last executing test programs:

2m21.409213508s ago: executing program 1 (id=1811):
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000024917720042322023f77010203010902120001000010000904"], 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x6f, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5d, 0x1, 0x1, 0x7e, 0xd0, 0x6, "", [{{0x9, 0x4, 0x0, 0xf1, 0x2, 0x2, 0x6, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x0, "272566fe622a"}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x7fff, 0x6, 0x91, 0x4}, [@acm={0x4, 0x24, 0x2, 0x2}, @country_functional={0xc, 0x24, 0x7, 0x7, 0xfffa, [0x1, 0x0, 0x5]}, @call_mgmt={0x5}, @network_terminal={0x7, 0x24, 0xa, 0x1, 0x0, 0x4, 0x3}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x18, 0xe, 0x6, 0x80}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x5, 0x9, 0x3}}}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x7f, 0xf, 0x1, 0x20, 0xba}, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0xf8ff}}]})
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0xfffffff7, '\x00', 0x0, r1, 0x0, 0x3, 0x5}, 0x50)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x20000000)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x4, &(0x7f0000000180)={0x17, "c955feb77e1d79a896356be7d707c8e7c7b00310dd308e527ef49847e457ebe789"}})

2m20.885997769s ago: executing program 1 (id=1818):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x340, 0xffffffff, 0xd0, 0x1a0, 0x0, 0xfeffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [0x0, 0x0, 0xff000000], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0xbc529153b073ce1e, 0x0, 0x1}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@private0={0xfc, 0x0, '\x00', 0x40}, @empty, [0x0, 0xffffff00], [0x0, 0xff], 'sit0\x00', 'vxcan1\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)
bind$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0x7, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x873, 0x2}, 0xe)
connect$packet(r0, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0xa, 0x6, @remote}, 0x14)

2m20.760666182s ago: executing program 1 (id=1821):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000000)={{0xa, 0x4e24, 0x100, @local, 0x4}, {0xa, 0x4e23, 0x7, @empty, 0xd473}, 0x0, {[0x4, 0x7, 0x3, 0x8001, 0xe10, 0xe, 0x3]}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x8fc2, @local}, {0xa, 0x0, 0x0, @empty}, 0x0, {[0x0, 0x0, 0x40000, 0x0, 0x0, 0xe3]}}, 0x5c)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x1407, 0x20, 0x70bd25, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0xa}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x4}]}, 0x34}}, 0x60000844)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)={0x80, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x44, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x4000, 0x1, 0x7, 0x0, {0x3, 0x5, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, 0x8, 0x3, 0x86}}, @void, @void, @void}}], @NL80211_ATTR_SMPS_MODE={0x5}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x1}]}, 0x80}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x9, 0x1, 0xd8}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)

2m20.690165434s ago: executing program 1 (id=1823):
r0 = socket$kcm(0x1e, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="2f0000002820000004000000", @ANYRES32=0x0, @ANYBLOB="9d45d77063ca46109c182798214e9f1bc116f0208858a1e6585255429b58e41b2e7fa93f6baaff3fee26cb7f4ca28fe13efb4c08877c9f6aeb642b0e418372c6c8", @ANYRES64=0x0], 0x20)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/59, 0x3b}], 0x1, 0x0, 0xc00}, 0x80)
r2 = socket$kcm(0x1e, 0x4, 0x0)
close(r0)
r3 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0xfdef)

2m20.563283222s ago: executing program 1 (id=1827):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af83, &(0x7f0000000400)={0x1d})
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

2m20.561823151s ago: executing program 1 (id=1829):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x38, r5, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000)

2m4.737968977s ago: executing program 32 (id=1829):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r6=>0x0})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x38, r5, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x8000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000)

57.498722028s ago: executing program 4 (id=2510):
r0 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4)
ioprio_set$uid(0x3, 0x0, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
read(r1, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000100)=@caif=@dgm={0x25, 0x7}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000680)='r/', 0x2}], 0x1, 0x0, 0x0, 0x30000}, 0x48810)

57.49795907s ago: executing program 4 (id=2511):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca02})
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x1, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
preadv(r0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/2, 0x2}], 0x1, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000002e00090027bdaf00000000000400000004001d000800170002"], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x4000000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca02}) (async)
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) (async)
timer_settime(0x0, 0x1, &(0x7f000006b000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) (async)
preadv(r0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/2, 0x2}], 0x1, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000002e00090027bdaf00000000000400000004001d000800170002"], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x4000000) (async)

57.219091469s ago: executing program 4 (id=2514):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f001000000010104200000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002800c00028005000100000000001400018008000100e000000108000200ac1e00010800074000000000080008400000000280000d8014000380060001004e240000060002004e2400001400050000000000000000000000000000000001080002"], 0x1f0}}, 0x0)
r0 = msgget$private(0x0, 0x550)
msgctl$IPC_STAT(r0, 0x2, &(0x7f00000006c0)=""/4096)
msgget$private(0x0, 0x434)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)

57.125000075s ago: executing program 4 (id=2515):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="a3b400000000000000611198000000000004000000d01f1a70ce00000095000000004eb70000000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd0c, 0x10, &(0x7f0000000000), 0x76}, 0x48)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="34010000d2f29fe410b3fc080385fa4be66223bdcdf653f71124b2d0ecd218aced7a7affb6c8a5daa0e87dcbe87167cc2dab8d9c65843882ba47c7ff72f07339594475bc0872b31a7a70a0cbea565792829efc82b1b10b4736c79da62fb557918a634cd00f5af5b1d60c23de7fec2d2473915ffe7b81f0ea399aadb22dd8c46e51fe1ae5bf7b26eb126d5ea2f9afa5219d1d9c84cb341c15b89904c4859e37394d81a0a04f0a83d178259793e301d910f15d315b5a570b000740adf761117318f7f879489664ea9eea58e13b8eea199c474847dd82443d477c66e35088ac39361ef75fbf08dd84d1893c866812c229321bec3af386c785c3a4da7c775642a5cd62dec0b12fade4b164270fb21da9d33c84f7867879ee222d56dfbc28b0dcfbb9f945861dbcea2ca073b0ad0aed34c2b6ed8faa4e837122b88e529dc12860dd60ba6b", @ANYRES16=r1, @ANYBLOB="02002bbd7000fddbdf252e0000000c00990032000000140000001000b0001000000008000f00050002000400cc0010009d0048fa0000d30d8000e1fb00f010009d000800000024c109000600040008004200020000000a004f00bf6828a9ef040000ca002a0004062404000002002698050109543fc017db708e991a4c5440872c69627a1fc9164a18afd956b63da21a22a44fb1e26738387d1935edaa7efeb3dc1e00ef2b0e0ab52e21cedfe5d02c69cb4f64956d63b10c389517a05fcae5eb909d46eddd7aa99fecfa18342e73a2326a081ecd7235442c573c88f2769dbfed521d15fe509b0a9521e47d6383af94bf6d5e94c874a61902f3a8381cb487115aa80509efbe90d7c93e0103710700ff01010003288c10950cd488d43c738f81d01187b450c1933c040006b80b0000"], 0x134}, 0x1, 0x0, 0x0, 0x1}, 0x4)
socket$l2tp(0x2, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
openat$vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x208080, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
openat$cgroup_pressure(r3, &(0x7f0000001a40)='cpu.pressure\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
socket(0x11, 0xa, 0x0)
socket$unix(0x1, 0x2, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000500)={0x3, &(0x7f0000000400)=[{0x8000, 0x8, 0xa, 0x869}, {0x0, 0xfa, 0xb5, 0xffffffff}, {0x1, 0x9, 0x80, 0x3}]})
r4 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48640)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000540)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000080003000d1c78c570cc94e39920a868e3ba4c13b52297f810756882d513fbe412b455de7cfa4c721943ff9a54a00fc0cdbc2bedd461da61ca1c626de057fc8f5b509f637002c55f7772ecfa0a7f96d2dfb087cc79fb35d304dd5ac88f4371f6110e91", @ANYRES32=r6, @ANYBLOB="140004006e6963766630000000000000000000000800050008000000"], 0x38}}, 0x0)

57.122596609s ago: executing program 4 (id=2517):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000bc0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x80}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000043}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newtaction={0xe0, 0x30, 0x1, 0x0, 0x0, {}, [{0xcc, 0x1, [@m_ct={0xc8, 0x4, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x17, 0x20000000, 0x0, 0xfffffffc}}]}, {0x85, 0x6, "dd65ebb1b01a02b203ff0061c4f0470ecf1184d2b026a1648e2ab27bc6372580ff5c301bc2175ac5f7da283b24a2df576b10fb19c297e55a668a9ff1eca922bc809c910f8ec1ef1ba4189456e6fb45b0d6c6c43fa9e2552a7f8903721b266a902ea8affd5ed4b6d205b9589edee940ada5467a64e0526aba4026a6fc8f2ff64707"}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4004811}, 0x20000000)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x200200, 0x10, 0x18}, 0x18)
fchmodat(r3, &(0x7f00000000c0)='./file0\x00', 0x10)

57.055091708s ago: executing program 4 (id=2519):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000080a01010000000000000000010000000900010073797a3000000000090002"], 0xc8}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0) (async)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x800) (async)
r4 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x800)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f00000000c0)={<r5=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r4, 0xc01864c1, &(0x7f0000000180)={r5})
close_range(r3, r4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0) (async)
close_range(r3, 0xffffffffffffffff, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
file_getattr(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x18, 0x1000)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_client}]}}) (async)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_client}]}})
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) (async)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000780)={{{@in6=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@private1}}, &(0x7f0000000880)=0xe8)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000008c0)={0x3, 0xb7c, {0xffffffffffffffff}, {<r8=>0xee00}, 0x879, 0xfffffffffffffff8})
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x1, &(0x7f0000000900)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x81}}, {@ignoreqv}, {@access_user}], [{@permit_directio}, {@uid_lt={'uid<', r7}}, {@flag='async'}, {@subj_user={'subj_user', 0x3d, '(#\x13:[\']\x12\\%:'}}, {@seclabel}, {@permit_directio}, {@pcr={'pcr', 0x3d, 0x30}}, {@uid_eq={'uid', 0x3d, r8}}]}})
syz_emit_ethernet(0xb8, &(0x7f00000000c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0xf, 0x6, "75bb91", 0x82, 0x11, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, {[@fragment={0x3b, 0x0, 0xdf, 0x0, 0x0, 0x7, 0x67}, @dstopts={0x29}, @fragment={0x3c, 0x0, 0x10, 0x1, 0x0, 0x1c, 0x67}, @fragment={0x0, 0x0, 0x7c, 0x1, 0x0, 0x16, 0x66}, @fragment={0x2f, 0x0, 0xf4, 0x0, 0x0, 0x5, 0x66}, @dstopts={0x87, 0x1, '\x00', [@pad1, @ra={0x5, 0x2, 0x3}, @pad1]}, @hopopts={0x2f, 0x1, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x1, [0x0]}]}], {0x4e20, 0x4e20, 0x32, 0x0, @gue={{0x1, 0x0, 0x2, 0xc, 0x100, @void}, "541b0e6626e0f99c1a09f064e5272f17f588d55ec938def035f989d3f09df8df5bcac8c0db27"}}}}}}}, 0x0) (async)
syz_emit_ethernet(0xb8, &(0x7f00000000c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0xf, 0x6, "75bb91", 0x82, 0x11, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, {[@fragment={0x3b, 0x0, 0xdf, 0x0, 0x0, 0x7, 0x67}, @dstopts={0x29}, @fragment={0x3c, 0x0, 0x10, 0x1, 0x0, 0x1c, 0x67}, @fragment={0x0, 0x0, 0x7c, 0x1, 0x0, 0x16, 0x66}, @fragment={0x2f, 0x0, 0xf4, 0x0, 0x0, 0x5, 0x66}, @dstopts={0x87, 0x1, '\x00', [@pad1, @ra={0x5, 0x2, 0x3}, @pad1]}, @hopopts={0x2f, 0x1, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x1, [0x0]}]}], {0x4e20, 0x4e20, 0x32, 0x0, @gue={{0x1, 0x0, 0x2, 0xc, 0x100, @void}, "541b0e6626e0f99c1a09f064e5272f17f588d55ec938def035f989d3f09df8df5bcac8c0db27"}}}}}}}, 0x0)

41.864999306s ago: executing program 33 (id=2519):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000080a01010000000000000000010000000900010073797a3000000000090002"], 0xc8}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0) (async)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x800) (async)
r4 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x800)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f00000000c0)={<r5=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r4, 0xc01864c1, &(0x7f0000000180)={r5})
close_range(r3, r4, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0) (async)
close_range(r3, 0xffffffffffffffff, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
file_getattr(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x18, 0x1000)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_client}]}}) (async)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_client}]}})
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) (async)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000780)={{{@in6=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@private1}}, &(0x7f0000000880)=0xe8)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000008c0)={0x3, 0xb7c, {0xffffffffffffffff}, {<r8=>0xee00}, 0x879, 0xfffffffffffffff8})
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x1, &(0x7f0000000900)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@directio}, {@msize={'msize', 0x3d, 0x81}}, {@ignoreqv}, {@access_user}], [{@permit_directio}, {@uid_lt={'uid<', r7}}, {@flag='async'}, {@subj_user={'subj_user', 0x3d, '(#\x13:[\']\x12\\%:'}}, {@seclabel}, {@permit_directio}, {@pcr={'pcr', 0x3d, 0x30}}, {@uid_eq={'uid', 0x3d, r8}}]}})
syz_emit_ethernet(0xb8, &(0x7f00000000c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0xf, 0x6, "75bb91", 0x82, 0x11, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, {[@fragment={0x3b, 0x0, 0xdf, 0x0, 0x0, 0x7, 0x67}, @dstopts={0x29}, @fragment={0x3c, 0x0, 0x10, 0x1, 0x0, 0x1c, 0x67}, @fragment={0x0, 0x0, 0x7c, 0x1, 0x0, 0x16, 0x66}, @fragment={0x2f, 0x0, 0xf4, 0x0, 0x0, 0x5, 0x66}, @dstopts={0x87, 0x1, '\x00', [@pad1, @ra={0x5, 0x2, 0x3}, @pad1]}, @hopopts={0x2f, 0x1, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x1, [0x0]}]}], {0x4e20, 0x4e20, 0x32, 0x0, @gue={{0x1, 0x0, 0x2, 0xc, 0x100, @void}, "541b0e6626e0f99c1a09f064e5272f17f588d55ec938def035f989d3f09df8df5bcac8c0db27"}}}}}}}, 0x0) (async)
syz_emit_ethernet(0xb8, &(0x7f00000000c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @udp={0xf, 0x6, "75bb91", 0x82, 0x11, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, {[@fragment={0x3b, 0x0, 0xdf, 0x0, 0x0, 0x7, 0x67}, @dstopts={0x29}, @fragment={0x3c, 0x0, 0x10, 0x1, 0x0, 0x1c, 0x67}, @fragment={0x0, 0x0, 0x7c, 0x1, 0x0, 0x16, 0x66}, @fragment={0x2f, 0x0, 0xf4, 0x0, 0x0, 0x5, 0x66}, @dstopts={0x87, 0x1, '\x00', [@pad1, @ra={0x5, 0x2, 0x3}, @pad1]}, @hopopts={0x2f, 0x1, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x1, [0x0]}]}], {0x4e20, 0x4e20, 0x32, 0x0, @gue={{0x1, 0x0, 0x2, 0xc, 0x100, @void}, "541b0e6626e0f99c1a09f064e5272f17f588d55ec938def035f989d3f09df8df5bcac8c0db27"}}}}}}}, 0x0)

38.128649615s ago: executing program 5 (id=2746):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
shutdown(r0, 0x0)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x13, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRES16=0x0, @ANYRES64=0x0], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, r1}, 0x94)

38.060394881s ago: executing program 5 (id=2747):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x230b00, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="34f4ff00", @ANYRES16=r2, @ANYBLOB="030304000000fddbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x880}, 0x4000080)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' @\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fbdbdf2501000000000000000b0000000014001462726f6164636173742d6c696e6b0000"], 0x30}, 0x1, 0x0, 0x0, 0x40004}, 0x40000)
ioctl$KVM_GET_PIT2(r3, 0xae64, 0x0)
fanotify_init(0x1a, 0x800)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8)
pselect6(0x40, &(0x7f0000000100)={0x2, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x7fff}, &(0x7f0000000540)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_UNMAP(r6, 0x3b86, &(0x7f0000000100)={0x18, r7, 0x1, 0x1})
r8 = syz_open_dev$sg(&(0x7f0000005980), 0x0, 0x80201)
write(r8, &(0x7f0000000540)="19888f3d240000005043b5c7ed4a46be89d283b02d1fee60faffffffffffffffffc0fac97ffcedaa797e1bff1ff0a69d", 0x30)

38.059747869s ago: executing program 5 (id=2748):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2}, 0x94)
r0 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x7)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000580)={'ip_vti0\x00', &(0x7f00000004c0)={'sit0\x00', <r1=>0x0, 0x10, 0x1, 0x0, 0x200, {{0x1b, 0x4, 0x0, 0x3, 0x6c, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @remote, {[@generic={0x7, 0x7, "06af4ded3f"}, @rr={0x7, 0x1b, 0x72, [@dev={0xac, 0x14, 0x14, 0x42}, @private=0xa010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x23}, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @generic={0x88, 0x6, "6a234ec6"}, @generic={0x89, 0x3, "cf"}, @ssrr={0x89, 0x17, 0x95, [@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101]}, @noop, @noop, @ra={0x94, 0x4, 0x3cfe}, @timestamp_prespec={0x44, 0xc, 0x56, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x62}]}, @noop]}}}}})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000005c0)={@local, 0x77, r1})
fcntl$addseals(r0, 0x409, 0x8)
fallocate(r0, 0x3, 0x9100, 0x3)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @ldst={0x3, 0x0, 0x6}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x17, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x22)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="8c00000010001fff28bd70000000800000000000", @ANYRES32=0x0, @ANYBLOB="efb00000800000006c0012800b00010062726964676500005c00028008000500010000000c002e"], 0x8c}, 0x1, 0x0, 0x0, 0x4000084}, 0x14)

37.979844186s ago: executing program 5 (id=2749):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4605fc0040ff7f00000000000002003e00edfffbff94020000000000004000000000d9279749d4c5348ec0c0e1556a4e000000380001"], 0x78)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x44, r1, 0x200, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_PBSS={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x324}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}], @NL80211_ATTR_HE_OBSS_PD={0x1c, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP={0xc, 0x5, "e5d90a73171c947d"}, @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x46}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000010}, 0x8000)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCGSW(r2, 0x80404531, 0x0)
mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

37.978097696s ago: executing program 5 (id=2750):
unshare(0x6a040000) (async)
r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r1, 0x604ae000)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002f004b432352ecb83c7cec4c01"], 0x114}], 0x1, 0x0, 0x0, 0x20008801}, 0x8040)
madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x19) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x20000)
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>r3, {0xffff}}, './file0\x00'})
ioctl$MON_IOCQ_RING_SIZE(r4, 0x9205) (async, rerun: 64)
socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

37.018938188s ago: executing program 5 (id=2767):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getpeername$inet(r0, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r2)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x2c, r4, 0x40d, 0x70bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008085}, 0x800)
sendto$inet(r1, 0x0, 0x0, 0x8000, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f00000001c0)="4aea92b3a36d6f66793b8e68705ab0c0ab30856f633c1729ee883033d7359372500f3e80248ec0fd683405795658ea28f51fb91e31c830708a7315b192da07681552b4cc3409240ca39b8ed49f34c8f5a3d271f3bf40a03eae56b8c4a7bc1e995950a0443f2c3436b1204ce12c72e8594a0fb13a06b9596fa36ac20da7bd7a5e4cd1a4d068380757f832a56afabf41fc7486b877df8d2dd98b3313fc42706b15260da7fdd2ea5e60b5663207a06c54f9a9ac96d23a83dc1e1de561e96f7e630588eba06caac01331249c486b41c2770bd6814a27c9285f329e432635891b8ce435ba37863424089b2e53682c13", 0xed, 0x4004085, 0x0, 0x0)
setsockopt$inet_int(r1, 0x0, 0xb, 0x0, 0x0)

36.940525336s ago: executing program 34 (id=2767):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getpeername$inet(r0, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r2)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x2c, r4, 0x40d, 0x70bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008085}, 0x800)
sendto$inet(r1, 0x0, 0x0, 0x8000, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f00000001c0)="4aea92b3a36d6f66793b8e68705ab0c0ab30856f633c1729ee883033d7359372500f3e80248ec0fd683405795658ea28f51fb91e31c830708a7315b192da07681552b4cc3409240ca39b8ed49f34c8f5a3d271f3bf40a03eae56b8c4a7bc1e995950a0443f2c3436b1204ce12c72e8594a0fb13a06b9596fa36ac20da7bd7a5e4cd1a4d068380757f832a56afabf41fc7486b877df8d2dd98b3313fc42706b15260da7fdd2ea5e60b5663207a06c54f9a9ac96d23a83dc1e1de561e96f7e630588eba06caac01331249c486b41c2770bd6814a27c9285f329e432635891b8ce435ba37863424089b2e53682c13", 0xed, 0x4004085, 0x0, 0x0)
setsockopt$inet_int(r1, 0x0, 0xb, 0x0, 0x0)

16.42017723s ago: executing program 0 (id=3046):
socket$inet6_udp(0xa, 0x2, 0x0) (async)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
fsopen(&(0x7f0000001340)='cgroup2\x00', 0x1) (async)
r0 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x1)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32], 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMODE(r2, 0x4b44, 0x0) (async)
ioctl$KDGKBMODE(r2, 0x4b44, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x0)
ioctl$I2C_RDWR(r3, 0x707, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) (async)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="0413a62d6167375754376fa24d607138d1fc4b924b3c0dd33e0a8244d1faf92995d5a52f21df118e56844d1172d3ccf85c6520dfca1f7442bece7acec9a3313640e8f5b610b1b3d7509c62ba6fca835884daf7799834ba5f021c93ac3571e2fe147e94cdb14e58f586d3ea67ce2e1c32a7f14b3c4deb636a99730f8762cc103eb546a8aecaf91f9bacb8f363548f4e969fffed0977"], 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x21}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x21}, 0x94)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x801a01, 0x0)
r5 = open$dir(&(0x7f0000000000)='./file0\x00', 0x802, 0x4)
execveat(r5, &(0x7f0000000700)='./file0\x00', &(0x7f00000008c0)={[0xfffffffffffffffe]}, 0x0, 0x800)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246)
writev(r4, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCSACTIVE(r4, 0x40047459, &(0x7f0000000080)={0x0, 0x0}) (async)
ioctl$PPPIOCSACTIVE(r4, 0x40047459, &(0x7f0000000080)={0x0, 0x0})

16.359189422s ago: executing program 0 (id=3047):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async, rerun: 32)
r1 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
getsockopt(r2, 0x111, 0x1, 0x0, &(0x7f0000000080))
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x110a08, &(0x7f0000000040)=ANY=[@ANYBLOB='max=0000000000000000000,\x00'])

16.357640067s ago: executing program 0 (id=3048):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000003c0)={'wg2\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0900000004000000040000000900000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400"/25], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20)
utimensat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={{0x0, 0x3ffffffe}, {0x0, 0x3ffffffe}}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="b1", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100", @ANYRES32=r2, @ANYBLOB="4c00088048000080200004000a004e2100000000000000000000000000000000000000010000000024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c"], 0x68}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

16.278369982s ago: executing program 0 (id=3049):
setreuid(0xee01, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0xc6e4}}, './file0\x00'})
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, &(0x7f0000000000)={[{@noswap}]})
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2b00ad, &(0x7f0000000200)=ANY=[@ANYBLOB='noswap,z\x00=static(\x00'/31])
ioctl$FIOCLEX(r0, 0x5451)
setresuid(0x0, 0xee01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYRES8=0x0], &(0x7f0000000000)='syzkaller\x00', 0x41, 0xde, &(0x7f0000000340)=""/222, 0x41100, 0x1}, 0xff2f)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
keyctl$describe(0x6, 0x0, 0x0, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x200001, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, "f4ffffff"}, 0x20000000, 0x1, {0x0}})
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x353, 0x6, 0x88c, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x3, 0xe}, 0x50)
r3 = io_uring_setup(0x6f9, &(0x7f0000000480)={0x0, 0x3cb1, 0x1c080, 0x9, 0x20002f7, 0x0, r2})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'wlan1\x00', 0x0})
getsockname$tipc(r0, &(0x7f0000000240)=@id, &(0x7f0000000440)=0x10)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x18, &(0x7f0000001840)=ANY=[@ANYBLOB="180000009a010000000000000500000018110000d5903d0fe25ee49d69c127a073c160a2e47ba3c3e5dd5f4ef66aede2387e24f6a5867909d956a80475a81b48eb04a23fd18dec90db36f40eebdcd557a2323c2f6312963b330c7b2b762675577d309b6e97d5c60c2e7909bd1126fd0d8067883f546b874a3def588f8141dd1f7b18446fcef0f36c55ee16878fe632cb3ac4fab8b89cbc7caabe65831a1bedf5ee7f49416e9c2601b720b77b977da661a230b65c1782240b463b9e4aa74f783504234fd4da8e69fc24dcbfe03362320b4b1ab91d5cfa7b694fe192785f68592068", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0x8, 0x472, 0x5}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x1, 0xffffffffffffffff], &(0x7f0000001700)=[{0x4, 0x3, 0x5, 0x3}], 0x10, 0xb}, 0xe4)

16.277979103s ago: executing program 0 (id=3050):
r0 = socket$inet_sctp(0x2, 0x0, 0x84)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r1)
eventfd2(0x0, 0x80000)
madvise(&(0x7f0000122000/0x4000)=nil, 0x4000, 0x66)
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000600))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000000)={0x60, 0x0, &(0x7f000007c000/0x4000)=nil, &(0x7f0000839000/0x1000)=nil, 0x0, 0x0, 0x0, 0x9, 0x40, 0x0, 0x51, 0xa})
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
read$FUSE(r1, &(0x7f0000002580)={0x2020}, 0x2020)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FE_SET_VOLTAGE(r1, 0x6f43, &(0x7f0000000280))
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01005cc6fcaec8e24001e36bf0987000005800018044000400200001000a000000000000000000000000000000000000000000000100000000200002000a00000000000001fe8000000000000000000000000000bb000000000d0001007564703a73797a30000000003091917b2758aa12e59ad43820a708f4b4bad69202635ecd3da1b440e1a1aed313658c866c3eecf610b7b876a928d448f4c10e73c74dae2640e663f09f36713109898bdb6681a274b02fb205700d266f4b7061a34ff311749248fb92a525def8dc86cf7e7595e4dbee411a"], 0x6c}}, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
close(0x3)
r6 = socket$inet6(0x10, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xffeffffc}, {0x16}]}, 0x10)
sendto$inet6(r6, &(0x7f00000002c0)="100000001200050f0c1000000049b23e", 0x10, 0x0, 0x0, 0x0)
ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000200)={0x22, 0x1, &(0x7f0000000180)="cb9998ebc55f69f200c1835c04a0f8cbba32c045326f9c7c8cbc543ad3482380028b2fb6e9608a444bbca5c2158944051cf6e615bbd0da2bf80a37ec3305137948f354858c8fe507246aaec8c65e85c11c8d6f4551acdce03f8978cdca512fedf608e6dd1dbdbde104866208fb3fd360b33edb44f3de66b5f2f1d14a06ce1451", {0x0, 0x8, 0xb5315241, 0x5, 0x79fd, 0x9, 0x1, 0x9}})

15.820359047s ago: executing program 0 (id=3056):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000000cf00)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x1000000, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x1003}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x48}}, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x54, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}, @IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x8, 0x5, 0x0, 0x1, [@IFLA_BRPORT_FLUSH={0x4}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040)
r5 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000040)={0x1, 0x0, [{0x4, 0x2, 0x0, 0x0, @irqchip={0x1, 0x7}}]})
ioctl$KVM_CAP_X2APIC_API(r6, 0x4068aea3, &(0x7f00000001c0)={0x81, 0x0, 0x3})
r7 = eventfd2(0x8, 0x1)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r7, 0x4})
write$eventfd(r7, &(0x7f0000000080)=0x430f, 0x8)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
syz_emit_ethernet(0x14, &(0x7f0000000280)={@local, @remote, @val={@void}, {@generic={0x88a2, 'f\n'}}}, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
dup2(r0, r3)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r8, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @random="0000ea0700", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x2d, 0x34, 0x0, 0x0, 0xa3, 0x6, 0x0, @remote, @local, {[@rr={0x7, 0xb, 0x9, [@multicast2, @local]}]}}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x4000}}}}}}, 0x0)

15.724496105s ago: executing program 35 (id=3056):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000000cf00)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x1000000, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x1003}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x48}}, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x54, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}, @IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x8, 0x5, 0x0, 0x1, [@IFLA_BRPORT_FLUSH={0x4}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040)
r5 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000040)={0x1, 0x0, [{0x4, 0x2, 0x0, 0x0, @irqchip={0x1, 0x7}}]})
ioctl$KVM_CAP_X2APIC_API(r6, 0x4068aea3, &(0x7f00000001c0)={0x81, 0x0, 0x3})
r7 = eventfd2(0x8, 0x1)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r7, 0x4})
write$eventfd(r7, &(0x7f0000000080)=0x430f, 0x8)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
syz_emit_ethernet(0x14, &(0x7f0000000280)={@local, @remote, @val={@void}, {@generic={0x88a2, 'f\n'}}}, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
dup2(r0, r3)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r8, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @random="0000ea0700", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x2d, 0x34, 0x0, 0x0, 0xa3, 0x6, 0x0, @remote, @local, {[@rr={0x7, 0xb, 0x9, [@multicast2, @local]}]}}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x4000}}}}}}, 0x0)

3.288483809s ago: executing program 3 (id=3232):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
writev(r2, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r3, 0xfffffffc)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$LINK_DETACH(0x22, &(0x7f0000000100), 0x4)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x50, 0x10, 0x439, 0x70bd23, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, 0xb881}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x8, 0x8, 0xfbffffff}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00'}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x24008007}, 0x4040844)
sendto$packet(r0, &(0x7f0000000640)="e8b77052a9", 0x28, 0x40, &(0x7f0000000200)={0x11, 0x86dd, r6, 0x1, 0x0, 0x6, @local}, 0x14)

2.399325595s ago: executing program 3 (id=3251):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000200), 0x40240, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xf51)
r2 = openat$binfmt_register(0xffffff9c, &(0x7f0000000140), 0x1, 0x0)
writev(r2, &(0x7f0000001f00)=[{&(0x7f0000001ac0)="4df069d64970996b9472d4", 0xb}], 0x10000000000001bf)
readv(r1, &(0x7f0000000340)=[{&(0x7f0000000080)=""/107, 0x6b}], 0x1)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), r1)
ioctl$TCSBRKP(r0, 0x5425, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x13}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

2.19787922s ago: executing program 6 (id=3256):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{0xa, 0x4e1d, 0x8, @loopback, 0x4}, {0xa, 0x4e23, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}}, r1, 0x8001}}, 0x48)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000180)={0x7, 0x8, 0xfa00, {r1, 0x800}}, 0x10)
close(0x3)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x2c, 0x3, "9ac420002e61afb9fdd672bad09dfb78c7699c74e891a0c7fffffffffffffff50000000000000000"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xe, 0x1, 'IDLETIMER\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_socket_connect_nvme_tcp()
ioctl$XFS_IOC_EXCHANGE_RANGE(r5, 0x40285881, &(0x7f0000000000)={r3, 0x0, 0xc11c, 0x7, 0x7b, 0x4})
ioctl$vim2m_VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f0000000300)={0x1, @vbi={0x1c, 0x5, 0x96b, 0x64737664, [0x5, 0x5], [0x3, 0x4], 0x108}})
getsockopt$inet_tcp_buf(r2, 0x6, 0x1a, &(0x7f0000002300)=""/4096, &(0x7f0000000040)=0x1000)

2.090124709s ago: executing program 6 (id=3257):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000180)={0xc0, 0x0, 0x8000})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mmap(&(0x7f0000994000/0x9000)=nil, 0x9000, 0x1000003, 0x13, r3, 0x40000)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
sendto$inet6(r0, &(0x7f00000007c0)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006080a0000000d0085a168d0bf46d32345653600648d270015000a00000849935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000407160016000a0000000000e000e218d1dd3b6ed538f2523250", 0x78, 0x0, 0x0, 0x0)

1.950379532s ago: executing program 6 (id=3259):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) (async)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r2, &(0x7f00000000c0)=""/30, 0x1e) (async)
read$char_usb(r2, &(0x7f00000000c0)=""/30, 0x1e)
close_range(r1, 0xffffffffffffffff, 0x0)
write$uinput_user_dev(r0, &(0x7f0000001b40)={'syz0\x00', {0x1, 0x0, 0x0, 0x2}, 0x0, [0x39, 0x2, 0x4000401, 0x8, 0xe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xfffffffd, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x5, 0xfffffff6, 0x0, 0x8, 0x800000, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x1], [0x3, 0xfffff41a, 0x0, 0x0, 0x4, 0x20000, 0x2000000, 0xedc0, 0x0, 0x5ee, 0x5, 0x0, 0xe, 0x0, 0x0, 0xffffffff, 0x0, 0xa0000000, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, 0x0, 0xfffffff8, 0x2, 0x0, 0x2, 0x400, 0x0, 0x0, 0x8, 0x40000, 0x1d2c, 0xc0800000, 0x100, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0xfffffffe, 0xfffff986], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0, 0xfffffffd, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x200, 0x6, 0x6, 0x80000000, 0x2, 0x47fff, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffc, 0x4, 0xf88], [0xfffffffe, 0x0, 0x4, 0x0, 0xfffefffe, 0x0, 0xfffffffe, 0x4, 0xfffffffc, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x803, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x400, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10, 0x5, 0xfffffffe, 0x3, 0x0, 0x4, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xea, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0xffffffff, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) (async)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

1.520164027s ago: executing program 3 (id=3261):
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r5, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000240)='I', 0x1}], 0x1}}, {{&(0x7f0000000440)={0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000080)='@', 0x1}], 0x1}}], 0x2, 0x0)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000180)={'das16m1\x00', [0xa3fb, 0x5, 0x29, 0x4, 0xb4, 0xcc5, 0x8, 0x68d, 0x8, 0xe, 0x7ff, 0xffffffff, 0x1, 0x1, 0x8029, 0x80, 0x7, 0x1a449, 0x9, 0x40800003, 0x8b, 0xcaa9, 0x0, 0x20001e58, 0x4bd, 0xffc00004, 0x3c, 0x8, 0x100006, 0xf7fffff7, 0xfffffff8]})
ioctl$COMEDI_UNLOCK(r6, 0x6406)
shutdown(r5, 0x1)
r7 = dup(r5)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e23, 0xdb, @empty}}, 0xffb, 0x203, 0xffff18b6, 0x6, 0x330, 0x80000001, 0xdb}, 0x9c)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x20)
pause()
syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r8, &(0x7f00000034c0)={0x2020}, 0x2020)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="d80000001400810d4e81f782db44b9040a11080211000000040000a118000280fec9201114000e1208000f0100810401a80016ea1f000640c9201114c92011148ed08734843cb12b00000803600cfab9c14dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146bffa07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adb", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40804)

1.288356923s ago: executing program 6 (id=3262):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x88200, 0x0)
mkdirat(r0, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x29004cf, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970363030302e75"]) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) (async)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async)
chdir(&(0x7f0000000140)='./bus\x00') (async)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') (async)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0)

1.287283358s ago: executing program 6 (id=3264):
r0 = socket(0x2b, 0x80801, 0x1)
connect$l2tp6(r0, &(0x7f0000000080)={0xa, 0x0, 0x292, @ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x2}, 0x20)
r1 = syz_open_dev$cec(&(0x7f00000004c0), 0xffffffffffffffff, 0x10600)
ioctl$IOC_PR_PREEMPT(r1, 0x40046109, &(0x7f0000000040)={0xf0, 0x40000})
ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x894b, &(0x7f0000000280))

1.219980607s ago: executing program 6 (id=3266):
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4, 0x7, @private0, 0x7}, 0x1c)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
r0 = openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
r1 = syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000200)={0x84, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x200})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa07, &(0x7f0000000040)={{&(0x7f0000692000/0x1000)=nil, 0x1000}, 0x1})
ioctl$FS_IOC_GETVERSION(r3, 0x5b06, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc0884123, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
recvmsg(r1, &(0x7f00000008c0)={&(0x7f0000000300)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f0000000840)=[{0x0}], 0x1, &(0x7f0000000880)=""/28, 0x1c}, 0x40000100)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000090, &(0x7f00000001c0)={0xa, 0x2, 0x8000, @local, 0x9}, 0x1c)
socket(0x11, 0xa, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r5, &(0x7f0000000580)=[{&(0x7f0000000440)=""/27, 0x1b}], 0x1, 0x9, 0x3dfc)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

1.006022113s ago: executing program 2 (id=3269):
r0 = socket(0x5, 0x803, 0x8)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002100)=ANY=[@ANYBLOB="380000001000390400000000fcffffff00000000", @ANYRES32=r1, @ANYBLOB="01980000020800001800f75b46128008000100677265000c00026508000700ac1414292491f7294a769eb8e51bdc75358b4bc3"], 0x38}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x439, 0x2, 0x0, {0x0, 0x0, 0x0, r1, 0x1040, 0x44100}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gre={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @local}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x7ff}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x1}]}}}]}, 0x48}}, 0x4040000)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00')
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x4e23, @local}}, 0x0, 0x0, 0x9, 0x0, "31544551a3020bec73f6be24412f436e4d3418a860a169cc3ff4b3e48f6fb6f74fec864d26321876badfd78168e19ef0a84c5b636f7f949d16ee827b76c2300ce522910f91b8df326e29b5e44ac6e66e"}, 0xd8)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1000000000000000100100000e00000018000000000000001001000001"], 0x28}, 0x0)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000180)={0x2, 0x101, "fcbe77926ba13c2fd2c3c5176944283cd4231af4c97698c925ff81e0ef938e06", 0x6, 0x81, 0xfffffffe, 0x1, 0x4c})
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000007e40)=[{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f00000000c0)="4789d3aefc1a4d03345aed327be33c", 0xf}], 0x1, 0x0, 0x0, 0x20000000}], 0x1, 0x20040894)
r5 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20010840)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000002180)={0x2, 0x5, 0xffff1000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000020c0)=@gcm_128={{0x304}, "a9698337980da83c", "76e70e034eff41eb3e396f4a3cd738b8", "9c7bc7d4", "78eb96a51d782433"}, 0x28)

889.674812ms ago: executing program 2 (id=3270):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000600)=ANY=[@ANYBLOB="6112a0000000000061138c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006916200000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f3d2401000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ffa78b02af242f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b06e7f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d545741fbbbea3e47b1750f272980087b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000600)=ANY=[@ANYBLOB="6112a0000000000061138c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006916200000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f3d2401000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ffa78b02af242f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b06e7f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d545741fbbbea3e47b1750f272980087b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80001)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newsa={0x1a0, 0x10, 0x1, 0x70bd2d, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, {@in, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x8000000, 0x200}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x2, 0x1, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0x70bd25, 0x0, 0x0, 0x70bd28, 0xeaa}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x18}}]}, 0x1a0}}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
lseek(r2, 0x3, 0x0)
getdents64(r2, &(0x7f0000003440)=""/99, 0x63) (async)
getdents64(r2, &(0x7f0000003440)=""/99, 0x63)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@mangle={'mangle\x00', 0x1f, 0x6, 0x4a0, 0x288, 0xc0, 0x320, 0x320, 0x198, 0x408, 0x408, 0x408, 0x408, 0x408, 0x6, &(0x7f0000000040), {[{{@ip={@multicast1, @local, 0xff, 0xff, 'team_slave_1\x00', 'ip6gretap0\x00', {}, {0x43ac4f0ef3314103}, 0x21, 0x2, 0x2a}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x3, 0x5}}}, {{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x2b}, 0xff, 0xff, 'pim6reg\x00', 'virt_wifi0\x00', {}, {}, 0xfb, 0x2, 0x20}, 0x0, 0x98, 0xd8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0xf7, 0x9, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e20}}}, {{@ip={@broadcast, @private=0xa010101, 0x0, 0xffffff00, 'vcan0\x00', 'rose0\x00', {}, {}, 0x0, 0x2, 0x1}, 0x0, 0xc8, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@addrtype={{0x30}, {0x180, 0x102, 0x1, 0x1}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x0, 0x6, 0x1}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x11}}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x7}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x500)

760.073647ms ago: executing program 2 (id=3271):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
connect$bt_rfcomm(r4, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
unlink(&(0x7f0000000300)='.\x00')
copy_file_range(r1, 0x0, r2, &(0x7f0000000080)=0x3, 0x4, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="500000001000110f00"/20, @ANYRES32=0x0, @ANYBLOB="040100000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB=' \x00\x00\x00 \x00\x00\x00\b\x00\n\x00', @ANYRES32=r6], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
socket(0x2, 0x803, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) (async)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) (async)
connect$bt_rfcomm(r4, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0xa) (async)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) (async)
socket(0x1, 0x803, 0x0) (async)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async)
unlink(&(0x7f0000000300)='.\x00') (async)
copy_file_range(r1, 0x0, r2, &(0x7f0000000080)=0x3, 0x4, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="500000001000110f00"/20, @ANYRES32=0x0, @ANYBLOB="040100000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB=' \x00\x00\x00 \x00\x00\x00\b\x00\n\x00', @ANYRES32=r6], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)

678.734639ms ago: executing program 2 (id=3275):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000007000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000007000/0x2000)=nil})
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x101040, 0x84)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=r2, @ANYBLOB="a1f9fd7041e6266ef80b0ed19f2c67726f75705f69643d", @ANYRESDEC=r3]) (async)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=r2, @ANYBLOB="a1f9fd7041e6266ef80b0ed19f2c67726f75705f69643d", @ANYRESDEC=r3])
read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020) (async)
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) (async)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_fuse_handle_req(r3, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r3, &(0x7f0000006380)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ccc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6b3f0000f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784753f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a748cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d9f95e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x78, 0x0, 0x80000, {0x8, 0x0, 0x0, {0x5, 0x0, 0x0, 0x275, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1ffff9, 0xa000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) (async)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000640)=ANY=[@ANYBLOB="562976bc071f5904000000008000420000000003000000059cdf16cbbd2a0eeb55f0e8c01610cb5972b23a1707cbbae7445acc65d60cdec1f3503e933c0300000000000000b0d4d0deb57c5b29d73100628410880fa7c8df44f1852c15d6386863844de18b53fd953017781b199ed475d55f9169afb6d0b3d4215ede3122b4e7d002357c7c4a171778ccef6c628f89d200"/154], 0x29)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x81)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000500)={{0xd000, 0xc000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6, 0x40}, {0xffffffff, 0x10000, 0xa, 0x9, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff, 0x2}, {0x6000, 0x1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x48, 0x7, 0x0, 0xfc}, {0xeeef0000, 0x1000, 0xc, 0x0, 0x1, 0x0, 0x7, 0x0, 0x8, 0xfd, 0x4, 0x4}, {0x6000, 0xffff1000, 0xe, 0x0, 0x0, 0x4, 0x0, 0xfd, 0x0, 0x4}, {0x4, 0x0, 0xb, 0x78, 0x6, 0x80, 0x0, 0x0, 0x3, 0xff, 0x1, 0x2}, {0x0, 0xeeee0000, 0xa, 0x6, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0xeeee0000, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x80, 0x26, 0x1, 0x0, 0x2}, {0x200000, 0x8cc}, {0x40000}, 0xddf8ffdb, 0x0, 0x0, 0x114, 0x2, 0xf001, 0x0, [0x80000001, 0x0, 0x1]}) (async)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000500)={{0xd000, 0xc000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6, 0x40}, {0xffffffff, 0x10000, 0xa, 0x9, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff, 0x2}, {0x6000, 0x1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x48, 0x7, 0x0, 0xfc}, {0xeeef0000, 0x1000, 0xc, 0x0, 0x1, 0x0, 0x7, 0x0, 0x8, 0xfd, 0x4, 0x4}, {0x6000, 0xffff1000, 0xe, 0x0, 0x0, 0x4, 0x0, 0xfd, 0x0, 0x4}, {0x4, 0x0, 0xb, 0x78, 0x6, 0x80, 0x0, 0x0, 0x3, 0xff, 0x1, 0x2}, {0x0, 0xeeee0000, 0xa, 0x6, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0xeeee0000, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x80, 0x26, 0x1, 0x0, 0x2}, {0x200000, 0x8cc}, {0x40000}, 0xddf8ffdb, 0x0, 0x0, 0x114, 0x2, 0xf001, 0x0, [0x80000001, 0x0, 0x1]})
ioctl$KVM_SET_GUEST_DEBUG_x86(r1, 0x4048ae9b, &(0x7f0000000000)={0x1d0002, 0x0, {[0xa2b, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x5, 0x5, 0x80000000, 0x80000001]}})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
socket$nl_route(0x10, 0x3, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, 0x0)
r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x300000c01, 0x61, 0x0, 0x34, 0x6e})

678.447159ms ago: executing program 3 (id=3276):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0xf)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000680)={0x10000, "fdc73c0723f709a7e560f038a5511a17771cda6ccb1707954b5c8fc642cb145c", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r1, 0xc0383e04, &(0x7f0000000ac0)={""/32, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000880)=[{}, {}, {}, {}, {}, {}, {}]})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000040)=0x6, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000002060101000000000000000000000000010000000a000000090002008d001f106f194eb3050001"], 0x30}}, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000001b40)={'syz0\x00', {0x1, 0x0, 0x0, 0x2}, 0x0, [0x39, 0x3, 0x4000401, 0x8, 0xe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xfffffffd, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x5, 0xfffffff6, 0x0, 0x8, 0x800000, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x1], [0x3, 0xfffff41a, 0x0, 0x0, 0x4, 0x20000, 0x2000000, 0xedc0, 0x0, 0x5ee, 0x5, 0x0, 0xe, 0x0, 0x0, 0xffffffff, 0x0, 0xa0000000, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, 0x0, 0xfffffff8, 0x2, 0x0, 0x2, 0x400, 0x0, 0x0, 0x8, 0x40000, 0x1d2c, 0xc0800000, 0x100, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xfffffffc, 0x1, 0xfffffffe, 0xfffff986], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x80, 0x0, 0x0, 0x1, 0xfffffc00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0, 0xfffffffd, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x200, 0x6, 0x6, 0xffffff81, 0x2, 0x47fff, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffc, 0x4, 0xf88], [0xfffffffe, 0x0, 0x4, 0x0, 0xfffefffe, 0x0, 0xfffffffe, 0x4, 0xfffffffc, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x803, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10, 0x5, 0xfffffffe, 0x3, 0x0, 0x4, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xea, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0xffffffff, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5)
ioctl$UI_DEV_CREATE(r3, 0x5501)
write$uinput_user_dev(r3, &(0x7f00000001c0)={'syz0\x00', {0x9, 0x2, 0x9, 0x3}, 0x3d, [0xfffff3e3, 0x80000000, 0x6, 0x8, 0x8, 0x400, 0x5, 0xffff, 0x3, 0x5, 0x2, 0x3, 0x100, 0x1, 0x6, 0x9, 0xffff, 0x3ce, 0x889, 0x81c5, 0x3, 0x7, 0x0, 0x0, 0x7, 0x5, 0x5, 0x4, 0x8, 0x5, 0xe, 0x61, 0x9, 0x7, 0x8, 0x80000001, 0x8, 0xffff, 0x24, 0x8, 0x0, 0xd, 0x0, 0x3, 0x3ff, 0x8, 0x40, 0x7ff, 0x400, 0xfc, 0x4, 0x9, 0x407, 0x3, 0xb3, 0xa44, 0x3, 0x46ea, 0x2, 0x1, 0xff, 0x8, 0x2, 0x8], [0x8, 0xfffffffe, 0x2800, 0xffffffff, 0x8, 0xac, 0xca, 0x1, 0x7ff, 0xffffff38, 0x49fd, 0x801, 0x8, 0x80000000, 0x98, 0xb7, 0xffffff1a, 0x1c, 0x0, 0x6, 0x8d, 0xff, 0x7, 0x9, 0x6, 0x4, 0x10000, 0xcc85, 0x1, 0x3483, 0x5, 0x6b, 0x7, 0xfffffffb, 0x6, 0x6, 0x5, 0x1, 0x788562aa, 0x1, 0x80000001, 0x62, 0xfffffffe, 0xfffffffd, 0x6, 0x7ff, 0x6, 0x4, 0x0, 0x4, 0x0, 0x1, 0x7f, 0x5, 0xf, 0x5, 0xb, 0xffffffc7, 0x67dc, 0x9, 0x3, 0xa, 0x1db, 0x2], [0x0, 0xffff, 0x8001, 0x7, 0x7fffffff, 0x4, 0xe, 0x4, 0xc, 0xc52, 0x6, 0xcb8, 0x6, 0x1, 0x2, 0x12, 0x8000, 0x8, 0xffffffff, 0xff, 0x100, 0x6, 0x2, 0x7fff, 0x400, 0x9a, 0x9, 0x7, 0xfffffffa, 0x3, 0xe116, 0xfffff801, 0x84, 0x3, 0x8191, 0x1, 0x0, 0x5, 0x3, 0x7, 0x7, 0x9, 0x4, 0x5, 0x7, 0x200, 0x3, 0x3, 0x3, 0x8, 0x2, 0x2, 0x7, 0x1, 0x6, 0x9, 0x3, 0x3443, 0xdaab5afd, 0x2033, 0x6527444, 0x7, 0xc58, 0x4b9], [0xc8fd, 0x1, 0xfffffffa, 0x8, 0x3, 0x643eba42, 0x400, 0xffffdc57, 0x80000401, 0xfffffff9, 0x6, 0x0, 0x2, 0x100, 0x7ca1c62e, 0x22f2, 0x80000000, 0xa250, 0x9, 0xc, 0x8000, 0x3, 0x80000001, 0x8000, 0x1, 0x10, 0x6, 0x4c47, 0x6, 0x1, 0x3, 0x3833, 0x1, 0x6, 0x4, 0x7, 0x81, 0x0, 0x0, 0xfffffff4, 0x86c, 0x6, 0x5acb, 0xcea, 0x3ff, 0x2, 0x6, 0x6, 0x3800000, 0x2, 0x7, 0x5, 0x3d66, 0x6, 0x6, 0x4, 0xe7fe, 0xffffffff, 0x1000, 0x8, 0x2, 0x7ff, 0x400, 0x7]}, 0x45c)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)=ANY=[@ANYBLOB=' \x00\x00\x00\rz1\x00'/26], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001d0001000000000004086aa42d"], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a0)
r5 = syz_open_dev$video(&(0x7f0000000040), 0x7, 0x100)
ioctl$VIDIOC_TRY_EXT_CTRLS(r5, 0xc0205649, &(0x7f0000000340)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x980912, 0x400, '\x00', @p_u8=0x0}})
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@index_on}, {@workdir={'workdir', 0x3d, './bus/file0'}}]})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r8, 0x4004ae99, &(0x7f0000000100)=0x4)
ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

570.312959ms ago: executing program 2 (id=3277):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f00000000c0)=@mgmt_frame=@probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1}, {}, @broadcast, @device_b, @initial, {0x4, 0x7}}, 0x9, @default, 0xd000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0xb0}, @val={0x4, 0x6, {0xf7, 0x3, 0x3, 0x9}}, @val={0x6, 0x2, 0xf001}, @val={0x2d, 0x1a, {0xc, 0x1, 0x0, 0x0, {0xffffffff00000000, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x800, 0x1, 0x8c}}, @void, @void}, 0x57) (async)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, 0x0, 0x701, 0x0, 0x0, {0x2e}}, 0x14}, 0x1, 0x0, 0x0, 0xc008}, 0x4008010)

485.167195ms ago: executing program 7 (id=3278):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_targets\x00')
preadv(r0, &(0x7f0000000500)=[{&(0x7f0000000080)=""/149, 0x95}], 0x1, 0x9, 0x4317d336)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000300), 0x41, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000000b000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r3 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1b, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x654e, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'})
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000040)='xfs\x00', 0x8080, &(0x7f00000001c0)='discard')
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}})
syz_fuse_handle_req(r4, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000004280)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r4, &(0x7f0000004300), 0x2000, &(0x7f0000006300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000063c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ppoll(&(0x7f0000000240)=[{r1, 0x4000}, {r0, 0x2000}, {r4, 0x80}, {r0, 0x1020}, {r2, 0x2100}], 0x5, &(0x7f0000000280), &(0x7f00000002c0)={[0x4]}, 0x8)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@deltaction={0x100, 0x31, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x800}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8c0}}, {0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @TCA_ACT_TAB={0x6c, 0x1, [{0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffff801}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x7, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5c}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}, @TCA_ACT_TAB={0x48, 0x1, [{0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000001}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x20040011}, 0x80440d0)

483.353683ms ago: executing program 3 (id=3279):
r0 = add_key(&(0x7f0000000040)='cifs.idmap\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000100)="f4638394f716f5113ceedc76bc5fe3e3cab07de4a5fca36654cf8b62197178efbad2f260776ce597134421fdadae2fa129e234e9b583dc03b48147e6739d024ea9bd77ac8160f0b51880cf77ded661de029daef8448bddc81b0bde6835b904361020eae6646258858e06552f2931d822a76ae347de3bfef99f06d51036b66945cdadf1678146f0fb76f93222251fc0a92b0cbbad81b0ecdc305c8d32dfa834216ac17bd78317e585234165dd12fee1511ff55a7f5e48db2845806aa81d03d8e425f43aa55470ce5374dbce5549643a1c31b74b064c47b2a2e66ca0406757598d05b01fffe461212f008684b4eebd6eddf5e17a7a", 0xf4, 0xfffffffffffffffb)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000380)={0x7ff, <r1=>0xffffffffffffffff, 0x2})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000540)={@desc={0x1, 0x0, @desc3}, 0x40, r0, '\x00', @b})
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000200)={r0, 0xa9, 0xf1}, &(0x7f0000000240)={'enc=', 'raw', ' hash=', {'tgr160-generic\x00'}}, &(0x7f00000002c0)="837e0ed99a9a231f5fe4c306a3b0ceffe39aa021ae91a1326c0e3e304b88ef39bb833da4e39a82348ea2cfaa15a030967d8f82318667df1bf8cab9b0734c9ce1190daa86bd59cabcf738a3ab6f70361c07db5526f0c719d4e647319f2d3ad42b6a704226acaba2a0f4094a71f90c367696d4937db8950e5dec80ba8db7b0789d105a8cc57cb754993204b2f61e4a7669a9a4f4942bac6d1a885639044ab7d53bd3263711b180aaa994", &(0x7f0000000440)="31dfd27b88bcde4cd1320b387a02adaf304ac952772f3372926e2cd794b4b8665e9c6ed9169600862377f515a54be861e3b3814fc8d377e296b6bd6989ef357af1bf5d6140c30111ae8e0ed51101094d80c8edb44ddcda57b2428e4cfee72830a267b344c56a35023b3b9a4e6f2eb1a6e850b8acc5ea8895944eb523244f18f3d482a9f03568c0fedd6b2e09f4b43dffd75b51384e45c40cfc5af31c74d45a76bd45f3930c693fcfd621ed76073c60caa063d4bab1fff14a372db6f64aa3a61583f7eb5210106ce58c017a2e030d7ac261b3df29d70e407914cbd9305a992eea2fe092ad87c6de68c831389c7fa5a2b445")
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="00000102", 0xfffff, r2)

389.551693ms ago: executing program 3 (id=3280):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0)
r0 = semget$private(0x0, 0x4000000009, 0x208)
semop(r0, &(0x7f00000002c0)=[{0x1, 0x8698, 0x1000}], 0x1)
semop(r0, &(0x7f0000000000)=[{0x0, 0xfffb}, {0x1, 0x0, 0x800}], 0x2)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000140)=[0x1ff])
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20080a0, &(0x7f0000000000)=ANY=[@ANYBLOB='size=$'])

270.279998ms ago: executing program 7 (id=3281):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000019c0)={0x14, 0x1e, 0x21, 0x70bd2b, 0x0, {0x2a}}, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x6, &(0x7f00000002c0)=@framed={{0x18, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x10001}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x80}, @alu={0x7, 0x1, 0x9}]}, &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b0280540219"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000600)=ANY=[@ANYBLOB="6112a0000000000061138c0000000000bf2000000000000007000000080000003d0301000000000095000000000000006916200000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f3d2401000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08508460b603daf5a7d1dbdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ffa78b02af242f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b06e7f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d545741fbbbea3e47b1750f272980087b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffb0}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff13}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x9}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x7, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r3, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001240)={0x20, 0x1, 0x8, 0x801, 0x0, 0x0, {0x6, 0x0, 0xa}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)

264.236563ms ago: executing program 7 (id=3282):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000002c0)={0x0, 0x0, 0x0, &(0x7f0000000280)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1}) (async)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r2, &(0x7f0000000080)={0x237, 0x7d, 0x2, {{0x500, 0xf6, 0x3, 0x5000000, {0x80, 0x0, 0x8}, 0x41400000, 0x0, 0xe5e0, 0x5, 0x1b, '\x04nodev{evoo~\x05E\xc6\x00\x05\b\x007\xd9:\x8b\x92\x00\x00\x00', 0x33, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x37, '\xcf\xc3m\a\xc5\x00\xf0L\xd8_*p\xf4\xe9\x93\x0e^\x98\x9c\xd5\xefMQ\xf6\r\xa7X,J\x05\xc8\xf8(\xf6\x8d\xc1wM]\xe2\xe8 \x86#\x81\xf6hm\xd1\xbb\x8f\xd7\x00\x00\x00', 0x3e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c<;{\xa4\xa4\x00\xb4\xb0w\xdct\x00\x00\x00\x06\x00\x00\x00@\a\xec!\xca\xbf\xf2\x0f\x9c\x00\x89\xf9\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12[\x93\xa5\xd4\xdb\x9a\xb2\xe0\x16He\x81\xea[\x9c\xf9\xc4\xa2\x86F\xbct@\x97\x11Y\xa7\x1b\xc0v\xb0lJ\xc4\x9e\xc7m^\x86\xea'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x13r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0xe9) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000380)={r1}) (async, rerun: 64)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r3, &(0x7f0000000380)='asymmetric\x00', &(0x7f0000000240)='\x00\x06\x00 \x00\x00\x00') (async)
r4 = syz_open_dev$loop(&(0x7f0000000500), 0xee8, 0x5042) (async, rerun: 32)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_wakeup_irq', 0x20940, 0x1e2) (rerun: 32)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000140)={r5, 0x0, {0x0, 0x0, 0x0, 0x7fff, 0x7ffe, 0x0, 0x0, 0x5, 0xc, "c44ef9682a689185ff07ec0f9eddd770e010a8b62022fd106fa715e63fee8ab07f3c19ed0c04afcaba06f6d9584488da0162d4cc7030ec4f7b9ab89b3e192e4a", "8bc975aabbbbe9e4cbb0e98d43a12e12538b330e6fe3bce73919393417abdc6c58f0abd4f0c29b3c71757f74bc429c808f46e9cda4584203143a0b9705fb16b6", "666f1d5f5c43005b310134ce9a6d0369862b72c1f9f4980a2346c4dd62ad8050", [0x6, 0x61fe]}}) (async)
ioctl$LOOP_CHANGE_FD(r4, 0x4c03, r5)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
open(&(0x7f0000000280)='.\x00', 0x0, 0xd6) (async)
r7 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil)
shmat(r7, &(0x7f0000ffc000/0x3000)=nil, 0x4000) (async)
recvfrom$rxrpc(0xffffffffffffffff, &(0x7f00000003c0)=""/208, 0xd0, 0x0, &(0x7f00000004c0)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e23, @private=0xa010102}}, 0x24) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x88000, 0x0) (async, rerun: 32)
umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x8) (async, rerun: 32)
munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) (async)
remap_file_pages(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0)
close_range(r6, r4, 0x0) (async)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) (async)
r8 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r8, 0x8040942d, &(0x7f0000000300)) (async)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'bond_slave_1\x00', &(0x7f0000000180)=@ethtool_cmd={0x2c, 0x7, 0x0, 0x9, 0x7d, 0x5, 0x81, 0x87, 0xda, 0x81, 0xa, 0x31, 0x6, 0x4, 0x0, 0x8001f72, [0x7fff, 0x7b0]}})

264.084978ms ago: executing program 7 (id=3283):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x404c800)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r4, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f905, 0x0, '\x00', @p_u16=0x0}})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100fe0f000004000480280003800c00010040000000060000000c000100ff04000000000000d8fd010006000000090000000600050088a800000800feff", @ANYRES32, @ANYBLOB="08000500", @ANYRES16=r2], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c00000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="00000000061000f0130012800b00010062726964676500000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)

230.411792ms ago: executing program 7 (id=3284):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x25, &(0x7f00000001c0)=0xfffffff, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, <r2=>0x0})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000080)={r2})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_PANTHOR_GROUP_CREATE(r1, 0xc0386447, &(0x7f0000000040)={{0x8, 0x4, &(0x7f0000000000)=[{0xfa, 0x0, 0x77}, {0x81, 0x0, 0x6}, {0x7f, 0x0, 0x8}, {0x2, 0x0, 0x1}]}, 0x1, 0x4, 0x3, 0x1, 0x0, 0x1, 0x3})

98.619814ms ago: executing program 7 (id=3285):
socket(0x0, 0x2, 0xa6)
mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x120, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x38)
fcntl$setsig(r1, 0xa, 0x21)
fcntl$setlease(r1, 0x400, 0x1)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$DVB_DEMUX_DMX_EXPBUF(r1, 0xc00c6f3e, &(0x7f0000000000)={0x5, 0x80000, r0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(0xffffffffffffffff, 0x5382, &(0x7f0000000040))
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r6 = openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff)
close(r6)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2000405, 0x0)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000000740)={0x30, 0x5, 0x0, {0x0, 0x1, 0x8000}}, 0x30)
r8 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00')
fchdir(r8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r7, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x6c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @private2}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ipvlan0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6, 0x1, 0x1}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

0s ago: executing program 2 (id=3286):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x29, @ipv4={'\x00', '\xff\xff', @local}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x5e1e, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xd}, 0xfffffffffffffeaa)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000280)={0x3, @sdr={0x34325258, 0x8}})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000bb1000/0x3000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000bb3000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000f20000/0x1000)=nil, &(0x7f000000b000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0)
ioctl$SNDCTL_SEQ_GETTIME(r3, 0x80045113, &(0x7f0000000280))
sendmsg$inet6(r2, &(0x7f0000000480)={&(0x7f0000000040)={0xa, 0x4e20, 0xfffffffc, @remote, 0x2}, 0x1c, 0x0}, 0x20008814)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450e00280064000007069078ac1414bbac1414bb4e224e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c260907800e700"], 0x0)
setsockopt$inet_tcp_buf(r1, 0x6, 0x1c, &(0x7f0000000140)="95afa9e002a2a15659dad56af85c3e93f0a57cb10c8cdd6b52088ecc53be318f98fd24b5460def95ea23f39e9d74971cef57432e714586da739456c15e37ce9e527885027d9e1bdb9503930c138cce599551051b3435dd45a294a0beb99f043171f59120ad459ba1ce1ae6", 0x6b)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}, 0x1, 0x0, 0x0, 0xc002}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r4 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0xb7a3, 0xc000, 0xc, 0x2, 0x0, r1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1b, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfd11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdf1, 0x0, 0x0}, 0x94)
pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x3)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ing): unset [0, 0] type 1 family 0 port 8472 - 0
[  263.241610][T15290] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.261656][T15299] 8021q: adding VLAN 0 to HW filter on device bond10
[  263.267580][T15299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2641'.
[  263.270413][T15299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2641'.
[  263.276645][T15299] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.281142][T15299] bond10: (slave bond0): making interface the new active one
[  263.285867][T15299] bond10: (slave bond0): Enslaving as an active interface with an up link
[  263.290477][T15299] netlink: 'syz.0.2641': attribute type 4 has an invalid length.
[  263.293233][T15299] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2641'.
[  263.298622][T15299] .`: renamed from bond0 (while UP)
[  263.371310][T15290] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  263.383713][T15290] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  263.388062][T15290] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  263.392358][T15290] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  263.415048][  T156] bond10: (slave .`): link status definitely down, disabling slave
[  263.419327][  T156] bond10: now running without any active interface!
[  263.456343][T15290] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.467211][T15290] 8021q: adding VLAN 0 to HW filter on device team0
[  263.472866][  T156] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.475322][  T156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.481905][  T223] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.484286][  T223] bridge0: port 2(bridge_slave_1) entered forwarding state
[  263.588937][T15290] 8021q: adding VLAN 0 to HW filter on device batadv0
[  263.612298][T15290] veth0_vlan: entered promiscuous mode
[  263.620836][T15290] veth1_vlan: entered promiscuous mode
[  263.635678][T15290] veth0_macvtap: entered promiscuous mode
[  263.639764][T15290] veth1_macvtap: entered promiscuous mode
[  263.650197][T15290] batman_adv: batadv0: Interface activated: batadv_slave_0
[  263.657923][T15290] batman_adv: batadv0: Interface activated: batadv_slave_1
[  263.664301][ T1184] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  263.668383][ T1184] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  263.671893][ T1184] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  263.677130][ T1184] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  263.714022][    T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  263.742478][ T7542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.745482][ T7542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.763076][ T1184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.766005][ T1184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.836127][T15321] batman_adv: batadv0: Adding interface: dummy0
[  263.838247][T15321] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  263.846853][T15321] batman_adv: batadv0: Interface activated: dummy0
[  263.855934][T15321] batadv0: mtu less than device minimum
[  263.858603][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.862752][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.863490][    T9] usb 5-1: Using ep0 maxpacket: 32
[  263.866887][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.872176][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.872190][    T9] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  263.876026][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.878534][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.882503][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.884949][    T9] usb 5-1: Product: syz
[  263.888500][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.889423][    T9] usb 5-1: Manufacturer: syz
[  263.893085][T15321] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  263.894405][    T9] usb 5-1: SerialNumber: syz
[  263.900514][    T9] usb 5-1: config 0 descriptor??
[  263.904676][    T9] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  263.907617][    T9] dvb-usb: bulk message failed: -22 (4/0)
[  263.909996][    T9] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  263.915005][    T9] dvb-usb: bulk message failed: -22 (5/0)
[  263.916798][    T9] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  263.929224][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  263.932604][    T9] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  263.935229][    T9] usb 5-1: media controller created
[  263.942469][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  263.951422][    T9] usb 5-1: selecting invalid altsetting 3
[  263.953293][    T9] ttusb2: set interface to alts=3 failed
[  263.972889][    T9] DVB: Unable to find symbol tda10086_attach()
[  263.975403][    T9] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  263.978539][    T9] dvb-usb: bulk message failed: -22 (4/0)
[  263.980340][    T9] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  263.983868][    T9] dvb-usb: bulk message failed: -22 (5/0)
[  263.986031][    T9] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  263.990098][    T9] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  264.048809][T15337] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2648'.
[  264.105924][T15312] dvb-usb: bulk message failed: -22 (7/0)
[  264.108177][T15312] ttusb2: there might have been an error during control message transfer. (rlen = 3, was 0)
[  264.111611][T15312] ttusb2: i2c transfer failed.
[  264.212147][T15348] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2651'.
[  264.215165][T15348] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2651'.
[  264.240392][   T29] usb 5-1: USB disconnect, device number 23
[  264.265308][   T29] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  264.503453][ T6020] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  264.643475][ T5946] Bluetooth: hci2: command tx timeout
[  264.665262][ T6020] usb 8-1: config 0 has no interfaces?
[  264.667241][ T6020] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  264.670202][ T6020] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.674957][ T6020] usb 8-1: config 0 descriptor??
[  264.820653][T15356] SELinux:  policydb magic number 0x4b07fa81 does not match expected magic number 0xf97cff8c
[  264.824414][T15356] SELinux: failed to load policy
[  264.884397][ T6020] usb 8-1: USB disconnect, device number 24
[  265.140385][T15359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2654'.
[  265.145566][T15359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2654'.
[  265.225774][T15360] misc userio: Can't change port type on an already running userio instance
[  265.232041][T15360] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2570 sclass=netlink_route_socket pid=15360 comm=syz.2.2654
[  265.404950][T15363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2655'.
[  265.422851][  T223] bond0 (unregistering): Released all slaves
[  265.428970][  T223] bond1 (unregistering): Released all slaves
[  265.439621][  T223] bond2 (unregistering): Released all slaves
[  265.447242][  T223] bond3 (unregistering): Released all slaves
[  265.459578][   T40] audit: type=1400 audit(1776283881.374:2067): avc:  denied  { read } for  pid=15362 comm="syz.0.2655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  265.464279][T15366] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0
[  265.469985][T15366] binder: 15362:15366 ioctl 4018620d 200000000000 returned -1
[  265.470086][  T223] bond4 (unregistering): Released all slaves
[  265.476381][T15366] binder: BINDER_SET_CONTEXT_MGR bad uid 60928 != 0
[  265.479386][T15366] binder: 15362:15366 ioctl 4018620d 200000000040 returned -1
[  265.484637][  T223] bond5 (unregistering): Released all slaves
[  265.498609][  T223] bond6 (unregistering): Released all slaves
[  265.506061][  T223] bond7 (unregistering): Released all slaves
[  265.515740][  T223] bond8 (unregistering): Released all slaves
[  265.522794][  T223] bond9 (unregistering): Released all slaves
[  265.533773][  T223] bond10 (unregistering): Released all slaves
[  265.673210][  T223] tipc: Left network mode
[  265.705884][T15376] batman_adv: batadv0: Adding interface: dummy0
[  265.709310][T15376] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  265.720272][T15376] batman_adv: batadv0: Interface activated: dummy0
[  265.790489][  T223] IPVS: stopping master sync thread 8906 ...
[  265.904280][T15390] Bluetooth: MGMT ver 1.23
[  266.049526][  T223] veth1_macvtap: left promiscuous mode
[  266.187892][   T40] audit: type=1326 audit(1776283882.104:2068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15410 comm="syz.0.2671" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd11e39c819 code=0x0
[  266.234336][T15407] erspan0: entered promiscuous mode
[  266.357545][T15425] program syz.3.2676 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  266.482904][   T40] audit: type=1400 audit(1776283882.394:2069): avc:  denied  { append } for  pid=15442 comm="syz.3.2681" name="usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  266.609077][  T223] IPVS: stop unused estimator thread 0...
[  266.694843][ T5946] Bluetooth: hci4: unexpected event for opcode 0x2060
[  266.701073][ T5946] Bluetooth: hci4: unexpected event for opcode 0x2060
[  266.723431][   T34] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  266.737090][T15459] netlink: 'syz.0.2683': attribute type 1 has an invalid length.
[  266.886888][   T34] usb 8-1: Using ep0 maxpacket: 8
[  266.896788][   T34] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  266.900856][   T34] usb 8-1: config 179 has no interface number 0
[  266.903994][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  266.909077][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  266.914671][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  266.919969][   T34] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  266.927386][   T34] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  266.933474][   T34] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  266.937607][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.944982][T15444] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  267.441088][   T34] usb 8-1: USB disconnect, device number 25
[  267.443071][    C3] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  267.443095][    C3] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  267.655358][T15479] netlink: 'syz.2.2690': attribute type 21 has an invalid length.
[  267.657911][T15479] IPv6: NLM_F_CREATE should be specified when creating new route
[  267.746076][T15483] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=15483 comm=syz.2.2692
[  267.853595][   T34] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  267.923683][ T5946] Bluetooth: hci2: command tx timeout
[  267.929342][T15491] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  267.931847][T15491] IPv6: NLM_F_CREATE should be set when creating new route
[  267.988947][T15494] support for the xor transformation has been removed.
[  268.003458][   T34] usb 5-1: Using ep0 maxpacket: 8
[  268.009552][   T34] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  268.012456][   T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.016079][   T34] usb 5-1: Product: syz
[  268.017937][   T34] usb 5-1: Manufacturer: syz
[  268.019471][   T34] usb 5-1: SerialNumber: syz
[  268.022392][   T34] usb 5-1: config 0 descriptor??
[  268.028701][   T34] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  268.031925][   T34] dvb-usb: bulk message failed: -22 (2/0)
[  268.037312][   T34] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  268.040586][   T34] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  268.043417][   T34] usb 5-1: media controller created
[  268.056281][   T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  268.209341][   T40] audit: type=1400 audit(1776283884.124:2070): avc:  denied  { setattr } for  pid=15495 comm="syz.3.2697" name="NETLINK" dev="sockfs" ino=63148 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  268.232380][   T34] dvb-usb: bulk message failed: -22 (1/0)
[  268.247878][   T40] audit: type=1800 audit(1776283884.164:2071): pid=15497 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.3.2697" name="/" dev="sockfs" ino=63148 res=0 errno=0
[  268.255939][   T34] DVB: Unable to find symbol mt352_attach()
[  268.257928][   T40] audit: type=1400 audit(1776283884.174:2072): avc:  denied  { remount } for  pid=15495 comm="syz.3.2697" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  268.259572][   T34] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  268.313381][   T34] rc_core: IR keymap rc-dvico-portable not found
[  268.315963][   T34] Registered IR keymap rc-empty
[  268.320730][   T34] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0
[  268.326475][   T34] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input28
[  268.332301][   T34] dvb-usb: schedule remote query interval to 100 msecs.
[  268.334879][   T34] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  268.434997][   T34] usb 5-1: USB disconnect, device number 24
[  268.462117][   T34] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  268.770364][T15506] __nla_validate_parse: 4 callbacks suppressed
[  268.770381][T15506] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2699'.
[  268.993803][   T40] audit: type=1400 audit(1776283884.914:2073): avc:  denied  { unmount } for  pid=15290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  269.040576][ T5933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  269.054962][T15517] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2702'.
[  269.063804][ T5933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  269.072067][ T5933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  269.075787][ T5933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  269.078645][ T5933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  269.180537][T15520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2703'.
[  269.220287][T15514] chnl_net:caif_netlink_parms(): no params data found
[  269.248524][T15527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2705'.
[  269.251436][T15527] net_ratelimit: 31 callbacks suppressed
[  269.251445][T15527] openvswitch: netlink: Flow actions attr not present in new flow.
[  269.278704][T15514] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.281594][T15514] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.284718][T15514] bridge_slave_0: entered allmulticast mode
[  269.287619][T15514] bridge_slave_0: entered promiscuous mode
[  269.289050][T15532] xt_hashlimit: size too large, truncated to 1048576
[  269.291335][T15525] syzkaller0: entered promiscuous mode
[  269.294342][T15525] syzkaller0: entered allmulticast mode
[  269.297602][T15514] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.299944][T15514] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.302570][T15514] bridge_slave_1: entered allmulticast mode
[  269.306103][T15514] bridge_slave_1: entered promiscuous mode
[  269.341786][T15514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.348109][T15514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.367584][T15514] team0: Port device team_slave_0 added
[  269.371196][T15514] team0: Port device team_slave_1 added
[  269.391442][T15514] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.394653][T15514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  269.403195][T15514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.409209][T15514] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.411530][T15514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  269.420358][T15514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.450606][T15514] hsr_slave_0: entered promiscuous mode
[  269.453056][T15514] hsr_slave_1: entered promiscuous mode
[  269.456186][T15514] debugfs: 'hsr0' already exists in 'hsr'
[  269.458292][T15514] Cannot create hsr debugfs directory
[  269.634403][T15514] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  269.650681][T15514] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  269.658111][T15514] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  269.658218][T15546] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2711'.
[  269.680299][T15514] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  269.711296][ T7542] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.735811][T15514] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.738253][T15514] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.740866][T15514] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.743622][T15514] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.793175][ T7542] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.837365][ T5946] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  269.849023][ T5946] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  269.854882][T15514] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.857784][ T5946] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  269.864696][ T5946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  269.867646][ T5946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  269.873612][ T1184] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.880814][ T1184] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.934445][ T7542] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.957820][T15514] 8021q: adding VLAN 0 to HW filter on device team0
[  269.975172][  T223] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.977683][  T223] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.999269][  T223] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.001954][  T223] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.022250][ T7542] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.230156][T15565] chnl_net:caif_netlink_parms(): no params data found
[  270.263156][ T7542] bridge_slave_1: left allmulticast mode
[  270.265603][ T7542] bridge_slave_1: left promiscuous mode
[  270.268005][ T7542] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.275525][ T7542] bridge_slave_0: left allmulticast mode
[  270.277873][ T7542] bridge_slave_0: left promiscuous mode
[  270.281533][ T7542] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.448709][ T7542] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  270.452871][ T7542] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  270.456631][ T7542] bond0 (unregistering): Released all slaves
[  270.461582][ T7542] bond1 (unregistering): Released all slaves
[  270.528688][T15514] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.536592][T15565] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.540902][T15565] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.545133][T15565] bridge_slave_0: entered allmulticast mode
[  270.563615][T15565] bridge_slave_0: entered promiscuous mode
[  270.574188][T15565] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.576663][T15565] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.579308][T15565] bridge_slave_1: entered allmulticast mode
[  270.582299][T15565] bridge_slave_1: entered promiscuous mode
[  270.626954][T15565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  270.633740][T15565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  270.652919][T15565] team0: Port device team_slave_0 added
[  270.657736][T15565] team0: Port device team_slave_1 added
[  270.673099][T15565] batman_adv: batadv0: Adding interface: batadv_slave_0
[  270.676103][T15565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  270.685000][T15565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  270.691532][T15565] batman_adv: batadv0: Adding interface: batadv_slave_1
[  270.699590][T15565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  270.709174][T15565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  270.757667][T15565] hsr_slave_0: entered promiscuous mode
[  270.762444][T15565] hsr_slave_1: entered promiscuous mode
[  270.764910][T15565] debugfs: 'hsr0' already exists in 'hsr'
[  270.766838][T15565] Cannot create hsr debugfs directory
[  270.772838][ T7542] hsr_slave_0: left promiscuous mode
[  270.775641][ T7542] hsr_slave_1: left promiscuous mode
[  270.778266][ T7542] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  270.780981][ T7542] batadv0: mtu less than device minimum
[  270.783616][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.788485][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.792591][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.797675][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.801752][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.806049][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.809880][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.814651][ T7542] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  270.825554][ T7542] batman_adv: batadv0: Removing interface: batadv_slave_0
[  270.828638][ T7542] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  270.841827][ T7542] batman_adv: batadv0: Removing interface: batadv_slave_1
[  270.846111][ T7542] batman_adv: batadv0: Interface deactivated: dummy0
[  270.848372][ T7542] batman_adv: batadv0: Removing interface: dummy0
[  270.853685][   T34] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  270.854233][ T7542] veth1_macvtap: left promiscuous mode
[  270.858836][ T7542] veth0_macvtap: left promiscuous mode
[  270.860731][ T7542] veth1_vlan: left promiscuous mode
[  270.862437][ T7542] veth0_vlan: left promiscuous mode
[  270.991413][ T7542] team0 (unregistering): Port device team_slave_1 removed
[  270.999803][ T7542] team0 (unregistering): Port device team_slave_0 removed
[  271.007998][   T34] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  271.012167][   T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.017909][   T34] usb 5-1: Product: syz
[  271.019671][   T34] usb 5-1: Manufacturer: syz
[  271.021621][   T34] usb 5-1: SerialNumber: syz
[  271.028878][   T34] usb 5-1: config 0 descriptor??
[  271.133594][ T5946] Bluetooth: hci0: command tx timeout
[  271.147073][T15615] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2726'.
[  271.155341][T15615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2726'.
[  271.163290][  T156] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  271.164959][T15615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2726'.
[  271.184729][  T156] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  271.187683][  T156] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  271.191199][T15514] veth0_vlan: entered promiscuous mode
[  271.195106][T15615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2726'.
[  271.220536][  T156] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  271.223742][T15618] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  271.223759][T15618] overlayfs: failed to set xattr on upper
[  271.223764][T15618] overlayfs: ...falling back to redirect_dir=nofollow.
[  271.223769][T15618] overlayfs: ...falling back to index=off.
[  271.223773][T15618] overlayfs: ...falling back to uuid=null.
[  271.223785][T15618] overlayfs: maximum fs stacking depth exceeded
[  271.238938][T15600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  271.241590][T15514] veth1_vlan: entered promiscuous mode
[  271.245360][T15600] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.249851][   T34] usb 5-1: USB disconnect, device number 25
[  271.325476][T15514] veth0_macvtap: entered promiscuous mode
[  271.359784][T15514] veth1_macvtap: entered promiscuous mode
[  271.381679][T15514] batman_adv: batadv0: Interface activated: batadv_slave_0
[  271.392200][T15514] batman_adv: batadv0: Interface activated: batadv_slave_1
[  271.404751][  T156] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  271.407898][  T156] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  271.409736][T15632] xt_connbytes: Forcing CT accounting to be enabled
[  271.410668][  T156] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  271.416521][  T156] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  271.488523][ T7534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.493942][ T7534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.513917][T15636] overlayfs: unescaped trailing colons in lowerdir mount option.
[  271.527497][ T7534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.530307][ T7534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.639817][T15643] gretap1: entered promiscuous mode
[  271.643153][T15643] batman_adv: batadv0: Adding interface: gretap1
[  271.649897][T15643] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  271.663761][T15643] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  271.719387][T15651] netlink: 'syz.2.2732': attribute type 15 has an invalid length.
[  271.726328][T15651] netlink: 'syz.2.2732': attribute type 1 has an invalid length.
[  271.744702][   T40] audit: type=1400 audit(1776283887.664:2074): avc:  denied  { getopt } for  pid=15650 comm="syz.2.2732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  271.873807][T15565] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  271.880193][T15565] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  271.885146][T15565] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  271.890273][T15565] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  271.923539][ T5946] Bluetooth: hci2: command tx timeout
[  271.952265][T15565] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.961670][T15565] 8021q: adding VLAN 0 to HW filter on device team0
[  271.966895][ T7542] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.969375][ T7542] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.975741][ T7534] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.978347][ T7534] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.091413][T15565] 8021q: adding VLAN 0 to HW filter on device batadv0
[  272.115306][T15565] veth0_vlan: entered promiscuous mode
[  272.121623][T15565] veth1_vlan: entered promiscuous mode
[  272.142348][T15565] veth0_macvtap: entered promiscuous mode
[  272.147728][T15565] veth1_macvtap: entered promiscuous mode
[  272.156737][T15565] batman_adv: batadv0: Interface activated: batadv_slave_0
[  272.163189][T15565] batman_adv: batadv0: Interface activated: batadv_slave_1
[  272.172002][ T7540] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  272.178334][ T7543] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  272.181453][ T7543] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  272.188936][ T7543] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  272.235587][ T7542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.238128][ T7542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.254902][ T7543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.257684][ T7543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.292358][T15676] overlayfs: missing 'lowerdir'
[  272.325999][T15678] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  272.408742][   T40] audit: type=1400 audit(1776283888.324:2075): avc:  denied  { getopt } for  pid=15682 comm="syz.3.2736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  272.532045][   T40] audit: type=1400 audit(1776283888.444:2076): avc:  denied  { append } for  pid=15695 comm="syz.3.2740" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  272.541099][   T40] audit: type=1400 audit(1776283888.454:2077): avc:  denied  { create } for  pid=15695 comm="syz.3.2740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=decnet_socket permissive=1
[  272.813913][T15721] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2748'.
[  272.934569][T15725] netlink: 'syz.3.2751': attribute type 1 has an invalid length.
[  272.938676][T15725] 8021q: VLANs not supported on wg0
[  273.097586][   T40] audit: type=1400 audit(1776283889.014:2078): avc:  denied  { mounton } for  pid=15731 comm="syz.3.2753" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  273.111186][T15732] EXT4-fs (sr0): unable to read superblock
[  273.464540][ T5946] Bluetooth: hci2: Malformed HCI Event: 0x22
[  273.689420][T15766] netlink: 'syz.3.2764': attribute type 30 has an invalid length.
[  273.698082][ T7543] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  273.698198][T15766] netlink: 'syz.3.2764': attribute type 30 has an invalid length.
[  273.701048][ T7543] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  273.707926][ T7543] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  273.711974][ T7543] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  273.841316][ T7543] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.002553][ T5946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  274.009161][ T5946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  274.013520][ T5937] Bluetooth: hci2: command tx timeout
[  274.016138][ T5937] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  274.020781][ T5937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  274.023289][ T5937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  274.109507][T15782] __nla_validate_parse: 6 callbacks suppressed
[  274.109526][T15782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2772'.
[  274.151467][T15783] chnl_net:caif_netlink_parms(): no params data found
[  274.225554][ T7543] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.250688][T15783] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.253033][T15783] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.255735][T15783] bridge_slave_0: entered allmulticast mode
[  274.259372][T15783] bridge_slave_0: entered promiscuous mode
[  274.263926][T15783] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.267033][T15783] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.269512][T15783] bridge_slave_1: entered allmulticast mode
[  274.272203][T15783] bridge_slave_1: entered promiscuous mode
[  274.306895][T15812] overlay: ./file0 is not a directory
[  274.306907][ T7543] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.342977][T15783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  274.356271][T15783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  274.383853][T15815] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  274.399496][   T40] audit: type=1400 audit(1776283890.314:2079): avc:  denied  { mounton } for  pid=15814 comm="syz.3.2778" path="/26/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  274.399573][T15815] 9pnet_virtio: no channels available for device syz
[  274.415315][ T7543] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.453671][T15783] team0: Port device team_slave_0 added
[  274.459545][T15783] team0: Port device team_slave_1 added
[  274.487448][T15783] batman_adv: batadv0: Adding interface: batadv_slave_0
[  274.490673][T15783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  274.500687][T15783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  274.505137][T15783] batman_adv: batadv0: Adding interface: batadv_slave_1
[  274.507369][T15783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  274.517139][T15783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  274.568263][T15783] hsr_slave_0: entered promiscuous mode
[  274.570957][T15783] hsr_slave_1: entered promiscuous mode
[  274.573124][T15783] debugfs: 'hsr0' already exists in 'hsr'
[  274.575407][T15783] Cannot create hsr debugfs directory
[  274.582293][T15818] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  274.676033][ T7543] bridge_slave_1: left allmulticast mode
[  274.678995][ T7543] bridge_slave_1: left promiscuous mode
[  274.681854][ T7543] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.687298][ T7543] bridge_slave_0: left allmulticast mode
[  274.689649][ T7543] bridge_slave_0: left promiscuous mode
[  274.692186][ T7543] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.935455][   T40] audit: type=1400 audit(1776283890.854:2080): avc:  denied  { node_bind } for  pid=15830 comm="syz.2.2782" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  274.943090][ T7543] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  274.949609][ T7543] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  274.955649][ T7543] bond0 (unregistering): Released all slaves
[  274.996801][T15842] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  275.000923][T15842] Cannot find set identified by id 3 to match
[  275.038792][T15845] program syz.3.2786 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  275.104813][T15845] 9pnet_virtio: no channels available for device ./file0
[  275.161966][T15783] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  275.177245][T15783] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  275.220692][T15783] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  275.226843][T15783] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  275.267913][   T40] audit: type=1400 audit(1776283891.184:2081): avc:  denied  { listen } for  pid=15874 comm="syz.0.2791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  275.268059][T15876] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  275.286148][   T40] audit: type=1400 audit(1776283891.204:2082): avc:  denied  { create } for  pid=15874 comm="syz.0.2791" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  275.292852][   T40] audit: type=1400 audit(1776283891.204:2083): avc:  denied  { unlink } for  pid=15874 comm="syz.0.2791" name="file0" dev="tmpfs" ino=3184 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  275.340619][T15783] 8021q: adding VLAN 0 to HW filter on device bond0
[  275.351713][T15783] 8021q: adding VLAN 0 to HW filter on device team0
[  275.357301][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.360324][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  275.379981][ T7542] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.382665][ T7542] bridge0: port 2(bridge_slave_1) entered forwarding state
[  275.405730][ T7543] hsr_slave_0: left promiscuous mode
[  275.407998][ T7543] hsr_slave_1: left promiscuous mode
[  275.413541][ T7543] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.416208][ T7543] batman_adv: batadv0: Removing interface: batadv_slave_0
[  275.424848][ T7543] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.427447][ T7543] batman_adv: batadv0: Removing interface: batadv_slave_1
[  275.435548][ T7543] veth1_macvtap: left promiscuous mode
[  275.437416][ T7543] veth0_macvtap: left promiscuous mode
[  275.439202][ T7543] veth1_vlan: left promiscuous mode
[  275.440858][ T7543] veth0_vlan: left promiscuous mode
[  275.470514][T15897] program syz.3.2793 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  275.571737][ T7543] team0 (unregistering): Port device team_slave_1 removed
[  275.581371][ T7543] team0 (unregistering): Port device team_slave_0 removed
[  275.811338][T15917] syz_tun: entered allmulticast mode
[  275.839123][T15783] 8021q: adding VLAN 0 to HW filter on device batadv0
[  275.992855][T15783] veth0_vlan: entered promiscuous mode
[  275.998787][T15783] veth1_vlan: entered promiscuous mode
[  276.018010][T15783] veth0_macvtap: entered promiscuous mode
[  276.022095][T15783] veth1_macvtap: entered promiscuous mode
[  276.031931][T15783] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.036625][T15783] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.046630][ T1184] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.049858][ T1184] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.054325][ T1184] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.057564][ T1184] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.084509][ T5937] Bluetooth: hci0: command tx timeout
[  276.085332][ T5933] Bluetooth: hci2: command tx timeout
[  276.148459][T15935] syzkaller0: entered promiscuous mode
[  276.150914][T15935] syzkaller0: entered allmulticast mode
[  276.527304][T15904] syz_tun: left allmulticast mode
[  277.293106][T15951] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  278.171563][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x8000000f
[  278.174154][ T5933] Bluetooth: hci0: command tx timeout
[  278.178977][ T5937] Bluetooth: hci2: command tx timeout
[  278.179533][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x800000b8
[  278.186753][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x80000028
[  278.190427][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x80000078
[  278.195905][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x80000068
[  278.201563][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x80000038
[  278.206965][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x800000a8
[  278.212033][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x800000f8
[  278.217366][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x800000e8
[  278.221753][T15953] kvm: kvm [15952]: vcpu0, guest rIP: 0x912e Unhandled WRMSR(0xc0010000) = 0x800000b8
[  278.377736][T15956] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2804'.
[  278.381738][T15956] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2804'.
[  278.474369][T15959] netlink: 'syz.0.2805': attribute type 2 has an invalid length.
[  278.691847][T15905] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  278.770066][ T7543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.778598][ T7543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.813138][ T7543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.820629][ T7543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.834623][   T40] audit: type=1400 audit(1776283894.744:2084): avc:  denied  { mount } for  pid=15783 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  278.873137][T15978] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=15978 comm=syz.2.2811
[  278.999100][T16002] netlink: 'syz.0.2815': attribute type 1 has an invalid length.
[  279.050511][T16008] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2818'.
[  279.058984][T16002] bond11: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  279.062937][T16002] bond11: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  279.071128][T16002] bond11: (slave ip6gre1): making interface the new active one
[  279.074365][T16002] bond11: (slave ip6gre1): Enslaving as an active interface with an up link
[  279.082987][   T40] audit: type=1804 audit(1776283894.994:2085): pid=16008 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.2818" name="file1" dev="ramfs" ino=65175 res=1 errno=0
[  279.094574][   T40] audit: type=1400 audit(1776283895.004:2086): avc:  denied  { execute } for  pid=16007 comm="syz.2.2818" path="/file1" dev="ramfs" ino=65175 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  279.165766][T16026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2822'.
[  279.168665][T16026] net_ratelimit: 31 callbacks suppressed
[  279.168677][T16026] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  279.218283][ T5937] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  279.222511][ T5937] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  279.236570][ T5937] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  279.246250][ T5937] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  279.249468][ T5937] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  279.256252][T16032] netlink: 'syz.2.2823': attribute type 1 has an invalid length.
[  279.290904][T16032] 8021q: adding VLAN 0 to HW filter on device bond4
[  279.304452][T16032] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2823'.
[  279.419813][T16029] chnl_net:caif_netlink_parms(): no params data found
[  279.518292][T16029] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.520685][T16029] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.523049][T16029] bridge_slave_0: entered allmulticast mode
[  279.533066][T16029] bridge_slave_0: entered promiscuous mode
[  279.536922][T16029] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.539724][T16029] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.542444][T16029] bridge_slave_1: entered allmulticast mode
[  279.547344][T16029] bridge_slave_1: entered promiscuous mode
[  279.564444][T16029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  279.569701][T16029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  279.587213][T16029] team0: Port device team_slave_0 added
[  279.590724][T16029] team0: Port device team_slave_1 added
[  279.608551][T16029] batman_adv: batadv0: Adding interface: batadv_slave_0
[  279.611761][T16029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  279.612446][T16068] netlink: 384 bytes leftover after parsing attributes in process `syz.3.2830'.
[  279.621424][T16029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  279.622475][T16029] batman_adv: batadv0: Adding interface: batadv_slave_1
[  279.631132][T16029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  279.640297][T16029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  279.663750][T16070] netlink: 'syz.6.2831': attribute type 1 has an invalid length.
[  279.695271][T16073] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2832'.
[  279.752517][T16029] hsr_slave_0: entered promiscuous mode
[  279.764866][T16029] hsr_slave_1: entered promiscuous mode
[  279.768242][T16029] debugfs: 'hsr0' already exists in 'hsr'
[  279.770850][T16029] Cannot create hsr debugfs directory
[  279.814339][T16079] 8021q: VLANs not supported on vcan0
[  279.953272][T16029] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  279.957741][T16029] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  279.993432][T16098] program syz.2.2839 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  279.997183][T16098] ata1.00: non-matching transfer count (32/0)
[  280.001072][T16098] program syz.2.2839 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  280.004517][T16098] ata1.00: non-matching transfer count (32/0)
[  280.045847][T16104] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56290 sclass=netlink_route_socket pid=16104 comm=syz.2.2840
[  280.051566][T16103] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56290 sclass=netlink_route_socket pid=16103 comm=syz.2.2840
[  280.076437][T16029] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  280.080844][T16029] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.137819][T16108] EXT4-fs (sr0): unable to read superblock
[  280.142099][   T40] audit: type=1400 audit(1776283896.054:2087): avc:  denied  { execute } for  pid=16109 comm="syz.3.2842" path="pipe:[68210]" dev="pipefs" ino=68210 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  280.177081][T16116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2843'.
[  280.177633][T16117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2843'.
[  280.190024][T16029] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  280.194792][T16029] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.213424][ T6003] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[  280.253462][ T5937] Bluetooth: hci0: command tx timeout
[  280.282582][T16029] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  280.286826][T16029] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  280.371602][ T6003] usb 11-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  280.375820][ T6003] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  280.379530][ T6003] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  280.382705][ T6003] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  280.387033][ T6003] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  280.387575][T16128] syzkaller0: entered promiscuous mode
[  280.390685][ T6003] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.392630][T16128] syzkaller0: entered allmulticast mode
[  280.401573][ T6003] usb 11-1: config 0 descriptor??
[  280.447703][T16029] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  280.456130][T16029] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  280.462307][T16029] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  280.468465][T16029] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  280.538427][T16029] 8021q: adding VLAN 0 to HW filter on device bond0
[  280.547860][T16029] 8021q: adding VLAN 0 to HW filter on device team0
[  280.558924][   T40] audit: type=1400 audit(1776283896.474:2088): avc:  denied  { mount } for  pid=16151 comm="syz.2.2852" name="/" dev="pstore" ino=4919 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  280.559151][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[  280.566666][   T40] audit: type=1400 audit(1776283896.484:2089): avc:  denied  { remount } for  pid=16151 comm="syz.2.2852" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  280.568467][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  280.580581][T16153] netlink: 'syz.2.2852': attribute type 1 has an invalid length.
[  280.588199][T16153] netlink: 'syz.2.2852': attribute type 2 has an invalid length.
[  280.601440][   T40] audit: type=1400 audit(1776283896.514:2090): avc:  denied  { unmount } for  pid=12567 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  280.651480][T16157] overlayfs: regular lower layers cannot follow data lower layers
[  280.817222][ T6003] plantronics 0003:047F:FFFF.0006: ignoring exceeding usage max
[  280.862423][ T6003] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  281.284072][ T5937] Bluetooth: hci3: command tx timeout
[  282.104066][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.107373][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.191441][T16169] netlink: zone id is out of range
[  282.193142][T16169] netlink: zone id is out of range
[  282.196075][T16169] netlink: zone id is out of range
[  282.197912][T16169] netlink: zone id is out of range
[  282.199750][T16169] netlink: get zone limit has 4 unknown bytes
[  282.275388][T16029] 8021q: adding VLAN 0 to HW filter on device batadv0
[  282.295567][T16182] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256
[  282.297928][T16029] veth0_vlan: entered promiscuous mode
[  282.299309][T16182] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512
[  282.305167][T16182] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found
[  282.308420][T16182] UDF-fs: Scanning with blocksize 2048 failed
[  282.308531][T16029] veth1_vlan: entered promiscuous mode
[  282.323684][ T5937] Bluetooth: hci0: command tx timeout
[  282.331157][T16029] veth0_macvtap: entered promiscuous mode
[  282.336907][T16029] veth1_macvtap: entered promiscuous mode
[  282.346509][T16029] batman_adv: batadv0: Interface activated: batadv_slave_0
[  282.354894][T16182] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256
[  282.356221][T16029] batman_adv: batadv0: Interface activated: batadv_slave_1
[  282.358973][T16182] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512
[  282.366222][T16182] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found
[  282.366277][ T7534] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  282.369328][T16182] UDF-fs: Scanning with blocksize 4096 failed
[  282.374910][T16182] UDF-fs: warning (device sr0): udf_fill_super: No partition found (1)
[  282.384192][ T7534] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  282.387161][ T7534] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  282.389869][ T7534] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  282.446208][  T156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.451902][  T156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.472721][ T7540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.487392][ T7540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.569584][T16210] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  282.573504][T16210] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  282.573845][   T40] audit: type=1400 audit(1776283898.494:2091): avc:  denied  { map } for  pid=16211 comm="syz.0.2866" path="socket:[68402]" dev="sockfs" ino=68402 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  282.677963][T16219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  282.774592][T16232] bridge0: port 1(bridge_slave_0) entered forwarding state
[  282.908512][   T53] usb 11-1: USB disconnect, device number 2
[  282.930895][T16239] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2875'.
[  282.936288][T16239] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2875'.
[  282.939255][T16239] hsr_slave_0: left promiscuous mode
[  282.942246][T16239] hsr_slave_1: left promiscuous mode
[  283.030113][T16252] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2879'.
[  283.034552][ T6212] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  283.039135][T16252] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2879'.
[  283.127082][   T40] audit: type=1400 audit(1776283899.044:2092): avc:  denied  { setopt } for  pid=16255 comm="syz.6.2881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  283.184037][ T6212] usb 8-1: Using ep0 maxpacket: 16
[  283.187770][ T6212] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[  283.190741][ T6212] usb 8-1: config 0 has no interface number 0
[  283.196220][ T6212] usb 8-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  283.199785][ T6212] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.202670][ T6212] usb 8-1: Product: syz
[  283.204720][ T6212] usb 8-1: Manufacturer: syz
[  283.206628][ T6212] usb 8-1: SerialNumber: syz
[  283.210151][ T6212] usb 8-1: config 0 descriptor??
[  283.215711][ T6212] hub 8-1:0.132: bad descriptor, ignoring hub
[  283.217806][ T6212] hub 8-1:0.132: probe with driver hub failed with error -5
[  283.222245][ T6212] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.132/input/input30
[  283.364321][ T5937] Bluetooth: hci3: command tx timeout
[  283.391301][ T7540] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  283.399435][T16273] netdevsim netdevsim0 ŞŞŞŞŞŞ¨C4ï¤\Ş: renamed from netdevsim0 (while UP)
[  283.442650][T16282] tmpfs: Bad value for 'mpol'
[  283.464923][   T40] audit: type=1400 audit(1776283899.384:2093): avc:  denied  { write } for  pid=16283 comm="syz.6.2887" path="socket:[69110]" dev="sockfs" ino=69110 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  283.542568][T16300] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=16300 comm=syz.0.2893
[  283.676072][   T53] usb 8-1: USB disconnect, device number 26
[  283.826079][T16310] sp0: Synchronizing with TNC
[  283.836292][T16310] openvswitch: netlink: Flow actions attr not present in new flow.
[  283.839812][T16309] [U] è
[  283.939845][T16313] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  284.042861][T16319] ipvlan2: entered allmulticast mode
[  284.047754][T16319] batadv_slave_1: entered allmulticast mode
[  284.304044][T16321] __nla_validate_parse: 2 callbacks suppressed
[  284.304061][T16321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2899'.
[  284.398658][T16326] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.402089][T16326] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.482234][T16334] IPVS: Unknown mcast interface: pimreg0
[  284.482315][T16335] x_tables: duplicate underflow at hook 1
[  284.532023][T16339] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2903'.
[  284.581024][ T5991] libceph: connect (1)[c::]:6789 error -101
[  284.584503][ T5991] libceph: mon0 (1)[c::]:6789 connect error
[  284.651790][T16348] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2905'.
[  284.843860][ T5991] libceph: connect (1)[c::]:6789 error -101
[  284.847480][ T5991] libceph: mon0 (1)[c::]:6789 connect error
[  285.056824][T16378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2913'.
[  285.103431][T16380] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2914'.
[  285.112847][   T40] audit: type=1400 audit(1776283901.024:2094): avc:  denied  { listen } for  pid=16379 comm="syz.6.2914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  285.175912][T16390] 9pnet_fd: p9_fd_create_unix (16390): problem connecting socket: ./file0: -30
[  285.224908][T16392] netlink: 'syz.0.2918': attribute type 3 has an invalid length.
[  285.227500][T16392] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2918'.
[  285.290483][T16394] debugfs: '1ùà^!' already exists in 'ieee80211'
[  285.314463][T16394] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!'
[  285.317278][T16394] CPU: 0 UID: 0 PID: 16394 Comm: syz.0.2919 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  285.317299][T16394] Tainted: [L]=SOFTLOCKUP
[  285.317304][T16394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  285.317312][T16394] Call Trace:
[  285.317317][T16394]  <TASK>
[  285.317323][T16394]  dump_stack_lvl+0x100/0x190
[  285.317360][T16394]  sysfs_warn_dup.cold+0x1c/0x28
[  285.317380][T16394]  sysfs_do_create_link_sd+0x113/0x140
[  285.317400][T16394]  sysfs_create_link+0x61/0xc0
[  285.317411][T16394]  device_add+0x675/0x1950
[  285.317430][T16394]  ? __pfx_device_add+0x10/0x10
[  285.317442][T16394]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  285.317462][T16394]  ? ieee80211_set_bitrate_flags+0x41b/0x6b0
[  285.317514][T16394]  wiphy_register+0x1e5b/0x2d30
[  285.317527][T16394]  ? __rtnl_unlock+0xb9/0xf0
[  285.317570][T16394]  ? netdev_run_todo+0x760/0x12c0
[  285.317613][T16394]  ? __pfx_wiphy_register+0x10/0x10
[  285.317627][T16394]  ? __asan_memset+0x23/0x50
[  285.317645][T16394]  ? minstrel_ht_alloc+0x5e6/0x7f0
[  285.317688][T16394]  ieee80211_register_hw+0x2cfd/0x4140
[  285.317745][T16394]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  285.317760][T16394]  ? __pfx___debug_object_init+0x10/0x10
[  285.317782][T16394]  ? find_held_lock+0x2b/0x80
[  285.317800][T16394]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  285.317819][T16394]  ? __hrtimer_setup+0x178/0x280
[  285.317832][T16394]  mac80211_hwsim_new_radio+0x2847/0x57d0
[  285.317862][T16394]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  285.317881][T16394]  ? __asan_memcpy+0x3c/0x60
[  285.317898][T16394]  hwsim_new_radio_nl+0xc1f/0x1340
[  285.317917][T16394]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  285.317939][T16394]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280
[  285.317981][T16394]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280
[  285.317998][T16394]  genl_family_rcv_msg_doit+0x214/0x300
[  285.318014][T16394]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  285.318033][T16394]  ? bpf_lsm_capable+0x9/0x10
[  285.318046][T16394]  ? security_capable+0x80/0x260
[  285.318063][T16394]  ? ns_capable+0xd2/0xf0
[  285.318081][T16394]  genl_rcv_msg+0x560/0x800
[  285.318096][T16394]  ? __pfx_genl_rcv_msg+0x10/0x10
[  285.318109][T16394]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  285.318133][T16394]  netlink_rcv_skb+0x159/0x420
[  285.318151][T16394]  ? __pfx_genl_rcv_msg+0x10/0x10
[  285.318163][T16394]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  285.318187][T16394]  ? netlink_deliver_tap+0x1ae/0xcc0
[  285.318205][T16394]  genl_rcv+0x28/0x40
[  285.318215][T16394]  netlink_unicast+0x5aa/0x870
[  285.318235][T16394]  ? __pfx_netlink_unicast+0x10/0x10
[  285.318258][T16394]  netlink_sendmsg+0x8b0/0xda0
[  285.318277][T16394]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.318294][T16394]  ? __might_fault+0x50/0x140
[  285.318315][T16394]  ____sys_sendmsg+0x9e1/0xb70
[  285.318326][T16394]  ? __pfx_netlink_sendmsg+0x10/0x10
[  285.318344][T16394]  ? __pfx_____sys_sendmsg+0x10/0x10
[  285.318358][T16394]  ? __pfx_futex_wake_mark+0x10/0x10
[  285.318375][T16394]  ___sys_sendmsg+0x190/0x1e0
[  285.318389][T16394]  ? __pfx____sys_sendmsg+0x10/0x10
[  285.318419][T16394]  __sys_sendmsg+0x170/0x220
[  285.318435][T16394]  ? __pfx___sys_sendmsg+0x10/0x10
[  285.318449][T16394]  ? __x64_sys_futex+0x34f/0x4d0
[  285.318469][T16394]  do_syscall_64+0x106/0xf80
[  285.318509][T16394]  ? clear_bhb_loop+0x40/0x90
[  285.318525][T16394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.318538][T16394] RIP: 0033:0x7fe6f7f9c819
[  285.318551][T16394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  285.318563][T16394] RSP: 002b:00007fe6f8eec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  285.318577][T16394] RAX: ffffffffffffffda RBX: 00007fe6f8215fa0 RCX: 00007fe6f7f9c819
[  285.318585][T16394] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000008
[  285.318592][T16394] RBP: 00007fe6f8032c91 R08: 0000000000000000 R09: 0000000000000000
[  285.318598][T16394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  285.318604][T16394] R13: 00007fe6f8216038 R14: 00007fe6f8215fa0 R15: 00007ffe55d16108
[  285.318619][T16394]  </TASK>
[  285.354477][T15674] libceph: connect (1)[c::]:6789 error -101
[  285.354644][T15674] libceph: mon0 (1)[c::]:6789 connect error
[  285.365917][T16339] ceph: No mds server is up or the cluster is laggy
[  285.415279][    T9] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  285.436074][T16396] input: syz0 as /devices/virtual/input/input31
[  285.453819][ T5937] Bluetooth: hci3: command tx timeout
[  285.465730][T16398] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2921'.
[  285.597505][    T9] usb 11-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  285.600812][    T9] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.614238][    T9] usb 11-1: Product: syz
[  285.615902][    T9] usb 11-1: Manufacturer: syz
[  285.618246][    T9] usb 11-1: SerialNumber: syz
[  285.635923][    T9] usb 11-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  285.654959][    T9] usb 11-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  285.818757][T16423] syzkaller0: entered promiscuous mode
[  285.820652][T16423] syzkaller0: entered allmulticast mode
[  285.828048][T16423] blk_print_req_error: 56 callbacks suppressed
[  285.828062][T16423] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.833832][T16423] buffer_io_error: 54 callbacks suppressed
[  285.833844][T16423] Buffer I/O error on dev nbd0, logical block 0, async page read
[  285.838195][T16423] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.841212][T16423] Buffer I/O error on dev nbd0, logical block 1, async page read
[  285.844239][T16423] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.847935][T16423] Buffer I/O error on dev nbd0, logical block 2, async page read
[  285.850907][T16423] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.855829][T16423] Buffer I/O error on dev nbd0, logical block 3, async page read
[  285.859612][T16423] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.863254][T16423] Buffer I/O error on dev nbd0, logical block 0, async page read
[  285.867217][T16423] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.870648][T16423] Buffer I/O error on dev nbd0, logical block 1, async page read
[  285.870650][T16426] sctp: [Deprecated]: syz.3.2928 (pid 16426) Use of int in max_burst socket option deprecated.
[  285.870650][T16426] Use struct sctp_assoc_value instead
[  285.873130][T16423] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.882225][T16423] Buffer I/O error on dev nbd0, logical block 2, async page read
[  285.885563][T16423] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.888983][T16423] Buffer I/O error on dev nbd0, logical block 3, async page read
[  285.891682][T16423] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.895183][T16423] Buffer I/O error on dev nbd0, logical block 0, async page read
[  285.898646][T16423] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  285.902332][T16423] Buffer I/O error on dev nbd0, logical block 1, async page read
[  285.906817][T16423] ldm_validate_partition_table(): Disk read failed.
[  285.909380][T16423] Dev nbd0: unable to read RDB block 0
[  285.911522][T16423]  nbd0: unable to read partition table
[  286.063686][   T40] audit: type=1400 audit(1776283901.984:2095): avc:  denied  { shutdown } for  pid=16388 comm="syz.6.2917" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  286.080253][T16437] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  286.090494][   T40] audit: type=1800 audit(1776283902.004:2096): pid=16389 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2917" name="bus" dev="overlay" ino=120 res=0 errno=0
[  286.098338][   T40] audit: type=1800 audit(1776283902.004:2097): pid=16440 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2917" name="bus" dev="overlay" ino=120 res=0 errno=0
[  286.113422][    C0] usb 11-1: ath: unknown panic pattern!
[  286.203414][   T72] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  286.233254][T16443] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[  286.321648][   T39] usb 11-1: USB disconnect, device number 3
[  286.355465][   T72] usb 8-1: config 1 has an invalid interface number: 7 but max is 0
[  286.358884][   T72] usb 8-1: config 1 has no interface number 0
[  286.360973][   T72] usb 8-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  286.365296][   T72] usb 8-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  286.369427][   T72] usb 8-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.375628][   T72] usb 8-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  286.378943][   T72] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.382604][   T72] usb 8-1: Product: syz
[  286.384625][   T72] usb 8-1: Manufacturer: syz
[  286.386485][   T72] usb 8-1: SerialNumber: syz
[  286.393484][T16433] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  286.535852][T16451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2934'.
[  286.539523][T16451] openvswitch: netlink: Missing key (keys=40, expected=80)
[  286.598843][T16433] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  286.646836][T16463] overlay: ./file1 is not a directory
[  286.740508][T16474] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2940'.
[  286.763205][T16474] bond2: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  286.770683][T16474] bond2 (unregistering): Released all slaves
[  286.808011][   T72] usb 8-1: Incompatible driver and firmware versions
[  286.893454][    T9] usb 11-1: Service connection timeout for: 256
[  286.895905][    T9] ath9k_htc 11-1:1.0: ath9k_htc: Unable to initialize HTC services
[  286.900428][    T9] ath9k_htc: Failed to initialize the device
[  286.934253][   T39] usb 11-1: ath9k_htc: USB layer deinitialized
[  286.960045][T16495] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2945'.
[  286.986681][T16499] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  287.009862][   T72] usb 8-1: USB disconnect, device number 27
[  287.257481][T16487] syz.0.2943 (16487): drop_caches: 1
[  287.293089][T16487] syz.0.2943 (16487): drop_caches: 1
[  287.524001][ T5937] Bluetooth: hci3: command tx timeout
[  287.550226][T16518] overlayfs: missing 'lowerdir'
[  287.573818][T16520] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  287.577263][T16520] IPv6: NLM_F_CREATE should be set when creating new route
[  287.580035][T16520] IPv6: NLM_F_CREATE should be set when creating new route
[  287.582914][T16520] IPv6: NLM_F_CREATE should be set when creating new route
[  287.593955][T16520] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  287.761753][T16533] 9pnet: Found fid 0 not clunked
[  288.120646][T16561] overlay: Unknown parameter 'fsmagic'
[  288.176772][T16563] netlink: 'syz.6.2968': attribute type 8 has an invalid length.
[  288.199262][ T5991] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  288.343416][ T5991] usb 8-1: device descriptor read/64, error -71
[  288.400707][T16572] : entered promiscuous mode
[  288.471445][ T5937] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  288.478961][ T5937] CPU: 0 UID: 0 PID: 5937 Comm: kworker/u33:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  288.478994][ T5937] Tainted: [L]=SOFTLOCKUP
[  288.479000][ T5937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  288.479012][ T5937] Workqueue: hci0 hci_rx_work
[  288.479078][ T5937] Call Trace:
[  288.479086][ T5937]  <TASK>
[  288.479093][ T5937]  dump_stack_lvl+0x100/0x190
[  288.479126][ T5937]  sysfs_warn_dup.cold+0x1c/0x28
[  288.479151][ T5937]  sysfs_create_dir_ns+0x24b/0x2b0
[  288.479180][ T5937]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  288.479207][ T5937]  ? find_held_lock+0x2b/0x80
[  288.479229][ T5937]  ? kobject_add_internal+0x25f/0x930
[  288.479279][ T5937]  ? kobject_add_internal+0x25f/0x930
[  288.479302][ T5937]  ? do_raw_spin_unlock+0x145/0x1e0
[  288.479330][ T5937]  kobject_add_internal+0x2c8/0x930
[  288.479354][ T5937]  kobject_add+0x16a/0x1e0
[  288.479373][ T5937]  ? __pfx_kobject_add+0x10/0x10
[  288.479390][ T5937]  ? class_to_subsys+0x10f/0x150
[  288.479415][ T5937]  ? kobject_put+0xb9/0x640
[  288.479431][ T5937]  ? _raw_spin_unlock+0x28/0x50
[  288.479460][ T5937]  device_add+0x294/0x1950
[  288.479479][ T5937]  ? __pfx_dev_set_name+0x10/0x10
[  288.479502][ T5937]  ? __pfx_device_add+0x10/0x10
[  288.479521][ T5937]  ? mgmt_send_event_skb+0x2fb/0x460
[  288.479583][ T5937]  hci_conn_add_sysfs+0x1a3/0x260
[  288.479613][ T5937]  le_conn_complete_evt+0x11eb/0x1f60
[  288.479644][ T5937]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  288.479672][ T5937]  hci_le_conn_complete_evt+0x23c/0x3a0
[  288.479694][ T5937]  ? skb_pull_data+0x15f/0x1e0
[  288.479716][ T5937]  hci_le_meta_evt+0x34a/0x5f0
[  288.479741][ T5937]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  288.479767][ T5937]  hci_event_packet+0x51c/0xcd0
[  288.479789][ T5937]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  288.479813][ T5937]  ? __pfx_hci_event_packet+0x10/0x10
[  288.479837][ T5937]  ? kcov_remote_start+0x374/0x660
[  288.479859][ T5937]  ? lockdep_hardirqs_on+0x78/0x100
[  288.479889][ T5937]  hci_rx_work+0x451/0xfc0
[  288.479920][ T5937]  process_one_work+0xa23/0x19a0
[  288.479952][ T5937]  ? __pfx_process_one_work+0x10/0x10
[  288.479979][ T5937]  ? __pfx_hci_rx_work+0x10/0x10
[  288.480002][ T5937]  worker_thread+0x5ef/0xe50
[  288.480029][ T5937]  ? kthread+0x13a/0x450
[  288.480045][ T5937]  ? __pfx_worker_thread+0x10/0x10
[  288.480062][ T5937]  kthread+0x370/0x450
[  288.480077][ T5937]  ? __pfx_kthread+0x10/0x10
[  288.480095][ T5937]  ret_from_fork+0x754/0xd80
[  288.480115][ T5937]  ? __pfx_ret_from_fork+0x10/0x10
[  288.480135][ T5937]  ? __switch_to+0x7b4/0x1120
[  288.480156][ T5937]  ? __pfx_kthread+0x10/0x10
[  288.480173][ T5937]  ret_from_fork_asm+0x1a/0x30
[  288.480205][ T5937]  </TASK>
[  288.480229][ T5937] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  288.590288][ T5937] Bluetooth: hci0: failed to register connection device
[  288.653513][ T5991] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  288.793393][ T5991] usb 8-1: device descriptor read/64, error -71
[  288.903723][ T5991] usb usb8-port1: attempt power cycle
[  289.029401][T16600] overlayfs: failed to create directory ./file1/work (errno: 1); mounting read-only
[  289.032672][T16600] overlayfs: conflicting lowerdir path
[  289.253447][ T5991] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  289.284631][ T5991] usb 8-1: device descriptor read/8, error -71
[  289.533458][ T5991] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  289.563958][ T5991] usb 8-1: device descriptor read/8, error -71
[  289.673762][ T5991] usb usb8-port1: unable to enumerate USB device
[  289.773766][T16623] nbd1: detected capacity change from 0 to 63
[  289.778640][ T5946] block nbd1: Receive control failed (result -32)
[  289.778661][ T5937] block nbd1: Receive control failed (result -32)
[  289.779845][T13298] block nbd1: Send control failed (result -32)
[  289.784656][ T5933] block nbd1: Receive control failed (result -32)
[  289.803598][T13298] block nbd1: Request send failed, requeueing
[  289.810535][T13298] block nbd1: Dead connection, failed to find a fallback
[  289.814015][   T25] block nbd1: Dead connection, failed to find a fallback
[  289.817763][   T25] block nbd1: shutting down sockets
[  289.830154][T13298] ldm_validate_partition_table(): Disk read failed.
[  289.835548][T13298] Dev nbd1: unable to read RDB block 0
[  289.844122][T13298]  nbd1: unable to read partition table
[  289.879397][T13298] ldm_validate_partition_table(): Disk read failed.
[  289.882084][T13298] Dev nbd1: unable to read RDB block 0
[  289.894220][T16650] binder: 16649:16650 ioctl c0306201 200000000640 returned -22
[  289.899128][T13298]  nbd1: unable to read partition table
[  290.150502][T16666] ntfs3(loop0): try to read out of volume at offset 0x0
[  290.161786][T16666] comedi: valid board names for 8255 driver are:
[  290.165388][T16666]  8255
[  290.166771][T16666] comedi: valid board names for vmk80xx driver are:
[  290.169696][T16666]  vmk80xx
[  290.171087][T16666] comedi: valid board names for usbduxsigma driver are:
[  290.179188][T16666]  usbduxsigma
[  290.180748][T16666] comedi: valid board names for usbduxfast driver are:
[  290.183911][T16666]  usbduxfast
[  290.185410][T16666] comedi: valid board names for usbdux driver are:
[  290.188406][T16666]  usbdux
[  290.189797][T16666] comedi: valid board names for ni6501 driver are:
[  290.192758][T16666]  ni6501
[  290.194467][T16666] comedi: valid board names for dt9812 driver are:
[  290.197353][T16666]  dt9812
[  290.199124][T16666] comedi: valid board names for ni_labpc_cs driver are:
[  290.202141][T16666]  ni_labpc_cs
[  290.203944][T16666] comedi: valid board names for ni_daq_700 driver are:
[  290.206931][T16666]  ni_daq_700
[  290.208531][T16666] comedi: valid board names for labpc_pci driver are:
[  290.212167][T16666]  labpc_pci
[  290.214377][T16666] comedi: valid board names for adl_pci9118 driver are:
[  290.217365][T16666]  pci9118dg
[  290.218787][T16666]  pci9118hg
[  290.220224][T16666]  pci9118hr
[  290.221659][T16666] comedi: valid board names for 8255_pci driver are:
[  290.226515][T16666]  8255_pci
[  290.227940][T16666] comedi: valid board names for s526 driver are:
[  290.230199][T16666]  s526
[  290.231131][T16666] comedi: valid board names for multiq3 driver are:
[  290.233740][T16666]  multiq3
[  290.234838][T16666] comedi: valid board names for pcmuio driver are:
[  290.237226][T16666]  pcmuio48
[  290.238272][T16666]  pcmuio96
[  290.239549][T16666] comedi: valid board names for pcmmio driver are:
[  290.242293][T16666]  pcmmio
[  290.245138][T16666] comedi: valid board names for pcmda12 driver are:
[  290.247657][T16666]  pcmda12
[  290.248930][T16666] comedi: valid board names for pcmad driver are:
[  290.251512][T16666]  pcmad12
[  290.252867][T16666]  pcmad16
[  290.254787][T16666] comedi: valid board names for ni_labpc driver are:
[  290.257659][T16666]  lab-pc-1200
[  290.259153][T16666]  lab-pc-1200ai
[  290.260347][T16666]  lab-pc+
[  290.261379][T16666] comedi: valid board names for atmio16 driver are:
[  290.265032][T16666]  atmio16
[  290.266116][T16666]  atmio16d
[  290.267244][T16666] comedi: valid board names for ni_at_ao driver are:
[  290.269615][T16666]  at-ao-6
[  290.270690][T16666]  at-ao-10
[  290.271775][T16666] comedi: valid board names for ni_at_a2150 driver are:
[  290.274742][T16666]  ni_at_a2150
[  290.275936][T16666] comedi: valid board names for adq12b driver are:
[  290.278048][T16666]  adq12b
[  290.279038][T16666] comedi: valid board names for mpc624 driver are:
[  290.281267][T16666]  mpc624
[  290.282308][T16666] comedi: valid board names for c6xdigio driver are:
[  290.285075][T16666]  c6xdigio
[  290.286203][T16666] comedi: valid board names for aio_iiro_16 driver are:
[  290.288515][T16666]  aio_iiro_16
[  290.289634][T16666] comedi: valid board names for aio_aio12_8 driver are:
[  290.291935][T16666]  aio_aio12_8
[  290.293119][T16666]  aio_ai12_8
[  290.294922][T16666]  aio_ao12_4
[  290.296098][T16666] comedi: valid board names for fl512 driver are:
[  290.298328][T16666]  fl512
[  290.299336][T16666] comedi: valid board names for dmm32at driver are:
[  290.301461][T16666]  dmm32at
[  290.305081][T16666] comedi: valid board names for dt282x driver are:
[  290.307294][T16666]  dt2821
[  290.308385][T16666]  dt2821-f
[  290.309774][T16666]  dt2821-g
[  290.310892][T16666]  dt2823
[  290.311881][T16666]  dt2824-pgh
[  290.313101][T16666]  dt2824-pgl
[  290.314564][T16666]  dt2825
[  290.315546][T16666]  dt2827
[  290.316529][T16666]  dt2828
[  290.317537][T16666]  dt2829
[  290.318507][T16666]  dt21-ez
[  290.319519][T16666]  dt23-ez
[  290.320553][T16666]  dt24-ez
[  290.321634][T16666]  dt24-ez-pgl
[  290.322831][T16666] comedi: valid board names for dt2817 driver are:
[  290.325882][T16666]  dt2817
[  290.326914][T16666] comedi: valid board names for dt2815 driver are:
[  290.329381][T16666]  dt2815
[  290.330365][T16666] comedi: valid board names for dt2814 driver are:
[  290.332439][T16666]  dt2814
[  290.333832][T16666] comedi: valid board names for dt2811 driver are:
[  290.336085][T16666]  dt2811-pgh
[  290.337284][T16666]  dt2811-pgl
[  290.338486][T16666] comedi: valid board names for dt2801 driver are:
[  290.340825][T16666]  dt2801
[  290.341900][T16666] comedi: valid board names for das6402 driver are:
[  290.344567][T16666]  das6402-12
[  290.345685][T16666]  das6402-16
[  290.346876][T16666] comedi: valid board names for das1800 driver are:
[  290.349040][T16666]  das-1701st
[  290.350109][T16666]  das-1701st-da
[  290.351267][T16666]  das-1702st
[  290.352418][T16666]  das-1702st-da
[  290.354246][T16666]  das-1702hr
[  290.355537][T16666]  das-1702hr-da
[  290.356830][T16666]  das-1701ao
[  290.358047][T16666]  das-1702ao
[  290.359214][T16666]  das-1801st
[  290.360397][T16666]  das-1801st-da
[  290.361634][T16666]  das-1802st
[  290.362779][T16666]  das-1802st-da
[  290.365219][T16666]  das-1802hr
[  290.366387][T16666]  das-1802hr-da
[  290.367728][T16666]  das-1801hc
[  290.369119][T16666]  das-1802hc
[  290.370466][T16666]  das-1801ao
[  290.371780][T16666]  das-1802ao
[  290.373080][T16666] comedi: valid board names for das800 driver are:
[  290.377444][T16666]  das-800
[  290.378529][T16666]  cio-das800
[  290.379726][T16666]  das-801
[  290.380810][T16666]  cio-das801
[  290.381970][T16666]  das-802
[  290.382986][T16666]  cio-das802
[  290.384892][T16666]  cio-das802/16
[  290.386135][T16666] comedi: valid board names for isa-das08 driver are:
[  290.388385][T16666]  isa-das08
[  290.389501][T16666]  das08-pgm
[  290.390685][T16666]  das08-pgh
[  290.391848][T16666]  das08-pgl
[  290.393105][T16666]  das08-aoh
[  290.394593][T16666]  das08-aol
[  290.396415][T16666]  das08-aom
[  290.397791][T16666]  das08/jr-ao
[  290.399087][T16666]  das08jr-16-ao
[  290.400406][T16666]  pc104-das08
[  290.401624][T16666]  das08jr/16
[  290.402775][T16666] comedi: valid board names for das16m1 driver are:
[  290.406274][T16666]  das16m1
[  290.407561][T16666] comedi: valid board names for dac02 driver are:
[  290.409899][T16666]  dac02
[  290.411022][T16666] comedi: valid board names for rti802 driver are:
[  290.413239][T16666]  rti802
[  290.414857][T16666] comedi: valid board names for rti800 driver are:
[  290.417294][T16666]  rti800
[  290.418504][T16666]  rti815
[  290.419739][T16666] comedi: valid board names for pcm3724 driver are:
[  290.422218][T16666]  pcm3724
[  290.424012][T16666] comedi: valid board names for pcl818 driver are:
[  290.426491][T16666]  pcl818l
[  290.427639][T16666]  pcl818h
[  290.428841][T16666]  pcl818hd
[  290.430108][T16666]  pcl818hg
[  290.431584][T16666]  pcl818
[  290.432583][T16666]  pcl718
[  290.434310][T16666]  pcm3718
[  290.435406][T16666] comedi: valid board names for pcl816 driver are:
[  290.437943][T16666]  pcl816
[  290.439189][T16666]  pcl814b
[  290.440515][T16666] comedi: valid board names for pcl812 driver are:
[  290.443863][T16666]  pcl812
[  290.445220][T16666]  pcl812pg
[  290.446606][T16666]  acl8112pg
[  290.447858][T16666]  acl8112dg
[  290.449031][T16666]  acl8112hg
[  290.450155][T16666]  a821pgl
[  290.451168][T16666]  a821pglnda
[  290.452290][T16666]  a821pgh
[  290.453988][T16666]  a822pgl
[  290.455081][T16666]  a822pgh
[  290.456092][T16666]  a823pgl
[  290.457193][T16666]  a823pgh
[  290.458214][T16666]  pcl813
[  290.459244][T16666]  pcl813b
[  290.460423][T16666]  acl8113
[  290.461572][T16666]  iso813
[  290.462744][T16666]  acl8216
[  290.464984][T16666]  a826pg
[  290.466313][T16666] comedi: valid board names for pcl730 driver are:
[  290.468654][T16666]  pcl730
[  290.469649][T16666]  iso730
[  290.470645][T16666]  acl7130
[  290.471633][T16666]  pcm3730
[  290.472665][T16666]  pcl725
[  290.475762][T16666]  p8r8dio
[  290.476908][T16666]  acl7225b
[  290.477933][T16666]  p16r16dio
[  290.479040][T16666]  pcl733
[  290.480163][T16666]  pcl734
[  290.481285][T16666]  opmm-1616-xt
[  290.482673][T16666]  pearl-mm-p
[  290.487462][T16666]  ir104-pbf
[  290.488583][T16666] comedi: valid board names for pcl726 driver are:
[  290.490747][T16666]  pcl726
[  290.491698][T16666]  pcl727
[  290.492726][T16666]  pcl728
[  290.494971][T16666]  acl6126
[  290.497000][T16666]  acl6128
[  290.498520][T16666] comedi: valid board names for pcl724 driver are:
[  290.501870][T16666]  pcl724
[  290.503714][T16666]  pcl722
[  290.505066][T16666]  pcl731
[  290.506368][T16666]  acl7122
[  290.507737][T16666]  acl7124
[  290.509209][T16666]  pet48dio
[  290.510652][T16666]  pcmio48
[  290.512108][T16666]  onyx-mm-dio
[  290.514306][T16666] comedi: valid board names for pcl711 driver are:
[  290.517011][T16666]  pcl711
[  290.518306][T16666]  pcl711b
[  290.519742][T16666]  acl8112hg
[  290.521213][T16666]  acl8112dg
[  290.522851][T16666] comedi: valid board names for amplc_pc263 driver are:
[  290.527063][T16666]  pc263
[  290.528524][T16666] comedi: valid board names for amplc_pc236 driver are:
[  290.531475][T16666]  pc36at
[  290.533051][T16666] comedi: valid board names for amplc_dio200 driver are:
[  290.536438][T16666]  pc212e
[  290.537880][T16666]  pc214e
[  290.539207][T16666]  pc215e
[  290.540578][T16666]  pc218e
[  290.542122][T16666]  pc272e
[  290.546204][T16666] comedi: valid board names for comedi_parport driver are:
[  290.549460][T16666]  comedi_parport
[  290.551105][T16666] comedi: valid board names for comedi_test driver are:
[  290.554468][T16666]  comedi_test
[  290.556104][T16666] comedi: valid board names for comedi_bond driver are:
[  290.559233][T16666]  comedi_bond
[  290.908369][T16690] NILFS (nullb0): couldn't find nilfs on the device
[  290.964193][   T72] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  290.973025][T16692] comedi comedi0: comedi_config --init_data is deprecated
[  290.998142][T16695] hfsplus: Unknown parameter 'barrier
'
[  290.998546][T16696] hfsplus: Unknown parameter 'barrier
'
[  291.072872][T16703] bond1: ARP target 9.0.0.0 is already present
[  291.078068][T16703] bond1: option arp_ip_target: invalid value (9)
[  291.084922][T16703] bond1 (unregistering): Released all slaves
[  291.113802][   T72] usb 5-1: Using ep0 maxpacket: 8
[  291.116834][   T72] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  291.119558][   T72] usb 5-1: config 0 has no interface number 0
[  291.121669][   T72] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  291.125801][   T72] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  291.130036][   T72] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  291.137913][   T72] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  291.142464][   T72] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  291.146087][   T72] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.151753][   T72] usb 5-1: config 0 descriptor??
[  291.157580][   T72] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  291.356838][T16685] ldusb 5-1:0.55: Write buffer overflow, 2147479232 bytes dropped
[  291.474063][   T72] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[  291.544919][T16719] __nla_validate_parse: 4 callbacks suppressed
[  291.544932][T16719] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3007'.
[  291.624118][   T72] usb 8-1: Using ep0 maxpacket: 8
[  291.627850][   T72] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  291.631068][   T72] usb 8-1: config 0 has no interface number 0
[  291.633294][   T72] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  291.636988][   T72] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  291.640991][   T72] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  291.645106][   T72] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  291.649693][   T72] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  291.652660][   T72] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.663821][   T72] usb 8-1: config 0 descriptor??
[  291.670856][   T72] ldusb 8-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  291.755109][T16722] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3008'.
[  291.921103][T16725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  291.925551][T16725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  291.944003][ T9090] usb 8-1: USB disconnect, device number 32
[  291.951858][ T9090] ldusb 8-1:0.55: LD USB Device #1 now disconnected
[  292.031605][T16738] binder: Unknown parameter 'smackfshat'
[  292.032027][   T40] audit: type=1400 audit(1776283907.944:2098): avc:  denied  { remount } for  pid=16737 comm="syz.6.3011" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  292.081491][T16741] tmpfs: Bad value for 'mpol'
[  292.178231][T16754] input: syz0 as /devices/virtual/input/input32
[  292.418388][T16765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3020'.
[  292.447339][T16765] 8021q: adding VLAN 0 to HW filter on device bond1
[  292.457984][T16768] netlink: 260 bytes leftover after parsing attributes in process `syz.6.3021'.
[  292.460251][T16765] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3020'.
[  292.467339][T16765] netlink: 'syz.3.3020': attribute type 1 has an invalid length.
[  292.470289][T16765] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3020'.
[  292.508444][T16770] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  292.510585][T16770] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  292.513115][T16770] vhci_hcd vhci_hcd.0: Device attached
[  292.515660][   T40] audit: type=1804 audit(1776283908.424:2099): pid=16772 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.6.3023" name="/newroot/50/file1" dev="tmpfs" ino=293 res=1 errno=0
[  292.517226][T16770] [syz.3.] <== rxrpc_preparse_xdr_yfs_rxgk() = -EKEYREJECTED [d9c19884!=bc, 2c,d9c19820]
[  292.577643][T16776] efs: device does not support 512 byte blocks
[  292.580123][T16776] device does not support 512 byte blocks
[  292.580123][T16776] 
[  292.648458][   T40] audit: type=1400 audit(1776283908.564:2100): avc:  denied  { read } for  pid=16769 comm="syz.3.3022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  292.773441][ T9090] usb 44-1: SetAddress Request (2) to port 0
[  292.776839][ T9090] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[  292.835688][T16790] f2fs: Unknown parameter 'grpquota˙O
'
[  292.932218][T16794] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.016278][T16799] netlink: 'syz.6.3032': attribute type 12 has an invalid length.
[  293.195457][T16802] binder: 16800:16802 unknown command 0
[  293.198127][T16802] binder: 16800:16802 ioctl c0306201 200000000080 returned -22
[  293.207790][T16802] binder: 16800:16802 unknown command 0
[  293.209850][T16802] binder: 16800:16802 ioctl c0306201 2000000003c0 returned -22
[  293.213847][T16802] program syz.6.3033 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  293.299251][   T40] audit: type=1400 audit(1776283909.214:2101): avc:  denied  { shutdown } for  pid=16807 comm="syz.2.3035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  293.337986][T16773] vhci_hcd: connection reset by peer
[  293.340107][ T1184] vhci_hcd vhci_hcd.3: stop threads
[  293.342020][ T1184] vhci_hcd vhci_hcd.3: release socket
[  293.344578][ T1184] vhci_hcd vhci_hcd.3: disconnect device
[  293.364873][   T53] usb 5-1: USB disconnect, device number 26
[  293.371404][   T53] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  293.464035][ T6003] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  293.613626][ T6003] usb 11-1: Using ep0 maxpacket: 16
[  293.617093][ T6003] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  293.620665][ T6003] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33863, setting to 1024
[  293.627048][ T6003] usb 11-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  293.630189][ T6003] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.632774][ T6003] usb 11-1: Product: syz
[  293.634242][ T6003] usb 11-1: Manufacturer: syz
[  293.635760][ T6003] usb 11-1: SerialNumber: syz
[  293.638742][ T6003] usb 11-1: config 0 descriptor??
[  293.643257][ T6003] hub 11-1:0.0: bad descriptor, ignoring hub
[  293.645626][ T6003] hub 11-1:0.0: probe with driver hub failed with error -5
[  293.649988][ T6003] input: syz syz as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/input/input33
[  293.686624][T16820] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3038'.
[  294.044831][   T54] usb 11-1: USB disconnect, device number 4
[  294.074017][T16836] 9p: Could not find request transport: tc0000000000004e22
[  294.427434][ T5937] Bluetooth: hci3: Malformed Event: 0x13
[  294.557598][T16851] tmpfs: Unknown parameter 'z'
[  294.677929][T16859] 9p: Bad value for 'wfdno'
[  294.763085][T16864] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  294.868158][T16867] overlayfs: conflicting lowerdir path
[  294.989563][T16870] binder: 16869:16870 ioctl c0306201 0 returned -14
[  295.076754][ T7542] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.195888][ T7542] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.212707][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  295.220121][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  295.223970][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  295.229169][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  295.232380][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  295.285342][ T7542] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  295.308467][T16876] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3058'.
[  295.568620][T16873] chnl_net:caif_netlink_parms(): no params data found
[  295.649072][ T7542] bridge_slave_1: left allmulticast mode
[  295.651040][ T7542] bridge_slave_1: left promiscuous mode
[  295.653277][ T7542] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.658122][   T40] audit: type=1400 audit(1776283911.574:2102): avc:  denied  { read } for  pid=16891 comm="syz.2.3062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  295.658566][ T7542] bridge_slave_0: left allmulticast mode
[  295.667492][ T7542] bridge_slave_0: left promiscuous mode
[  295.669396][ T7542] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.700272][T16897] fuse: Unknown parameter '000000000000000000000030x0000000000000003'
[  295.807603][T16899] Bluetooth: MGMT ver 1.23
[  295.879540][T16905] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3067'.
[  295.937784][   T40] audit: type=1400 audit(1776283911.854:2103): avc:  denied  { create } for  pid=16904 comm="syz.6.3067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  295.945540][   T40] audit: type=1400 audit(1776283911.854:2104): avc:  denied  { write } for  pid=16904 comm="syz.6.3067" path="socket:[73744]" dev="sockfs" ino=73744 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  295.948100][ T7542] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  295.971221][ T7542] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  295.981302][ T7542] bond0 (unregistering): Released all slaves
[  295.989447][ T7542] bond1 (unregistering): Released all slaves
[  296.091310][T16873] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.099432][T16873] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.103265][T16873] bridge_slave_0: entered allmulticast mode
[  296.108552][T16873] bridge_slave_0: entered promiscuous mode
[  296.114835][T16873] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.118090][T16873] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.121883][T16873] bridge_slave_1: entered allmulticast mode
[  296.127381][T16873] bridge_slave_1: entered promiscuous mode
[  296.182793][T16916] IPv4: Oversized IP packet from 127.202.26.0
[  296.232332][T16873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  296.239164][T16873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  296.316857][T16873] team0: Port device team_slave_0 added
[  296.320240][T16873] team0: Port device team_slave_1 added
[  296.382754][T16873] batman_adv: batadv0: Adding interface: batadv_slave_0
[  296.387184][T16873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  296.396929][T16873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  296.439140][T16873] batman_adv: batadv0: Adding interface: batadv_slave_1
[  296.441659][T16873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  296.479474][T16873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  296.542502][T16873] hsr_slave_0: entered promiscuous mode
[  296.549049][T16873] hsr_slave_1: entered promiscuous mode
[  296.552378][T16873] debugfs: 'hsr0' already exists in 'hsr'
[  296.555640][T16873] Cannot create hsr debugfs directory
[  296.583809][T16945] netlink: 'syz.6.3073': attribute type 1 has an invalid length.
[  296.586544][ T7542] hsr_slave_0: left promiscuous mode
[  296.593804][ T7542] hsr_slave_1: left promiscuous mode
[  296.596365][ T7542] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  296.598940][ T7542] batman_adv: batadv0: Removing interface: batadv_slave_0
[  296.602270][ T7542] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  296.605452][ T7542] batman_adv: batadv0: Removing interface: batadv_slave_1
[  296.611318][ T7542] veth1_macvtap: left promiscuous mode
[  296.613463][ T7542] veth0_macvtap: left promiscuous mode
[  296.615637][ T7542] veth1_vlan: left promiscuous mode
[  296.617902][ T7542] veth0_vlan: left promiscuous mode
[  296.875974][ T5937] Bluetooth: hci4: unexpected event for opcode 0x0404
[  296.901479][ T7542] team0 (unregistering): Port device team_slave_1 removed
[  296.919247][ T7542] team0 (unregistering): Port device team_slave_0 removed
[  296.928161][T16960] netlink: 212328 bytes leftover after parsing attributes in process `syz.2.3079'.
[  296.932579][T16961] PM: Enabling pm_trace changes system date and time during resume.
[  296.932579][T16961] PM: Correct system time has to be restored manually after resume.
[  296.933046][T16960] netlink: ct family unspecified
[  296.944892][T16958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3079'.
[  296.980968][T16963] openvswitch: netlink: Message has 24 unknown bytes.
[  297.056477][T16945] 8021q: adding VLAN 0 to HW filter on device bond2
[  297.078987][T16949] bond2: (slave ip6erspan0): making interface the new active one
[  297.084128][T16949] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link
[  297.189455][T16974] netlink: 'syz.2.3083': attribute type 13 has an invalid length.
[  297.201739][   T34] IPVS: starting estimator thread 0...
[  297.209884][   T40] audit: type=1400 audit(1776283913.124:2105): avc:  denied  { write } for  pid=16971 comm="syz.3.3084" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  297.244547][T16979] 9pnet_virtio: no channels available for device syz
[  297.285225][ T5937] Bluetooth: hci1: command tx timeout
[  297.313719][T16977] IPVS: using max 42 ests per chain, 100800 per kthread
[  297.593052][T16873] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  297.606577][T16873] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  297.618800][T16873] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  297.635170][T16873] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  297.665978][T17010] syzkaller0: entered promiscuous mode
[  297.669615][T17010] 0: reclassify loop, rule prio 0, protocol 800
[  297.673152][T17010] netlink: zone id is out of range
[  297.675307][T17010] netlink: zone id is out of range
[  297.677535][T17010] netlink: zone id is out of range
[  297.679962][T17010] netlink: zone id is out of range
[  297.682254][T17010] netlink: zone id is out of range
[  297.771369][T16873] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.811807][T16873] 8021q: adding VLAN 0 to HW filter on device team0
[  297.825168][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.828513][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.834541][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.837769][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.844029][ T9090] usb 44-1: device descriptor read/8, error -110
[  297.981016][T17040] netlink: 'syz.2.3094': attribute type 21 has an invalid length.
[  297.983989][T17040] IPv6: NLM_F_CREATE should be specified when creating new route
[  297.988185][T17040] xt_SECMARK: invalid mode: 2
[  298.113273][T16873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  298.244505][ T9090] usb usb44-port1: attempt power cycle
[  298.319919][T17063] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3096'.
[  298.359536][T16873] veth0_vlan: entered promiscuous mode
[  298.394621][T16873] veth1_vlan: entered promiscuous mode
[  298.429416][T16873] veth0_macvtap: entered promiscuous mode
[  298.436791][T16873] veth1_macvtap: entered promiscuous mode
[  298.456400][T16873] batman_adv: batadv0: Interface activated: batadv_slave_0
[  298.486994][T16873] batman_adv: batadv0: Interface activated: batadv_slave_1
[  298.510024][  T156] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  298.534797][  T156] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  298.538691][  T156] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  298.546456][  T156] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  298.562960][T17076] xt_connbytes: Forcing CT accounting to be enabled
[  298.566437][T17076] xt_CT: You must specify a L4 protocol and not use inversions on it
[  298.595098][T17076] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3102'.
[  298.607671][ T7540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.611250][ T7540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.689634][ T7540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  298.693232][ T7540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  298.768077][T17088] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3106'.
[  298.824785][ T9090] usb usb44-port1: unable to enumerate USB device
[  298.906730][T17105] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3109'.
[  298.911488][T17105] netlink: 'syz.2.3109': attribute type 15 has an invalid length.
[  298.988704][T17108] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3110'.
[  299.182942][ T5937] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  299.260198][ T5937] Bluetooth: hci4: unexpected event for opcode 0x0c24
[  299.364727][ T5937] Bluetooth: hci1: command tx timeout
[  299.366015][T17127] netlink: 'syz.2.3116': attribute type 1 has an invalid length.
[  299.727888][   T40] audit: type=1400 audit(1776283915.644:2106): avc:  denied  { mounton } for  pid=17152 comm="syz.7.3126" path="/sys/kernel/profiling" dev="sysfs" ino=854 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1
[  299.731199][T17154] qnx4: unable to read the superblock
[  299.841180][T17159] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  299.844096][T17159] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  299.848691][T17159] vhci_hcd vhci_hcd.0: Device attached
[  299.940727][T17167] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3130'.
[  299.944078][T17167] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3130'.
[  300.024515][    T9] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  300.093395][    T9] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  300.264912][T17181] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3133'.
[  300.276980][T17188] netlink: 'syz.6.3135': attribute type 13 has an invalid length.
[  300.321594][T17188] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  300.328745][T17188] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  300.500238][T17206] vxfs: WRONG superblock magic 00000000 at 1
[  300.503838][T17206] vxfs: WRONG superblock magic 00000000 at 8
[  300.506150][T17206] vxfs: can't find superblock.
[  300.674976][   T40] audit: type=1400 audit(1776283916.594:2107): avc:  denied  { unmount } for  pid=17213 comm="syz.7.3144" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  300.752342][T17217] 9pnet_virtio: no channels available for device syz
[  300.764162][   T40] audit: type=1400 audit(1776283916.684:2108): avc:  denied  { create } for  pid=17216 comm="syz.7.3145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  300.771029][   T40] audit: type=1400 audit(1776283916.684:2109): avc:  denied  { getopt } for  pid=17216 comm="syz.7.3145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  300.776155][T17211] 9pnet_virtio: no channels available for device syz
[  300.882214][   T40] audit: type=1400 audit(1776283916.794:2110): avc:  denied  { listen } for  pid=17222 comm="syz.3.3146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  300.884076][T17223] netlink: 'syz.3.3146': attribute type 10 has an invalid length.
[  300.897315][T17225] : entered promiscuous mode
[  300.899210][T17223] macvlan0: entered allmulticast mode
[  300.902123][T17223] veth1_vlan: entered allmulticast mode
[  300.909952][T17223] team0: Port device macvlan0 added
[  300.947622][   T40] audit: type=1400 audit(1776283916.864:2111): avc:  denied  { create } for  pid=17228 comm="syz.7.3148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  300.954198][   T40] audit: type=1400 audit(1776283916.864:2112): avc:  denied  { bind } for  pid=17228 comm="syz.7.3148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  300.961521][   T40] audit: type=1400 audit(1776283916.864:2113): avc:  denied  { setopt } for  pid=17228 comm="syz.7.3148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  301.009338][T17234] netlink: 'syz.6.3149': attribute type 11 has an invalid length.
[  301.011850][T17234] netlink: 'syz.6.3149': attribute type 7 has an invalid length.
[  301.137699][T17244] syzkaller0: entered promiscuous mode
[  301.140090][T17244] syzkaller0: entered allmulticast mode
[  301.257076][T17251] syzkaller0: entered promiscuous mode
[  301.259343][T17251] syzkaller0: entered allmulticast mode
[  301.443549][ T5937] Bluetooth: hci1: command tx timeout
[  302.193463][   T40] audit: type=1400 audit(1776283918.104:2114): avc:  denied  { write } for  pid=17262 comm="syz.7.3156" path="socket:[76195]" dev="sockfs" ino=76195 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  302.961899][T17164] vhci_hcd: connection reset by peer
[  302.964386][ T7534] vhci_hcd vhci_hcd.2: stop threads
[  302.966091][ T7534] vhci_hcd vhci_hcd.2: release socket
[  302.974378][ T7534] vhci_hcd vhci_hcd.2: disconnect device
[  303.343164][T17278] net_ratelimit: 339 callbacks suppressed
[  303.343179][T17278] netlink: del zone limit has 4 unknown bytes
[  303.443515][   T40] audit: type=1400 audit(1776283919.354:2115): avc:  denied  { mounton } for  pid=17283 comm="syz.7.3163" path="/" dev="autofs" ino=74354 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  303.470250][T17290] __nla_validate_parse: 2 callbacks suppressed
[  303.470261][T17290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3165'.
[  303.523623][ T5937] Bluetooth: hci1: command tx timeout
[  304.442094][T17326] 9p: Unknown access argument 18446744073709551615: -34
[  304.509890][T17332] netlink: 4456 bytes leftover after parsing attributes in process `syz.3.3179'.
[  304.521424][T17332] 9p: Bad value for 'port'
[  304.630946][   T40] audit: type=1400 audit(1776283920.544:2116): avc:  denied  { setopt } for  pid=17334 comm="syz.3.3180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  304.727751][T17342] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  304.733751][   T40] audit: type=1400 audit(1776283920.644:2117): avc:  denied  { listen } for  pid=17338 comm="syz.6.3181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  304.741993][T17342] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  304.749692][   T40] audit: type=1400 audit(1776283920.664:2118): avc:  denied  { firmware_load } for  pid=17340 comm="syz.3.3182" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  304.754808][T17342] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  304.960660][T17354] netlink: 212328 bytes leftover after parsing attributes in process `syz.6.3186'.
[  304.968439][T17354] netlink: Conntrack attr has 4 unknown bytes
[  305.051200][T17365] SELinux:  policydb version -973453028 does not match my version range 15-35
[  305.055651][T17365] SELinux: failed to load policy
[  305.067751][T17365] SELinux:  policydb string length 1919181576 does not match expected length 8
[  305.071573][T17365] SELinux: failed to load policy
[  305.105698][T17367] wg1: entered promiscuous mode
[  305.107933][T17367] wg1: entered allmulticast mode
[  305.122862][   T40] audit: type=1400 audit(1776283921.034:2119): avc:  denied  { read } for  pid=17366 comm="syz.3.3191" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  305.132141][   T40] audit: type=1400 audit(1776283921.034:2120): avc:  denied  { open } for  pid=17366 comm="syz.3.3191" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  305.169049][T17369] fuse: Bad value for 'fd'
[  305.183275][T17369] pim6reg: entered allmulticast mode
[  305.188767][T17369] pim6reg: left allmulticast mode
[  305.195986][T17373] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3191'.
[  305.203626][    T9] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  305.262213][   T40] audit: type=1400 audit(1776283921.174:2121): avc:  denied  { ioctl } for  pid=17376 comm="syz.7.3194" path="socket:[76405]" dev="sockfs" ino=76405 ioctlcmd=0x8b04 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  305.265044][T17377] tmpfs: Unknown parameter 'usrhuota'
[  305.279555][   T40] audit: type=1400 audit(1776283921.194:2122): avc:  denied  { name_bind } for  pid=17376 comm="syz.7.3194" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  305.347809][T17383] qrtr: Invalid version 0
[  305.535873][T17390] bridge0: port 3(ipvlan2) entered blocking state
[  305.538275][T17390] bridge0: port 3(ipvlan2) entered disabled state
[  305.540508][T17390] ipvlan2: entered allmulticast mode
[  305.542313][T17390] bridge0: entered allmulticast mode
[  305.546202][T17390] ipvlan2: left allmulticast mode
[  305.547811][T17390] bridge0: left allmulticast mode
[  306.075856][T17406] xt_hashlimit: size too large, truncated to 1048576
[  306.510193][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.512765][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.515227][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.517701][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.520122][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.522826][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.525674][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.528047][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.530477][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.532842][ T5991] hid-generic 060E:0003:0005.0007: unknown main item tag 0x0
[  306.543994][T17413] sch_tbf: burst 0 is lower than device veth0_virt_wifi mtu (1514) !
[  306.558472][ T5991] hid-generic 060E:0003:0005.0007: hidraw1: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  306.887971][T17424] 9pnet_virtio: no channels available for device syz
[  306.894435][T17424] netlink: 'syz.2.3209': attribute type 2 has an invalid length.
[  306.899226][T17424] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  306.961613][T17430] syzkaller0: entered promiscuous mode
[  306.965029][T17430] syzkaller0: entered allmulticast mode
[  307.022895][T17428] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3211'.
[  307.028794][T17440] 9pnet_virtio: no channels available for device syz
[  307.176582][T17452] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3218'.
[  307.180919][T17452] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.184492][T17452] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.210669][T17452] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3218'.
[  307.214307][T17452] bridge0: port 2(bridge_slave_1) entered blocking state
[  307.216828][T17452] bridge0: port 2(bridge_slave_1) entered forwarding state
[  307.219609][T17452] bridge0: port 1(bridge_slave_0) entered blocking state
[  307.222087][T17452] bridge0: port 1(bridge_slave_0) entered forwarding state
[  307.228747][T17452] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3218'.
[  307.233012][T17452] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.236260][T17452] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.280460][T17459] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3220'.
[  307.335352][T17466] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3222'.
[  307.412093][   T40] audit: type=1800 audit(1776283923.324:2123): pid=17480 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.3226" name="file0" dev="tmpfs" ino=810 res=0 errno=0
[  307.434951][   T40] audit: type=1804 audit(1776283923.324:2124): pid=17480 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.3226" name="/newroot/146/file0" dev="tmpfs" ino=810 res=1 errno=0
[  307.483563][T17487] IPVS: sync thread started: state = MASTER, mcast_ifn = batadv0, syncid = 0, id = 0
[  307.580656][T17493] 8021q: adding VLAN 0 to HW filter on device bond5
[  307.584064][T17493] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3410 sclass=netlink_route_socket pid=17493 comm=syz.2.3231
[  307.833949][T17515] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  308.055280][T17528] blktrace: Concurrent blktraces are not allowed on loop14
[  308.277583][T17543] sit0: entered promiscuous mode
[  308.281361][T17543] netlink: 'syz.6.3245': attribute type 1 has an invalid length.
[  308.329888][T17550] netlink: 'syz.6.3247': attribute type 11 has an invalid length.
[  308.461758][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  308.461777][   T40] audit: type=1400 audit(1776283924.374:2128): avc:  denied  { read } for  pid=17559 comm="syz.3.3251" path="socket:[76609]" dev="sockfs" ino=76609 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  308.516932][T17562] xt_hashlimit: invalid rate
[  308.654609][T17576] binder: 17575:17576 ioctl c0306201 200000000640 returned -22
[  308.697433][T17576] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=33554656 (67109312 ns) > initial count (368 ns). Using initial count to start timer.
[  308.828713][T17588] input: syz0 as /devices/virtual/input/input36
[  308.897475][T17594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.902577][T17594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.921024][T17594] input: syz0 as /devices/virtual/input/input37
[  309.313560][   T39] usb 12-1: new high-speed USB device number 2 using dummy_hcd
[  309.454476][T17614] __nla_validate_parse: 6 callbacks suppressed
[  309.454487][T17614] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3261'.
[  309.484745][   T39] usb 12-1: Using ep0 maxpacket: 8
[  309.489802][   T39] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.496341][   T39] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.499547][   T39] usb 12-1: config 0 interface 0 has no altsetting 0
[  309.501794][   T39] usb 12-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  309.504955][   T39] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.512420][   T39] usb 12-1: config 0 descriptor??
[  309.558286][ T5937] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  309.562423][   T40] audit: type=1400 audit(1776283925.474:2129): avc:  denied  { read } for  pid=17619 comm="syz.2.3263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  309.562557][ T5937] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  309.601362][   T40] audit: type=1400 audit(1776283925.514:2130): avc:  denied  { connect } for  pid=17621 comm="syz.6.3264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  309.614968][   T40] audit: type=1400 audit(1776283925.534:2131): avc:  denied  { ioctl } for  pid=17621 comm="syz.6.3264" path="socket:[74683]" dev="sockfs" ino=74683 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  309.899090][T17640] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3269'.
[  309.988362][   T39] mcp2221 0003:04D8:00DD.0008: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0
[  310.064384][ T5972] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  310.075948][   T39] usb 12-1: USB disconnect, device number 2
[  310.110282][   T40] audit: type=1400 audit(1776283926.024:2132): avc:  denied  { write } for  pid=17658 comm="syz.7.3272" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  310.120640][T17660] netlink: 'syz.2.3271': attribute type 1 has an invalid length.
[  310.123468][   T40] audit: type=1400 audit(1776283926.024:2133): avc:  denied  { connect } for  pid=17654 comm="syz.2.3271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  310.130776][   T40] audit: type=1400 audit(1776283926.024:2134): avc:  denied  { ioctl } for  pid=17658 comm="syz.7.3272" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x63a1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  310.143597][T17655] veth5: entered promiscuous mode
[  310.198224][T17673] fuse: Bad value for 'user_id'
[  310.198238][T17675] fuse: Bad value for 'user_id'
[  310.198251][T17675] fuse: Bad value for 'user_id'
[  310.200364][T17673] fuse: Bad value for 'user_id'
[  310.207127][   T40] audit: type=1400 audit(1776283926.124:2135): avc:  denied  { getopt } for  pid=17674 comm="syz.3.3276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  310.226781][T17676] input: syz0 as /devices/virtual/input/input38
[  310.228318][T17676] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31245 sclass=netlink_route_socket pid=17676 comm=syz.3.3276
[  310.228539][T17676] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3276'.
[  310.229364][T17676] overlayfs: failed to resolve './bus/file0': -2
[  310.237508][ T5972] usb 11-1: Using ep0 maxpacket: 8
[  310.239873][ T5972] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  310.239895][ T5972] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  310.239908][ T5972] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  310.239921][ T5972] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  310.239943][ T5972] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  310.239957][ T5972] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.257556][T17676] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  310.262662][T17678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  310.440802][T17694] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  310.458794][ T5972] usb 11-1: GET_CAPABILITIES returned 0
[  310.460725][ T5972] usbtmc 11-1:16.0: can't read capabilities
[  310.560262][T17704] netlink: 'syz.7.3283': attribute type 1 has an invalid length.
[  310.578323][T17704] bond1: entered promiscuous mode
[  310.580504][T17704] 8021q: adding VLAN 0 to HW filter on device bond1
[  310.589440][T17704] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3283'.
[  310.592595][T17704] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3283'.
[  310.603206][T17704] netlink: 3 bytes leftover after parsing attributes in process `syz.7.3283'.
[  310.612062][T17704] bond1: (slave bridge1): making interface the new active one
[  310.614867][T17704] bridge1: entered promiscuous mode
[  310.617753][T17704] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  310.649099][T17707] TCP: TCP_TX_DELAY enabled
[  310.652450][   T40] audit: type=1400 audit(1776283926.564:2136): avc:  denied  { map } for  pid=17706 comm="syz.7.3284" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  310.664767][   T40] audit: type=1400 audit(1776283926.564:2137): avc:  denied  { execute } for  pid=17706 comm="syz.7.3284" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  310.676159][T17627] usb 11-1: usbtmc_ioctl_clear_out_halt returned -32
[  310.681171][T17627] usbtmc 11-1:16.0: send_request_dev_dep_msg_in returned -71
[  310.691989][ T5991] usb 11-1: USB disconnect, device number 5
[  310.883419][ T5992] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  310.886312][ T5992] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  310.893514][    C3] ------------[ cut here ]------------
[  310.896450][    C3] workqueue: cannot queue hci_cmd_timeout on wq hci4
[  310.899275][    C3] WARNING: kernel/workqueue.c:2270 at __queue_work+0xd08/0x1150, CPU#3: swapper/3/0
[  310.903141][    C3] Modules linked in:
[  310.905479][    C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  310.909441][    C3] Tainted: [L]=SOFTLOCKUP
[  310.910838][    C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  310.914629][    C3] RIP: 0010:__queue_work+0xd0c/0x1150
[  310.916869][    C3] Code: 00 00 00 fc ff df 49 8d 94 24 78 01 00 00 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 04 04 00 00 48 8d 3d 78 d5 0c 0f 48 8b 75 18 <67> 48 0f b9 3a e9 2a f7 ff ff e8 15 05 39 00 90 0f 0b 90 e9 b2 f5
[  310.923088][    C3] RSP: 0018:ffffc900006f8be8 EFLAGS: 00010046
[  310.925460][    C3] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11004cae151
[  310.928573][    C3] RDX: ffff88802ece8178 RSI: ffffffff8a849a70 RDI: ffffffff90dccd70
[  310.931867][    C3] RBP: ffff888026570a70 R08: 0000000000000005 R09: 0000000000000000
[  310.934937][    C3] R10: 0000000000000100 R11: 0000000000000000 R12: ffff88802ece8000
[  310.937839][    C3] R13: 1ffff920000df18f R14: ffffffff81d00910 R15: 0000000000000001
[  310.940940][    C3] FS:  0000000000000000(0000) GS:ffff8880d663c000(0000) knlGS:0000000000000000
[  310.944476][    C3] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  310.947242][    C3] CR2: 00007fd7c624edd5 CR3: 000000003c7f4000 CR4: 0000000000352ef0
[  310.950436][    C3] DR0: 0000000000000000 DR1: 00000000026c4a38 DR2: 0000000000000000
[  310.953709][    C3] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  310.956900][    C3] Call Trace:
[  310.958165][    C3]  <IRQ>
[  310.959097][    C3]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  310.961136][    C3]  call_timer_fn+0x19a/0x670
[  310.962957][    C3]  ? __pfx_call_timer_fn+0x10/0x10
[  310.965072][    C3]  ? __run_timers+0x560/0xb30
[  310.966792][    C3]  ? __run_timers+0x560/0xb30
[  310.968334][    C3]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  310.970186][    C3]  __run_timers+0x570/0xb30
[  310.971650][    C3]  ? __pfx___run_timers+0x10/0x10
[  310.973265][    C3]  ? _raw_spin_lock_irq+0x45/0x50
[  310.975097][    C3]  run_timer_base+0x114/0x190
[  310.977036][    C3]  ? __pfx_run_timer_base+0x10/0x10
[  310.978943][    C3]  run_timer_softirq+0x1a/0x50
[  310.980957][    C3]  handle_softirqs+0x1eb/0x9e0
[  310.983035][    C3]  ? __pfx_handle_softirqs+0x10/0x10
[  310.984999][    C3]  __irq_exit_rcu+0xef/0x150
[  310.986893][    C3]  irq_exit_rcu+0x9/0x30
[  310.988644][    C3]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  310.990877][    C3]  </IRQ>
[  310.992078][    C3]  <TASK>
[  310.993283][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  310.995655][    C3] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  310.997916][    C3] Code: c8 81 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 81 1a 00 fb f4 <e9> fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  311.005027][    C3] RSP: 0018:ffffc90000197df0 EFLAGS: 00000202
[  311.007358][    C3] RAX: 0000000000261c6b RBX: ffff88801eafa4c0 RCX: ffffffff8b910c75
[  311.010430][    C3] RDX: 0000000000000000 RSI: ffffffff8de7a1fb RDI: ffffffff8c1b1a20
[  311.013043][    C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d4e679d
[  311.015579][    C3] R10: ffff88806a733ceb R11: 0000000000000000 R12: 0000000000000003
[  311.018180][    C3] R13: ffffed1003d5f498 R14: 0000000000000003 R15: ffffffff90d9cc10
[  311.021330][    C3]  ? ct_kernel_exit+0x125/0x180
[  311.022999][    C3]  default_idle+0x9/0x10
[  311.024725][    C3]  default_idle_call+0x6c/0xb0
[  311.026715][    C3]  do_idle+0x464/0x590
[  311.028362][    C3]  ? __pfx_do_idle+0x10/0x10
[  311.030206][    C3]  ? do_idle+0x30c/0x590
[  311.031928][    C3]  cpu_startup_entry+0x4f/0x60
[  311.033732][    C3]  start_secondary+0x21d/0x2d0
[  311.035600][    C3]  ? __pfx_start_secondary+0x10/0x10
[  311.037763][    C3]  common_startup_64+0x13e/0x148
[  311.039793][    C3]  </TASK>
[  311.041117][    C3] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  311.044038][    C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  311.048191][    C3] Tainted: [L]=SOFTLOCKUP
[  311.049934][    C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  311.053791][    C3] Call Trace:
[  311.054899][    C3]  <IRQ>
[  311.055858][    C3]  dump_stack_lvl+0x100/0x190
[  311.057939][    C3]  vpanic+0x552/0x970
[  311.059498][    C3]  ? __pfx_vpanic+0x10/0x10
[  311.061329][    C3]  panic+0xd1/0xe0
[  311.062621][    C3]  ? __pfx_panic+0x10/0x10
[  311.064125][    C3]  ? check_panic_on_warn+0x1f/0x90
[  311.065866][    C3]  check_panic_on_warn.cold+0x19/0x34
[  311.067631][    C3]  ? __queue_work+0xd08/0x1150
[  311.069303][    C3]  __warn.cold+0x191/0x348
[  311.071123][    C3]  __report_bug+0x296/0x3d0
[  311.072895][    C3]  ? __queue_work+0xd08/0x1150
[  311.074683][    C3]  ? __pfx___report_bug+0x10/0x10
[  311.076678][    C3]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  311.078746][    C3]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  311.080899][    C3]  ? _raw_spin_lock_irqsave+0x52/0x60
[  311.083110][    C3]  ? look_up_lock_class+0x64/0x120
[  311.085217][    C3]  report_bug_entry+0xe1/0x290
[  311.087240][    C3]  ? __queue_work+0xd0c/0x1150
[  311.089250][    C3]  handle_bug+0x1cd/0x2a0
[  311.091018][    C3]  exc_invalid_op+0x17/0x50
[  311.092880][    C3]  asm_exc_invalid_op+0x1a/0x20
[  311.094855][    C3] RIP: 0010:__queue_work+0xd0c/0x1150
[  311.097255][    C3] Code: 00 00 00 fc ff df 49 8d 94 24 78 01 00 00 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 04 04 00 00 48 8d 3d 78 d5 0c 0f 48 8b 75 18 <67> 48 0f b9 3a e9 2a f7 ff ff e8 15 05 39 00 90 0f 0b 90 e9 b2 f5
[  311.104147][    C3] RSP: 0018:ffffc900006f8be8 EFLAGS: 00010046
[  311.106420][    C3] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11004cae151
[  311.109058][    C3] RDX: ffff88802ece8178 RSI: ffffffff8a849a70 RDI: ffffffff90dccd70
[  311.111567][    C3] RBP: ffff888026570a70 R08: 0000000000000005 R09: 0000000000000000
[  311.114391][    C3] R10: 0000000000000100 R11: 0000000000000000 R12: ffff88802ece8000
[  311.117228][    C3] R13: 1ffff920000df18f R14: ffffffff81d00910 R15: 0000000000000001
[  311.120416][    C3]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  311.122771][    C3]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  311.125384][    C3]  ? __queue_work+0xcda/0x1150
[  311.127215][    C3]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  311.129545][    C3]  call_timer_fn+0x19a/0x670
[  311.131432][    C3]  ? __pfx_call_timer_fn+0x10/0x10
[  311.133513][    C3]  ? __run_timers+0x560/0xb30
[  311.135449][    C3]  ? __run_timers+0x560/0xb30
[  311.137506][    C3]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  311.139935][    C3]  __run_timers+0x570/0xb30
[  311.141867][    C3]  ? __pfx___run_timers+0x10/0x10
[  311.143892][    C3]  ? _raw_spin_lock_irq+0x45/0x50
[  311.146231][    C3]  run_timer_base+0x114/0x190
[  311.147838][    C3]  ? __pfx_run_timer_base+0x10/0x10
[  311.149618][    C3]  run_timer_softirq+0x1a/0x50
[  311.151563][    C3]  handle_softirqs+0x1eb/0x9e0
[  311.153408][    C3]  ? __pfx_handle_softirqs+0x10/0x10
[  311.155317][    C3]  __irq_exit_rcu+0xef/0x150
[  311.156852][    C3]  irq_exit_rcu+0x9/0x30
[  311.158224][    C3]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  311.160018][    C3]  </IRQ>
[  311.160878][    C3]  <TASK>
[  311.161724][    C3]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  311.163694][    C3] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  311.165943][    C3] Code: c8 81 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 81 1a 00 fb f4 <e9> fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  311.173355][    C3] RSP: 0018:ffffc90000197df0 EFLAGS: 00000202
[  311.175482][    C3] RAX: 0000000000261c6b RBX: ffff88801eafa4c0 RCX: ffffffff8b910c75
[  311.178418][    C3] RDX: 0000000000000000 RSI: ffffffff8de7a1fb RDI: ffffffff8c1b1a20
[  311.181741][    C3] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100d4e679d
[  311.185072][    C3] R10: ffff88806a733ceb R11: 0000000000000000 R12: 0000000000000003
[  311.188655][    C3] R13: ffffed1003d5f498 R14: 0000000000000003 R15: ffffffff90d9cc10
[  311.191841][    C3]  ? ct_kernel_exit+0x125/0x180
[  311.193834][    C3]  default_idle+0x9/0x10
[  311.195529][    C3]  default_idle_call+0x6c/0xb0
[  311.197511][    C3]  do_idle+0x464/0x590
[  311.199209][    C3]  ? __pfx_do_idle+0x10/0x10
[  311.201219][    C3]  ? do_idle+0x30c/0x590
[  311.203089][    C3]  cpu_startup_entry+0x4f/0x60
[  311.204904][    C3]  start_secondary+0x21d/0x2d0
[  311.206467][    C3]  ? __pfx_start_secondary+0x10/0x10
[  311.208189][    C3]  common_startup_64+0x13e/0x148
[  311.210163][    C3]  </TASK>
[  311.212195][    C3] Kernel Offset: disabled
[  311.213927][    C3] Rebooting in 86400 seconds..