871][T16702] RBP: ffff8880131ba140 R08: 0000000000000000 R09: 0000000000000000
[  283.404787][T16702] R10: ffffffff90ab7697 R11: 000000000000001e R12: ffff888050eb0000
[  283.407448][T16702] R13: ffff8880426d3600 R14: ffff88805ec39a00 R15: ffff8880131ba198
[  283.410196][T16702] FS:  0000000000000000(0000) GS:ffff8880974c4000(0063) knlGS:00000000f545eb40
[  283.413105][T16702] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  283.415283][T16702] CR2: 00000000f73bd9d8 CR3: 0000000062595000 CR4: 0000000000352ef0
[  283.417888][T16702] Call Trace:
[  283.419046][T16702]  <TASK>
[  283.420012][T16702]  ip_push_pending_frames+0x416/0x5d0
[  283.421921][T16702]  icmp_push_reply+0x308/0x440
[  283.424083][T16702]  __icmp_send+0xcdf/0x1960
[  283.426159][T16702]  ? __pfx___icmp_send+0x10/0x10
[  283.428118][T16702]  ? __ip_options_compile+0x873/0x1670
[  283.430019][T16702]  ? ip_route_input_noref+0x15d/0x2e0
[  283.431844][T16702]  ip_options_compile+0xb6/0x100
[  283.433905][T16702]  ? __pfx_ip_options_compile+0x10/0x10
[  283.435849][T16702]  ? tcp_v4_early_demux+0x484/0xbf0
[  283.437670][T16702]  ? tcp_v4_early_demux+0xc6/0xbf0
[  283.439601][T16702]  ip_rcv_finish_core+0x6e1/0x22a0
[  283.441630][T16702]  ip_rcv+0x1c0/0x600
[  283.443143][T16702]  ? __pfx_ip_rcv+0x10/0x10
[  283.444830][T16702]  __netif_receive_skb_one_core+0x197/0x1e0
[  283.447051][T16702]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  283.449568][T16702]  ? lock_acquire+0x2cd/0x350
[  283.451645][T16702]  ? read_tsc+0x9/0x20
[  283.453255][T16702]  __netif_receive_skb+0x1d/0x160
[  283.455011][T16702]  netif_receive_skb+0x137/0x7b0
[  283.456676][T16702]  ? __pfx_netif_receive_skb+0x10/0x10
[  283.458570][T16702]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  283.460566][T16702]  tun_rx_batched.isra.0+0x3ee/0x740
[  283.462626][T16702]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  283.465239][T16702]  ? lock_acquire+0x2cd/0x350
[  283.467314][T16702]  tun_get_user+0x28e4/0x3ce0
[  283.469386][T16702]  ? __pfx_tun_get_user+0x10/0x10
[  283.471334][T16702]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  283.473233][T16702]  ? tun_get+0x191/0x370
[  283.474844][T16702]  ? rcu_is_watching+0x12/0xc0
[  283.476825][T16702]  ? lock_release+0x201/0x2f0
[  283.478853][T16702]  tun_chr_write_iter+0xdc/0x210
[  283.480455][T16702]  vfs_write+0x7d0/0x11d0
[  283.482200][T16702]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  283.484632][T16702]  ? __pfx_vfs_write+0x10/0x10
[  283.486431][T16702]  ? lock_release+0x201/0x2f0
[  283.488093][T16702]  ksys_write+0x12a/0x250
[  283.489518][T16702]  ? __pfx_ksys_write+0x10/0x10
[  283.491166][T16702]  ? rcu_is_watching+0x12/0xc0
[  283.493052][T16702]  __do_fast_syscall_32+0x7c/0x3a0
[  283.494807][T16702]  do_fast_syscall_32+0x32/0x80
[  283.496436][T16702]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  283.498620][T16702] RIP: 0023:0xf706e579
[  283.500273][T16702] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  283.507684][T16702] RSP: 002b:00000000f545e520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  283.511090][T16702] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000400
[  283.514421][T16702] RDX: 0000000000000056 RSI: 00000000f73d4ff4 RDI: 0000000000000000
[  283.517806][T16702] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  283.521238][T16702] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  283.524453][T16702] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  283.527708][T16702]  </TASK>
[  283.529036][T16702] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  283.532271][T16702] CPU: 0 UID: 0 PID: 16702 Comm: syz.2.3994 Not tainted syzkaller #0 PREEMPT(full) 
[  283.536591][T16702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  283.541696][T16702] Call Trace:
[  283.543219][T16702]  <TASK>
[  283.544432][T16702]  dump_stack_lvl+0x3d/0x1f0
[  283.546342][T16702]  vpanic+0x6e8/0x7a0
[  283.548010][T16702]  ? __pfx_vpanic+0x10/0x10
[  283.549950][T16702]  ? ip_rt_bug+0x2b/0x120
[  283.551789][T16702]  panic+0xca/0xd0
[  283.553366][T16702]  ? __pfx_panic+0x10/0x10
[  283.555298][T16702]  check_panic_on_warn+0xab/0xb0
[  283.557374][T16702]  __warn+0xf6/0x3c0
[  283.559051][T16702]  ? ip_rt_bug+0x2b/0x120
[  283.560873][T16702]  report_bug+0x3c3/0x580
[  283.562751][T16702]  ? ip_rt_bug+0x2b/0x120
[  283.564647][T16702]  handle_bug+0x184/0x210
[  283.566532][T16702]  exc_invalid_op+0x17/0x50
[  283.568340][T16702]  asm_exc_invalid_op+0x1a/0x20
[  283.570186][T16702] RIP: 0010:ip_rt_bug+0x2b/0x120
[  283.572043][T16702] Code: 0f 1e fa 41 54 55 53 48 89 d3 48 83 ec 08 e8 0c 52 c6 f7 66 90 e8 05 52 c6 f7 ba 02 00 00 00 48 89 de 31 ff e8 f6 8d 70 ff 90 <0f> 0b 90 48 83 c4 08 31 c0 5b 5d 41 5c c3 cc cc cc cc e8 de 51 c6
[  283.578934][T16702] RSP: 0018:ffffc9000d64f3b8 EFLAGS: 00010287
[  283.580899][T16702] RAX: 0000000000000bf5 RBX: ffff8880131ba140 RCX: ffffc90004361000
[  283.583716][T16702] RDX: 0000000000080000 RSI: ffffffff89f4bbea RDI: ffffffff8220827a
[  283.586367][T16702] RBP: ffff8880131ba140 R08: 0000000000000000 R09: 0000000000000000
[  283.589282][T16702] R10: ffffffff90ab7697 R11: 000000000000001e R12: ffff888050eb0000
[  283.592355][T16702] R13: ffff8880426d3600 R14: ffff88805ec39a00 R15: ffff8880131ba198
[  283.595660][T16702]  ? ip_rt_bug+0x2a/0x120
[  283.597503][T16702]  ? kasan_quarantine_put+0x10a/0x240
[  283.599785][T16702]  ? ip_rt_bug+0x2a/0x120
[  283.601614][T16702]  ip_push_pending_frames+0x416/0x5d0
[  283.603802][T16702]  icmp_push_reply+0x308/0x440
[  283.605406][T16702]  __icmp_send+0xcdf/0x1960
[  283.607121][T16702]  ? __pfx___icmp_send+0x10/0x10
[  283.609206][T16702]  ? __ip_options_compile+0x873/0x1670
[  283.611425][T16702]  ? ip_route_input_noref+0x15d/0x2e0
[  283.613101][T16702]  ip_options_compile+0xb6/0x100
[  283.614721][T16702]  ? __pfx_ip_options_compile+0x10/0x10
[  283.616477][T16702]  ? tcp_v4_early_demux+0x484/0xbf0
[  283.618140][T16702]  ? tcp_v4_early_demux+0xc6/0xbf0
[  283.619756][T16702]  ip_rcv_finish_core+0x6e1/0x22a0
[  283.621434][T16702]  ip_rcv+0x1c0/0x600
[  283.622963][T16702]  ? __pfx_ip_rcv+0x10/0x10
[  283.624444][T16702]  __netif_receive_skb_one_core+0x197/0x1e0
[  283.626358][T16702]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  283.628398][T16702]  ? lock_acquire+0x2cd/0x350
[  283.630040][T16702]  ? read_tsc+0x9/0x20
[  283.631512][T16702]  __netif_receive_skb+0x1d/0x160
[  283.633655][T16702]  netif_receive_skb+0x137/0x7b0
[  283.635842][T16702]  ? __pfx_netif_receive_skb+0x10/0x10
[  283.637627][T16702]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  283.639651][T16702]  tun_rx_batched.isra.0+0x3ee/0x740
[  283.641459][T16702]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  283.643407][T16702]  ? lock_acquire+0x2cd/0x350
[  283.645001][T16702]  tun_get_user+0x28e4/0x3ce0
[  283.646559][T16702]  ? __pfx_tun_get_user+0x10/0x10
[  283.648211][T16702]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  283.650016][T16702]  ? tun_get+0x191/0x370
[  283.651724][T16702]  ? rcu_is_watching+0x12/0xc0
[  283.653906][T16702]  ? lock_release+0x201/0x2f0
[  283.655478][T16702]  tun_chr_write_iter+0xdc/0x210
[  283.657069][T16702]  vfs_write+0x7d0/0x11d0
[  283.658477][T16702]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  283.660233][T16702]  ? __pfx_vfs_write+0x10/0x10
[  283.661898][T16702]  ? lock_release+0x201/0x2f0
[  283.663562][T16702]  ksys_write+0x12a/0x250
[  283.664998][T16702]  ? __pfx_ksys_write+0x10/0x10
[  283.666578][T16702]  ? rcu_is_watching+0x12/0xc0
[  283.668151][T16702]  __do_fast_syscall_32+0x7c/0x3a0
[  283.669803][T16702]  do_fast_syscall_32+0x32/0x80
[  283.671455][T16702]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  283.674129][T16702] RIP: 0023:0xf706e579
[  283.675659][T16702] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  283.681904][T16702] RSP: 002b:00000000f545e520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  283.684937][T16702] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000400
[  283.687568][T16702] RDX: 0000000000000056 RSI: 00000000f73d4ff4 RDI: 0000000000000000
[  283.690192][T16702] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  283.693265][T16702] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  283.696541][T16702] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  283.699756][T16702]  </TASK>
[  283.701709][T16702] Kernel Offset: disabled
[  283.703106][T16702] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:27:10  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85616b45 RDI=ffffffff9b0f8680 RBP=ffffffff9b0f8640 RSP=ffffc9000d64ed20
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552030203a555043
R12=0000000000000000 R13=0000000000000049 R14=ffffffff9b0f8640 R15=ffffffff85616ae0
RIP=ffffffff85616b6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880974c4000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73bd9d8 CR3=0000000062595000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000336034 RBX=0000000000000001 RCX=ffffffff8b908bf9 RDX=ffffed1005666656
RSI=ffffffff8c162c80 RDI=ffffffff8190cca1 RBP=ffffed1003bd4488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001
R12=0000000000000001 R13=ffff88801dea2440 R14=ffffffff90ab7690 R15=0000000000000000
RIP=ffffffff8b90775f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975c4000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000008008f000 CR3=00000000685d5000 CR4=00352ef0
DR0=0000000000000000 DR1=00000000000056b1 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffffc9000361f978 RCX=ffffffff82174b86 RDX=ffff888026f52440
RSI=ffffffff8b8e9a54 RDI=ffffc9000361f978 RBP=ffffc9000361f978 RSP=ffffc9000361f7f8
R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffea000162aac0 R13=ffffc9000361f990 R14=ffffc9000361f978 R15=dffffc0000000000
RIP=ffffffff81bb0df0 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc763d4b300 ffffffff 00c00000
GS =0000 ffff8880976c4000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000559304b0d000 CR3=000000004b982000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003400000012 0004000000080024 0028000000300038
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000002400000000 0000000000000000 0000000000000017
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0b800316000001fa 0000000900000001 0000000a00000003 0000000000000fa4
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fe0036656c69662f 2e01ffffffffffff ffffef0801800300 0800000800000201
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c70800080140fe00 38656c69662f2e01 ffffffffffffffff ef08000300080000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080004800201c708 00080140fe003365 6c69662f2e01ffff ffffffffffffef08
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0480030008000b80 02040104bc003065 6c69662f2e01ffff ffffffffffffef08
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e01ffffffffffff ffffef0824800300 30656c69662f2e01 ffffffffffffffff
ZMM25=b9b077a7b9b077a7 b9b077a7b9b077a7 b9b077a7b9b077a7 b9b077a7b9b077a7 b9b077a7b9b077a7 b9b077a7b9b077a7 b9b077a7b9b077a7 b9b077a7b9b077a7
ZMM26=6d21939a6d21939a 6d21939a6d21939a 6d21939a6d21939a 6d21939a6d21939a 6d21939a6d21939a 6d21939a6d21939a 6d21939a6d21939a 6d21939a6d21939a
ZMM27=d4b25751d4b25751 d4b25751d4b25751 d4b25751d4b25751 d4b25751d4b25751 d4b25751d4b25751 d4b25751d4b25751 d4b25751d4b25751 d4b25751d4b25751
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=2819000028190000 2819000028190000 2819000028190000 2819000028190000 2819000028190000 2819000028190000 2819000028190000 2819000028190000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88806bed8df0 RCX=0000000000000004 RDX=0000000000000000
RSI=0000000000000008 RDI=ffff88806bed8df0 RBP=ffff88802391c880 RSP=ffffc9000d4ef608
R8 =0000000000000000 R9 =ffffed100d7db1be R10=ffff88806bed8df7 R11=0000000000000000
R12=1ffff92001a9dec4 R13=ffff88802391c880 R14=ffff88802391c880 R15=ffffc9000d4ef640
RIP=ffffffff82207390 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977c4000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000800dc018 CR3=000000006305a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000