last executing test programs:

17m36.805388303s ago: executing program 1 (id=225):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x5c, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xffff}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_HDR={0x6, 0x1, {{0x5, 0xe, 0x1}, {0x3, 0x40}}}]}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

17m35.939285482s ago: executing program 1 (id=230):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000240)={0x28, 0x3, r3, 0x0, &(0x7f0000000380)="f3", 0x1, 0xfffffffffffffc01})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x3, r1, 0x0, &(0x7f00000001c0)="cd", 0x1, 0x3})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000004c0)={0x48, 0x1, r3, 0x0, 0x9})

17m35.706239491s ago: executing program 1 (id=232):
r0 = gettid()
syz_clone(0x80804000, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000000)=<r1=>0x0)
timer_create(0x2, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000880)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_settime(r1, 0x0, &(0x7f0000000880)={{0x0, 0x989680}, {0x77359400}}, 0x0)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)

17m34.757827957s ago: executing program 1 (id=235):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000200)='./file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00')

17m33.713473877s ago: executing program 1 (id=237):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
io_setup(0x42, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000000)='a', 0x1}])
sendmmsg(r1, &(0x7f000000aa00)=[{{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000140)="a7901effa03a9ac62dade54ddfde25eb", 0x10}], 0x1}}], 0x1, 0x20008005)

17m32.590974408s ago: executing program 1 (id=242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000340)="b9070400000f329e9e360f0183660fd2eff30f10f1b961020000b80e080000ba00000000f30f10543400b98d020000ec327f7f99f3530000660f71e300c4e2f91d20", 0x42}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

17m31.575707112s ago: executing program 32 (id=242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000340)="b9070400000f329e9e360f0183660fd2eff30f10f1b961020000b80e080000ba00000000f30f10543400b98d020000ec327f7f99f3530000660f71e300c4e2f91d20", 0x42}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

16m1.600017495s ago: executing program 4 (id=826):
socket$packet(0x11, 0x3, 0x300)
r0 = syz_io_uring_setup(0x304, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

16m1.045923817s ago: executing program 4 (id=832):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x800}, 0x9e)
r0 = syz_io_uring_setup(0xd0, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x1, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0x97ff, 0x0, 0x0, 0x0)

16m0.771858151s ago: executing program 4 (id=835):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
pread64(r1, &(0x7f0000000140)=""/15, 0xf, 0x4)

15m59.516068609s ago: executing program 4 (id=839):
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xc0002009})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)

15m58.986980047s ago: executing program 4 (id=841):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000380)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000fc0)={0x17c04, 0xffffffffffffffff, 0x0, 0x100000001, 0x2})

15m58.135670512s ago: executing program 4 (id=849):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x120002)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1)
r1 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x40000000, 0x10100}, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

15m57.285698467s ago: executing program 33 (id=849):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x120002)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1)
r1 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x40000000, 0x10100}, &(0x7f0000000540)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000180)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

15m53.660035352s ago: executing program 5 (id=874):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_ima(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000080), &(0x7f0000000480)=ANY=[], 0xffdf, 0x1)
chdir(&(0x7f0000000480)='./bus\x00')
lsetxattr$trusted_overlay_redirect(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0), 0x0, 0x0, 0x3)

15m52.937703791s ago: executing program 5 (id=878):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c)

15m51.645074875s ago: executing program 5 (id=883):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x275a, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)={0x14, 0x0, 0x1, 0x0, 0x0, {0x2a}}, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0xf, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x24040014}, 0x20084084)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

15m51.100196234s ago: executing program 5 (id=885):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x10dc43, 0x0)

15m50.620625261s ago: executing program 5 (id=887):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x1d, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)

15m49.411923324s ago: executing program 5 (id=888):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x2003, 0xc, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x46, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

15m48.908043607s ago: executing program 34 (id=888):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x2003, 0xc, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x46, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

10m17.065491121s ago: executing program 3 (id=2530):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679a, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x2400c0c7, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

10m13.826731637s ago: executing program 3 (id=2539):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000001f80)=""/4102, 0x1006)

10m13.382363291s ago: executing program 3 (id=2540):
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x4, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000380)={r0, r0})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000003540)=ANY=[@ANYBLOB="b700000010000000bca30000000000002403000040feffff7b1af0ff0000000079a4f0ff000000001f030000000000002e030200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c88629a6c921c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71ca3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300000000000000000000000000000000062c7cf52e9624806a4833e1c0059e5a703ab9c2e9b38779270dc5e80af75d509b1a31fe6ed3f8c0172659256dc88de4e377c8a07e95ec5549ae47dc43b93a159a201be254048b9e0857ea3c736c761e686f9b3d0690f035617a12055b2cb3a03794d67b95e7f4fc6af323120c09d0503c8ce92e869e22bb2590299ad76d541f844d32f96184f74d433793bbd75ec15fb1497ce835445212421cb4e3ce08395c9055a2"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

10m10.661960849s ago: executing program 3 (id=2548):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000480), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f0000000280)='./file0\x00', 0x324)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
chroot(&(0x7f00000007c0)='./file0/../file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

10m10.305354269s ago: executing program 3 (id=2549):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000007800)=0xffffffff00000041, 0x8)
bind$vsock_stream(r0, &(0x7f0000000940), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
getsockopt$sock_buf(r1, 0x1, 0x1c, &(0x7f0000000140)=""/19, &(0x7f0000000200)=0x13)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r1, 0x28, 0x6, 0x0, 0x0)

10m9.415607553s ago: executing program 3 (id=2551):
r0 = io_uring_setup(0xfc6, &(0x7f00000002c0)={0x0, 0x6c02, 0x0, 0x0, 0x20000004})
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x2000000)
close_range(r0, 0xffffffffffffffff, 0x0)

10m8.671795933s ago: executing program 35 (id=2551):
r0 = io_uring_setup(0xfc6, &(0x7f00000002c0)={0x0, 0x6c02, 0x0, 0x0, 0x20000004})
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x2000000)
close_range(r0, 0xffffffffffffffff, 0x0)

2m49.227907367s ago: executing program 6 (id=3822):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
unshare(0x2040400)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socket$nl_route(0x10, 0x3, 0x0)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x118d, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0xc2}, &(0x7f0000000400)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
epoll_create1(0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00')
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r2, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r3, 0x47f5, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

2m43.792294136s ago: executing program 6 (id=3837):
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x0)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
write$binfmt_misc(r3, &(0x7f0000000300), 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
ftruncate(r4, 0x5)
sendfile(r3, r4, 0x0, 0x7ffff000)

2m42.089824944s ago: executing program 6 (id=3842):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0xdd86, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x0)

2m38.861198114s ago: executing program 6 (id=3847):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
syz_open_dev$amidi(0x0, 0x2, 0x80042)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
openat(0xffffffffffffff9c, 0x0, 0x2c040, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
write$UHID_INPUT(r2, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f450987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006)

2m35.847760141s ago: executing program 6 (id=3852):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000140)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x53b, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
read$FUSE(r4, &(0x7f00000026c0)={0x2020}, 0x2020)

2m34.33621698s ago: executing program 6 (id=3855):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
syz_clone(0x400c0000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r1, 0x0, 0x0}, 0x10)
setitimer(0x1, &(0x7f0000000080)={{}, {0x0, 0xea60}}, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000002600)=ANY=[@ANYBLOB="05000000000000001c110000000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a159110193dd2df1fa7c3205bfedbe9116eb423cdacfa7e32fe0231368b2264f94504c9f1f65515b2e1a38d522be18b000048b043ccc42646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae669e173a649c1cfd6587d47578f4c35235138d5521f9453559c35d9560ebe8efbc6f342a3e3173d466a0f06c54c3a4903ef31c4d4a01010000009f2f0517ccca0e1823a2971a50f713d4e21b9436f1ae0796f23526ec0fd97f734c783bcaecd4596f2e91af6565902716314c815bf697e6bd25eac36d4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b07789d99b1b0124f39dc092440010000000000000f7049db5cb19d7962fed44e00f39ed8c15a11fa798de504e2865cd81f2b77fdd76c67700000000000000db3947c8dc7b1b4c4554ffdca8b75d82706ba9cbeeffbc83fb05000000000000593d60abc9b3e67d127e9d5c4c560256f3d3759dcfeb820634fd4d419e0500000005b2d5a2008a600484511b6efaad206335a3ebf6b9e01446a6285f4665a7fe37da0049f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9698cf7270f420edc858176070bfff7909413f3fbd3ced3284db730b368ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be5cb0417d33d35faee6b2d905d30dfe64d05ac37ed015494d9d10e36e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000c604cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e00ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d173663570d884b0cb462e0b45853673df72dc813f7454ae62d79ac48034282f03040350f886e9644179dcf66d93907cedd49e0c5752f755849953957143a0380d1f62ae63b29fe177745448ccc92577007c12cf90da9200df6bb669d5a57dd74df817eaa92000000000001b08b3ac52db204399eae4a2f105d4544d9a3000000000000001ff2e8afd7913007fe44950233feb5303b2617668a0e45846436ad643fb999180644298458d40002a06f4853d99af16764b8e59e04d02835f803f66307fbeef5b7e97b6d0ef2c62215c259c7796a158d662b1adfae1d24e109e52378b3f1f8ee8965dedd208bc5b7a73d9501bf3f5a2ae19d7ddf8daf3691d1879e225395c0925ec1fe4ca8fd6fc11c8db3cd0d7206531366a5f6150d9d1a6eab622821378f2827fac5c7f82dad8f4ed4367c3a4f20304432f0a154147c7af7569ff2ed248dafc1aa13afe3d17c8f2f720e1a12c4cd230f3f29a390b44a3bf66b5c8fc4a026fe6ea8edf871da290c4d9457fccdc6a8f5944e47f742cfd7b0c5f5b00fc0921c6951541f2dda75be07cb0097e25e4a30000346c782264139540c5f260495abee91019e816aabc7c9b1e3862de6c6cf6d5cdead6a42b519619ff9c2f5600d95d34d50667901373f32a1fc0b7299aadbcc96958dff4a229c8a78864ea0ae3289a04249d2f790745374fea0687a32b8c9731226a085c71f6b35f8db44f30ed778ca2cd4ebb7929ff7845e9bdfba5caf2cae0fbc83999790441bc991f5c8acb6ba3deb94f52f7a74c33ab7106054a8eb839ab2ff7acbcc8f875acc552ba92df8f649598f9eba605729db380c130e"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

2m17.899441046s ago: executing program 36 (id=3855):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
syz_clone(0x400c0000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r1, 0x0, 0x0}, 0x10)
setitimer(0x1, &(0x7f0000000080)={{}, {0x0, 0xea60}}, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000002600)=ANY=[@ANYBLOB="05000000000000001c110000000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a159110193dd2df1fa7c3205bfedbe9116eb423cdacfa7e32fe0231368b2264f94504c9f1f65515b2e1a38d522be18b000048b043ccc42646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae669e173a649c1cfd6587d47578f4c35235138d5521f9453559c35d9560ebe8efbc6f342a3e3173d466a0f06c54c3a4903ef31c4d4a01010000009f2f0517ccca0e1823a2971a50f713d4e21b9436f1ae0796f23526ec0fd97f734c783bcaecd4596f2e91af6565902716314c815bf697e6bd25eac36d4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b07789d99b1b0124f39dc092440010000000000000f7049db5cb19d7962fed44e00f39ed8c15a11fa798de504e2865cd81f2b77fdd76c67700000000000000db3947c8dc7b1b4c4554ffdca8b75d82706ba9cbeeffbc83fb05000000000000593d60abc9b3e67d127e9d5c4c560256f3d3759dcfeb820634fd4d419e0500000005b2d5a2008a600484511b6efaad206335a3ebf6b9e01446a6285f4665a7fe37da0049f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9698cf7270f420edc858176070bfff7909413f3fbd3ced3284db730b368ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be5cb0417d33d35faee6b2d905d30dfe64d05ac37ed015494d9d10e36e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000c604cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e00ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d173663570d884b0cb462e0b45853673df72dc813f7454ae62d79ac48034282f03040350f886e9644179dcf66d93907cedd49e0c5752f755849953957143a0380d1f62ae63b29fe177745448ccc92577007c12cf90da9200df6bb669d5a57dd74df817eaa92000000000001b08b3ac52db204399eae4a2f105d4544d9a3000000000000001ff2e8afd7913007fe44950233feb5303b2617668a0e45846436ad643fb999180644298458d40002a06f4853d99af16764b8e59e04d02835f803f66307fbeef5b7e97b6d0ef2c62215c259c7796a158d662b1adfae1d24e109e52378b3f1f8ee8965dedd208bc5b7a73d9501bf3f5a2ae19d7ddf8daf3691d1879e225395c0925ec1fe4ca8fd6fc11c8db3cd0d7206531366a5f6150d9d1a6eab622821378f2827fac5c7f82dad8f4ed4367c3a4f20304432f0a154147c7af7569ff2ed248dafc1aa13afe3d17c8f2f720e1a12c4cd230f3f29a390b44a3bf66b5c8fc4a026fe6ea8edf871da290c4d9457fccdc6a8f5944e47f742cfd7b0c5f5b00fc0921c6951541f2dda75be07cb0097e25e4a30000346c782264139540c5f260495abee91019e816aabc7c9b1e3862de6c6cf6d5cdead6a42b519619ff9c2f5600d95d34d50667901373f32a1fc0b7299aadbcc96958dff4a229c8a78864ea0ae3289a04249d2f790745374fea0687a32b8c9731226a085c71f6b35f8db44f30ed778ca2cd4ebb7929ff7845e9bdfba5caf2cae0fbc83999790441bc991f5c8acb6ba3deb94f52f7a74c33ab7106054a8eb839ab2ff7acbcc8f875acc552ba92df8f649598f9eba605729db380c130e"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

56.000495408s ago: executing program 9 (id=4078):
unshare(0x20060400)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x4d, 0xffffffffffffffff, &(0x7f0000000000))

54.818644795s ago: executing program 9 (id=4082):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2$watch_queue(0x0, 0x80)
userfaultfd(0x801)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a2d00000000140000001100", @ANYBLOB='\t'], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073f97a310000000008000440080000000900010073797a30000000000800034000000004"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0xe6, 0x1000087}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)

48.112046652s ago: executing program 9 (id=4092):
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f00000004c0)={0xc})
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
io_uring_enter(0xffffffffffffffff, 0x666a, 0x90d5, 0x0, &(0x7f0000000480)={[0x7]}, 0x8)
r2 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc2c45513, 0x0)

40.89926077s ago: executing program 9 (id=4106):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x0, @local}, 0x2}}, 0x26)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r5, 0x1, 0x70bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_SESSION_ID={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x20)

39.474642282s ago: executing program 9 (id=4111):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x23, 0x80805, 0x0)
poll(&(0x7f0000000000)=[{r1, 0x9081}], 0x1, 0x2)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x1c, r2, 0x200, 0x70bd25, 0x5, {}, [@ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11dc606ae039eeda}, 0x8000)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r4, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@deltclass={0x24, 0x29, 0x800, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xd, 0xfff3}, {0xb, 0xfff1}, {0x6, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}}, 0x24}}, 0x4000)
link(0x0, &(0x7f0000000040)='./file0\x00')
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

37.107183495s ago: executing program 0 (id=4115):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r3, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r4, r3, 0x0, 0x578410eb)

35.974347467s ago: executing program 0 (id=4116):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000180)={0x7, 0x9, 0x1, 0x0, 0x6})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)

35.972168698s ago: executing program 9 (id=4118):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x11, 0x3, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_create1(0x80000)
syz_io_uring_setup(0x1a1d, &(0x7f0000000180)={0x0, 0x755e, 0x13080, 0x3, 0x2b5, 0x0, 0x0}, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
pselect6(0x40, &(0x7f0000000000)={0x6, 0x100000001, 0x3, 0xffffffff, 0x2627bc41, 0xba4, 0x3, 0xfffffffffffffff8}, 0x0, &(0x7f00000000c0)={0x7ff, 0x7, 0x0, 0x8, 0x1, 0x6, 0x1, 0x7f}, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x701801, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$tun(r0, 0x0, 0x92)

33.508877517s ago: executing program 2 (id=4121):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1e000035327ae308fac2dd0b920003000000e75f00000002000004", @ANYRES32, @ANYRES32, @ANYBLOB="0100000001000000010000000d"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000080)=@udp}, 0x20)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
syz_emit_ethernet(0x52, &(0x7f0000000500)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x1c, 0x6, 0x0, @private2, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@generic={0xde60faf2e37d4d61, 0x2}, @generic={0xfe, 0x6, "76c9df40"}]}}}}}}}}, 0x0)
accept4(r1, &(0x7f00000002c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, &(0x7f0000000540)=0x80, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

32.823836366s ago: executing program 0 (id=4123):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
close(0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x9da54000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$kcm(0x29, 0x5, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000240), 0x4)

31.707948668s ago: executing program 0 (id=4124):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$xdp(r4, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000009c0)="22613fdba0da05ae867cac56aab11ac819a18aa6c99d7fdee052ea631826c069d9fb7bfb1240a1b5f513daa7ab849014b47dea4039bc6b7006dc77e7d301078cd285f43e95002dab5758ce7e643c117ec7f7f7de04bd2940d7ee88f32c19d3fc098c6338fc038ff837a00b9dd4174284a1408ba88cb80fdb68c80e92dea7e1ab", 0x80}], 0x1, 0x0, 0x0, 0x2400c090}, 0x840)
recvmmsg(r4, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000280)=""/135, 0x87}], 0x1}, 0x10000}], 0x1, 0x28101, 0x0)

31.653245974s ago: executing program 2 (id=4125):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x41, 0x3, 0x288, 0x0, 0x0, 0x0, 0x120, 0x0, 0x1f0, 0x1f0, 0x1f0, 0x1f0, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0xf8, 0x120, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@quota={{0x38}}, @common=@inet=@multiport={{0x50}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@broadcast, @private, 0x0, 0x0, 'veth1_to_team\x00', 'sit0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2e8)

28.98564216s ago: executing program 0 (id=4127):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="09f1ffffffffffffff000100000008000600ac1414aa08000b004fe3"], 0x34}, 0x1, 0x0, 0x0, 0x4008080}, 0x0)

28.564120948s ago: executing program 2 (id=4129):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000ac0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = accept4(r0, 0x0, 0x0, 0x80000)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x40c0080}, 0x8015)
sendmsg$sock(r4, &(0x7f0000000a80)={0x0, 0x0, 0x0}, 0x84)

27.442439216s ago: executing program 2 (id=4130):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x14, r5, 0x28543634fae43ad, 0x70bd2b, 0x0, {0xd}}, 0x14}}, 0x0)

25.292399467s ago: executing program 0 (id=4132):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
write$snddsp(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r4, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x44, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x38, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x18, 0x3, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0xfff2}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x8001}]}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

24.877770533s ago: executing program 2 (id=4133):
openat$cuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
pipe2(&(0x7f0000000300), 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000600)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
sendto$inet6(r2, &(0x7f00000001c0), 0xffffffffffffff13, 0x0, 0x0, 0x3000137)

22.6562828s ago: executing program 2 (id=4137):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000001c0)=0x100, 0x4)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000440)=0x400, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000400)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0xfffffc, r3}, 0x10)

19.008051896s ago: executing program 37 (id=4118):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x11, 0x3, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_create1(0x80000)
syz_io_uring_setup(0x1a1d, &(0x7f0000000180)={0x0, 0x755e, 0x13080, 0x3, 0x2b5, 0x0, 0x0}, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
pselect6(0x40, &(0x7f0000000000)={0x6, 0x100000001, 0x3, 0xffffffff, 0x2627bc41, 0xba4, 0x3, 0xfffffffffffffff8}, 0x0, &(0x7f00000000c0)={0x7ff, 0x7, 0x0, 0x8, 0x1, 0x6, 0x1, 0x7f}, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x701801, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$tun(r0, 0x0, 0x92)

11.472531504s ago: executing program 8 (id=4150):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)
sendmmsg$unix(r3, &(0x7f0000000680), 0x4924924924925c6, 0x0)

8.877142536s ago: executing program 38 (id=4132):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
write$snddsp(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r4, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x44, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x38, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x34, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x18, 0x3, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0xfff2}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x8001}]}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

8.859631244s ago: executing program 7 (id=4155):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_ACT={0x38, 0x3, [@m_connmark={0x34, 0x1, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x6c}}, 0x24000000)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

8.361538267s ago: executing program 8 (id=4156):
syz_io_uring_setup(0xdaf, &(0x7f0000000180)={0x0, 0x2, 0x13291, 0x0, 0x3b3}, &(0x7f0000000100), &(0x7f0000000080))
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'wlan0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x10, 0xfff, 0x7, 0x4, 0x0, 0x0, 0x0, 0x7ff, 0x1ff}})

6.427192538s ago: executing program 39 (id=4137):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000001c0)=0x100, 0x4)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000440)=0x400, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000400)={'batadv_slave_1\x00', <r5=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10)
bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0xfffffc, r3}, 0x10)

3.569734107s ago: executing program 8 (id=4158):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600"], 0x44}, 0x1, 0x0, 0x0, 0x400c0c0}, 0xc000)
r3 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r3, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x1ff, 0x2}})
close_range(r1, 0xffffffffffffffff, 0x0)

3.341702326s ago: executing program 7 (id=4159):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000380)={{0xe, 0x2, 0x5, 0xfff9}, 'syz1\x00', 0x16})
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket(0x1e, 0x4, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="3062efcbb594334e5f347598c5607e94d351b184afbed9fce6f00571a5817321cf29d6287429b11283157a6386eee094afe6bea107ea0a1b89483133cdd35695f28c074fd2f4b87b9e7d3ca7109900df61c067617f63b52b5bb81d6390caf7ad1e3853e9d2892d740bae3c730d3608d666fbca0c775d68e7e1a4a7a69ea4d94041f3175cc48dc6b889663ebd59ef953264361936d95c922ecce0721c5b8054dfa01ecdd5d05aa65d6922fa33f0900088cd56f7a81dc230fef90d", 0xba, 0x10, &(0x7f0000000240)={0x2, 0x4e24, @local}, 0x10)
connect$tipc(r3, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r3, &(0x7f0000004400), 0x400000000000203, 0x0)

3.340838353s ago: executing program 8 (id=4160):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x5)
r1 = open(&(0x7f00000002c0)='./file1\x00', 0x113000, 0xb)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x0)
fanotify_mark(r5, 0x1, 0x5000003a, r4, 0x0)
mkdirat(r3, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
renameat2(r6, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r6, &(0x7f00000002c0)='./file0\x00', 0x2)
renameat2(r1, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000001c0)='./file1/../file0\x00', 0x2)

2.831908507s ago: executing program 7 (id=4161):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = semget$private(0x0, 0x0, 0x280)
semtimedop(r1, &(0x7f0000000080), 0x0, &(0x7f00000000c0)={0x0, 0x3938700})
r2 = fanotify_init(0xf00, 0x0)
fanotify_mark(r2, 0x115, 0x5000003a, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, 0x0)
ioctl$USBDEVFS_IOCTL(r3, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)

2.818592917s ago: executing program 8 (id=4162):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.54047139s ago: executing program 7 (id=4163):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
pipe(0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000800)='/proc/diskstats\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x49c, &(0x7f00000003c0)={0x0, 0x79ac, 0x400, 0x7ffc, 0x70, 0x0, r2}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000900)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0x7bffffff, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd=r2, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r3, 0xfd0, 0x4c1, 0x43, 0x0, 0x0)

2.391037425s ago: executing program 8 (id=4164):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
r4 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x199}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r3, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r4, 0x3516, 0x3e44, 0x8, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

1.818667944s ago: executing program 7 (id=4165):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r1 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

0s ago: executing program 7 (id=4166):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
ptrace$ARCH_SHSTK_DISABLE(0x1e, 0xffffffffffffffff, 0x1, 0x5002)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0100000000000000940000000000000066baf80cb83053c480ef66bafc0ced66baf80cb8122ca188ef66bafc0c66b855ec66ef0f01c3670f21948fa91002b300000000f0219c7467000000c74424000a000000c744240200000000c7442406000000000f011c240fc79d2c000000b99a020000b8d8000000ba000000000f3066baf80cb880319e81ef66bafc0c66b8be0066efc3000000000000000018000000000000008b76d106000000000100000000000000530000000000000067420f1c02660f3882950b00000080c90d0f01c20f200366baf80cb80a55298def66bafc0c66edf080619fa3430f06440f20c0350a000000440f22c066440fc77741c3000000000000000018000000000000002a0f000000000000000000000000000018000000000000000500000000000000010000000000000052000000000000003647dd90020000000f01d14a0fc76a1db805000000b9000000000f01c1673e410f01cfc4a17d29f6660f38388600380000c4e27d39fa460f01c9f746009bf400000000000000000000005c00000000000000360f204166bad00466edb8010000000f01c1c4011cc2e90766baf80cb8ea231e8eef66bafc0cb000eec481f97fbe68cf000067440f30c4416812ed26f0f790794a16c1400fc7b600800000c300000000000000001800000000000000f7ffffffffffffff00000000000000001800000000000000f60000000000000001000000000000005500000000000000c4627d0eb8b1000000430f9066606766460fd628460fbf76a96726660f3882916b8900002e0f01c96467450f9782fa000000400f01df430f005e0dc4814deb91b205baf9c301000000000000004201000000000000000f1b3766bad004b00deec461e5d4fa260f2080410f01343a0f01df260f062e0f0130c461e55f1d00000000c462fd3113c300000000000000001800"/696], 0x601})
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]})

kernel console output (not intermixed with test programs):

 batadv0: Removing interface: batadv_slave_1
[  469.901209][T11897] team0: Mode changed to "broadcast"
[  470.156835][T11905] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1962'.
[  470.635022][T11931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1971'.
[  470.655221][T11932] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  471.196191][T11936] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1974'.
[  471.904015][T11952] bridge_slave_0: left allmulticast mode
[  471.948024][T11952] bridge_slave_0: left promiscuous mode
[  471.959395][T11952] bridge0: port 1(bridge_slave_0) entered disabled state
[  471.989805][T11952] bridge_slave_1: left allmulticast mode
[  472.029161][T11952] bridge_slave_1: left promiscuous mode
[  472.035340][T11952] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.081061][T11952] bond0: (slave bond_slave_0): Releasing backup interface
[  472.096404][T11952] bond0: (slave bond_slave_1): Releasing backup interface
[  472.147063][T11952] team0: Port device team_slave_0 removed
[  472.187673][T11952] team0: Port device team_slave_1 removed
[  472.194984][T11952] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  472.208791][T11952] batman_adv: batadv0: Removing interface: batadv_slave_0
[  472.233382][T11952] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  472.250323][T11952] batman_adv: batadv0: Removing interface: batadv_slave_1
[  472.317181][T11954] team0: Mode changed to "broadcast"
[  472.612736][ T5972] IPVS: starting estimator thread 0...
[  472.709814][T11972] IPVS: using max 27 ests per chain, 64800 per kthread
[  472.827890][ T5854] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  473.010989][ T5854] usb 4-1: Using ep0 maxpacket: 8
[  473.059934][ T5854] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  473.073337][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.081930][ T5854] usb 4-1: Product: syz
[  473.105626][ T5854] usb 4-1: Manufacturer: syz
[  473.110691][ T5854] usb 4-1: SerialNumber: syz
[  473.135695][ T5854] usb 4-1: config 0 descriptor??
[  473.420263][ T5854] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  473.594173][ T5158] Bluetooth: hci5: command 0x1003 tx timeout
[  473.601782][ T5856] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  474.826362][  T977] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  475.001957][  T977] usb 7-1: config 0 has no interfaces?
[  475.012824][  T977] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  475.022621][  T977] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.122054][  T977] usb 7-1: Product: syz
[  475.140815][  T977] usb 7-1: Manufacturer: syz
[  475.145551][  T977] usb 7-1: SerialNumber: syz
[  475.211893][  T977] usb 7-1: config 0 descriptor??
[  475.444620][ T5854] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  475.512630][ T5854] dvbdev: DVB: registering new adapter (Terratec H7)
[  475.579397][T12007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.589185][T12007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.807807][ T5854] usb 4-1: media controller created
[  475.851382][ T5854] usb read operation failed. (-71)
[  475.935605][ T5854] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  475.969947][ T5854] usb 4-1: USB disconnect, device number 16
[  477.392156][ T5972] usb 7-1: USB disconnect, device number 11
[  480.998029][T12085] overlayfs: failed to clone upperpath
[  481.170118][T12091] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2029'.
[  481.207471][T12091] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2029'.
[  484.438089][T12143] pim6reg1: entered allmulticast mode
[  484.463772][T12146] overlayfs: failed to resolve './file1': -2
[  484.523088][T12143] pim6reg1: left allmulticast mode
[  486.435655][T12168] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2058'.
[  488.685610][T12190] overlayfs: failed to clone upperpath
[  489.503122][T12206] ref_ctr going negative. vaddr: 0x200000ffd000, curr val: -26339, delta: 1
[  489.530682][T12206] ref_ctr increment failed for inode: 0x8ac offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff888075e4a800
[  489.570941][T12210] overlayfs: failed to clone upperpath
[  490.617216][T12235] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2085'.
[  490.629410][T12235] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2085'.
[  492.661778][T12262] netlink: 156 bytes leftover after parsing attributes in process `syz.7.2096'.
[  497.426055][T12321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2115'.
[  497.443377][T12321] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode
[  497.857181][T12328] uprobe: syz.7.2116:12328 failed to unregister, leaking uprobe
[  499.800151][ T9699] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  500.056457][ T9699] usb 4-1: Using ep0 maxpacket: 32
[  500.072170][ T9699] usb 4-1: config 0 has an invalid interface number: 89 but max is 0
[  500.081212][ T9699] usb 4-1: config 0 has no interface number 0
[  500.102177][ T9699] usb 4-1: config 0 interface 89 has no altsetting 0
[  500.129122][ T9699] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  500.164923][ T9699] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.193269][ T9699] usb 4-1: Product: syz
[  500.209968][ T9699] usb 4-1: Manufacturer: syz
[  500.221830][ T9699] usb 4-1: SerialNumber: syz
[  500.254543][ T9699] usb 4-1: config 0 descriptor??
[  500.274067][ T9699] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  500.287527][ T9699] em28xx 4-1:0.89: Video interface 89 found: bulk
[  501.040920][ T9699] em28xx 4-1:0.89: unknown em28xx chip ID (0)
[  501.798474][ T9699] em28xx 4-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64)
[  501.882123][ T9699] em28xx 4-1:0.89: board has no eeprom
[  502.078076][ T9699] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67)
[  502.093966][ T9699] em28xx 4-1:0.89: analog set to bulk mode.
[  502.105159][ T5826] em28xx 4-1:0.89: Registering V4L2 extension
[  502.142187][ T9699] usb 4-1: USB disconnect, device number 17
[  502.188063][ T9699] em28xx 4-1:0.89: Disconnecting em28xx
[  502.409604][ T5826] em28xx 4-1:0.89: Config register raw data: 0xffffffed
[  502.452300][ T5826] em28xx 4-1:0.89: AC97 chip type couldn't be determined
[  502.476268][ T5826] em28xx 4-1:0.89: No AC97 audio processor
[  502.552440][ T5826] usb 4-1: Decoder not found
[  502.557603][ T5826] em28xx 4-1:0.89: failed to create media graph
[  502.566547][ T5826] em28xx 4-1:0.89: V4L2 device video103 deregistered
[  502.596479][ T5826] em28xx 4-1:0.89: Registering snapshot button...
[  502.634391][ T5826] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input15
[  502.705877][ T5826] em28xx 4-1:0.89: Remote control support is not available for this card.
[  502.748584][ T9699] em28xx 4-1:0.89: Closing input extension
[  502.781687][ T9699] em28xx 4-1:0.89: Deregistering snapshot button
[  503.003852][ T9699] em28xx 4-1:0.89: Freeing device
[  503.352052][T12408] overlayfs: failed to clone upperpath
[  504.647483][T12462] overlayfs: failed to clone upperpath
[  506.243039][T12477] syzkaller0: entered promiscuous mode
[  506.270483][T12477] syzkaller0: entered allmulticast mode
[  515.899703][   T30] audit: type=1326 audit(2000000041.597:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12577 comm="syz.6.2187" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba0318ebe9 code=0x0
[  518.430831][   T30] audit: type=1326 audit(2000000043.973:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12598 comm="syz.7.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  518.550964][   T30] audit: type=1326 audit(2000000044.010:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12598 comm="syz.7.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  518.665337][T12610] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2196'.
[  518.667960][   T30] audit: type=1326 audit(2000000044.066:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12598 comm="syz.7.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  518.745244][T12610] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2196'.
[  518.774455][   T30] audit: type=1326 audit(2000000044.066:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12598 comm="syz.7.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  518.818792][T12610] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2196'.
[  518.887524][T12617] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2196'.
[  518.923167][T12610] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2196'.
[  519.195473][   T30] audit: type=1326 audit(2000000044.693:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12598 comm="syz.7.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  519.272036][   T30] audit: type=1326 audit(2000000044.693:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12598 comm="syz.7.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  519.303934][   T30] audit: type=1326 audit(2000000044.693:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12598 comm="syz.7.2195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  519.374645][T12624] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2203'.
[  519.569259][T12627] 8021q: adding VLAN 0 to HW filter on device bond1
[  519.667901][T12630] bond1: (slave ip6gretap1): making interface the new active one
[  519.707069][T12630] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  519.935560][T12637] syz_tun: left promiscuous mode
[  520.546756][T12637] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.556356][T12637] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.566653][T12637] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.577652][T12637] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.635820][ T5854] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  520.843479][ T5854] usb 1-1: config 1 interface 0 has no altsetting 0
[  520.892582][ T5854] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  520.913603][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.921899][ T5854] usb 1-1: Product: syz
[  520.950206][ T5854] usb 1-1: Manufacturer: syz
[  520.955124][ T5854] usb 1-1: SerialNumber: syz
[  521.805900][ T5854] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  521.884408][T12683] batman_adv: batadv0: Adding interface: dummy0
[  521.929749][T12683] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  522.176722][T12683] batman_adv: batadv0: Interface activated: dummy0
[  522.406720][T12684] batadv0: mtu less than device minimum
[  522.438538][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.451725][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.464454][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.476848][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.490381][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.503738][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.516679][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.530013][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  522.542529][T12684] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  523.532108][ T5854] usb 1-1: USB disconnect, device number 14
[  523.592817][T12650] usblp0: removed
[  525.583935][T12726] input: syz1 as /devices/virtual/input/input16
[  525.830332][T12731] netlink: 'syz.6.2237': attribute type 3 has an invalid length.
[  525.841270][T12731] netlink: 'syz.6.2237': attribute type 3 has an invalid length.
[  530.370379][T12772] overlayfs: failed to clone upperpath
[  532.418470][T12800] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  533.604375][T12821] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2266'.
[  533.975718][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  534.031137][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  534.624973][   T30] audit: type=1804 audit(2000000059.089:648): pid=12829 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2269" name="file0" dev="tmpfs" ino=2680 res=1 errno=0
[  535.066937][T12837] overlayfs: failed to clone upperpath
[  535.132234][ T5826] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  535.313814][ T5826] usb 7-1: Using ep0 maxpacket: 32
[  535.327221][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  535.361851][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  535.394436][ T5826] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  535.422302][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.458224][ T5826] usb 7-1: config 0 descriptor??
[  535.488496][ T5826] hub 7-1:0.0: USB hub found
[  535.709946][ T5826] hub 7-1:0.0: config failed, can't read hub descriptor (err -22)
[  535.759140][ T5826] usbhid 7-1:0.0: can't add hid device: -71
[  535.760482][T12849] overlayfs: failed to clone upperpath
[  535.771638][ T5826] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  535.837961][ T5826] usb 7-1: USB disconnect, device number 12
[  535.989891][T12855] overlayfs: failed to clone upperpath
[  536.098381][   T30] audit: type=1326 audit(2000000060.501:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12854 comm="syz.2.2282" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f493678ebe9 code=0x0
[  537.820642][T12879] ref_ctr increment failed for inode: 0x9b4 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888028cf9e00
[  537.832702][   T30] audit: type=1804 audit(2000000062.110:650): pid=12879 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.2289" name="/newroot/445/file0" dev="tmpfs" ino=2484 res=1 errno=0
[  537.949396][T12874] uprobe: syz.0.2289:12874 failed to unregister, leaking uprobe
[  538.370413][T12887] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  539.672806][T12895] syz_tun: entered allmulticast mode
[  539.954307][T12895] syz_tun: left allmulticast mode
[  540.325038][T12903] netlink: 'syz.3.2300': attribute type 12 has an invalid length.
[  540.563067][ T5854] usb 1-1: new low-speed USB device number 15 using dummy_hcd
[  540.747839][T12909] wg2: entered promiscuous mode
[  541.405245][T12909] wg2: entered allmulticast mode
[  541.413547][ T5854] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  541.425944][ T5854] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  541.469288][ T5854] usb 1-1: config 0 descriptor??
[  542.011804][   T30] audit: type=1326 audit(2000000066.029:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12914 comm="syz.7.2305" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f07b558ebe9 code=0x0
[  542.433169][T12927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2308'.
[  542.458560][T12927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2308'.
[  542.497119][T12927] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2308'.
[  542.514277][T12932] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  543.982479][T12947] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2317'.
[  544.020272][ T5854] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  544.039702][ T5854] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[  544.110327][ T5854] asix 1-1:0.0: probe with driver asix failed with error -71
[  544.154593][ T5854] usb 1-1: USB disconnect, device number 15
[  544.219177][T12948] kvm: kvm [12945]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x3
[  544.279155][T12948] kvm: kvm [12945]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x186) = 0x3
[  544.337134][T12948] kvm: kvm [12945]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x187) = 0x3
[  544.447026][T12948] kvm_intel: kvm [12945]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x1d9) = 0x3
[  545.484148][T12973] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2326'.
[  545.680187][T12977] overlayfs: statfs failed on './file0'
[  546.655127][T12991] loop2: detected capacity change from 0 to 524287999
[  548.552774][   T30] audit: type=1800 audit(2000000072.119:652): pid=13027 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2345" name="/" dev="fuse" ino=1 res=0 errno=0
[  549.466304][T13037] overlayfs: upper fs does not support tmpfile.
[  554.947143][T13090] ref_ctr_offset mismatch. inode: 0x77c offset: 0x0 ref_ctr_offset(old): 0x200000000000 ref_ctr_offset(new): 0x0
[  555.179264][T13096] overlayfs: failed to clone upperpath
[  557.432735][ T1209] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  557.702649][ T1209] usb 7-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  557.780043][ T1209] usb 7-1: config 0 interface 0 has no altsetting 0
[  557.837838][ T1209] usb 7-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  557.861062][ T1209] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.931245][ T1209] usb 7-1: config 0 descriptor??
[  558.484269][ T1209] logitech 0003:046D:C29C.0013: hidraw0: USB HID v1.01 Device [HID 046d:c29c] on usb-dummy_hcd.6-1/input0
[  558.901243][ T1209] logitech 0003:046D:C29C.0013: no inputs found
[  558.950177][ T1209] usb 7-1: USB disconnect, device number 13
[  559.102465][T13142] overlayfs: failed to clone upperpath
[  559.145291][T13140] fido_id[13140]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  563.073475][T13181] sctp: [Deprecated]: syz.2.2393 (pid 13181) Use of int in max_burst socket option deprecated.
[  563.073475][T13181] Use struct sctp_assoc_value instead
[  563.838012][T13186] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2396'.
[  564.103728][ T5826] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  564.311225][ T5826] usb 1-1: Using ep0 maxpacket: 16
[  564.323333][ T5826] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  564.341574][ T5826] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  564.359063][ T5826] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  564.377018][ T5826] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.401993][ T5826] usb 1-1: Product: syz
[  564.416645][ T5826] usb 1-1: Manufacturer: syz
[  564.431477][ T5826] usb 1-1: SerialNumber: syz
[  564.455351][ T5826] usb 1-1: config 0 descriptor??
[  564.482004][ T5826] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  564.504606][ T5826] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  565.145085][ T5826] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  565.218642][ T5826] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  566.304224][ T5826] em28xx 1-1:0.0: Unknown AC97 audio processor detected!
[  566.314726][ T5826] em28xx 1-1:0.0: couldn't setup AC97 register 2
[  566.326982][ T5826] em28xx 1-1:0.0: couldn't setup AC97 register 4
[  566.338861][ T5826] em28xx 1-1:0.0: couldn't setup AC97 register 6
[  566.352803][ T5826] em28xx 1-1:0.0: couldn't setup AC97 register 54
[  566.361862][ T5826] em28xx 1-1:0.0: couldn't setup AC97 register 56
[  566.409307][ T5826] usb 1-1: USB disconnect, device number 16
[  566.597845][T13233] overlayfs: failed to clone upperpath
[  566.909753][T13242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2414'.
[  568.476724][T13257] netlink: 'syz.3.2418': attribute type 10 has an invalid length.
[  568.636899][T13262] netlink: 'syz.3.2418': attribute type 10 has an invalid length.
[  568.847775][    T9] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0
[  568.857215][T13257] 8021q: adding VLAN 0 to HW filter on device team0
[  568.910601][T13257] bond0: (slave team0): Enslaving as an active interface with an up link
[  569.005488][    T9] hid-generic 0000:0000:0000.0014: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  569.185140][T13262] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  569.436397][T13264] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  569.516957][T13264] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  570.620772][ T5826] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  570.860174][ T5826] usb 7-1: Using ep0 maxpacket: 16
[  570.879186][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  570.895907][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  571.019928][ T5826] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  571.435170][ T5826] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  571.491348][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.696631][ T5826] usb 7-1: config 0 descriptor??
[  572.195673][ T5826] input: HID 0955:7214 Haptics as /devices/virtual/input/input17
[  572.420360][T13296] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2431'.
[  572.451487][ T5826] shield 0003:0955:7214.0015: Registered Thunderstrike controller
[  572.467337][ T5826] shield 0003:0955:7214.0015: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0
[  572.500791][T13299] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2431'.
[  572.575714][ T1209] shield 0003:0955:7214.0015: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  572.601338][ T5826] usb 7-1: USB disconnect, device number 14
[  572.618814][ T1209] shield 0003:0955:7214.0015: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  572.697994][ T1209] shield 0003:0955:7214.0015: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  572.749662][ T1209] shield 0003:0955:7214.0015: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  573.860382][T13322] overlayfs: failed to clone upperpath
[  575.880872][T13358] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2453'.
[  582.446036][T13433] overlayfs: failed to clone upperpath
[  583.144249][T13450] overlayfs: failed to resolve './file0': -2
[  583.201211][   T30] audit: type=1326 audit(2000000104.559:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13444 comm="syz.6.2481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba0318ebe9 code=0x0
[  586.585930][   T30] audit: type=1326 audit(2000000107.720:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13491 comm="syz.7.2495" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x0
[  587.471954][T13502] fanotify_encode_fh: 1051 callbacks suppressed
[  587.471984][T13502] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  588.033377][ T5854] libceph: connect (1)[c::]:6789 error -101
[  588.061534][ T5854] libceph: mon0 (1)[c::]:6789 connect error
[  588.077573][T13509] ceph: No mds server is up or the cluster is laggy
[  589.180543][   T30] audit: type=1326 audit(2000000110.152:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13532 comm="syz.7.2511" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x0
[  589.269682][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  589.481355][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  589.508517][    T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  589.596638][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.640817][T13545] netlink: 'syz.3.2516': attribute type 1 has an invalid length.
[  589.727957][    T9] usb 1-1: config 0 descriptor??
[  590.027610][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  590.040946][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  590.103454][T13545] 8021q: adding VLAN 0 to HW filter on device bond1
[  590.103956][    T9] usb 1-1: USB disconnect, device number 17
[  590.252353][T13547] bond1: (slave geneve2): making interface the new active one
[  590.328712][T13547] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  590.623797][    T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  590.643511][T13551] binder: 13550:13551 unknown command 0
[  590.652763][T13551] binder: 13550:13551 ioctl c0306201 2000000003c0 returned -22
[  590.834494][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  590.889671][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  590.931031][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  590.971461][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.011566][    T9] usb 1-1: config 0 descriptor??
[  592.079125][    T9] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  592.448239][T13572] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2525'.
[  593.143028][T13584] binder: 13583:13584 ioctl c0306201 200000000080 returned -14
[  593.532186][ T5854] usb 1-1: USB disconnect, device number 18
[  594.425510][T13601] netlink: 'syz.7.2533': attribute type 1 has an invalid length.
[  594.724487][T13601] 8021q: adding VLAN 0 to HW filter on device bond1
[  594.881491][T13602] bond1: (slave gretap1): making interface the new active one
[  594.976479][T13602] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  596.873317][T13604] bond1 (unregistering): (slave gretap1): Releasing active interface
[  596.920971][T13604] bond1 (unregistering): Released all slaves
[  599.655632][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  599.662555][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  600.744746][T13653] netlink: 'syz.2.2550': attribute type 4 has an invalid length.
[  600.796895][ T8795] bond0: (slave syz_tun): Releasing backup interface
[  600.800574][T13654] netlink: 'syz.2.2550': attribute type 4 has an invalid length.
[  603.042694][ T5854] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  603.343256][T13680] overlayfs: failed to clone upperpath
[  603.362794][ T5158] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  603.377587][ T5158] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  603.392650][ T5854] usb 1-1: Using ep0 maxpacket: 8
[  603.402599][ T5854] usb 1-1: unable to get BOS descriptor or descriptor too short
[  603.410729][ T5158] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  603.430915][ T5854] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  603.441775][ T5158] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  603.452330][ T5158] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  603.468760][ T5854] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  603.469274][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  603.479992][ T5854] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  603.498141][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  603.509536][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  603.526185][ T5854] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  603.541996][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.550710][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  603.558313][ T5854] usb 1-1: Product: syz
[  603.562828][ T5854] usb 1-1: Manufacturer: syz
[  603.567663][ T5854] usb 1-1: SerialNumber: syz
[  603.576582][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  603.860791][ T5854] usb 1-1: 0:2 : does not exist
[  603.926395][ T5854] usb 1-1: USB disconnect, device number 19
[  604.016572][T13685] udevd[13685]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  604.411209][T13679] chnl_net:caif_netlink_parms(): no params data found
[  605.850608][ T5856] Bluetooth: hci4: command tx timeout
[  606.150421][T13679] bridge0: port 1(bridge_slave_0) entered blocking state
[  606.219232][T13679] bridge0: port 1(bridge_slave_0) entered disabled state
[  606.237515][T13679] bridge_slave_0: entered allmulticast mode
[  606.264592][T13679] bridge_slave_0: entered promiscuous mode
[  606.283605][T13679] bridge0: port 2(bridge_slave_1) entered blocking state
[  606.962483][T13679] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.295631][T13679] bridge_slave_1: entered allmulticast mode
[  607.326072][T13679] bridge_slave_1: entered promiscuous mode
[  607.659047][T13679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  607.761345][T13679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  608.035025][ T5856] Bluetooth: hci4: command tx timeout
[  608.072447][T13679] team0: Port device team_slave_0 added
[  608.167779][T13679] team0: Port device team_slave_1 added
[  608.253134][T13679] batman_adv: batadv0: Adding interface: batadv_slave_0
[  608.273432][T13679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  608.304791][T13679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  608.518207][T13679] batman_adv: batadv0: Adding interface: batadv_slave_1
[  608.542811][T13679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  608.601209][T13679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  609.572226][T13679] hsr_slave_0: entered promiscuous mode
[  609.597622][T13679] hsr_slave_1: entered promiscuous mode
[  609.618137][T13679] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  609.645628][T13679] Cannot create hsr debugfs directory
[  610.340700][ T5856] Bluetooth: hci4: command tx timeout
[  611.372123][T13679] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  611.385803][T13679] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  611.400415][T13679] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  611.441966][T13679] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  611.834599][T13679] 8021q: adding VLAN 0 to HW filter on device bond0
[  611.933126][T13679] 8021q: adding VLAN 0 to HW filter on device team0
[  612.011195][ T6109] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.018455][ T6109] bridge0: port 1(bridge_slave_0) entered forwarding state
[  612.043567][ T6109] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.051273][ T6109] bridge0: port 2(bridge_slave_1) entered forwarding state
[  612.576112][ T5856] Bluetooth: hci4: command tx timeout
[  614.091313][T13679] 8021q: adding VLAN 0 to HW filter on device batadv0
[  616.977297][ T6119] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  617.238345][ T6119] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  617.462232][T13844] binder: BINDER_SET_CONTEXT_MGR already set
[  617.508129][T13844] binder: 13843:13844 ioctl 4018620d 200000004a80 returned -16
[  617.939831][T13853] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2611'.
[  618.081595][T13859] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2611'.
[  618.106264][ T6119] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  618.135781][ T6119] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.425169][ T6119] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  618.456689][ T6119] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.525203][T13679] veth0_vlan: entered promiscuous mode
[  618.997109][ T6119] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  619.008751][ T6119] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.309568][T13679] veth1_vlan: entered promiscuous mode
[  620.552008][T13679] veth0_macvtap: entered promiscuous mode
[  620.648897][T13679] veth1_macvtap: entered promiscuous mode
[  621.236553][T13679] batman_adv: batadv0: Interface activated: batadv_slave_0
[  622.512395][T13895] 9pnet: Found fid 0 not clunked
[  622.667516][T13897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2624'.
[  623.262874][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057ee1c00: rx timeout, send abort
[  623.797672][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057ee0000: rx timeout, send abort
[  623.807027][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057ee1c00: abort rx timeout. Force session deactivation
[  624.239541][ T6119] bond1 (unregistering): (slave geneve2): Releasing active interface
[  624.341476][    C1] vcan0: j1939_tp_rxtimer: 0xffff888057ee0000: abort rx timeout. Force session deactivation
[  627.510474][ T6119] bond0 (unregistering): (slave team0): Releasing backup interface
[  627.723179][ T6119] bond0 (unregistering): Released all slaves
[  628.666691][ T6119] bond1 (unregistering): Released all slaves
[  628.839662][    T9] infiniband syz1: ib_query_port failed (-19)
[  628.883558][T13679] batman_adv: batadv0: Interface activated: batadv_slave_1
[  628.944315][T13679] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  629.006635][T13679] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  629.039368][T13679] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  629.081217][T13679] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  629.990232][ T6109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  630.167054][ T6109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  630.757657][T11643] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  630.767808][T11643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  630.910093][ T6119] hsr_slave_0: left promiscuous mode
[  630.935839][ T6119] hsr_slave_1: left promiscuous mode
[  631.031897][ T6119] veth1_macvtap: left promiscuous mode
[  631.048410][ T6119] veth0_macvtap: left promiscuous mode
[  631.070087][ T6119] veth1_vlan: left promiscuous mode
[  631.075837][ T6119] veth0_vlan: left promiscuous mode
[  634.469365][T14011] netlink: 'syz.2.2662': attribute type 1 has an invalid length.
[  634.510959][T14012] xt_bpf: check failed: parse error
[  634.666335][T14014] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2662'.
[  634.986245][T14017] netlink: 'syz.6.2663': attribute type 1 has an invalid length.
[  635.043845][T14017] netlink: 16150 bytes leftover after parsing attributes in process `syz.6.2663'.
[  635.960439][T14019] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  636.795702][T14013] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[  636.801828][T14014] bond4: entered promiscuous mode
[  636.817708][T14014] bond4: entered allmulticast mode
[  636.824170][T14014] 8021q: adding VLAN 0 to HW filter on device bond4
[  637.551829][T14039] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2668'.
[  638.917900][T14060] netlink: 'syz.7.2677': attribute type 1 has an invalid length.
[  638.958763][T14060] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2677'.
[  638.971160][T14060] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2677'.
[  639.080140][T14060] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  639.191741][T14060] gretap2: entered promiscuous mode
[  639.540871][T14070] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2680'.
[  640.669763][ T5972] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  640.854362][ T5972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  640.868405][ T5972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  640.958671][ T5972] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  641.032707][ T5972] usb 1-1: New USB device found, idVendor=05ac, idProduct=029f, bcdDevice= 0.00
[  641.068232][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.208334][ T5972] usb 1-1: config 0 descriptor??
[  641.683536][ T5972] apple 0003:05AC:029F.0017: unknown main item tag 0x0
[  641.710903][ T5972] apple 0003:05AC:029F.0017: unknown main item tag 0x0
[  641.787413][ T5972] apple 0003:05AC:029F.0017: unknown main item tag 0x0
[  642.458892][T14098] 9pnet_fd: Insufficient options for proto=fd
[  642.458929][ T5972] apple 0003:05AC:029F.0017: unknown main item tag 0x0
[  642.542537][ T5972] apple 0003:05AC:029F.0017: hidraw0: USB HID v0.00 Device [HID 05ac:029f] on usb-dummy_hcd.0-1/input0
[  642.602862][ T5972] usb 1-1: USB disconnect, device number 20
[  642.942683][T14101] fido_id[14101]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  643.009252][T14106] overlayfs: failed to clone upperpath
[  645.494822][T14135] overlayfs: failed to clone upperpath
[  645.841577][   T30] audit: type=1804 audit(2000000163.152:656): pid=14137 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2703" name="file0" dev="tmpfs" ino=3348 res=1 errno=0
[  646.906577][T14163] bridge: RTM_NEWNEIGH with invalid ether address
[  649.121413][T14177] overlayfs: failed to clone upperpath
[  649.705721][T14193] netlink: 92 bytes leftover after parsing attributes in process `syz.6.2723'.
[  649.719021][T14193] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2723'.
[  649.725233][T14188] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  649.737854][T14193] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2723'.
[  650.329679][T14196] overlayfs: failed to clone upperpath
[  650.601334][   T30] audit: type=1326 audit(2000000167.604:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14185 comm="syz.8.2721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbd478ebe9 code=0x7fc00000
[  653.444484][T14232] fuse: Bad value for 'fd'
[  654.191311][T14244] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  655.200494][ T5854] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  655.666273][ T5854] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.687659][ T5854] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  655.712670][ T5854] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  655.831859][ T5854] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  655.853809][ T5854] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.892807][ T5854] usb 9-1: config 0 descriptor??
[  655.920313][ T5854] hub 9-1:0.0: USB hub found
[  656.195256][ T5854] hub 9-1:0.0: 14 ports detected
[  656.202579][ T5854] hub 9-1:0.0: insufficient power available to use all downstream ports
[  656.637195][ T5854] usb 9-1: USB disconnect, device number 2
[  662.237802][T14330] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  662.649143][T14342] netlink: 5128 bytes leftover after parsing attributes in process `syz.0.2776'.
[  662.731421][T14342] netlink: 5128 bytes leftover after parsing attributes in process `syz.0.2776'.
[  662.875248][T14342] netlink: 584 bytes leftover after parsing attributes in process `syz.0.2776'.
[  662.973309][ T5979] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  663.197939][ T5979] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  663.238421][ T5979] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  663.281451][ T5979] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  663.320696][ T5979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  663.333909][ T5979] usb 1-1: SerialNumber: syz
[  663.587620][ T5979] usb 1-1: 0:2 : does not exist
[  663.629306][ T5979] usb 1-1: unit 255 not found!
[  663.650396][ T5979] usb 1-1: 5:0: cannot get min/max values for control 1 (id 5)
[  663.666818][ T5979] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5)
[  663.714228][ T5979] usb 1-1: USB disconnect, device number 21
[  664.198066][T13685] udevd[13685]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  665.340238][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  665.348620][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  676.753279][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888055eee400: rx timeout, send abort
[  677.296695][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888055eee400: abort rx timeout. Force session deactivation
[  680.138170][T14524] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2837'.
[  684.372010][T14569] xt_TPROXY: Can be used only with -p tcp or -p udp
[  688.029520][T14594] Driver unsupported XDP return value 0 on prog  (id 490) dev N/A, expect packet loss!
[  689.673210][T14616] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  697.135383][T14679] fuse: Unknown parameter '00000000000000000000'
[  697.703411][T14689] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2892'.
[  698.210931][T14697] netlink: 96 bytes leftover after parsing attributes in process `syz.7.2894'.
[  698.396610][T14701] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2895'.
[  698.874071][ T5979] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  699.078116][ T5979] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  699.147959][ T5979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.053363][ T5979] usb 7-1: config 0 descriptor??
[  700.071216][ T5979] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  700.559663][    T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  700.810102][    T9] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  700.847932][    T9] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  700.892743][    T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  700.950594][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.012941][T14718] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  701.036339][    T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  701.515913][    T9] usb 1-1: USB disconnect, device number 22
[  701.910736][ T5979] gspca_stv06xx: I2C: Read error writing address: -71
[  701.923587][ T5979] usb 7-1: USB disconnect, device number 15
[  705.838333][T14757] net_ratelimit: 10 callbacks suppressed
[  705.838357][T14757] netlink: zone id is out of range
[  706.127000][T14757] netlink: zone id is out of range
[  706.148670][T14757] netlink: zone id is out of range
[  706.164896][T14757] netlink: zone id is out of range
[  706.246375][T14764] affs: No valid root block on device nullb0
[  707.988147][T14758] netlink: del zone limit has 4 unknown bytes
[  708.007557][T14757] netlink: zone id is out of range
[  708.013563][T14757] netlink: zone id is out of range
[  708.019097][T14757] netlink: zone id is out of range
[  708.067556][T14757] netlink: zone id is out of range
[  708.105352][T14757] netlink: zone id is out of range
[  708.149988][T14766] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2919'.
[  708.207244][T14768] netlink: 'syz.7.2918': attribute type 4 has an invalid length.
[  708.676382][T14785] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2925'.
[  708.695191][T14788] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2924'.
[  708.723507][T14785] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  709.679332][T14797] overlayfs: failed to clone upperpath
[  711.955223][T14823] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.2933'.
[  711.965144][T14823] net_ratelimit: 5 callbacks suppressed
[  711.965163][T14823] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  712.049084][T14823] openvswitch: netlink: Message has 8454 unknown bytes.
[  715.705734][   T30] audit: type=1326 audit(2000000228.499:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  715.733451][   T30] audit: type=1326 audit(2000000228.527:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  715.761180][   T30] audit: type=1326 audit(2000000228.527:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  715.791754][   T30] audit: type=1326 audit(2000000228.527:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  715.820188][   T30] audit: type=1326 audit(2000000228.527:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  715.845131][   T30] audit: type=1326 audit(2000000228.527:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  716.139954][   T30] audit: type=1326 audit(2000000228.527:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  716.190155][   T30] audit: type=1326 audit(2000000228.527:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  716.292446][   T30] audit: type=1326 audit(2000000228.555:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  716.583859][   T30] audit: type=1326 audit(2000000228.892:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14832 comm="syz.7.2940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[  719.974553][ T5826] usb 1-1: new full-speed USB device number 23 using dummy_hcd
[  720.222995][ T5826] usb 1-1: config 0 has no interfaces?
[  720.228770][ T5826] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  720.271993][ T5826] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  720.305569][ T5826] usb 1-1: config 0 descriptor??
[  720.595300][    T9] usb 1-1: USB disconnect, device number 23
[  720.984653][T14901] bridge0: entered promiscuous mode
[  720.992281][T14901] vlan0: entered promiscuous mode
[  722.377314][T14912] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2968'.
[  722.643978][T14915] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2969'.
[  723.013783][T14915] 8021q: adding VLAN 0 to HW filter on device bond5
[  723.150649][T14917] 8021q: adding VLAN 0 to HW filter on device bond5
[  723.213905][T14917] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  723.236016][T14917] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  724.212183][T14918] macvlan2: entered promiscuous mode
[  724.218004][T14918] macvlan2: entered allmulticast mode
[  724.229702][T14918] bond5: (slave macvlan2): Error -98 calling set_mac_address
[  724.355044][T14936] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  724.452299][ T1209] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  724.525665][T14942] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  724.543587][T14942] overlayfs: missing 'lowerdir'
[  724.623227][ T1209] usb 9-1: Using ep0 maxpacket: 32
[  724.650952][ T1209] usb 9-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  724.663850][ T1209] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.674077][ T1209] usb 9-1: Product: syz
[  724.682717][ T1209] usb 9-1: Manufacturer: syz
[  724.688659][ T1209] usb 9-1: SerialNumber: syz
[  724.712735][ T1209] usb 9-1: config 0 descriptor??
[  724.730822][ T1209] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  724.750405][T14942] syz.6.2978: attempt to access beyond end of device
[  724.750405][T14942] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0
[  724.781268][T14942] syz.6.2978: attempt to access beyond end of device
[  724.781268][T14942] nbd6: rw=0, sector=120, nr_sectors = 8 limit=0
[  724.802312][T14942] Mount JFS Failure: -5
[  727.656087][ T1209] gspca_ov534_9: reg_r err -71
[  727.719432][T14961] overlayfs: failed to clone upperpath
[  727.885404][ T1209] gspca_ov534_9: Unknown sensor 0000
[  727.885542][ T1209] ov534_9 9-1:0.0: probe with driver ov534_9 failed with error -22
[  727.943443][ T1209] usb 9-1: USB disconnect, device number 3
[  728.734380][T14964] trusted_key: encrypted_key: insufficient parameters specified
[  729.104623][T14976] netlink: 'syz.8.2991': attribute type 4 has an invalid length.
[  729.202089][T14979] netlink: 'syz.8.2991': attribute type 4 has an invalid length.
[  729.423524][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  729.423552][   T30] audit: type=1800 audit(2000000241.305:676): pid=14978 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.2992" name="bus" dev="ramfs" ino=52675 res=0 errno=0
[  731.038190][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  731.047880][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  734.041086][T15036] overlayfs: failed to clone upperpath
[  735.035778][T15052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3014'.
[  738.596396][T15103] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3029'.
[  738.713683][T15076] Bluetooth: hci4: command 0x0406 tx timeout
[  741.969058][   T30] audit: type=1326 audit(2000000253.063:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbd478ebe9 code=0x7ffc0000
[  742.157145][   T30] audit: type=1326 audit(2000000253.063:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcbd472add9 code=0x7ffc0000
[  742.331351][   T30] audit: type=1326 audit(2000000253.063:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcbd472add9 code=0x7ffc0000
[  742.616028][   T30] audit: type=1326 audit(2000000253.072:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcbd472add9 code=0x7ffc0000
[  742.899726][   T30] audit: type=1326 audit(2000000253.072:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbd478ebe9 code=0x7ffc0000
[  742.980515][   T30] audit: type=1326 audit(2000000253.072:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcbd472add9 code=0x7ffc0000
[  743.087659][   T30] audit: type=1326 audit(2000000253.072:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcbd472add9 code=0x7ffc0000
[  743.252956][   T30] audit: type=1326 audit(2000000253.072:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcbd472add9 code=0x7ffc0000
[  743.389186][   T30] audit: type=1326 audit(2000000253.072:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcbd472add9 code=0x7ffc0000
[  743.525467][   T30] audit: type=1326 audit(2000000253.072:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15125 comm="syz.8.3036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbd478ebe9 code=0x7ffc0000
[  747.181816][T15179] lo: entered allmulticast mode
[  747.190690][T15179] tunl0: entered allmulticast mode
[  747.212697][T15179] gre0: entered allmulticast mode
[  747.229752][T15179] gretap0: entered allmulticast mode
[  747.240536][T15179] erspan0: entered allmulticast mode
[  747.294425][T15179] ip_vti0: entered allmulticast mode
[  747.330544][T15179] ip6_vti0: entered allmulticast mode
[  747.336568][T15179] sit0: entered allmulticast mode
[  747.357550][T15179] ip6tnl0: entered allmulticast mode
[  747.379647][T15179] ip6gre0: entered allmulticast mode
[  747.401523][T15179] ip6gretap0: entered allmulticast mode
[  747.429966][T15179] bridge0: entered allmulticast mode
[  747.435613][T15179] vcan0: entered allmulticast mode
[  747.547910][T15179] bond0: entered allmulticast mode
[  747.553264][T15179] bond_slave_0: entered allmulticast mode
[  747.571373][T15179] bond_slave_1: entered allmulticast mode
[  747.577396][T15179] bridge_slave_1: entered allmulticast mode
[  747.583774][T15179] dummy0: entered allmulticast mode
[  747.593396][T15179] nlmon0: entered allmulticast mode
[  747.606559][T15179] caif0: entered allmulticast mode
[  747.616532][T15179] batadv0: entered allmulticast mode
[  747.630034][ T5826] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  747.657241][T15179] vxcan0: entered allmulticast mode
[  747.699048][T15179] vxcan1: entered allmulticast mode
[  747.709783][T15179] veth0: entered allmulticast mode
[  747.721893][T15179] veth1: entered allmulticast mode
[  747.732135][T15179] wg1: entered allmulticast mode
[  747.738863][T15179] wg2: entered allmulticast mode
[  747.744373][T15179] veth0_to_bridge: entered allmulticast mode
[  747.755650][T15179] veth1_to_bridge: entered allmulticast mode
[  747.763679][T15179] veth0_to_bond: entered allmulticast mode
[  747.774379][T15179] veth1_to_bond: entered allmulticast mode
[  747.805596][T15179] veth0_to_team: entered allmulticast mode
[  747.823986][ T5826] usb 1-1: Using ep0 maxpacket: 16
[  747.827261][T15179] veth1_to_team: entered allmulticast mode
[  747.837938][ T5826] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  747.859303][T15179] veth1_to_batadv: entered allmulticast mode
[  747.874517][ T5826] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  747.875641][T15179] batadv_slave_1: entered allmulticast mode
[  747.892435][ T5826] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.919176][ T5826] usb 1-1: Product: syz
[  747.922464][T15179] xfrm0: entered allmulticast mode
[  747.941763][ T5826] usb 1-1: Manufacturer: syz
[  747.946861][T15179] veth0_to_hsr: entered allmulticast mode
[  747.958646][ T5826] usb 1-1: SerialNumber: syz
[  747.981341][T15179] hsr_slave_0: entered allmulticast mode
[  747.996978][ T5826] usb 1-1: config 0 descriptor??
[  748.024116][ T5826] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  748.031640][T15179] veth1_to_hsr: entered allmulticast mode
[  748.052242][ T5826] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  748.093389][T15179] hsr_slave_1: entered allmulticast mode
[  748.126705][T15179] hsr0: entered allmulticast mode
[  748.147860][T15179] veth1_virt_wifi: entered allmulticast mode
[  748.171658][T15179] veth0_virt_wifi: entered allmulticast mode
[  748.195732][T15179] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  748.226305][T15179] veth1_vlan: entered allmulticast mode
[  748.246261][T15179] veth0_vlan: entered allmulticast mode
[  748.267656][T15179] vlan0: entered allmulticast mode
[  748.311351][T15179] vlan1: entered allmulticast mode
[  748.341906][T15179] macvlan0: entered allmulticast mode
[  748.362122][T15179] macvlan1: entered allmulticast mode
[  748.377909][T15179] ipvlan0: entered allmulticast mode
[  748.403418][T15179] ipvlan1: entered allmulticast mode
[  748.426569][T15179] veth1_macvtap: entered allmulticast mode
[  748.446170][T15179] veth0_macvtap: entered allmulticast mode
[  748.457000][T15179] macvtap0: entered allmulticast mode
[  748.475753][T15179] macsec0: entered allmulticast mode
[  748.481886][T15179] geneve0: entered allmulticast mode
[  748.529183][T15179] geneve1: entered allmulticast mode
[  748.535005][T15179] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  748.577737][T15179] netdevsim netdevsim2 netdevsim1: entered allmulticast mode
[  748.602497][T15179] netdevsim netdevsim2 netdevsim2: entered allmulticast mode
[  748.617084][T15179] netdevsim netdevsim2 netdevsim3: entered allmulticast mode
[  748.652742][T15179] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  748.677198][T15179] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  748.678840][ T5826] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  748.684686][T15179] veth2: entered allmulticast mode
[  748.701336][T15179] veth3: entered allmulticast mode
[  748.707546][T15179] vlan2: left promiscuous mode
[  748.762557][T15179] bridge0: left promiscuous mode
[  748.769223][T15179] vlan2: entered allmulticast mode
[  748.779534][T15179] bond1: entered allmulticast mode
[  748.789205][T15179] bond2: entered allmulticast mode
[  748.797378][T15179] bond3: entered allmulticast mode
[  748.802854][T15179] vlan3: left promiscuous mode
[  748.810866][T15179] team0: left promiscuous mode
[  748.823278][T15179] team_slave_0: left promiscuous mode
[  748.836470][T15179] team_slave_1: left promiscuous mode
[  748.854131][T15179] veth4: entered allmulticast mode
[  748.871261][T15179] veth5: entered allmulticast mode
[  748.877360][T15179] veth6: entered allmulticast mode
[  748.894450][T15179] veth7: entered allmulticast mode
[  748.936623][T15179] bridge1: entered allmulticast mode
[  749.003479][T15179] bridge2: entered allmulticast mode
[  749.026760][T15179] gre1: entered allmulticast mode
[  749.034777][T15179] veth8: entered allmulticast mode
[  749.040244][T15179] veth9: entered allmulticast mode
[  749.052848][T15179] bond4: left promiscuous mode
[  749.069555][T15179] bond5: entered allmulticast mode
[  749.082664][T15199] overlayfs: upper fs does not support file handles, falling back to index=off.
[  749.167710][ T5826] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  749.192055][ T5826] em28xx 1-1:0.0: board has no eeprom
[  749.284598][T15206] overlayfs: failed to clone upperpath
[  750.324329][ T1209] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  750.409410][ T5826] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  750.569692][ T5826] em28xx 1-1:0.0: dvb set to bulk mode.
[  750.590987][ T9699] em28xx 1-1:0.0: Binding DVB extension
[  750.630180][ T5826] usb 1-1: USB disconnect, device number 24
[  750.654928][ T1209] usb 9-1: Using ep0 maxpacket: 16
[  750.687012][ T1209] usb 9-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  750.750562][ T5826] em28xx 1-1:0.0: Disconnecting em28xx
[  750.760321][ T1209] usb 9-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  750.796852][ T1209] usb 9-1: Product: syz
[  750.825847][ T1209] usb 9-1: Manufacturer: syz
[  750.841378][ T1209] usb 9-1: SerialNumber: syz
[  750.902090][ T1209] usb 9-1: config 0 descriptor??
[  750.983936][ T9699] em28xx 1-1:0.0: Registering input extension
[  751.007994][ T5826] em28xx 1-1:0.0: Closing input extension
[  751.122072][ T5826] em28xx 1-1:0.0: Freeing device
[  751.578506][ T5854] usb 9-1: USB disconnect, device number 4
[  751.980369][ T5826] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  752.192045][T15250] netlink: 'syz.6.3078': attribute type 3 has an invalid length.
[  752.231355][ T5826] usb 1-1: Using ep0 maxpacket: 16
[  752.239504][ T5826] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  752.265309][ T5826] usb 1-1: config 0 has no interface number 0
[  752.309094][ T5826] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  752.361916][ T5826] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  752.393897][ T5826] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  752.428882][ T5826] usb 1-1: Product: syz
[  752.444781][ T5826] usb 1-1: SerialNumber: syz
[  752.471302][ T5826] usb 1-1: config 0 descriptor??
[  752.582229][ T5854] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  752.583127][ T5826] cm109 1-1:0.8: invalid payload size 208, expected 4
[  752.670225][ T5826] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input20
[  752.750195][ T5854] usb 7-1: device descriptor read/64, error -71
[  753.088880][    C1] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71
[  753.096704][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.104119][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.111359][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.118692][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.125900][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.133130][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.140349][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.147596][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.154855][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.162231][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  753.189252][ T5826] usb 1-1: USB disconnect, device number 25
[  753.195556][    C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  753.357570][ T5826] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  753.361333][ T5854] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  753.828971][ T5854] usb 7-1: device descriptor read/64, error -71
[  753.995361][ T5854] usb usb7-port1: attempt power cycle
[  754.653085][ T5854] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  754.730913][ T5854] usb 7-1: device descriptor read/8, error -71
[  754.995318][ T5854] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  755.156331][ T5854] usb 7-1: device descriptor read/8, error -71
[  755.294899][ T5854] usb usb7-port1: unable to enumerate USB device
[  756.279147][T15269] cgroup: fork rejected by pids controller in /syz2
[  759.586507][T15355] netlink: 208 bytes leftover after parsing attributes in process `syz.8.3094'.
[  761.009266][T15372] netlink: 'syz.6.3101': attribute type 1 has an invalid length.
[  762.440203][T15375] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  762.523481][T15375] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  762.549902][T15355] syz.8.3094 (15355): drop_caches: 2
[  762.668410][T15372] gretap1: entered promiscuous mode
[  762.757303][T15372] bond1: (slave gretap1): making interface the new active one
[  762.826018][T15372] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  762.913322][T15385] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3104'.
[  765.795458][T15414] binder: 15412:15414 unknown command 0
[  765.821958][T15414] binder: 15412:15414 ioctl c0306201 200000000080 returned -22
[  766.810886][T15417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3116'.
[  767.139683][ T9699] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  767.321661][ T9699] usb 9-1: Using ep0 maxpacket: 8
[  768.202559][ T9699] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  768.219387][ T9699] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  768.242605][ T9699] usb 9-1: config 0 descriptor??
[  769.970258][T15455] overlayfs: failed to clone upperpath
[  770.261167][T15466] Smack: duplicate mount options
[  771.339974][ T9699] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  771.378440][ T9699] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  771.399551][ T9699] asix 9-1:0.0: probe with driver asix failed with error -71
[  771.479763][T15476] tipc: Failed to remove unknown binding: 66,1,1/0:105812840/105812842
[  771.513299][T15476] tipc: Failed to remove unknown binding: 66,1,1/0:105812840/105812842
[  771.529823][T15476] tipc: Failed to remove unknown binding: 66,1,1/0:105812840/105812842
[  772.212078][ T9699] usb 9-1: USB disconnect, device number 5
[  772.269249][T15486] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  772.278024][    T9] IPVS: starting estimator thread 0...
[  772.378839][T15489] IPVS: using max 29 ests per chain, 69600 per kthread
[  774.384728][T15524] ptrace attach of "./syz-executor exec"[15525] was attempted by "./syz-executor exec"[15524]
[  775.456421][T15543] orangefs_devreq_open: device cannot be opened in blocking mode
[  775.907028][T15553] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3160'.
[  776.901698][T15553] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3160'.
[  777.383352][T15559] netlink: 'syz.8.3162': attribute type 1 has an invalid length.
[  777.409383][T15559] 8021q: adding VLAN 0 to HW filter on device bond1
[  777.621314][T15559] vlan2: entered allmulticast mode
[  777.648663][T15559] veth1: entered allmulticast mode
[  777.663490][T15559] bond1: (slave vlan2): making interface the new active one
[  777.707646][T15559] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  778.411947][T15573] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  781.066057][T15605] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  784.347323][T15623] xt_connbytes: Forcing CT accounting to be enabled
[  784.358317][T15623] set match dimension is over the limit!
[  785.432283][T15635] JFS: charset not found
[  792.053087][   T30] kauditd_printk_skb: 256 callbacks suppressed
[  792.053112][   T30] audit: type=1326 audit(2000000299.907:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15670 comm="syz.7.3198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  792.354696][   T30] audit: type=1800 audit(2000000300.197:944): pid=15675 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3200" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  793.016773][   T30] audit: type=1326 audit(2000000300.731:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15670 comm="syz.7.3198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f07b552add9 code=0x7fc00000
[  793.340273][   T30] audit: type=1326 audit(2000000300.731:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15670 comm="syz.7.3198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f07b552ae9f code=0x7fc00000
[  793.363088][   T30] audit: type=1326 audit(2000000300.731:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15670 comm="syz.7.3198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f07b558ebe9 code=0x7fc00000
[  796.708357][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  802.220643][T15775] lo speed is unknown, defaulting to 1000
[  802.258511][T15775] lo speed is unknown, defaulting to 1000
[  802.265882][T15775] lo speed is unknown, defaulting to 1000
[  803.528029][T15783] netlink: 'syz.8.3234': attribute type 12 has an invalid length.
[  803.530049][T15775] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  803.784550][T15775] lo speed is unknown, defaulting to 1000
[  804.590748][T15775] lo speed is unknown, defaulting to 1000
[  804.597867][T15775] lo speed is unknown, defaulting to 1000
[  804.666257][T15775] lo speed is unknown, defaulting to 1000
[  804.673652][T15775] lo speed is unknown, defaulting to 1000
[  804.723508][T15775] lo speed is unknown, defaulting to 1000
[  808.630773][ T1209] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  808.801720][ T1209] usb 9-1: Using ep0 maxpacket: 16
[  808.896736][ T1209] usb 9-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  808.965328][ T1209] usb 9-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  808.998702][ T1209] usb 9-1: config 0 interface 0 has no altsetting 0
[  809.065021][ T1209] usb 9-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  809.097658][ T1209] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  809.182180][ T1209] usb 9-1: config 0 descriptor??
[  809.692113][T15828] xt_CT: No such helper "snmp"
[  810.442363][ T1209] usbhid 9-1:0.0: can't add hid device: -71
[  810.470576][ T1209] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  811.378141][ T1209] usb 9-1: USB disconnect, device number 6
[  818.623815][T15907] lo speed is unknown, defaulting to 1000
[  819.150798][T15918] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3272'.
[  823.426087][ T9699] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  823.586158][ T9699] usb 9-1: Using ep0 maxpacket: 32
[  823.606125][ T9699] usb 9-1: New USB device found, idVendor=050d, idProduct=0121, bcdDevice= 6.59
[  823.648651][ T9699] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  823.696658][ T9699] usb 9-1: Product: syz
[  823.717253][ T9699] usb 9-1: Manufacturer: syz
[  823.740870][ T9699] usb 9-1: SerialNumber: syz
[  823.782474][ T9699] usb 9-1: config 0 descriptor??
[  825.097999][ T9699] pegasus 9-1:0.0: probe with driver pegasus failed with error -32
[  825.355924][ T9699] usb 9-1: USB disconnect, device number 7
[  825.635516][   T30] audit: type=1326 audit(2000000331.328:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15970 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493678ebe9 code=0x7ffc0000
[  825.755322][   T30] audit: type=1326 audit(2000000331.328:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15970 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f493678ebe9 code=0x7ffc0000
[  825.786213][   T30] audit: type=1326 audit(2000000331.328:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15970 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493678ebe9 code=0x7ffc0000
[  825.842714][   T30] audit: type=1326 audit(2000000331.328:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15970 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f493678ebe9 code=0x7ffc0000
[  825.940564][   T30] audit: type=1326 audit(2000000331.328:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15970 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493678ebe9 code=0x7ffc0000
[  830.851146][T16019] netlink: 44 bytes leftover after parsing attributes in process `syz.7.3301'.
[  831.815613][T16035] netlink: 208 bytes leftover after parsing attributes in process `syz.7.3305'.
[  831.903566][  T977] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  831.928093][T16038] netlink: 'syz.8.3307': attribute type 1 has an invalid length.
[  832.111224][T16042] netlink: 'syz.0.3308': attribute type 1 has an invalid length.
[  832.151067][  T977] usb 7-1: config 0 has no interfaces?
[  832.374026][  T977] usb 7-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  832.583665][T16043] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3307'.
[  832.647436][  T977] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.722931][  T977] usb 7-1: Product: syz
[  832.799197][T16038] bond2: (slave veth3): Enslaving as an active interface with a down link
[  832.820856][  T977] usb 7-1: Manufacturer: syz
[  832.831677][  T977] usb 7-1: SerialNumber: syz
[  833.045839][  T977] usb 7-1: config 0 descriptor??
[  833.069566][T16043] 8021q: adding VLAN 0 to HW filter on device bond2
[  837.664218][ T9699] usb 7-1: USB disconnect, device number 20
[  839.410173][T16090] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3320'.
[  839.638933][T16086] 8021q: adding VLAN 0 to HW filter on device bond0
[  839.808126][T16086] 8021q: adding VLAN 0 to HW filter on device team0
[  839.975177][T16086] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  847.436407][T16144] lo speed is unknown, defaulting to 1000
[  849.888829][T16169] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3344'.
[  851.861522][T16193] Bluetooth: hci0: invalid length 0, exp 2 for type 30
[  851.950660][T16198] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3352'.
[  854.787354][T16220] netlink: 'syz.6.3359': attribute type 1 has an invalid length.
[  854.795856][T16220] NCSI netlink: No device for ifindex 0
[  855.717614][T16227] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3361'.
[  856.132181][T16236] netlink: 'syz.8.3364': attribute type 39 has an invalid length.
[  861.283018][T16279] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3376'.
[  862.404938][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  865.096442][T16309] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3385'.
[  865.507555][T16312] netlink: 'syz.6.3384': attribute type 1 has an invalid length.
[  865.826040][T16318] veth3: entered promiscuous mode
[  865.900082][T16318] bond2: (slave veth3): Enslaving as a backup interface with a down link
[  867.829781][ T5854] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  868.005593][ T5854] usb 1-1: Using ep0 maxpacket: 16
[  868.013158][ T5854] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  868.058981][ T5854] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  868.131959][ T5854] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  868.148246][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.187732][ T5854] usb 1-1: Product: syz
[  868.192440][ T5854] usb 1-1: Manufacturer: syz
[  868.214191][ T5854] usb 1-1: SerialNumber: syz
[  869.079822][ T5854] usb 1-1: config 0 descriptor??
[  869.201933][ T5854] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  869.230941][ T5854] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  869.497166][T16349] overlayfs: failed to clone upperpath
[  869.571048][T16351] overlayfs: failed to clone upperpath
[  869.853432][ T5854] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  869.884508][ T5854] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  870.818432][ T5854] em28xx 1-1:0.0: Unknown AC97 audio processor detected!
[  871.057117][ T5854] em28xx 1-1:0.0: couldn't setup AC97 register 2
[  871.236745][ T5854] em28xx 1-1:0.0: couldn't setup AC97 register 4
[  871.556946][ T5854] em28xx 1-1:0.0: couldn't setup AC97 register 6
[  871.696616][ T5854] em28xx 1-1:0.0: couldn't setup AC97 register 54
[  871.718425][ T5854] em28xx 1-1:0.0: couldn't setup AC97 register 56
[  872.784684][ T5854] usb 1-1: USB disconnect, device number 26
[  873.576694][T16389] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3404'.
[  874.625413][T16389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3404'.
[  876.255137][T16416] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3409'.
[  876.530259][T16423] binder_alloc: 16422: pid 16422 spamming oneway? 1 buffers allocated for a total size of 4096
[  876.559328][T16423] binder_alloc: 16422: pid 16422 spamming oneway? 2 buffers allocated for a total size of 5120
[  880.943898][T16241] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  881.200421][T16241] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  881.221501][T16241] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  881.236797][T16241] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  881.267151][T16241] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  881.500901][T16241] usb 7-1: SerialNumber: syz
[  882.154449][T16241] usb 7-1: 0:2 : does not exist
[  882.179185][T16241] usb 7-1: USB disconnect, device number 21
[  882.328876][T15905] udevd[15905]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  885.217533][T16241] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  885.540583][T16241] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  885.593512][T16241] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  885.635066][T16241] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.685982][T16241] usb 9-1: config 0 descriptor??
[  885.730741][T16500] overlayfs: failed to clone upperpath
[  885.912616][ T5854] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  886.105063][ T5854] usb 1-1: Using ep0 maxpacket: 32
[  886.123432][ T5854] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  886.136574][ T5854] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  886.160622][T16241] keytouch 0003:0926:3333.0018: fixing up Keytouch IEC report descriptor
[  886.193023][ T5854] usb 1-1: config 0 has no interface number 0
[  886.330945][ T5854] usb 1-1: config 0 interface 8 altsetting 248 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  886.393934][T16241] input: HID 0926:3333 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0926:3333.0018/input/input21
[  886.564416][ T5854] usb 1-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  886.639564][ T5854] usb 1-1: config 0 interface 8 has no altsetting 0
[  886.678499][ T5854] usb 1-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  886.722271][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  886.757343][ T5854] usb 1-1: Product: syz
[  886.762773][ T5854] usb 1-1: Manufacturer: syz
[  886.785501][ T5854] usb 1-1: SerialNumber: syz
[  886.825448][T16241] keytouch 0003:0926:3333.0018: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.8-1/input0
[  886.873574][T16241] usb 9-1: USB disconnect, device number 8
[  886.897398][ T5854] usb 1-1: config 0 descriptor??
[  887.388358][T16496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  887.443852][T16496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  887.569565][T16496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  887.633996][T16496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  887.765090][ T5854] ath6kl: Failed to submit usb control message: -71
[  887.785526][ T5854] ath6kl: unable to send the bmi data to the device: -71
[  887.847637][ T5854] ath6kl: Unable to send get target info: -71
[  888.307420][ T5854] ath6kl: Failed to init ath6kl core: -71
[  889.126087][ T5854] ath6kl_usb 1-1:0.8: probe with driver ath6kl_usb failed with error -71
[  889.126564][T16511] fido_id[16511]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  889.144477][ T5854] usb 1-1: USB disconnect, device number 27
[  889.482542][T16525] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3442'.
[  892.722250][T16241] delete_channel: no stack
[  894.091428][T16555] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3451'.
[  896.071064][T16568] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  896.285708][T16579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3459'.
[  898.325357][T16622] netlink: 'syz.2.3470': attribute type 7 has an invalid length.
[  899.410745][T16622] : entered promiscuous mode
[  900.334230][T16634] netlink: 'syz.6.3473': attribute type 21 has an invalid length.
[  902.319391][T16649] lo: entered allmulticast mode
[  902.392173][T16649] dvmrp1: entered allmulticast mode
[  902.460268][T16648] lo: left allmulticast mode
[  903.105675][T16655] input: syz0 as /devices/virtual/input/input22
[  906.588144][ T5972] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  906.765231][ T5972] usb 7-1: New USB device found, idVendor=045b, idProduct=0212, bcdDevice=28.97
[  906.799283][ T5972] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  906.847000][ T5972] usb 7-1: Product: syz
[  906.868837][ T5972] usb 7-1: Manufacturer: syz
[  906.886494][ T5972] usb 7-1: SerialNumber: syz
[  906.918473][ T5972] usb 7-1: config 0 descriptor??
[  906.943450][ T5972] upd78f0730 7-1:0.0: upd78f0730 converter detected
[  906.991621][ T5972] usb 7-1: upd78f0730 converter now attached to ttyUSB0
[  907.182141][T16686] sch_tbf: burst 1023 is lower than device lo mtu (11337746) !
[  908.492901][ T5972] usb 7-1: USB disconnect, device number 22
[  908.830638][ T5972] upd78f0730 ttyUSB0: upd78f0730 converter now disconnected from ttyUSB0
[  908.847167][ T5972] upd78f0730 7-1:0.0: device disconnected
[  909.806767][T16695] netlink: 'syz.0.3494': attribute type 1 has an invalid length.
[  909.892090][T16695] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3494'.
[  912.103560][T16723] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  914.553664][T16750] netlink: 'syz.8.3509': attribute type 2 has an invalid length.
[  915.444746][ T5979] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  915.504691][ T5979] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  918.059668][T16773] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.3517'.
[  918.798836][T16767] fido_id[16767]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  921.432373][T16792] overlayfs: failed to clone upperpath
[  922.213049][T16806] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3528'.
[  922.262863][T16806] batman_adv: batadv0: Interface deactivated: dummy0
[  922.405188][T16806] batman_adv: batadv0: Removing interface: dummy0
[  922.739466][T16812] overlayfs: failed to clone upperpath
[  925.902889][T16838] tipc: Cannot configure node identity twice
[  928.200402][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  929.833115][T16875] overlayfs: failed to clone upperpath
[  932.154352][T16874] comedi comedi2: reset error (fatal)
[  933.150507][T16900] afs: Bad value for 'source'
[  944.106496][T16967] ptrace attach of "./syz-executor exec"[9339] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  945.990818][   T30] audit: type=1804 audit(2000000443.912:953): pid=16985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.3578" name="/newroot/682/file1" dev="fuse" ino=1 res=1 errno=0
[  946.359819][   T30] audit: type=1804 audit(2000000443.912:954): pid=16985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.3578" name="/newroot/682/file1" dev="fuse" ino=1 res=1 errno=0
[  946.443440][   T30] audit: type=1800 audit(2000000443.912:955): pid=16985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.3578" name="/" dev="fuse" ino=1 res=0 errno=0
[  948.062387][T16999] vivid-001: disconnect
[  949.655104][T17011] netlink: 'syz.8.3587': attribute type 83 has an invalid length.
[  951.865185][T16996] vivid-001: reconnect
[  954.225487][   T30] audit: type=1800 audit(2000000451.592:956): pid=17038 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.3594" name="/" dev="9p" ino=14355223812286978 res=0 errno=0
[  955.106406][T17040] block device autoloading is deprecated and will be removed.
[  958.951105][T17085] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3611'.
[  965.395271][T17136] xt_TCPMSS: Only works on TCP SYN packets
[  970.345527][T17191] ptrace attach of ""[17194] was attempted by "./syz-executor exec"[17191]
[  972.478046][T17205] bridge0: port 1(bridge_slave_0) entered disabled state
[  972.489414][T17205] bridge0: port 2(bridge_slave_1) entered disabled state
[  976.634656][ T5972] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  976.921661][ T5972] usb 7-1: Using ep0 maxpacket: 16
[  976.930921][ T5972] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  977.747680][ T5972] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  977.751935][T17248] orangefs_mount: mount request failed with -4
[  977.853068][ T5972] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  977.873182][ T5972] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  977.889128][ T5972] usb 7-1: Product: syz
[  977.894452][ T5972] usb 7-1: Manufacturer: syz
[  977.901770][ T5972] usb 7-1: SerialNumber: syz
[  977.920012][ T5972] usb 7-1: config 0 descriptor??
[  978.007073][ T5972] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  978.036909][ T5972] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  978.716214][ T5972] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  978.729025][ T5972] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  979.014373][T17269] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  979.510926][ T5972] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[  979.730543][T17285] netlink: 277 bytes leftover after parsing attributes in process `syz.7.3668'.
[  979.748993][ T5972] em28xx 7-1:0.0: couldn't setup AC97 register 2
[  979.791746][ T5972] em28xx 7-1:0.0: couldn't setup AC97 register 4
[  979.815400][ T5972] em28xx 7-1:0.0: couldn't setup AC97 register 6
[  980.225182][T17294] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3671'.
[  980.914901][ T5972] em28xx 7-1:0.0: couldn't setup AC97 register 54
[  981.010915][ T5972] em28xx 7-1:0.0: couldn't setup AC97 register 56
[  981.078909][ T5972] usb 7-1: USB disconnect, device number 23
[  985.165527][T17344] virtio-fs: tag </dev/md0> not found
[  987.805899][T17349] delete_channel: no stack
[  993.871140][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  994.406023][T17404] sch_fq: defrate 2048 ignored.
[  994.547716][T17406] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3702'.
[  994.647950][T17406] netlink: 62 bytes leftover after parsing attributes in process `syz.6.3702'.
[  998.615173][T17436] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1003.406443][T17479] Cannot find add_set index 4 as target
[ 1004.092178][T17487] vlan3: entered promiscuous mode
[ 1004.098579][T17487] vlan3: entered allmulticast mode
[ 1004.104656][T17487] hsr_slave_1: entered allmulticast mode
[ 1004.131741][T17487] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3728'.
[ 1015.963647][ T5826] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1017.011868][ T5826] usb 1-1: Using ep0 maxpacket: 8
[ 1017.122263][ T5826] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1017.131727][ T5826] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1017.323169][ T5826] usb 1-1: can't read configurations, error -71
[ 1017.680416][   T30] audit: type=1326 audit(2000000510.971:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17602 comm="syz.2.3757" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f493678ebe9 code=0x0
[ 1019.187470][T17621] befs: (nullb0): invalid magic header
[ 1020.021130][T17624] fuse: Bad value for 'fd'
[ 1020.714099][T17631] netlink: 'syz.6.3764': attribute type 1 has an invalid length.
[ 1020.722785][T17631] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3764'.
[ 1020.846777][ T5972] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1021.493635][ T5972] usb 1-1: Using ep0 maxpacket: 8
[ 1021.532868][ T5972] usb 1-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56
[ 1021.574128][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.760477][ T5972] usb 1-1: config 0 descriptor??
[ 1021.781619][ T5972] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[ 1021.792327][ T5972] ftdi_sio ttyUSB0: unknown device type: 0x256
[ 1023.677005][ T9699] usb 1-1: USB disconnect, device number 30
[ 1023.694063][ T9699] ftdi_sio 1-1:0.0: device disconnected
[ 1027.529226][T17685] netlink: 'syz.6.3778': attribute type 10 has an invalid length.
[ 1027.575900][T17685] ptrace attach of "./syz-executor exec"[9339] was attempted by ""[17685]
[ 1028.432989][T17694] syz.0.3780: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 1028.451824][T17694] CPU: 1 UID: 0 PID: 17694 Comm: syz.0.3780 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1028.451856][T17694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1028.451869][T17694] Call Trace:
[ 1028.451879][T17694]  <TASK>
[ 1028.451889][T17694]  dump_stack_lvl+0x189/0x250
[ 1028.451921][T17694]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1028.451956][T17694]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1028.451980][T17694]  ? __pfx__printk+0x10/0x10
[ 1028.452010][T17694]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1028.452038][T17694]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1028.452075][T17694]  warn_alloc+0x214/0x310
[ 1028.452100][T17694]  ? stack_depot_save_flags+0x40/0x900
[ 1028.452129][T17694]  ? __pfx_warn_alloc+0x10/0x10
[ 1028.452157][T17694]  ? kasan_save_track+0x4f/0x80
[ 1028.452189][T17694]  ? xskq_create+0x56/0x170
[ 1028.452208][T17694]  ? xsk_init_queue+0xb0/0x110
[ 1028.452225][T17694]  ? xsk_setsockopt+0x43f/0x710
[ 1028.452254][T17694]  ? do_sock_setsockopt+0x179/0x1b0
[ 1028.452283][T17694]  ? __x64_sys_setsockopt+0x13f/0x1b0
[ 1028.452310][T17694]  ? do_syscall_64+0xfa/0x3b0
[ 1028.452331][T17694]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1028.452361][T17694]  __vmalloc_node_range_noprof+0x125/0x12f0
[ 1028.452422][T17694]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1028.452454][T17694]  ? __kasan_kmalloc+0x93/0xb0
[ 1028.452478][T17694]  vmalloc_user_noprof+0xad/0xf0
[ 1028.452501][T17694]  ? xskq_create+0xbf/0x170
[ 1028.452523][T17694]  xskq_create+0xbf/0x170
[ 1028.452547][T17694]  xsk_init_queue+0xb0/0x110
[ 1028.452572][T17694]  xsk_setsockopt+0x43f/0x710
[ 1028.452608][T17694]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1028.452643][T17694]  ? security_socket_setsockopt+0x18/0x2c0
[ 1028.452668][T17694]  ? bpf_lsm_socket_setsockopt+0x4/0x20
[ 1028.452693][T17694]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1028.452722][T17694]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1028.452756][T17694]  do_sock_setsockopt+0x179/0x1b0
[ 1028.452793][T17694]  __x64_sys_setsockopt+0x13f/0x1b0
[ 1028.452831][T17694]  do_syscall_64+0xfa/0x3b0
[ 1028.452852][T17694]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1028.452875][T17694]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1028.452897][T17694]  ? clear_bhb_loop+0x60/0xb0
[ 1028.452923][T17694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1028.452943][T17694] RIP: 0033:0x7f27a9f8ebe9
[ 1028.452962][T17694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1028.452980][T17694] RSP: 002b:00007f27aad5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1028.453003][T17694] RAX: ffffffffffffffda RBX: 00007f27aa1b6090 RCX: 00007f27a9f8ebe9
[ 1028.453018][T17694] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[ 1028.453030][T17694] RBP: 00007f27aa011e19 R08: 0000000000000004 R09: 0000000000000000
[ 1028.453043][T17694] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1028.453056][T17694] R13: 00007f27aa1b6128 R14: 00007f27aa1b6090 R15: 00007ffd16f07f08
[ 1028.453093][T17694]  </TASK>
[ 1028.806121][T17694] Mem-Info:
[ 1028.810902][T17694] active_anon:13017 inactive_anon:11406 isolated_anon:0
[ 1028.810902][T17694]  active_file:21746 inactive_file:38740 isolated_file:0
[ 1028.810902][T17694]  unevictable:768 dirty:150 writeback:0
[ 1028.810902][T17694]  slab_reclaimable:11018 slab_unreclaimable:107653
[ 1028.810902][T17694]  mapped:30492 shmem:19203 pagetables:1245
[ 1028.810902][T17694]  sec_pagetables:0 bounce:0
[ 1028.810902][T17694]  kernel_misc_reclaimable:0
[ 1028.810902][T17694]  free:1261260 free_pcp:20753 free_cma:0
[ 1028.864437][T17694] Node 0 active_anon:52068kB inactive_anon:45624kB active_file:86672kB inactive_file:154960kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121892kB dirty:600kB writeback:0kB shmem:75276kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12260kB pagetables:4848kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1028.912583][T17694] Node 1 active_anon:0kB inactive_anon:0kB active_file:312kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:76kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1028.958699][T17694] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1029.002505][T17694] lowmem_reserve[]: 0 2500 2502 2502 2502
[ 1029.020012][T17694] Node 0 DMA32 free:1134060kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52064kB inactive_anon:45580kB active_file:84912kB inactive_file:154892kB unevictable:1536kB writepending:600kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:61980kB local_pcp:28636kB free_cma:0kB
[ 1029.059023][T17694] lowmem_reserve[]: 0 0 1 1 1
[ 1029.077095][T17694] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1760kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1029.195323][T17694] lowmem_reserve[]: 0 0 0 0 0
[ 1029.599425][T17694] Node 1 Normal free:3895600kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:312kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21024kB local_pcp:12704kB free_cma:0kB
[ 1029.632976][T17694] lowmem_reserve[]: 0 0 0 0 0
[ 1029.647708][T17694] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1029.703008][T17694] Node 0 DMA32: 578*4kB (UME) 916*8kB (UME) 268*16kB (UME) 1393*32kB (UME) 211*64kB (UME) 45*128kB (UME) 26*256kB (UME) 18*512kB (UM) 10*1024kB (UME) 5*2048kB (UME) 251*4096kB (UM) = 1142216kB
[ 1029.723368][T17694] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 1029.740723][T17694] Node 1 Normal: 178*4kB (UME) 39*8kB (UME) 41*16kB (UE) 223*32kB (UME) 75*64kB (UME) 18*128kB (UME) 5*256kB (UM) 3*512kB (M) 4*1024kB (UME) 3*2048kB (UME) 944*4096kB (M) = 3895600kB
[ 1029.782614][T17694] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1029.878233][T17694] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1029.957123][T17694] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1030.246676][T17694] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1030.264455][T17694] 82538 total pagecache pages
[ 1031.073577][T17694] 0 pages in swap cache
[ 1031.111579][T17694] Free swap  = 124996kB
[ 1031.121765][T17694] Total swap = 124996kB
[ 1031.187475][T17694] 2097051 pages RAM
[ 1031.230264][T17694] 0 pages HighMem/MovableOnly
[ 1031.263723][T17694] 424695 pages reserved
[ 1031.271938][T17694] 0 pages cma reserved
[ 1032.969079][    T9] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1033.145031][    T9] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1033.159036][T17719] wg2: left promiscuous mode
[ 1033.336504][T17719] gretap1: left promiscuous mode
[ 1033.345481][T17719] veth3: left promiscuous mode
[ 1033.371224][   T30] audit: type=1326 audit(2000000525.648:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.399315][   T30] audit: type=1326 audit(2000000525.648:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.426691][   T30] audit: type=1326 audit(2000000525.648:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.457114][   T30] audit: type=1326 audit(2000000525.648:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.534180][   T30] audit: type=1326 audit(2000000525.648:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.563604][   T30] audit: type=1326 audit(2000000525.648:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.658577][   T30] audit: type=1326 audit(2000000525.648:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.712523][   T30] audit: type=1326 audit(2000000525.648:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.807711][   T30] audit: type=1326 audit(2000000525.648:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1033.964158][   T30] audit: type=1326 audit(2000000525.648:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17729 comm="syz.7.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07b558ebe9 code=0x7ffc0000
[ 1034.061371][T17739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'.
[ 1034.076982][T17739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'.
[ 1034.108567][T17739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'.
[ 1034.205270][T17746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'.
[ 1034.215426][T17746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3796'.
[ 1034.310629][T17748] netlink: 1041 bytes leftover after parsing attributes in process `syz.8.3798'.
[ 1035.250114][T17755] netlink: 'syz.0.3801': attribute type 10 has an invalid length.
[ 1039.813608][T17798] overlayfs: failed to clone upperpath
[ 1041.460077][T17814] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3819'.
[ 1042.084460][T17817] hfs: unable to load iocharset "io#harset"
[ 1046.355050][T17856] overlayfs: failed to clone lowerpath
[ 1046.431894][   T30] kauditd_printk_skb: 16 callbacks suppressed
[ 1046.431921][   T30] audit: type=1326 audit(2000000537.864:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1046.662504][   T30] audit: type=1326 audit(2000000537.864:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1046.749520][   T30] audit: type=1326 audit(2000000537.901:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1046.984279][   T30] audit: type=1326 audit(2000000537.901:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1047.694289][   T30] audit: type=1326 audit(2000000537.901:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1047.854575][   T30] audit: type=1326 audit(2000000537.901:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1047.885036][   T30] audit: type=1326 audit(2000000537.901:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1047.978160][   T30] audit: type=1326 audit(2000000537.901:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1048.056902][   T30] audit: type=1326 audit(2000000537.901:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1048.453341][   T30] audit: type=1326 audit(2000000537.901:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17859 comm="syz.0.3832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27a9f8ebe9 code=0x7ffc0000
[ 1050.200817][T17896] overlayfs: failed to clone upperpath
[ 1055.777047][T17941] netfs: Couldn't get user pages (rc=-14)
[ 1055.788416][T17941] netfs: Zero-sized read [R=8]
[ 1056.550271][T17950] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095
[ 1059.470914][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1066.874751][T18049] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3879'.
[ 1069.869268][T18072] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3891'.
[ 1070.220928][T18079] Bluetooth: MGMT ver 1.23
[ 1071.526686][T18095] delete_channel: no stack
[ 1074.654349][T18109] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3903'.
[ 1076.302575][T18120] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1076.588264][T15076] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1076.606242][T15076] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1076.627113][T15076] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1076.647985][T15076] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1076.664960][T15076] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1076.912938][T18121] lo speed is unknown, defaulting to 1000
[ 1078.586446][T18121] chnl_net:caif_netlink_parms(): no params data found
[ 1078.888848][T15076] Bluetooth: hci5: command tx timeout
[ 1081.087991][T15076] Bluetooth: hci5: command tx timeout
[ 1081.115674][T18121] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1081.441938][T18121] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1081.499178][T18121] bridge_slave_0: entered allmulticast mode
[ 1081.520141][T18121] bridge_slave_0: entered promiscuous mode
[ 1082.317051][T18121] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1082.395527][T18121] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1082.533005][T18121] bridge_slave_1: entered allmulticast mode
[ 1082.542956][T18121] bridge_slave_1: entered promiscuous mode
[ 1083.507011][T18187] netlink: 'syz.7.3922': attribute type 1 has an invalid length.
[ 1083.517535][T15076] Bluetooth: hci5: command tx timeout
[ 1083.838423][T18187] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1083.953389][T18186] vlan2: entered allmulticast mode
[ 1083.959268][T18186] veth1: entered allmulticast mode
[ 1083.967530][T18186] bond1: (slave vlan2): Opening slave failed
[ 1084.192662][T18121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1084.219312][T18197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1085.057188][T18121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1085.973233][T15076] Bluetooth: hci5: command tx timeout
[ 1086.055843][T18121] team0: Port device team_slave_0 added
[ 1086.071422][T18121] team0: Port device team_slave_1 added
[ 1087.690590][T18121] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1087.728505][T18121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1087.757904][T18121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1087.773766][T18121] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1087.781792][T18121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1087.811405][T18121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1088.216394][T18235] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1088.851472][T18245] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3940'.
[ 1089.357418][T18121] hsr_slave_0: entered promiscuous mode
[ 1089.364158][T18121] hsr_slave_1: entered promiscuous mode
[ 1090.111239][T18121] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1090.119307][T18121] Cannot create hsr debugfs directory
[ 1094.853022][T18121] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1094.972275][T18295] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3953'.
[ 1095.886836][T18121] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1095.957858][T18121] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1096.013368][T18121] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1097.299257][    T9] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0
[ 1097.666835][    T9] hid-generic 0000:0000:0000.001B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1098.043937][T18308] mac80211_hwsim hwsim7 wlan0: left promiscuous mode
[ 1098.119297][ T5979] lo speed is unknown, defaulting to 1000
[ 1099.027927][T18121] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1099.101262][T18121] 8021q: adding VLAN 0 to HW filter on device team0
[ 1099.140358][T17651] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1099.148363][T17651] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1099.232649][ T6110] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1099.240375][ T6110] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1099.293406][T18322] pimreg: entered allmulticast mode
[ 1100.016263][T18331] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.3962'.
[ 1102.260287][T18351] netlink: 'syz.7.3967': attribute type 10 has an invalid length.
[ 1102.886630][T18351] team0: Device hsr_slave_0 failed to register rx_handler
[ 1104.885982][T18121] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1105.244778][T18374] netlink: 'syz.0.3977': attribute type 10 has an invalid length.
[ 1105.584347][T18379] gretap2: left promiscuous mode
[ 1105.611796][T18385] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3979'.
[ 1105.636099][T18385] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3979'.
[ 1105.646861][T18385] netlink: 36 bytes leftover after parsing attributes in process `syz.8.3979'.
[ 1106.090939][T18121] veth0_vlan: entered promiscuous mode
[ 1106.109374][T18121] veth1_vlan: entered promiscuous mode
[ 1106.167594][T18121] veth0_macvtap: entered promiscuous mode
[ 1106.226355][T18121] veth1_macvtap: entered promiscuous mode
[ 1106.265704][T18121] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1106.289128][T18121] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1106.308201][T18121] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.342174][T18121] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.362634][T18121] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.381418][T18121] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1107.054860][ T6101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1107.086011][ T6101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1107.299726][ T6105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1107.343570][ T6105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1110.473160][   T30] kauditd_printk_skb: 23 callbacks suppressed
[ 1110.473181][   T30] audit: type=1326 audit(2000000597.767:1017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18439 comm="syz.7.3993" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f07b558ebe9 code=0x0
[ 1110.684986][T18444] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3994'.
[ 1110.939221][T16241] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1111.134992][T16241] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1111.755626][T16241] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1111.828637][T16241] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[ 1111.899962][T16241] usb 10-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00
[ 1111.942721][T16241] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1111.979316][T16241] usb 10-1: config 0 descriptor??
[ 1114.349175][    C0] hrtimer: interrupt took 48367 ns
[ 1115.199103][T15076] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[ 1115.271968][T16241] usbhid 10-1:0.0: can't add hid device: -71
[ 1115.297870][T16241] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1115.368907][T16241] usb 10-1: USB disconnect, device number 2
[ 1115.714691][T18480] syz.0.4003: attempt to access beyond end of device
[ 1115.714691][T18480] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1115.729501][T18480] hpfs: hpfs_map_sector(): read error
[ 1116.669273][T18479] netlink: 76 bytes leftover after parsing attributes in process `syz.9.4006'.
[ 1119.509512][T18501] GUP no longer grows the stack in syz.8.4014 (18501): 200000003000-20000000a000 (200000001000)
[ 1119.771350][T18501] CPU: 1 UID: 0 PID: 18501 Comm: syz.8.4014 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1119.771387][T18501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1119.771400][T18501] Call Trace:
[ 1119.771413][T18501]  <TASK>
[ 1119.771425][T18501]  dump_stack_lvl+0x189/0x250
[ 1119.771465][T18501]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1119.771487][T18501]  ? __pfx__printk+0x10/0x10
[ 1119.771512][T18501]  ? find_vma+0xe7/0x160
[ 1119.771551][T18501]  __get_user_pages+0x2a60/0x30b0
[ 1119.771628][T18501]  ? __pfx___get_user_pages+0x10/0x10
[ 1119.771667][T18501]  __gup_longterm_locked+0xd66/0x15b0
[ 1119.771701][T18501]  ? try_grab_folio_fast+0x35b/0x4f0
[ 1119.771726][T18501]  ? sanity_check_pinned_pages+0x11c8/0x12c0
[ 1119.771765][T18501]  gup_fast_fallback+0x1cd4/0x2260
[ 1119.771791][T18501]  ? is_bpf_text_address+0x26/0x2b0
[ 1119.771856][T18501]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 1119.771881][T18501]  ? stack_trace_save+0x9c/0xe0
[ 1119.771910][T18501]  ? stack_depot_save_flags+0x40/0x900
[ 1119.771943][T18501]  ? pin_user_pages_fast+0x4d/0xb0
[ 1119.771975][T18501]  iov_iter_extract_pages+0x35a/0x5e0
[ 1119.772015][T18501]  extract_iter_to_sg+0xe46/0x24e0
[ 1119.772061][T18501]  ? __pfx_extract_iter_to_sg+0x10/0x10
[ 1119.772111][T18501]  ? __asan_memset+0x22/0x50
[ 1119.772156][T18501]  af_alg_get_rsgl+0x436/0x810
[ 1119.772204][T18501]  aead_recvmsg+0x4cc/0x13f0
[ 1119.772260][T18501]  ? __pfx_aead_recvmsg+0x10/0x10
[ 1119.772282][T18501]  ? trace_sched_exit_tp+0x38/0x120
[ 1119.772313][T18501]  ? __schedule+0x16c8/0x4c90
[ 1119.772336][T18501]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1119.772365][T18501]  ? __pfx_aead_recvmsg+0x10/0x10
[ 1119.772388][T18501]  sock_recvmsg_nosec+0x183/0x1c0
[ 1119.772419][T18501]  ____sys_recvmsg+0x3aa/0x460
[ 1119.772449][T18501]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1119.772489][T18501]  ? import_iovec+0x74/0xa0
[ 1119.772519][T18501]  ___sys_recvmsg+0x1b5/0x510
[ 1119.772546][T18501]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1119.772618][T18501]  ? __might_fault+0xb0/0x130
[ 1119.772644][T18501]  do_recvmmsg+0x307/0x770
[ 1119.772678][T18501]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1119.772693][T18501]  ? __ia32_sys_rt_sigreturn+0x6a2/0x7b0
[ 1119.772739][T18501]  ? __pfx_do_futex+0x10/0x10
[ 1119.772786][T18501]  __x64_sys_recvmmsg+0x190/0x240
[ 1119.772810][T18501]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1119.772827][T18501]  ? rcu_is_watching+0x15/0xb0
[ 1119.772857][T18501]  ? do_syscall_64+0xbe/0x3b0
[ 1119.772886][T18501]  do_syscall_64+0xfa/0x3b0
[ 1119.772906][T18501]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1119.772926][T18501]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.772945][T18501]  ? clear_bhb_loop+0x60/0xb0
[ 1119.772971][T18501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.772990][T18501] RIP: 0033:0x7fcbd478ebe9
[ 1119.773011][T18501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1119.773028][T18501] RSP: 002b:00007fcbd5516038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1119.773052][T18501] RAX: ffffffffffffffda RBX: 00007fcbd49b5fa0 RCX: 00007fcbd478ebe9
[ 1119.773067][T18501] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000008
[ 1119.773080][T18501] RBP: 00007fcbd4811e19 R08: 0000000000000000 R09: 0000000000000000
[ 1119.773092][T18501] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000000
[ 1119.773104][T18501] R13: 00007fcbd49b6038 R14: 00007fcbd49b5fa0 R15: 00007fff72c42668
[ 1119.773150][T18501]  </TASK>
[ 1120.254921][T18510] overlay: Unknown parameter '/'
[ 1124.512343][T18550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1125.318295][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1129.297200][T18579] syz.9.4034: attempt to access beyond end of device
[ 1129.297200][T18579] nbd9: rw=6144, sector=128, nr_sectors = 8 limit=0
[ 1129.312089][T18579] gfs2: error -5 reading superblock
[ 1130.442871][T18581] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4035'.
[ 1137.765891][T18640] random: crng reseeded on system resumption
[ 1138.435623][T18634] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4053'.
[ 1141.359208][T18666] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1145.965074][T18685] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1146.010027][T18687] bond6: (slave ip6gretap1): Enslaving as a backup interface with an up link
[ 1147.195807][T17651] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1148.757490][T17651] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1155.578935][T18746] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4080'.
[ 1155.784410][ T8709] bond6: (slave ip6gretap1): link status up again after 0 ms
[ 1155.809492][T11643] bond6: (slave ip6gretap1): link status up again after 0 ms
[ 1155.817492][T11643] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1156.558513][T18747] netlink: 'syz.2.4079': attribute type 16 has an invalid length.
[ 1156.625899][T17910] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1156.876780][T11643] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1156.929017][T18755] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4082'.
[ 1157.960121][T17910] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1158.557149][T11643] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1160.950431][ T6109] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1161.067628][ T6109] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1162.152709][ T6101] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1162.234102][ T9699] IPVS: starting estimator thread 0...
[ 1162.339428][T18787] IPVS: using max 24 ests per chain, 57600 per kthread
[ 1162.373314][T11643] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1164.636163][ T6119] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1164.700978][   T30] audit: type=1326 audit(2000000648.494:1018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18800 comm="syz.8.4094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcbd478ebe9 code=0x0
[ 1164.767659][T17910] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1164.906322][T17910] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1165.985201][ T6115] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1166.104001][ T6115] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1167.436753][T18824] overlayfs: failed to clone upperpath
[ 1167.451328][ T6119] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1167.669359][ T6115] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1167.819222][ T8709] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1168.995782][ T6119] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1169.522782][ T6101] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1169.553007][T18845] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4103'.
[ 1169.662595][T17651] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1170.614836][ T6101] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1170.742774][ T6119] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1170.874363][T17651] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1172.391215][ T6101] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1173.267997][T18873] netlink: 32 bytes leftover after parsing attributes in process `syz.9.4111'.
[ 1173.312413][T18873] netlink: 32 bytes leftover after parsing attributes in process `syz.9.4111'.
[ 1173.341902][ T6115] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1173.517223][ T6115] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1173.660464][ T6119] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1174.334347][T17910] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1176.484587][T18903] overlayfs: failed to clone upperpath
[ 1181.465795][T18933] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[ 1190.833897][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1193.345378][ T5856] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1193.366938][ T5856] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1193.395273][ T5856] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1193.436033][ T5856] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1193.458981][ T5856] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1195.686805][ T5856] Bluetooth: hci6: command tx timeout
[ 1196.228888][   T30] audit: type=1800 audit(2000000677.968:1019): pid=19013 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.4145" name="bus" dev="ramfs" ino=66602 res=0 errno=0
[ 1197.898492][ T5856] Bluetooth: hci6: command tx timeout
[ 1200.156454][ T5856] Bluetooth: hci6: command tx timeout
[ 1202.344672][ T5856] Bluetooth: hci6: command tx timeout
[ 1203.117376][T15076] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1203.182445][T15076] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1203.206488][T15076] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1203.254841][T15076] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1203.275535][T15076] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1204.772903][ T5856] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1204.795803][ T5856] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1204.827307][ T5856] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1204.867396][ T5856] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1204.917123][ T5856] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1205.594035][ T5856] Bluetooth: hci7: command tx timeout
[ 1206.625323][T19050] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4155'.
[ 1206.675324][ T6109] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1206.767352][T19051] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4155'.
[ 1206.930039][ T6107] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1206.994145][T19011] lo speed is unknown, defaulting to 1000
[ 1207.002357][T19055] lo speed is unknown, defaulting to 1000
[ 1207.053039][T17651] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1207.137818][ T5856] Bluetooth: hci8: command tx timeout
[ 1207.193107][T19060] lo speed is unknown, defaulting to 1000
[ 1207.205998][ T8709] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1207.827718][ T5856] Bluetooth: hci7: command tx timeout
[ 1207.886355][ T8709] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1208.132187][ T6119] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1208.556771][ T6109] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1208.747562][ T6110] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1209.483368][ T5856] Bluetooth: hci8: command tx timeout
[ 1209.489378][ T5856] Bluetooth: hci5: command 0x0406 tx timeout
[ 1210.014152][ T6107] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1210.044760][T15076] Bluetooth: hci7: command tx timeout
[ 1210.506181][ T8709] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1210.525672][ T8709] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1210.689664][   T31] INFO: task syz-executor:9339 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1210.731419][   T31]       Not tainted 6.16.0-syzkaller #0
[ 1210.815506][T19093] new mount options do not match the existing superblock, will be ignored
[ 1211.522719][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1211.533261][   T31] task:syz-executor    state:D stack:20664 pid:9339  tgid:9339  ppid:1      task_flags:0x400140 flags:0x00004004
[ 1211.546553][   T31] Call Trace:
[ 1211.657106][ T6107] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1211.694468][   T31]  <TASK>
[ 1211.708689][T15076] Bluetooth: hci8: command tx timeout
[ 1211.708796][   T31]  __schedule+0x16aa/0x4c90
[ 1211.719470][   T31]  ? schedule+0x165/0x360
[ 1211.723966][   T31]  ? __pfx___schedule+0x10/0x10
[ 1211.729177][   T31]  ? schedule+0x91/0x360
[ 1211.733774][   T31]  schedule+0x165/0x360
[ 1211.738146][   T31]  v9fs_evict_inode+0x170/0x320
[ 1211.815530][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[ 1211.821579][   T31]  ? __pfx_var_wake_function+0x10/0x10
[ 1211.875915][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1211.933414][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[ 1211.957367][   T31]  evict+0x501/0x9c0
[ 1211.969507][   T31]  ? __pfx_evict+0x10/0x10
[ 1211.974274][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1212.003694][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1212.022396][   T31]  ? iput+0x6d8/0x9d0
[ 1212.026673][   T31]  __dentry_kill+0x209/0x660
[ 1212.043223][   T31]  ? dput+0x37/0x2b0
[ 1212.047261][   T31]  dput+0x19f/0x2b0
[ 1212.058687][   T31]  shrink_dcache_for_umount+0xa0/0x170
[ 1212.068581][   T31]  generic_shutdown_super+0x67/0x2c0
[ 1212.075282][   T31]  kill_anon_super+0x3b/0x70
[ 1212.080477][   T31]  v9fs_kill_super+0x4c/0x90
[ 1212.086026][   T31]  deactivate_locked_super+0xbc/0x130
[ 1212.091913][   T31]  cleanup_mnt+0x425/0x4c0
[ 1212.097425][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1212.102956][   T31]  task_work_run+0x1d1/0x260
[ 1212.107824][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1212.113150][   T31]  ? __x64_sys_umount+0x122/0x160
[ 1212.118750][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1212.124369][   T31]  exit_to_user_mode_loop+0xec/0x110
[ 1212.130405][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1212.130677][T17633] net_ratelimit: 2 callbacks suppressed
[ 1212.130694][T17633] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1212.135461][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1212.155481][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1212.162570][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1212.167363][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1212.173405][   T31] RIP: 0033:0x7fba0318ff17
[ 1212.178238][   T31] RSP: 002b:00007ffe46236358 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1212.187835][   T31] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fba0318ff17
[ 1212.196683][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe46236410
[ 1212.204951][   T31] RBP: 00007ffe46236410 R08: 0000000000000000 R09: 0000000000000000
[ 1212.214337][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe462374a0
[ 1212.223999][   T31] R13: 00007fba03211c05 R14: 00000000000f3121 R15: 00007ffe462374e0
[ 1212.232563][   T31]  </TASK>
[ 1212.235771][   T31] 
[ 1212.235771][   T31] Showing all locks held in the system:
[ 1212.264744][T15076] Bluetooth: hci7: command tx timeout
[ 1212.276435][T11643] bond6: (slave ip6gretap1): failed to get link speed/duplex
[ 1212.332109][   T31] 1 lock held by khungtaskd/31:
[ 1212.337664][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1212.427786][   T31] 2 locks held by getty/5601:
[ 1212.433307][   T31]  #0: ffff888030ba30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1212.521210][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1212.531591][   T31] 4 locks held by kworker/0:3/5854:
[ 1212.607200][   T31] 2 locks held by kworker/u8:11/6099:
[ 1212.612854][   T31]  #0: ffff88801efc0948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1212.714328][   T31]  #1: ffffc9000b68fbc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1212.767025][   T31] 8 locks held by kworker/u8:46/8709:
[ 1212.773921][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1212.874057][   T31]  #1: ffffc90003a37bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1212.932504][   T31]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1212.966053][   T31]  #3: ffff888020f400e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0
[ 1213.003187][   T31]  #4: ffff888020f41250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0
[ 1213.034477][   T31]  #5: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xdb/0x670
[ 1213.044213][   T31]  #6: ffff88805861cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2320
[ 1213.120847][   T31]  #7: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1213.162576][   T31] 1 lock held by syz-executor/9339:
[ 1213.168255][   T31]  #0: ffff888043ee40e0 (&type->s_umount_key#55){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[ 1213.205395][   T31] 3 locks held by kworker/1:7/9699:
[ 1213.211166][   T31] 3 locks held by kworker/u8:0/17633:
[ 1213.248094][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1213.280247][   T31]  #1: ffffc9000215fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1213.293521][   T31]  #2: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[ 1213.304415][   T31] 3 locks held by kworker/u8:1/17651:
[ 1213.309951][   T31]  #0: ffff88814c9bf148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1213.323754][   T31]  #1: ffffc9000c59fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1213.338705][   T31]  #2: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[ 1213.349698][   T31] 3 locks held by syz-executor/19011:
[ 1213.356226][   T31]  #0: ffff88802869cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1213.367122][   T31]  #1: ffff88802869c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1213.378681][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1213.390907][   T31] 3 locks held by syz-executor/19055:
[ 1213.396807][   T31]  #0: ffff88805bc68dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1213.408737][   T31]  #1: ffff88805bc680b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1213.421045][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1213.432552][   T31] 3 locks held by syz-executor/19060:
[ 1213.437982][   T31]  #0: ffff88805fd34dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1213.449126][   T31]  #1: ffff88805fd340b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1213.462616][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1213.474148][   T31] 5 locks held by syz.8.4164/19081:
[ 1213.479721][   T31]  #0: ffff888055e28dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[ 1213.491217][   T31]  #1: ffff888055e280b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[ 1213.516225][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[ 1213.528034][   T31]  #3: ffff8880284be338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[ 1213.539000][   T31]  #4: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1213.550759][   T31] 
[ 1213.571452][   T31] =============================================
[ 1213.571452][   T31] 
[ 1213.595775][   T31] NMI backtrace for cpu 1
[ 1213.595799][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1213.595821][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1213.595833][   T31] Call Trace:
[ 1213.595841][   T31]  <TASK>
[ 1213.595850][   T31]  dump_stack_lvl+0x189/0x250
[ 1213.595877][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1213.595906][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1213.595927][   T31]  ? __pfx__printk+0x10/0x10
[ 1213.595963][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1213.595993][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1213.596017][   T31]  ? _printk+0xcf/0x120
[ 1213.596043][   T31]  ? __pfx__printk+0x10/0x10
[ 1213.596068][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1213.596099][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1213.596131][   T31]  watchdog+0xfee/0x1030
[ 1213.596162][   T31]  ? watchdog+0x1de/0x1030
[ 1213.596195][   T31]  kthread+0x70e/0x8a0
[ 1213.596226][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1213.596253][   T31]  ? __pfx_kthread+0x10/0x10
[ 1213.596282][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1213.596300][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1213.596317][   T31]  ? __pfx_kthread+0x10/0x10
[ 1213.596341][   T31]  ret_from_fork+0x3fc/0x770
[ 1213.596361][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1213.596388][   T31]  ? __switch_to_asm+0x39/0x70
[ 1213.596410][   T31]  ? __switch_to_asm+0x33/0x70
[ 1213.596429][   T31]  ? __pfx_kthread+0x10/0x10
[ 1213.596455][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1213.596493][   T31]  </TASK>
[ 1213.596501][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1213.762146][    C0] NMI backtrace for cpu 0
[ 1213.762166][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1213.762185][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1213.762195][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1213.762219][    C0] Code: 53 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 ad 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1213.762233][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[ 1213.762250][    C0] RAX: 06bb2055107f2800 RBX: ffffffff81976918 RCX: 06bb2055107f2800
[ 1213.762263][    C0] RDX: 0000000000000001 RSI: ffffffff8d982fba RDI: ffffffff8be1ba40
[ 1213.762274][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[ 1213.762286][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa0b3f0
[ 1213.762316][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[ 1213.762327][    C0] FS:  0000000000000000(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[ 1213.762349][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1213.762360][    C0] CR2: 00005598432dd8e8 CR3: 0000000034cb6000 CR4: 00000000003526f0
[ 1213.762377][    C0] Call Trace:
[ 1213.762386][    C0]  <TASK>
[ 1213.762393][    C0]  default_idle+0x13/0x20
[ 1213.762413][    C0]  default_idle_call+0x74/0xb0
[ 1213.762433][    C0]  do_idle+0x1e8/0x510
[ 1213.762453][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1213.762478][    C0]  cpu_startup_entry+0x44/0x60
[ 1213.762504][    C0]  rest_init+0x2de/0x300
[ 1213.762523][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1213.762548][    C0]  start_kernel+0x47d/0x500
[ 1213.762569][    C0]  x86_64_start_reservations+0x24/0x30
[ 1213.762590][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1213.762611][    C0]  common_startup_64+0x13e/0x147
[ 1213.762638][    C0]  </TASK>
[ 1213.767114][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1213.965269][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1213.975473][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1213.986269][   T31] Call Trace:
[ 1213.989661][   T31]  <TASK>
[ 1213.992701][   T31]  dump_stack_lvl+0x99/0x250
[ 1213.998059][   T31]  ? __asan_memcpy+0x40/0x70
[ 1214.003026][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1214.008367][   T31]  ? __pfx__printk+0x10/0x10
[ 1214.013432][   T31]  panic+0x2db/0x790
[ 1214.017700][   T31]  ? __pfx_panic+0x10/0x10
[ 1214.022417][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1214.028352][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1214.034102][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1214.040400][   T31]  watchdog+0x102d/0x1030
[ 1214.045051][   T31]  ? watchdog+0x1de/0x1030
[ 1214.049668][   T31]  kthread+0x70e/0x8a0
[ 1214.053887][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1214.058940][   T31]  ? __pfx_kthread+0x10/0x10
[ 1214.063569][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1214.069033][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1214.074459][   T31]  ? __pfx_kthread+0x10/0x10
[ 1214.079281][   T31]  ret_from_fork+0x3fc/0x770
[ 1214.083983][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1214.089727][   T31]  ? __switch_to_asm+0x39/0x70
[ 1214.094700][   T31]  ? __switch_to_asm+0x33/0x70
[ 1214.099770][   T31]  ? __pfx_kthread+0x10/0x10
[ 1214.104535][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1214.109366][   T31]  </TASK>
[ 1214.112919][   T31] Kernel Offset: disabled
[ 1214.117459][   T31] Rebooting in 86400 seconds..